McUles
/
firmware
forked from freifunk-franken/firmware
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Restructuring firmware direkctories, work in progress!

This commit is contained in:
floh1111 2011-03-23 13:59:44 +00:00
commit 4092c53558
63 changed files with 13770 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1384
build_configuration/.config_default Normal file
View File

File diff suppressed because it is too large Load Diff

3002
build_configuration/Atheros_AR231x_AR5312/.config Normal file
View File

File diff suppressed because it is too large Load Diff

3331
build_configuration/Broadcom_BCM947xx_953xx_adhoc/.config Normal file
View File

File diff suppressed because it is too large Load Diff

3255
build_configuration/Broadcom_BCM947xx_953xx_ap/.config Normal file
View File

File diff suppressed because it is too large Load Diff

13
build_patches/batman_advanced/Config.in Normal file
View File

@ -0,0 +1,13 @@
config KMOD_BATMAN_ADV_DEBUG_LOG
bool "enable verbose debug logging"
depends PACKAGE_kmod-batman-adv
default n
config KMOD_BATMAN_ADV_BATCTL
bool "enable batctl"
depends PACKAGE_kmod-batman-adv
default y
help
batctl is a more intuitive managment utility for B.A.T.M.A.N.-Advanced.
It is an easier method for configuring batman-adv and
provides some additional tools for debugging as well.

106
build_patches/batman_advanced/Makefile Normal file
View File

@ -0,0 +1,106 @@
#
# Copyright (C) 2010 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id: Makefile 5624 2006-11-23 00:29:07Z nbd $
include $(TOPDIR)/rules.mk
PKG_NAME:=batman-adv
PKG_VERSION:=2010.2.0
PKG_MD5SUM:=c233f06bd94432d7697ad78241e8bdd6
BATCTL_MD5SUM:=f16d7332576c7b4fc9f8a37add235225
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://downloads.open-mesh.org/batman/releases/batman-adv-$(PKG_VERSION)
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(PKG_NAME)-$(PKG_VERSION)
PKG_TOOL_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/batctl-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/kernel.mk
define KernelPackage/batman-adv
URL:=http://www.open-mesh.org/
MAINTAINER:=Marek Lindner <lindner_marek@yahoo.de>
SUBMENU:=Network Support
DEPENDS:=@!LINUX_2_4
TITLE:=B.A.T.M.A.N. Adv
FILES:=$(PKG_BUILD_DIR)/batman-adv.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoLoad,50,batman-adv)
endef
define KernelPackage/batman-adv/description
B.A.T.M.A.N. advanced is a kernel module which allows to
build layer 2 mesh networks. This package contains the
version $(PKG_VERSION) of the kernel module plus its user space
configuration & managerment tool batctl.
endef
define KernelPackage/batman-adv/config
source "$(SOURCE)/Config.in"
endef
MAKE_BATMAN_ADV_ARGS += \
CROSS_COMPILE="$(TARGET_CROSS)" \
ARCH="$(LINUX_KARCH)" \
PATH="$(TARGET_PATH)" \
$(if $(CONFIG_KMOD_BATMAN_ADV_DEBUG_LOG),EXTRA_CFLAGS="-DCONFIG_BATMAN_ADV_DEBUG") \
SUBDIRS="$(PKG_BUILD_DIR)" \
LINUX_VERSION="$(LINUX_VERSION)" \
REVISION="" modules
MAKE_BATCTL_ARGS += \
CFLAGS="$(TARGET_CFLAGS)" \
CCFLAGS="$(TARGET_CFLAGS)" \
OFLAGS="$(TARGET_CFLAGS)" \
REVISION="" \
CC="$(TARGET_CC)" \
NODEBUG=1 \
UNAME="Linux" \
INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \
STRIP="/bin/true" \
batctl install
ifneq ($(DEVELOPER)$(CONFIG_KMOD_BATMAN_ADV_BATCTL),)
define Download/batctl
FILE:=batctl-$(PKG_VERSION).tar.gz
URL:=$(PKG_SOURCE_URL)
MD5SUM:=$(BATCTL_MD5SUM)
endef
$(eval $(call Download,batctl))
BUILD_BATCTL = $(MAKE) -C $(PKG_TOOL_BUILD_DIR) $(MAKE_BATCTL_ARGS)
endif
define Build/Compile
tar xzf "$(DL_DIR)/batctl-$(PKG_VERSION).tar.gz" -C "$(BUILD_DIR)/$(PKG_NAME)"
cp $(PKG_BUILD_DIR)/Makefile.kbuild $(PKG_BUILD_DIR)/Makefile
$(MAKE) -C "$(LINUX_DIR)" $(MAKE_BATMAN_ADV_ARGS)
$(BUILD_BATCTL)
endef
define Build/Clean
rm -rf $(BUILD_DIR)/$(PKG_NAME)/
endef
ifneq ($(DEVELOPER)$(CONFIG_KMOD_BATMAN_ADV_BATCTL),)
define KernelPackage/batman-adv/install
$(INSTALL_DIR) $(1)/etc/config $(1)/etc/init.d
$(INSTALL_BIN) ./files/etc/init.d/batman-adv $(1)/etc/init.d
$(INSTALL_DATA) ./files/etc/config/batman-adv $(1)/etc/config
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/batctl $(1)/usr/sbin/
endef
else
define KernelPackage/batman-adv/install
$(INSTALL_DIR) $(1)/etc/config $(1)/etc/init.d
$(INSTALL_BIN) ./files/etc/init.d/batman-adv $(1)/etc/init.d
$(INSTALL_DATA) ./files/etc/config/batman-adv $(1)/etc/config
endef
endif
$(eval $(call KernelPackage,batman-adv))

9
build_patches/batman_advanced/files/etc/config/batman-adv Normal file
View File

@ -0,0 +1,9 @@
config 'mesh' 'bat0'
option 'interfaces' 'wlan0'
option 'orig_interval'
option 'log_level'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'vis_mode'

102
build_patches/batman_advanced/files/etc/init.d/batman-adv Normal file
View File

@ -0,0 +1,102 @@
#!/bin/sh /etc/rc.common
START=90
is_module_loaded() {
if [ ! -d "/sys/module/batman_adv" ]; then
echo "batman-adv module directory not found - was the kernel module loaded ?" >&2
return 0
fi
return 1
}
start_mesh () {
local meshif="$1"
local interfaces orig_interval log_level aggregated_ogms bonding fragmentation vis_mode
is_module_loaded
[ $? -ne 1 ] && return
config_get interfaces "$meshif" interfaces
config_get orig_interval "$meshif" orig_interval
config_get log_level "$meshif" log_level
config_get aggregated_ogms "$meshif" aggregated_ogms
config_get bonding "$meshif" bonding
config_get fragmentation "$meshif" fragmentation
config_get vis_mode "$meshif" vis_mode
if [ "$interfaces" = "" ]; then
echo Error, you must specify at least a network interface
return
fi
for interface in $interfaces
do
[ ! -f "/sys/class/net/$interface/batman_adv/mesh_iface" ] && echo "Can't add interface $interface - ignoring" && continue
echo $meshif > /sys/class/net/$interface/batman_adv/mesh_iface
done
if [ $orig_interval ]; then
echo $orig_interval > /sys/class/net/$meshif/mesh/orig_interval
fi
if [ $log_level ]; then
echo $log_level > /sys/class/net/$meshif/mesh/log_level 2>&-
fi
if [ $aggregated_ogms ]; then
echo $aggregated_ogms > /sys/class/net/$meshif/mesh/aggregated_ogms
fi
if [ $bonding ]; then
echo $bonding > /sys/class/net/$meshif/mesh/bonding
fi
if [ $fragmentation ]; then
echo $fragmentation > /sys/class/net/$meshif/mesh/fragmentation
fi
if [ $vis_mode ]; then
echo $vis_mode > /sys/class/net/$meshif/mesh/vis_mode
fi
}
stop_mesh() {
local meshif="$1"
is_module_loaded
[ $? -ne 1 ] && return
for iface in $(ls /sys/class/net/*)
do
[ ! -f "$iface/batman_adv/mesh_iface" ] && continue
[ "$(head -1 $iface/batman_adv/mesh_iface)" != "status: $meshif" ] && continue
echo "none" > $iface/batman_adv/mesh_iface
done
}
# can also be used with "batman-adv start bat0"
start() {
config_load batman-adv
if [ -n "$1" ]; then
start_mesh $1
else
config_foreach start_mesh mesh
fi
}
# can also be used with "batman-adv stop bat0"
stop () {
config_load batman-adv
if [ -n "$1" ]; then
stop_mesh $1
else
config_foreach stop_mesh mesh
fi
}

9
root_file_system/default/etc/banner Normal file
View File

@ -0,0 +1,9 @@
____ ____ _______
| | | | | Freifunk
|____ |____ | _ | | Oldenburg
| | | | | Firmware
| | |_______| |_____________
Welcome to the free wireless experience
For more information take a look at http://freifunk-ol.de
---------------------------------------------------------

20
root_file_system/default/etc/bat-hosts Normal file
View File

@ -0,0 +1,20 @@
06:21:91:2c:f3:09 Batman_TimWZ
00:21:91:2c:f3:09 Node_TimWZ
06:1e:58:c7:07:e5 Batman_TimKU
00:1e:58:c7:07:e5 Node_TimKU
06:22:b0:98:70:df Batman_FreWZ
00:22:b0:98:70:df Node_FreWZ
06:1e:58:b9:d4:39 Batman_FreKU
00:1e:58:b9:d4:39 Node_FreKU
06:18:84:80:83:8d Batman_BjoFON
00:18:84:80:83:8d Node_BjoFON
06:22:B0:96:7C:D7 Batman_BjoDIR
00:22:B0:96:7C:D7 Node_BjoDIR
06:18:84:81:73:21 Batman_BjoBalk
00:18:84:81:73:21 Node_BjoBalk
0A:24:01:17:B7:55 Batman_floh1111_dir300
00:24:01:17:B7:55 Node_floh1111_dir300
00:13:e8:ab:47:49 Client_RedLap
1c:4b:d6:b8:17:dc Client_Freddy
00:16:6F:47:51:AA Client_floh1111
00:80:48:3b:ab:0e Client_Bjo

