Merge pull request #624 from ecsv/batadv-for-18.06

batman-adv: Fix missing include for backported 2020.4 patch

alfred/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=alfred
 PKG_VERSION:=2018.1
-PKG_RELEASE:=0
+PKG_RELEASE:=2
 PKG_HASH:=808fa6acf65c7a8e26405115176a5587157f746108cbe5dd974788eb05416d76
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -59,7 +59,8 @@ MAKE_ALFRED_FLAGS=\
 	CONFIG_ALFRED_GPSD=$(if $(CONFIG_PACKAGE_ALFRED_GPSD),y,n) \
 	CONFIG_ALFRED_CAPABILITIES=n \
         LIBNL_NAME="libnl-tiny" \
-        LIBNL_GENL_NAME="libnl-tiny"
+        LIBNL_GENL_NAME="libnl-tiny" \
+        REVISION="openwrt-$(PKG_VERSION)-$(PKG_RELEASE)"
 
 TARGET_CFLAGS  += -ffunction-sections -fdata-sections -flto
 TARGET_LDFLAGS += -Wl,--gc-sections -fuse-linker-plugin

alfred/files/alfred.init

@@ -46,11 +46,11 @@ wait_for_ll_address()
 	for i in $(seq $timeout); do
 		# We look for
 		# - the link-local address (starts with fe80)
-		# - without tentative flag (bit 0x40 in the flags field; the first char of the flags field begins 38 columns after the fe80 prefix
+		# - without tentative flag (bit 0x40 in the flags field; the first char of the fifth field is evaluated)
 		# - on interface $iface
 		if awk '
 			BEGIN { RET=1 }
-			/^fe80.{37} [012389ab]/ { if ($6 == "'"$iface"'") RET=0 }
+			$1 ~ /^fe80/ && $5 ~ /^[012389ab]/ && $6 == "'"$iface"'" { RET=0 }
 			END { exit RET }
 		' /proc/net/if_inet6; then
 			return

alfred/patches/0001-alfred-Fix-detection-of-own-packets-for-IPv4-mode.patch

@@ -0,0 +1,37 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Mon, 29 Oct 2018 18:05:42 +0100
+Subject: [PATCH] alfred: Fix detection of own packets for IPv4 mode
+
+The incoming packet address is checked for a match against the local
+interface addresses to avoid processing its own packets. The IPv4
+implementation used the same code but only initialized 4 of the 16 bytes of
+the address in the recv function. The interface initialization code in
+netsock_set_interfaces set all unused bytes to zero but recv_alfred_packet
+was modified to use 12 random bytes from the stack.
+
+Both functions must work the same way and first set the address bytes to
+zero and overwrite the actual used bytes with the address bytes. Otherwise,
+the result of netsock_set_interfaces for own packets is random in the IPv4
+implementation.
+
+Fixes: c7da798113a2 ("alfred: IPv4 multicast distribution support.")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Tested-by: Jonathan Haws <jhaws@sdl.usu.edu>
+
+Origin: upstream, https://git.open-mesh.org/alfred.git/commit/db842ed210d00345619e0ebc45a4d0d840e0b7e5
+---
+ recv.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/recv.c b/recv.c
+index 59d759cfba816d3dd7ed4a56fd3269730093bcfd..5ff4bb5df2354d7f2310e2105ee385b9365b0c4b 100644
+--- a/recv.c
++++ b/recv.c
+@@ -416,6 +416,7 @@ int recv_alfred_packet(struct globals *globals, struct interface *interface,
+ 
+ 	packet = (struct alfred_tlv *)buf;
+ 
++	memset(&alfred_source, 0, sizeof(alfred_source));
+ 	if (globals->ipv4mode) {
+ 		memcpy(&alfred_source, &source4.sin_addr, sizeof(source4.sin_addr));
+ 	} else {

alfred/patches/0002-alfred-Request-MAC-resolution-for-IPv4-address-not-i.patch

@@ -0,0 +1,84 @@
+From: Jonathan Haws <jhaws@sdl.usu.edu>
+Date: Mon, 29 Oct 2018 11:57:59 -0600
+Subject: [PATCH] alfred: Request MAC resolution for IPv4 address not in ARP cache
+
+When using IPv4, if the remote server is not yet in the ARP cache, the
+MAC resolution will fail and data appear to not be shared via alfred.
+Add a routine (modified from batctl sources) to request MAC resolution
+by simply sending a datagram to the discard port (UDP/9). This adds the
+remote MAC to the ARP cache, resulting in successful MAC resolution.
+
+Fixes: c7da798113a2 ("alfred: IPv4 multicast distribution support.")
+Signed-off-by: Jonathan Haws <jhaws@sdl.usu.edu>
+Tested-by: Gary Zou <guohuizou2000@sina.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/alfred.git/commit/5610d5bf8f4447b4d689aede638b4e92ae343340
+---
+ util.c | 34 ++++++++++++++++++++++++++++++++--
+ 1 file changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/util.c b/util.c
+index dd3f00fa6280d7de04a11acb8485c11cead3d0a4..07947929dfe2d5a22ca16f5bf33846d7365c771e 100644
+--- a/util.c
++++ b/util.c
+@@ -30,6 +30,7 @@
+ #include <sys/ioctl.h>
+ #include <sys/time.h>
+ #include <time.h>
++#include <unistd.h>
+ #include "alfred.h"
+ 
+ int time_diff(struct timespec *tv1, struct timespec *tv2,
+@@ -80,11 +81,35 @@ bool is_valid_ether_addr(uint8_t addr[ETH_ALEN])
+ 	return true;
+ }
+ 
++static void ipv4_request_mac_resolve(const alfred_addr *addr)
++{
++	const struct sockaddr *sockaddr;
++	struct sockaddr_in inet4;
++	size_t sockaddr_len;
++	int sock;
++	char t = 0;
++
++	sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++	if (sock < 0)
++		return;
++
++	memset(&inet4, 0, sizeof(inet4));
++	inet4.sin_family = AF_INET;
++	inet4.sin_port = htons(9);
++	inet4.sin_addr.s_addr = addr->ipv4.s_addr;
++	sockaddr = (const struct sockaddr *)&inet4;
++	sockaddr_len = sizeof(inet4);
++
++	sendto(sock, &t, sizeof(t), 0, sockaddr, sockaddr_len);
++	close(sock);
++}
++
+ int ipv4_arp_request(struct interface *interface, const alfred_addr *addr,
+ 		     struct ether_addr *mac)
+ {
+ 	struct arpreq arpreq;
+ 	struct sockaddr_in *sin;
++	int retries = 1;
+ 
+ 	memset(&arpreq, 0, sizeof(arpreq));
+ 	memset(mac, 0, ETH_ALEN);
+@@ -96,8 +121,13 @@ int ipv4_arp_request(struct interface *interface, const alfred_addr *addr,
+ 	strncpy(arpreq.arp_dev, interface->interface, sizeof(arpreq.arp_dev));
+ 	arpreq.arp_dev[sizeof(arpreq.arp_dev) - 1] = '\0';
+ 
+-	if (ioctl(interface->netsock, SIOCGARP, &arpreq) < 0)
+-		return -1;
++	while ((ioctl(interface->netsock, SIOCGARP, &arpreq) < 0) || !(arpreq.arp_flags & ATF_COM)) {
++		ipv4_request_mac_resolve(addr);
++		usleep(200000);
++
++		if (retries-- == 0)
++			break;
++	}
+ 
+ 	if (arpreq.arp_flags & ATF_COM) {
+ 		memcpy(mac, arpreq.arp_ha.sa_data, sizeof(*mac));

babeld/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=babeld
-PKG_VERSION:=1.8.1
+PKG_VERSION:=1.8.5
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.irif.fr/~jch/software/files/
-PKG_MD5SUM:=a57caa5be996c61bd6a1616fdc01d807
+PKG_HASH:=202d99c275604507c6ce133710522f1ddfb62cb671c26f1ac2d3ab44af3d5bc4
 PKG_LICENSE:=MIT
 
 include $(INCLUDE_DIR)/package.mk

batctl/Makefile

@@ -10,15 +10,13 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=batctl
 
 PKG_VERSION:=2018.1
-PKG_RELEASE:=0
+PKG_RELEASE:=4
 PKG_HASH:=27877d0da6916f88a6cecbbb3f3d23cc4558ef7c7294324bf4fd050ed606b553
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://downloads.open-mesh.org/batman/releases/batman-adv-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0
 
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(PKG_NAME)-$(PKG_VERSION)
-
 include $(INCLUDE_DIR)/package.mk
 
 define Package/batctl
@@ -62,7 +60,8 @@ MAKE_BATCTL_ARGS += \
         REVISION="$(PKG_BATCTL_SHORTREV)" \
         CC="$(TARGET_CC)" \
         DESTDIR="$(PKG_INSTALL_DIR)" \
-        batctl install
+        batctl install \
+        REVISION="openwrt-$(PKG_VERSION)-$(PKG_RELEASE)"
 
 
 define Build/Compile

batctl/patches/0001-batctl-Return-EXIT_FAILURE-when-throughputmeter-fail.patch

@@ -0,0 +1,37 @@
+From: Leonardo Mörlein <me@irrelefant.net>
+Date: Wed, 8 Apr 2020 23:49:03 +0200
+Subject: batctl: Return EXIT_FAILURE when throughputmeter failed
+
+The command returned a success even an error was shown during the
+execution.
+
+  $ (sudo batctl tp 77:77:77:77:77:77 && echo true) || echo false
+  Destination unreachable
+  true
+
+Instead it should indicate a failure when the kernel replied with a
+non-success return_value:
+
+  $ (sudo ./batctl tp 77:77:77:77:77:77 && echo true) || echo false
+  Destination unreachable
+  false
+
+Fixes: f109b3473f86 ("batctl: introduce throughput meter support")
+Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
+[sven@narfation.org: adjusted commit message]
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batctl.git/commit/df8bf5164b6904f61ae0b0db090fb5bb41b4f06d
+
+diff --git a/tp_meter.c b/tp_meter.c
+index c7904857865c5b2a51cf30e7963394dd9b6c029c..403c88452b4ad56f4049f64829c6d2bdd015810a 100644
+--- a/tp_meter.c
++++ b/tp_meter.c
+@@ -480,6 +480,7 @@ int tp_meter(char *mesh_iface, int argc, char **argv)
+ 		goto out;
+ 	}
+ 
++	ret = EXIT_FAILURE;
+ 	switch (result.return_value) {
+ 	case BATADV_TP_REASON_DST_UNREACHABLE:
+ 		fprintf(stderr, "Destination unreachable\n");

batctl/patches/0002-batctl-fix-endianness-when-reading-radiotap-header.patch

@@ -0,0 +1,38 @@
+From: Marek Lindner <mareklindner@neomailbox.ch>
+Date: Wed, 29 Apr 2020 12:09:44 +0200
+Subject: batctl: fix endianness when reading radiotap header
+
+All radiotap header fields are specified in little endian byte-order.
+Header length conversion is necessary on some platforms.
+
+Fixes: c6fcdb6dc9a9 ("batctl: add radiotap wifi packet decapsulation support")
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batctl.git/commit/440ae55a6ef96eb73ee628f9237915cf9fb26dee
+
+diff --git a/tcpdump.c b/tcpdump.c
+index dc4ccd37c3ddf8650cb79737defd923fe9f33c64..c41500e21eda0abc1f024a3265c23fc3a4802d17 100644
+--- a/tcpdump.c
++++ b/tcpdump.c
+@@ -29,6 +29,7 @@
+ #include <time.h>
+ #include <sys/time.h>
+ #include <arpa/inet.h>
++#include <endian.h>
+ #include <net/if.h>
+ #include <net/if_arp.h>
+ #include <netinet/in.h>
+@@ -1048,10 +1049,10 @@ static int monitor_header_length(unsigned char *packet_buff, ssize_t buff_len, i
+ 			return -1;
+ 
+ 		radiotap_hdr = (struct radiotap_header*)packet_buff;
+-		if (buff_len <= radiotap_hdr->it_len)
++		if (buff_len <= le16toh(radiotap_hdr->it_len))
+ 			return -1;
+ 		else
+-			return radiotap_hdr->it_len;
++			return le16toh(radiotap_hdr->it_len);
+ 	}
+ 
+ 	return -1;

batctl/patches/0003-batctl-Only-remove-batadv-interface-on-hardif-reduct.patch

@@ -0,0 +1,49 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sat, 13 Jun 2020 17:59:34 +0200
+Subject: batctl: Only remove batadv interface on hardif reduction
+
+A deletion of a hardif from a batadv meshif will also get a success reply
+from the kernel when the hardif was never part of the batadv meshif. If the
+batadv meshif had no attached hardifs before the removal was started, then
+users are then not expecting that the batadv meshif is removed at all.
+
+Since the delete operation is not an atomic compare-and-swap operation,
+just check first the number of attached interfaces and only start the
+removal of the batadv meshif when the number attached hardifs was reduced.
+
+Fixes: 25022e0b154d ("batctl: Use rtnl to add/remove interfaces")
+Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batctl.git/commit/6d49a82cf58ee5ebd6235b6ddaca46febd42f876
+
+diff --git a/interface.c b/interface.c
+index 5951b471c6477e78ff557e97a7478ba774a0aa20..1ad36826fdb91a3e0254ed4dec758e7c383596e9 100644
+--- a/interface.c
++++ b/interface.c
+@@ -305,6 +305,7 @@ int interface(char *mesh_iface, int argc, char **argv)
+ 	int ret;
+ 	unsigned int ifindex;
+ 	unsigned int ifmaster;
++	unsigned int pre_cnt;
+ 	const char *long_op;
+ 	unsigned int cnt;
+ 	int rest_argc;
+@@ -421,6 +422,8 @@ int interface(char *mesh_iface, int argc, char **argv)
+ 		goto err;
+ 	}
+ 
++	pre_cnt = count_interfaces(mesh_iface);
++
+ 	for (i = 1; i < rest_argc; i++) {
+ 		ifindex = if_nametoindex(rest_argv[i]);
+ 
+@@ -450,7 +453,7 @@ int interface(char *mesh_iface, int argc, char **argv)
+ 	/* check if there is no interface left and then destroy mesh_iface */
+ 	if (!manual_mode && rest_argv[0][0] == 'd') {
+ 		cnt = count_interfaces(mesh_iface);
+-		if (cnt == 0)
++		if (cnt == 0 && pre_cnt > 0)
+ 			destroy_interface(mesh_iface);
+ 	}
+ 

batctl/patches/0004-batctl-tcpdump-Fix-endianness-in-ICMPv6-Echo-Request.patch

@@ -0,0 +1,39 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Sun, 13 Sep 2020 23:30:19 +0200
+Subject: batctl: tcpdump: Fix endianness in ICMPv6 Echo Request/Reply parsing
+
+The ICMPv6 Echo Request/Reply sequence number and id as well as the
+IPv6 header length are two byte long fields and therefore might need a
+conversion on a little endian system. Otherwise the output will be
+broken on such a machine.
+
+Fixes: 35b37756f4a3 ("add IPv6 support to tcpdump parser")
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batctl.git/commit/e42f73d0d2a04edfbed1b9d0ad9fd57af9e90faf
+
+diff --git a/tcpdump.c b/tcpdump.c
+index c41500e21eda0abc1f024a3265c23fc3a4802d17..22847aecf887566ac62ff2084079683d0acf83aa 100644
+--- a/tcpdump.c
++++ b/tcpdump.c
+@@ -551,13 +551,15 @@ static void dump_ipv6(unsigned char *packet_buff, ssize_t buff_len,
+ 			break;
+ 		case ICMP6_ECHO_REQUEST:
+ 			printf(" echo request, id: %d, seq: %d, length: %hu\n",
+-			       icmphdr->icmp6_id, icmphdr->icmp6_seq,
+-			       iphdr->ip6_plen);
++			       ntohs(icmphdr->icmp6_id),
++			       ntohs(icmphdr->icmp6_seq),
++			       ntohs(iphdr->ip6_plen));
+ 			break;
+ 		case ICMP6_ECHO_REPLY:
+ 			printf(" echo reply, id: %d, seq: %d, length: %hu\n",
+-			       icmphdr->icmp6_id, icmphdr->icmp6_seq,
+-			       iphdr->ip6_plen);
++			       ntohs(icmphdr->icmp6_id),
++			       ntohs(icmphdr->icmp6_seq),
++			       ntohs(iphdr->ip6_plen));
+ 			break;
+ 		case ICMP6_TIME_EXCEEDED:
+ 			printf(" time exceeded in-transit, length %zu\n",

batman-adv/Config.in

@@ -2,6 +2,7 @@
 config KMOD_BATMAN_ADV_DEBUG_LOG
 	bool "enable verbose debug logging"
 	depends on PACKAGE_kmod-batman-adv
+	depends on KMOD_BATMAN_ADV_DEBUGFS
 	default n
 
 config KMOD_BATMAN_ADV_BLA

batman-adv/Makefile

@@ -10,12 +10,15 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=batman-adv
 
 PKG_VERSION:=2018.1
-PKG_RELEASE:=2
+PKG_RELEASE:=13
 PKG_HASH:=b866b28dbbe5c9238abbdf5abbc30fc526dea56898ce4c1bd76d5c017843048b
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://downloads.open-mesh.org/batman/releases/batman-adv-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0
+PKG_EXTMOD_SUBDIRS=net/batman-adv
+
+STAMP_CONFIGURED_DEPENDS := $(STAGING_DIR)/usr/include/mac80211-backport/backport/autoconf.h
 
 include $(INCLUDE_DIR)/kernel.mk
 include $(INCLUDE_DIR)/package.mk
@@ -27,7 +30,7 @@ define KernelPackage/batman-adv
   DEPENDS:=+KMOD_BATMAN_ADV_BLA:kmod-lib-crc16 +kmod-crypto-crc32c +kmod-lib-crc32c +kmod-cfg80211
   TITLE:=B.A.T.M.A.N. Adv
   FILES:=$(PKG_BUILD_DIR)/net/batman-adv/batman-adv.$(LINUX_KMOD_SUFFIX)
-  AUTOLOAD:=$(call AutoLoad,50,cfg80211 batman-adv)
+  AUTOLOAD:=$(call AutoProbe,batman-adv)
 endef
 
 define KernelPackage/batman-adv/description
@@ -66,7 +69,8 @@ NOSTDINC_FLAGS = \
 	-I$(STAGING_DIR)/usr/include/mac80211/uapi \
 	-I$(PKG_BUILD_DIR)/include/ \
 	-include backport/backport.h \
-	-include $(PKG_BUILD_DIR)/compat-hacks.h
+	-include $(PKG_BUILD_DIR)/compat-hacks.h \
+	-DBATADV_SOURCE_VERSION=\\\"openwrt-$(PKG_VERSION)-$(PKG_RELEASE)\\\"
 
 COMPAT_SOURCES = \
 	$(if $(CONFIG_KMOD_BATMAN_ADV_MCAST),../../compat-sources/net/core/skbuff.o,) \

batman-adv/files/etc/config/batman-adv

@@ -18,4 +18,3 @@ config 'mesh' 'bat0'
 
 # yet another batX instance
 # config 'mesh' 'bat5'
-#	option 'interfaces' 'second_mesh'

batman-adv/patches/0001-batman-adv-add-compat-hacks.patch

@@ -1,3 +1,9 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Wed, 9 May 2018 21:07:40 +0200
+Subject: batman-adv: add compat hacks
+
+diff --git a/net/batman-adv/main.c b/net/batman-adv/main.c
+index 69c0d85bceb3e0a1915e37d278110ee2655c4571..53b329d24461819b4cf0d4118cfa5b0eb8d7261b 100644
 --- a/net/batman-adv/main.c
 +++ b/net/batman-adv/main.c
 @@ -19,7 +19,7 @@
@@ -9,6 +15,8 @@
  #include <linux/byteorder/generic.h>
  #include <linux/crc32c.h>
  #include <linux/errno.h>
+diff --git a/net/batman-adv/tp_meter.c b/net/batman-adv/tp_meter.c
+index 11520de96ccb1a87183e9666066e21731538ccd9..9af0a44dce74e7ead7f2c29ec4d49156bf4c9dd7 100644
 --- a/net/batman-adv/tp_meter.c
 +++ b/net/batman-adv/tp_meter.c
 @@ -20,7 +20,7 @@
@@ -20,6 +28,8 @@
  #include <linux/byteorder/generic.h>
  #include <linux/cache.h>
  #include <linux/compiler.h>
+diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
+index 0225616d5771d0986127322142fc591780fc25b0..91b9a0aaaa2e6fe59b5e4ea2e57b7be375618059 100644
 --- a/net/batman-adv/translation-table.c
 +++ b/net/batman-adv/translation-table.c
 @@ -21,7 +21,7 @@

batman-adv/patches/0002-batman-adv-Avoid-race-in-TT-TVLV-allocator-helper.patch

@@ -1,6 +1,6 @@
 From: Sven Eckelmann <sven@narfation.org>
 Date: Wed, 9 May 2018 21:07:40 +0200
-Subject: [PATCH] batman-adv: Avoid race in TT TVLV allocator helper
+Subject: batman-adv: Avoid race in TT TVLV allocator helper
 
 The functions batadv_tt_prepare_tvlv_local_data and
 batadv_tt_prepare_tvlv_global_data are responsible for preparing a buffer
@@ -29,12 +29,9 @@ Signed-off-by: Sven Eckelmann <sven@narfation.org>
 Acked-by: Antonio Quartulli <a@unstable.cc>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/286be89a33497ba9000aa5c2960f1f4114953522
----
- net/batman-adv/translation-table.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
-index 0225616d5771d0986127322142fc591780fc25b0..7fa3a0a0524a1da63e92d081b443c302900bf0c3 100644
+index 91b9a0aaaa2e6fe59b5e4ea2e57b7be375618059..2511adb79936782c96ed397265418421b69f617d 100644
 --- a/net/batman-adv/translation-table.c
 +++ b/net/batman-adv/translation-table.c
 @@ -862,7 +862,7 @@ batadv_tt_prepare_tvlv_global_data(struct batadv_orig_node *orig_node,

batman-adv/patches/0003-batman-adv-Fix-TT-sync-flags-for-intermediate-TT-res.patch

@@ -1,6 +1,6 @@
 From: Linus Lüssing <linus.luessing@c0d3.blue>
 Date: Thu, 10 May 2018 19:44:28 +0200
-Subject: [PATCH] batman-adv: Fix TT sync flags for intermediate TT responses
+Subject: batman-adv: Fix TT sync flags for intermediate TT responses
 
 The previous TT sync fix so far only fixed TT responses issued by the
 target node directly. So far, TT responses issued by intermediate nodes
@@ -19,12 +19,9 @@ Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/d65daee8617b29c1ddcc949ce3a5ec24f7a1e1af
----
- net/batman-adv/translation-table.c | 61 +++++++++++++++++++++++++-----
- 1 file changed, 51 insertions(+), 10 deletions(-)
 
 diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
-index 7fa3a0a0524a1da63e92d081b443c302900bf0c3..23f9c212ab1e27be429645a85f7b5d6a02585de9 100644
+index 2511adb79936782c96ed397265418421b69f617d..09bc1ed9fb59c1f76a4227f158d3ac8b73cbd32b 100644
 --- a/net/batman-adv/translation-table.c
 +++ b/net/batman-adv/translation-table.c
 @@ -1538,6 +1538,8 @@ batadv_tt_global_orig_entry_find(const struct batadv_tt_global_entry *entry,

batman-adv/patches/0004-batman-adv-prevent-TT-request-storms-by-not-sending-.patch

@@ -1,6 +1,6 @@
 From: Marek Lindner <mareklindner@neomailbox.ch>
 Date: Sat, 12 May 2018 00:23:07 +0800
-Subject: [PATCH] batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
+Subject: batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
 
 A translation table TVLV changset sent with an OGM consists
 of a number of headers (one per VLAN) plus the changeset
@@ -23,12 +23,9 @@ Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/e4687b4be274da6180fc15b327419851fb681ec9
----
- net/batman-adv/translation-table.c | 15 ++++++++++++---
- 1 file changed, 12 insertions(+), 3 deletions(-)
 
 diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
-index 23f9c212ab1e27be429645a85f7b5d6a02585de9..3986551397caa5ffb6ba7338eeb4769c8b8f99fb 100644
+index 09bc1ed9fb59c1f76a4227f158d3ac8b73cbd32b..dfd484d73f8e569bc60e153ea6ca244ea5757d5c 100644
 --- a/net/batman-adv/translation-table.c
 +++ b/net/batman-adv/translation-table.c
 @@ -931,15 +931,20 @@ batadv_tt_prepare_tvlv_local_data(struct batadv_priv *bat_priv,

batman-adv/patches/0005-batman-adv-don-t-implement-skb_postpush_rcsum-for-li.patch

@@ -1,6 +1,6 @@
 From: Antonio Quartulli <a@unstable.cc>
 Date: Sat, 12 May 2018 03:02:44 +0800
-Subject: [PATCH] batman-adv: don't implement skb_postpush_rcsum() for linux >=4.4.47
+Subject: batman-adv: don't implement skb_postpush_rcsum() for linux >=4.4.47
 
 skb_postpush_rcsum() has been implemented in 4.4.47 therefore
 our compat code has to be changed to prevent this function to
@@ -10,9 +10,6 @@ Signed-off-by: Antonio Quartulli <a@unstable.cc>
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/b4693d107e0869bf11956fd2d3be4fd0a8671b46
----
- compat-include/linux/skbuff.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/compat-include/linux/skbuff.h b/compat-include/linux/skbuff.h
 index 6f73946496ac15f2fdb856357f16e4e2d8a6e6cd..371bb561eecaf605a5c96f9417546f6bb817724d 100644

batman-adv/patches/0006-batman-adv-Fix-bat_ogm_iv-best-gw-refcnt-after-netli.patch

@@ -1,6 +1,6 @@
 From: Sven Eckelmann <sven@narfation.org>
 Date: Sat, 2 Jun 2018 17:26:34 +0200
-Subject: [PATCH] batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump
+Subject: batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump
 
 A reference for the best gateway is taken when the list of gateways in the
 mesh is sent via netlink. This is necessary to check whether the currently
@@ -19,9 +19,6 @@ Signed-off-by: Sven Eckelmann <sven@narfation.org>
 Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/46360d203c627e71a27d1f8f551c819c7f2353fd
----
- net/batman-adv/bat_iv_ogm.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
 index be09a98838252f4f0c23cec0625930cf896cd0ff..73bf6a93a3cf1141a34657bf1284893199e04db9 100644

batman-adv/patches/0007-batman-adv-Fix-bat_v-best-gw-refcnt-after-netlink-du.patch

@@ -1,6 +1,6 @@
 From: Sven Eckelmann <sven@narfation.org>
 Date: Sat, 2 Jun 2018 17:26:35 +0200
-Subject: [PATCH] batman-adv: Fix bat_v best gw refcnt after netlink dump
+Subject: batman-adv: Fix bat_v best gw refcnt after netlink dump
 
 A reference for the best gateway is taken when the list of gateways in the
 mesh is sent via netlink. This is necessary to check whether the currently
@@ -17,9 +17,6 @@ Signed-off-by: Sven Eckelmann <sven@narfation.org>
 Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/2b422b5808183d1084b450b89d9a085a13dd6d2c
----
- net/batman-adv/bat_v.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c
 index ec93337ee2597738e46b87dd72724d5becf3f48e..6baec4e68898c6e992e7522d2ee8c78ce62a1b08 100644

batman-adv/patches/0008-batman-adv-Fix-debugfs-path-for-renamed-hardif.patch

@@ -1,6 +1,6 @@
 From: Sven Eckelmann <sven@narfation.org>
 Date: Fri, 1 Jun 2018 19:24:23 +0200
-Subject: [PATCH] batman-adv: Fix debugfs path for renamed hardif
+Subject: batman-adv: Fix debugfs path for renamed hardif
 
 batman-adv is creating special debugfs directories in the init
 net_namespace for each valid hard-interface (net_device). But it is
@@ -27,11 +27,6 @@ Reported-by: John Soros <sorosj@gmail.com>
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/127086f503f6495518b95455efebee33d328f335
----
- net/batman-adv/debugfs.c        | 20 ++++++++++++++++++++
- net/batman-adv/debugfs.h        |  6 ++++++
- net/batman-adv/hard-interface.c |  3 +++
- 3 files changed, 29 insertions(+)
 
 diff --git a/net/batman-adv/debugfs.c b/net/batman-adv/debugfs.c
 index 4229b01ac7b54008e023df0ed6546a6d541498ba..7e5de7b9f6d53b846cebfa95bf694a20c640b2d6 100644

batman-adv/patches/0009-batman-adv-Fix-debugfs-path-for-renamed-softif.patch

@@ -1,6 +1,6 @@
 From: Sven Eckelmann <sven@narfation.org>
 Date: Fri, 1 Jun 2018 19:24:24 +0200
-Subject: [PATCH] batman-adv: Fix debugfs path for renamed softif
+Subject: batman-adv: Fix debugfs path for renamed softif
 
 batman-adv is creating special debugfs directories in the init
 net_namespace for each created soft-interface (batadv net_device). But it
@@ -25,11 +25,6 @@ Fixes: 230202d4b530 ("batman-adv: Move device for icmp injection to debugfs")
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/3f2237bb191cd17654a4d5a5badfd6e7379c4b37
----
- net/batman-adv/debugfs.c        | 20 +++++++++++++++++++
- net/batman-adv/debugfs.h        |  5 +++++
- net/batman-adv/hard-interface.c | 34 +++++++++++++++++++++++++++------
- 3 files changed, 53 insertions(+), 6 deletions(-)
 
 diff --git a/net/batman-adv/debugfs.c b/net/batman-adv/debugfs.c
 index 7e5de7b9f6d53b846cebfa95bf694a20c640b2d6..87479c60670ebfbe2ad3df17130f1289d657df7b 100644

batman-adv/patches/0010-batman-adv-Avoid-storing-non-TT-sync-flags-on-singul.patch

@@ -1,6 +1,6 @@
 From: Linus Lüssing <linus.luessing@c0d3.blue>
 Date: Thu, 7 Jun 2018 00:46:23 +0200
-Subject: [PATCH] batman-adv: Avoid storing non-TT-sync flags on singular entries too
+Subject: batman-adv: Avoid storing non-TT-sync flags on singular entries too
 
 Since commit 382d020fe3fa ("batman-adv: fix TT sync flag inconsistencies")
 TT sync flags and TT non-sync'd flags are supposed to be stored
@@ -17,12 +17,9 @@ Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/beb6246b2339852b6a429ae9259a8eb30a685041
----
- net/batman-adv/translation-table.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
-index 3986551397caa5ffb6ba7338eeb4769c8b8f99fb..61ce300091f328fd78dafa5c4fd09f6cf924b025 100644
+index dfd484d73f8e569bc60e153ea6ca244ea5757d5c..8b0f30457a2eda3c0791da9c8876fc1768170d76 100644
 --- a/net/batman-adv/translation-table.c
 +++ b/net/batman-adv/translation-table.c
 @@ -1705,7 +1705,8 @@ static bool batadv_tt_global_add(struct batadv_priv *bat_priv,

batman-adv/patches/0011-batman-adv-Fix-multicast-TT-issues-with-bogus-ROAM-f.patch

@@ -1,6 +1,6 @@
 From: Linus Lüssing <linus.luessing@c0d3.blue>
 Date: Thu, 7 Jun 2018 00:46:24 +0200
-Subject: [PATCH] batman-adv: Fix multicast TT issues with bogus ROAM flags
+Subject: batman-adv: Fix multicast TT issues with bogus ROAM flags
 
 When a (broken) node wrongly sends multicast TT entries with a ROAM
 flag then this causes any receiving node to drop all entries for the
@@ -16,12 +16,9 @@ Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 
 Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/c7054ffae0c3b08bb4bef3cffee1e0a543e14096
----
- net/batman-adv/translation-table.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
-index 61ce300091f328fd78dafa5c4fd09f6cf924b025..12a2b7d21376721d15c6a31f3e794e4270d74b5c 100644
+index 8b0f30457a2eda3c0791da9c8876fc1768170d76..9efbdd6348c4d69c525b3e0574d2b24db838c086 100644
 --- a/net/batman-adv/translation-table.c
 +++ b/net/batman-adv/translation-table.c
 @@ -1705,7 +1705,8 @@ static bool batadv_tt_global_add(struct batadv_priv *bat_priv,

batman-adv/patches/0012-batman-adv-Avoid-probe-ELP-information-leak.patch

@@ -0,0 +1,32 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Fri, 31 Aug 2018 15:08:44 +0200
+Subject: batman-adv: Avoid probe ELP information leak
+
+The probe ELPs for WiFi interfaces are expanded to contain at least
+BATADV_ELP_MIN_PROBE_SIZE bytes. This is usually a lot more than the
+number of bytes which the template ELP packet requires.
+
+These extra padding bytes were not initialized and thus could contain data
+which were previously stored at the same location. It is therefore required
+to set it to some predefined or random values to avoid leaking private
+information from the system transmitting these kind of packets.
+
+Fixes: bedcadfaa92b ("batman-adv: ELP - send unicast ELP packets for throughput sampling")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Antonio Quartulli <a@unstable.cc>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/6c876e572f592c31132a55b5fb8427e168e5fb3c
+
+diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
+index 28687493599f5ba10b8813c18d803582210bc292..371028f82a0669e86155fee39ba955cbbde48e60 100644
+--- a/net/batman-adv/bat_v_elp.c
++++ b/net/batman-adv/bat_v_elp.c
+@@ -228,7 +228,7 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh)
+ 		 * the packet to be exactly of that size to make the link
+ 		 * throughput estimation effective.
+ 		 */
+-		skb_put(skb, probe_len - hard_iface->bat_v.elp_skb->len);
++		skb_put_zero(skb, probe_len - hard_iface->bat_v.elp_skb->len);
+ 
+ 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
+ 			   "Sending unicast (probe) ELP packet on interface %s to %pM\n",

batman-adv/patches/0013-batman-adv-Fix-segfault-when-writing-to-throughput_o.patch

@@ -0,0 +1,42 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Fri, 31 Aug 2018 16:46:47 +0200
+Subject: batman-adv: Fix segfault when writing to throughput_override
+
+The per hardif sysfs file "batman_adv/throughput_override" prints the
+resulting change as info text when the users writes to this file. It uses
+the helper function batadv_info to add it at the same time to the kernel
+ring buffer and to the batman-adv debug log (when CONFIG_BATMAN_ADV_DEBUG
+is enabled).
+
+The function batadv_info requires as first parameter the batman-adv softif
+net_device. This parameter is then used to find the private buffer which
+contains the debug log for this batman-adv interface. But
+batadv_store_throughput_override used as first argument the slave
+net_device. This slave device doesn't have the batadv_priv private data
+which is access by batadv_info.
+
+Writing to this file with CONFIG_BATMAN_ADV_DEBUG enabled can either lead
+to a segfault or to memory corruption.
+
+Fixes: c513176e4b7a ("batman-adv: add throughput override attribute to hard_ifaces")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/ddf99b78e255530cbadc0f67656a549e19520280
+
+diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c
+index f2eef43bd2ec5b798ba552ff14eedcfa734b39d6..3a76e8970c025ca6917d6cd15d1382f685cd3532 100644
+--- a/net/batman-adv/sysfs.c
++++ b/net/batman-adv/sysfs.c
+@@ -1090,8 +1090,9 @@ static ssize_t batadv_store_throughput_override(struct kobject *kobj,
+ 	if (old_tp_override == tp_override)
+ 		goto out;
+ 
+-	batadv_info(net_dev, "%s: Changing from: %u.%u MBit to: %u.%u MBit\n",
+-		    "throughput_override",
++	batadv_info(hard_iface->soft_iface,
++		    "%s: %s: Changing from: %u.%u MBit to: %u.%u MBit\n",
++		    "throughput_override", net_dev->name,
+ 		    old_tp_override / 10, old_tp_override % 10,
+ 		    tp_override / 10, tp_override % 10);
+ 

batman-adv/patches/0014-batman-adv-Fix-segfault-when-writing-to-sysfs-elp_in.patch

@@ -0,0 +1,105 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Fri, 31 Aug 2018 16:56:29 +0200
+Subject: batman-adv: Fix segfault when writing to sysfs elp_interval
+
+The per hardif sysfs file "batman_adv/elp_interval" is using the generic
+functions to store/show uint values. The helper __batadv_store_uint_attr
+requires the softif net_device as parameter to print the resulting change
+as info text when the users writes to this file. It uses the helper
+function batadv_info to add it at the same time to the kernel ring buffer
+and to the batman-adv debug log (when CONFIG_BATMAN_ADV_DEBUG is enabled).
+
+The function batadv_info requires as first parameter the batman-adv softif
+net_device. This parameter is then used to find the private buffer which
+contains the debug log for this batman-adv interface. But
+batadv_store_throughput_override used as first argument the slave
+net_device. This slave device doesn't have the batadv_priv private data
+which is access by batadv_info.
+
+Writing to this file with CONFIG_BATMAN_ADV_DEBUG enabled can either lead
+to a segfault or to memory corruption.
+
+Fixes: ec46535b8275 ("batman-adv: Add hard_iface specific sysfs wrapper macros for UINT")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/848be9859b0109a6e428f92f21f2e660153b1c75
+
+diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c
+index 3a76e8970c025ca6917d6cd15d1382f685cd3532..09427fc6494a157554d8b19f3481a878a9f97bba 100644
+--- a/net/batman-adv/sysfs.c
++++ b/net/batman-adv/sysfs.c
+@@ -188,7 +188,8 @@ ssize_t batadv_store_##_name(struct kobject *kobj,			\
+ 									\
+ 	return __batadv_store_uint_attr(buff, count, _min, _max,	\
+ 					_post_func, attr,		\
+-					&bat_priv->_var, net_dev);	\
++					&bat_priv->_var, net_dev,	\
++					NULL);	\
+ }
+ 
+ #define BATADV_ATTR_SIF_SHOW_UINT(_name, _var)				\
+@@ -262,7 +263,9 @@ ssize_t batadv_store_##_name(struct kobject *kobj,			\
+ 									\
+ 	length = __batadv_store_uint_attr(buff, count, _min, _max,	\
+ 					  _post_func, attr,		\
+-					  &hard_iface->_var, net_dev);	\
++					  &hard_iface->_var,		\
++					  hard_iface->soft_iface,	\
++					  net_dev);			\
+ 									\
+ 	batadv_hardif_put(hard_iface);				\
+ 	return length;							\
+@@ -356,10 +359,12 @@ __batadv_store_bool_attr(char *buff, size_t count,
+ 
+ static int batadv_store_uint_attr(const char *buff, size_t count,
+ 				  struct net_device *net_dev,
++				  struct net_device *slave_dev,
+ 				  const char *attr_name,
+ 				  unsigned int min, unsigned int max,
+ 				  atomic_t *attr)
+ {
++	char ifname[IFNAMSIZ + 3] = "";
+ 	unsigned long uint_val;
+ 	int ret;
+ 
+@@ -385,8 +390,11 @@ static int batadv_store_uint_attr(const char *buff, size_t count,
+ 	if (atomic_read(attr) == uint_val)
+ 		return count;
+ 
+-	batadv_info(net_dev, "%s: Changing from: %i to: %lu\n",
+-		    attr_name, atomic_read(attr), uint_val);
++	if (slave_dev)
++		snprintf(ifname, sizeof(ifname), "%s: ", slave_dev->name);
++
++	batadv_info(net_dev, "%s: %sChanging from: %i to: %lu\n",
++		    attr_name, ifname, atomic_read(attr), uint_val);
+ 
+ 	atomic_set(attr, uint_val);
+ 	return count;
+@@ -397,12 +405,13 @@ static ssize_t __batadv_store_uint_attr(const char *buff, size_t count,
+ 					void (*post_func)(struct net_device *),
+ 					const struct attribute *attr,
+ 					atomic_t *attr_store,
+-					struct net_device *net_dev)
++					struct net_device *net_dev,
++					struct net_device *slave_dev)
+ {
+ 	int ret;
+ 
+-	ret = batadv_store_uint_attr(buff, count, net_dev, attr->name, min, max,
+-				     attr_store);
++	ret = batadv_store_uint_attr(buff, count, net_dev, slave_dev,
++				     attr->name, min, max, attr_store);
+ 	if (post_func && ret)
+ 		post_func(net_dev);
+ 
+@@ -571,7 +580,7 @@ static ssize_t batadv_store_gw_sel_class(struct kobject *kobj,
+ 	return __batadv_store_uint_attr(buff, count, 1, BATADV_TQ_MAX_VALUE,
+ 					batadv_post_gw_reselect, attr,
+ 					&bat_priv->gw.sel_class,
+-					bat_priv->soft_iface);
++					bat_priv->soft_iface, NULL);
+ }
+ 
+ static ssize_t batadv_show_gw_bwidth(struct kobject *kobj,

batman-adv/patches/0015-batman-adv-fix-backbone_gw-refcount-on-queue_work-fa.patch

@@ -0,0 +1,42 @@
+From: Marek Lindner <mareklindner@neomailbox.ch>
+Date: Fri, 7 Sep 2018 05:45:54 +0800
+Subject: batman-adv: fix backbone_gw refcount on queue_work() failure
+
+The backbone_gw refcounter is to be decreased by the queued work and
+currently is never decreased if the queue_work() call fails.
+Fix by checking the queue_work() return value and decrease refcount
+if necessary.
+
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/24d83a50421c1c5d39cd9c015516a1a293ae8d0c
+
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
+index a2de5a44bd41bf5c3d521d29b72e0b225a3ace05..58c093caf49e804c1e11426959d70e79f1729d41 100644
+--- a/net/batman-adv/bridge_loop_avoidance.c
++++ b/net/batman-adv/bridge_loop_avoidance.c
+@@ -1772,6 +1772,7 @@ batadv_bla_loopdetect_check(struct batadv_priv *bat_priv, struct sk_buff *skb,
+ {
+ 	struct batadv_bla_backbone_gw *backbone_gw;
+ 	struct ethhdr *ethhdr;
++	bool ret;
+ 
+ 	ethhdr = eth_hdr(skb);
+ 
+@@ -1795,8 +1796,13 @@ batadv_bla_loopdetect_check(struct batadv_priv *bat_priv, struct sk_buff *skb,
+ 	if (unlikely(!backbone_gw))
+ 		return true;
+ 
+-	queue_work(batadv_event_workqueue, &backbone_gw->report_work);
+-	/* backbone_gw is unreferenced in the report work function function */
++	ret = queue_work(batadv_event_workqueue, &backbone_gw->report_work);
++
++	/* backbone_gw is unreferenced in the report work function function
++	 * if queue_work() call was successful
++	 */
++	if (!ret)
++		batadv_backbone_gw_put(backbone_gw);
+ 
+ 	return true;
+ }

batman-adv/patches/0016-batman-adv-fix-hardif_neigh-refcount-on-queue_work-f.patch

@@ -0,0 +1,40 @@
+From: Marek Lindner <mareklindner@neomailbox.ch>
+Date: Fri, 7 Sep 2018 05:45:55 +0800
+Subject: batman-adv: fix hardif_neigh refcount on queue_work() failure
+
+The hardif_neigh refcounter is to be decreased by the queued work and
+currently is never decreased if the queue_work() call fails.
+Fix by checking the queue_work() return value and decrease refcount
+if necessary.
+
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/85100b602c127cecf1bcfd620d20eb867d685df2
+
+diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
+index 371028f82a0669e86155fee39ba955cbbde48e60..83b46654449df72ceda6ca3177f72e7faf0603ab 100644
+--- a/net/batman-adv/bat_v_elp.c
++++ b/net/batman-adv/bat_v_elp.c
+@@ -255,6 +255,7 @@ static void batadv_v_elp_periodic_work(struct work_struct *work)
+ 	struct batadv_priv *bat_priv;
+ 	struct sk_buff *skb;
+ 	u32 elp_interval;
++	bool ret;
+ 
+ 	bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work);
+ 	hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v);
+@@ -316,8 +317,11 @@ static void batadv_v_elp_periodic_work(struct work_struct *work)
+ 		 * may sleep and that is not allowed in an rcu protected
+ 		 * context. Therefore schedule a task for that.
+ 		 */
+-		queue_work(batadv_event_workqueue,
+-			   &hardif_neigh->bat_v.metric_work);
++		ret = queue_work(batadv_event_workqueue,
++				 &hardif_neigh->bat_v.metric_work);
++
++		if (!ret)
++			batadv_hardif_neigh_put(hardif_neigh);
+ 	}
+ 	rcu_read_unlock();
+ 

batman-adv/patches/0017-batman-adv-Prevent-duplicated-gateway_node-entry.patch

@@ -0,0 +1,78 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Thu, 6 Sep 2018 14:35:24 +0200
+Subject: batman-adv: Prevent duplicated gateway_node entry
+
+The function batadv_gw_node_add is responsible for adding new gw_node to
+the gateway_list. It is expecting that the caller already checked that
+there is not already an entry with the same key or not.
+
+But the lock for the list is only held when the list is really modified.
+This could lead to duplicated entries because another context could create
+an entry with the same key between the check and the list manipulation.
+
+The check and the manipulation of the list must therefore be in the same
+locked code section.
+
+Fixes: bc3538cabac5 ("batman-adv: adding gateway functionality")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/69b3ca714eba608fe79a51ccd89ce7050ee0b770
+
+diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
+index 8b198ee798c910b40997ed9ca867fc931c53dcc3..140c61a3f1ecfec4fe23c5ddca19e18e2e86fd56 100644
+--- a/net/batman-adv/gateway_client.c
++++ b/net/batman-adv/gateway_client.c
+@@ -32,6 +32,7 @@
+ #include <linux/kernel.h>
+ #include <linux/kref.h>
+ #include <linux/list.h>
++#include <linux/lockdep.h>
+ #include <linux/netdevice.h>
+ #include <linux/netlink.h>
+ #include <linux/rculist.h>
+@@ -348,6 +349,9 @@ void batadv_gw_check_election(struct batadv_priv *bat_priv,
+  * @bat_priv: the bat priv with all the soft interface information
+  * @orig_node: originator announcing gateway capabilities
+  * @gateway: announced bandwidth information
++ *
++ * Has to be called with the appropriate locks being acquired
++ * (gw.list_lock).
+  */
+ static void batadv_gw_node_add(struct batadv_priv *bat_priv,
+ 			       struct batadv_orig_node *orig_node,
+@@ -355,6 +359,8 @@ static void batadv_gw_node_add(struct batadv_priv *bat_priv,
+ {
+ 	struct batadv_gw_node *gw_node;
+ 
++	lockdep_assert_held(&bat_priv->gw.list_lock);
++
+ 	if (gateway->bandwidth_down == 0)
+ 		return;
+ 
+@@ -369,10 +375,8 @@ static void batadv_gw_node_add(struct batadv_priv *bat_priv,
+ 	gw_node->bandwidth_down = ntohl(gateway->bandwidth_down);
+ 	gw_node->bandwidth_up = ntohl(gateway->bandwidth_up);
+ 
+-	spin_lock_bh(&bat_priv->gw.list_lock);
+ 	kref_get(&gw_node->refcount);
+ 	hlist_add_head_rcu(&gw_node->list, &bat_priv->gw.gateway_list);
+-	spin_unlock_bh(&bat_priv->gw.list_lock);
+ 
+ 	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
+ 		   "Found new gateway %pM -> gw bandwidth: %u.%u/%u.%u MBit\n",
+@@ -428,11 +432,14 @@ void batadv_gw_node_update(struct batadv_priv *bat_priv,
+ {
+ 	struct batadv_gw_node *gw_node, *curr_gw = NULL;
+ 
++	spin_lock_bh(&bat_priv->gw.list_lock);
+ 	gw_node = batadv_gw_node_get(bat_priv, orig_node);
+ 	if (!gw_node) {
+ 		batadv_gw_node_add(bat_priv, orig_node, gateway);
++		spin_unlock_bh(&bat_priv->gw.list_lock);
+ 		goto out;
+ 	}
++	spin_unlock_bh(&bat_priv->gw.list_lock);
+ 
+ 	if (gw_node->bandwidth_down == ntohl(gateway->bandwidth_down) &&
+ 	    gw_node->bandwidth_up == ntohl(gateway->bandwidth_up))

batman-adv/patches/0018-batman-adv-Prevent-duplicated-nc_node-entry.patch

@@ -0,0 +1,87 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Thu, 6 Sep 2018 14:35:25 +0200
+Subject: batman-adv: Prevent duplicated nc_node entry
+
+The function batadv_nc_get_nc_node is responsible for adding new nc_nodes
+to the in_coding_list and out_coding_list. It first checks whether the
+entry already is in the list or not. If it is, then the creation of a new
+entry is aborted.
+
+But the lock for the list is only held when the list is really modified.
+This could lead to duplicated entries because another context could create
+an entry with the same key between the check and the list manipulation.
+
+The check and the manipulation of the list must therefore be in the same
+locked code section.
+
+Fixes: 3ed7ada3f0bb ("batman-adv: network coding - detect coding nodes and remove these after timeout")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/bab8447ad1850b25188f9652c0c52f8e58acd656
+
+diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
+index c3578444f3cbe759a5385ac460ccb9d41ae1c4de..34caf129a9bf5531360f798be6a7059bad26a50f 100644
+--- a/net/batman-adv/network-coding.c
++++ b/net/batman-adv/network-coding.c
+@@ -854,24 +854,6 @@ batadv_nc_get_nc_node(struct batadv_priv *bat_priv,
+ 	spinlock_t *lock; /* Used to lock list selected by "int in_coding" */
+ 	struct list_head *list;
+ 
+-	/* Check if nc_node is already added */
+-	nc_node = batadv_nc_find_nc_node(orig_node, orig_neigh_node, in_coding);
+-
+-	/* Node found */
+-	if (nc_node)
+-		return nc_node;
+-
+-	nc_node = kzalloc(sizeof(*nc_node), GFP_ATOMIC);
+-	if (!nc_node)
+-		return NULL;
+-
+-	/* Initialize nc_node */
+-	INIT_LIST_HEAD(&nc_node->list);
+-	kref_init(&nc_node->refcount);
+-	ether_addr_copy(nc_node->addr, orig_node->orig);
+-	kref_get(&orig_neigh_node->refcount);
+-	nc_node->orig_node = orig_neigh_node;
+-
+ 	/* Select ingoing or outgoing coding node */
+ 	if (in_coding) {
+ 		lock = &orig_neigh_node->in_coding_list_lock;
+@@ -881,13 +863,34 @@ batadv_nc_get_nc_node(struct batadv_priv *bat_priv,
+ 		list = &orig_neigh_node->out_coding_list;
+ 	}
+ 
++	spin_lock_bh(lock);
++
++	/* Check if nc_node is already added */
++	nc_node = batadv_nc_find_nc_node(orig_node, orig_neigh_node, in_coding);
++
++	/* Node found */
++	if (nc_node)
++		goto unlock;
++
++	nc_node = kzalloc(sizeof(*nc_node), GFP_ATOMIC);
++	if (!nc_node)
++		goto unlock;
++
++	/* Initialize nc_node */
++	INIT_LIST_HEAD(&nc_node->list);
++	kref_init(&nc_node->refcount);
++	ether_addr_copy(nc_node->addr, orig_node->orig);
++	kref_get(&orig_neigh_node->refcount);
++	nc_node->orig_node = orig_neigh_node;
++
+ 	batadv_dbg(BATADV_DBG_NC, bat_priv, "Adding nc_node %pM -> %pM\n",
+ 		   nc_node->addr, nc_node->orig_node->orig);
+ 
+ 	/* Add nc_node to orig_node */
+-	spin_lock_bh(lock);
+ 	kref_get(&nc_node->refcount);
+ 	list_add_tail_rcu(&nc_node->list, list);
++
++unlock:
+ 	spin_unlock_bh(lock);
+ 
+ 	return nc_node;

batman-adv/patches/0019-batman-adv-Prevent-duplicated-softif_vlan-entry.patch

@@ -0,0 +1,78 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Thu, 6 Sep 2018 14:35:26 +0200
+Subject: batman-adv: Prevent duplicated softif_vlan entry
+
+The function batadv_softif_vlan_get is responsible for adding new
+softif_vlan to the softif_vlan_list. It first checks whether the entry
+already is in the list or not. If it is, then the creation of a new entry
+is aborted.
+
+But the lock for the list is only held when the list is really modified.
+This could lead to duplicated entries because another context could create
+an entry with the same key between the check and the list manipulation.
+
+The check and the manipulation of the list must therefore be in the same
+locked code section.
+
+Fixes: 952cebb57518 ("batman-adv: add per VLAN interface attribute framework")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/023d3f64207e8b6a6e6d0718d98e239c5545ef0c
+
+diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
+index edeffcb9f3a24e1b53c2b4d705fb260717ac09c4..79d6ab78359db9c6a5df14e2e204c611ab134dfc 100644
+--- a/net/batman-adv/soft-interface.c
++++ b/net/batman-adv/soft-interface.c
+@@ -574,15 +574,20 @@ int batadv_softif_create_vlan(struct batadv_priv *bat_priv, unsigned short vid)
+ 	struct batadv_softif_vlan *vlan;
+ 	int err;
+ 
++	spin_lock_bh(&bat_priv->softif_vlan_list_lock);
++
+ 	vlan = batadv_softif_vlan_get(bat_priv, vid);
+ 	if (vlan) {
+ 		batadv_softif_vlan_put(vlan);
++		spin_unlock_bh(&bat_priv->softif_vlan_list_lock);
+ 		return -EEXIST;
+ 	}
+ 
+ 	vlan = kzalloc(sizeof(*vlan), GFP_ATOMIC);
+-	if (!vlan)
++	if (!vlan) {
++		spin_unlock_bh(&bat_priv->softif_vlan_list_lock);
+ 		return -ENOMEM;
++	}
+ 
+ 	vlan->bat_priv = bat_priv;
+ 	vlan->vid = vid;
+@@ -590,17 +595,23 @@ int batadv_softif_create_vlan(struct batadv_priv *bat_priv, unsigned short vid)
+ 
+ 	atomic_set(&vlan->ap_isolation, 0);
+ 
+-	err = batadv_sysfs_add_vlan(bat_priv->soft_iface, vlan);
+-	if (err) {
+-		kfree(vlan);
+-		return err;
+-	}
+-
+-	spin_lock_bh(&bat_priv->softif_vlan_list_lock);
+ 	kref_get(&vlan->refcount);
+ 	hlist_add_head_rcu(&vlan->list, &bat_priv->softif_vlan_list);
+ 	spin_unlock_bh(&bat_priv->softif_vlan_list_lock);
+ 
++	/* batadv_sysfs_add_vlan cannot be in the spinlock section due to the
++	 * sleeping behavior of the sysfs functions and the fs_reclaim lock
++	 */
++	err = batadv_sysfs_add_vlan(bat_priv->soft_iface, vlan);
++	if (err) {
++		/* ref for the function */
++		batadv_softif_vlan_put(vlan);
++
++		/* ref for the list */
++		batadv_softif_vlan_put(vlan);
++		return err;
++	}
++
+ 	/* add a new TT local entry. This one will be marked with the NOPURGE
+ 	 * flag
+ 	 */

batman-adv/patches/0020-batman-adv-Prevent-duplicated-global-TT-entry.patch

@@ -0,0 +1,56 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Thu, 6 Sep 2018 14:35:27 +0200
+Subject: batman-adv: Prevent duplicated global TT entry
+
+The function batadv_tt_global_orig_entry_add is responsible for adding new
+tt_orig_list_entry to the orig_list. It first checks whether the entry
+already is in the list or not. If it is, then the creation of a new entry
+is aborted.
+
+But the lock for the list is only held when the list is really modified.
+This could lead to duplicated entries because another context could create
+an entry with the same key between the check and the list manipulation.
+
+The check and the manipulation of the list must therefore be in the same
+locked code section.
+
+Fixes: c5eb5bb30321 ("batman-adv: add reference counting for type batadv_tt_orig_list_entry")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/79097255a1a3e1bd1949be309af941181fbc7b36
+
+diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
+index 9efbdd6348c4d69c525b3e0574d2b24db838c086..7502cb54c152d06d78c88d9f8fb841cada9f3b5d 100644
+--- a/net/batman-adv/translation-table.c
++++ b/net/batman-adv/translation-table.c
+@@ -1613,6 +1613,8 @@ batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global,
+ {
+ 	struct batadv_tt_orig_list_entry *orig_entry;
+ 
++	spin_lock_bh(&tt_global->list_lock);
++
+ 	orig_entry = batadv_tt_global_orig_entry_find(tt_global, orig_node);
+ 	if (orig_entry) {
+ 		/* refresh the ttvn: the current value could be a bogus one that
+@@ -1635,11 +1637,9 @@ batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global,
+ 	orig_entry->flags = flags;
+ 	kref_init(&orig_entry->refcount);
+ 
+-	spin_lock_bh(&tt_global->list_lock);
+ 	kref_get(&orig_entry->refcount);
+ 	hlist_add_head_rcu(&orig_entry->list,
+ 			   &tt_global->orig_list);
+-	spin_unlock_bh(&tt_global->list_lock);
+ 	atomic_inc(&tt_global->orig_list_count);
+ 
+ sync_flags:
+@@ -1647,6 +1647,8 @@ batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global,
+ out:
+ 	if (orig_entry)
+ 		batadv_tt_orig_list_entry_put(orig_entry);
++
++	spin_unlock_bh(&tt_global->list_lock);
+ }
+ 
+ /**

batman-adv/patches/0021-batman-adv-Prevent-duplicated-tvlv-handler.patch

@@ -0,0 +1,56 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Thu, 6 Sep 2018 14:35:28 +0200
+Subject: batman-adv: Prevent duplicated tvlv handler
+
+The function batadv_tvlv_handler_register is responsible for adding new
+tvlv_handler to the handler_list. It first checks whether the entry
+already is in the list or not. If it is, then the creation of a new entry
+is aborted.
+
+But the lock for the list is only held when the list is really modified.
+This could lead to duplicated entries because another context could create
+an entry with the same key between the check and the list manipulation.
+
+The check and the manipulation of the list must therefore be in the same
+locked code section.
+
+Fixes: 0b6aa0d43767 ("batman-adv: tvlv - basic infrastructure")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/acabad79e01740525cf4ff8ce6e9a210b683d420
+
+diff --git a/net/batman-adv/tvlv.c b/net/batman-adv/tvlv.c
+index a637458205d16bf838f796383d8cc15ac861801b..40e69c9346d22c09481544b8b4dec56cad88b64a 100644
+--- a/net/batman-adv/tvlv.c
++++ b/net/batman-adv/tvlv.c
+@@ -529,15 +529,20 @@ void batadv_tvlv_handler_register(struct batadv_priv *bat_priv,
+ {
+ 	struct batadv_tvlv_handler *tvlv_handler;
+ 
++	spin_lock_bh(&bat_priv->tvlv.handler_list_lock);
++
+ 	tvlv_handler = batadv_tvlv_handler_get(bat_priv, type, version);
+ 	if (tvlv_handler) {
++		spin_unlock_bh(&bat_priv->tvlv.handler_list_lock);
+ 		batadv_tvlv_handler_put(tvlv_handler);
+ 		return;
+ 	}
+ 
+ 	tvlv_handler = kzalloc(sizeof(*tvlv_handler), GFP_ATOMIC);
+-	if (!tvlv_handler)
++	if (!tvlv_handler) {
++		spin_unlock_bh(&bat_priv->tvlv.handler_list_lock);
+ 		return;
++	}
+ 
+ 	tvlv_handler->ogm_handler = optr;
+ 	tvlv_handler->unicast_handler = uptr;
+@@ -547,7 +552,6 @@ void batadv_tvlv_handler_register(struct batadv_priv *bat_priv,
+ 	kref_init(&tvlv_handler->refcount);
+ 	INIT_HLIST_NODE(&tvlv_handler->list);
+ 
+-	spin_lock_bh(&bat_priv->tvlv.handler_list_lock);
+ 	kref_get(&tvlv_handler->refcount);
+ 	hlist_add_head_rcu(&tvlv_handler->list, &bat_priv->tvlv.handler_list);
+ 	spin_unlock_bh(&bat_priv->tvlv.handler_list_lock);

batman-adv/patches/0022-batman-adv-Use-explicit-tvlv-padding-for-ELP-packets.patch

@@ -0,0 +1,52 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Tue, 30 Oct 2018 12:17:10 +0100
+Subject: batman-adv: Use explicit tvlv padding for ELP packets
+
+The announcement messages of batman-adv COMPAT_VERSION 15 have the
+possibility to announce additional information via a dynamic TVLV part.
+This part is optional for the ELP packets and currently not parsed by the
+Linux implementation. Still out-of-tree versions are using it to transport
+things like neighbor hashes to optimize the rebroadcast behavior.
+
+Since the ELP broadcast packets are smaller than the minimal ethernet
+packet, it often has to be padded. This is often done (as specified in
+RFC894) with octets of zero and thus work perfectly fine with the TVLV
+part (making it a zero length and thus empty). But not all ethernet
+compatible hardware seems to follow this advice. To avoid ambiguous
+situations when parsing the TVLV header, just force the 4 bytes (TVLV
+length + padding) after the required ELP header to zero.
+
+Fixes: a4b88af77e28 ("batman-adv: ELP - adding basic infrastructure")
+Reported-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/974337ee9773c4bd0a2d5c322306cf2bea445e11
+
+diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
+index 83b46654449df72ceda6ca3177f72e7faf0603ab..9aa3c7b2e9bad6c50b2939b6dbf5a9a2e713b93b 100644
+--- a/net/batman-adv/bat_v_elp.c
++++ b/net/batman-adv/bat_v_elp.c
+@@ -339,19 +339,21 @@ static void batadv_v_elp_periodic_work(struct work_struct *work)
+  */
+ int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface)
+ {
++	static const size_t tvlv_padding = sizeof(__be32);
+ 	struct batadv_elp_packet *elp_packet;
+ 	unsigned char *elp_buff;
+ 	u32 random_seqno;
+ 	size_t size;
+ 	int res = -ENOMEM;
+ 
+-	size = ETH_HLEN + NET_IP_ALIGN + BATADV_ELP_HLEN;
++	size = ETH_HLEN + NET_IP_ALIGN + BATADV_ELP_HLEN + tvlv_padding;
+ 	hard_iface->bat_v.elp_skb = dev_alloc_skb(size);
+ 	if (!hard_iface->bat_v.elp_skb)
+ 		goto out;
+ 
+ 	skb_reserve(hard_iface->bat_v.elp_skb, ETH_HLEN + NET_IP_ALIGN);
+-	elp_buff = skb_put_zero(hard_iface->bat_v.elp_skb, BATADV_ELP_HLEN);
++	elp_buff = skb_put_zero(hard_iface->bat_v.elp_skb,
++				BATADV_ELP_HLEN + tvlv_padding);
+ 	elp_packet = (struct batadv_elp_packet *)elp_buff;
+ 
+ 	elp_packet->packet_type = BATADV_ELP;

batman-adv/patches/0023-batman-adv-Expand-merged-fragment-buffer-for-full-pa.patch

@@ -0,0 +1,41 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Wed, 7 Nov 2018 23:09:12 +0100
+Subject: batman-adv: Expand merged fragment buffer for full packet
+
+The complete size ("total_size") of the fragmented packet is stored in the
+fragment header and in the size of the fragment chain. When the fragments
+are ready for merge, the skbuff's tail of the first fragment is expanded to
+have enough room after the data pointer for at least total_size. This means
+that it gets expanded by total_size - first_skb->len.
+
+But this is ignoring the fact that after expanding the buffer, the fragment
+header is pulled by from this buffer. Assuming that the tailroom of the
+buffer was already 0, the buffer after the data pointer of the skbuff is
+now only total_size - len(fragment_header) large. When the merge function
+is then processing the remaining fragments, the code to copy the data over
+to the merged skbuff will cause an skb_over_panic when it tries to actually
+put enough data to fill the total_size bytes of the packet.
+
+The size of the skb_pull must therefore also be taken into account when the
+buffer's tailroom is expanded.
+
+Fixes: 9b3eab61754d ("batman-adv: Receive fragmented packets and merge")
+Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net>
+Co-authored-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: other, https://patchwork.open-mesh.org/patch/17616/
+
+diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
+index 0fddc17106bd8a0e3f064fee9adba7c226f34682..5b71a289d04fc80de6c20e7a24d621727c77825a 100644
+--- a/net/batman-adv/fragmentation.c
++++ b/net/batman-adv/fragmentation.c
+@@ -275,7 +275,7 @@ batadv_frag_merge_packets(struct hlist_head *chain)
+ 	kfree(entry);
+ 
+ 	packet = (struct batadv_frag_packet *)skb_out->data;
+-	size = ntohs(packet->total_size);
++	size = ntohs(packet->total_size) + hdr_size;
+ 
+ 	/* Make room for the rest of the fragments. */
+ 	if (pskb_expand_head(skb_out, 0, size - skb_out->len, GFP_ATOMIC) < 0) {

batman-adv/patches/0024-batman-adv-Avoid-WARN-on-net_device-without-parent-i.patch

@@ -0,0 +1,45 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sun, 30 Dec 2018 12:46:01 +0100
+Subject: batman-adv: Avoid WARN on net_device without parent in netns
+
+It is not allowed to use WARN* helpers on potential incorrect input from
+the user or transient problems because systems configured as panic_on_warn
+will reboot due to such a problem.
+
+A NULL return value of __dev_get_by_index can be caused by various problems
+which can either be related to the system configuration or problems
+(incorrectly returned network namespaces) in other (virtual) net_device
+drivers. batman-adv should not cause a (harmful) WARN in this situation and
+instead only report it via a simple message.
+
+Fixes: 3d48811b27f5 ("batman-adv: prevent using any virtual device created on batman-adv as hard-interface")
+Reported-by: syzbot+c764de0fcfadca9a8595@syzkaller.appspotmail.com
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/59ad04405be86f648fd83d81d2fd0a78f215a43b
+
+diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
+index 2f0d42f2f913e74cf10c0c6ce89320434994cac5..08690d06b7be2b25ca3f009394763c7083c70644 100644
+--- a/net/batman-adv/hard-interface.c
++++ b/net/batman-adv/hard-interface.c
+@@ -20,7 +20,6 @@
+ #include "main.h"
+ 
+ #include <linux/atomic.h>
+-#include <linux/bug.h>
+ #include <linux/byteorder/generic.h>
+ #include <linux/errno.h>
+ #include <linux/gfp.h>
+@@ -179,8 +178,10 @@ static bool batadv_is_on_batman_iface(const struct net_device *net_dev)
+ 	parent_dev = __dev_get_by_index((struct net *)parent_net,
+ 					dev_get_iflink(net_dev));
+ 	/* if we got a NULL parent_dev there is something broken.. */
+-	if (WARN(!parent_dev, "Cannot find parent device"))
++	if (!parent_dev) {
++		pr_err("Cannot find parent device\n");
+ 		return false;
++	}
+ 
+ 	if (batadv_mutual_parents(net_dev, net, parent_dev, parent_net))
+ 		return false;

batman-adv/patches/0025-batman-adv-Force-mac-header-to-start-of-data-on-xmit.patch

@@ -0,0 +1,36 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Mon, 31 Dec 2018 22:46:09 +0100
+Subject: batman-adv: Force mac header to start of data on xmit
+
+The caller of ndo_start_xmit may not already have called
+skb_reset_mac_header. The returned value of skb_mac_header/eth_hdr
+therefore can be in the wrong position and even outside the current skbuff.
+This for example happens when the user binds to the device using a
+PF_PACKET-SOCK_RAW with enabled qdisc-bypass:
+
+  int opt = 4;
+  setsockopt(sock, SOL_PACKET, PACKET_QDISC_BYPASS, &opt, sizeof(opt));
+
+Since eth_hdr is used all over the codebase, the batadv_interface_tx
+function must always take care of resetting it.
+
+Fixes: fe28a94c01e1 ("batman-adv: receive packets directly using skbs")
+Reported-by: syzbot+9d7405c7faa390e60b4e@syzkaller.appspotmail.com
+Reported-by: syzbot+7d20bc3f1ddddc0f9079@syzkaller.appspotmail.com
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/74c4b0c50f19f986752ee18ed393732f4eed7a66
+
+diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
+index 79d6ab78359db9c6a5df14e2e204c611ab134dfc..d3f540ba2a1388a8aa693a539d01d6a1cad95b44 100644
+--- a/net/batman-adv/soft-interface.c
++++ b/net/batman-adv/soft-interface.c
+@@ -221,6 +221,8 @@ static int batadv_interface_tx(struct sk_buff *skb,
+ 
+ 	netif_trans_update(soft_iface);
+ 	vid = batadv_get_vid(skb, 0);
++
++	skb_reset_mac_header(skb);
+ 	ethhdr = eth_hdr(skb);
+ 
+ 	switch (ntohs(ethhdr->h_proto)) {

batman-adv/patches/0026-batman-adv-fix-uninit-value-in-batadv_interface_tx.patch

@@ -0,0 +1,95 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Mon, 11 Feb 2019 14:41:22 -0800
+Subject: batman-adv: fix uninit-value in batadv_interface_tx()
+
+KMSAN reported batadv_interface_tx() was possibly using a
+garbage value [1]
+
+batadv_get_vid() does have a pskb_may_pull() call
+but batadv_interface_tx() does not actually make sure
+this did not fail.
+
+[1]
+BUG: KMSAN: uninit-value in batadv_interface_tx+0x908/0x1e40 net/batman-adv/soft-interface.c:231
+CPU: 0 PID: 10006 Comm: syz-executor469 Not tainted 4.20.0-rc7+ #5
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:77 [inline]
+ dump_stack+0x173/0x1d0 lib/dump_stack.c:113
+ kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613
+ __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:313
+ batadv_interface_tx+0x908/0x1e40 net/batman-adv/soft-interface.c:231
+ __netdev_start_xmit include/linux/netdevice.h:4356 [inline]
+ netdev_start_xmit include/linux/netdevice.h:4365 [inline]
+ xmit_one net/core/dev.c:3257 [inline]
+ dev_hard_start_xmit+0x607/0xc40 net/core/dev.c:3273
+ __dev_queue_xmit+0x2e42/0x3bc0 net/core/dev.c:3843
+ dev_queue_xmit+0x4b/0x60 net/core/dev.c:3876
+ packet_snd net/packet/af_packet.c:2928 [inline]
+ packet_sendmsg+0x8306/0x8f30 net/packet/af_packet.c:2953
+ sock_sendmsg_nosec net/socket.c:621 [inline]
+ sock_sendmsg net/socket.c:631 [inline]
+ __sys_sendto+0x8c4/0xac0 net/socket.c:1788
+ __do_sys_sendto net/socket.c:1800 [inline]
+ __se_sys_sendto+0x107/0x130 net/socket.c:1796
+ __x64_sys_sendto+0x6e/0x90 net/socket.c:1796
+ do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
+ entry_SYSCALL_64_after_hwframe+0x63/0xe7
+RIP: 0033:0x441889
+Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
+RSP: 002b:00007ffdda6fd468 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
+RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000441889
+RDX: 000000000000000e RSI: 00000000200000c0 RDI: 0000000000000003
+RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000216 R12: 00007ffdda6fd4c0
+R13: 00007ffdda6fd4b0 R14: 0000000000000000 R15: 0000000000000000
+
+Uninit was created at:
+ kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline]
+ kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:158
+ kmsan_kmalloc+0xa6/0x130 mm/kmsan/kmsan_hooks.c:176
+ kmsan_slab_alloc+0xe/0x10 mm/kmsan/kmsan_hooks.c:185
+ slab_post_alloc_hook mm/slab.h:446 [inline]
+ slab_alloc_node mm/slub.c:2759 [inline]
+ __kmalloc_node_track_caller+0xe18/0x1030 mm/slub.c:4383
+ __kmalloc_reserve net/core/skbuff.c:137 [inline]
+ __alloc_skb+0x309/0xa20 net/core/skbuff.c:205
+ alloc_skb include/linux/skbuff.h:998 [inline]
+ alloc_skb_with_frags+0x1c7/0xac0 net/core/skbuff.c:5220
+ sock_alloc_send_pskb+0xafd/0x10e0 net/core/sock.c:2083
+ packet_alloc_skb net/packet/af_packet.c:2781 [inline]
+ packet_snd net/packet/af_packet.c:2872 [inline]
+ packet_sendmsg+0x661a/0x8f30 net/packet/af_packet.c:2953
+ sock_sendmsg_nosec net/socket.c:621 [inline]
+ sock_sendmsg net/socket.c:631 [inline]
+ __sys_sendto+0x8c4/0xac0 net/socket.c:1788
+ __do_sys_sendto net/socket.c:1800 [inline]
+ __se_sys_sendto+0x107/0x130 net/socket.c:1796
+ __x64_sys_sendto+0x6e/0x90 net/socket.c:1796
+ do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
+ entry_SYSCALL_64_after_hwframe+0x63/0xe7
+
+Fixes: 48628bb9419f ("batman-adv: softif bridge loop avoidance")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Cc:	Marek Lindner <mareklindner@neomailbox.ch>
+Cc:	Simon Wunderlich <sw@simonwunderlich.de>
+Cc:	Antonio Quartulli <a@unstable.cc>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/35482922b38bb5f5b03b0e92bc58cec2b7c77cdf
+
+diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
+index d3f540ba2a1388a8aa693a539d01d6a1cad95b44..97e28907a0acbb3d64d8ceebf7b1df13dc396300 100644
+--- a/net/batman-adv/soft-interface.c
++++ b/net/batman-adv/soft-interface.c
+@@ -227,6 +227,8 @@ static int batadv_interface_tx(struct sk_buff *skb,
+ 
+ 	switch (ntohs(ethhdr->h_proto)) {
+ 	case ETH_P_8021Q:
++		if (!pskb_may_pull(skb, sizeof(*vhdr)))
++			goto dropped;
+ 		vhdr = vlan_eth_hdr(skb);
+ 
+ 		/* drop batman-in-batman packets to prevent loops */

batman-adv/patches/0027-batman-adv-Reduce-claim-hash-refcnt-only-for-removed.patch

@@ -0,0 +1,65 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sat, 23 Feb 2019 15:09:04 +0100
+Subject: batman-adv: Reduce claim hash refcnt only for removed entry
+
+The batadv_hash_remove is a function which searches the hashtable for an
+entry using a needle, a hashtable bucket selection function and a compare
+function. It will lock the bucket list and delete an entry when the compare
+function matches it with the needle. It returns the pointer to the
+hlist_node which matches or NULL when no entry matches the needle.
+
+The batadv_bla_del_claim is not itself protected in anyway to avoid that
+any other function is modifying the hashtable between the search for the
+entry and the call to batadv_hash_remove. It can therefore happen that the
+entry either doesn't exist anymore or an entry was deleted which is not the
+same object as the needle. In such an situation, the reference counter (for
+the reference stored in the hashtable) must not be reduced for the needle.
+Instead the reference counter of the actually removed entry has to be
+reduced.
+
+Otherwise the reference counter will underflow and the object might be
+freed before all its references were dropped. The kref helpers reported
+this problem as:
+
+  refcount_t: underflow; use-after-free.
+
+Fixes: a9ce0dc43e2c ("batman-adv: add basic bridge loop avoidance code")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/3a7af70ae7c4209324dbb08b91e013c17108bdd6
+
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
+index 58c093caf49e804c1e11426959d70e79f1729d41..0842080a71f4ac89b3fbebc4b95c6c27d1cc4254 100644
+--- a/net/batman-adv/bridge_loop_avoidance.c
++++ b/net/batman-adv/bridge_loop_avoidance.c
+@@ -803,6 +803,8 @@ static void batadv_bla_del_claim(struct batadv_priv *bat_priv,
+ 				 const u8 *mac, const unsigned short vid)
+ {
+ 	struct batadv_bla_claim search_claim, *claim;
++	struct batadv_bla_claim *claim_removed_entry;
++	struct hlist_node *claim_removed_node;
+ 
+ 	ether_addr_copy(search_claim.addr, mac);
+ 	search_claim.vid = vid;
+@@ -813,10 +815,18 @@ static void batadv_bla_del_claim(struct batadv_priv *bat_priv,
+ 	batadv_dbg(BATADV_DBG_BLA, bat_priv, "%s(): %pM, vid %d\n", __func__,
+ 		   mac, batadv_print_vid(vid));
+ 
+-	batadv_hash_remove(bat_priv->bla.claim_hash, batadv_compare_claim,
+-			   batadv_choose_claim, claim);
+-	batadv_claim_put(claim); /* reference from the hash is gone */
++	claim_removed_node = batadv_hash_remove(bat_priv->bla.claim_hash,
++						batadv_compare_claim,
++						batadv_choose_claim, claim);
++	if (!claim_removed_node)
++		goto free_claim;
+ 
++	/* reference from the hash is gone */
++	claim_removed_entry = hlist_entry(claim_removed_node,
++					  struct batadv_bla_claim, hash_entry);
++	batadv_claim_put(claim_removed_entry);
++
++free_claim:
+ 	/* don't need the reference from hash_find() anymore */
+ 	batadv_claim_put(claim);
+ }

batman-adv/patches/0028-batman-adv-Reduce-tt_local-hash-refcnt-only-for-remo.patch

@@ -0,0 +1,69 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sat, 23 Feb 2019 15:09:05 +0100
+Subject: batman-adv: Reduce tt_local hash refcnt only for removed entry
+
+The batadv_hash_remove is a function which searches the hashtable for an
+entry using a needle, a hashtable bucket selection function and a compare
+function. It will lock the bucket list and delete an entry when the compare
+function matches it with the needle. It returns the pointer to the
+hlist_node which matches or NULL when no entry matches the needle.
+
+The batadv_tt_local_remove is not itself protected in anyway to avoid that
+any other function is modifying the hashtable between the search for the
+entry and the call to batadv_hash_remove. It can therefore happen that the
+entry either doesn't exist anymore or an entry was deleted which is not the
+same object as the needle. In such an situation, the reference counter (for
+the reference stored in the hashtable) must not be reduced for the needle.
+Instead the reference counter of the actually removed entry has to be
+reduced.
+
+Otherwise the reference counter will underflow and the object might be
+freed before all its references were dropped. The kref helpers reported
+this problem as:
+
+  refcount_t: underflow; use-after-free.
+
+Fixes: af912d77181f ("batman-adv: protect tt_local_entry from concurrent delete events")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/0c86a0511e97de502276900c5d6f22b09e042d21
+
+diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
+index 7502cb54c152d06d78c88d9f8fb841cada9f3b5d..d2ecfdbdc64956b238f0554b4c354df9a9e9f26a 100644
+--- a/net/batman-adv/translation-table.c
++++ b/net/batman-adv/translation-table.c
+@@ -1332,9 +1332,10 @@ u16 batadv_tt_local_remove(struct batadv_priv *bat_priv, const u8 *addr,
+ 			   unsigned short vid, const char *message,
+ 			   bool roaming)
+ {
++	struct batadv_tt_local_entry *tt_removed_entry;
+ 	struct batadv_tt_local_entry *tt_local_entry;
+ 	u16 flags, curr_flags = BATADV_NO_FLAGS;
+-	void *tt_entry_exists;
++	struct hlist_node *tt_removed_node;
+ 
+ 	tt_local_entry = batadv_tt_local_hash_find(bat_priv, addr, vid);
+ 	if (!tt_local_entry)
+@@ -1363,15 +1364,18 @@ u16 batadv_tt_local_remove(struct batadv_priv *bat_priv, const u8 *addr,
+ 	 */
+ 	batadv_tt_local_event(bat_priv, tt_local_entry, BATADV_TT_CLIENT_DEL);
+ 
+-	tt_entry_exists = batadv_hash_remove(bat_priv->tt.local_hash,
++	tt_removed_node = batadv_hash_remove(bat_priv->tt.local_hash,
+ 					     batadv_compare_tt,
+ 					     batadv_choose_tt,
+ 					     &tt_local_entry->common);
+-	if (!tt_entry_exists)
++	if (!tt_removed_node)
+ 		goto out;
+ 
+-	/* extra call to free the local tt entry */
+-	batadv_tt_local_entry_put(tt_local_entry);
++	/* drop reference of remove hash entry */
++	tt_removed_entry = hlist_entry(tt_removed_node,
++				       struct batadv_tt_local_entry,
++				       common.hash_entry);
++	batadv_tt_local_entry_put(tt_removed_entry);
+ 
+ out:
+ 	if (tt_local_entry)

batman-adv/patches/0029-batman-adv-Reduce-tt_global-hash-refcnt-only-for-rem.patch

@@ -0,0 +1,66 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sat, 23 Feb 2019 15:09:06 +0100
+Subject: batman-adv: Reduce tt_global hash refcnt only for removed entry
+
+The batadv_hash_remove is a function which searches the hashtable for an
+entry using a needle, a hashtable bucket selection function and a compare
+function. It will lock the bucket list and delete an entry when the compare
+function matches it with the needle. It returns the pointer to the
+hlist_node which matches or NULL when no entry matches the needle.
+
+The batadv_tt_global_free is not itself protected in anyway to avoid that
+any other function is modifying the hashtable between the search for the
+entry and the call to batadv_hash_remove. It can therefore happen that the
+entry either doesn't exist anymore or an entry was deleted which is not the
+same object as the needle. In such an situation, the reference counter (for
+the reference stored in the hashtable) must not be reduced for the needle.
+Instead the reference counter of the actually removed entry has to be
+reduced.
+
+Otherwise the reference counter will underflow and the object might be
+freed before all its references were dropped. The kref helpers reported
+this problem as:
+
+  refcount_t: underflow; use-after-free.
+
+Fixes: 7bad46397eff ("batman-adv: protect the local and the global trans-tables with rcu")
+Reported-by: Martin Weinelt <martin@linuxlounge.net>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Antonio Quartulli <a@unstable.cc>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/bd6df24da0063fe50828c287d05bdc1876f4f6cc
+
+diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
+index d2ecfdbdc64956b238f0554b4c354df9a9e9f26a..554fd886e652c7c206ff43a5627d342ccbcc2123 100644
+--- a/net/batman-adv/translation-table.c
++++ b/net/batman-adv/translation-table.c
+@@ -616,14 +616,26 @@ static void batadv_tt_global_free(struct batadv_priv *bat_priv,
+ 				  struct batadv_tt_global_entry *tt_global,
+ 				  const char *message)
+ {
++	struct batadv_tt_global_entry *tt_removed_entry;
++	struct hlist_node *tt_removed_node;
++
+ 	batadv_dbg(BATADV_DBG_TT, bat_priv,
+ 		   "Deleting global tt entry %pM (vid: %d): %s\n",
+ 		   tt_global->common.addr,
+ 		   batadv_print_vid(tt_global->common.vid), message);
+ 
+-	batadv_hash_remove(bat_priv->tt.global_hash, batadv_compare_tt,
+-			   batadv_choose_tt, &tt_global->common);
+-	batadv_tt_global_entry_put(tt_global);
++	tt_removed_node = batadv_hash_remove(bat_priv->tt.global_hash,
++					     batadv_compare_tt,
++					     batadv_choose_tt,
++					     &tt_global->common);
++	if (!tt_removed_node)
++		return;
++
++	/* drop reference of remove hash entry */
++	tt_removed_entry = hlist_entry(tt_removed_node,
++				       struct batadv_tt_global_entry,
++				       common.hash_entry);
++	batadv_tt_global_entry_put(tt_removed_entry);
+ }
+ 
+ /**

batman-adv/patches/0030-batman-adv-mcast-fix-multicast-tt-tvlv-worker-lockin.patch

@@ -0,0 +1,103 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Wed, 24 Apr 2019 03:19:14 +0200
+Subject: batman-adv: mcast: fix multicast tt/tvlv worker locking
+
+Syzbot has reported some issues with the locking assumptions made for
+the multicast tt/tvlv worker: It was able to trigger the WARN_ON() in
+batadv_mcast_mla_tt_retract() and batadv_mcast_mla_tt_add().
+While hard/not reproduceable for us so far it seems that the
+delayed_work_pending() we use might not be quite safe from reordering.
+
+Therefore this patch adds an explicit, new spinlock to protect the
+update of the mla_list and flags in bat_priv and then removes the
+WARN_ON(delayed_work_pending()).
+
+Reported-by: syzbot+83f2d54ec6b7e417e13f@syzkaller.appspotmail.com
+Reported-by: syzbot+050927a651272b145a5d@syzkaller.appspotmail.com
+Reported-by: syzbot+979ffc89b87309b1b94b@syzkaller.appspotmail.com
+Reported-by: syzbot+f9f3f388440283da2965@syzkaller.appspotmail.com
+Fixes: 40b384052672 ("batman-adv: Use own timer for multicast TT and TVLV updates")
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/b736cf8119cfbc9d95fef90c8832fdec6e8f29c7
+
+diff --git a/net/batman-adv/main.c b/net/batman-adv/main.c
+index 53b329d24461819b4cf0d4118cfa5b0eb8d7261b..0286c651468443197434ccf0fcf25aaa66a0c7e9 100644
+--- a/net/batman-adv/main.c
++++ b/net/batman-adv/main.c
+@@ -160,6 +160,7 @@ int batadv_mesh_init(struct net_device *soft_iface)
+ 	spin_lock_init(&bat_priv->tt.commit_lock);
+ 	spin_lock_init(&bat_priv->gw.list_lock);
+ #ifdef CONFIG_BATMAN_ADV_MCAST
++	spin_lock_init(&bat_priv->mcast.mla_lock);
+ 	spin_lock_init(&bat_priv->mcast.want_lists_lock);
+ #endif
+ 	spin_lock_init(&bat_priv->tvlv.container_list_lock);
+diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c
+index a35f597e8c8bf4f15ad0f01aff29849d2bebe36f..39640d3d6fbdf8244344db6e79f2d769eb0972d9 100644
+--- a/net/batman-adv/multicast.c
++++ b/net/batman-adv/multicast.c
+@@ -325,8 +325,6 @@ static void batadv_mcast_mla_list_free(struct hlist_head *mcast_list)
+  * translation table except the ones listed in the given mcast_list.
+  *
+  * If mcast_list is NULL then all are retracted.
+- *
+- * Do not call outside of the mcast worker! (or cancel mcast worker first)
+  */
+ static void batadv_mcast_mla_tt_retract(struct batadv_priv *bat_priv,
+ 					struct hlist_head *mcast_list)
+@@ -334,8 +332,6 @@ static void batadv_mcast_mla_tt_retract(struct batadv_priv *bat_priv,
+ 	struct batadv_hw_addr *mcast_entry;
+ 	struct hlist_node *tmp;
+ 
+-	WARN_ON(delayed_work_pending(&bat_priv->mcast.work));
+-
+ 	hlist_for_each_entry_safe(mcast_entry, tmp, &bat_priv->mcast.mla_list,
+ 				  list) {
+ 		if (mcast_list &&
+@@ -359,8 +355,6 @@ static void batadv_mcast_mla_tt_retract(struct batadv_priv *bat_priv,
+  *
+  * Adds multicast listener announcements from the given mcast_list to the
+  * translation table if they have not been added yet.
+- *
+- * Do not call outside of the mcast worker! (or cancel mcast worker first)
+  */
+ static void batadv_mcast_mla_tt_add(struct batadv_priv *bat_priv,
+ 				    struct hlist_head *mcast_list)
+@@ -368,8 +362,6 @@ static void batadv_mcast_mla_tt_add(struct batadv_priv *bat_priv,
+ 	struct batadv_hw_addr *mcast_entry;
+ 	struct hlist_node *tmp;
+ 
+-	WARN_ON(delayed_work_pending(&bat_priv->mcast.work));
+-
+ 	if (!mcast_list)
+ 		return;
+ 
+@@ -658,7 +650,10 @@ static void batadv_mcast_mla_update(struct work_struct *work)
+ 	priv_mcast = container_of(delayed_work, struct batadv_priv_mcast, work);
+ 	bat_priv = container_of(priv_mcast, struct batadv_priv, mcast);
+ 
++	spin_lock(&bat_priv->mcast.mla_lock);
+ 	__batadv_mcast_mla_update(bat_priv);
++	spin_unlock(&bat_priv->mcast.mla_lock);
++
+ 	batadv_mcast_start_timer(bat_priv);
+ }
+ 
+diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
+index 476b052ad9824d4cbcd6218dce40b603e3400fd2..6d07898d8d1a21007b3e68d5d2511b478110f659 100644
+--- a/net/batman-adv/types.h
++++ b/net/batman-adv/types.h
+@@ -1215,6 +1215,11 @@ struct batadv_priv_mcast {
+ 	/** @num_disabled: number of nodes that have no mcast tvlv */
+ 	atomic_t num_disabled;
+ 
++	/**
++	 * @mla_lock: a lock protecting mla_list and mla_flags
++	 */
++	spinlock_t mla_lock;
++
+ 	/**
+ 	 * @num_want_all_unsnoopables: number of nodes wanting unsnoopable IP
+ 	 *  traffic

batman-adv/patches/0031-batman-adv-fix-for-leaked-TVLV-handler.patch

@@ -0,0 +1,28 @@
+From: Jeremy Sowden <jeremy@azazel.net>
+Date: Tue, 21 May 2019 20:58:57 +0100
+Subject: batman-adv: fix for leaked TVLV handler.
+
+A handler for BATADV_TVLV_ROAM was being registered when the
+translation-table was initialized, but not unregistered when the
+translation-table was freed.  Unregister it.
+
+Fixes: 3de4e64df0f1 ("batman-adv: tvlv - convert roaming adv packet to use tvlv unicast packets")
+Reported-by: syzbot+d454a826e670502484b8@syzkaller.appspotmail.com
+Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
+Signed-off-by: Sven Eckelmann <sven@narfation.org
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/87445d81c360a5f9833546114e98ffd2c1fd3a4d
+
+diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
+index 554fd886e652c7c206ff43a5627d342ccbcc2123..c29aadc5bd8b2020ba67779c517cc1e4ea9f6569 100644
+--- a/net/batman-adv/translation-table.c
++++ b/net/batman-adv/translation-table.c
+@@ -3821,6 +3821,8 @@ static void batadv_tt_purge(struct work_struct *work)
+  */
+ void batadv_tt_free(struct batadv_priv *bat_priv)
+ {
++	batadv_tvlv_handler_unregister(bat_priv, BATADV_TVLV_ROAM, 1);
++
+ 	batadv_tvlv_container_unregister(bat_priv, BATADV_TVLV_TT, 1);
+ 	batadv_tvlv_handler_unregister(bat_priv, BATADV_TVLV_TT, 1);
+ 

batman-adv/patches/0032-batman-adv-Fix-duplicated-OGMs-on-NETDEV_UP.patch

@@ -0,0 +1,77 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sun, 2 Jun 2019 10:57:31 +0200
+Subject: batman-adv: Fix duplicated OGMs on NETDEV_UP
+
+The state of slave interfaces are handled differently depending on whether
+the interface is up or not. All active interfaces (IFF_UP) will transmit
+OGMs. But for B.A.T.M.A.N. IV, also non-active interfaces are scheduling
+(low TTL) OGMs on active interfaces. The code which setups and schedules
+the OGMs must therefore already be called when the interfaces gets added as
+slave interface and the transmit function must then check whether it has to
+send out the OGM or not on the specific slave interface.
+
+But the commit 0d8468553c3c ("batman-adv: remove ogm_emit and ogm_schedule
+API calls") moved the setup code from the enable function to the activate
+function. The latter is called either when the added slave was already up
+when batadv_hardif_enable_interface processed the new interface or when a
+NETDEV_UP event was received for this slave interfac. As result, each
+NETDEV_UP would schedule a new OGM worker for the interface and thus OGMs
+would be send a lot more than expected.
+
+Fixes: 0d8468553c3c ("batman-adv: remove ogm_emit and ogm_schedule API calls")
+Reported-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/c92331e0df3c0c5645ee5a897eb018c5da5e4aa5
+
+diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
+index 73bf6a93a3cf1141a34657bf1284893199e04db9..0b7b36fa0d5cd440ddef141ad27acfe7b20aee43 100644
+--- a/net/batman-adv/bat_iv_ogm.c
++++ b/net/batman-adv/bat_iv_ogm.c
+@@ -2485,7 +2485,7 @@ batadv_iv_ogm_neigh_is_sob(struct batadv_neigh_node *neigh1,
+ 	return ret;
+ }
+ 
+-static void batadv_iv_iface_activate(struct batadv_hard_iface *hard_iface)
++static void batadv_iv_iface_enabled(struct batadv_hard_iface *hard_iface)
+ {
+ 	/* begin scheduling originator messages on that interface */
+ 	batadv_iv_ogm_schedule(hard_iface);
+@@ -2825,8 +2825,8 @@ static void batadv_iv_gw_dump(struct sk_buff *msg, struct netlink_callback *cb,
+ static struct batadv_algo_ops batadv_batman_iv __read_mostly = {
+ 	.name = "BATMAN_IV",
+ 	.iface = {
+-		.activate = batadv_iv_iface_activate,
+ 		.enable = batadv_iv_ogm_iface_enable,
++		.enabled = batadv_iv_iface_enabled,
+ 		.disable = batadv_iv_ogm_iface_disable,
+ 		.update_mac = batadv_iv_ogm_iface_update_mac,
+ 		.primary_set = batadv_iv_ogm_primary_iface_set,
+diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
+index 08690d06b7be2b25ca3f009394763c7083c70644..36f0962040d16af4f9ed82629ff03ce85c83ed57 100644
+--- a/net/batman-adv/hard-interface.c
++++ b/net/batman-adv/hard-interface.c
+@@ -821,6 +821,9 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface,
+ 
+ 	batadv_hardif_recalc_extra_skbroom(soft_iface);
+ 
++	if (bat_priv->algo_ops->iface.enabled)
++		bat_priv->algo_ops->iface.enabled(hard_iface);
++
+ out:
+ 	return 0;
+ 
+diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
+index 6d07898d8d1a21007b3e68d5d2511b478110f659..86f37db7dd01592aff95ada5ba5441667971e1bc 100644
+--- a/net/batman-adv/types.h
++++ b/net/batman-adv/types.h
+@@ -2126,6 +2126,9 @@ struct batadv_algo_iface_ops {
+ 	/** @enable: init routing info when hard-interface is enabled */
+ 	int (*enable)(struct batadv_hard_iface *hard_iface);
+ 
++	/** @enabled: notification when hard-interface was enabled (optional) */
++	void (*enabled)(struct batadv_hard_iface *hard_iface);
++
+ 	/** @disable: de-init routing info when hard-interface is disabled */
+ 	void (*disable)(struct batadv_hard_iface *hard_iface);
+ 

batman-adv/patches/0033-batman-adv-fix-uninit-value-in-batadv_netlink_get_if.patch

@@ -0,0 +1,58 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Mon, 12 Aug 2019 04:57:27 -0700
+Subject: batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
+
+batadv_netlink_get_ifindex() needs to make sure user passed
+a correct u32 attribute.
+
+syzbot reported :
+BUG: KMSAN: uninit-value in batadv_netlink_dump_hardif+0x70d/0x880 net/batman-adv/netlink.c:968
+CPU: 1 PID: 11705 Comm: syz-executor888 Not tainted 5.1.0+ #1
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:77 [inline]
+ dump_stack+0x191/0x1f0 lib/dump_stack.c:113
+ kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
+ __msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
+ batadv_netlink_dump_hardif+0x70d/0x880 net/batman-adv/netlink.c:968
+ genl_lock_dumpit+0xc6/0x130 net/netlink/genetlink.c:482
+ netlink_dump+0xa84/0x1ab0 net/netlink/af_netlink.c:2253
+ __netlink_dump_start+0xa3a/0xb30 net/netlink/af_netlink.c:2361
+ genl_family_rcv_msg net/netlink/genetlink.c:550 [inline]
+ genl_rcv_msg+0xfc1/0x1a40 net/netlink/genetlink.c:627
+ netlink_rcv_skb+0x431/0x620 net/netlink/af_netlink.c:2486
+ genl_rcv+0x63/0x80 net/netlink/genetlink.c:638
+ netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline]
+ netlink_unicast+0xf3e/0x1020 net/netlink/af_netlink.c:1337
+ netlink_sendmsg+0x127e/0x12f0 net/netlink/af_netlink.c:1926
+ sock_sendmsg_nosec net/socket.c:651 [inline]
+ sock_sendmsg net/socket.c:661 [inline]
+ ___sys_sendmsg+0xcc6/0x1200 net/socket.c:2260
+ __sys_sendmsg net/socket.c:2298 [inline]
+ __do_sys_sendmsg net/socket.c:2307 [inline]
+ __se_sys_sendmsg+0x305/0x460 net/socket.c:2305
+ __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2305
+ do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
+ entry_SYSCALL_64_after_hwframe+0x63/0xe7
+RIP: 0033:0x440209
+
+Fixes: 55d368c3a57e ("batman-adv: netlink: hardif query")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/9b470b8a2b9ef4ce68d6e95febd3a0574be1ac14
+
+diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c
+index 0d9459b69bdb812b1b68e28e6b68fec8ec95df2d..c32820963b8e706b4cdde10d46ec582bc51ec4eb 100644
+--- a/net/batman-adv/netlink.c
++++ b/net/batman-adv/netlink.c
+@@ -118,7 +118,7 @@ batadv_netlink_get_ifindex(const struct nlmsghdr *nlh, int attrtype)
+ {
+ 	struct nlattr *attr = nlmsg_find_attr(nlh, GENL_HDRLEN, attrtype);
+ 
+-	return attr ? nla_get_u32(attr) : 0;
++	return (attr && nla_len(attr) == sizeof(u32)) ? nla_get_u32(attr) : 0;
+ }
+ 
+ /**

batman-adv/patches/0034-batman-adv-Only-read-OGM-tvlv_len-after-buffer-len-c.patch

@@ -0,0 +1,74 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Fri, 23 Aug 2019 14:34:27 +0200
+Subject: batman-adv: Only read OGM tvlv_len after buffer len check
+
+Multiple batadv_ogm_packet can be stored in an skbuff. The functions
+batadv_iv_ogm_send_to_if()/batadv_iv_ogm_receive() use
+batadv_iv_ogm_aggr_packet() to check if there is another additional
+batadv_ogm_packet in the skb or not before they continue processing the
+packet.
+
+The length for such an OGM is BATADV_OGM_HLEN +
+batadv_ogm_packet->tvlv_len. The check must first check that at least
+BATADV_OGM_HLEN bytes are available before it accesses tvlv_len (which is
+part of the header. Otherwise it might try read outside of the currently
+available skbuff to get the content of tvlv_len.
+
+Fixes: 0b6aa0d43767 ("batman-adv: tvlv - basic infrastructure")
+Reported-by: syzbot+355cab184197dbbfa384@syzkaller.appspotmail.com
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Antonio Quartulli <a@unstable.cc>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/07b6051ebcfaa7ea89b4f278eca2ff4070d29e56
+
+diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
+index 0b7b36fa0d5cd440ddef141ad27acfe7b20aee43..36f244125d24c800d35249af7639d39a516588d4 100644
+--- a/net/batman-adv/bat_iv_ogm.c
++++ b/net/batman-adv/bat_iv_ogm.c
+@@ -463,17 +463,23 @@ static u8 batadv_hop_penalty(u8 tq, const struct batadv_priv *bat_priv)
+  * batadv_iv_ogm_aggr_packet() - checks if there is another OGM attached
+  * @buff_pos: current position in the skb
+  * @packet_len: total length of the skb
+- * @tvlv_len: tvlv length of the previously considered OGM
++ * @ogm_packet: potential OGM in buffer
+  *
+  * Return: true if there is enough space for another OGM, false otherwise.
+  */
+-static bool batadv_iv_ogm_aggr_packet(int buff_pos, int packet_len,
+-				      __be16 tvlv_len)
++static bool
++batadv_iv_ogm_aggr_packet(int buff_pos, int packet_len,
++			  const struct batadv_ogm_packet *ogm_packet)
+ {
+ 	int next_buff_pos = 0;
+ 
+-	next_buff_pos += buff_pos + BATADV_OGM_HLEN;
+-	next_buff_pos += ntohs(tvlv_len);
++	/* check if there is enough space for the header */
++	next_buff_pos += buff_pos + sizeof(*ogm_packet);
++	if (next_buff_pos > packet_len)
++		return false;
++
++	/* check if there is enough space for the optional TVLV */
++	next_buff_pos += ntohs(ogm_packet->tvlv_len);
+ 
+ 	return (next_buff_pos <= packet_len) &&
+ 	       (next_buff_pos <= BATADV_MAX_AGGREGATION_BYTES);
+@@ -501,7 +507,7 @@ static void batadv_iv_ogm_send_to_if(struct batadv_forw_packet *forw_packet,
+ 
+ 	/* adjust all flags and log packets */
+ 	while (batadv_iv_ogm_aggr_packet(buff_pos, forw_packet->packet_len,
+-					 batadv_ogm_packet->tvlv_len)) {
++					 batadv_ogm_packet)) {
+ 		/* we might have aggregated direct link packets with an
+ 		 * ordinary base packet
+ 		 */
+@@ -1852,7 +1858,7 @@ static int batadv_iv_ogm_receive(struct sk_buff *skb,
+ 
+ 	/* unpack the aggregated packets and process them one by one */
+ 	while (batadv_iv_ogm_aggr_packet(ogm_offset, skb_headlen(skb),
+-					 ogm_packet->tvlv_len)) {
++					 ogm_packet)) {
+ 		batadv_iv_ogm_process(skb, ogm_offset, if_incoming);
+ 
+ 		ogm_offset += BATADV_OGM_HLEN;

batman-adv/patches/0035-batman-adv-Only-read-OGM2-tvlv_len-after-buffer-len-.patch

