mwan3, mwan4, and the next steps
Jonas Lochmann
openwrt at jonaslochmann.de
Mon Nov 17 11:41:39 PST 2025
Am Mon, Nov 17, 2025 at 12:02:27PM +0100, schrieb Florian Eckert:
> If we want to use ucode, then we are entering new territory in terms of
> ucode and networking. We would then also have a script language again.
> This has advantages but also disadvantages in terms of runtime errors.
I consider that a good fit for improving mwan3. Depending on its outcome,
mwan4/a C implementation could then turn out to be useful - or not.
> > Now I think that mwan3 could be modernized step by step:
>
> We can certainly do that. However, it is important that we use the
> same configuration scheme as the current mwan3 implementation.
> If we don't start from scratch.
I know the rules.
> I would suggest to integrate the mwan3 firewall rules into the fw4
> include framework [1] with ucode. Then we would have everything in
> one place. We'll have to see if that's possible with fw4 and that
> all firewall extension are supported. The pbr tool in openwrt
> is using this include handling already [2].
I looked into it and it's to inflexible. You can only include nft files
in the filesystem (and I want to avoid writing stuff into files again)
or let fw4 execute some scripts AFTER the new configuration was applied.
Executing a script and including its output in the nftables configuration
does not seem to be possible. So you have a firewall tool (nftables)
with a documented API for atomic configuration changes (iptables only
has an undocumented iptables-save format) and then cannot use it.
> > I could start with point 1 but I would like to get an OK from Florian
> > Eckert first before I start this. I have to think where I can test this
> > without annoying anyone.
>
> In my view, there is no reason not to implement this. OK from my side.
> We should just agree whether we implement all this in ucode or C.
> Everything has its advantages and disadvantages.
I would prefer ucode in the beginning. Experimenting is easier with
ucode scripts that you can just edit at the device. I started my wan3
development by editing the shell scripts at the device.
More information about the openwrt-devel
mailing list