8
root_file_system/default/etc/config_dir300/batman-adv Normal file
View File

@ -0,0 +1,8 @@
config 'mesh' 'bat0'
option 'interfaces' 'ath1'
option 'orig_interval'
option 'log_level'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'vis_mode'

33
root_file_system/default/etc/config_dir300/dhcp Normal file
View File

@ -0,0 +1,33 @@
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k '0' #enable for dial on demand
option localise_queries 1
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 0
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
#config dhcp mesh
# option interface mesh
# option start X.10
# option limit 100
# option leasetime 6h
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
config dhcp wan
option interface wan
option ignore 1

4
root_file_system/default/etc/config_dir300/dropbear Normal file
View File

@ -0,0 +1,4 @@
config dropbear
option PasswordAuth 'on'
option Port '22'
# option BannerFile '/etc/banner'

96
root_file_system/default/etc/config_dir300/firewall Normal file
View File

@ -0,0 +1,96 @@
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name lan
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option src wan
option proto udp
option dest_port 68
option target ACCEPT
#Allow ping
config rule
option src wan
option proto icmp
option icmp_type echo-request
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp

37
root_file_system/default/etc/config_dir300/network Normal file
View File

@ -0,0 +1,37 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
#config 'interface' 'lan'
# option 'proto' 'dhcp'
# option 'ifname' 'eth0.1'
config 'interface' 'wlanmesch'
option 'ifname' 'ath1'
option 'mtu' '1527'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'eth0.1 ath0 bat0 tap0'
option 'stp' '1'
config 'switch' 'eth0'
option 'name' 'eth0'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 1 2 3 5t'
config 'switch_vlan' 'eth0_2'
option 'device' 'eth0'
option 'vlan' '2'
option 'ports' '4 5t'
config 'interface' 'wan'
option 'ifname' 'eth0.2'
option 'proto' 'dhcp'

24
root_file_system/default/etc/config_dir300/nodewatcher Normal file
View File

@ -0,0 +1,24 @@
config 'script'
option 'version' '15'
option 'error_level' '0'
option 'logfile' '/var/log/nodewatcher.log'
config 'api'
option 'ipv4_address' '1'
option 'ipv6_interface' 'br-mesh'
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
config 'update'
option 'autoupdate' '1'
config 'crawl'
option 'method' 'hash'
option 'nickname' '1'
option 'password' '1'
option 'router_id' '1'
option 'update_hash' '1'
option 'login_string' '1'
config 'network'
option 'mesh-interface' 'br-mesh'
option 'client-interfaces' 'ath0'

86
root_file_system/default/etc/config_dir300/qos Normal file
View File

@ -0,0 +1,86 @@
# QoS configuration for OpenWrt
# INTERFACES:
config interface wan
option classgroup "Default"
option enabled 1
option overhead 1
option upload 128
option download 1024
# RULES:
config classify
option target "Bulk"
option layer7 "edonkey"
config classify
option target "Bulk"
option layer7 "bittorrent"
config classify
option target "Priority"
option ports "22,53"
config classify
option target "Normal"
option proto "tcp"
option ports "20,21,25,80,110,443,993,995"
config classify
option target "Express"
option ports "5190"
config default
option target "Express"
option proto "udp"
option pktsize "-500"
config reclassify
option target "Priority"
option proto "icmp"
config default
option target "Bulk"
option portrange "1024-65535"
config reclassify
option target "Priority"
option proto "tcp"
option pktsize "-128"
option mark "!Bulk"
option tcpflags "SYN"
config reclassify
option target "Priority"
option proto "tcp"
option pktsize "-128"
option mark "!Bulk"
option tcpflags "ACK"
# Don't change the stuff below unless you
# really know what it means :)
config classgroup "Default"
option classes "Priority Express Normal Bulk"
option default "Normal"
config class "Priority"
option packetsize 400
option maxsize 400
option avgrate 10
option priority 20
config class "Priority_down"
option packetsize 1000
option avgrate 10
config class "Express"
option packetsize 1000
option maxsize 800
option avgrate 50
option priority 10
config class "Normal"
option packetsize 1500
option packetdelay 100
option avgrate 10
option priority 5
config class "Normal_down"
option avgrate 20
config class "Bulk"
option avgrate 1
option packetdelay 200

3
root_file_system/default/etc/config_dir300/system Normal file
View File

@ -0,0 +1,3 @@
config system
option hostname OpenWrt
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"

2
root_file_system/default/etc/config_dir300/timeserver Normal file
View File

@ -0,0 +1,2 @@
config timeserver
option hostname time.fu-berlin.de

21
root_file_system/default/etc/config_dir300/wireless Normal file
View File

@ -0,0 +1,21 @@
config 'wifi-device' 'wifi0'
option 'type' 'atheros'
option 'disabled' '0'
option 'channel' '6'
option 'txpower' '15'
option 'bgscan' '0'
option 'diversity' '1'
config 'wifi-iface'
option 'device' 'wifi0'
option 'mode' 'adhoc'
option 'ssid' 'batman.oldenburg.freifunk.net'
option 'bssid' '02:CA:FF:EE:BA:BE'
option 'encryption' 'none'
option 'hidden' '1'
config 'wifi-iface'
option 'device' 'wifi0'
option 'mode' 'ap'
option 'ssid' 'oldenburg.freifunk.net'
option 'encryption' 'none'

8
root_file_system/default/etc/config_fonera/batman-adv Normal file
View File

@ -0,0 +1,8 @@
config 'mesh' 'bat0'
option 'interfaces' 'ath1'
option 'orig_interval'
option 'log_level'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'vis_mode'

33
root_file_system/default/etc/config_fonera/dhcp Normal file
View File

@ -0,0 +1,33 @@
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k '0' #enable for dial on demand
option localise_queries 1
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 0
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
#config dhcp mesh
# option interface mesh
# option start X.10
# option limit 100
# option leasetime 6h
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
config dhcp wan
option interface wan
option ignore 1

4
root_file_system/default/etc/config_fonera/dropbear Normal file
View File

@ -0,0 +1,4 @@
config dropbear
option PasswordAuth 'on'
option Port '22'
# option BannerFile '/etc/banner'

96
root_file_system/default/etc/config_fonera/firewall Normal file
View File

@ -0,0 +1,96 @@
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name lan
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option src wan
option proto udp
option dest_port 68
option target ACCEPT
#Allow ping
config rule
option src wan
option proto icmp
option icmp_type echo-request
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp

18
root_file_system/default/etc/config_fonera/network Normal file
View File

@ -0,0 +1,18 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'proto' 'dhcp'
option 'ifname' 'eth0'
config 'interface' 'wlanmesch'
option 'ifname' 'ath1'
option 'mtu' '1527'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'ath0 bat0 tap0'
option 'stp' '1'

20
root_file_system/default/etc/config_fonera/nodewatcher Normal file
View File

@ -0,0 +1,20 @@
config 'script'
option 'version' '15'
option 'error_level' '0'
option 'logfile' '/var/log/nodewatcher.log'
config 'api'
option 'ipv4_address' '1'
option 'ipv6_interface' 'br-mesh'
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
config 'update'
option 'autoupdate' '1'
config 'crawl'
option 'method' 'hash'
option 'nickname' '1'
option 'password' '1'
option 'router_id' '1'
option 'update_hash' '1'
option 'login_string' '1'

86
root_file_system/default/etc/config_fonera/qos Normal file
View File

@ -0,0 +1,86 @@
# QoS configuration for OpenWrt
# INTERFACES:
config interface wan
option classgroup "Default"
option enabled 1
option overhead 1
option upload 128
option download 1024
# RULES:
config classify
option target "Bulk"
option layer7 "edonkey"
config classify
option target "Bulk"
option layer7 "bittorrent"
config classify
option target "Priority"
option ports "22,53"
config classify
option target "Normal"
option proto "tcp"
option ports "20,21,25,80,110,443,993,995"
config classify
option target "Express"
option ports "5190"
config default
option target "Express"
option proto "udp"
option pktsize "-500"
config reclassify
option target "Priority"
option proto "icmp"
config default
option target "Bulk"
option portrange "1024-65535"
config reclassify
option target "Priority"
option proto "tcp"
option pktsize "-128"
option mark "!Bulk"
option tcpflags "SYN"
config reclassify
option target "Priority"
option proto "tcp"
option pktsize "-128"
option mark "!Bulk"
option tcpflags "ACK"
# Don't change the stuff below unless you
# really know what it means :)
config classgroup "Default"
option classes "Priority Express Normal Bulk"
option default "Normal"
config class "Priority"
option packetsize 400
option maxsize 400
option avgrate 10
option priority 20
config class "Priority_down"
option packetsize 1000
option avgrate 10
config class "Express"
option packetsize 1000
option maxsize 800
option avgrate 50
option priority 10
config class "Normal"
option packetsize 1500
option packetdelay 100
option avgrate 10
option priority 5
config class "Normal_down"
option avgrate 20
config class "Bulk"
option avgrate 1
option packetdelay 200

3
root_file_system/default/etc/config_fonera/system Normal file
View File

@ -0,0 +1,3 @@
config system
option hostname OpenWrt
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"

2
root_file_system/default/etc/config_fonera/timeserver Normal file
View File

@ -0,0 +1,2 @@
config timeserver
option hostname time.fu-berlin.de

21
root_file_system/default/etc/config_fonera/wireless Normal file
View File

@ -0,0 +1,21 @@
config 'wifi-device' 'wifi0'
option 'type' 'atheros'
option 'disabled' '0'
option 'channel' '6'
option 'txpower' '15'
option 'bgscan' '0'
option 'diversity' '1'
config 'wifi-iface'
option 'device' 'wifi0'
option 'mode' 'adhoc'
option 'ssid' 'batman.oldenburg.freifunk.net'
option 'bssid' '02:CA:FF:EE:BA:BE'
option 'encryption' 'none'
option 'hidden' '1'
config 'wifi-iface'
option 'device' 'wifi0'
option 'mode' 'ap'
option 'ssid' 'oldenburg.freifunk.net'
option 'encryption' 'none'

9
root_file_system/default/etc/config_wrt54g_adhoc/batman-adv Normal file
View File

@ -0,0 +1,9 @@
config 'mesh' 'bat0'
option 'interfaces' 'wlan0'
option 'orig_interval'
option 'log_level'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'vis_mode'

27
root_file_system/default/etc/config_wrt54g_adhoc/dhcp Normal file
View File

@ -0,0 +1,27 @@
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k '0' #enable for dial on demand
option localise_queries 1
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
config dhcp wlan0
option interface wlan0
option start 100
option limit 150
option leasetime 12h
config dhcp wan
option interface wan
option ignore 1

4
root_file_system/default/etc/config_wrt54g_adhoc/dropbear Normal file
View File

@ -0,0 +1,4 @@
config dropbear
option PasswordAuth 'on'
option Port '22'
# option BannerFile '/etc/banner'

96
root_file_system/default/etc/config_wrt54g_adhoc/firewall_ Normal file
View File

@ -0,0 +1,96 @@
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name lan
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option src wan
option proto udp
option dest_port 68
option target ACCEPT
#Allow ping
config rule
option src wan
option proto icmp
option icmp_type echo-request
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp

45
root_file_system/default/etc/config_wrt54g_adhoc/network Normal file
View File

@ -0,0 +1,45 @@
#### VLAN configuration
config switch eth0
option enable 1
config switch_vlan eth0_0
option device "eth0"
option vlan 0
option ports "1 2 3 4 5"
config switch_vlan eth0_1
option device "eth0"
option vlan 1
option ports "0 5"
#### Loopback configuration
config interface loopback
option ifname "lo"
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
#### LAN configuration
config interface lan
option type bridge
option ifname "eth0.0"
option proto static
option ipaddr 192.168.1.1
option netmask 255.255.255.0
#### WAN configuration
config interface wan
option ifname "eth0.1"
option proto dhcp
config interface wlan0
option proto static
option ipaddr 192.168.2.1
option netmask 255.255.255.0
config interface mesh
option type bridge
option ifname "bat0 tap0"
option stp 1

20
root_file_system/default/etc/config_wrt54g_adhoc/nodewatcher Normal file
View File

@ -0,0 +1,20 @@
config 'script'
option 'version' '15'
option 'error_level' '0'
option 'logfile' '/var/log/nodewatcher.log'
config 'api'
option 'ipv4_address' '1'
option 'ipv6_interface' 'br-mesh'
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
config 'update'
option 'autoupdate' '1'
config 'crawl'
option 'method' 'hash'
option 'nickname' '1'
option 'password' '1'
option 'router_id' '1'
option 'update_hash' '1'
option 'login_string' '1'

3
root_file_system/default/etc/config_wrt54g_adhoc/system Normal file
View File

@ -0,0 +1,3 @@
config system
option hostname OpenWrt
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"

2
root_file_system/default/etc/config_wrt54g_adhoc/timeserver Normal file
View File

@ -0,0 +1,2 @@
config timeserver
option hostname time.fu-berlin.de

16
root_file_system/default/etc/config_wrt54g_adhoc/wireless Normal file
View File

@ -0,0 +1,16 @@
config wifi-device radio0
option type mac80211
option channel 5
option macaddr 00:12:17:cc:ef:0d
option hwmode 11g
# REMOVE THIS LINE TO ENABLE WIFI:
option disabled 0
config wifi-iface
option device radio0
option network wlan0
option mode adhoc
option ssid batman.oldenburg.freifunk.net
option encryption none
option bssid 02:CA:FF:EE:BA:BE

8
root_file_system/default/etc/config_wrt54g_ap/batman-adv Normal file
View File

@ -0,0 +1,8 @@
config 'mesh' 'bat0'
option 'interfaces'
option 'orig_interval'
option 'log_level'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'vis_mode'

30
root_file_system/default/etc/config_wrt54g_ap/dhcp Normal file
View File

@ -0,0 +1,30 @@
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0 # enable for dial on demand
option localise_queries 1
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
option rebind_localhost 0 # enable for RBL checking and similar services
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
config dhcp wan
option interface wan
option ignore 1

4
root_file_system/default/etc/config_wrt54g_ap/dropbear Normal file
View File

@ -0,0 +1,4 @@
config dropbear
option PasswordAuth 'on'
option Port '22'
# option BannerFile '/etc/banner'

96
root_file_system/default/etc/config_wrt54g_ap/firewall Normal file
View File

@ -0,0 +1,96 @@
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name lan
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option src wan
option proto udp
option dest_port 68
option target ACCEPT
#Allow ping
config rule
option src wan
option proto icmp
option icmp_type echo-request
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp

33
root_file_system/default/etc/config_wrt54g_ap/network Normal file
View File

@ -0,0 +1,33 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'proto' 'dhcp'
option 'ifname' 'eth0.1'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'wl0 tap0'
option 'stp' '1'
config 'switch' 'eth0'
option 'name' 'eth0'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 1 2 3 5t'
config 'switch_vlan' 'eth0_2'
option 'device' 'eth0'
option 'vlan' '2'
option 'ports' '4 5t'
config 'interface' 'wan'
option 'ifname' 'eth0.2'
option 'proto' 'dhcp'

22
root_file_system/default/etc/config_wrt54g_ap/nodewatcher Normal file
View File

@ -0,0 +1,22 @@
config 'script'
option 'version' '15'
option 'error_level' '0'
option 'logfile' '/var/log/nodewatcher.log'
config 'api'
option 'ipv4_address' '1'
option 'ipv6_interface' 'br-mesh'
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
config 'update'
option 'autoupdate' '1'
config 'crawl'
option 'method' 'hash'
option 'nickname' '1'
option 'password' '1'
option 'login_string' '1'
option 'router_id' '1'
option 'update_hash' '1'

3
root_file_system/default/etc/config_wrt54g_ap/system Normal file
View File

@ -0,0 +1,3 @@
config system
option hostname OpenWrt
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"

2
root_file_system/default/etc/config_wrt54g_ap/timeserver Normal file
View File

@ -0,0 +1,2 @@
config timeserver
option hostname time.fu-berlin.de

10
root_file_system/default/etc/config_wrt54g_ap/wireless Normal file
View File

@ -0,0 +1,10 @@
config wifi-device wl0
option type broadcom
option channel 6
option disabled 0
config wifi-iface
option device wl0
option mode ap
option ssid oldenburg.freifunk.net
option encryption none

17
root_file_system/default/etc/crontabs/root Normal file
View File

@ -0,0 +1,17 @@
*/5 * * * * killall klogd
*/5 * * * * killall syslogd
*/5 * * * * killall logger
*/5 * * * * sh /etc/nodewatcher.sh
*/5 * * * * sh /etc/tincstart.sh
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
#Enable zapp script if you are running a gateway
#*/1 * * * * /etc/init.d/zapp
*/5 * * * * killall -HUP dnsmasq
#* * * * * /usr/sbin/ff_olsr_test_gw
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
#0 */4 * * * /usr/sbin/ff_rdate
#17 * * * * /usr/sbin/ff_mapupdate

45
root_file_system/default/etc/firewall.user Executable file
View File

@ -0,0 +1,45 @@
#!/bin/sh
#iptables -F
#
#iptables -P INPUT DROP
#iptables -P OUTPUT DROP
#iptables -P FORWARD DROP
#
#for proto in tcp udp
#do
# for port in 53 666 655
# do
# iptables -A OUTPUT -p $proto --dport $port -j ACCEPT
# iptables -A OUTPUT -p $proto --sport $port -j ACCEPT
# iptables -A INPUT -p $proto --dport $port -j ACCEPT
# iptables -A INPUT -p $proto --sport $port -j ACCEPT
# done
#done
#
#iptables -A OUTPUT -p icmp -j ACCEPT
#iptables -A INPUT -p icmp -j ACCEPT
#
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
#
#
#iptables -A OUTPUT -p tcp --sport 1024: -j ACCEPT
#iptables -A OUTPUT -p udp --sport 1024: -j ACCEPT
# mastersword.de
#iptables -A OUTPUT -p tcp -d 78.46.215.78 -j ACCEPT
#iptables -A INPUT -p tcp -s 78.46.215.78 -j ACCEPT
# gw1.freifunk-ol.de
#iptables -A OUTPUT -p tcp -d 178.33.33.102 -j ACCEPT
#iptables -A INPUT -p tcp -s 178.33.33.102 -j ACCEPT
# freifunk-ol.de
#iptables -A OUTPUT -p tcp -d 178.33.33.208 -j ACCEPT
#iptables -A INPUT -p tcp -s 178.33.33.208 -j ACCEPT
#Masquerade interface for gateway
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#solves MTU problem with bad ISP´s
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

2
root_file_system/default/etc/firmware_release Normal file
View File

@ -0,0 +1,2 @@
FIRMWARE_VERSION="0.1"
RELEASE_DATE="15.02.2010"

3
root_file_system/default/etc/hostsupdate.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
wget -T15 http://$(cat /etc/config/nodewatcher | grep url | awk '{ print $3 }' | sed -e "s/\]'//g" -e "s/'\[//g")/api_nodewatcher.php?section=get_hostnames_and_mac -O - | grep -v -e "^..-..-" | sort -u > /etc/bat-hosts

3
root_file_system/default/etc/hotplug.d/iface/50-tincstart Executable file
View File

@ -0,0 +1,3 @@
[ ifup = "$ACTION" -a "$DEVICE" = eth0 ] && {
sh /etc/tincstart.sh
}

3
root_file_system/default/etc/hotplug.d/iface/51-nodewatcher Executable file
View File

@ -0,0 +1,3 @@
[ ifup = "$ACTION" -a "$DEVICE" = eth0 ] && {
sh /etc/nodewatcher.sh
}

622
root_file_system/default/etc/init.d/zapp Executable file
View File

@ -0,0 +1,622 @@
#!/bin/sh
# If you got false positives, try a higher value
BOGOTHRESH=200
# Note: for mail alarm, you need "ssmtp" installed and configured.
# Example /etc/ssmtp/ssmtp.conf (debian/ubuntu) for GMX needs:
# mailhub=mail.gmx.net:25 FromLineOverride=YES
# AuthUser=$MAILFROM AuthPass=x UseSTARTTLS=YES
MAILFROM=sender-address@domain.de
MAILADDR=receiver-address@domain.de
# Insert IPs you trust
#TRUSTEDIP="$TRUSTEDIP 1.2.3.4"
#TRUSTEDIP="$TRUSTEDIP 2.3.4.5"
# 0: Do not save, 1: save conntrack if zapp
DEBUGSAVE=0
# Empty: No log in /var/log/zapp/, otherwise string to prepend to saved bogothresh files
DEBUGLOGS= #$(date "+%b%d %H:%M")
# 0: Manual clear, or minutes until auto-clear blockade (5-1439)
CLEARTIME=360
WEBSERVER=/www
# --- END OF CONFIGURATION SETTINGS ---
# This script uses case-esac for speed with busybox-ash. Current version under:
# http://ff-firmware.cvs.sourceforge.net/viewvc/*checkout*/ff-firmware/ff-devel/freifunk-zapp/etc/init.d/S92zapp
# When running via cron, the PATH is unset
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# We start a netcat-based webserver on this port if someone is blocked
BLOCKPORT=8090
CRONUSR=root
CRONDIR=/var/spool/cron/crontabs
# First argument may be an input file
CONN=${1:-/proc/net/ip_conntrack}
# This script calls itself with the IP to analyze why its blocking
DEBIP=$2
case $1 in '')DEBUG=false;;*)DEBUG=true;;esac
case $DEBUGLOGS in "");;*)test -d /var/log/zapp || mkdir -p /var/log/zapp;;esac
# Find out our IP that is used to connect to the Internet
DEV=$(ip route get 1.1.1.1/1|sed -n '1{s/.* dev \([^ ]\+\).*/\1/;p}')
ADR=$(ip -f inet addr list dev $DEV scope global|sed -n '2s/^.*inet \([0-9\.]\+\).*/\1/p')
PAT=$(sed 's/\./_/g'<<Q
$ADR
Q
)
UNK=0
which () {
# Note: do not unset IFS (busybox ash and bash are different here)
for p in $(sed 's/:/ /g'<<Q
$PATH
Q
);do
test -x $p/$1 && return 0
done
return 1
}
# Freifunk Firmware Configs
which nvram && {
ff_zapp_thresh=$(nvram get ff_zapp_thresh)
BOGOTHRESH=${ff_zapp_thresh:-$BOGOTHRESH}
}
case $BOGOTHRESH in ""|0)exit 0;;esac
NC_CMD=
which nc && NC_CMD=nc
which nc-hobbit && NC_CMD=nc-hobbit
which netcat && NC_CMD=netcat
which nc6 && NC_CMD=nc6
# Note: busybox nc unusable, "-q" only Debian, GNU netcat "-c" unusable
$NC_CMD -h 2>&1 | egrep -q '\-l\b' || NC_CMD=
# 1=-I/-D 2=proto 3=srcip, 4=dport, 5=to
portfw () {
local to
case $1 in "-D")
to=$(iptables -t nat -nL PREROUTING|sed -n "s/^DNAT[[:space:]]\\+$2[[:space:]]\\+[^[:space:]]\\+[[:space:]]\\+$3[[:space:]]\\+![[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+[[:space:]]\\+$2[[:space:]]\\+dpt:$4[[:space:]]\\+to://;tp;b;:p p;q")
;;esac
to=${to:-$5}
iptables -t nat $1 PREROUTING --proto $2 -s $3 ! -d ${to%:*} --dport $4 -j DNAT --to $to
}
netcatruns () {
for pid in $(pidof $NC_CMD);do
ppid=$(sed -n 's/^PPid: //p' /proc/$pid/status)
case $(sed -n 's/^Name: //p' /proc/$ppid/status) in ${0##*/})
# Check netstat: release the IP currently grabbing our blocking page
case "$1" in "GET /let-me-browse-again"*)
le=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\4 \3 \2 \1/'))
be=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\1 \2 \3 \4/'))
eval $(sed -n '/^ *[0-9]\+: \+'$le':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\4 )).$(( 0x\3 )).$(( 0x\2 )).$(( 0x\1 ))/;p;q};/^ *[0-9]\+: \+'$be':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\1 )).$(( 0x\2 )).$(( 0x\3 )).$(( 0x\4 ))/;p;q}' /proc/net/tcp)
portfw -D tcp $ip 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
;;esac
return 0
;;esac
done
return 1
}
# Add (-I) or remove (-D) iptables rules
block () {
# Freifunk Firmware Configs
which nvram && {
ff_adm_mail=$(nvram get ff_adm_mail)
ff_zapp_time=$(nvram get ff_zapp_time)
ff_zapp_debug=$(nvram get ff_zapp_debug)
ff_zapp_server=$(nvram get ff_zapp_server)
ff_zapp_strict=$(nvram get ff_zapp_strict)
MAILFROM=${ff_adm_mail:-$MAILFROM}
MAILADDR=${ff_adm_mail:-$MAILADDR}
CLEARTIME=${ff_zapp_time:-$CLEARTIME}
DEBUGSAVE=${ff_zapp_debug:-$DEBUGSAVE}
WEBSERVER=${ff_zapp_server:-$WEBSERVER}
IFS=\;
for i in $(nvram get ff_zapp_trusted); do
TRUSTEDIP="$TRUSTEDIP $i"
done
unset IFS
}
for i in $TRUSTEDIP;do
case $2 in $i)
# Prevents re-blocking next run
iptables $1 FORWARD -s $2
iptables $1 FORWARD -d $2
return
;;esac
done
# Note: FreifunkFW does not have REJECT out-of-the-box
jump=DROP
iptables -I OUTPUT -d 127.0.0.1 -j REJECT 2>&- && iptables -D OUTPUT -d 127.0.0.1 -j REJECT 2>&- && jump=REJECT
iptables $1 FORWARD -s $2 -j $jump
iptables $1 FORWARD -d $2 -j $jump
# Allowing ping is always a good idea
iptables $1 FORWARD -s $2 --proto icmp -j ACCEPT
iptables $1 FORWARD -d $2 --proto icmp -j ACCEPT
# Allow TCP up to port 1023
iptables $1 FORWARD -s $2 --proto tcp --dport :1023 -j ACCEPT
iptables $1 FORWARD -d $2 --proto tcp --sport :1023 -j ACCEPT
# Note: Freifunk FW does not have REDIRECT, use DNAT instead,
# which needs the correct outgoing interface IP for redirection.
ifip=$(ip route get $2|sed -n 's/^.* src \([^ ]\+\).*/\1/p')
# Allow DNS, redirect to our local dnsmasq if applicable
if pidof dnsmasq >&-; then
portfw $1 udp $2 53 ${ifip:-$ADR}:53
portfw $1 tcp $2 53 ${ifip:-$ADR}:53
else
iptables $1 FORWARD -s $2 --proto udp --dport 53 -j ACCEPT
iptables $1 FORWARD -d $2 --proto udp --sport 53 -j ACCEPT
fi
# It's polite to tell a blocked user what's going on
case $NC_CMD in "");;*)
portfw $1 tcp $2 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
case $1 in "-D")
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
sed -i -e "/\/${0##*/} unblock $2\$/d" $CRONDIR/$CRONUSR
echo $CRONUSR > $CRONDIR/cron.update
};;esac
if ! iptables -t nat -nL PREROUTING|egrep -q "\\bto:[^:]+:$BLOCKPORT\\b"; then
netcatruns && (echo "Stopping netcat server" >&2;kill $ppid $pid)
fi
;;*)
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
min=$(date +%M)
min=$(( $(date +%k ) * 60 + ${min#0} + $CLEARTIME ))
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
sed -i -e "\$a$(( $min % 60 )) $(( $min / 60 % 24 )) * * * $me unblock $2" $CRONDIR/$CRONUSR
echo $CRONUSR > $CRONDIR/cron.update
};;esac
if ! netcatruns; then
echo "Starting netcat server for $2" >&2
while true;do ($NC_CMD -l -p $BLOCKPORT <<EOF
HTTP/1.0 200 OK
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
<HTML>
<HEAD><TITLE>Sorry...</TITLE>
<META HTTP-EQUIV="Expires" CONTENT="-1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8">
<STYLE TYPE="text/css"></STYLE>
</HEAD>
<BODY ONLOAD="if ('/let-me-browse-again' == window.location.pathname)location.href=document.referrer">
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"><!--
function addrule(selector, rule)
{
if (null!=document.styleSheets && 0<document.styleSheets.length)
{
if (null!=document.styleSheets[0].cssRules)
{
document.styleSheets[0].insertRule(selector+"{"+rule+"}", 0);
}
else if (null!=document.styleSheets[0].rules)
{
document.styleSheets[0].addRule(selector, rule);
}
}
}
if (null != navigator.language && "de" == navigator.language ||
null != navigator.browserLanguage && "de" == navigator.browserLanguage)
{
addrule(".de", "display:block");
addrule(".fr", "display:none");
addrule(".en", "display:none");
}
else if (null != navigator.language && "fr" == navigator.language ||
null != navigator.browserLanguage && "fr" == navigator.browserLanguage)
{
addrule(".de", "display:none");
addrule(".fr", "display:block");
addrule(".en", "display:none");
}
else
{
addrule(".de", "display:none");
addrule(".fr", "display:none");
addrule(".en", "display:block");
}
//--></SCRIPT>
<H1>Zapped on $(uname -n) (${ifip:-$ADR})</H1>
<DIV CLASS="en">
<P><SMALL CLASS="de">Deutsch: siehe unten</SMALL><SMALL CLASS="fr">français&nbsp;: voir ci-dessous</SMALL></P>
<HR>
<P>Hello! You are a victim of a filesharing blockade. Your PC opens too
much connections to different Internet hosts. This may be caused by the
VoIP program Skype, by a filesharing program or by another program with
this unusual communication pattern. $(test -f $WEBSERVER/cgi-bin-skype.html &&
echo "For operating the Skype VoIP program please read this
<A HREF='http://$ifip/cgi-bin-skype.html'>Information Page</A>.")
</P>
<P>TCP based services still work (ports up to 1023), but UDP based services are blocked now.</P>
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
VALUE='I have read this page and stopped the respective program. Please restore access to the Web.'
TYPE='submit'></FORM>
<P>The blockade $(case $CLEARTIME in ""|0) echo "needs to be removed manually.";;*)echo "will be
removed after $CLEARTIME minutes. Alternatively, the blockade can be removed manually.";;esac)
For this, send an email to <A HREF="mailto:$MAILADDR">$MAILADDR</A>.
</P>
</DIV>
<DIV CLASS="de">
<HR>
<P>Hallo! Du bist das Opfer einer Filesharing-Sperre geworden. Dein Rechner
&ouml;ffnet zuviele Verbindungen zu verschiedenen Internet-Rechnern. Dies
kann ausgel&ouml;st werden durch das VoIP-Programm Skype, durch ein
Filesharing-Programm oder durch ein anderes Programm welches dieses ungew&ouml;hnliche
Kommunikationsmuster aufweist. $(test -f $WEBSERVER/cgi-bin-skype.html &&
echo "Zum Betrieb des VoIP-Programms Skype lies bitte diese
<A HREF='http://$ifip/cgi-bin-skype.html'>Informationsseite</A>.")
</P>
<P><B>Hinweis:</B> TCP-basierte Dienste (Ports bis 1023) funktionieren, aber UDP-basierte Dienste sind nun gesperrt.</P>
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
VALUE='Ich habe verstanden und das entsprechende Programm beendet. Bitte Web-Zugang freigeben.'
TYPE='submit'></FORM>
<P>Die Sperre $(case $CLEARTIME in ""|0)echo "muss manuell entfernt werden.";;*)
echo "wird nach $CLEARTIME Minuten entfernt. Wahlweise kann die Sperre
auch manuell entfernt werden.";;esac) Sende dazu eine Mail an
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
</P>
</DIV>
<DIV CLASS="fr">
<HR>
<P>Bonjour! Vous &ecirc;tes victime du m&eacute;canisme de blocage de partage de fichiers. Votre
ordinateur ouvre trop de connexions simultan&eacute;es vers trop d'h&ocirc;tes Internet diff&eacute;rents.
Ceci peut venir du logiciel de communications Skype, d'un logiciel de partage de fichiers,
ou d'un autre programme qui aurait ce m&ecirc;me comportement inhabituel, comme certains virus.
$(test -f $WEBSERVER/cgi-bin-skype.html &&
echo "Pour l'utilisation de Skype en voix sur IP (VoIP) merci de lire cette
<A HREF='http://$ifip/cgi-bin-skype.html'>page d'informations</A>.")
</P>
<P><B>Pr&eacute;cisions:</B> Les services TCP restent fonctionnels (Ports jusqu'au n&deg; 1023) mais les
services UDP sont bloqu&eacute;s.
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
VALUE='J&lsquo;ai lu cette page et j&lsquo;ai arr&ecirc;t&eacute; les programmes suspect&eacute;s. Lever le blocage!'
TYPE='submit'></FORM>
<P>Le blocage $(case $CLEARTIME in ""|0)echo "doit &ecirc;tre d&eacute;sactiv&eacute; manuellement.";;*)
echo "sera lev&eacute; automatiquement dans $CLEARTIME minutes. Il est aussi possible de
le faire manuellement.";;esac) en envoyant un mail &agrave;
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
</P>
</DIV>
</BODY>
<HEAD>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</HEAD>
</HTML>
EOF
)|(read -r GET && netcatruns "$GET" && kill $pid)
done >&- 2>&- &
fi
;;esac
;;esac
}
zapp () {
# Block an IP and send a mail to the admin
ip=$(echo $1|sed -e 's/^[A-Z]\+_//;s/=.*//;s/_/./g')
if $DEBUG; then
# Prevent script recursion
case $DEBIP in "")
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)"
echo
$0 "$CONN" ${1%=*}
;;esac
elif ! iptables -nL FORWARD | egrep -q "\\b$(echo $ip|sed 's/\./\\&/g')\\b";then
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)" >> /var/log/zappfile.txt
mac=$(sed -n 's/^'$(echo $ip|sed 's/\./\\./g')' \+\([^ ]\+ \+\)\{2\}\([^ ]\+\).*/\2/p' /proc/net/arp)
# Disabled, because we cannot unblock this currently
case 0 in 1)case $mac in '');;*)
echo "Also zapping $mac at $(date)" >> /var/log/zappfile.txt
iptables -I FORWARD -m mac --mac-source $mac -j $jump
;;esac;;esac
block -I $ip
case $DEBUGSAVE in 1)
# Save current conntrack for later analysis
cat "$CONN"|gzip -c>/var/log/zappfile-$ip-$(date).txt.gz
;;esac
which ssmtp && cat|ssmtp $MAILADDR<<EOF
To: $MAILADDR
From: $MAILFROM
Subject: Zappfile extended on $(uname -n)
The following IP exeeded the conntrack limit and was added to the zappfile:
IP: $ip
MAC: $mac
Date: $(date)
Bogopoints: $2
Threshold: $BOGOTHRESH
The forwarding firewall now has the following rules:
$(iptables -nL FORWARD)
EOF
fi
}
# TCP rules:
# * Bittorrent opens and uses lots of TCP connections
# * BT also uses a higher bandwidth, especially on port 688x
# * General: lots of TCP traffic from/to different peers (!port 80)
tcp () {
# We only count traffic generated by others
case $3 in $PAT);;*)
case "${10}" in
# We count unreplied connection attempts because
# lots of P2P peers may not have correct portfw
# as well as currently active transfers
SYN_SENT|SYN_RECV|ESTABLISHED)
case $4 in
# HTTP, HTTPS: browsers tend to open multiple connections
80|443)
case $9 in
?????)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac"
;;
*)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac"
;;
esac
case ${DEBIP#IP_} in $1)echo "tcp ham $1:$2 $3:$4";;esac
;;
# Punish traffic on ports 6880-6889
688*)
case $9 in
?????)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac"
;;
*)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac"
;;
esac
case ${DEBIP#IP_} in $1)echo "tcp p2p $1:$2 $3:$4";;esac
;;
# Everything else is normal tcp
*)
case $9 in
?????)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac"
;;
*)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac"
;;
esac
case ${DEBIP#IP_} in $1)echo "tcp std $1:$2 $3:$4";;esac
;;
esac
eval "TCP_$1_$3=\$(( \$TCP_$1_$3 + 1 ))"
;;
esac
;;esac
return 0
}
# UDP rules:
# * Bittorrent DHT feature got us unreplied incoming UDP from diverse IPs (sport likely 688x)
# * P2P-user with DHT: incoming UDP dport(unreplied) is port the P2P-user configured for DHT
# * P2P-user none DHT: Peers seeking DHT, we have a P2P-user currently, lower tolerance
# * General: lots of UDP traffic from/to different peers(!port 53)
udp () {
case ${10} in "[UNREPLIED]") case $3 in $PAT)
# We are contacted by incoming UDP (without reason). If that is the case
# it is likely that we have at least one P2P user now. Especially if that
# peer sends us from his port 688x which is the default for Bittorrent.
case $2 in
668*)
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
;;
*)
case $4 in
688*)
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
;;
*)
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 1 ));;esac"
case $DEBIP in '');;*)echo "nak udp $1:$2 -> $3:$4 (UNK=$UNK)";;esac
;;
esac
;;
esac
eval "UNK_$1=\$(( \$UNK_$1 + 1 ))"
;;esac;;esac
# We only count traffic generated by others
case $3 in $PAT);;*)
case $4 in
# DNS: resolvers tend to open multiple connections
53)
case ${10} in
"[UNREPLIED]")
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac";;
*)
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac";;
esac
case ${DEBIP#IP_} in $1)echo "udp ham $1:$2 $3:$4";;esac
;;
# Punish traffic on ports 6880-6889
688*)
case ${10} in
"[UNREPLIED]")
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac";;
*)
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac";;
esac
case ${DEBIP#IP_} in $1)echo "udp p2p $1:$2 $3:$4";;esac
;;
# Everything else is normal udp
*)
case ${10} in
"[UNREPLIED]")
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac";;
*)
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac";;
esac
case ${DEBIP#IP_} in $1)echo "udp std $1:$2 $3:$4";;esac
;;
esac
eval "UDP_$1_$3=\$(( \$UDP_$1_$3 + 1 ))"
;;esac
return 0
}
case $1 in
block)
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
block "-I" $2
exit 0
;;
unblock|clear)
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
block "-D" $2
exit 0
;;
start|stop)
test ! -f $CRONDIR/$CRONUSR && (echo "No $CRONDIR/$CRONUSR" 2>&-;exit 1)
if egrep -q "/${0##*/}" $CRONDIR/$CRONUSR; then
case $1 in stop)
echo "Removing ${0##*/} from cron"
sed -i -e "/\/${0##*/}/d" $CRONDIR/$CRONUSR
;;esac
else
case $1 in start)
case $BOGOTHRESH in 0);;*)
echo "Adding ${0##*/} to cron"
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
sed -i -e "\$a*/1 * * * * $me" $CRONDIR/$CRONUSR
;;esac
;;esac
fi
echo $CRONUSR > $CRONDIR/cron.update
exit 0
;;
status)
echo "Firewall status:"
iptables -nL FORWARD|egrep '^(DROP|REJECT)? +all +-- +[1-9][0-9\.]+ +0.0.0.0/0\b' || echo " No IPs blocked"
egrep -q "/${0##*/}" $CRONDIR/$CRONUSR && echo "Running via cron" || echo "Not running via cron"
exit 0
;;
-h|--help|help)
cat<<EOF
This script examines the kernel conntrack table and blocks a source IP if
it detects a filesharing application. Read the script file for details.
Usage: $0 {start|stop|block [IP]|unblock [IP]|help|[file]}
start add this scipt as cron job
stop remove this script from cron
status show a list of blocked IPs
block manually block an IP
unblock manually unblock an IP
[file] parse [file] instead /proc/net/ip_conntrack (for testing)
No args normal function, e.g. called by cron without arguments
Note1: if netcat is installed, this script tries to inform a blocked user
by starting a simple web server. If also ssmtp is installed, this script
informs you by e-mail about the filesharing and blocking incidents. If
someone is blocked, this is recorded in /var/log/zapp* files for later
analysis. To analyze, unpack the gzipped conntrack file of the incident
and start this script by supplying the filename.
Note2: to install on Freifunk-FW copy this script to /etc/init.d/S92zapp
and restart the router. On other systems it shoud be sufficient to start
this script with "$0 start".
EOF
exit 0
;;
esac
if ! $DEBUG; then
if [ -f /proc/sys/net/netfilter/nf_conntrack_acct ] &&
[ 0 = $(cat /proc/sys/net/netfilter/nf_conntrack_acct) ]
then
# Kernel-2.6 needs accounting=on for correct ip_conntrack format
echo "Kernel accounting not enabled, which is required." >&2
echo "Use 'sysctl -w net.netfilter.nf_conntrack_acct=1'" >&2
exit 1
fi
fi
# Different kernels have differnt formats, script lines doubled to prevent too much compare operations
REL=$(uname -r)
case ${REL#2.4} in $REL)
# Kernel 2.6 output has [STATUS] in different positions, shift to end
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
set $l
case $1 in
tcp)
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${11#src=} ${13#sport=} ${12#dst=} ${14#dport=} $(( ${10#bytes=} + ${16#bytes=} )) $4
;;
udp)
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${10#src=} ${12#sport=} ${11#dst=} ${13#dport=} $(( ${9#bytes=}+${15#bytes=} )) ${19}
;;
eof)
# If probably no P2P client active double threshold
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
done
;;
esac
done
;;*)
# Kernel 2.4 output has [STATUS] in different positions, shift to end
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
set $l
case $1 in
tcp)
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${9#src=} ${11#sport=} ${10#dst=} ${12#dport=} ${15#bytes=} $4
;;
udp)
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${8#src=} ${10#sport=} ${9#dst=} ${11#dport=} ${14#bytes=} ${15}
;;
eof)
# If probably no P2P client active double threshold
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
done
;;
esac
done
;;esac
exit 0

576
root_file_system/default/etc/nodewatcher.sh Executable file
View File

@ -0,0 +1,576 @@
#!/bin/sh
# Netmon Nodewatcher (C) 2010-2011 Freifunk Oldenburg
# Lizenz: GPL
if [ -f /etc/config/nodewatcher ];then
API_IPV4_ADRESS=`uci get nodewatcher.@api[0].ipv4_address`
API_IPV6_ADRESS=`uci get nodewatcher.@api[0].ipv6_address`
API_IPV6_INTERFACE=`uci get nodewatcher.@api[0].ipv6_interface`
SCRIPT_VERSION=`uci get nodewatcher.@script[0].version`
SCRIPT_ERROR_LEVEL=`uci get nodewatcher.@script[0].error_level`
SCRIPT_LOGFILE=`uci get nodewatcher.@script[0].logfile`
CRAWL_METHOD=`uci get nodewatcher.@crawl[0].method`
CRAWL_ROUTER_ID=`uci get nodewatcher.@crawl[0].router_id`
CRAWL_UPDATE_HASH=`uci get nodewatcher.@crawl[0].update_hash`
CRAWL_NICKNAME=`uci get nodewatcher.@crawl[0].nickname`
CRAWL_PASSWORD=`uci get nodewatcher.@crawl[0].password`
UPDATE_AUTOUPDATE=`uci get nodewatcher.@update[0].autoupdate`
else
. /etc/nodewatcher_config
fi
delete_log() {
if [ -f $logfile ]; then
if [ `ls -la $logfile | awk '{ print $5 }'` -gt "6000" ]; then
sed -i '1,60d' $logfile
if [ $error_level -gt "1" ]; then
echo "`date`: Logfile wurde verkleinert" >> $logfile
fi
fi
fi
}
urlencode() {
arg="$1"
i=0
while [ $i -lt ${#arg} ]; do
c=${arg:$i:1}
if echo "$c" | grep -q '[a-zA-Z/:_\.\-]'; then
echo -n "$c"
else
echo -n "%"
printf "%X" "'$c'"
fi
i=$((i+1))
done
}
convert_space() {
arg="$1"
echo $1 | sed "s/ /%20/g"
}
get_url() {
if [[ $API_IPV4_ADRESS != "1" ]]; then
url=$API_IPV4_ADRESS
else
url="[$API_IPV6_ADRESS"%"$API_IPV6_INTERFACE]"
fi
echo $url
}
do_ping() {
if [[ $API_IPV4_ADRESS != "1" ]]; then
command="ping -c 2 "$API_IPV4_ADRESS
else
command="ping -c 2 -I "$API_IPV6_INTERFACE" "$API_IPV6_ADRESS
fi
if [ $error_level -gt "1" ]; then
echo "`date`: Pinging..." >> $logfile
fi
ping_return=`$command`
if [ $error_level -gt "2" ]; then
echo $ping_return
fi
}
update() {
if [ $error_level -gt "1" ]; then
echo "`date`: Suche neue Version" >> $logfile
fi
netmon_api=`get_url`
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=version"
ergebnis=`$command`
return=`echo $ergebnis| cut '-d;' -f1`
version=`echo $ergebnis| cut '-d;' -f2`
if [[ $return = "success" ]]; then
if [[ $version -gt $SCRIPT_VERSION ]]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Eine neue Version ist Verfügbar, script wird geupdated" >> $logfile
fi
wget -q -O $SCRIPT_DIR/nodewatcher.sh http://$netmon_api/api_nodewatcher.php?section=update
uci set nodewatcher.@script[0].version=$version
uci commit
else
if [ $error_level -gt "1" ]; then
echo "`date`: Das Script ist aktuell" >> $logfile
fi
fi
else
if [ $error_level -gt "0" ]; then
echo "`date`: Beim Update ist ein Fehler aufgetreten: $ergebnis" >> $logfile
fi
fi
}
assign() {
netmon_api=`get_url`
hostname=`cat /proc/sys/kernel/hostname`
#Choose right login String
login_strings="$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')"
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=test_login_strings&login_strings=$login_strings"
ergebnis=`$command`
if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
router_auto_assign_login_string=`echo $ergebnis| cut '-d;' -f2`
if [ $error_level -gt "1" ]; then
echo "`date`: Es existiert ein Router mit dem Login String $router_auto_assign_login_string" >> $logfile
fi
elif [ `echo $ergebnis| cut '-d;' -f1` = "error" ]; then
router_auto_assign_login_string=`echo $login_strings| cut '-d;' -f1`
if [ $error_level -gt "1" ]; then
echo "`date`: Es existiert kein Router mit einem der Login Strings: $login_strings" >> $logfile
echo "`date`: Nutze $router_auto_assign_login_string als login string" >> $logfile
fi
fi
#Try to assign Router with choosen login string
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=router_auto_assign&router_auto_assign_login_string=$router_auto_assign_login_string&hostname=$hostname"
ergebnis=`$command`
if [ `echo $ergebnis| cut '-d;' -f1` != "success" ]; then
if [ `echo $ergebnis| cut '-d;' -f2` = "already_assigned" ]; then
if [ $error_level -gt "0" ]; then
echo "`date`: Der Login String `echo $ergebnis| cut '-d;' -f3` ist bereits mit einem Router verknüpft" >> $logfile
fi
elif [ `echo $ergebnis| cut '-d;' -f2` = "autoassign_not_allowed" ]; then
if [ $error_level -gt "0" ]; then
echo "`date`: Der dem Login String `echo $ergebnis| cut '-d;' -f3` zugewiesene Router erlaubt autoassign nicht" >> $logfile
fi
elif [ `echo $ergebnis| cut '-d;' -f2` = "new_not_assigned" ]; then
if [ $error_level -gt "0" ]; then
echo "`date`: Router wurde der Liste der nicht zugewiesenen Router hinzugefügt" >> $logfile
fi
elif [ `echo $ergebnis| cut '-d;' -f2` = "updated_not_assigned" ]; then
if [ $error_level -gt "0" ]; then
echo "`date`: Router auf der Liste der nicht zugewiesenen Router wurde geupdated" >> $logfile
fi
fi
if [ $error_level -gt "0" ]; then
echo "`date`: Der Router wurde nicht mit Netmon verknüpft" >> $logfile
fi
elif [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
#write new config
uci set nodewatcher.@crawl[0].router_id=`echo $ergebnis| cut '-d;' -f2`
uci set nodewatcher.@crawl[0].update_hash=`echo $ergebnis| cut '-d;' -f3`
if [ $error_level -gt "1" ]; then
echo "`date`: Der Router wurde mit Netmon verknüpft" >> $logfile
fi
uci commit
configure
can_crawl=1
fi
}
configure() {
netmon_api=`get_url`
authentificationmethod=$CRAWL_METHOD
router_id=$CRAWL_ROUTER_ID
router_auto_update_hash=$CRAWL_UPDATE_HASH
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=get_standart_data&authentificationmethod=$authentificationmethod&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id"
ergebnis=`$command`
if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
#uci set freifunk.contact.location=`echo $ergebnis| cut '-d;' -f3`
uci set system.@system[0].hostname=`echo $ergebnis| cut '-d;' -f4`
echo `echo $ergebnis| cut '-d;' -f4` > /proc/sys/kernel/hostname
# uci get system.@system[0].latitude=
# uci get system.@system[0].longitude=
# uci get freifunk.community.ssid=
# uci get freifunk.contact.nickname=
# uci get freifunk.contact.mail=
# uci get freifunk.community.prefix=
# uci get freifunk.contact.note=
uci commit
if [ $error_level -gt "1" ]; then
echo "`date`: Der Router wurde konfiguriert" >> $logfile
fi
else
if [ $error_level -gt "0" ]; then
echo "`date`: Fehler bei der Konfiguration: $ergebnis" >> $logfile
fi
fi
}
crawl() {
#Get API and authentication configuration
netmon_api=`get_url`
authentificationmethod=$CRAWL_METHOD
nickname=$CRAWL_NICKNAME
password=$CRAWL_PASSWORD
router_id=$CRAWL_ROUTER_ID
router_auto_update_hash=$CRAWL_UPDATE_HASH
#Get system data from UCI
if which uci >/dev/null; then
if [ $error_level -gt "1" ]; then
echo "`date`: UCI is installed, trying to collect extra data UCI" >> $logfile
fi
location="`uci get freifunk.contact.location`"
location=`urlencode "$location"`
latitude="`uci get system.@system[0].latitude`"
longitude="`uci get system.@system[0].longitude`"
community_essid="`uci get freifunk.community.ssid`"
community_nickname="`uci get freifunk.contact.nickname`"
community_email="`uci get freifunk.contact.mail`"
community_prefix="`uci get freifunk.community.prefix`"
description="`uci get freifunk.contact.note`"
description=`urlencode "$description"`
fi
#Get system data from LUA
if which lua >/dev/null; then
if [ $error_level -gt "1" ]; then
echo "`date`: LUA is installed, trying to collect extra data LUA" >> $logfile
fi
luciname=`lua -l luci.version -e 'print(luci.version.luciname)'`
luciname=`urlencode "$luciname"`
lucversion=`lua -l luci.version -e 'print(luci.version.luciversion)'`
lucversion=`urlencode "$lucversion"`
fi
#Get system data from other locations
hostname="`cat /proc/sys/kernel/hostname`"
uptime=`cat /proc/uptime | awk '{ print $1 }'`
idletime=`cat /proc/uptime | awk '{ print $2 }'`
memory_total=`cat /proc/meminfo | grep 'MemTotal' | awk '{ print $2 }'`
memory_caching=`cat /proc/meminfo | grep -m 1 'Cached:' | awk '{ print $2 }'`
memory_buffering=`cat /proc/meminfo | grep 'Buffers' | awk '{ print $2 }'`
memory_free=`cat /proc/meminfo | grep 'MemFree' | awk '{ print $2 }'`
cpu=`grep -m 1 "cpu model" /proc/cpuinfo | cut -d ":" -f 2`
if [ -n $cpu ]; then
cpu=`grep -m 1 "model name" /proc/cpuinfo | cut -d ":" -f 2`
fi
cpu=`urlencode "$cpu"`
chipset=`grep -m 1 "system type" /proc/cpuinfo | cut -d ":" -f 2`
chipset=`urlencode "$chipset"`
local_time="`date +%s`"
processes=`cat /proc/loadavg | awk '{ print $4 }'`
loadavg=`cat /proc/loadavg | awk '{ print $1 }'`
if which batctl >/dev/null; then
batman_adv_version=`batctl -v | awk '{ print $2 }'`
fi
kernel_version=`uname -r`
nodewatcher_version=$SCRIPT_VERSION
openwrt_version_file="/etc/openwrt_release"
if [ -f $openwrt_version_file ]; then
. $openwrt_version_file
distname=$DISTRIB_ID
distversion=$DISTRIB_RELEASE
fi
firmware_version_file="/etc/firmware_release"
if [ -f $firmware_version_file ]; then
. $firmware_version_file
firmware_version=$FIRMWARE_VERSION
fi
#Send system data
command="http://$netmon_api/api_nodewatcher.php?section=insert_crawl_system_data&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&status=online&hostname=$hostname&description=$description&location=$location&latitude=$latitude&longitude=$longitude&luciname=$luciname&luciversion=$luciversion&distname=$distname&distversion=$distversion&chipset=$chipset&cpu=$cpu&memory_total=$memory_total&memory_caching=$memory_caching&memory_buffering=$memory_buffering&memory_free=$memory_free&loadavg=$loadavg&processes=$processes&uptime=$uptime&idletime=$idletime&local_time=$local_time&community_essid=$community_essid&community_nickname=$community_nickname&community_email=$community_email&community_prefix=$community_prefix&batman_advanced_version=$batman_adv_version&kernel_version=$kernel_version&nodewatcher_version=$nodewatcher_version&firmware_version=$firmware_version"
command="wget -q -O - "$command
if [ "$1" = "debug" ]; then
echo $command
else
i=0
while [ $i -le 5 ]
do
return_interface=`$command`
if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Das Senden der System und Batman Statusdaten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
fi
break;
else
if [ $error_level -gt "0" ]; then
echo "`date`: Error! Das Senden der System und Batman Statusdaten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
fi
fi
i=`expr $i + 1` #Zähler um eins erhöhen
done
fi
#Get interfaces
IFACES=`cat /proc/net/dev | awk -F: '!/\|/ { gsub(/[[:space:]]*/, "", $1); split($2, a, " "); printf("%s=%s=%s ", $1, a[1], a[9]) }'`
#Loop interfaces
for entry in $IFACES; do
int=""
iface=`echo $entry | cut -d '=' -f 1`
rcv=`echo $entry | cut -d '=' -f 2`
xmt=`echo $entry | cut -d '=' -f 3`
wlan_mode=""
wlan_bssid=""
wlan_essid=""
wlan_frequency=""
wlan_tx_power=""
if [ "$iface" != "lo" ]; then
if [ "`ifconfig ${iface} | grep UP`" != "" ]; then
#Get interface data
name="${iface}"
mac_addr="`ifconfig ${iface} | grep 'HWaddr' | awk '{ print $5}'`"
ipv4_addr="`ifconfig ${iface} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`"
ipv6_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Global' | awk '{ print $3}'`"
ipv6_link_local_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Link' | awk '{ print $3}'`"
mtu="`ifconfig ${iface} | grep 'MTU' | cut -d: -f2 | awk '{ print $1}'`"
traffic_rx="$rcv"
traffic_tx="$xmt"
int=$int"int[$name][name]=$name&int[$name][mac_addr]=$mac_addr&int[$name][ipv4_addr]=$ipv4_addr&int[$name][ipv6_addr]=$ipv6_addr&int[$name][ipv6_link_local_addr]=$ipv6_link_local_addr&int[$name][traffic_rx]=$traffic_rx&int[$name][traffic_tx]=$traffic_tx&int[$name][mtu]=$mtu&"
if [ "`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`" != "" ]; then
wlan_mode="`iwconfig ${iface} 2>/dev/null | grep 'Mode' | awk '{ print $1 }' | cut -d ':' -f 2`"
if [ $wlan_mode = "Master" ]; then
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep 'Access Point' | awk '{ print $6 }'`"
elif [ $wlan_mode = "Ad-Hoc" ]; then
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep Cell | awk '{ print $5 }'`"
fi
wlan_essid="`iwconfig ${iface} 2>/dev/null | grep ESSID | awk '{ split($4, a, \"\\"\"); printf(\"%s\", a[2]); }'`"
wlan_frequency="`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`"
wlan_tx_power="`iwconfig ${iface} 2>/dev/null | grep 'Tx-Power' | awk '{ print $4 }' | cut -d '=' -f 2`"
int=$int"int[$name][wlan_mode]=$wlan_mode&int[$name][wlan_frequency]=$wlan_frequency&int[$name][wlan_essid]=$wlan_essid&int[$name][wlan_bssid]=$wlan_bssid&int[$name][wlan_tx_power]=$wlan_tx_power&"
fi
#Send interface status data
command="http://$netmon_api/api_nodewatcher.php?section=insert_crawl_interfaces_data&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&$int"
command="wget -q -O - "$command
if [ "$1" = "debug" ]; then
echo $command
else
i=0
while [ $i -le 5 ]
do
return_interface=`$command`
if [ `echo $return_interface | cut '-d;' -f1`="success" ]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Das Senden der Interface Statusdaten ($name) war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
fi
break;
else
if [ $error_level -gt "0" ]; then
echo "`date`: Error! Das Senden der Interface Statusdaten ($name) war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
echo "`date`: $command" >> $logfile
fi
fi
i=`expr $i + 1` #Zähler um eins erhöhen
done
fi
fi
fi
done
#B.A.T.M.A.N. advanced
mv /etc/bat-hosts /etc/bat-hosts.tmp
if which batctl >/dev/null; then
batman_check_running=`batctl if | grep 'Error'`
if [ "$batman_check_running" == "" ]; then
has_active_interface="0"
BAT_ADV_IFACES=`batctl if | awk '{ print $1 }' | cut -d ':' -f 1`
for device_name in $BAT_ADV_IFACES; do
if [ "`batctl if | grep $device_name | grep active`" != "" ]; then
status='active'
has_active_interface="1"
else
status='inactive'
fi
command="http://$netmon_api/api_nodewatcher.php?section=insert_batman_adv_interfaces&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&bat_adv_int[$device_name][name]=$device_name&bat_adv_int[$device_name][status]=$status"
command="wget -q -O - "$command
if [ "$1" = "debug" ]; then
echo $command
else
i=0
while [ $i -le 5 ]
do
return_interface="`$command`"
if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Das Senden des Batman Advanced Interfaces ($device_name) war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
fi
break;
else
if [ $error_level -gt "0" ]; then
echo "`date`: Error! Das Senden des Batman Advanced Interfaces ($device_name) war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
fi
fi
i=`expr $i + 1` #Zähler um eins erhöhen
done
fi
done
if [ $has_active_interface = "1" ]; then
BAT_ADV_ORIGINATORS=`batctl o | grep 'No batman nodes in range'`
if [ "$BAT_ADV_ORIGINATORS" == "" ]; then
OLDIFS=$IFS
IFS="
"
BAT_ADV_ORIGINATORS=`batctl o | awk '/O/ {next} /B/ {next} {print}'`
for row in $BAT_ADV_ORIGINATORS; do
originator=`echo $row | awk '{print $1}'`
last_seen=`echo $row | awk '{print $2}'`
last_seen="${last_seen//s/}"
link_quality=`echo $row | awk '{print $3}'`
link_quality="${link_quality//(/}"
link_quality="${link_quality//)/}"
batman_adv_originators=$batman_adv_originators"bat_adv_orig[$originator][originator]=$originator&bat_adv_orig[$originator][link_quality]=$link_quality&bat_adv_orig[$originator][last_seen]=$last_seen&"
done
IFS=$OLDIFS
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=insert_batman_adv_originators&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&$batman_adv_originators"
if [ "$1" = "debug" ]; then
echo $command
else
i=0
while [ $i -le 5 ]
do
return_interface="`$command`"
if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Das Senden der Batman Advaned Originator Daten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
fi
break;
else
if [ $error_level -gt "0" ]; then
echo "`date`: Error! Das Senden der Batman Advaned Originator Daten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
fi
fi
i=`expr $i + 1` #Zähler um eins erhöhen
done
fi
fi
fi
fi
fi
mv /etc/bat-hosts.tmp /etc/bat-hosts
#CLIENTS
MESHDEVICE='br-mesh'
CLIENTDEVICE='ath0'
SEDDEV=`brctl showstp $MESHDEVICE | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
CLIENT_MACS=`brctl showmacs $MESHDEVICE | sed -e "$SEDDEV" | awk '{if ($3 != "yes" && $1 == "ath0") print $2}'`
i=0
for client in $CLIENT_MACS; do
# clients=$clients"clients[$i][mac_addr]=$client&"
i=`expr $i + 1` #Zähler um eins erhöhen
done
client_count=$i
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=insert_clients&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&client_count=$client_count"
if [ "$1" = "debug" ]; then
echo $command
else
i=0
while [ $i -le 5 ]
do
return_interface="`$command`"
if [ `echo $return_interface | cut '-d;' -f1`="success" ]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Das Senden der Client Daten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
fi
break;
else
if [ $error_level -gt "0" ]; then
echo "`date`: Error! Das Senden der Client Daten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
fi
fi
i=`expr $i + 1` #Zähler um eins erhöhen
done
fi
}
LANG=C
SCRIPT_DIR=`dirname $0`
error_level=$SCRIPT_ERROR_LEVEL
logfile=$SCRIPT_LOGFILE
if [[ $UPDATE_AUTOUPDATE == '1' ]]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Autoupdate ist an" >> $logfile
fi
update
else
if [ $error_level -gt "1" ]; then
echo "`date`: Autoupdate ist aus" >> $logfile
fi
fi
if [[ "$1" == "update" ]]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Führe manuelles update aus" >> $logfile
fi
update
exit 1
fi
if [ $error_level -gt "1" ]; then
echo "`date`: Prüfe Authentifizierungsmethode" >> $logfile
fi
can_crawl=1
if [ $CRAWL_METHOD == "login" ]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Authentifizierungsmethode ist: Username und Passwort" >> $logfile
fi
elif [ $CRAWL_METHOD == "hash" ]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Authentifizierungsmethode ist: Autoassign und Hash" >> $logfile
echo "`date`: Prüfe ob Roter schon mit Netmon verknüpft ist" >> $logfile
fi
if [ $CRAWL_UPDATE_HASH == "1" ]; then
can_crawl=0
if [ $error_level -gt "1" ]; then
echo "`date`: Der Router ist noch NICHT mit Netmon verknüpft" >> $logfile
echo "`date`: Versuche verknüpfung herzustellen" >> $logfile
fi
assign
else
if [ $error_level -gt "1" ]; then
echo "`date`: Der Router ist bereits mit Netmon verknüpft" >> $logfile
fi
fi
fi
if [ $can_crawl == 1 ]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Prüfe Logfile" >> $logfile
fi
delete_log
if [ $error_level -gt "1" ]; then
echo "`date`: Sende aktuelle Statusdaten" >> $logfile
fi
crawl
fi
exit 0