@@ -0,0 +1,62 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Fri, 23 Aug 2019 14:34:28 +0200
+Subject: batman-adv: Only read OGM2 tvlv_len after buffer len check
+
+Multiple batadv_ogm2_packet can be stored in an skbuff. The functions
+batadv_v_ogm_send_to_if() uses batadv_v_ogm_aggr_packet() to check if there
+is another additional batadv_ogm2_packet in the skb or not before they
+continue processing the packet.
+
+The length for such an OGM2 is BATADV_OGM2_HLEN +
+batadv_ogm2_packet->tvlv_len. The check must first check that at least
+BATADV_OGM2_HLEN bytes are available before it accesses tvlv_len (which is
+part of the header. Otherwise it might try read outside of the currently
+available skbuff to get the content of tvlv_len.
+
+Fixes: 667996ebeab4 ("batman-adv: OGMv2 - implement originators logic")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/18f77da3761c5550f42a2d131f0fe5cac62e022d
+
+diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c
+index 2948b41b06d47c0ee32649fa410b323f39c36151..d241ccc0ca0278173853512c8aa4bfb8b041f996 100644
+--- a/net/batman-adv/bat_v_ogm.c
++++ b/net/batman-adv/bat_v_ogm.c
+@@ -643,17 +643,23 @@ batadv_v_ogm_process_per_outif(struct batadv_priv *bat_priv,
+  * batadv_v_ogm_aggr_packet() - checks if there is another OGM aggregated
+  * @buff_pos: current position in the skb
+  * @packet_len: total length of the skb
+- * @tvlv_len: tvlv length of the previously considered OGM
++ * @ogm2_packet: potential OGM2 in buffer
+  *
+  * Return: true if there is enough space for another OGM, false otherwise.
+  */
+-static bool batadv_v_ogm_aggr_packet(int buff_pos, int packet_len,
+-				     __be16 tvlv_len)
++static bool
++batadv_v_ogm_aggr_packet(int buff_pos, int packet_len,
++			 const struct batadv_ogm2_packet *ogm2_packet)
+ {
+ 	int next_buff_pos = 0;
+ 
+-	next_buff_pos += buff_pos + BATADV_OGM2_HLEN;
+-	next_buff_pos += ntohs(tvlv_len);
++	/* check if there is enough space for the header */
++	next_buff_pos += buff_pos + sizeof(*ogm2_packet);
++	if (next_buff_pos > packet_len)
++		return false;
++
++	/* check if there is enough space for the optional TVLV */
++	next_buff_pos += ntohs(ogm2_packet->tvlv_len);
+ 
+ 	return (next_buff_pos <= packet_len) &&
+ 	       (next_buff_pos <= BATADV_MAX_AGGREGATION_BYTES);
+@@ -830,7 +836,7 @@ int batadv_v_ogm_packet_recv(struct sk_buff *skb,
+ 	ogm_packet = (struct batadv_ogm2_packet *)skb->data;
+ 
+ 	while (batadv_v_ogm_aggr_packet(ogm_offset, skb_headlen(skb),
+-					ogm_packet->tvlv_len)) {
++					ogm_packet)) {
+ 		batadv_v_ogm_process(skb, ogm_offset, if_incoming);
+ 
+ 		ogm_offset += BATADV_OGM2_HLEN;

batman-adv/patches/0036-batman-adv-Avoid-free-alloc-race-when-handling-OGM2-.patch

@@ -0,0 +1,119 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Thu, 3 Oct 2019 17:02:01 +0200
+Subject: batman-adv: Avoid free/alloc race when handling OGM2 buffer
+
+A B.A.T.M.A.N. V virtual interface has an OGM2 packet buffer which is
+initialized using data from the RTNL lock protected netdevice notifier and
+other rtnetlink related hooks. It is sent regularly via various slave
+interfaces of the batadv virtual interface and in this process also
+modified (realloced) to integrate additional state information via TVLV
+containers.
+
+It must be avoided that the worker item is executed without a common lock
+with the netdevice notifier/rtnetlink helpers. Otherwise it can either
+happen that half modified data is sent out or the functions modifying the
+OGM2 buffer try to access already freed memory regions.
+
+Fixes: 632835348e65 ("batman-adv: OGMv2 - add basic infrastructure")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/14ee24576213ff02272b7f8d975c7c61d5448aa2
+
+diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c
+index d241ccc0ca0278173853512c8aa4bfb8b041f996..a9f949501ff3c354d38e3ad333901310391f27d8 100644
+--- a/net/batman-adv/bat_v_ogm.c
++++ b/net/batman-adv/bat_v_ogm.c
+@@ -33,6 +33,7 @@
+ #include <linux/random.h>
+ #include <linux/rculist.h>
+ #include <linux/rcupdate.h>
++#include <linux/rtnetlink.h>
+ #include <linux/skbuff.h>
+ #include <linux/slab.h>
+ #include <linux/stddef.h>
+@@ -128,14 +129,12 @@ static void batadv_v_ogm_send_to_if(struct sk_buff *skb,
+ }
+ 
+ /**
+- * batadv_v_ogm_send() - periodic worker broadcasting the own OGM
+- * @work: work queue item
++ * batadv_v_ogm_send_softif() - periodic worker broadcasting the own OGM
++ * @bat_priv: the bat priv with all the soft interface information
+  */
+-static void batadv_v_ogm_send(struct work_struct *work)
++static void batadv_v_ogm_send_softif(struct batadv_priv *bat_priv)
+ {
+ 	struct batadv_hard_iface *hard_iface;
+-	struct batadv_priv_bat_v *bat_v;
+-	struct batadv_priv *bat_priv;
+ 	struct batadv_ogm2_packet *ogm_packet;
+ 	struct sk_buff *skb, *skb_tmp;
+ 	unsigned char *ogm_buff;
+@@ -143,8 +142,7 @@ static void batadv_v_ogm_send(struct work_struct *work)
+ 	u16 tvlv_len = 0;
+ 	int ret;
+ 
+-	bat_v = container_of(work, struct batadv_priv_bat_v, ogm_wq.work);
+-	bat_priv = container_of(bat_v, struct batadv_priv, bat_v);
++	ASSERT_RTNL();
+ 
+ 	if (atomic_read(&bat_priv->mesh_state) == BATADV_MESH_DEACTIVATING)
+ 		goto out;
+@@ -235,6 +233,22 @@ static void batadv_v_ogm_send(struct work_struct *work)
+ 	return;
+ }
+ 
++/**
++ * batadv_v_ogm_send() - periodic worker broadcasting the own OGM
++ * @work: work queue item
++ */
++static void batadv_v_ogm_send(struct work_struct *work)
++{
++	struct batadv_priv_bat_v *bat_v;
++	struct batadv_priv *bat_priv;
++
++	rtnl_lock();
++	bat_v = container_of(work, struct batadv_priv_bat_v, ogm_wq.work);
++	bat_priv = container_of(bat_v, struct batadv_priv, bat_v);
++	batadv_v_ogm_send_softif(bat_priv);
++	rtnl_unlock();
++}
++
+ /**
+  * batadv_v_ogm_iface_enable() - prepare an interface for B.A.T.M.A.N. V
+  * @hard_iface: the interface to prepare
+@@ -261,6 +275,8 @@ void batadv_v_ogm_primary_iface_set(struct batadv_hard_iface *primary_iface)
+ 	struct batadv_priv *bat_priv = netdev_priv(primary_iface->soft_iface);
+ 	struct batadv_ogm2_packet *ogm_packet;
+ 
++	ASSERT_RTNL();
++
+ 	if (!bat_priv->bat_v.ogm_buff)
+ 		return;
+ 
+@@ -869,6 +885,8 @@ int batadv_v_ogm_init(struct batadv_priv *bat_priv)
+ 	unsigned char *ogm_buff;
+ 	u32 random_seqno;
+ 
++	ASSERT_RTNL();
++
+ 	bat_priv->bat_v.ogm_buff_len = BATADV_OGM2_HLEN;
+ 	ogm_buff = kzalloc(bat_priv->bat_v.ogm_buff_len, GFP_ATOMIC);
+ 	if (!ogm_buff)
+diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
+index 86f37db7dd01592aff95ada5ba5441667971e1bc..3392198ff146ba77d320104663e97ab21559d556 100644
+--- a/net/batman-adv/types.h
++++ b/net/batman-adv/types.h
+@@ -1479,10 +1479,10 @@ struct batadv_softif_vlan {
+  * struct batadv_priv_bat_v - B.A.T.M.A.N. V per soft-interface private data
+  */
+ struct batadv_priv_bat_v {
+-	/** @ogm_buff: buffer holding the OGM packet */
++	/** @ogm_buff: buffer holding the OGM packet. rtnl protected */
+ 	unsigned char *ogm_buff;
+ 
+-	/** @ogm_buff_len: length of the OGM packet buffer */
++	/** @ogm_buff_len: length of the OGM packet buffer. rtnl protected */
+ 	int ogm_buff_len;
+ 
+ 	/** @ogm_seqno: OGM sequence number - used to identify each OGM */

batman-adv/patches/0037-batman-adv-Avoid-free-alloc-race-when-handling-OGM-b.patch

@@ -0,0 +1,136 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Thu, 3 Oct 2019 17:02:01 +0200
+Subject: batman-adv: Avoid free/alloc race when handling OGM buffer
+
+Each slave interface of an B.A.T.M.A.N. IV virtual interface has an OGM
+packet buffer which is initialized using data from the RTNL lock protected
+netdevice notifier and other rtnetlink related hooks. It is sent regularly
+via various slave interfaces of the batadv virtual interface and in this
+process also modified (realloced) to integrate additional state information
+via TVLV containers.
+
+It must be avoided that the worker item is executed without a common lock
+with the netdevice notifier/rtnetlink helpers. Otherwise it can either
+happen that half modified/freed data is sent out or functions modifying the
+OGM buffer try to access already freed memory regions.
+
+Reported-by: syzbot+0cc629f19ccb8534935b@syzkaller.appspotmail.com
+Fixes: ea6f8d42a595 ("batman-adv: move /proc interface handling to /sys")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/9b8ceef26c697d0c8319748428944c3339a498dc
+
+diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
+index 36f244125d24c800d35249af7639d39a516588d4..5b2ef12cfabb24ccbe2c1848cfff4d1ded9bd0b0 100644
+--- a/net/batman-adv/bat_iv_ogm.c
++++ b/net/batman-adv/bat_iv_ogm.c
+@@ -42,6 +42,7 @@
+ #include <linux/random.h>
+ #include <linux/rculist.h>
+ #include <linux/rcupdate.h>
++#include <linux/rtnetlink.h>
+ #include <linux/seq_file.h>
+ #include <linux/skbuff.h>
+ #include <linux/slab.h>
+@@ -379,6 +380,8 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
+ 	unsigned char *ogm_buff;
+ 	u32 random_seqno;
+ 
++	ASSERT_RTNL();
++
+ 	/* randomize initial seqno to avoid collision */
+ 	get_random_bytes(&random_seqno, sizeof(random_seqno));
+ 	atomic_set(&hard_iface->bat_iv.ogm_seqno, random_seqno);
+@@ -403,6 +406,8 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
+ 
+ static void batadv_iv_ogm_iface_disable(struct batadv_hard_iface *hard_iface)
+ {
++	ASSERT_RTNL();
++
+ 	kfree(hard_iface->bat_iv.ogm_buff);
+ 	hard_iface->bat_iv.ogm_buff = NULL;
+ }
+@@ -412,6 +417,8 @@ static void batadv_iv_ogm_iface_update_mac(struct batadv_hard_iface *hard_iface)
+ 	struct batadv_ogm_packet *batadv_ogm_packet;
+ 	unsigned char *ogm_buff = hard_iface->bat_iv.ogm_buff;
+ 
++	ASSERT_RTNL();
++
+ 	batadv_ogm_packet = (struct batadv_ogm_packet *)ogm_buff;
+ 	ether_addr_copy(batadv_ogm_packet->orig,
+ 			hard_iface->net_dev->dev_addr);
+@@ -425,6 +432,8 @@ batadv_iv_ogm_primary_iface_set(struct batadv_hard_iface *hard_iface)
+ 	struct batadv_ogm_packet *batadv_ogm_packet;
+ 	unsigned char *ogm_buff = hard_iface->bat_iv.ogm_buff;
+ 
++	ASSERT_RTNL();
++
+ 	batadv_ogm_packet = (struct batadv_ogm_packet *)ogm_buff;
+ 	batadv_ogm_packet->ttl = BATADV_TTL;
+ }
+@@ -935,6 +944,8 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
+ 	u16 tvlv_len = 0;
+ 	unsigned long send_time;
+ 
++	ASSERT_RTNL();
++
+ 	if (hard_iface->if_status == BATADV_IF_NOT_IN_USE ||
+ 	    hard_iface->if_status == BATADV_IF_TO_BE_REMOVED)
+ 		return;
+@@ -1791,16 +1802,12 @@ static void batadv_iv_ogm_process(const struct sk_buff *skb, int ogm_offset,
+ 	batadv_orig_node_put(orig_node);
+ }
+ 
+-static void batadv_iv_send_outstanding_bat_ogm_packet(struct work_struct *work)
++static void
++batadv_iv_send_outstanding_forw_packet(struct batadv_forw_packet *forw_packet)
+ {
+-	struct delayed_work *delayed_work;
+-	struct batadv_forw_packet *forw_packet;
+ 	struct batadv_priv *bat_priv;
+ 	bool dropped = false;
+ 
+-	delayed_work = to_delayed_work(work);
+-	forw_packet = container_of(delayed_work, struct batadv_forw_packet,
+-				   delayed_work);
+ 	bat_priv = netdev_priv(forw_packet->if_incoming->soft_iface);
+ 
+ 	if (atomic_read(&bat_priv->mesh_state) == BATADV_MESH_DEACTIVATING) {
+@@ -1829,6 +1836,20 @@ static void batadv_iv_send_outstanding_bat_ogm_packet(struct work_struct *work)
+ 		batadv_forw_packet_free(forw_packet, dropped);
+ }
+ 
++static void batadv_iv_send_outstanding_bat_ogm_packet(struct work_struct *work)
++{
++	struct delayed_work *delayed_work;
++	struct batadv_forw_packet *forw_packet;
++
++	delayed_work = to_delayed_work(work);
++	forw_packet = container_of(delayed_work, struct batadv_forw_packet,
++				   delayed_work);
++
++	rtnl_lock();
++	batadv_iv_send_outstanding_forw_packet(forw_packet);
++	rtnl_unlock();
++}
++
+ static int batadv_iv_ogm_receive(struct sk_buff *skb,
+ 				 struct batadv_hard_iface *if_incoming)
+ {
+diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
+index 3392198ff146ba77d320104663e97ab21559d556..49e4e6cb506f192e85e96e8b3e68be3fdc2dca57 100644
+--- a/net/batman-adv/types.h
++++ b/net/batman-adv/types.h
+@@ -82,10 +82,10 @@ enum batadv_dhcp_recipient {
+  * struct batadv_hard_iface_bat_iv - per hard-interface B.A.T.M.A.N. IV data
+  */
+ struct batadv_hard_iface_bat_iv {
+-	/** @ogm_buff: buffer holding the OGM packet */
++	/** @ogm_buff: buffer holding the OGM packet. rtnl protected */
+ 	unsigned char *ogm_buff;
+ 
+-	/** @ogm_buff_len: length of the OGM packet buffer */
++	/** @ogm_buff_len: length of the OGM packet buffer. rtnl protected */
+ 	int ogm_buff_len;
+ 
+ 	/** @ogm_seqno: OGM sequence number - used to identify each OGM */

batman-adv/patches/0038-batman-adv-Introduce-own-OGM2-buffer-mutex.patch

@@ -0,0 +1,138 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sun, 13 Oct 2019 21:03:06 +0200
+Subject: batman-adv: Introduce own OGM2 buffer mutex
+
+Only a single function is currently automatically locked by the rtnl_lock
+because (unlike B.A.T.M.A.N. IV) the OGM2 buffer is independent of the hard
+interfaces on which it will be transmitted. A private mutex can be used
+instead to avoid unnecessary delays which would have been introduced by the
+global lock.
+
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/8069c581f9097f1f9398f2d49047a1dab8093821
+
+diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c
+index a9f949501ff3c354d38e3ad333901310391f27d8..bf9ea404abe7cbe1dd2113881856cd35b718b7d1 100644
+--- a/net/batman-adv/bat_v_ogm.c
++++ b/net/batman-adv/bat_v_ogm.c
+@@ -29,11 +29,12 @@
+ #include <linux/kernel.h>
+ #include <linux/kref.h>
+ #include <linux/list.h>
++#include <linux/lockdep.h>
++#include <linux/mutex.h>
+ #include <linux/netdevice.h>
+ #include <linux/random.h>
+ #include <linux/rculist.h>
+ #include <linux/rcupdate.h>
+-#include <linux/rtnetlink.h>
+ #include <linux/skbuff.h>
+ #include <linux/slab.h>
+ #include <linux/stddef.h>
+@@ -142,7 +143,7 @@ static void batadv_v_ogm_send_softif(struct batadv_priv *bat_priv)
+ 	u16 tvlv_len = 0;
+ 	int ret;
+ 
+-	ASSERT_RTNL();
++	lockdep_assert_held(&bat_priv->bat_v.ogm_buff_mutex);
+ 
+ 	if (atomic_read(&bat_priv->mesh_state) == BATADV_MESH_DEACTIVATING)
+ 		goto out;
+@@ -242,11 +243,12 @@ static void batadv_v_ogm_send(struct work_struct *work)
+ 	struct batadv_priv_bat_v *bat_v;
+ 	struct batadv_priv *bat_priv;
+ 
+-	rtnl_lock();
+ 	bat_v = container_of(work, struct batadv_priv_bat_v, ogm_wq.work);
+ 	bat_priv = container_of(bat_v, struct batadv_priv, bat_v);
++
++	mutex_lock(&bat_priv->bat_v.ogm_buff_mutex);
+ 	batadv_v_ogm_send_softif(bat_priv);
+-	rtnl_unlock();
++	mutex_unlock(&bat_priv->bat_v.ogm_buff_mutex);
+ }
+ 
+ /**
+@@ -275,13 +277,15 @@ void batadv_v_ogm_primary_iface_set(struct batadv_hard_iface *primary_iface)
+ 	struct batadv_priv *bat_priv = netdev_priv(primary_iface->soft_iface);
+ 	struct batadv_ogm2_packet *ogm_packet;
+ 
+-	ASSERT_RTNL();
+-
++	mutex_lock(&bat_priv->bat_v.ogm_buff_mutex);
+ 	if (!bat_priv->bat_v.ogm_buff)
+-		return;
++		goto unlock;
+ 
+ 	ogm_packet = (struct batadv_ogm2_packet *)bat_priv->bat_v.ogm_buff;
+ 	ether_addr_copy(ogm_packet->orig, primary_iface->net_dev->dev_addr);
++
++unlock:
++	mutex_unlock(&bat_priv->bat_v.ogm_buff_mutex);
+ }
+ 
+ /**
+@@ -885,8 +889,6 @@ int batadv_v_ogm_init(struct batadv_priv *bat_priv)
+ 	unsigned char *ogm_buff;
+ 	u32 random_seqno;
+ 
+-	ASSERT_RTNL();
+-
+ 	bat_priv->bat_v.ogm_buff_len = BATADV_OGM2_HLEN;
+ 	ogm_buff = kzalloc(bat_priv->bat_v.ogm_buff_len, GFP_ATOMIC);
+ 	if (!ogm_buff)
+@@ -905,6 +907,8 @@ int batadv_v_ogm_init(struct batadv_priv *bat_priv)
+ 	atomic_set(&bat_priv->bat_v.ogm_seqno, random_seqno);
+ 	INIT_DELAYED_WORK(&bat_priv->bat_v.ogm_wq, batadv_v_ogm_send);
+ 
++	mutex_init(&bat_priv->bat_v.ogm_buff_mutex);
++
+ 	return 0;
+ }
+ 
+@@ -916,7 +920,11 @@ void batadv_v_ogm_free(struct batadv_priv *bat_priv)
+ {
+ 	cancel_delayed_work_sync(&bat_priv->bat_v.ogm_wq);
+ 
++	mutex_lock(&bat_priv->bat_v.ogm_buff_mutex);
++
+ 	kfree(bat_priv->bat_v.ogm_buff);
+ 	bat_priv->bat_v.ogm_buff = NULL;
+ 	bat_priv->bat_v.ogm_buff_len = 0;
++
++	mutex_unlock(&bat_priv->bat_v.ogm_buff_mutex);
+ }
+diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
+index 49e4e6cb506f192e85e96e8b3e68be3fdc2dca57..44c423447fe163eb3b9df5ec5cf229bed6b8d65b 100644
+--- a/net/batman-adv/types.h
++++ b/net/batman-adv/types.h
+@@ -28,6 +28,7 @@
+ #include <linux/compiler.h>
+ #include <linux/if_ether.h>
+ #include <linux/kref.h>
++#include <linux/mutex.h>
+ #include <linux/netdevice.h>
+ #include <linux/netlink.h>
+ #include <linux/sched.h> /* for linux/wait.h */
+@@ -1479,15 +1480,18 @@ struct batadv_softif_vlan {
+  * struct batadv_priv_bat_v - B.A.T.M.A.N. V per soft-interface private data
+  */
+ struct batadv_priv_bat_v {
+-	/** @ogm_buff: buffer holding the OGM packet. rtnl protected */
++	/** @ogm_buff: buffer holding the OGM packet */
+ 	unsigned char *ogm_buff;
+ 
+-	/** @ogm_buff_len: length of the OGM packet buffer. rtnl protected */
++	/** @ogm_buff_len: length of the OGM packet buffer */
+ 	int ogm_buff_len;
+ 
+ 	/** @ogm_seqno: OGM sequence number - used to identify each OGM */
+ 	atomic_t ogm_seqno;
+ 
++	/** @ogm_buff_mutex: lock protecting ogm_buff and ogm_buff_len */
++	struct mutex ogm_buff_mutex;
++
+ 	/** @ogm_wq: workqueue used to schedule OGM transmissions */
+ 	struct delayed_work ogm_wq;
+ };

batman-adv/patches/0039-batman-adv-Avoid-OGM-workqueue-synchronous-cancel-de.patch

@@ -0,0 +1,262 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sun, 13 Oct 2019 21:03:07 +0200
+Subject: batman-adv: Avoid OGM workqueue synchronous cancel deadlock
+
+batadv_forw_packet_list_free can be called when an interface is being
+disabled. Under this circumstance, the rntl_lock will be held and while it
+calls cancel_delayed_work_sync.
+
+cancel_delayed_work_sync will stop the execution of the current context
+when the work item is currently processed. It can now happen that the
+cancel_delayed_work_sync was called when rtnl_lock was already called in
+batadv_iv_send_outstanding_bat_ogm_packet or when it was in the process of
+calling it. In this case, batadv_iv_send_outstanding_bat_ogm_packet waits
+for the lock and cancel_delayed_work_sync (which holds the rtnl_lock) is
+waiting for batadv_iv_send_outstanding_bat_ogm_packet to finish.
+
+This can only be avoided by not using (conflicting) blocking locks while
+cancel_delayed_work_sync is called. It also has the benefit that the
+ogm scheduling functionality can avoid unnecessary delays which can be
+introduced by a global lock.
+
+Fixes: 9b8ceef26c69 ("batman-adv: Avoid free/alloc race when handling OGM buffer")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/d3be478f1aa27b47f61c4a62e18eb063d47c9168
+
+diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
+index 5b2ef12cfabb24ccbe2c1848cfff4d1ded9bd0b0..f5941837c3ad463f276cffdb25f9b6cd87af0e92 100644
+--- a/net/batman-adv/bat_iv_ogm.c
++++ b/net/batman-adv/bat_iv_ogm.c
+@@ -35,6 +35,7 @@
+ #include <linux/kref.h>
+ #include <linux/list.h>
+ #include <linux/lockdep.h>
++#include <linux/mutex.h>
+ #include <linux/netdevice.h>
+ #include <linux/netlink.h>
+ #include <linux/pkt_sched.h>
+@@ -42,7 +43,6 @@
+ #include <linux/random.h>
+ #include <linux/rculist.h>
+ #include <linux/rcupdate.h>
+-#include <linux/rtnetlink.h>
+ #include <linux/seq_file.h>
+ #include <linux/skbuff.h>
+ #include <linux/slab.h>
+@@ -380,7 +380,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
+ 	unsigned char *ogm_buff;
+ 	u32 random_seqno;
+ 
+-	ASSERT_RTNL();
++	mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
+ 
+ 	/* randomize initial seqno to avoid collision */
+ 	get_random_bytes(&random_seqno, sizeof(random_seqno));
+@@ -388,8 +388,10 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
+ 
+ 	hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN;
+ 	ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC);
+-	if (!ogm_buff)
++	if (!ogm_buff) {
++		mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
+ 		return -ENOMEM;
++	}
+ 
+ 	hard_iface->bat_iv.ogm_buff = ogm_buff;
+ 
+@@ -401,41 +403,59 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
+ 	batadv_ogm_packet->reserved = 0;
+ 	batadv_ogm_packet->tq = BATADV_TQ_MAX_VALUE;
+ 
++	mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
++
+ 	return 0;
+ }
+ 
+ static void batadv_iv_ogm_iface_disable(struct batadv_hard_iface *hard_iface)
+ {
+-	ASSERT_RTNL();
++	mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
+ 
+ 	kfree(hard_iface->bat_iv.ogm_buff);
+ 	hard_iface->bat_iv.ogm_buff = NULL;
++
++	mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
+ }
+ 
+ static void batadv_iv_ogm_iface_update_mac(struct batadv_hard_iface *hard_iface)
+ {
+ 	struct batadv_ogm_packet *batadv_ogm_packet;
+-	unsigned char *ogm_buff = hard_iface->bat_iv.ogm_buff;
++	void *ogm_buff;
+ 
+-	ASSERT_RTNL();
++	mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
+ 
+-	batadv_ogm_packet = (struct batadv_ogm_packet *)ogm_buff;
++	ogm_buff = hard_iface->bat_iv.ogm_buff;
++	if (!ogm_buff)
++		goto unlock;
++
++	batadv_ogm_packet = ogm_buff;
+ 	ether_addr_copy(batadv_ogm_packet->orig,
+ 			hard_iface->net_dev->dev_addr);
+ 	ether_addr_copy(batadv_ogm_packet->prev_sender,
+ 			hard_iface->net_dev->dev_addr);
++
++unlock:
++	mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
+ }
+ 
+ static void
+ batadv_iv_ogm_primary_iface_set(struct batadv_hard_iface *hard_iface)
+ {
+ 	struct batadv_ogm_packet *batadv_ogm_packet;
+-	unsigned char *ogm_buff = hard_iface->bat_iv.ogm_buff;
++	void *ogm_buff;
+ 
+-	ASSERT_RTNL();
++	mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
+ 
+-	batadv_ogm_packet = (struct batadv_ogm_packet *)ogm_buff;
++	ogm_buff = hard_iface->bat_iv.ogm_buff;
++	if (!ogm_buff)
++		goto unlock;
++
++	batadv_ogm_packet = ogm_buff;
+ 	batadv_ogm_packet->ttl = BATADV_TTL;
++
++unlock:
++	mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
+ }
+ 
+ /* when do we schedule our own ogm to be sent */
+@@ -933,7 +953,11 @@ batadv_iv_ogm_slide_own_bcast_window(struct batadv_hard_iface *hard_iface)
+ 	}
+ }
+ 
+-static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
++/**
++ * batadv_iv_ogm_schedule_buff() - schedule submission of hardif ogm buffer
++ * @hard_iface: interface whose ogm buffer should be transmitted
++ */
++static void batadv_iv_ogm_schedule_buff(struct batadv_hard_iface *hard_iface)
+ {
+ 	struct batadv_priv *bat_priv = netdev_priv(hard_iface->soft_iface);
+ 	unsigned char **ogm_buff = &hard_iface->bat_iv.ogm_buff;
+@@ -944,11 +968,7 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
+ 	u16 tvlv_len = 0;
+ 	unsigned long send_time;
+ 
+-	ASSERT_RTNL();
+-
+-	if (hard_iface->if_status == BATADV_IF_NOT_IN_USE ||
+-	    hard_iface->if_status == BATADV_IF_TO_BE_REMOVED)
+-		return;
++	lockdep_assert_held(&hard_iface->bat_iv.ogm_buff_mutex);
+ 
+ 	/* the interface gets activated here to avoid race conditions between
+ 	 * the moment of activating the interface in
+@@ -1016,6 +1036,17 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
+ 		batadv_hardif_put(primary_if);
+ }
+ 
++static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
++{
++	if (hard_iface->if_status == BATADV_IF_NOT_IN_USE ||
++	    hard_iface->if_status == BATADV_IF_TO_BE_REMOVED)
++		return;
++
++	mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
++	batadv_iv_ogm_schedule_buff(hard_iface);
++	mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
++}
++
+ /**
+  * batadv_iv_ogm_orig_update() - use OGM to update corresponding data in an
+  *  originator
+@@ -1802,12 +1833,16 @@ static void batadv_iv_ogm_process(const struct sk_buff *skb, int ogm_offset,
+ 	batadv_orig_node_put(orig_node);
+ }
+ 
+-static void
+-batadv_iv_send_outstanding_forw_packet(struct batadv_forw_packet *forw_packet)
++static void batadv_iv_send_outstanding_bat_ogm_packet(struct work_struct *work)
+ {
++	struct delayed_work *delayed_work;
++	struct batadv_forw_packet *forw_packet;
+ 	struct batadv_priv *bat_priv;
+ 	bool dropped = false;
+ 
++	delayed_work = to_delayed_work(work);
++	forw_packet = container_of(delayed_work, struct batadv_forw_packet,
++				   delayed_work);
+ 	bat_priv = netdev_priv(forw_packet->if_incoming->soft_iface);
+ 
+ 	if (atomic_read(&bat_priv->mesh_state) == BATADV_MESH_DEACTIVATING) {
+@@ -1836,20 +1871,6 @@ batadv_iv_send_outstanding_forw_packet(struct batadv_forw_packet *forw_packet)
+ 		batadv_forw_packet_free(forw_packet, dropped);
+ }
+ 
+-static void batadv_iv_send_outstanding_bat_ogm_packet(struct work_struct *work)
+-{
+-	struct delayed_work *delayed_work;
+-	struct batadv_forw_packet *forw_packet;
+-
+-	delayed_work = to_delayed_work(work);
+-	forw_packet = container_of(delayed_work, struct batadv_forw_packet,
+-				   delayed_work);
+-
+-	rtnl_lock();
+-	batadv_iv_send_outstanding_forw_packet(forw_packet);
+-	rtnl_unlock();
+-}
+-
+ static int batadv_iv_ogm_receive(struct sk_buff *skb,
+ 				 struct batadv_hard_iface *if_incoming)
+ {
+diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
+index 36f0962040d16af4f9ed82629ff03ce85c83ed57..c4e0435c952db87c89727633c184320820812cda 100644
+--- a/net/batman-adv/hard-interface.c
++++ b/net/batman-adv/hard-interface.c
+@@ -29,6 +29,7 @@
+ #include <linux/kernel.h>
+ #include <linux/kref.h>
+ #include <linux/list.h>
++#include <linux/mutex.h>
+ #include <linux/netdevice.h>
+ #include <linux/printk.h>
+ #include <linux/rculist.h>
+@@ -933,6 +934,7 @@ batadv_hardif_add_interface(struct net_device *net_dev)
+ 	INIT_LIST_HEAD(&hard_iface->list);
+ 	INIT_HLIST_HEAD(&hard_iface->neigh_list);
+ 
++	mutex_init(&hard_iface->bat_iv.ogm_buff_mutex);
+ 	spin_lock_init(&hard_iface->neigh_list_lock);
+ 	kref_init(&hard_iface->refcount);
+ 
+diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
+index 44c423447fe163eb3b9df5ec5cf229bed6b8d65b..85f52dc42e17f7ed550f13048a2e2bd9d372196b 100644
+--- a/net/batman-adv/types.h
++++ b/net/batman-adv/types.h
+@@ -83,14 +83,17 @@ enum batadv_dhcp_recipient {
+  * struct batadv_hard_iface_bat_iv - per hard-interface B.A.T.M.A.N. IV data
+  */
+ struct batadv_hard_iface_bat_iv {
+-	/** @ogm_buff: buffer holding the OGM packet. rtnl protected */
++	/** @ogm_buff: buffer holding the OGM packet */
+ 	unsigned char *ogm_buff;
+ 
+-	/** @ogm_buff_len: length of the OGM packet buffer. rtnl protected */
++	/** @ogm_buff_len: length of the OGM packet buffer */
+ 	int ogm_buff_len;
+ 
+ 	/** @ogm_seqno: OGM sequence number - used to identify each OGM */
+ 	atomic_t ogm_seqno;
++
++	/** @ogm_buff_mutex: lock protecting ogm_buff and ogm_buff_len */
++	struct mutex ogm_buff_mutex;
+ };
+ 
+ /**

batman-adv/patches/0040-batman-adv-Fix-DAT-candidate-selection-on-little-end.patch

@@ -0,0 +1,43 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Thu, 28 Nov 2019 12:43:49 +0100
+Subject: batman-adv: Fix DAT candidate selection on little endian systems
+
+The distributed arp table is using a DHT to store and retrieve MAC address
+information for an IP address. This is done using unicast messages to
+selected peers. The potential peers are looked up using the IP address and
+the VID.
+
+While the IP address is always stored in big endian byte order, it is not
+the case of the VID. It can (depending on the host system) either be big
+endian or little endian. The host must therefore always convert it to big
+endian to ensure that all devices calculate the same peers for the same
+lookup data.
+
+Fixes: 3e26722bc9f2 ("batman-adv: make the Distributed ARP Table vlan aware")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Antonio Quartulli <a@unstable.cc>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/728aea06f38e0e4d70f4f7d43698187f7f7055c5
+
+diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
+index a60bacf7120be88ba7626cf0a87dd34eef0a2eec..21783805a3afd974cebc7e640249402d637d731a 100644
+--- a/net/batman-adv/distributed-arp-table.c
++++ b/net/batman-adv/distributed-arp-table.c
+@@ -251,6 +251,7 @@ static u32 batadv_hash_dat(const void *data, u32 size)
+ 	u32 hash = 0;
+ 	const struct batadv_dat_entry *dat = data;
+ 	const unsigned char *key;
++	__be16 vid;
+ 	u32 i;
+ 
+ 	key = (const unsigned char *)&dat->ip;
+@@ -260,7 +261,8 @@ static u32 batadv_hash_dat(const void *data, u32 size)
+ 		hash ^= (hash >> 6);
+ 	}
+ 
+-	key = (const unsigned char *)&dat->vid;
++	vid = htons(dat->vid);
++	key = (__force const unsigned char *)&vid;
+ 	for (i = 0; i < sizeof(dat->vid); i++) {
+ 		hash += key[i];
+ 		hash += (hash << 10);

batman-adv/patches/0041-batman-adv-Don-t-schedule-OGM-for-disabled-interface.patch

@@ -0,0 +1,37 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sun, 16 Feb 2020 13:02:06 +0100
+Subject: batman-adv: Don't schedule OGM for disabled interface
+
+A transmission scheduling for an interface which is currently dropped by
+batadv_iv_ogm_iface_disable could still be in progress. The B.A.T.M.A.N. V
+is simply cancelling the workqueue item in an synchronous way but this is
+not possible with B.A.T.M.A.N. IV because the OGM submissions are
+intertwined.
+
+Instead it has to stop submitting the OGM when it detect that the buffer
+pointer is set to NULL.
+
+Reported-by: syzbot+a98f2016f40b9cd3818a@syzkaller.appspotmail.com
+Reported-by: syzbot+ac36b6a33c28a491e929@syzkaller.appspotmail.com
+Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Cc: Hillf Danton <hdanton@sina.com>
+Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/a089c55ca004b396d340baae58abe9a79f32cc0f
+
+diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
+index f5941837c3ad463f276cffdb25f9b6cd87af0e92..0b052ff51bdeb36f7eac9abca927e267533d2930 100644
+--- a/net/batman-adv/bat_iv_ogm.c
++++ b/net/batman-adv/bat_iv_ogm.c
+@@ -970,6 +970,10 @@ static void batadv_iv_ogm_schedule_buff(struct batadv_hard_iface *hard_iface)
+ 
+ 	lockdep_assert_held(&hard_iface->bat_iv.ogm_buff_mutex);
+ 
++	/* interface already disabled by batadv_iv_ogm_iface_disable */
++	if (!*ogm_buff)
++		return;
++
+ 	/* the interface gets activated here to avoid race conditions between
+ 	 * the moment of activating the interface in
+ 	 * hardif_activate_interface() where the originator mac is set and

batman-adv/patches/0042-batman-adv-fix-batadv_nc_random_weight_tq.patch

@@ -0,0 +1,59 @@
+From: George Spelvin <lkml@sdf.org>
+Date: Sun, 8 Mar 2020 09:44:59 -0400
+Subject: batman-adv: fix batadv_nc_random_weight_tq
+
+and change to pseudorandom numbers, as this is a traffic dithering
+operation that doesn't need crypto-grade.
+
+The previous code operated in 4 steps:
+
+1. Generate a random byte 0 <= rand_tq <= 255
+2. Multiply it by BATADV_TQ_MAX_VALUE - tq
+3. Divide by 255 (= BATADV_TQ_MAX_VALUE)
+4. Return BATADV_TQ_MAX_VALUE - rand_tq
+
+This would apperar to scale (BATADV_TQ_MAX_VALUE - tq) by a random
+value between 0/255 and 255/255.
+
+But!  The intermediate value between steps 3 and 4 is stored in a u8
+variable.  So it's truncated, and most of the time, is less than 255, after
+which the division produces 0.  Specifically, if tq is odd, the product is
+always even, and can never be 255.  If tq is even, there's exactly one
+random byte value that will produce a product byte of 255.
+
+Thus, the return value is 255 (511/512 of the time) or 254 (1/512
+of the time).
+
+If we assume that the truncation is a bug, and the code is meant to scale
+the input, a simpler way of looking at it is that it's returning a random
+value between tq and BATADV_TQ_MAX_VALUE, inclusive.
+
+Well, we have an optimized function for doing just that.
+
+Fixes: c3289f3650d3 ("batman-adv: network coding - code and transmit packets if possible")
+Signed-off-by: George Spelvin <lkml@sdf.org>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/db48c60b0edb995450ee846157364bd09bb23762
+
+diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
+index 34caf129a9bf5531360f798be6a7059bad26a50f..7f1be5a287575d51ffd5b4e7ecf540b8fd7de700 100644
+--- a/net/batman-adv/network-coding.c
++++ b/net/batman-adv/network-coding.c
+@@ -1021,15 +1021,8 @@ static struct batadv_nc_path *batadv_nc_get_path(struct batadv_priv *bat_priv,
+  */
+ static u8 batadv_nc_random_weight_tq(u8 tq)
+ {
+-	u8 rand_val, rand_tq;
+-
+-	get_random_bytes(&rand_val, sizeof(rand_val));
+-
+ 	/* randomize the estimated packet loss (max TQ - estimated TQ) */
+-	rand_tq = rand_val * (BATADV_TQ_MAX_VALUE - tq);
+-
+-	/* normalize the randomized packet loss */
+-	rand_tq /= BATADV_TQ_MAX_VALUE;
++	u8 rand_tq = prandom_u32_max(BATADV_TQ_MAX_VALUE + 1 - tq);
+ 
+ 	/* convert to (randomized) estimated tq again */
+ 	return BATADV_TQ_MAX_VALUE - rand_tq;

batman-adv/patches/0043-batman-adv-Fix-refcnt-leak-in-batadv_show_throughput.patch

@@ -0,0 +1,38 @@
+From: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Date: Wed, 15 Apr 2020 16:31:50 +0800
+Subject: batman-adv: Fix refcnt leak in batadv_show_throughput_override
+
+batadv_show_throughput_override() invokes batadv_hardif_get_by_netdev(),
+which gets a batadv_hard_iface object from net_dev with increased refcnt
+and its reference is assigned to a local pointer 'hard_iface'.
+
+When batadv_show_throughput_override() returns, "hard_iface" becomes
+invalid, so the refcount should be decreased to keep refcount balanced.
+
+The issue happens in the normal path of
+batadv_show_throughput_override(), which forgets to decrease the refcnt
+increased by batadv_hardif_get_by_netdev() before the function returns,
+causing a refcnt leak.
+
+Fix this issue by calling batadv_hardif_put() before the
+batadv_show_throughput_override() returns in the normal path.
+
+Fixes: c513176e4b7a ("batman-adv: add throughput override attribute to hard_ifaces")
+Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/f301bfed59b146a63471d0f147b767d7cafede6f
+
+diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c
+index 09427fc6494a157554d8b19f3481a878a9f97bba..7f7de0b16aa7ab70986735fbd9b42fd02de8a924 100644
+--- a/net/batman-adv/sysfs.c
++++ b/net/batman-adv/sysfs.c
+@@ -1126,6 +1126,7 @@ static ssize_t batadv_show_throughput_override(struct kobject *kobj,
+ 
+ 	tp_override = atomic_read(&hard_iface->bat_v.throughput_override);
+ 
++	batadv_hardif_put(hard_iface);
+ 	return sprintf(buff, "%u.%u MBit\n", tp_override / 10,
+ 		       tp_override % 10);
+ }

batman-adv/patches/0044-batman-adv-Fix-refcnt-leak-in-batadv_store_throughpu.patch

@@ -0,0 +1,39 @@
+From: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Date: Wed, 15 Apr 2020 16:35:21 +0800
+Subject: batman-adv: Fix refcnt leak in batadv_store_throughput_override
+
+batadv_show_throughput_override() invokes batadv_hardif_get_by_netdev(),
+which gets a batadv_hard_iface object from net_dev with increased refcnt
+and its reference is assigned to a local pointer 'hard_iface'.
+
+When batadv_store_throughput_override() returns, "hard_iface" becomes
+invalid, so the refcount should be decreased to keep refcount balanced.
+
+The issue happens in one error path of
+batadv_store_throughput_override(). When batadv_parse_throughput()
+returns NULL, the refcnt increased by batadv_hardif_get_by_netdev() is
+not decreased, causing a refcnt leak.
+
+Fix this issue by jumping to "out" label when batadv_parse_throughput()
+returns NULL.
+
+Fixes: c513176e4b7a ("batman-adv: add throughput override attribute to hard_ifaces")
+Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/b69cd8bdbfd6fa7e61878c2fa9e6637406f40dd9
+
+diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c
+index 7f7de0b16aa7ab70986735fbd9b42fd02de8a924..976b038e53bf934332a39bad8a5509ca1aac0add 100644
+--- a/net/batman-adv/sysfs.c
++++ b/net/batman-adv/sysfs.c
+@@ -1093,7 +1093,7 @@ static ssize_t batadv_store_throughput_override(struct kobject *kobj,
+ 	ret = batadv_parse_throughput(net_dev, buff, "throughput_override",
+ 				      &tp_override);
+ 	if (!ret)
+-		return count;
++		goto out;
+ 
+ 	old_tp_override = atomic_read(&hard_iface->bat_v.throughput_override);
+ 	if (old_tp_override == tp_override)

batman-adv/patches/0045-batman-adv-Fix-refcnt-leak-in-batadv_v_ogm_process.patch

@@ -0,0 +1,39 @@
+From: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Date: Mon, 20 Apr 2020 13:37:20 +0800
+Subject: batman-adv: Fix refcnt leak in batadv_v_ogm_process
+
+batadv_v_ogm_process() invokes batadv_hardif_neigh_get(), which returns
+a reference of the neighbor object to "hardif_neigh" with increased
+refcount.
+
+When batadv_v_ogm_process() returns, "hardif_neigh" becomes invalid, so
+the refcount should be decreased to keep refcount balanced.
+
+The reference counting issue happens in one exception handling paths of
+batadv_v_ogm_process(). When batadv_v_ogm_orig_get() fails to get the
+orig node and returns NULL, the refcnt increased by
+batadv_hardif_neigh_get() is not decreased, causing a refcnt leak.
+
+Fix this issue by jumping to "out" label when batadv_v_ogm_orig_get()
+fails to get the orig node.
+
+Fixes: 667996ebeab4 ("batman-adv: OGMv2 - implement originators logic")
+Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/4515f5e6a4ccbe1c563b05f2d487eb9eef3c9740
+
+diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c
+index bf9ea404abe7cbe1dd2113881856cd35b718b7d1..0458de53cb64b2da51de492ffa27f33068351cc8 100644
+--- a/net/batman-adv/bat_v_ogm.c
++++ b/net/batman-adv/bat_v_ogm.c
+@@ -735,7 +735,7 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset,
+ 
+ 	orig_node = batadv_v_ogm_orig_get(bat_priv, ogm_packet->orig);
+ 	if (!orig_node)
+-		return;
++		goto out;
+ 
+ 	neigh_node = batadv_neigh_node_get_or_create(orig_node, if_incoming,
+ 						     ethhdr->h_source);

batman-adv/patches/0046-batman-adv-Avoid-uninitialized-chaddr-when-handling-.patch

@@ -0,0 +1,42 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Wed, 22 Jul 2020 20:49:23 +0200
+Subject: batman-adv: Avoid uninitialized chaddr when handling DHCP
+
+The gateway client code can try to optimize the delivery of DHCP packets to
+avoid broadcasting them through the whole mesh. But also transmissions to
+the client can be optimized by looking up the destination via the chaddr of
+the DHCP packet.
+
+But the chaddr is currently only done when chaddr is fully inside the
+non-paged area of the skbuff. Otherwise it will not be initialized and the
+unoptimized path should have been taken.
+
+But the implementation didn't handle this correctly. It didn't retrieve the
+correct chaddr but still tried to perform the TT lookup with this
+uninitialized memory.
+
+Reported-by: syzbot+ab16e463b903f5a37036@syzkaller.appspotmail.com
+Fixes: 2d5b555644b2 ("batman-adv: send every DHCP packet as bat-unicast")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Acked-by: Antonio Quartulli <a@unstable.cc>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/fcdf008ffd749246632d1f9423163af5dc3f8c7f
+
+diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
+index 140c61a3f1ecfec4fe23c5ddca19e18e2e86fd56..0c59fefc137196899f97e0fa7882cf55ceebe34c 100644
+--- a/net/batman-adv/gateway_client.c
++++ b/net/batman-adv/gateway_client.c
+@@ -714,8 +714,10 @@ batadv_gw_dhcp_recipient_get(struct sk_buff *skb, unsigned int *header_len,
+ 
+ 	chaddr_offset = *header_len + BATADV_DHCP_CHADDR_OFFSET;
+ 	/* store the client address if the message is going to a client */
+-	if (ret == BATADV_DHCP_TO_CLIENT &&
+-	    pskb_may_pull(skb, chaddr_offset + ETH_ALEN)) {
++	if (ret == BATADV_DHCP_TO_CLIENT) {
++		if (!pskb_may_pull(skb, chaddr_offset + ETH_ALEN))
++			return BATADV_DHCP_NO;
++
+ 		/* check if the DHCP packet carries an Ethernet DHCP */
+ 		p = skb->data + *header_len + BATADV_DHCP_HTYPE_OFFSET;
+ 		if (*p != BATADV_DHCP_HTYPE_ETHERNET)

batman-adv/patches/0047-batman-adv-Fix-own-OGM-check-in-aggregated-OGMs.patch

@@ -0,0 +1,59 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Fri, 31 Jul 2020 00:22:55 +0200
+Subject: batman-adv: Fix own OGM check in aggregated OGMs
+
+The own OGM check is currently misplaced and can lead to the following
+issues:
+
+For one thing we might receive an aggregated OGM from a neighbor node
+which has our own OGM in the first place. We would then not only skip
+our own OGM but erroneously also any other, following OGM in the
+aggregate.
+
+For another, we might receive an OGM aggregate which has our own OGM in
+a place other then the first one. Then we would wrongly not skip this
+OGM, leading to populating the orginator and gateway table with ourself.
+
+The latter seems to not only be a cosmetic issue, but there were reports
+that this causes issues with various subsystems of batman-adv, too. For
+instance there were reports about issues with DAT and either disabling
+DAT or aggregation seemed to solve it.
+
+Fixing these issues by applying the own OGM check not on the first OGM
+in an aggregate but for each OGM in an aggregate instead.
+
+Fixes: 667996ebeab ("batman-adv: OGMv2 - implement originators logic")
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/d41cc7cb62c184b2fb8ab97fda45815918200001
+
+diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c
+index 0458de53cb64b2da51de492ffa27f33068351cc8..04a620fd13014463ed0c7c047f3a61a05d862e39 100644
+--- a/net/batman-adv/bat_v_ogm.c
++++ b/net/batman-adv/bat_v_ogm.c
+@@ -716,6 +716,12 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset,
+ 		   ntohl(ogm_packet->seqno), ogm_throughput, ogm_packet->ttl,
+ 		   ogm_packet->version, ntohs(ogm_packet->tvlv_len));
+ 
++	if (batadv_is_my_mac(bat_priv, ogm_packet->orig)) {
++		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
++			   "Drop packet: originator packet from ourself\n");
++		return;
++	}
++
+ 	/* If the throughput metric is 0, immediately drop the packet. No need
+ 	 * to create orig_node / neigh_node for an unusable route.
+ 	 */
+@@ -843,11 +849,6 @@ int batadv_v_ogm_packet_recv(struct sk_buff *skb,
+ 	if (batadv_is_my_mac(bat_priv, ethhdr->h_source))
+ 		goto free_skb;
+ 
+-	ogm_packet = (struct batadv_ogm2_packet *)skb->data;
+-
+-	if (batadv_is_my_mac(bat_priv, ogm_packet->orig))
+-		goto free_skb;
+-
+ 	batadv_inc_counter(bat_priv, BATADV_CNT_MGMT_RX);
+ 	batadv_add_counter(bat_priv, BATADV_CNT_MGMT_RX_BYTES,
+ 			   skb->len + ETH_HLEN);

batman-adv/patches/0048-batman-adv-bla-use-netif_rx_ni-when-not-in-interrupt.patch

@@ -0,0 +1,31 @@
+From: Jussi Kivilinna <jussi.kivilinna@haltian.com>
+Date: Tue, 18 Aug 2020 17:46:10 +0300
+Subject: batman-adv: bla: use netif_rx_ni when not in interrupt context
+
+batadv_bla_send_claim() gets called from worker thread context through
+batadv_bla_periodic_work(), thus netif_rx_ni needs to be used in that
+case. This fixes "NOHZ: local_softirq_pending 08" log messages seen
+when batman-adv is enabled.
+
+Fixes: a9ce0dc43e2c ("batman-adv: add basic bridge loop avoidance code")
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@haltian.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/3747f81a1380b65740fc52fc71c7a3af4c6e49de
+
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
+index 0842080a71f4ac89b3fbebc4b95c6c27d1cc4254..ed8259ff0dc7ba129825a369a757b37cc62ce829 100644
+--- a/net/batman-adv/bridge_loop_avoidance.c
++++ b/net/batman-adv/bridge_loop_avoidance.c
+@@ -450,7 +450,10 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, u8 *mac,
+ 	batadv_add_counter(bat_priv, BATADV_CNT_RX_BYTES,
+ 			   skb->len + ETH_HLEN);
+ 
+-	netif_rx(skb);
++	if (in_interrupt())
++		netif_rx(skb);
++	else
++		netif_rx_ni(skb);
+ out:
+ 	if (primary_if)
+ 		batadv_hardif_put(primary_if);

batman-adv/patches/0049-batman-adv-bla-fix-type-misuse-for-backbone_gw-hash-.patch

@@ -0,0 +1,41 @@
+From: Linus Lüssing <ll@simonwunderlich.de>
+Date: Thu, 27 Aug 2020 17:34:48 +0200
+Subject: batman-adv: bla: fix type misuse for backbone_gw hash indexing
+
+It seems that due to a copy & paste error the void pointer
+in batadv_choose_backbone_gw() is cast to the wrong type.
+
+Fixing this by using "struct batadv_bla_backbone_gw" instead of "struct
+batadv_bla_claim" which better matches the caller's side.
+
+For now it seems that we were lucky because the two structs both have
+their orig/vid and addr/vid in the beginning. However I stumbled over
+this issue when I was trying to add some debug variables in front of
+"orig" in batadv_backbone_gw, which caused hash lookups to fail.
+
+Fixes: 7e15c9305ce0 ("batman-adv: don't rely on positions in struct for hashing")
+Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/398a706cd46c1fc085aef56ae8ed11f76e182bd1
+
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
+index ed8259ff0dc7ba129825a369a757b37cc62ce829..9dc574f5659e2bce97bd7e0f3793f8c1edf1fbd5 100644
+--- a/net/batman-adv/bridge_loop_avoidance.c
++++ b/net/batman-adv/bridge_loop_avoidance.c
+@@ -96,11 +96,12 @@ static inline u32 batadv_choose_claim(const void *data, u32 size)
+  */
+ static inline u32 batadv_choose_backbone_gw(const void *data, u32 size)
+ {
+-	const struct batadv_bla_claim *claim = (struct batadv_bla_claim *)data;
++	const struct batadv_bla_backbone_gw *gw;
+ 	u32 hash = 0;
+ 
+-	hash = jhash(&claim->addr, sizeof(claim->addr), hash);
+-	hash = jhash(&claim->vid, sizeof(claim->vid), hash);
++	gw = (struct batadv_bla_backbone_gw *)data;
++	hash = jhash(&gw->orig, sizeof(gw->orig), hash);
++	hash = jhash(&gw->vid, sizeof(gw->vid), hash);
+ 
+ 	return hash % size;
+ }

batman-adv/patches/0050-batman-adv-mcast-TT-fix-wrongly-dropped-or-rerouted-.patch

@@ -0,0 +1,45 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Fri, 4 Sep 2020 20:28:00 +0200
+Subject: batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
+
+The unicast packet rerouting code makes several assumptions. For
+instance it assumes that there is always exactly one destination in the
+TT. This breaks for multicast frames in a unicast packets in several ways:
+
+For one thing if there is actually no TT entry and the destination node
+was selected due to the multicast tvlv flags it announced. Then an
+intermediate node will wrongly drop the packet.
+
+For another thing if there is a TT entry but the TTVN of this entry is
+newer than the originally addressed destination node: Then the
+intermediate node will wrongly redirect the packet, leading to
+duplicated multicast packets at a multicast listener and missing
+packets at other multicast listeners or multicast routers.
+
+Fixing this by not applying the unicast packet rerouting to batman-adv
+unicast packets with a multicast payload. We are not able to detect a
+roaming multicast listener at the moment and will just continue to send
+the multicast frame to both the new and old destination for a while in
+case of such a roaming multicast listener.
+
+Fixes: cea194d90b11 ("batman-adv: improved client announcement mechanism")
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/22e740c5e6c9342e0f5028beb3d14b84a018d113
+
+diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
+index cc3ed93a6d513dffd4711cac50545d65ef7d640e..98af41e3810dcdf96edad8dff89d4d2b624c5d7f 100644
+--- a/net/batman-adv/routing.c
++++ b/net/batman-adv/routing.c
+@@ -838,6 +838,10 @@ static bool batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
+ 	vid = batadv_get_vid(skb, hdr_len);
+ 	ethhdr = (struct ethhdr *)(skb->data + hdr_len);
+ 
++	/* do not reroute multicast frames in a unicast header */
++	if (is_multicast_ether_addr(ethhdr->h_dest))
++		return true;
++
+ 	/* check if the destination client was served by this node and it is now
+ 	 * roaming. In this case, it means that the node has got a ROAM_ADV
+ 	 * message and that it knows the new destination in the mesh to re-route

batman-adv/patches/0051-batman-adv-Add-missing-include-for-in_interrupt.patch

@@ -0,0 +1,26 @@
+From: Sven Eckelmann <sven@narfation.org>
+Date: Mon, 14 Sep 2020 13:58:16 +0200
+Subject: batman-adv: Add missing include for in_interrupt()
+
+The fix for receiving (internally generated) bla packets outside the
+interrupt context introduced the usage of in_interrupt(). But this
+functionality is only defined in linux/preempt.h which was not included
+with the same patch.
+
+Fixes: 3747f81a1380 ("batman-adv: bla: use netif_rx_ni when not in interrupt context")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/6ea99cd9c82b2d1bc4a313fe9006bcf5d956380e
+
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
+index 9dc574f5659e2bce97bd7e0f3793f8c1edf1fbd5..26f590ba31d49a85143f67f1c002a25dc007b594 100644
+--- a/net/batman-adv/bridge_loop_avoidance.c
++++ b/net/batman-adv/bridge_loop_avoidance.c
+@@ -37,6 +37,7 @@
+ #include <linux/lockdep.h>
+ #include <linux/netdevice.h>
+ #include <linux/netlink.h>
++#include <linux/preempt.h>
+ #include <linux/rculist.h>
+ #include <linux/rcupdate.h>
+ #include <linux/seq_file.h>

batman-adv/patches/0052-batman-adv-mcast-fix-duplicate-mcast-packets-in-BLA-.patch

@@ -0,0 +1,144 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Tue, 15 Sep 2020 09:54:08 +0200
+Subject: batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
+
+Scenario:
+* Multicast frame send from a BLA backbone (multiple nodes with
+  their bat0 bridged together, with BLA enabled)
+
+Issue:
+* BLA backbone nodes receive the frame multiple times on bat0
+
+For multicast frames received via batman-adv broadcast packets the
+originator of the broadcast packet is checked before decapsulating and
+forwarding the frame to bat0 (batadv_bla_is_backbone_gw()->
+batadv_recv_bcast_packet()). If it came from a node which shares the
+same BLA backbone with us then it is not forwarded to bat0 to avoid a
+loop.
+
+When sending a multicast frame in a non-4-address batman-adv unicast
+packet we are currently missing this check - and cannot do so because
+the batman-adv unicast packet has no originator address field.
+
+However, we can simply fix this on the sender side by only sending the
+multicast frame via unicasts to interested nodes which do not share the
+same BLA backbone with us. This also nicely avoids some unnecessary
+transmissions on mesh side.
+
+Note that no infinite loop was observed, probably because of dropping
+via batadv_interface_tx()->batadv_bla_tx(). However the duplicates still
+utterly confuse switches/bridges, ICMPv6 duplicate address detection and
+neighbor discovery and therefore leads to long delays before being able
+to establish TCP connections, for instance. And it also leads to the Linux
+bridge printing messages like:
+"br-lan: received packet on eth1 with own address as source address ..."
+
+Fixes: 405cc1e5a81e ("batman-adv: Modified forwarding behaviour for multicast packets")
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Acked-by: Simon Wunderlich <sw@simonwunderlich.de>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: backport, https://git.open-mesh.org/batman-adv.git/commit/3c39a2455a5be02ecceeaf1a15976bddd611392e
+
+diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c
+index 39640d3d6fbdf8244344db6e79f2d769eb0972d9..764c304ffa5f6dc976050fa6b6f6e0891981c4f4 100644
+--- a/net/batman-adv/multicast.c
++++ b/net/batman-adv/multicast.c
+@@ -62,10 +62,12 @@
+ #include <uapi/linux/batadv_packet.h>
+ #include <uapi/linux/batman_adv.h>
+ 
++#include "bridge_loop_avoidance.h"
+ #include "hard-interface.h"
+ #include "hash.h"
+ #include "log.h"
+ #include "netlink.h"
++#include "send.h"
+ #include "soft-interface.h"
+ #include "translation-table.h"
+ #include "tvlv.h"
+@@ -1027,6 +1029,35 @@ batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb,
+ 	}
+ }
+ 
++/**
++ * batadv_mcast_forw_send_orig() - send a multicast packet to an originator
++ * @bat_priv: the bat priv with all the soft interface information
++ * @skb: the multicast packet to send
++ * @vid: the vlan identifier
++ * @orig_node: the originator to send the packet to
++ *
++ * Return: NET_XMIT_DROP in case of error or NET_XMIT_SUCCESS otherwise.
++ */
++int batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv,
++				struct sk_buff *skb,
++				unsigned short vid,
++				struct batadv_orig_node *orig_node)
++{
++	/* Avoid sending multicast-in-unicast packets to other BLA
++	 * gateways - they already got the frame from the LAN side
++	 * we share with them.
++	 * TODO: Refactor to take BLA into account earlier, to avoid
++	 * reducing the mcast_fanout count.
++	 */
++	if (batadv_bla_is_backbone_gw_orig(bat_priv, orig_node->orig, vid)) {
++		dev_kfree_skb(skb);
++		return NET_XMIT_SUCCESS;
++	}
++
++	return batadv_send_skb_unicast(bat_priv, skb, BATADV_UNICAST, 0,
++				       orig_node, vid);
++}
++
+ /**
+  * batadv_mcast_want_unsnoop_update() - update unsnoop counter and list
+  * @bat_priv: the bat priv with all the soft interface information
+diff --git a/net/batman-adv/multicast.h b/net/batman-adv/multicast.h
+index 3b04ab13f0eb1044454315c04e75a22ce4351afd..6f9f3813fc59a8e8798b71297c8d8f9ef50b5e72 100644
+--- a/net/batman-adv/multicast.h
++++ b/net/batman-adv/multicast.h
+@@ -51,6 +51,11 @@ enum batadv_forw_mode
+ batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb,
+ 		       struct batadv_orig_node **mcast_single_orig);
+ 
++int batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv,
++				struct sk_buff *skb,
++				unsigned short vid,
++				struct batadv_orig_node *orig_node);
++
+ void batadv_mcast_init(struct batadv_priv *bat_priv);
+ 
+ int batadv_mcast_flags_seq_print_text(struct seq_file *seq, void *offset);
+@@ -78,6 +83,16 @@ static inline int batadv_mcast_init(struct batadv_priv *bat_priv)
+ 	return 0;
+ }
+ 
++static inline int
++batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv,
++			    struct sk_buff *skb,
++			    unsigned short vid,
++			    struct batadv_orig_node *orig_node)
++{
++	kfree_skb(skb);
++	return NET_XMIT_DROP;
++}
++
+ static inline int
+ batadv_mcast_mesh_info_put(struct sk_buff *msg, struct batadv_priv *bat_priv)
+ {
+diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
+index 97e28907a0acbb3d64d8ceebf7b1df13dc396300..267f6e6c802f1a7d3eb41a0f3aa2142ca3b21414 100644
+--- a/net/batman-adv/soft-interface.c
++++ b/net/batman-adv/soft-interface.c
+@@ -367,9 +367,8 @@ static int batadv_interface_tx(struct sk_buff *skb,
+ 				goto dropped;
+ 			ret = batadv_send_skb_via_gw(bat_priv, skb, vid);
+ 		} else if (mcast_single_orig) {
+-			ret = batadv_send_skb_unicast(bat_priv, skb,
+-						      BATADV_UNICAST, 0,
+-						      mcast_single_orig, vid);
++			ret = batadv_mcast_forw_send_orig(bat_priv, skb, vid,
++							  mcast_single_orig);
+ 		} else {
+ 			if (batadv_dat_snoop_outgoing_arp_request(bat_priv,
+ 								  skb))

batman-adv/patches/0053-batman-adv-mcast-fix-duplicate-mcast-packets-in-BLA-.patch

