gandalf/secubox-openwrt
gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
secubox-openwrt/package/secubox/luci-app-traffic-shaper
History
CyberMind-FR e7c9411d79 feat: Release v0.8.2 - Admin Control Center, Documentation Mirror & Docker Automation 
This release adds major new features for SecuBox management and deployment:

## New Features

### 1. LuCI Admin Control Center (luci-app-secubox-admin)
- Unified admin dashboard for managing all SecuBox appstore plugins
- **Control Panel**: Real-time stats, system health, alerts, quick actions
- **Apps Manager**: Browse catalog, install/remove apps with search & filtering
- **App Settings**: Per-app configuration, start/stop controls
- **System Health**: Live monitoring (CPU, RAM, disk) with auto-refresh
- **System Logs**: Centralized log viewer with download capability
- Fully integrated with existing RPCD backend (luci.secubox)
- Mobile-responsive design with polished UI components

### 2. Documentation Mirror in SecuBox Bonus
- Integrated complete development documentation into luci-app-secubox-bonus
- 64+ documentation files now available offline at /luci-static/secubox/docs/
- Beautiful landing page (index-main.html) with 4 sections:
  - Development guides & references
  - Live module demos
  - Tutorials & blog posts
  - Marketing campaign pages
- Accessible locally on router without internet connection

### 3. Automated Docker Plugin Installation
- Enhanced secubox-appstore CLI with full Docker automation
- One-click installation from web UI now fully automated:
  - Auto-detects Docker runtime from catalog
  - Discovers and executes control scripts (*ctl install)
  - Pulls Docker images automatically
  - Creates directories and configures UCI
  - Enables init services
- No manual CLI steps required for Docker apps
- Works for all Docker apps: AdGuard Home, Mail-in-a-Box, Nextcloud, etc.

### 4. Mail-in-a-Box Plugin
- New Docker-based email server plugin (secubox-app-mailinabox)
- Complete package with:
  - UCI configuration (8 port mappings, feature flags)
  - Control script (mailinaboxctl) with install/check/update/status/logs
  - Procd init script with auto-restart
  - Catalog manifest (category: hosting, maturity: beta)
- Network mode: host (required for mail server)
- Persistent storage: mail, SSL, data, DNS volumes

## Improvements

### Build System
- Updated local-build.sh to include luci-app-* packages from package/secubox/
- Now automatically discovers and builds luci-app-secubox-admin and similar packages
- Fixed Makefile include paths for feed structure

### Package Releases
- Incremented PKG_RELEASE for all 31 SecuBox packages
- Ensures clean upgrade path from previous versions

### Catalog Updates
- Mail-in-a-Box entry moved from "productivity" to "hosting" category
- Status changed to "beta" reflecting community Docker image maturity
- Storage requirement increased: 1024MB → 2048MB
- Added port 25 accessibility note

## Files Changed

### New Packages (2)
- package/secubox/luci-app-secubox-admin/ (12 files)
- package/secubox/secubox-app-mailinabox/ (4 files)

### Enhanced Packages (1)
- package/secubox/luci-app-secubox-bonus/ (65 new docs files)

### Modified Core (3)
- package/secubox/secubox-core/root/usr/sbin/secubox-appstore
- package/secubox/secubox-core/root/usr/share/secubox/catalog.json
- secubox-tools/local-build.sh

### All Makefiles (31 packages)
- Incremented PKG_RELEASE for clean upgrade path

## Technical Details

**Admin Control Center Architecture:**
- Frontend: 5 views (dashboard, apps, settings, health, logs)
- API: Wrapper around luci.secubox RPCD methods
- Components: Reusable UI library (cards, badges, alerts, loaders)
- Styling: Common + admin-specific CSS with responsive design
- Auto-refresh: Polling for live updates (5-30s intervals)

**Docker Automation Flow:**
```
Web UI → RPCD → secubox-appstore CLI → opkg install → *ctl install →
docker pull → directories → UCI config → init enable → ✓ Ready
```

**Access Points:**
- Admin Control: http://router/cgi-bin/luci/admin/secubox/admin/
- Documentation: http://router/luci-static/secubox/index-main.html
- Demos: http://router/luci-static/secubox/demo-*.html

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-04 08:29:31 +01:00
..
htdocs/luci-static/resources feat(structure): reorganize luci-app packages into package/secubox/ + appstore migration 2026-01-01 14:59:38 +01:00
root feat(structure): reorganize luci-app packages into package/secubox/ + appstore migration 2026-01-01 14:59:38 +01:00
Makefile feat: Release v0.8.2 - Admin Control Center, Documentation Mirror & Docker Automation 2026-01-04 08:29:31 +01:00
README.md feat(structure): reorganize luci-app packages into package/secubox/ + appstore migration 2026-01-01 14:59:38 +01:00

README.md

Traffic Shaper - Advanced QoS Control

Version: 0.4.0
Last Updated: 2025-12-28
Status: Active

LuCI application for advanced traffic shaping and Quality of Service (QoS) management using Linux Traffic Control (TC) and CAKE qdisc.