3
root_file_system/default/etc/passwd Normal file
View File

@ -0,0 +1,3 @@
root:$1$OmvoKpjK$e.lPVnBxsrAbNV4EoH3xb1:0:0:root:/root:/bin/ash
nobody:*:65534:65534:nobody:/var:/bin/false
daemon:*:65534:65534:daemon:/var:/bin/false

18
root_file_system/default/etc/rc.local Executable file
View File

@ -0,0 +1,18 @@
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
ifconfig br-mesh down
ifconfig br-mesh up
ifdown lan
ifup lan
rdate -s time.fu-berlin.de
chown root.root /etc/crontabs/root
/etc/init.d/cron stop
/etc/init.d/cron start
sh /etc/firewall.user
exit 0

15
root_file_system/default/etc/showmacs.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/sh
#
# SHOWMACS need br-ctl! NO BUSYBOX!
#
# Version 0.2
#
# by Tim Niemeyer (reddog@mastersword.de)
#
DEV=$1
SEDDEV=`brctl showstp $DEV | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
SEDMAC=`cat /etc/bat-hosts | sed -e "s/^/s\//;s/$/\/;/;s/ /\//"`
brctl showmacs $DEV | sed -e "$SEDMAC" | sed -e "$SEDDEV"

24
root_file_system/default/etc/sysctl.conf Normal file
View File

@ -0,0 +1,24 @@
kernel.panic=3
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=0
net.core.netdev_max_backlog=30
net.netfilter.nf_conntrack_checksum=0
net.ipv4.netfilter.ip_conntrack_checksum=0
net.ipv4.netfilter.ip_conntrack_max=16384
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
# net.ipv6.conf.all.forwarding=1
# disable bridge firewalling by default
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0

118
root_file_system/default/etc/tincstart.sh Executable file
View File

@ -0,0 +1,118 @@
#!/bin/sh
#DEBUG="--debug=2"
DEBUG=""
SERVER="no"
SERVERNAME="batgw"
project="batvpn"
test_internet_host1="mastersword.de"
test_internet_host2="78.46.215.78"
#Only do something with tinc when the router has internet connection
if ping -w5 -c3 "$test_internet_host1" &>/dev/null || ping -w5 -c3 "$test_internet_host2" &>/dev/null
then
if [ "$SERVER" == "no" ]
then
hostname=$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
if [ "$hostname" == "" ]
then
hostname=$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
fi
if [ "$hostname" == "" ]
then
hostname=$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
fi
else
hostname=$SERVERNAME
fi
if [ ! -d /etc/tinc ]
then
mkdir /etc/tinc
fi
if [ ! -d /etc/tinc/$project ]
then
mkdir /etc/tinc/$project
echo -n -e "\n\n" | tincd --pidfile=/etc/tinc/$project/tinc.pid -n $project -K
kill -HUP $(cat /etc/tinc/$project/tinc.pid)
sleep 3
mkdir /etc/tinc/$project/hosts
echo "ifconfig \$INTERFACE up" > /etc/tinc/$project/tinc-up
if [ "$SERVER" == "no" ]
then
echo "brctl addif br-mesh \$INTERFACE" >> /etc/tinc/$project/tinc-up
fi
chmod +x /etc/tinc/$project/tinc-up
fi
pubkey=$(for line in $(cat /etc/tinc/$project/rsa_key.pub | sed -e 's/$/%0a/g' | sed -e 's/+/%2b/g' | sed -e 's/ /%20/g'); do echo -n $line; done)
port=666
cat <<EOF > /etc/tinc/$project/tinc.conf
Name = $hostname
Mode = Switch
#PingTimeout = 30
Hostnames = yes
#GraphDumpFile = /tmp/vpn-graph.dot
TCPOnly = yes
EOF
# we need this only for first startup
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
then
cat <<EOF > /etc/tinc/$project/hosts/$hostname
Address = 0.0.0.0
Port = $port
EOF
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
fi
# fire up
if [ "$(ps aux | grep tincd | grep -v grep)" == "" ]
then
tincd -c /etc/tinc/$project --pidfile=/etc/tinc/$project/tinc.pid --logfile=/var/log/tinc.log $DEBUG
# sleep 1
# brctl addif br-mesh tap0
fi
# register
wget -T15 "http://mastersword.de/~reddog/tinc/?name=$hostname&port=$port&key=$pubkey" -O /etc/tinc/$project/output
filenames=$(cat /etc/tinc/$project/output| grep ^#### | sed -e 's/^####//' | sed -e 's/.conf//g')
for file in $filenames
do
grep -A100 $file /etc/tinc/$project/output | grep -v $file | grep -m1 ^### -B100 | grep -v ^### > /etc/tinc/$project/hosts/$file.new
if [ "$(diff /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file 2>&1)" == "" ]
then
/bin/rm /etc/tinc/$project/hosts/$file.new
else
/bin/mv /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file
fi
echo "ConnectTo=$file" >> /etc/tinc/$project/tinc.conf
done
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
then
cat <<EOF > /etc/tinc/$project/hosts/$hostname
Address = 0.0.0.0
Port = $port
EOF
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
fi
#reload
kill -HUP $(cat /etc/tinc/$project/tinc.pid)
else
echo "Der Router kann keine Verbindung zum Tincserver aufbauen"
echo "Tincstart macht nichts!"
fi
exit 0

37
root_file_system/dir300/etc/config/network Normal file
View File

@ -0,0 +1,37 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
#config 'interface' 'lan'
# option 'proto' 'dhcp'
# option 'ifname' 'eth0.1'
config 'interface' 'wlanmesch'
option 'ifname' 'ath1'
option 'mtu' '1527'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'eth0.1 ath0 bat0 tap0'
option 'stp' '1'
config 'switch' 'eth0'
option 'name' 'eth0'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 1 2 3 5t'
config 'switch_vlan' 'eth0_2'
option 'device' 'eth0'
option 'vlan' '2'
option 'ports' '4 5t'
config 'interface' 'wan'
option 'ifname' 'eth0.2'
option 'proto' 'dhcp'

18
root_file_system/fonera/etc/config/network Normal file
View File

@ -0,0 +1,18 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'proto' 'dhcp'
option 'ifname' 'eth0'
config 'interface' 'wlanmesch'
option 'ifname' 'ath1'
option 'mtu' '1527'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'ath0 bat0 tap0'
option 'stp' '1'