@@ -0,0 +1,156 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Tue, 15 Sep 2020 09:54:09 +0200
+Subject: batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
+
+Scenario:
+* Multicast frame send from mesh to a BLA backbone (multiple nodes
+  with their bat0 bridged together, with BLA enabled)
+
+Issue:
+* BLA backbone nodes receive the frame multiple times on bat0,
+  once from mesh->bat0 and once from each backbone_gw from LAN
+
+For unicast, a node will send only to the best backbone gateway
+according to the TQ. However for multicast we currently cannot determine
+if multiple destination nodes share the same backbone if they don't share
+the same backbone with us. So we need to keep sending the unicasts to
+all backbone gateways and let the backbone gateways decide which one
+will forward the frame. We can use the CLAIM mechanism to make this
+decision.
+
+One catch: The batman-adv gateway feature for DHCP packets potentially
+sends multicast packets in the same batman-adv unicast header as the
+multicast optimizations code. And we are not allowed to drop those even
+if we did not claim the source address of the sender, as for such
+packets there is only this one multicast-in-unicast packet.
+
+How can we distinguish the two cases?
+
+The gateway feature uses a batman-adv unicast 4 address header. While
+the multicast-to-unicasts feature uses a simple, 3 address batman-adv
+unicast header. So let's use this to distinguish.
+
+Fixes: e32470167379 ("batman-adv: check incoming packet type for bla")
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Acked-by: Simon Wunderlich <sw@simonwunderlich.de>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/d7665cf8a824c41c61c6e2110ab63d37eb7a8ef7
+
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
+index 26f590ba31d49a85143f67f1c002a25dc007b594..4dc67a0d081c06507aba87f7bec03488817791b2 100644
+--- a/net/batman-adv/bridge_loop_avoidance.c
++++ b/net/batman-adv/bridge_loop_avoidance.c
+@@ -1827,7 +1827,7 @@ batadv_bla_loopdetect_check(struct batadv_priv *bat_priv, struct sk_buff *skb,
+  * @bat_priv: the bat priv with all the soft interface information
+  * @skb: the frame to be checked
+  * @vid: the VLAN ID of the frame
+- * @is_bcast: the packet came in a broadcast packet type.
++ * @packet_type: the batman packet type this frame came in
+  *
+  * batadv_bla_rx avoidance checks if:
+  *  * we have to race for a claim
+@@ -1839,7 +1839,7 @@ batadv_bla_loopdetect_check(struct batadv_priv *bat_priv, struct sk_buff *skb,
+  * further process the skb.
+  */
+ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb,
+-		   unsigned short vid, bool is_bcast)
++		   unsigned short vid, int packet_type)
+ {
+ 	struct batadv_bla_backbone_gw *backbone_gw;
+ 	struct ethhdr *ethhdr;
+@@ -1861,9 +1861,24 @@ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb,
+ 		goto handled;
+ 
+ 	if (unlikely(atomic_read(&bat_priv->bla.num_requests)))
+-		/* don't allow broadcasts while requests are in flight */
+-		if (is_multicast_ether_addr(ethhdr->h_dest) && is_bcast)
+-			goto handled;
++		/* don't allow multicast packets while requests are in flight */
++		if (is_multicast_ether_addr(ethhdr->h_dest))
++			/* Both broadcast flooding or multicast-via-unicasts
++			 * delivery might send to multiple backbone gateways
++			 * sharing the same LAN and therefore need to coordinate
++			 * which backbone gateway forwards into the LAN,
++			 * by claiming the payload source address.
++			 *
++			 * Broadcast flooding and multicast-via-unicasts
++			 * delivery use the following two batman packet types.
++			 * Note: explicitly exclude BATADV_UNICAST_4ADDR,
++			 * as the DHCP gateway feature will send explicitly
++			 * to only one BLA gateway, so the claiming process
++			 * should be avoided there.
++			 */
++			if (packet_type == BATADV_BCAST ||
++			    packet_type == BATADV_UNICAST)
++				goto handled;
+ 
+ 	ether_addr_copy(search_claim.addr, ethhdr->h_source);
+ 	search_claim.vid = vid;
+@@ -1898,13 +1913,14 @@ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb,
+ 		goto allow;
+ 	}
+ 
+-	/* if it is a broadcast ... */
+-	if (is_multicast_ether_addr(ethhdr->h_dest) && is_bcast) {
++	/* if it is a multicast ... */
++	if (is_multicast_ether_addr(ethhdr->h_dest) &&
++	    (packet_type == BATADV_BCAST || packet_type == BATADV_UNICAST)) {
+ 		/* ... drop it. the responsible gateway is in charge.
+ 		 *
+-		 * We need to check is_bcast because with the gateway
++		 * We need to check packet type because with the gateway
+ 		 * feature, broadcasts (like DHCP requests) may be sent
+-		 * using a unicast packet type.
++		 * using a unicast 4 address packet type. See comment above.
+ 		 */
+ 		goto handled;
+ 	} else {
+diff --git a/net/batman-adv/bridge_loop_avoidance.h b/net/batman-adv/bridge_loop_avoidance.h
+index 71f95a3e4d3f335890408685432f18e5d7411a76..af28fdb01467ce290c2a00d0741f01a6e4f347ee 100644
+--- a/net/batman-adv/bridge_loop_avoidance.h
++++ b/net/batman-adv/bridge_loop_avoidance.h
+@@ -48,7 +48,7 @@ static inline bool batadv_bla_is_loopdetect_mac(const uint8_t *mac)
+ 
+ #ifdef CONFIG_BATMAN_ADV_BLA
+ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb,
+-		   unsigned short vid, bool is_bcast);
++		   unsigned short vid, int packet_type);
+ bool batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb,
+ 		   unsigned short vid);
+ bool batadv_bla_is_backbone_gw(struct sk_buff *skb,
+@@ -79,7 +79,7 @@ bool batadv_bla_check_claim(struct batadv_priv *bat_priv, u8 *addr,
+ 
+ static inline bool batadv_bla_rx(struct batadv_priv *bat_priv,
+ 				 struct sk_buff *skb, unsigned short vid,
+-				 bool is_bcast)
++				 int packet_type)
+ {
+ 	return false;
+ }
+diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
+index 267f6e6c802f1a7d3eb41a0f3aa2142ca3b21414..82582abd92485b68254789fb6e2108ae5e547dd6 100644
+--- a/net/batman-adv/soft-interface.c
++++ b/net/batman-adv/soft-interface.c
+@@ -425,10 +425,10 @@ void batadv_interface_rx(struct net_device *soft_iface,
+ 	struct vlan_ethhdr *vhdr;
+ 	struct ethhdr *ethhdr;
+ 	unsigned short vid;
+-	bool is_bcast;
++	int packet_type;
+ 
+ 	batadv_bcast_packet = (struct batadv_bcast_packet *)skb->data;
+-	is_bcast = (batadv_bcast_packet->packet_type == BATADV_BCAST);
++	packet_type = batadv_bcast_packet->packet_type;
+ 
+ 	skb_pull_rcsum(skb, hdr_size);
+ 	skb_reset_mac_header(skb);
+@@ -471,7 +471,7 @@ void batadv_interface_rx(struct net_device *soft_iface,
+ 	/* Let the bridge loop avoidance check the packet. If will
+ 	 * not handle it, we can safely push it up.
+ 	 */
+-	if (batadv_bla_rx(bat_priv, skb, vid, is_bcast))
++	if (batadv_bla_rx(bat_priv, skb, vid, packet_type))
+ 		goto out;
+ 
+ 	if (orig_node)

batman-adv/patches/0054-batman-adv-mcast-fix-duplicate-mcast-packets-from-BL.patch

@@ -0,0 +1,190 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Tue, 15 Sep 2020 09:54:10 +0200
+Subject: batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
+
+Scenario:
+* Multicast frame send from BLA backbone gateways (multiple nodes
+  with their bat0 bridged together, with BLA enabled) sharing the same
+  LAN to nodes in the mesh
+
+Issue:
+* Nodes receive the frame multiple times on bat0 from the mesh,
+  once from each foreign BLA backbone gateway which shares the same LAN
+  with another
+
+For multicast frames via batman-adv broadcast packets coming from the
+same BLA backbone but from different backbone gateways duplicates are
+currently detected via a CRC history of previously received packets.
+
+However this CRC so far was not performed for multicast frames received
+via batman-adv unicast packets. Fixing this by appyling the same check
+for such packets, too.
+
+Room for improvements in the future: Ideally we would introduce the
+possibility to not only claim a client, but a complete originator, too.
+This would allow us to only send a multicast-in-unicast packet from a BLA
+backbone gateway claiming the node and by that avoid potential redundant
+transmissions in the first place.
+
+Fixes: e5cf86d30a9b ("batman-adv: add broadcast duplicate check")
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/c5cb6a670cc3070d9d5c5562f95fa75faac767ba
+
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
+index 4dc67a0d081c06507aba87f7bec03488817791b2..4996bd7b8256557bddaf8ebe87cc606def588adf 100644
+--- a/net/batman-adv/bridge_loop_avoidance.c
++++ b/net/batman-adv/bridge_loop_avoidance.c
+@@ -1594,13 +1594,16 @@ int batadv_bla_init(struct batadv_priv *bat_priv)
+ }
+ 
+ /**
+- * batadv_bla_check_bcast_duplist() - Check if a frame is in the broadcast dup.
++ * batadv_bla_check_duplist() - Check if a frame is in the broadcast dup.
+  * @bat_priv: the bat priv with all the soft interface information
+- * @skb: contains the bcast_packet to be checked
++ * @skb: contains the multicast packet to be checked
++ * @payload_ptr: pointer to position inside the head buffer of the skb
++ *  marking the start of the data to be CRC'ed
++ * @orig: originator mac address, NULL if unknown
+  *
+- * check if it is on our broadcast list. Another gateway might
+- * have sent the same packet because it is connected to the same backbone,
+- * so we have to remove this duplicate.
++ * Check if it is on our broadcast list. Another gateway might have sent the
++ * same packet because it is connected to the same backbone, so we have to
++ * remove this duplicate.
+  *
+  * This is performed by checking the CRC, which will tell us
+  * with a good chance that it is the same packet. If it is furthermore
+@@ -1609,19 +1612,17 @@ int batadv_bla_init(struct batadv_priv *bat_priv)
+  *
+  * Return: true if a packet is in the duplicate list, false otherwise.
+  */
+-bool batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
+-				    struct sk_buff *skb)
++static bool batadv_bla_check_duplist(struct batadv_priv *bat_priv,
++				     struct sk_buff *skb, u8 *payload_ptr,
++				     const u8 *orig)
+ {
+-	int i, curr;
+-	__be32 crc;
+-	struct batadv_bcast_packet *bcast_packet;
+ 	struct batadv_bcast_duplist_entry *entry;
+ 	bool ret = false;
+-
+-	bcast_packet = (struct batadv_bcast_packet *)skb->data;
++	int i, curr;
++	__be32 crc;
+ 
+ 	/* calculate the crc ... */
+-	crc = batadv_skb_crc32(skb, (u8 *)(bcast_packet + 1));
++	crc = batadv_skb_crc32(skb, payload_ptr);
+ 
+ 	spin_lock_bh(&bat_priv->bla.bcast_duplist_lock);
+ 
+@@ -1640,8 +1641,21 @@ bool batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
+ 		if (entry->crc != crc)
+ 			continue;
+ 
+-		if (batadv_compare_eth(entry->orig, bcast_packet->orig))
+-			continue;
++		/* are the originators both known and not anonymous? */
++		if (orig && !is_zero_ether_addr(orig) &&
++		    !is_zero_ether_addr(entry->orig)) {
++			/* If known, check if the new frame came from
++			 * the same originator:
++			 * We are safe to take identical frames from the
++			 * same orig, if known, as multiplications in
++			 * the mesh are detected via the (orig, seqno) pair.
++			 * So we can be a bit more liberal here and allow
++			 * identical frames from the same orig which the source
++			 * host might have sent multiple times on purpose.
++			 */
++			if (batadv_compare_eth(entry->orig, orig))
++				continue;
++		}
+ 
+ 		/* this entry seems to match: same crc, not too old,
+ 		 * and from another gw. therefore return true to forbid it.
+@@ -1657,7 +1671,14 @@ bool batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
+ 	entry = &bat_priv->bla.bcast_duplist[curr];
+ 	entry->crc = crc;
+ 	entry->entrytime = jiffies;
+-	ether_addr_copy(entry->orig, bcast_packet->orig);
++
++	/* known originator */
++	if (orig)
++		ether_addr_copy(entry->orig, orig);
++	/* anonymous originator */
++	else
++		eth_zero_addr(entry->orig);
++
+ 	bat_priv->bla.bcast_duplist_curr = curr;
+ 
+ out:
+@@ -1666,6 +1687,48 @@ bool batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
+ 	return ret;
+ }
+ 
++/**
++ * batadv_bla_check_ucast_duplist() - Check if a frame is in the broadcast dup.
++ * @bat_priv: the bat priv with all the soft interface information
++ * @skb: contains the multicast packet to be checked, decapsulated from a
++ *  unicast_packet
++ *
++ * Check if it is on our broadcast list. Another gateway might have sent the
++ * same packet because it is connected to the same backbone, so we have to
++ * remove this duplicate.
++ *
++ * Return: true if a packet is in the duplicate list, false otherwise.
++ */
++static bool batadv_bla_check_ucast_duplist(struct batadv_priv *bat_priv,
++					   struct sk_buff *skb)
++{
++	return batadv_bla_check_duplist(bat_priv, skb, (u8 *)skb->data, NULL);
++}
++
++/**
++ * batadv_bla_check_bcast_duplist() - Check if a frame is in the broadcast dup.
++ * @bat_priv: the bat priv with all the soft interface information
++ * @skb: contains the bcast_packet to be checked
++ *
++ * Check if it is on our broadcast list. Another gateway might have sent the
++ * same packet because it is connected to the same backbone, so we have to
++ * remove this duplicate.
++ *
++ * Return: true if a packet is in the duplicate list, false otherwise.
++ */
++bool batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
++				    struct sk_buff *skb)
++{
++	struct batadv_bcast_packet *bcast_packet;
++	u8 *payload_ptr;
++
++	bcast_packet = (struct batadv_bcast_packet *)skb->data;
++	payload_ptr = (u8 *)(bcast_packet + 1);
++
++	return batadv_bla_check_duplist(bat_priv, skb, payload_ptr,
++					bcast_packet->orig);
++}
++
+ /**
+  * batadv_bla_is_backbone_gw_orig() - Check if the originator is a gateway for
+  *  the VLAN identified by vid.
+@@ -1880,6 +1943,14 @@ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb,
+ 			    packet_type == BATADV_UNICAST)
+ 				goto handled;
+ 
++	/* potential duplicates from foreign BLA backbone gateways via
++	 * multicast-in-unicast packets
++	 */
++	if (is_multicast_ether_addr(ethhdr->h_dest) &&
++	    packet_type == BATADV_UNICAST &&
++	    batadv_bla_check_ucast_duplist(bat_priv, skb))
++		goto handled;
++
+ 	ether_addr_copy(search_claim.addr, ethhdr->h_source);
+ 	search_claim.vid = vid;
+ 	claim = batadv_claim_hash_find(bat_priv, &search_claim);

bird/Makefile

@@ -7,12 +7,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bird
-PKG_VERSION:=1.6.3
+PKG_VERSION:=1.6.8
 PKG_RELEASE:=1
 
 PKG_SOURCE:=bird-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://bird.network.cz/pub/bird
-PKG_MD5SUM:=39c51cf57c3ba8b5978b2a657ffa2f647ec7f3ae643e91cf42ee5cb070cf7e7c
+PKG_HASH:=6c61ab5d2ef59d2559a8735b8252b5a0238013b43e5fb8a96c5d9d06e7bc00b2
 PKG_BUILD_DEPENDS:=ncurses readline
 PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
 
@@ -22,19 +22,19 @@ include $(INCLUDE_DIR)/package.mk
 
 define Package/bird/Default
   TITLE:=The BIRD Internet Routing Daemon
-  URL:=http://bird.network.cz/
+  URL:=https://bird.network.cz/
   DEPENDS:=+libpthread
 endef
 
 define Package/birdc/Default
   TITLE:=The BIRD command-line client
-  URL:=http://bird.network.cz/
+  URL:=https://bird.network.cz/
   DEPENDS:= +libreadline +libncurses
 endef
 
 define Package/birdcl/Default
   TITLE:=The BIRD lightweight command-line client
-  URL:=http://bird.network.cz/
+  URL:=https://bird.network.cz/
 endef
 
 define Package/bird/Default/description1

bmx7/Makefile

@@ -27,13 +27,12 @@ PKG_NAME:=bmx7
 
 PKG_SOURCE_PROTO:=git
 
-PKG_SOURCE_URL:=git://github.com/bmx-routing/bmx7.git
+PKG_SOURCE_URL:=https://github.com/bmx-routing/bmx7.git
-#PKG_SOURCE_URL:=file:///usr/src/bmx-routing/bmx7.git
 
-PKG_REV:=f78db8298dd8b3658f6fcfa90df2644a15b99924
+PKG_REV:=7711e1f12b29e668f3090b5b94b783f4470a31ce
-PKG_MIRROR_HASH:=80ca8e04603d824e4dede0055030c765bd9e69f7945c01ffb953de37b228028e
+PKG_MIRROR_HASH:=6269b210679fa391f92dfc66d2b629038f51201c93bb279fa55cd608c4f90827
-PKG_VERSION:=r2018030903
+PKG_VERSION:=r2018122901
-PKG_RELEASE:=3
+PKG_RELEASE:=1
 PKG_LICENSE:=GPL-2.0
 
 PKG_SOURCE_VERSION:=$(PKG_REV)
@@ -45,7 +44,7 @@ include $(INCLUDE_DIR)/package.mk
 
 TARGET_CFLAGS += $(FPIC)
 
-MAKE_ARGS += EXTRA_CFLAGS="$(TARGET_CFLAGS) -I. -I$(STAGING_DIR)/usr/include -DCRYPTLIB=MBEDTLS_2_4_0 -DCORE_LIMIT=20000 -DTRAFFIC_DUMP -DNO_TRACE_FUNCTION_CALLS -DBMX7_LIB_IWINFO"
+MAKE_ARGS += EXTRA_CFLAGS="$(TARGET_CFLAGS) -I. -I$(STAGING_DIR)/usr/include -DCRYPTLIB=MBEDTLS_2_8_0 -DCORE_LIMIT=20000 -DTRAFFIC_DUMP -DNO_TRACE_FUNCTION_CALLS -DBMX7_LIB_IWINFO"
 
 MAKE_ARGS += \
         EXTRA_LDFLAGS="$(TARGET_LDFLAGS) -L$(STAGING_DIR)/usr/lib -liwinfo" \

bmx7/files/etc/init.d/bmx7

@@ -20,5 +20,9 @@ start_service() {
 }
 
 reload_service() {
-    $BIN -c configReload
+    "$BIN" -c configReload
+}
+
+service_triggers() {
+    procd_add_reload_trigger "bmx7"
 }

cjdns/Makefile

@@ -17,12 +17,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=cjdns
-PKG_VERSION:=20.1
+PKG_VERSION:=20.2
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=https://github.com/cjdelisle/cjdns.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=bd6b60d817d3126fb45f671c1c7637042a0be937
+PKG_SOURCE_VERSION:=77259a49e5bc7ca7bc6dca5bd423e02be563bdc5
 PKG_LICENSE:=GPL-3.0
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.bz2
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
@@ -83,7 +83,7 @@ define Build/Compile
 	CC="$(TARGET_CC)" \
 	AR="$(TARGET_AR)" \
 	RANLIB="$(TARGET_RANLIB)" \
-	CFLAGS="$(TARGET_CFLAGS)" \
+	CFLAGS="$(TARGET_CFLAGS) -U_FORTIFY_SOURCE" \
 	LDFLAGS="$(TARGET_LDFLAGS)" \
 	SYSTEM="linux" \
 	TARGET_ARCH="$(CONFIG_ARCH)" \

luci-app-bmx6/bmx6/usr/lib/lua/luci/model/bmx6json.lua

@@ -59,6 +59,7 @@ function get(field, host)
 
 	if json_url[1] == "http"  then
 		raw,err = wget(url..field,1000)
+		sys.exec("")
 	else
 
 		if json_url[1] == "exec" then

luci-app-bmx6/bmx6/www/cgi-bin/bmx6-info

@@ -100,7 +100,12 @@ if [ "$QUERY" == 'neighbours' ]; then
 fi
 
 if [ "$QUERY" == 'tunnels' ]; then
-  bmx6 -c --jshow tunnels /r=0
+  tunnels=$(bmx6 -c --jshow tunnels /r=0)
+  if [ -z $tunnels ]; then
+    echo '{ "tunnels" : [] }'
+  else
+    echo $tunnels
+  fi
   exit 0
 fi
 

luci-app-bmx6/bmx6/www/luci-static/resources/bmx6/js/bmx6-graph.js

@@ -48,7 +48,7 @@ function init() {
 
   divwait = document.getElementById("wait");
 
-  XHR.get('/cgi-bin/luci/status/bmx6/topology', null, function(nodesRequest, nodesData) {
+  XHR.get('/cgi-bin/luci/admin/network/BMX6/topology', null, function(nodesRequest, nodesData) {
     nodes = nodesData;
 
     XHR.get('/cgi-bin/bmx6-info?$myself&', null, function(myselfRequest, myselfData) {

luci-app-bmx7/Makefile

@@ -21,7 +21,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-bmx7
-PKG_RELEASE:=0.0-alpha
+PKG_RELEASE:=0.1-alpha
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 PKG_LICENSE:=GPL-2.0+
@@ -33,8 +33,8 @@ define Package/luci-app-bmx7
   CATEGORY:=LuCI
   SUBMENU:=3. Applications
   TITLE:= LuCI support for BMX7
-  DEPENDS:=+luci-lib-json +luci-mod-admin-full +luci-lib-httpclient +bmx7
+  DEPENDS:=+luci-lib-json +luci-mod-admin-full +bmx7 +bmx7-json
-  MAINTAINER:= Roger Pueyo Centelles <roger.pueyo@guifi.net>
+  MAINTAINER:= Roger Pueyo <roger.pueyo@guifi.net> and Pau Escrich <p4u@dabax.net>
 endef
 
 define Package/luci-app-bmx7/description

luci-app-bmx7/files/usr/lib/lua/luci/controller/bmx7.lua

@@ -59,10 +59,28 @@ function index()
 	entry(place,call("action_status_j"),"Status",0)
 	table.remove(place)
 
-	-- Nodes list
+	-- Topology
-	table.insert(place,"Nodes")
+	table.insert(place,"Topology")
-	entry(place,call("action_nodes_j"),"Nodes",1)
+	entry(place,call("topology"),"Topology",1)
 	table.remove(place)
+
+	-- Nodes
+	table.insert(place,"Nodes")
+	entry(place,call("action_nodes_j"),"Nodes",2)
+	table.remove(place)
+
+	-- Tunnels
+	table.insert(place,"Gateways")
+	entry(place,call("action_tunnels_j"),"Gateways",3)
+	table.remove(place)
+
+	-- Integrate bmx7-mdns if present
+	if nixio.fs.stat("/usr/lib/lua/luci/model/cbi/bmx7-mdns.lua","type") ~= nil then
+		table.insert(place,"mDNS")
+		entry(place, cbi("bmx7-mdns"), "mesh DNS", 1).dependent=false
+		table.remove(place)
+	end
+
 end
 
 
@@ -70,8 +88,14 @@ function action_status_j()
 	luci.template.render("bmx7/status_j", {})
 end
 
-function action_nodes_j()
+function action_tunnels_j()
-	local http = require "luci.http"
+	luci.template.render("bmx7/tunnels_j", {})
-	local link_non_js = "/cgi-bin/luci" .. http.getenv("PATH_INFO") .. '/nodes_nojs'
+end
-	luci.template.render("bmx7/nodes_j", {link_non_js=link_non_js})
+
+function topology()
+	luci.template.render("bmx7/topology", {})
+end
+
+function action_nodes_j()
+	luci.template.render("bmx7/nodes_j", {})
 end

luci-app-bmx7/files/usr/lib/lua/luci/view/admin_status/index/bmx7_nodes.htm

@@ -0,0 +1,40 @@
+<div class="cbi-map">
+<div class="cbi-section">
+	<legend><%:Bmx7 mesh nodes%></legend>
+	<div class="cbi-section-node">
+	<div class="table" id="nodes_div">
+		<div class="tr table-titles">
+			<div class="th"><%:Name%></div>
+			<div class="th"><%:Short ID%></div>
+			<div class="th"><%:S/s/T/t%></div>
+			<div class="th"><%:Primary IPv6%></div>
+			<div class="th"><%:Via Neighbour%></div>
+			<div class="th"><%:Device%></div>
+			<div class="th"><%:Metric%></div>
+			<div class="th"><%:Last Ref%></div>
+		</div>
+	</div>
+	</div>
+</div>
+</div>
+
+<script type="text/javascript" src="<%=resource%>/bmx7/js/polling.js"></script>
+<script type="text/javascript">//<![CDATA[
+		new TablePooler(10,"/cgi-bin/bmx7-info", {'$originators':''}, "nodes_div", function(st){
+			var originators = st.originators;
+			var res = Array();
+			originators.forEach(function(originator,i){
+				var name =  originator.name;
+				var shortId =  originator.shortId;
+				var SsTt = originator.S+'/'+originator.s+'/'+originator.T+'/'+originator.t;
+				var primaryIp = originator.primaryIp;
+				var nbName = originator.nbName;
+				var dev = originator.dev;
+				var metric = originator.metric;
+				var lastRef = originator.lastRef;
+			res.push([name, shortId, SsTt, primaryIp,
+								nbName, dev, metric, lastRef]);
+		  });
+		  return res;
+		});
+//]]></script>

luci-app-bmx7/files/usr/lib/lua/luci/view/bmx7/nodes_j.htm

@@ -27,19 +27,16 @@
 
 
 <style>
-
 	div.hideme{
 		display: none;
 	}
-
 	div.info{
 		background: #FFF;
 		border: solid 0px;
-		height: 90px;
+		height: 190px;
 		display: block;
 		overflow: auto;
 	}
-
 	div.inforow{
 		text-align:left;
 		display:inline-block;
@@ -48,18 +45,15 @@
 		float: left;
 		white-space:nowrap;
 	}
-
 	div.inforow.newline{
 		clear: both;
 	}
-
 	u {
     text-decoration: underline;
 	}
-
 #extra-info ul { list-style: none outside none; margin-left: 0em; }
-
 </style>
+
 <div class="cbi-map">
 
 <h2>Mesh nodes</h2>
@@ -70,40 +64,38 @@
 	Tip: click the <img src="<%=resource%>/bmx7/world.png" /> icon to see individual node information.
 	</center>
 </div>
-<fieldset class="cbi-section">
+
+
+<div class="cbi-section">
 	<legend><%:Originators%></legend>
-	<table class="cbi-section-table" id="descriptions_table">
+	<div class="cbi-section-node">
-		<tr class="cbi-section-table-titles">
+	<div class="table" id="nodes_div">
-			<th class="cbi-section-table-cell"></th>
+		<div class="tr table-titles">
-			<th class="cbi-section-table-cell"><%:Name%></th>
+			<div class="th"></div>
-			<th class="cbi-section-table-cell"><%:Short ID%></th>
+			<div class="th"><%:Name%></div>
-			<th class="cbi-section-table-cell"><%:S/s/T/t%></th>
+			<div class="th"><%:Short ID%></div>
-			<th class="cbi-section-table-cell"><%:Primary IPv6 address%></th>
+			<div class="th"><%:S/s/T/t%></div>
-			<th class="cbi-section-table-cell"><%:Via neighbour%></th>
+			<div class="th"><%:Primary IPv6%></div>
-			<th class="cbi-section-table-cell"><%:Metric%></th>
+			<div class="th"><%:Via Neighbour%></div>
-			<th class="cbi-section-table-cell"><%:Last desc.%></th>
+			<div class="th"><%:Metric%></div>
-			<th class="cbi-section-table-cell"><%:Last ref.%></th>
+			<div class="th"><%:Last Desc%></div>
-			<th class="cbi-section-table-cell"><%: %></th>
+			<div class="th"><%:Last Ref%></div>
-		</tr>
+			<div class="th"><%: %></div>
-		<tr class="cbi-section-table-row">
+		</div>
-			<td colspan="11"><br /><center><em><%:Collecting data...%></em></center></td>
+	</div>
-		</tr>
+	</div>
-	</table>
+</div>
-</fieldset>
 
 </div>
 
 <script type="text/javascript">//<![CDATA[
 		var displayExtraInfo = function ( id ) {
-			console.log('aaa'+id)
 			document.getElementById('extra-info').innerHTML = document.getElementById(id).innerHTML;
 		}
-
+		new TablePooler(5,"/cgi-bin/bmx7-info", {'$originators':''}, "nodes_div", function(st){
-		new TablePooler(5,"/cgi-bin/bmx7-info", {'$originators':''}, "descriptions_table", function(st){
 			var infoicon = "<%=resource%>/bmx7/world_small.png";
 			var originators = st.originators;
 			var res = Array();
-
 			originators.forEach(function(originator,i){
 				var name =  originator.name;
 				var shortId =  originator.shortId;
@@ -124,52 +116,40 @@
 			var extrainfo_link = '<a onclick="displayExtraInfo(\'ip-' + i + '\')">' +  '<img src="' + infoicon + '" />' + '</a>';
 
 			extrainfo = '<div id="ip-'+ i +'" class="hideme">'
-
 			+ "<div class='inforow'>"
 			+ "<h4><u>" + name  + '</u></h4>\n'
-			+ 'Node ID: ' + nodeId + "</div>"
+			+ 'Node ID: ' + shortId + "</div>"
-
 			+ "<div class='inforow'>"
 			+ "<h5>Primary IPv6 address</h5>\n"
 			+ primaryIp + "</div>\n"
-
 			+ "<div class='inforow'>"
 			+ "<h5>Support & Trust</h5>\n"
 			+ SsTt + "</div>\n"
-
 			+ "<div class='inforow'>"
 			+ "<h5>Node key</h5>\n"
 			+ nodeKey + "</div>\n"
-
 			+ "<div class='inforow newline'>"
 			+ "<h5>Via neighbour</h5>\n"
 			+ nbName + "</div>\n"
-
 			+ "<div class='inforow'>"
 			+ "<h5>Via device</h5>\n"
 			+ dev + "</div>\n"
-
 			+ "<div class='inforow'>"
-			+ "<h5>Via remote link-local IPv6 address</h5>\n"
+			+ "<h5>Via link-local IPv6</h5>\n"
 			+ nbLocalIp + "</div>\n"
-			
 			+ "<div class='inforow'>"
 			+ "<h5>Route metric</h5>\n"
 			+ metric + "</div>\n"
-
 			+ "<div class='inforow'>"
 			+ "<h5>Desc. size</h5>\n"
 			+ descSize + "</div>\n"
-
 			+ "\n</div>";
 
 			res.push([extrainfo_link, name, shortId, SsTt, primaryIp,
 								nbName, metric, lastDesc, lastRef, extrainfo]);
-
 		  });
 		  return res;
 		});
 //]]></script>
 
 <%+footer%>
-

luci-app-bmx7/files/usr/lib/lua/luci/view/bmx7/status_j.htm

@@ -2,30 +2,6 @@
 <script type="text/javascript" src="<%=resource%>/cbi.js"></script>
 <script type="text/javascript" src="<%=resource%>/bmx7/js/polling.js"></script>
 
-<style>
-	div.hideme{
-		display: none;
-	}
-
-	div.info{
-		background: #FFF;
-		border: solid 1px;
-		height: 80px;
-		display: block;
-		overflow: auto;
-	}
-
-	div.inforow{
-		text-align:left;
-		display:inline-block;
-		width:20%;
-		margin:5px;
-		vertical-align:top;
-	}
-
-	#extra-info ul { list-style: none outside none; margin-left: 0em; }
-</style>
-
 <div class="cbi-map">
 	<center>
 		<img src="<%=resource%>/bmx7/bmx7logo.png" />
@@ -38,145 +14,117 @@
 
 <div class="cbi-map-descr"></div>
 
-<fieldset class="cbi-section">
+<div class="cbi-section">
 	<legend><%:Node configuration%></legend>
-	<table class="cbi-section-table" id="config_table">
+	<div class="cbi-section-node">
-		<tr class="cbi-section-table-titles">
+	<div class="table" id="config_div">
-			<th class="cbi-section-table-cell"><%:Short ID%></th>
+		<div class="tr table-titles">
-			<th class="cbi-section-table-cell"><%:Node name%></th>
+			<div class="th"><%:Short ID%></div>
-			<th class="cbi-section-table-cell"><%:Primary IPv6 address%></th>
+			<div class="th"><%:Node name%></div>
-			<th class="cbi-section-table-cell"><%:Node key%></th>
+			<div class="th"><%:Primary IPv6 address%></div>
-			<th class="cbi-section-table-cell"><%:BMX7 revision%></th>
+			<div class="th"><%:Node key%></div>
-		</tr>
+			<div class="th"><%:Short DHash%></div>
-		<tr class="cbi-section-table-row">
+			<div class="th"><%:BMX7 revision%></div>
-			<td colspan="5"><em><br /><%:Collecting data...%></em></td>
+		</div>
-		</tr>
+	</div>
-	</table>
+	</div>
-</fieldset>
+</div>
 
-<fieldset class="cbi-section">
+
+<div class="cbi-section">
 	<legend><%:Node status%></legend>
-	<table class="cbi-section-table" id="status_table">
+	<div class="cbi-section-node">
-		<tr class="cbi-section-table-titles">
+	<div class="table" id="status_div">
-			<th class="cbi-section-table-cell"><%:Nodes seen%></th>
+		<div class="tr table-titles">
-			<th class="cbi-section-table-cell"><%:Neighbours%></th>
+			<div class="th"><%:Nodes seen%></div>
-			<th class="cbi-section-table-cell"><%:Tunnelled IPv6 address%></th>
+			<div class="th"><%:Neighbours%></div>
-			<th class="cbi-section-table-cell"><%:Tunnelled IPv4 address%></th>
+			<div class="th"><%:Tunnelled IPv6 address%></div>
-			<th class="cbi-section-table-cell"><%:Uptime%></th>
+			<div class="th"><%:Tunnelled IPv4 address%></div>
-			<th class="cbi-section-table-cell"><%:CPU usage%></th>
+			<div class="th"><%:Uptime%></div>
-			<th class="cbi-section-table-cell"><%:Memory usage%></th>
+			<div class="th"><%:CPU usage%></div>
-			<th class="cbi-section-table-cell"><%:Tx queue%></th>
+			<div class="th"><%:Memory usage%></div>
+			<div class="th"><%:Tx queue%></div>
+		</div>
+	</div>
+	</div>
+</div>
 
-		</tr>
+<div class="cbi-section">
-		<tr class="cbi-section-table-row">
+	<legend><%:Network interfaces%></legend>
-			<td colspan="8"><em><br /><%:Collecting data...%></em></td>
+	<div class="cbi-section-node">
-		</tr>
+	<div class="table" id="ifaces_div">
-	</table>
+		<div class="tr table-titles">
-</fieldset>
+			<div class="th"><%:Interface%></div>
+			<div class="th"><%:State%></div>
+			<div class="th"><%:Type%></div>
+			<div class="th"><%:Max rate%></div>
+			<div class="th"><%:LinkLocal Ipv6%></div>
+			<div class="th"><%:RX BpP%></div>
+			<div class="th"><%:TX BpP%></div>
+		</div>
+	</div>
+	</div>
+</div>
 
-<fieldset class="cbi-section">
-	<legend><%:Interfaces%></legend>
-	<table class="cbi-section-table" id="ifaces_table">
-		<tr class="cbi-section-table-titles">
-			<th class="cbi-section-table-cell"><%:Interface%></th>
-			<th class="cbi-section-table-cell"><%:State%></th>
-			<th class="cbi-section-table-cell"><%:Type%></th>
-			<th class="cbi-section-table-cell"><%:Max. rate%></th>
-			<th class="cbi-section-table-cell"><%:Link-local IPv6 address%></th>
-			<th class="cbi-section-table-cell"><%:Rx BpP%></th>
-			<th class="cbi-section-table-cell"><%:Tx BpP%></th>
 
-		</tr>
+<div class="cbi-section">
-		<tr class="cbi-section-table-row">
-			<td colspan="7"><em><br /><%:Collecting data...%></em></td>
-		</tr>
-	</table>
-</fieldset>
-
-<fieldset class="cbi-section">
 	<legend><%:Links%></legend>
-	<table class="cbi-section-table" id="links_table">
+	<div class="cbi-section-node">
-		<tr class="cbi-section-table-titles">
+	<div class="table" id="links_div">
-			<th class="cbi-section-table-cell"><%:Short ID%></th>
+		<div class="tr table-titles">
-			<th class="cbi-section-table-cell"><%:Name%></th>
+			<div class="th"><%:Short ID%></div>
-			<th class="cbi-section-table-cell"><%:Link key%></th>
+			<div class="th"><%:Name%></div>
-			<th class="cbi-section-table-cell"><%:Remote link-local IPv6 address%></th>
+			<div class="th"><%:Link key%></div>
-			<th class="cbi-section-table-cell"><%:Device%></th>
+			<div class="th"><%:Remote linklocal IPv6%></div>
-			<th class="cbi-section-table-cell"><%:Rx rate%></th>
+			<div class="th"><%:Device%></div>
-			<th class="cbi-section-table-cell"><%:Tx rate%></th>
+			<div class="th"><%:RX rate%></div>
-			<th class="cbi-section-table-cell"><%:Routes%></th>
+			<div class="th"><%:TX rate%></div>
-
+			<div class="th"><%:Routes%></div>
-		</tr>
+		</div>
-		<tr class="cbi-section-table-row">
+	</div>
-			<td colspan="8"><em><br /><%:Collecting data...%></em></td>
+	</div>
-		</tr>
+</div>
-	</table>
-</fieldset>
-
 
 </div>
 
 <script type="text/javascript">//<![CDATA[
-	new TablePooler(1,"/cgi-bin/bmx7-info", {'$info':''}, "config_table", function(st){
+	new TablePooler(1,"/cgi-bin/bmx7-info", {'$info':''}, "config_div", function(st){
 		var res = Array();
 		var sta = st.info[0].status;
-		var ifaces = st.info[1].interfaces;
+		res.push([sta.shortId, sta.name, sta.primaryIp, sta.nodeKey, sta.shortDhash, sta.revision]);
-
-		res.push([sta.shortId, sta.name, sta.primaryIp, sta.nodeKey, sta.revision]);
-		res.push(['','','','',''])
-		res.push(['','','','',''])
-
 		return res;
 	});
 
-
+	new TablePooler(1,"/cgi-bin/bmx7-info", {'$info':''}, "status_div", function(st){
-	new TablePooler(1,"/cgi-bin/bmx7-info", {'$info':''}, "status_table", function(st){
 		var res = Array();
 		var sta = st.info[0].status;
-		var mem = st.info[3].memory;
+		var mem = st.info[3].memory.bmx7;
-
 		var txQ = sta.txQ.split('/');
-		console.log(txQ)
-
 		var ptxQ = '<p style="color:rgb('+parseInt(255*txQ[0]/txQ[1])+','+parseInt(128*(txQ[1]-txQ[0])/txQ[1])+',0)")>'+sta.txQ+'</p>';
-		console.log(ptxQ)
+		res.push([sta.nodes, sta.nbs, sta.tun6Address, sta.tun4Address, sta.uptime, sta.cpu, mem, ptxQ]);
-
-		res.push([sta.nodes, sta.nbs, sta.tun6Address, sta.tun4Address, sta.uptime, sta.cpu, mem.bmx7, ptxQ]);
-
-		res.push(['','','','','','','',''])
-		res.push(['','','','','','','',''])
-
 		return res;
 	});
 
-		new TablePooler(1,"/cgi-bin/bmx7-info", {'$info':''}, "ifaces_table", function(st){
+	new TablePooler(1,"/cgi-bin/bmx7-info", {'$info':''}, "ifaces_div", function(st){
 		var res = Array();
-		var sta = st.info[0].status;
 		var ifaces = st.info[1].interfaces;
 
 		ifaces.forEach(function(iface){
 			res.push([iface.dev, iface.state, iface.type, iface.rateMax, iface.localIp, iface.rxBpP, iface.txBpP]);
 		});
-		res.push(['','','','','','',''])
-		if (ifaces.length % 2 == 0)
-			res.push('')
-		res.push(['','','','','','',''])
 		return res;
 	});
 
-		new TablePooler(1,"/cgi-bin/bmx7-info", {'links':''}, "links_table", function(st){
+	new TablePooler(1,"/cgi-bin/bmx7-info", {'$info':''}, "links_div", function(st){
 		var res = Array();
-		links = st.links;
+		links = st.info[2].links;
 
 		links.forEach(function(link){
-			res.push([link.shortId, link.name, link.linkKey, link.nbLocalIp, link.dev, link.rxRate, link.txRate, link.routes]);
+			res.push([link.shortId, link.name, link.linkKey, link.nbLocalIp, link.dev, link.rxRate, link.txRate, link.rts]);
 		});
-		res.push(['','','','','','','',''])
-		if (links.length % 2 == 0)
-			res.push([])
-		res.push(['','','','','','','',''])
 		return res;
 	});
+
 //]]></script>
 
 <%+footer%>

luci-app-bmx7/files/usr/lib/lua/luci/view/bmx7/topology.htm

@@ -0,0 +1,54 @@
+<%+header%>
+<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/d3/3.5.12/d3.min.js"></script>
+<script type="text/javascript" src="<%=resource%>/bmx7/js/netjsongraph.js"></script>
+
+<link href="<%=resource%>/bmx7/css/netjsongraph.css" rel="stylesheet">
+    <style type="text/css">
+        body {
+            font-family: Arial, sans-serif;
+            font-size: 13px;
+        }
+
+        .njg-overlay{
+            width: auto;
+            height: auto;
+            min-width: 200px;
+            max-width: 400px;
+            border: 1px solid #000;
+            border-radius: 2px;
+            background: rgba(0, 0, 0, 0.7);
+            top: 10px;
+            right: 10px;
+            padding: 0 15px;
+            font-family: Arial, sans-serif;
+            font-size: 14px;
+            color: #fff
+        }
+
+        .njg-node {
+            fill: #008000;
+            fill-opacity: 0.8;
+            stroke: #008000;
+            stroke-width: 1px;
+            cursor: pointer;
+        }
+        .njg-node:hover,
+        .njg-node.njg-open{
+            fill-opacity: 1;
+        }
+
+        .njg-link {
+            stroke: #00ff00;
+            stroke-width: 2;
+            stroke-opacity: .5;
+            cursor: pointer;
+        }
+        .njg-link:hover,
+        .njg-link.njg-open{
+            stroke-width: 3;
+            stroke-opacity: 1
+        }
+</style>
+<script>d3.netJsonGraph("/cgi-bin/bmx7-info?netjson/network-graph.json", { defaultStyle: false });</script>
+<%+footer%>                                                                        
+

luci-app-bmx7/files/usr/lib/lua/luci/view/bmx7/tunnels_j.htm

@@ -0,0 +1,76 @@
+<%#
+   Copyright (C) 2011 Pau Escrich <pau@dabax.net>
+   Contributors Lluis Esquerda <eskerda@gmail.com>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along
+   with this program; if not, write to the Free Software Foundation, Inc.,
+   51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+   The full GNU General Public License is included in this distribution in
+   the file called "COPYING".
+-%>
+
+
+<%+header%>
+<script type="text/javascript" src="<%=resource%>/cbi.js"></script>
+<script type="text/javascript" src="<%=resource%>/bmx7/js/polling.js"></script>
+
+<div class="cbi-map">
+<h2>Gateway announcements</h2>
+<div class="cbi-map-descr">Networks announced by mesh nodes</div>
+
+<div class="cbi-section">
+	<legend><%:Announcements%></legend>
+	<div class="cbi-section-node">
+	<div class="table" id="tunnels_div">
+		<div class="tr table-titles">
+			<div class="th"><%:Status%></div>
+			<div class="th"><%:Name%></div>
+			<div class="th"><%:Node%></div>
+			<div class="th"><%:Network%></div>
+			<div class="th"><%:Bandwith%></div>
+			<div class="th"><%:Local net%></div>
+			<div class="th"><%:Path Metric%></div>
+			<div class="th"><%:Tun Metric%></div>
+			<div class="th"><%:Rating%></div>
+		</div>
+	</div>
+	</div>
+</div>
+
+</div>
+
+<script type="text/javascript">//<![CDATA[
+		new TablePooler(5,"/cgi-bin/bmx7-info", {'$tunnels':''}, "tunnels_div", function(st){
+        var tunicon = "<%=resource%>/icons/tunnel.png";
+        var tunicon_dis = "<%=resource%>/icons/tunnel_disabled.png";
+        var applyicon = "<%=resource%>/cbi/apply.gif";
+		    var res = Array();
+        for ( var k in st.tunnels ) {
+          var tunnel = st.tunnels[k];
+          var nodename = tunnel.remoteName;
+			    var advnet = tunnel.advNet;
+          var status = '<img src="'+tunicon_dis+'"/>';
+          if ( tunnel.tunName != "---" ) status = '<img src="'+tunicon+'"/>';
+          if ( advnet == "0.0.0.0/0" ) advnet = "<b>Internet IPv4</b>";
+          if ( advnet == "::/0" ) advnet = "<b>Internet IPv6</b>";
+          if (nodename != "---") {
+            res.push([status, tunnel.tunName, nodename, advnet, tunnel.advBw, tunnel.net,
+              tunnel.pathMtc, tunnel.tunMtc, tunnel.rating]);
+            }
+          }
+		  return res;
+		});
+//]]></script>
+
+<%+footer%>

luci-app-bmx7/files/www/cgi-bin/bmx7-info

@@ -1,7 +1,7 @@
 #!/bin/sh
 #    Copyright © 2011 Pau Escrich
 #    Contributors Jo-Philipp Wich <xm@subsignal.org>
-#                 Roger Pueyo Centelles <roger.pueyo@guifi.net>
+#		 Roger Pueyo Centelles <roger.pueyo@guifi.net>
 #
 #    This program is free software; you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -34,13 +34,12 @@ else
 	QUERY="${QUERY_STRING%%=*}"
 	echo "Content-type: application/json"
 	echo ""
-
 fi
 
 check_path() {
-        [ -d "$1" ] && path=$(cd $1; pwd)
+	[ -d "$1" ] && path=$(cd $1; pwd)
-        [ -f "$1" ] && path=$(cd $1/..; pwd)
+	[ -f "$1" ] && path=$(cd $1/..; pwd)
-        [ $(echo "$path" | grep -c "^$BMX7_DIR") -ne 1 ] && exit 1
+	[ $(echo "$path" | grep -c "^$BMX7_DIR") -ne 1 ] && exit 1
 }
 
 print_mem() {
@@ -52,19 +51,19 @@ print_mem() {
 print_query() {
 	# If the query is a directory
 	[ -d "$BMX7_DIR/$1" ] &&
-        {
+	{
 	# If /all has not been specified
 		[ -z "$QALL" ] &&
 		{
 		total=$(ls $BMX7_DIR/$1 | wc -w)
 		i=1
-        	echo -n "{ \"$1\": [ "
+		echo -n "{ \"$1\": [ "
-	        for f in $(ls $BMX7_DIR/$1); do
+		for f in $(ls $BMX7_DIR/$1); do
 			echo -n "{ \"name\": \"$f\" }"
 			[ $i -lt $total ]  && echo -n ','
 			i=$(( $i + 1 ))
-        	done
+		done
-	        echo -n " ] }"
+		echo -n " ] }"
 
 	# If /all has been specified, printing all the files together
 		} || {
@@ -80,10 +79,10 @@ print_query() {
 		done
 		echo -n " ]"
 		}
-        }
+	}
 
 	# If the query is a file, just printing the file
-	[ -f "$BMX7_DIR/$1" ] && cat "$BMX7_DIR/$1";
+	[ -f "$BMX7_DIR/$1" ] && [ -s "$BMX7_DIR/$1" ] && cat "$BMX7_DIR/$1" && return 0 || return 1
 }
 
 if [ "${QUERY##*/}" == "all" ]; then
@@ -95,10 +94,8 @@ if [ "$QUERY" == '$info' ]; then
 	echo '{ "info": [ '
 	print_query status
 	echo -n ","
-	print_query interfaces
+	print_query interfaces && echo -n "," || echo -n '{ "interfaces": "" },'
-	echo -n ","
+	print_query links && echo -n "," || echo -n '{ "links": "" },'
-	print_query links
-	echo -n ","
 	print_mem
 	echo "] }"
 fi

luci-app-bmx7/files/www/luci-static/resources/bmx7/css/netjsongraph-theme.css

@@ -0,0 +1,59 @@
+.njg-overlay{
+    background: #fbfbfb;
+    border-radius: 2px;
+    border: 1px solid #ccc;
+    color: #6d6357;
+    font-family: Arial, sans-serif;
+    font-family: sans-serif;
+    font-size: 14px;
+    line-height: 20px;
+    height: auto;
+    max-width: 400px;
+    min-width: 200px;
+    padding: 0 15px;
+    right: 10px;
+    top: 10px;
+    width: auto;
+}
+
+.njg-metadata{
+    background: #fbfbfb;
+    border-radius: 2px;
+    border: 1px solid #ccc;
+    color: #6d6357;
+    display: none;
+    font-family: Arial, sans-serif;
+    font-family: sans-serif;
+    font-size: 14px;
+    height: auto;
+    left: 10px;
+    max-width: 500px;
+    min-width: 200px;
+    padding: 0 15px;
+    top: 10px;
+    width: auto;
+}
+
+.njg-node{
+    stroke-opacity: 0.5;
+    stroke-width: 7px;
+    stroke: #fff;
+}
+
+.njg-node:hover,
+.njg-node.njg-open {
+    stroke: rgba(0, 0, 0, 0.2);
+}
+
+.njg-link{
+    cursor: pointer;
+    stroke: #999;
+    stroke-width: 2;
+    stroke-opacity: 0.25;
+}
+
+.njg-link:hover,
+.njg-link.njg-open{
+    stroke-width: 4 !important;
+    stroke-opacity: 0.5;
+}

luci-app-bmx7/files/www/luci-static/resources/bmx7/css/netjsongraph.css

@@ -0,0 +1,62 @@
+.njg-hidden {
+    display: none !important;
+    visibility: hidden !important;
+}
+
+.njg-tooltip{
+    font-family: sans-serif;
+    font-size: 10px;
+    fill: #000;
+    opacity: 0.5;
+    text-anchor: middle;
+}
+
+.njg-overlay{
+    display: none;
+    position: absolute;
+    z-index: 11;
+}
+
+.njg-close{
+    cursor: pointer;
+    position: absolute;
+    right: 10px;
+    top: 10px;
+}
+.njg-close:before { content: "\2716"; }
+
+.njg-metadata{
+    display: none;
+    position: absolute;
+    z-index: 12;
+}
+
+.njg-node{ cursor: pointer }
+.njg-link{ cursor: pointer }
+
+#njg-select-group {
+    text-align: center;
+    box-shadow: 0 0 10px #ccc;
+    position: fixed;
+    left: 50%;
+    top: 50%;
+    width: 50%;
+    margin-top: -7.5em;
+    margin-left: -25%;
+    padding: 5em 2em;
+}
+
+#njg-select-group select {
+    font-size: 2em;
+    padding: 10px 15px;
+    width: 50%;
+    cursor: pointer;
+}
+
+#njg-select-group option {
+    padding: 0.5em;
+}
+
+#njg-select-group option[value=""] {
+    color: #aaa;
+}

luci-app-bmx7/files/www/luci-static/resources/bmx7/js/netjsongraph.js

@@ -0,0 +1,568 @@
+// version 0.1
+(function () {
+    /**
+     * vanilla JS implementation of jQuery.extend()
+     */
+    d3._extend = function(defaults, options) {
+        var extended = {},
+            prop;
+        for(prop in defaults) {
+            if(Object.prototype.hasOwnProperty.call(defaults, prop)) {
+                extended[prop] = defaults[prop];
+            }
+        }
+        for(prop in options) {
+            if(Object.prototype.hasOwnProperty.call(options, prop)) {
+                extended[prop] = options[prop];
+            }
+        }
+        return extended;
+    };
+
+    /**
+      * @function
+      *   @name d3._pxToNumber
+      * Convert strings like "10px" to 10
+      *
+      * @param  {string}       val         The value to convert
+      * @return {int}              The converted integer
+      */
+    d3._pxToNumber = function(val) {
+        return parseFloat(val.replace('px'));
+    };
+
+    /**
+      * @function
+      *   @name d3._windowHeight
+      *
+      * Get window height
+      *
+      * @return  {int}            The window innerHeight
+      */
+    d3._windowHeight = function() {
+        return window.innerHeight || document.documentElement.clientHeight || 600;
+    };
+
+    /**
+      * @function
+      *   @name d3._getPosition
+      *
+      * Get the position of `element` relative to `container`
+      *
+      * @param  {object}      element
+      * @param  {object}      container
+      */
+     d3._getPosition = function(element, container) {
+         var n = element.node(),
+             nPos = n.getBoundingClientRect();
+             cPos = container.node().getBoundingClientRect();
+         return {
+            top: nPos.top - cPos.top,
+            left: nPos.left - cPos.left,
+            width: nPos.width,
+            bottom: nPos.bottom - cPos.top,
+            height: nPos.height,
+            right: nPos.right - cPos.left
+        };
+     };
+
+    /**
+     * netjsongraph.js main function
+     *
+     * @constructor
+     * @param  {string}      url             The NetJSON file url
+     * @param  {object}      opts            The object with parameters to override {@link d3.netJsonGraph.opts}
+     */
+    d3.netJsonGraph = function(url, opts) {
+        /**
+         * Default options
+         *
+         * @param  {string}     el                  "body"      The container element                                  el: "body" [description]
+         * @param  {bool}       metadata            true        Display NetJSON metadata at startup?
+         * @param  {bool}       defaultStyle        true        Use css style?
+         * @param  {bool}       animationAtStart    false       Animate nodes or not on load
+         * @param  {array}      scaleExtent         [0.25, 5]   The zoom scale's allowed range. @see {@link https://github.com/mbostock/d3/wiki/Zoom-Behavior#scaleExtent}
+         * @param  {int}        charge              -130        The charge strength to the specified value. @see {@link https://github.com/mbostock/d3/wiki/Force-Layout#charge}
+         * @param  {int}        linkDistance        50          The target distance between linked nodes to the specified value. @see {@link https://github.com/mbostock/d3/wiki/Force-Layout#linkDistance}
+         * @param  {float}      linkStrength        0.2         The strength (rigidity) of links to the specified value in the range. @see {@link https://github.com/mbostock/d3/wiki/Force-Layout#linkStrength}
+         * @param  {float}      friction            0.9         The friction coefficient to the specified value. @see {@link https://github.com/mbostock/d3/wiki/Force-Layout#friction}
+         * @param  {string}     chargeDistance      Infinity    The maximum distance over which charge forces are applied. @see {@link https://github.com/mbostock/d3/wiki/Force-Layout#chargeDistance}
+         * @param  {float}      theta               0.8         The Barnes–Hut approximation criterion to the specified value. @see {@link https://github.com/mbostock/d3/wiki/Force-Layout#theta}
+         * @param  {float}      gravity             0.1         The gravitational strength to the specified numerical value. @see {@link https://github.com/mbostock/d3/wiki/Force-Layout#gravity}
+         * @param  {int}        circleRadius        8           The radius of circles (nodes) in pixel
+         * @param  {string}     labelDx             "0"         SVG dx (distance on x axis) attribute of node labels in graph
+         * @param  {string}     labelDy             "-1.3em"    SVG dy (distance on y axis) attribute of node labels in graph
+         * @param  {function}   onInit                          Callback function executed on initialization
+         * @param  {function}   onLoad                          Callback function executed after data has been loaded
+         * @param  {function}   onEnd                           Callback function executed when initial animation is complete
+         * @param  {function}   linkDistanceFunc                By default high density areas have longer links
+         * @param  {function}   redraw                          Called when panning and zooming
+         * @param  {function}   prepareData                     Used to convert NetJSON NetworkGraph to the javascript data
+         * @param  {function}   onClickNode                     Called when a node is clicked
+         * @param  {function}   onClickLink                     Called when a link is clicked
+         */
+        opts = d3._extend({
+            el: "body",
+            metadata: true,
+            defaultStyle: true,
+            animationAtStart: true,
+            scaleExtent: [0.25, 5],
+            charge: -130,
+            linkDistance: 50,
+            linkStrength: 0.2,
+            friction: 0.9,  // d3 default
+            chargeDistance: Infinity,  // d3 default
+            theta: 0.8,  // d3 default
+            gravity: 0.1,
+            circleRadius: 8,
+            labelDx: "0",
+            labelDy: "-1.3em",
+            nodeClassProperty: null,
+            linkClassProperty: null,
+            /**
+             * @function
+             * @name onInit
+             *
+             * Callback function executed on initialization
+             * @param  {string|object}  url     The netJson remote url or object
+             * @param  {object}         opts    The object of passed arguments
+             * @return {function}
+             */
+            onInit: function(url, opts) {},
+            /**
+             * @function
+             * @name onLoad
+             *
+             * Callback function executed after data has been loaded
+             * @param  {string|object}  url     The netJson remote url or object
+             * @param  {object}         opts    The object of passed arguments
+             * @return {function}
+             */
+            onLoad: function(url, opts) {},
+            /**
+             * @function
+             * @name onEnd
+             *
+             * Callback function executed when initial animation is complete
+             * @param  {string|object}  url     The netJson remote url or object
+             * @param  {object}         opts    The object of passed arguments
+             * @return {function}
+             */
+            onEnd: function(url, opts) {},
+            /**
+             * @function
+             * @name linkDistanceFunc
+             *
+             * By default, high density areas have longer links
+             */
+            linkDistanceFunc: function(d){
+                var val = opts.linkDistance;
+                if(d.source.linkCount >= 4 && d.target.linkCount >= 4) {
+                    return val * 2;
+                }
+                return val;
+            },
+            /**
+             * @function
+             * @name redraw
+             *
+             * Called on zoom and pan
+             */
+            redraw: function() {
+                panner.attr("transform",
+                    "translate(" + d3.event.translate + ") " +
+                    "scale(" + d3.event.scale + ")"
+                );
+            },
+            /**
+             * @function
+             * @name prepareData
+             *
+             * Convert NetJSON NetworkGraph to the data structure consumed by d3
+             *
+             * @param graph {object}
+             */
+            prepareData: function(graph) {
+                var nodesMap = {},
+                    nodes = graph.nodes.slice(), // copy
+                    links = graph.links.slice(), // copy
+                    nodes_length = graph.nodes.length,
+                    links_length = graph.links.length;
+
+                for(var i = 0; i < nodes_length; i++) {
+                    // count how many links every node has
+                    nodes[i].linkCount = 0;
+                    nodesMap[nodes[i].id] = i;
+                }
+                for(var c = 0; c < links_length; c++) {
+                    var sourceIndex = nodesMap[links[c].source],
+                    targetIndex = nodesMap[links[c].target];
+                    // ensure source and target exist
+                    if(!nodes[sourceIndex]) { throw("source '" + links[c].source + "' not found"); }
+                    if(!nodes[targetIndex]) { throw("target '" + links[c].target + "' not found"); }
+                    links[c].source = nodesMap[links[c].source];
+                    links[c].target = nodesMap[links[c].target];
+                    // add link count to both ends
+                    nodes[sourceIndex].linkCount++;
+                    nodes[targetIndex].linkCount++;
+                }
+                return { "nodes": nodes, "links": links };
+            },
+            /**
+             * @function
+             * @name onClickNode
+             *
+             * Called when a node is clicked
+             */
+            onClickNode: function(n) {
+                var overlay = d3.select(".njg-overlay"),
+                    overlayInner = d3.select(".njg-overlay > .njg-inner"),
+                    html = "<p><b>id</b>: " + n.id + "</p>";
+                    if(n.label) { html += "<p><b>label</b>: " + n.label + "</p>"; }
+                    if(n.properties) {
+                        for(var key in n.properties) {
+                            if(!n.properties.hasOwnProperty(key)) { continue; }
+                            html += "<p><b>"+key.replace(/_/g, " ")+"</b>: " + n.properties[key] + "</p>";
+                    }
+                }
+                if(n.linkCount) { html += "<p><b>links</b>: " + n.linkCount + "</p>"; }
+                if(n.local_addresses) {
+                    html += "<p><b>local addresses</b>:<br>" + n.local_addresses.join('<br>') + "</p>";
+                }
+                overlayInner.html(html);
+                overlay.classed("njg-hidden", false);
+                overlay.style("display", "block");
+                // set "open" class to current node
+                removeOpenClass();
+                d3.select(this).classed("njg-open", true);
+            },
+            /**
+             * @function
+             * @name onClickLink
+             *
+             * Called when a node is clicked
+             */
+            onClickLink: function(l) {
+                var overlay = d3.select(".njg-overlay"),
+                    overlayInner = d3.select(".njg-overlay > .njg-inner"),
+                    html = "<p><b>source</b>: " + (l.source.label || l.source.id) + "</p>";
+                    html += "<p><b>target</b>: " + (l.target.label || l.target.id) + "</p>";
+                    html += "<p><b>cost</b>: " + l.cost + "</p>";
+                if(l.properties) {
+                    for(var key in l.properties) {
+                        if(!l.properties.hasOwnProperty(key)) { continue; }
+                        html += "<p><b>"+ key.replace(/_/g, " ") +"</b>: " + l.properties[key] + "</p>";
+                    }
+                }
+                overlayInner.html(html);
+                overlay.classed("njg-hidden", false);
+                overlay.style("display", "block");
+                // set "open" class to current link
+                removeOpenClass();
+                d3.select(this).classed("njg-open", true);
+            }
+        }, opts);
+
+        // init callback
+        opts.onInit(url, opts);
+
+        if(!opts.animationAtStart) {
+            opts.linkStrength = 2;
+            opts.friction = 0.3;
+            opts.gravity = 0;
+        }
+        if(opts.el == "body") {
+            var body = d3.select(opts.el),
+                rect = body.node().getBoundingClientRect();
+            if (d3._pxToNumber(d3.select("body").style("height")) < 60) {
+                body.style("height", d3._windowHeight() - rect.top - rect.bottom + "px");
+            }
+        }
+        var el = d3.select(opts.el).style("position", "relative"),
+            width = d3._pxToNumber(el.style('width')),
+            height = d3._pxToNumber(el.style('height')),
+            force = d3.layout.force()
+                      .charge(opts.charge)
+                      .linkStrength(opts.linkStrength)
+                      .linkDistance(opts.linkDistanceFunc)
+                      .friction(opts.friction)
+                      .chargeDistance(opts.chargeDistance)
+                      .theta(opts.theta)
+                      .gravity(opts.gravity)
+                      // width is easy to get, if height is 0 take the height of the body
+                      .size([width, height]),
+            zoom = d3.behavior.zoom().scaleExtent(opts.scaleExtent),
+            // panner is the element that allows zooming and panning
+            panner = el.append("svg")
+                       .attr("width", width)
+                       .attr("height", height)
+                       .call(zoom.on("zoom", opts.redraw))
+                       .append("g")
+                       .style("position", "absolute"),
+            svg = d3.select(opts.el + " svg"),
+            drag = force.drag(),
+            overlay = d3.select(opts.el).append("div").attr("class", "njg-overlay"),
+            closeOverlay = overlay.append("a").attr("class", "njg-close"),
+            overlayInner = overlay.append("div").attr("class", "njg-inner"),
+            metadata = d3.select(opts.el).append("div").attr("class", "njg-metadata"),
+            metadataInner = metadata.append("div").attr("class", "njg-inner"),
+            closeMetadata = metadata.append("a").attr("class", "njg-close"),
+            // container of ungrouped networks
+            str = [],
+            selected = [],
+            /**
+             * @function
+             * @name removeOpenClass
+             *
+             * Remove open classes from nodes and links
+             */
+            removeOpenClass = function () {
+                d3.selectAll("svg .njg-open").classed("njg-open", false);
+            };
+            processJson = function(graph) {
+                /**
+                 * Init netJsonGraph
+                 */
+                init = function(url, opts) {
+                    d3.netJsonGraph(url, opts);
+                };
+                /**
+                 * Remove all instances
+                 */
+                destroy = function() {
+                    force.stop();
+                    d3.select("#selectGroup").remove();
+                    d3.select(".njg-overlay").remove();
+                    d3.select(".njg-metadata").remove();
+                    overlay.remove();
+                    overlayInner.remove();
+                    metadata.remove();
+                    svg.remove();
+                    node.remove();
+                    link.remove();
+                    nodes = [];
+                    links = [];
+                };
+                /**
+                 * Destroy and e-init all instances
+                 * @return {[type]} [description]
+                 */
+                reInit = function() {
+                    destroy();
+                    init(url, opts);
+                };
+
+                var data = opts.prepareData(graph),
+                    links = data.links,
+                    nodes = data.nodes;
+
+                // disable some transitions while dragging
+                drag.on('dragstart', function(n){
+                    d3.event.sourceEvent.stopPropagation();
+                    zoom.on('zoom', null);
+                })
+                // re-enable transitions when dragging stops
+                .on('dragend', function(n){
+                    zoom.on('zoom', opts.redraw);
+                })
+                .on("drag", function(d) {
+                    // avoid pan & drag conflict
+                    d3.select(this).attr("x", d.x = d3.event.x).attr("y", d.y = d3.event.y);
+                });
+
+                force.nodes(nodes).links(links).start();
+
+                var link = panner.selectAll(".link")
+                                 .data(links)
+                                 .enter().append("line")
+                                 .attr("class", function (link) {
+                                     var baseClass = "njg-link",
+                                         addClass = null;
+                                         value = link.properties && link.properties[opts.linkClassProperty];
+                                     if (opts.linkClassProperty && value) {
+                                         // if value is stirng use that as class
+                                         if (typeof(value) === "string") {
+                                             addClass = value;
+                                         }
+                                         else if (typeof(value) === "number") {
+                                             addClass = opts.linkClassProperty + value;
+                                         }
+                                         else if (value === true) {
+                                             addClass = opts.linkClassProperty;
+                                         }
+                                         return baseClass + " " + addClass;
+                                     }
+                                     return baseClass;
+                                 })
+                                 .on("click", opts.onClickLink),
+                    groups = panner.selectAll(".node")
+                                   .data(nodes)
+                                   .enter()
+                                   .append("g");
+                    node = groups.append("circle")
+                                 .attr("class", function (node) {
+                                     var baseClass = "njg-node",
+                                         addClass = null;
+                                         value = node.properties && node.properties[opts.nodeClassProperty];
+                                     if (opts.nodeClassProperty && value) {
+                                         // if value is stirng use that as class
+                                         if (typeof(value) === "string") {
+                                             addClass = value;
+                                         }
+                                         else if (typeof(value) === "number") {
+                                             addClass = opts.nodeClassProperty + value;
+                                         }
+                                         else if (value === true) {
+                                             addClass = opts.nodeClassProperty;
+                                         }
+                                         return baseClass + " " + addClass;
+                                     }
+                                     return baseClass;
+                                 })
+                                 .attr("r", opts.circleRadius)
+                                 .on("click", opts.onClickNode)
+                                 .call(drag);
+
+                    var labels = groups.append('text')
+                                       .text(function(n){ return n.label || n.id })
+                                       .attr('dx', opts.labelDx)
+                                       .attr('dy', opts.labelDy)
+                                       .attr('class', 'njg-tooltip');
+
+                // Close overlay
+                closeOverlay.on("click", function() {
+                    removeOpenClass();
+                    overlay.classed("njg-hidden", true);
+                });
+                // Close Metadata panel
+                closeMetadata.on("click", function() {
+                    // Reinitialize the page
+                    if(graph.type === "NetworkCollection") {
+                        reInit();
+                    }
+                    else {
+                        removeOpenClass();
+                        metadata.classed("njg-hidden", true);
+                    }
+                });
+                // default style
+                // TODO: probably change defaultStyle
+                // into something else
+                if(opts.defaultStyle) {
+                    var colors = d3.scale.category20c();
+                    node.style({
+                        "fill": function(d){ return colors(d.linkCount); },
+                        "cursor": "pointer"
+                    });
+                }
+                // Metadata style
+                if(opts.metadata) {
+                    metadata.attr("class", "njg-metadata").style("display", "block");
+                }
+
+                var attrs = ["protocol",
+                             "version",
+                             "revision",
+                             "metric",
+                             "router_id",
+                             "topology_id"],
+                    html = "";
+                if(graph.label) {
+                    html += "<h3>" + graph.label + "</h3>";
+                }
+                for(var i in attrs) {
+                    var attr = attrs[i];
+                    if(graph[attr]) {
+                        html += "<p><b>" + attr + "</b>: <span>" + graph[attr] + "</span></p>";
+                    }
+                }
+                // Add nodes and links count
+                html += "<p><b>nodes</b>: <span>" + graph.nodes.length + "</span></p>";
+                html += "<p><b>links</b>: <span>" + graph.links.length + "</span></p>";
+                metadataInner.html(html);
+                metadata.classed("njg-hidden", false);
+
+                // onLoad callback
+                opts.onLoad(url, opts);
+
+                force.on("tick", function() {
+                    link.attr("x1", function(d) {
+                        return d.source.x;
+                    })
+                    .attr("y1", function(d) {
+                        return d.source.y;
+                    })
+                    .attr("x2", function(d) {
+                        return d.target.x;
+                    })
+                    .attr("y2", function(d) {
+                        return d.target.y;
+                    });
+
+                    node.attr("cx", function(d) {
+                        return d.x;
+                    })
+                    .attr("cy", function(d) {
+                        return d.y;
+                    });
+
+                    labels.attr("transform", function(d) {
+                        return "translate(" + d.x + "," + d.y + ")";
+                    });
+                })
+                .on("end", function(){
+                    force.stop();
+                    // onEnd callback
+                    opts.onEnd(url, opts);
+                });
+
+                return force;
+            };
+
+        if(typeof(url) === "object") {
+            processJson(url);
+        }
+        else {
+            /**
+            * Parse the provided json file
+            * and call processJson() function
+            *
+            * @param  {string}     url         The provided json file
+            * @param  {function}   error
+            */
+            d3.json(url, function(error, graph) {
+                if(error) { throw error; }
+                /**
+                * Check if the json contains a NetworkCollection
+                */
+                if(graph.type === "NetworkCollection") {
+                    var selectGroup = body.append("div").attr("id", "njg-select-group"),
+                        select = selectGroup.append("select")
+                                            .attr("id", "select");
+                        str = graph;
+                    select.append("option")
+                          .attr({
+                              "value": "",
+                              "selected": "selected",
+                              "name": "default",
+                              "disabled": "disabled"
+                          })
+                          .html("Choose the network to display");
+                    graph.collection.forEach(function(structure) {
+                        select.append("option").attr("value", structure.type).html(structure.type);
+                        // Collect each network json structure
+                        selected[structure.type] = structure;
+                    });
+                    select.on("change", function() {
+                        selectGroup.attr("class", "njg-hidden");
+                        // Call selected json structure
+                        processJson(selected[this.options[this.selectedIndex].value]);
+                    });
+                }
+                else {
+                    processJson(graph);
+                }
+            });
+        }
+     };
+})();

luci-app-bmx7/files/www/luci-static/resources/bmx7/js/polling.js

@@ -41,35 +41,41 @@
 	In the code st is the data obtained from the json call
 */
 
-function TablePooler (time, jsonurl, getparams, table_id, callback) {
+function TablePooler (time, jsonurl, getparams, div_id, callback) {
-	this.table = document.getElementById(table_id);
+	this.div_id = div_id;
+	this.div = document.getElementById(div_id);
 	this.callback = callback;
 	this.jsonurl = jsonurl;
 	this.getparams = getparams;
 	this.time = time;
 
-	/* clear all rows */
-	this.clear = function(){
-		while( this.table.rows.length > 1 ) this.table.deleteRow(1);
-	}
-
 	this.start = function(){
 		XHR.poll(this.time, this.jsonurl, this.getparams, function(x, st){
 			var data = this.callback(st);
-			var content, tr, td;
+			var content;
-			this.clear();
 			for (var i = 0; i < data.length; i++){
-				tr = this.table.insertRow(-1);
+				rowId = "trDiv_" + this.div_id + i;
-				tr.className = 'cbi-section-table-row cbi-rowstyle-' + ((i % 2) + 1);
+				rowDiv = document.getElementById(rowId);
-
+				if (rowDiv === null) {
+					rowDiv = document.createElement("div");
+					rowDiv.id = rowId;
+					rowDiv.className = "tr";
+					this.div.appendChild(rowDiv);
+				}
 				for (var j = 0; j < data[i].length; j++){
-					td = tr.insertCell(-1);
+					cellId = "tdDiv_" + this.div_id + i + j;
-					if (data[i][j].length == 2) {
+					cellDiv = document.getElementById(cellId);
-						td.colSpan = data[i][j][1];
+					if (cellDiv === null) {
-						content = data[i][j][0];
+						cellDiv = document.createElement("div");
+						cellDiv.id = cellId;
+						cellDiv.className = "td";
+						rowDiv.appendChild(cellDiv);
+					}
+					if (typeof data[i][j] !== 'undefined' && data[i][j].length == 2) {
+						content = data[i][j][0] + "/" + data[i][j][1];
 					}
 					else content = data[i][j];
-					td.innerHTML = content;
+					cellDiv.innerHTML = content;
 				}
 			}
 		}.bind(this));

luci-app-cjdns/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2014,2015 Hyperboria.net
+# Copyright (C) 2014,2018 Hyperboria.net
 #
 # You may redistribute this program and/or modify it under the terms of
 # the GNU General Public License as published by the Free Software Foundation,
@@ -18,7 +18,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-cjdns
 PKG_VERSION:=1.3
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 
 PKG_LICENSE:=GPL-3.0
 
@@ -29,7 +29,7 @@ define Package/luci-app-cjdns
 	CATEGORY:=LuCI
 	SUBMENU:=3. Applications
 	TITLE:=Encrypted near-zero-conf mesh routing protocol
-	URL:=https://github.com/hyperboria/cjdns
+	URL:=https://github.com/cjdelisle/cjdns
 	MAINTAINER:=Lars Gierth <larsg@systemli.org>
 	DEPENDS:=+cjdns +luci-base
 endef

luci-app-cjdns/luasrc/controller/cjdns.lua

@@ -51,15 +51,16 @@ function act_peers()
 		end
 
 		for i,peer in pairs(response.peers) do
-			peer.ipv6 = publictoip6(peer.publicKey)
+			local peertable = peerstats_join(peer.addr)
-			if peer.user == nil then
+			peer.ipv6 = peertable['ipv6']
-				peer.user = ''
+			peer.version = peertable['version']
-				uci.cursor():foreach("cjdns", "udp_peer", function(udp_peer)
+			peer.label = peertable['label']
-					if peer.publicKey == udp_peer.public_key then
+			peer.pubkey = peertable['pubkey']
-						peer.user = udp_peer.user
+			uci.cursor():foreach("cjdns", "udp_peer", function(udp_peer)
-					end
+				if peer.pubkey == udp_peer.public_key then
-				end)
+					peer.user = udp_peer.user
-			end
+				end
+			end)
 			peers[#peers + 1] = peer
 		end
 
@@ -97,9 +98,13 @@ function act_ping()
 	luci.http.write_json(response)
 end
 
-function publictoip6(publicKey)
+function peerstats_join(addrLine)
-	local process = io.popen("/usr/bin/publictoip6 " .. publicKey, "r")
+    local pubkey = addrLine:sub(addrLine:len() - 53)
-	local ipv6    = process:read()
+    local process = io.popen("/usr/bin/publictoip6 " .. pubkey, "r")
-	process:close()
+    local ipv6 = process:read()
-	return ipv6
+    local label = 'label'
+    process:close()
+    local version = addrLine:match("^(v%w+)%.") or 'v0'
+    local label = addrLine:sub(version:len() + 2, version:len() + 20)
+    return { pubkey=pubkey, ipv6=ipv6, label=label, version=version }
 end

luci-app-cjdns/luasrc/view/cjdns/status.htm

@@ -1,116 +1,67 @@
 <script type="text/javascript">//<![CDATA[
-
+	/* 75lb/usage-stats */
-	var peersURI = '<%=luci.dispatcher.build_url("admin", "services", "cjdns", "peers")%>';
+	function lbbytes (bytes){
-	var updatePeers = function(x, peers) {
+		var kilobyte = 1024,
-		var table = document.getElementById('cjdns-peerings');
+			megabyte = kilobyte * 1024,
-		while (table.rows.length > 1) {
+			gigabyte = megabyte * 1024,
-			table.deleteRow(1);
+			terabyte = gigabyte * 1024;
+		if ((bytes >= 0) && (bytes < kilobyte)) {
+			return bytes + " B";
+		} else if ((bytes >= kilobyte) && (bytes < megabyte)) {
+			return (bytes / kilobyte).toFixed(2) + " KB";
+		} else if ((bytes >= megabyte) && (bytes < gigabyte)) {
+			return (bytes / megabyte).toFixed(2) + " MB";
+		} else if ((bytes >= gigabyte) && (bytes < terabyte)) {
+			return (bytes / gigabyte).toFixed(2) + " GB";
+		} else if (bytes >= terabyte) {
+			return (bytes / terabyte).toFixed(2) + " TB";
+		} else {
+			return bytes + " B";
 		}
+	}
 
-		if ((peers) && ((peers.err) || (typeof peers.length === 'undefined'))) {
+	XHR.poll(5, '<%=luci.dispatcher.build_url("admin", "services", "cjdns", "peers")%>', null,
-			var errpeer = (peers.err)
+		function(x, st) {
-						? 'Socket Error: unable to connect to Admin API'
+			var table = document.getElementById('cjdns-peerings');
-						: 'No active peers';
+			if (st && table) {
-			var row = table.insertRow(-1);
+				var rows = [];
-			row.className = 'cbi-section-table-row';
+				st.forEach(function(peer) {
-			var cell = row.insertCell(-1);
+					rows.push([
-			cell.colSpan = 7;
+						peer.lladdr,
-			cell.textContent = errpeer;
+						peer.ipv6,
-			return;
+						peer.version,
-		};
+						((peer.isIncoming === 0) ? 'outgoing, ' : 'incoming, ').concat(peer.state.toLowerCase()),
+						lbbytes(peer.bytesIn) + ' / ' + lbbytes(peer.bytesOut),
+						(peer.user == null) ? '-' : peer.user
+					]);
+				});
 
-		peers.forEach(function(peer, i) {
+				if (typeof(cbi_update_table) == 'function') {
-			if (peer.user == null) {
+					cbi_update_table(table, rows, '<em><%:Querying Admin API%></em>');
-				var user = '';
+				} else {
-			} else if (peer.user == 'Local Peers') {
+					while (table.rows.length > 1) { table.deleteRow(1); }
-				var user = 'beacon';
+					rows.forEach(function(peer) {
-			} else {
+						var row = table.insertRow(-1);
-				var user = peer.user;
+						peer.forEach(function(x) { row.insertCell(-1).textContent = x; });
+					});
+				}
 			}
-
+		}
-			if (peer.isIncoming === 0) {
+	);
-				var interface = 'outgoing';
-			} else {
-				var interface = 'incoming';
-			}
-
-			var status = interface + ', ' + peer.state.toLowerCase();
-
-			if (peer.version === 0) {
-				var version = '-';
-			} else {
-				var version = 'v' + peer.version;
-			}
-
-			var rxtx = lbbytes(peer.bytesIn) + ' / ' + lbbytes(peer.bytesOut);
-
-			var row = table.insertRow(-1);
-			row.className = 'cbi-section-table-row cbi-rowstyle-' + ((i % 2) + 1);
-			row.insertCell(-1).textContent = user;
-			row.insertCell(-1).textContent = peer.ipv6;
-			row.insertCell(-1).textContent = status;
-			row.insertCell(-1).textContent = version;
-			row.insertCell(-1).textContent = rxtx;
-			var latencyCell = row.insertCell(-1);
-			latencyCell.textContent = 'waiting';
-
-			var pingURI = '<%=luci.dispatcher.build_url("admin", "services", "cjdns", "ping")%>';
-			var timeout = 2000;
-			XHR.get(pingURI, { label: peer.switchLabel, timeout: timeout }, function(x, pong) {
-				var pongrsp = ((pong.err == "ai:recv > timeout") || (pong == "undefined") || (pong.ms >= timeout))
-					? '> ' + timeout + ' ms'
-					: pong.ms + ' ms';
-				latencyCell.textContent = pongrsp;
-			})
-		});
-
-	};
-
-	XHR.get(peersURI, null, updatePeers);
-	XHR.poll(5, peersURI, null, updatePeers);
-
 //]]></script>
 
-<script type="text/javascript">
+<div class="cbi-map">
-<%# Author: [GitHub/75lb] -%>
+	<fieldset class="cbi-section">
-//<![CDATA[
+		<legend><%:Active cjdns peers%></legend>
-function lbbytes (bytes){
+		<table class="table" id="cjdns-peerings">
-
+			<tr class="tr table-titles">
-	var kilobyte = 1024,
+				<th class="th nowrap">Address</th>
-	    megabyte = kilobyte * 1024,
+				<th class="th nowrap">IPv6</th>
-	    gigabyte = megabyte * 1024,
+				<th class="th nowrap">Version</th>
-	    terabyte = gigabyte * 1024;
+				<th class="th nowrap">Status</th>
-
+				<th class="th nowrap">Rx / Tx</th>
-	if ((bytes >= 0) && (bytes < kilobyte)) {
+				<th class="th nowrap">User/Name</th>
-		return bytes + " B";
+			</tr>
-	} else if ((bytes >= kilobyte) && (bytes < megabyte)) {
+		</table>
-		return (bytes / kilobyte).toFixed(2) + " KB";
+	</fieldset>
-	} else if ((bytes >= megabyte) && (bytes < gigabyte)) {
+</div>
-		return (bytes / megabyte).toFixed(2) + " MB";
-	} else if ((bytes >= gigabyte) && (bytes < terabyte)) {
-		return (bytes / gigabyte).toFixed(2) + " GB";
-	} else if (bytes >= terabyte) {
-		return (bytes / terabyte).toFixed(2) + " TB";
-	} else {
-		return bytes + " B";
-	}
-};
-//]]>
-</script>
-
-<fieldset class="cbi-section">
-	<legend>Active cjdns peers</legend>
-	<table class="cbi-section-table" id="cjdns-peerings">
-		<tr class="cbi-section-table-titles">
-			<th class="cbi-section-table-cell">User/Name</th>
-			<th class="cbi-section-table-cell">IPv6</th>
-			<th class="cbi-section-table-cell">Status</th>
-			<th class="cbi-section-table-cell">Version</th>
-			<th class="cbi-section-table-cell">Rx / Tx</th>
-			<th class="cbi-section-table-cell">Latency</th>
-		</tr>
-		<tr class="cbi-section-table-row">
-			<td colspan="7">Querying Admin API</td>
-		</tr>
-	</table>
-</fieldset>

miniupnpd/Makefile

@@ -1,81 +0,0 @@
-#
-# Copyright (C) 2006-2014 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=miniupnpd
-PKG_VERSION:=2.0.20170421
-PKG_RELEASE:=2
-
-PKG_SOURCE_URL:=http://miniupnp.free.fr/files
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=9677aeccadf73b4bf8bb9d832c32b5da8266b4d58eed888f3fd43d7656405643
-
-PKG_MAINTAINER:=Markus Stenberg <fingon@iki.fi>
-PKG_LICENSE:=BSD-3-Clause
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/miniupnpd
-  SECTION:=net
-  CATEGORY:=Network
-  DEPENDS:=+iptables +libip4tc +IPV6:libip6tc +IPV6:ip6tables +libuuid
-  TITLE:=Lightweight UPnP IGD, NAT-PMP & PCP daemon
-  SUBMENU:=Firewall
-  URL:=http://miniupnp.free.fr/
-endef
-
-define Package/miniupnpd/config
-config MINIUPNPD_IGDv2
-	bool
-	default n
-	prompt "Enable IGDv2"
-endef
-
-define Package/miniupnpd/conffiles
-/etc/config/upnpd
-endef
-
-define Package/miniupnpd/postinst
-#!/bin/sh
-
-if [ -z "$$IPKG_INSTROOT" ]; then
-  ( . /etc/uci-defaults/99-miniupnpd )
-  rm -f /etc/uci-defaults/99-miniupnpd
-fi
-
-exit 0
-endef
-
-define Build/Prepare
-	$(call Build/Prepare/Default)
-	echo "OpenWrt" | tr \(\)\  _ >$(PKG_BUILD_DIR)/os.openwrt
-endef
-
-MAKE_FLAGS += \
-	TARGET_OPENWRT=1 TEST=0 \
-	LIBS="" \
-	CC="$(TARGET_CC) -DIPTABLES_143 \
-		-lip4tc $(if $(CONFIG_IPV6),-lip6tc) -luuid" \
-	CONFIG_OPTIONS="--portinuse --leasefile \
-		$(if $(CONFIG_IPV6),--ipv6) \
-		$(if $(CONFIG_MINIUPNPD_IGDv2),--igd2)" \
-	-f Makefile.linux \
-	miniupnpd
-
-
-define Package/miniupnpd/install
-	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config $(1)/etc/uci-defaults $(1)/etc/hotplug.d/iface $(1)/usr/share/miniupnpd
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/sbin/miniupnpd
-	$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
-	$(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd
-	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
-	$(INSTALL_DATA) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd
-	$(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include
-endef
-
-$(eval $(call BuildPackage,miniupnpd))

miniupnpd/files/firewall.include

@@ -1,57 +0,0 @@
-#!/bin/sh
-# miniupnpd integration for firewall3
-
-IP6TABLES=/usr/sbin/ip6tables
-
-iptables -t filter -N MINIUPNPD 2>/dev/null
-iptables -t nat -N MINIUPNPD 2>/dev/null
-iptables -t nat -N MINIUPNPD-POSTROUTING 2>/dev/null
-
-[ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
-
-. /lib/functions/network.sh
-
-ADDED=0
-
-add_extzone_rules() {
-    local ext_zone=$1
-
-    [ -z "$ext_zone" ] && return
-
-    # IPv4 - due to NAT, need to add both to nat and filter table
-    iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
-    iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD
-    iptables -t nat -I zone_${ext_zone}_postrouting -j MINIUPNPD-POSTROUTING
-
-    # IPv6 if available - filter only
-    [ -x $IP6TABLES ] && {
-        $IP6TABLES -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
-    }
-    ADDED=$(($ADDED + 1))
-}
-
-# By default, user configuration is king.
-
-for ext_iface in $(uci -q get upnpd.config.external_iface); do
-    add_extzone_rules $(fw3 -q network "$ext_iface")
-done
-
-add_extzone_rules $(uci -q get upnpd.config.external_zone)
-
-[ ! $ADDED = 0 ] && exit 0
-
-
-# If really nothing is available, resort to network_find_wan{,6} and
-# assume external interfaces all have same firewall zone.
-
-# (This heuristic may fail horribly, in case of e.g. multihoming, so
-# please set external_zone in that case!)
-
-network_find_wan wan_iface
-network_find_wan6 wan6_iface
-
-for ext_iface in $wan_iface $wan6_iface; do
-    # fw3 -q network fails on sub-interfaces => map to device first
-    network_get_device ext_device $ext_iface
-    add_extzone_rules $(fw3 -q device "$ext_device")
-done

miniupnpd/files/miniupnpd.defaults

@@ -1,13 +0,0 @@
-#!/bin/sh
-
-uci -q batch <<-EOT
-	delete firewall.miniupnpd
-	set firewall.miniupnpd=include
-	set firewall.miniupnpd.type=script
-	set firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
-	set firewall.miniupnpd.family=any
-	set firewall.miniupnpd.reload=1
-	commit firewall
-EOT
-
-exit 0

miniupnpd/files/miniupnpd.hotplug

@@ -1,39 +0,0 @@
-#!/bin/sh
-
-/etc/init.d/miniupnpd enabled || exit 0
-
-. /lib/functions/service.sh
-
-# If miniupnpd is not running:
-# - check on _any_ event (even updates may contribute to network_find_wan*)
-
-# If miniupnpd _is_ running:
-# - check only on ifup (otherwise lease updates etc would cause
-#   miniupnpd state loss)
-
-[ ! "$ACTION" = "ifup" ] && service_check /usr/sbin/miniupnpd && exit 0
-
-tmpconf="/var/etc/miniupnpd.conf"
-extiface=$(uci get upnpd.config.external_iface)
-extzone=$(uci get upnpd.config.external_zone)
-
-. /lib/functions/network.sh
-
-for iface in $(uci get upnpd.config.internal_iface); do
-    network_get_device device $iface
-    [ "$DEVICE" = "$device" ] && /etc/init.d/miniupnpd restart && exit 0
-done
-
-
-if [ -z "$extiface" ] ; then
-  # manual external zone (if dynamically find interfaces
-  # belonging to it) overrides network_find_wan*
-  if [ -n "$extzone" ] ; then
-    ifname=$(fw3 -q zone $extzone | head -1)
-  fi
-  [ -n "$extiface" ] || network_find_wan extiface
-  [ -n "$extiface" ] || network_find_wan6 extiface
-fi
-
-[ -n "$ifname" ] || network_get_device ifname ${extiface}
-grep -q "ext_ifname=$ifname" $tmpconf || /etc/init.d/miniupnpd restart

miniupnpd/files/miniupnpd.init

@@ -1,212 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006-2014 OpenWrt.org
-
-START=94
-STOP=15
-
-SERVICE_USE_PID=1
-
-upnpd_get_port_range() {
-	local _var="$1"; shift
-	local _val
-
-	config_get _val "$@"
-
-	case "$_val" in
-		[0-9]*[:-][0-9]*)
-			export -n -- "${_var}_start=${_val%%[:-]*}"
-			export -n -- "${_var}_end=${_val##*[:-]}"
-		;;
-		[0-9]*)
-			export -n -- "${_var}_start=$_val"
-			export -n -- "${_var}_end="
-		;;
-	esac
-}
-
-conf_rule_add() {
-	local cfg="$1"
-	local tmpconf="$2"
-	local action external_port_start external_port_end int_addr
-	local internal_port_start internal_port_end
-
-	config_get action "$cfg" action "deny"               # allow or deny
-	upnpd_get_port_range "ext" "$cfg" ext_ports "0-65535" # external ports: x, x-y, x:y
-	config_get int_addr "$cfg" int_addr "0.0.0.0/0"       # ip or network and subnet mask (internal)
-	upnpd_get_port_range "int" "$cfg" int_ports "0-65535" # internal ports: x, x-y, x:y or range
-
-	# Make a single IP IP/32 so that miniupnpd.conf can use it.
-	case "$int_addr" in
-		*/*) ;;
-		*) int_addr="$int_addr/32" ;;
-	esac
-
-	echo "${action} ${ext_start}${ext_end:+-}${ext_end} ${int_addr} ${int_start}${int_end:+-}${int_end}" >>$tmpconf
-}
-
-upnpd_write_bool() {
-	local opt="$1"
-	local def="${2:-0}"
-	local alt="$3"
-	local val
-
-	config_get_bool val config "$opt" "$def"
-	if [ "$val" -eq 0 ]; then
-		echo "${alt:-$opt}=no" >> $tmpconf
-	else
-		echo "${alt:-$opt}=yes" >> $tmpconf
-	fi
-}
-
-boot() {
-	return
-}
-
-start() {
-	config_load "upnpd"
-	local extiface intiface upload download logging secure enabled natpmp
-	local extip port usesysuptime conffile serial_number model_number
-	local uuid notify_interval presentation_url enable_upnp
-	local upnp_lease_file clean_ruleset_threshold clean_ruleset_interval
-        local ipv6_listening_ip enabled
-
-	config_get_bool enabled config enabled 1
-
-	[ "$enabled" -gt 0 ] || return 1
-
-	config_get extiface config external_iface
-	config_get extzone config external_zone
-	config_get intiface config internal_iface
-	config_get extip config external_ip
-	config_get port config port 5000
-	config_get upload   config upload
-	config_get download config download
-	config_get_bool logging config log_output 0
-	config_get conffile config config_file
-	config_get serial_number config serial_number
-	config_get model_number config model_number
-	config_get uuid config uuid
-	config_get notify_interval config notify_interval
-	config_get presentation_url config presentation_url
-	config_get upnp_lease_file config upnp_lease_file
-	config_get clean_ruleset_threshold config clean_ruleset_threshold
-	config_get clean_ruleset_interval config clean_ruleset_interval
-	config_get ipv6_listening_ip config ipv6_listening_ip
-
-	local args
-
-	. /lib/functions/network.sh
-
-	local ifname
-
-        # manual external interface overrides everything
-        if [ -z "$extiface" ] ; then
-            # manual external zone (if dynamically find interfaces
-            # belonging to it) overrides network_find_wan*
-            if [ -n "$extzone" ] ; then
-                ifname=$(fw3 -q zone $extzone | head -1)
-            fi
-            [ -n "$extiface" ] || network_find_wan extiface
-            [ -n "$extiface" ] || network_find_wan6 extiface
-        fi
-
-	[ -n "$ifname" ] || network_get_device ifname ${extiface}
-
-	if [ -n "$conffile" ]; then
-		args="-f $conffile"
-	else
-		local tmpconf="/var/etc/miniupnpd.conf"
-		args="-f $tmpconf"
-		mkdir -p /var/etc
-
-		echo "ext_ifname=$ifname" >$tmpconf
-
-		[ -n "$extip" ] && \
-			echo "ext_ip=$extip" >>$tmpconf
-
-		local iface
-		for iface in ${intiface:-lan}; do
-			local device
-			network_get_device device "$iface" && {
-				echo "listening_ip=$device" >>$tmpconf
-			}
-		done
-
-		[ "$port" != "auto" ] && \
-			echo "port=$port" >>$tmpconf
-
-		config_load "upnpd"
-		upnpd_write_bool enable_natpmp 1
-		upnpd_write_bool enable_upnp 1
-		upnpd_write_bool secure_mode 1
-		upnpd_write_bool pcp_allow_thirdparty 0
-		upnpd_write_bool system_uptime 1
-
-		[ -n "$upnp_lease_file" ] && \
-			echo "lease_file=$upnp_lease_file" >>$tmpconf
-
-		[ -n "$upload" -a -n "$download" ] && {
-			echo "bitrate_down=$(($download * 1024 * 8))" >>$tmpconf
-			echo "bitrate_up=$(($upload * 1024 * 8))" >>$tmpconf
-		}
-
-		[ -n "${presentation_url}" ] && \
-			echo "presentation_url=${presentation_url}" >>$tmpconf
-
-		[ -n "${notify_interval}" ] && \
-			echo "notify_interval=${notify_interval}" >>$tmpconf
-
-		[ -n "${clean_ruleset_threshold}" ] && \
-			echo "clean_ruleset_threshold=${clean_ruleset_threshold}" >>$tmpconf
-
-		[ -n "${clean_ruleset_interval}" ] && \
-			echo "clean_ruleset_interval=${clean_ruleset_interval}" >>$tmpconf
-
-		[ -n "${ipv6_listening_ip}" ] && \
-			echo "ipv6_listening_ip=${ipv6_listening_ip}" >>$tmpconf
-
-		[ -z "$uuid" ] && {
-			uuid="$(cat /proc/sys/kernel/random/uuid)"
-			uci set upnpd.config.uuid=$uuid
-			uci commit upnpd
-		}
-
-		[ "$uuid" = "nocli" ] || \
-			echo "uuid=$uuid" >>$tmpconf
-
-		[ -n "${serial_number}" ] && \
-			echo "serial=${serial_number}" >>$tmpconf
-
-		[ -n "${model_number}" ] && \
-			echo "model_number=${model_number}" >>$tmpconf
-
-	    config_foreach conf_rule_add perm_rule "$tmpconf"
-	fi
-
-
-	if [ -n "$ifname" ]; then
-		# start firewall
-		iptables -L MINIUPNPD >/dev/null 2>/dev/null || fw3 reload
-
-		if [ "$logging" = "1" ]; then
-			SERVICE_DAEMONIZE=1 \
-			service_start /usr/sbin/miniupnpd $args -d
-		else
-			SERVICE_DAEMONIZE= \
-			service_start /usr/sbin/miniupnpd $args
-		fi
-	else
-		logger -t "upnp daemon" "external interface not found, not starting"
-	fi
-}
-
-stop() {
-	service_stop /usr/sbin/miniupnpd
-
-	iptables -t nat -F MINIUPNPD 2>/dev/null
-	iptables -t filter -F MINIUPNPD 2>/dev/null
-
-        [ -x /usr/sbin/ip6tables ] && {
-	    ip6tables -t filter -F MINIUPNPD 2>/dev/null
-        }
-}

miniupnpd/files/upnpd.config

@@ -1,27 +0,0 @@
-config upnpd config
-	option enabled		0
-	option enable_natpmp	1
-	option enable_upnp	1
-	option secure_mode	1
-	option log_output	0
-	option download 	1024
-	option upload   	512
-        #by default, looked up dynamically from ubus
-	#option external_iface	wan
-	option internal_iface	lan
-	option port		5000
-	option upnp_lease_file	/var/upnp.leases
-	
-config perm_rule
-	option action		allow
-	option ext_ports	1024-65535
-	option int_addr		0.0.0.0/0	# Does not override secure_mode
-	option int_ports	1024-65535
-	option comment		"Allow high ports"
-
-config perm_rule
-       option action		deny
-       option ext_ports		0-65535
-       option int_addr		0.0.0.0/0
-       option int_ports		0-65535
-       option comment		"Default deny"

miniupnpd/patches/101-no-ssl-uuid.patch

@@ -1,23 +0,0 @@
-We do not need to autodetect SSL/UUID; SSL we do not support, UUID we always do.
-
---- a/Makefile.linux
-+++ b/Makefile.linux
-@@ -153,14 +153,18 @@ LDLIBS += $(shell $(PKG_CONFIG) --static
- LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l libnetfilter_conntrack)
- endif # ($(TEST),1)
- 
-+ifeq ($(TARGET_OPENWRT),)
-+# n/a - we don't enable https server for IGD v2 anyway in OpenWrt
- LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l libssl)
- 
-+# n/a - we hardcodedly support libuuid
- TEST := $(shell $(PKG_CONFIG) --exists uuid && echo 1)
- ifeq ($(TEST),1)
- LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l uuid)
- else
- $(info please install uuid-dev package / libuuid)
- endif # ($(TEST),1)
-+endif
- 
- TESTUPNPDESCGENOBJS = testupnpdescgen.o upnpdescgen.o
- 

miniupnpd/patches/102-ipv6-ext-port.patch

@@ -1,10 +0,0 @@
---- a/pcpserver.c
-+++ b/pcpserver.c
-@@ -982,6 +982,7 @@ static int CreatePCPMap_NAT(pcp_info_t *
- 				   timestamp);
- 	if (r < 0)
- 		return PCP_ERR_NO_RESOURCES;
-+	pcp_msg_info->ext_port = pcp_msg_info->int_port;
- 	return PCP_SUCCESS;
- }
- 

miniupnpd/patches/103-no-ipv6-autodetection.patch

@@ -1,27 +0,0 @@
-The miniupnpd makefile tries to autodetect iptables capabilities.
-This will incorrectly detect capabilities such as ipv6 support even though it is disabled for the target build.
-
-As the OpenWRT buildsystem already passes the right compile flags, we can skip the autodetection.
-
-
---- a/netfilter/Makefile
-+++ b/netfilter/Makefile
-@@ -38,8 +38,6 @@ endif
- endif
- endif
- 
--LIBS +=  /lib/libip4tc.so /lib/libip6tc.so
--
- all:	iptcrdr.o testiptcrdr iptpinhole.o \
-         testiptcrdr_peer testiptcrdr_dscp test_nfct_get
- #        testiptpinhole
---- a/Makefile.linux
-+++ b/Makefile.linux
-@@ -73,7 +73,6 @@ CPPFLAGS += -DIPTABLES_143
- endif
- 
- CFLAGS  += $(shell $(PKG_CONFIG) --cflags libiptc)
--LDLIBS  += $(shell $(PKG_CONFIG) --static --libs-only-l libiptc)
- LDFLAGS += $(shell $(PKG_CONFIG) --libs-only-L libiptc)
- LDFLAGS += $(shell $(PKG_CONFIG) --libs-only-other libiptc)
- else

miniupnpd/patches/104-always-libuuid.patch

@@ -1,20 +0,0 @@
-As it turns out, the 'magic' libuuid/bsd uuid check just checks
-outside buildtree altogether for the uuid_generate. So we just
-hardcode it.
-
---- a/genconfig.sh
-+++ b/genconfig.sh
-@@ -367,12 +367,7 @@ case $FW in
- esac
- 
- # UUID API
--if grep uuid_create /usr/include/uuid.h > /dev/null 2>&1 ; then
--	echo "#define BSD_UUID" >> ${CONFIGFILE}
--fi
--if grep uuid_generate /usr/include/uuid/uuid.h > /dev/null 2>&1 ; then
--	echo "#define LIB_UUID" >> ${CONFIGFILE}
--fi
-+echo "#define LIB_UUID" >> ${CONFIGFILE}
- 
- # set V6SOCKETS_ARE_V6ONLY to 0 if it was not set above
- if [ -z "$V6SOCKETS_ARE_V6ONLY" ] ; then

nat46/Makefile

@@ -13,7 +13,7 @@ PKG_VERSION:=11
 PKG_RELEASE:=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_MIRROR_HASH:=43b7004bfa2c830d6025386bc2128015db0012277fd015f4ee44b9ee3b772a12
+PKG_MIRROR_HASH:=18b36fcb30c6c56e39c20f3363f806f909d08bb21041ac5c930c9216b6d3e2aa
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/ayourtch/nat46.git
 PKG_SOURCE_PROTO:=git