Features

  • Traffic Class Management: Create and manage bandwidth allocation classes with guaranteed (rate) and maximum (ceil) limits
  • Priority-Based Scheduling: 8-level priority system for fine-grained traffic prioritization
  • Classification Rules: Flexible rule system to classify traffic by:
    • Port numbers (source/destination)
    • IP addresses (source/destination)
    • DSCP markings
    • Protocol type
  • Real-Time Statistics: Monitor per-class packet counts, byte counts, and drop statistics
  • Quick Presets: One-click application of optimized configurations:
    • Gaming & Low-Latency
    • Video Streaming
    • Work From Home
    • Balanced (Default)
  • Visual Dashboard: Traffic flow diagram with priority color coding
  • Multi-Interface Support: Configure QoS on WAN, LAN, or any network interface

Installation

opkg update
opkg install luci-app-traffic-shaper
/etc/init.d/rpcd restart
/etc/init.d/uhttpd restart

Dependencies

  • luci-base: LuCI web interface framework
  • rpcd: RPC daemon for backend communication
  • tc: Linux traffic control utility
  • kmod-sched-core: Kernel traffic scheduling modules
  • kmod-sched-cake: CAKE qdisc kernel module

Usage

Access the Interface

Navigate to: Network → Traffic Shaper

The interface provides 5 main views:

  1. Overview: Dashboard with status cards and traffic flow visualization
  2. Traffic Classes: CRUD interface for bandwidth classes
  3. Classification Rules: CRUD interface for traffic matching rules
  4. Statistics: Real-time statistics for all traffic classes
  5. Presets: Quick-apply optimized configurations

Creating Traffic Classes

  1. Go to Network → Traffic Shaper → Traffic Classes
  2. Click Add to create a new class
  3. Configure:
    • Name: Descriptive name (e.g., "Video Streaming")
    • Priority: 1 (highest) to 8 (lowest)
    • Guaranteed Rate: Minimum bandwidth (e.g., "5mbit")
    • Maximum Rate (Ceil): Maximum allowed bandwidth (e.g., "50mbit")
    • Interface: Network interface (wan, lan, etc.)
    • Enable: Activate the class
  4. Click Save & Apply

Priority Guidelines

  • Priority 1-2: Critical traffic (VoIP, gaming, real-time applications)
  • Priority 3-4: Important traffic (video streaming, VPN)
  • Priority 5-6: Normal traffic (web browsing, email)
  • Priority 7-8: Bulk traffic (downloads, backups)

Creating Classification Rules

  1. Go to Network → Traffic Shaper → Classification Rules
  2. Click Add to create a new rule
  3. Configure:
    • Traffic Class: Select destination class
    • Match Type: Port, IP, DSCP, or Protocol
    • Match Value: Value to match
    • Enable: Activate the rule
  4. Click Save & Apply

Example Rules

Match Type Match Value Description
Destination Port 80,443 HTTP/HTTPS web traffic
Destination Port 22 SSH connections
Destination Port 53 DNS queries
Source IP 192.168.1.0/24 All traffic from LAN subnet
Destination IP 8.8.8.8 Traffic to Google DNS
DSCP EF Expedited Forwarding (VoIP)
Protocol udp All UDP traffic

Using Presets

  1. Go to Network → Traffic Shaper → Presets
  2. Review available presets and their configurations
  3. Click Apply This Preset on your desired profile
  4. Confirm the action (this will replace existing configuration)

Configuration

UCI Configuration

Configuration is stored in /etc/config/traffic-shaper:

config class 'gaming'
	option name 'Gaming Traffic'
	option priority '1'
	option rate '10mbit'
	option ceil '50mbit'
	option interface 'wan'
	option enabled '1'

config rule 'gaming_ports'
	option class 'gaming'
	option match_type 'dport'
	option match_value '3074,27015,25565'
	option enabled '1'

Traffic Class Options

  • name: Display name for the class
  • priority: Priority level (1-8)
  • rate: Guaranteed minimum bandwidth (format: <number>[kmg]bit)
  • ceil: Maximum allowed bandwidth (format: <number>[kmg]bit)
  • interface: Network interface name
  • enabled: Enable/disable the class (0/1)

Classification Rule Options

  • class: Traffic class ID (UCI section name)
  • match_type: Type of matching (dport, sport, dst, src, dscp, protocol)
  • match_value: Value to match against
  • enabled: Enable/disable the rule (0/1)

Backend API

The RPCD backend (luci.traffic-shaper) provides these methods:

Status Methods

  • status(): Get current QoS system status
  • list_classes(): List all traffic classes
  • list_rules(): List all classification rules
  • get_stats(): Get per-class statistics from TC

Management Methods

  • add_class(name, priority, rate, ceil, interface): Create new class
  • update_class(id, name, priority, rate, ceil, interface, enabled): Update class
  • delete_class(id): Delete class
  • add_rule(class, match_type, match_value): Create classification rule
  • delete_rule(id): Delete rule

Preset Methods

  • list_presets(): Get available presets
  • apply_preset(preset_id): Apply preset configuration

Technical Details

Traffic Control Implementation

The module uses Linux Traffic Control (TC) with the following hierarchy:

  1. Root qdisc: CAKE (Common Applications Kept Enhanced)
  2. Class hierarchy: HTB (Hierarchical Token Bucket) for bandwidth allocation
  3. Filters: U32 filters for traffic classification based on rules

CAKE Features

  • Smart queuing: Automatically manages queue sizes
  • Flow isolation: Prevents single flows from monopolizing bandwidth
  • Latency reduction: Minimizes bufferbloat
  • Per-host fairness: Ensures fair bandwidth distribution

Statistics Collection

Statistics are collected using tc -s class show and parsed to provide:

  • Packet counts per class
  • Byte counts per class
  • Drop counts (packets dropped due to rate limiting)

Data is refreshed every 5 seconds in the Statistics view.

Architecture

Directory Structure

luci-app-traffic-shaper/
├── Makefile                              # OpenWrt package definition
├── README.md                             # This file
├── htdocs/luci-static/resources/
│   ├── view/traffic-shaper/              # JavaScript views
│   │   ├── overview.js                   # Dashboard view
│   │   ├── classes.js                    # Class management
│   │   ├── rules.js                      # Rule management
│   │   ├── stats.js                      # Statistics view
│   │   └── presets.js                    # Preset selection
│   └── traffic-shaper/
│       ├── api.js                        # RPC API client
│       └── dashboard.css                 # UI styles
└── root/
    ├── etc/config/
    │   └── traffic-shaper                # UCI configuration
    └── usr/
        ├── libexec/rpcd/
        │   └── luci.traffic-shaper       # RPCD backend
        └── share/
            ├── luci/menu.d/              # Menu definition
            │   └── luci-app-traffic-shaper.json
            └── rpcd/acl.d/               # ACL permissions
                └── luci-app-traffic-shaper.json

Frontend Components

  • Views: LuCI views using form.Map and custom DOM rendering
  • API Client: Wrapper for RPC calls with utility functions
  • Polling: Auto-refresh for statistics (5-second interval)
  • Styling: Custom CSS with priority color coding

Backend Components

  • RPCD Script: Shell script using jshn for JSON handling
  • UCI Integration: Configuration stored in UCI format
  • TC Integration: Direct TC commands for qdisc/class/filter management

Troubleshooting

Traffic Shaping Not Working

  1. Verify CAKE module is loaded:

    lsmod | grep sch_cake

  2. Check TC configuration:

    tc qdisc show
tc class show dev wan
tc filter show dev wan

  3. Verify interface name:

    ip link show

Classes Not Appearing

  1. Restart RPCD:

    /etc/init.d/rpcd restart

  2. Check UCI configuration:

    uci show traffic-shaper

  3. Verify class is enabled:

    uci get traffic-shaper.<class_id>.enabled

Statistics Not Updating

  1. Check TC statistics:

    tc -s class show dev wan

  2. Verify polling is active (check browser console)

  3. Ensure classes are enabled and interface is correct

Permission Errors

  1. Verify ACL file is installed:

    ls -la /usr/share/rpcd/acl.d/luci-app-traffic-shaper.json

  2. Check user permissions:

    ubus -v list luci.traffic-shaper

Examples

Example 1: Home Office Setup

Classes:

  • Video Calls: Priority 1, 8mbit guaranteed, 50mbit max
  • VPN Traffic: Priority 2, 10mbit guaranteed, 60mbit max
  • Web Browsing: Priority 4, 5mbit guaranteed, 40mbit max

Rules:

  • Zoom ports (8801-8810) → Video Calls
  • Port 443 with VPN IP range → VPN Traffic
  • Ports 80,443 → Web Browsing

Example 2: Gaming + Streaming

Classes:

  • Gaming: Priority 1, 5mbit guaranteed, 40mbit max
  • Streaming: Priority 3, 15mbit guaranteed, 70mbit max
  • Downloads: Priority 7, 2mbit guaranteed, 30mbit max

Rules:

  • Gaming ports (3074, 27015, etc.) → Gaming
  • Port 443 to Netflix/YouTube IPs → Streaming
  • Port 80 → Downloads

Example 3: Multi-User Household

Use the Balanced preset or create custom classes:

  • High Priority: 10mbit → 60mbit (Priority 2)
  • Normal: 15mbit → 80mbit (Priority 5)
  • Bulk: 5mbit → 50mbit (Priority 7)

Performance Considerations

  • CPU Usage: TC processing uses minimal CPU on modern routers
  • Memory: Each class uses ~1-2KB of kernel memory
  • Latency: CAKE significantly reduces latency for interactive traffic
  • Throughput: Minimal impact on total throughput (<1% overhead)

License

Apache License 2.0

Maintainer

SecuBox Project secubox@example.com

Version

1.0.0

See Also