IPv6 and TLS capable network-superserver in Lua and C with HTTP and RPC Slave

The summer of code project of Steven Barth aka Cyrus is about planning and implementing an IPv6 and TLS capable
superserver in Lua as well as an HTTP/1.1-Server working on top of it
using the LuCI HTTP-Stack. This application will serve LuCI – the
Freifunk Firmware web user interface – and replace the currently used
slower CGI-solution without IPv6 and encryption support. Additionally
an RPC-Server will be built to allow remote administration of one or
more OpenWrt devices in a standardized way using JSON-RPC over TCP.

LuCId HttpD

The results of the summer work of Cyrus is pretty overwhelming. There is for example nixio, the new POSIX Lua library which will help us getting rid of the Lua 3rd
party library mess. And based on that there is also LuCId – which was described in the GSoC project. It brings us a new efficient HTTP-server. Some people may have
discovered that Cyrus already checked in things into trunk ocassionally. Also SSL support is working. Another nice new feature is native
support for creating wizards which will be used in the near future. The results of LuCId are already being tested in productive environments. They are performing well. Kernel mode
IO and TLS encryption function well. Special thanks for the achievements also go to John Crispin aka BLogic who is the mentor of Steve during the summer.

Links

FFLuCI the Next Generation Lua web interface für OpenWRT von Steven Cyrus Barth

Steven Cyrus Barth im Gespräch mit Bastian Bittorf über das Freifunk-Luci-Interface für OpenWRT.



Luci-Interface für OpenWRT von Steven Cyrus Barth from Mario Behling on Vimeo.

Some more info in English: FFLuCI is a Lua MVC-Framework for Freifunk with templating support. There are
working configuration pages for many system, network, services and wifi settings. Please visit http://luci.freifunk-halle.net for an overview of functions, screenshots, tutorials, SVN URL and snapshot images for Atheros and Broadcom.

Steven Cyrus started to develop Luci because he was not satisfied projects like XWRT implemented things. He had a look at the X-WRT Lua files in their repository first, but what was missing was a clear abstraction layer and templating support so I decided to build everything from scratch. According to Cyrus – X-WRT has a very nice UI written in shell code but there are only limited capabilities of this scripting language and so "it is time
to bring this thing to the next level using OOP and such nifty stuff."

Luci already has a number of working configuration pages. There are more – or in a few cases less – working configuration pages in (for now) German titles and descriptions for the:

  • Ethernet Switch
  • Ethernet Interfaces
  • DHCP-Server
  • PPPoE/PPTP
  • Static Routes
  • Portforwarding
  • Firewall
  • QoS
  • Wifi Devices
  • Wifi Networks
  • OLSR + Plugins
  • FFLuci itself
  • Package Management
  • Root Password and SSH-Public Keys
  • Mount Points for external drives
  • HTTP-Server
  • SSH-Server
  • Dnsmasq

Also there are a few public status pages for basic system information, WLAN-Scan, Contact data and OLSR a bit like those in the Freifunk Firmware. Have a look at the screenshots here: http://firmware.freifunk-halle.net/ffluci/screenshots

Configuration Bind Interface (CBI):
You just describe the data model of the UCI file and Luci does the rest for you: It will create the HTML-form, parse and validate the user input and write the configuration data to UCI. So no need to redo all these things on every configuration page again and again. It also supports basic field dependencies, dynamic validation functions, section creation, deletion and more. See an example here: http://wiki.freifunk-halle.net/Luci:WritingModules#CBI_models

Privilege dropping:
To avoid remote exploits (like those in older versions of the Freifunk Firmware) FFLuCI will set the UID/GID of pages running in the main public non-protected section to nobody/nogroup. There are many things left to do like porting over dhcpsplash, accounting, statistics and more to Kamikaze. Contributors are welcome.

Links: