forked from freifunk-franken/firmware
Restructuring firmware direkctories, work in progress!
This commit is contained in:
commit
4092c53558
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,13 @@
|
||||||
|
|
||||||
|
config KMOD_BATMAN_ADV_DEBUG_LOG
|
||||||
|
bool "enable verbose debug logging"
|
||||||
|
depends PACKAGE_kmod-batman-adv
|
||||||
|
default n
|
||||||
|
config KMOD_BATMAN_ADV_BATCTL
|
||||||
|
bool "enable batctl"
|
||||||
|
depends PACKAGE_kmod-batman-adv
|
||||||
|
default y
|
||||||
|
help
|
||||||
|
batctl is a more intuitive managment utility for B.A.T.M.A.N.-Advanced.
|
||||||
|
It is an easier method for configuring batman-adv and
|
||||||
|
provides some additional tools for debugging as well.
|
|
@ -0,0 +1,106 @@
|
||||||
|
#
|
||||||
|
# Copyright (C) 2010 OpenWrt.org
|
||||||
|
#
|
||||||
|
# This is free software, licensed under the GNU General Public License v2.
|
||||||
|
# See /LICENSE for more information.
|
||||||
|
#
|
||||||
|
# $Id: Makefile 5624 2006-11-23 00:29:07Z nbd $
|
||||||
|
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PKG_NAME:=batman-adv
|
||||||
|
|
||||||
|
PKG_VERSION:=2010.2.0
|
||||||
|
PKG_MD5SUM:=c233f06bd94432d7697ad78241e8bdd6
|
||||||
|
BATCTL_MD5SUM:=f16d7332576c7b4fc9f8a37add235225
|
||||||
|
|
||||||
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
|
PKG_SOURCE_URL:=http://downloads.open-mesh.org/batman/releases/batman-adv-$(PKG_VERSION)
|
||||||
|
|
||||||
|
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(PKG_NAME)-$(PKG_VERSION)
|
||||||
|
PKG_TOOL_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/batctl-$(PKG_VERSION)
|
||||||
|
|
||||||
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
include $(INCLUDE_DIR)/kernel.mk
|
||||||
|
|
||||||
|
define KernelPackage/batman-adv
|
||||||
|
URL:=http://www.open-mesh.org/
|
||||||
|
MAINTAINER:=Marek Lindner <lindner_marek@yahoo.de>
|
||||||
|
SUBMENU:=Network Support
|
||||||
|
DEPENDS:=@!LINUX_2_4
|
||||||
|
TITLE:=B.A.T.M.A.N. Adv
|
||||||
|
FILES:=$(PKG_BUILD_DIR)/batman-adv.$(LINUX_KMOD_SUFFIX)
|
||||||
|
AUTOLOAD:=$(call AutoLoad,50,batman-adv)
|
||||||
|
endef
|
||||||
|
|
||||||
|
define KernelPackage/batman-adv/description
|
||||||
|
B.A.T.M.A.N. advanced is a kernel module which allows to
|
||||||
|
build layer 2 mesh networks. This package contains the
|
||||||
|
version $(PKG_VERSION) of the kernel module plus its user space
|
||||||
|
configuration & managerment tool batctl.
|
||||||
|
endef
|
||||||
|
|
||||||
|
define KernelPackage/batman-adv/config
|
||||||
|
source "$(SOURCE)/Config.in"
|
||||||
|
endef
|
||||||
|
|
||||||
|
MAKE_BATMAN_ADV_ARGS += \
|
||||||
|
CROSS_COMPILE="$(TARGET_CROSS)" \
|
||||||
|
ARCH="$(LINUX_KARCH)" \
|
||||||
|
PATH="$(TARGET_PATH)" \
|
||||||
|
$(if $(CONFIG_KMOD_BATMAN_ADV_DEBUG_LOG),EXTRA_CFLAGS="-DCONFIG_BATMAN_ADV_DEBUG") \
|
||||||
|
SUBDIRS="$(PKG_BUILD_DIR)" \
|
||||||
|
LINUX_VERSION="$(LINUX_VERSION)" \
|
||||||
|
REVISION="" modules
|
||||||
|
|
||||||
|
MAKE_BATCTL_ARGS += \
|
||||||
|
CFLAGS="$(TARGET_CFLAGS)" \
|
||||||
|
CCFLAGS="$(TARGET_CFLAGS)" \
|
||||||
|
OFLAGS="$(TARGET_CFLAGS)" \
|
||||||
|
REVISION="" \
|
||||||
|
CC="$(TARGET_CC)" \
|
||||||
|
NODEBUG=1 \
|
||||||
|
UNAME="Linux" \
|
||||||
|
INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \
|
||||||
|
STRIP="/bin/true" \
|
||||||
|
batctl install
|
||||||
|
|
||||||
|
ifneq ($(DEVELOPER)$(CONFIG_KMOD_BATMAN_ADV_BATCTL),)
|
||||||
|
define Download/batctl
|
||||||
|
FILE:=batctl-$(PKG_VERSION).tar.gz
|
||||||
|
URL:=$(PKG_SOURCE_URL)
|
||||||
|
MD5SUM:=$(BATCTL_MD5SUM)
|
||||||
|
endef
|
||||||
|
$(eval $(call Download,batctl))
|
||||||
|
|
||||||
|
BUILD_BATCTL = $(MAKE) -C $(PKG_TOOL_BUILD_DIR) $(MAKE_BATCTL_ARGS)
|
||||||
|
endif
|
||||||
|
|
||||||
|
define Build/Compile
|
||||||
|
tar xzf "$(DL_DIR)/batctl-$(PKG_VERSION).tar.gz" -C "$(BUILD_DIR)/$(PKG_NAME)"
|
||||||
|
cp $(PKG_BUILD_DIR)/Makefile.kbuild $(PKG_BUILD_DIR)/Makefile
|
||||||
|
$(MAKE) -C "$(LINUX_DIR)" $(MAKE_BATMAN_ADV_ARGS)
|
||||||
|
$(BUILD_BATCTL)
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Build/Clean
|
||||||
|
rm -rf $(BUILD_DIR)/$(PKG_NAME)/
|
||||||
|
endef
|
||||||
|
|
||||||
|
ifneq ($(DEVELOPER)$(CONFIG_KMOD_BATMAN_ADV_BATCTL),)
|
||||||
|
define KernelPackage/batman-adv/install
|
||||||
|
$(INSTALL_DIR) $(1)/etc/config $(1)/etc/init.d
|
||||||
|
$(INSTALL_BIN) ./files/etc/init.d/batman-adv $(1)/etc/init.d
|
||||||
|
$(INSTALL_DATA) ./files/etc/config/batman-adv $(1)/etc/config
|
||||||
|
$(INSTALL_DIR) $(1)/usr/sbin
|
||||||
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/batctl $(1)/usr/sbin/
|
||||||
|
endef
|
||||||
|
else
|
||||||
|
define KernelPackage/batman-adv/install
|
||||||
|
$(INSTALL_DIR) $(1)/etc/config $(1)/etc/init.d
|
||||||
|
$(INSTALL_BIN) ./files/etc/init.d/batman-adv $(1)/etc/init.d
|
||||||
|
$(INSTALL_DATA) ./files/etc/config/batman-adv $(1)/etc/config
|
||||||
|
endef
|
||||||
|
endif
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,batman-adv))
|
|
@ -0,0 +1,9 @@
|
||||||
|
|
||||||
|
config 'mesh' 'bat0'
|
||||||
|
option 'interfaces' 'wlan0'
|
||||||
|
option 'orig_interval'
|
||||||
|
option 'log_level'
|
||||||
|
option 'aggregated_ogms'
|
||||||
|
option 'bonding'
|
||||||
|
option 'fragmentation'
|
||||||
|
option 'vis_mode'
|
|
@ -0,0 +1,102 @@
|
||||||
|
#!/bin/sh /etc/rc.common
|
||||||
|
START=90
|
||||||
|
|
||||||
|
is_module_loaded() {
|
||||||
|
|
||||||
|
if [ ! -d "/sys/module/batman_adv" ]; then
|
||||||
|
echo "batman-adv module directory not found - was the kernel module loaded ?" >&2
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
start_mesh () {
|
||||||
|
local meshif="$1"
|
||||||
|
local interfaces orig_interval log_level aggregated_ogms bonding fragmentation vis_mode
|
||||||
|
|
||||||
|
is_module_loaded
|
||||||
|
[ $? -ne 1 ] && return
|
||||||
|
|
||||||
|
config_get interfaces "$meshif" interfaces
|
||||||
|
config_get orig_interval "$meshif" orig_interval
|
||||||
|
config_get log_level "$meshif" log_level
|
||||||
|
config_get aggregated_ogms "$meshif" aggregated_ogms
|
||||||
|
config_get bonding "$meshif" bonding
|
||||||
|
config_get fragmentation "$meshif" fragmentation
|
||||||
|
config_get vis_mode "$meshif" vis_mode
|
||||||
|
|
||||||
|
if [ "$interfaces" = "" ]; then
|
||||||
|
echo Error, you must specify at least a network interface
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
for interface in $interfaces
|
||||||
|
do
|
||||||
|
[ ! -f "/sys/class/net/$interface/batman_adv/mesh_iface" ] && echo "Can't add interface $interface - ignoring" && continue
|
||||||
|
echo $meshif > /sys/class/net/$interface/batman_adv/mesh_iface
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ $orig_interval ]; then
|
||||||
|
echo $orig_interval > /sys/class/net/$meshif/mesh/orig_interval
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $log_level ]; then
|
||||||
|
echo $log_level > /sys/class/net/$meshif/mesh/log_level 2>&-
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $aggregated_ogms ]; then
|
||||||
|
echo $aggregated_ogms > /sys/class/net/$meshif/mesh/aggregated_ogms
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $bonding ]; then
|
||||||
|
echo $bonding > /sys/class/net/$meshif/mesh/bonding
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $fragmentation ]; then
|
||||||
|
echo $fragmentation > /sys/class/net/$meshif/mesh/fragmentation
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $vis_mode ]; then
|
||||||
|
echo $vis_mode > /sys/class/net/$meshif/mesh/vis_mode
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
stop_mesh() {
|
||||||
|
local meshif="$1"
|
||||||
|
|
||||||
|
is_module_loaded
|
||||||
|
[ $? -ne 1 ] && return
|
||||||
|
|
||||||
|
for iface in $(ls /sys/class/net/*)
|
||||||
|
do
|
||||||
|
[ ! -f "$iface/batman_adv/mesh_iface" ] && continue
|
||||||
|
[ "$(head -1 $iface/batman_adv/mesh_iface)" != "status: $meshif" ] && continue
|
||||||
|
|
||||||
|
echo "none" > $iface/batman_adv/mesh_iface
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
# can also be used with "batman-adv start bat0"
|
||||||
|
start() {
|
||||||
|
config_load batman-adv
|
||||||
|
|
||||||
|
if [ -n "$1" ]; then
|
||||||
|
start_mesh $1
|
||||||
|
else
|
||||||
|
config_foreach start_mesh mesh
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# can also be used with "batman-adv stop bat0"
|
||||||
|
stop () {
|
||||||
|
config_load batman-adv
|
||||||
|
|
||||||
|
if [ -n "$1" ]; then
|
||||||
|
stop_mesh $1
|
||||||
|
else
|
||||||
|
config_foreach stop_mesh mesh
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
____ ____ _______
|
||||||
|
| | | | | Freifunk
|
||||||
|
|____ |____ | _ | | Oldenburg
|
||||||
|
| | | | | Firmware
|
||||||
|
| | |_______| |_____________
|
||||||
|
|
||||||
|
Welcome to the free wireless experience
|
||||||
|
For more information take a look at http://freifunk-ol.de
|
||||||
|
---------------------------------------------------------
|
|
@ -0,0 +1,20 @@
|
||||||
|
06:21:91:2c:f3:09 Batman_TimWZ
|
||||||
|
00:21:91:2c:f3:09 Node_TimWZ
|
||||||
|
06:1e:58:c7:07:e5 Batman_TimKU
|
||||||
|
00:1e:58:c7:07:e5 Node_TimKU
|
||||||
|
06:22:b0:98:70:df Batman_FreWZ
|
||||||
|
00:22:b0:98:70:df Node_FreWZ
|
||||||
|
06:1e:58:b9:d4:39 Batman_FreKU
|
||||||
|
00:1e:58:b9:d4:39 Node_FreKU
|
||||||
|
06:18:84:80:83:8d Batman_BjoFON
|
||||||
|
00:18:84:80:83:8d Node_BjoFON
|
||||||
|
06:22:B0:96:7C:D7 Batman_BjoDIR
|
||||||
|
00:22:B0:96:7C:D7 Node_BjoDIR
|
||||||
|
06:18:84:81:73:21 Batman_BjoBalk
|
||||||
|
00:18:84:81:73:21 Node_BjoBalk
|
||||||
|
0A:24:01:17:B7:55 Batman_floh1111_dir300
|
||||||
|
00:24:01:17:B7:55 Node_floh1111_dir300
|
||||||
|
00:13:e8:ab:47:49 Client_RedLap
|
||||||
|
1c:4b:d6:b8:17:dc Client_Freddy
|
||||||
|
00:16:6F:47:51:AA Client_floh1111
|
||||||
|
00:80:48:3b:ab:0e Client_Bjo
|
|
@ -0,0 +1,8 @@
|
||||||
|
config 'mesh' 'bat0'
|
||||||
|
option 'interfaces' 'ath1'
|
||||||
|
option 'orig_interval'
|
||||||
|
option 'log_level'
|
||||||
|
option 'aggregated_ogms'
|
||||||
|
option 'bonding'
|
||||||
|
option 'fragmentation'
|
||||||
|
option 'vis_mode'
|
|
@ -0,0 +1,33 @@
|
||||||
|
config dnsmasq
|
||||||
|
option domainneeded 1
|
||||||
|
option boguspriv 1
|
||||||
|
option filterwin2k '0' #enable for dial on demand
|
||||||
|
option localise_queries 1
|
||||||
|
option local '/lan/'
|
||||||
|
option domain 'lan'
|
||||||
|
option expandhosts 1
|
||||||
|
option nonegcache 0
|
||||||
|
option authoritative 0
|
||||||
|
option readethers 1
|
||||||
|
option leasefile '/tmp/dhcp.leases'
|
||||||
|
option resolvfile '/tmp/resolv.conf.auto'
|
||||||
|
#list server '/mycompany.local/1.2.3.4'
|
||||||
|
#option nonwildcard 1
|
||||||
|
#list interface br-lan
|
||||||
|
#list notinterface lo
|
||||||
|
|
||||||
|
#config dhcp mesh
|
||||||
|
# option interface mesh
|
||||||
|
# option start X.10
|
||||||
|
# option limit 100
|
||||||
|
# option leasetime 6h
|
||||||
|
|
||||||
|
config dhcp lan
|
||||||
|
option interface lan
|
||||||
|
option start 100
|
||||||
|
option limit 150
|
||||||
|
option leasetime 12h
|
||||||
|
|
||||||
|
config dhcp wan
|
||||||
|
option interface wan
|
||||||
|
option ignore 1
|
|
@ -0,0 +1,4 @@
|
||||||
|
config dropbear
|
||||||
|
option PasswordAuth 'on'
|
||||||
|
option Port '22'
|
||||||
|
# option BannerFile '/etc/banner'
|
|
@ -0,0 +1,96 @@
|
||||||
|
config defaults
|
||||||
|
option syn_flood 1
|
||||||
|
option input ACCEPT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
|
||||||
|
config zone
|
||||||
|
option name lan
|
||||||
|
option input ACCEPT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
|
||||||
|
config zone
|
||||||
|
option name wan
|
||||||
|
option input REJECT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
option masq 1
|
||||||
|
option mtu_fix 1
|
||||||
|
|
||||||
|
config forwarding
|
||||||
|
option src lan
|
||||||
|
option dest wan
|
||||||
|
|
||||||
|
# We need to accept udp packets on port 68,
|
||||||
|
# see https://dev.openwrt.org/ticket/4108
|
||||||
|
config rule
|
||||||
|
option src wan
|
||||||
|
option proto udp
|
||||||
|
option dest_port 68
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
#Allow ping
|
||||||
|
config rule
|
||||||
|
option src wan
|
||||||
|
option proto icmp
|
||||||
|
option icmp_type echo-request
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
# include a file with users custom iptables rules
|
||||||
|
config include
|
||||||
|
option path /etc/firewall.user
|
||||||
|
|
||||||
|
|
||||||
|
### EXAMPLE CONFIG SECTIONS
|
||||||
|
# do not allow a specific ip to access wan
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option dest wan
|
||||||
|
# option proto tcp
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
# block a specific mac on wan
|
||||||
|
#config rule
|
||||||
|
# option dest wan
|
||||||
|
# option src_mac 00:11:22:33:44:66
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
# block incoming ICMP traffic on a zone
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option proto ICMP
|
||||||
|
# option target DROP
|
||||||
|
|
||||||
|
# port redirect port coming in on wan to lan
|
||||||
|
#config redirect
|
||||||
|
# option src wan
|
||||||
|
# option src_dport 80
|
||||||
|
# option dest lan
|
||||||
|
# option dest_ip 192.168.16.235
|
||||||
|
# option dest_port 80
|
||||||
|
# option proto tcp
|
||||||
|
|
||||||
|
|
||||||
|
### FULL CONFIG SECTIONS
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option src_mac 00:11:22:33:44:55
|
||||||
|
# option src_port 80
|
||||||
|
# option dest wan
|
||||||
|
# option dest_ip 194.25.2.129
|
||||||
|
# option dest_port 120
|
||||||
|
# option proto tcp
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
#config redirect
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option src_mac 00:11:22:33:44:55
|
||||||
|
# option src_port 1024
|
||||||
|
# option src_dport 80
|
||||||
|
# option dest_ip 194.25.2.129
|
||||||
|
# option dest_port 120
|
||||||
|
# option proto tcp
|
|
@ -0,0 +1,37 @@
|
||||||
|
config 'interface' 'loopback'
|
||||||
|
option 'ifname' 'lo'
|
||||||
|
option 'proto' 'static'
|
||||||
|
option 'ipaddr' '127.0.0.1'
|
||||||
|
option 'netmask' '255.0.0.0'
|
||||||
|
|
||||||
|
#config 'interface' 'lan'
|
||||||
|
# option 'proto' 'dhcp'
|
||||||
|
# option 'ifname' 'eth0.1'
|
||||||
|
|
||||||
|
config 'interface' 'wlanmesch'
|
||||||
|
option 'ifname' 'ath1'
|
||||||
|
option 'mtu' '1527'
|
||||||
|
|
||||||
|
config 'interface' 'mesh'
|
||||||
|
option 'type' 'bridge'
|
||||||
|
option 'ifname' 'eth0.1 ath0 bat0 tap0'
|
||||||
|
option 'stp' '1'
|
||||||
|
|
||||||
|
config 'switch' 'eth0'
|
||||||
|
option 'name' 'eth0'
|
||||||
|
option 'reset' '1'
|
||||||
|
option 'enable_vlan' '1'
|
||||||
|
|
||||||
|
config 'switch_vlan' 'eth0_1'
|
||||||
|
option 'device' 'eth0'
|
||||||
|
option 'vlan' '1'
|
||||||
|
option 'ports' '0 1 2 3 5t'
|
||||||
|
|
||||||
|
config 'switch_vlan' 'eth0_2'
|
||||||
|
option 'device' 'eth0'
|
||||||
|
option 'vlan' '2'
|
||||||
|
option 'ports' '4 5t'
|
||||||
|
|
||||||
|
config 'interface' 'wan'
|
||||||
|
option 'ifname' 'eth0.2'
|
||||||
|
option 'proto' 'dhcp'
|
|
@ -0,0 +1,24 @@
|
||||||
|
config 'script'
|
||||||
|
option 'version' '15'
|
||||||
|
option 'error_level' '0'
|
||||||
|
option 'logfile' '/var/log/nodewatcher.log'
|
||||||
|
|
||||||
|
config 'api'
|
||||||
|
option 'ipv4_address' '1'
|
||||||
|
option 'ipv6_interface' 'br-mesh'
|
||||||
|
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||||
|
|
||||||
|
config 'update'
|
||||||
|
option 'autoupdate' '1'
|
||||||
|
|
||||||
|
config 'crawl'
|
||||||
|
option 'method' 'hash'
|
||||||
|
option 'nickname' '1'
|
||||||
|
option 'password' '1'
|
||||||
|
option 'router_id' '1'
|
||||||
|
option 'update_hash' '1'
|
||||||
|
option 'login_string' '1'
|
||||||
|
|
||||||
|
config 'network'
|
||||||
|
option 'mesh-interface' 'br-mesh'
|
||||||
|
option 'client-interfaces' 'ath0'
|
|
@ -0,0 +1,86 @@
|
||||||
|
# QoS configuration for OpenWrt
|
||||||
|
|
||||||
|
# INTERFACES:
|
||||||
|
config interface wan
|
||||||
|
option classgroup "Default"
|
||||||
|
option enabled 1
|
||||||
|
option overhead 1
|
||||||
|
option upload 128
|
||||||
|
option download 1024
|
||||||
|
|
||||||
|
# RULES:
|
||||||
|
config classify
|
||||||
|
option target "Bulk"
|
||||||
|
option layer7 "edonkey"
|
||||||
|
config classify
|
||||||
|
option target "Bulk"
|
||||||
|
option layer7 "bittorrent"
|
||||||
|
config classify
|
||||||
|
option target "Priority"
|
||||||
|
option ports "22,53"
|
||||||
|
config classify
|
||||||
|
option target "Normal"
|
||||||
|
option proto "tcp"
|
||||||
|
option ports "20,21,25,80,110,443,993,995"
|
||||||
|
config classify
|
||||||
|
option target "Express"
|
||||||
|
option ports "5190"
|
||||||
|
config default
|
||||||
|
option target "Express"
|
||||||
|
option proto "udp"
|
||||||
|
option pktsize "-500"
|
||||||
|
config reclassify
|
||||||
|
option target "Priority"
|
||||||
|
option proto "icmp"
|
||||||
|
config default
|
||||||
|
option target "Bulk"
|
||||||
|
option portrange "1024-65535"
|
||||||
|
config reclassify
|
||||||
|
option target "Priority"
|
||||||
|
option proto "tcp"
|
||||||
|
option pktsize "-128"
|
||||||
|
option mark "!Bulk"
|
||||||
|
option tcpflags "SYN"
|
||||||
|
config reclassify
|
||||||
|
option target "Priority"
|
||||||
|
option proto "tcp"
|
||||||
|
option pktsize "-128"
|
||||||
|
option mark "!Bulk"
|
||||||
|
option tcpflags "ACK"
|
||||||
|
|
||||||
|
|
||||||
|
# Don't change the stuff below unless you
|
||||||
|
# really know what it means :)
|
||||||
|
|
||||||
|
config classgroup "Default"
|
||||||
|
option classes "Priority Express Normal Bulk"
|
||||||
|
option default "Normal"
|
||||||
|
|
||||||
|
|
||||||
|
config class "Priority"
|
||||||
|
option packetsize 400
|
||||||
|
option maxsize 400
|
||||||
|
option avgrate 10
|
||||||
|
option priority 20
|
||||||
|
config class "Priority_down"
|
||||||
|
option packetsize 1000
|
||||||
|
option avgrate 10
|
||||||
|
|
||||||
|
|
||||||
|
config class "Express"
|
||||||
|
option packetsize 1000
|
||||||
|
option maxsize 800
|
||||||
|
option avgrate 50
|
||||||
|
option priority 10
|
||||||
|
|
||||||
|
config class "Normal"
|
||||||
|
option packetsize 1500
|
||||||
|
option packetdelay 100
|
||||||
|
option avgrate 10
|
||||||
|
option priority 5
|
||||||
|
config class "Normal_down"
|
||||||
|
option avgrate 20
|
||||||
|
|
||||||
|
config class "Bulk"
|
||||||
|
option avgrate 1
|
||||||
|
option packetdelay 200
|
|
@ -0,0 +1,3 @@
|
||||||
|
config system
|
||||||
|
option hostname OpenWrt
|
||||||
|
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"
|
|
@ -0,0 +1,2 @@
|
||||||
|
config timeserver
|
||||||
|
option hostname time.fu-berlin.de
|
|
@ -0,0 +1,21 @@
|
||||||
|
config 'wifi-device' 'wifi0'
|
||||||
|
option 'type' 'atheros'
|
||||||
|
option 'disabled' '0'
|
||||||
|
option 'channel' '6'
|
||||||
|
option 'txpower' '15'
|
||||||
|
option 'bgscan' '0'
|
||||||
|
option 'diversity' '1'
|
||||||
|
|
||||||
|
config 'wifi-iface'
|
||||||
|
option 'device' 'wifi0'
|
||||||
|
option 'mode' 'adhoc'
|
||||||
|
option 'ssid' 'batman.oldenburg.freifunk.net'
|
||||||
|
option 'bssid' '02:CA:FF:EE:BA:BE'
|
||||||
|
option 'encryption' 'none'
|
||||||
|
option 'hidden' '1'
|
||||||
|
|
||||||
|
config 'wifi-iface'
|
||||||
|
option 'device' 'wifi0'
|
||||||
|
option 'mode' 'ap'
|
||||||
|
option 'ssid' 'oldenburg.freifunk.net'
|
||||||
|
option 'encryption' 'none'
|
|
@ -0,0 +1,8 @@
|
||||||
|
config 'mesh' 'bat0'
|
||||||
|
option 'interfaces' 'ath1'
|
||||||
|
option 'orig_interval'
|
||||||
|
option 'log_level'
|
||||||
|
option 'aggregated_ogms'
|
||||||
|
option 'bonding'
|
||||||
|
option 'fragmentation'
|
||||||
|
option 'vis_mode'
|
|
@ -0,0 +1,33 @@
|
||||||
|
config dnsmasq
|
||||||
|
option domainneeded 1
|
||||||
|
option boguspriv 1
|
||||||
|
option filterwin2k '0' #enable for dial on demand
|
||||||
|
option localise_queries 1
|
||||||
|
option local '/lan/'
|
||||||
|
option domain 'lan'
|
||||||
|
option expandhosts 1
|
||||||
|
option nonegcache 0
|
||||||
|
option authoritative 0
|
||||||
|
option readethers 1
|
||||||
|
option leasefile '/tmp/dhcp.leases'
|
||||||
|
option resolvfile '/tmp/resolv.conf.auto'
|
||||||
|
#list server '/mycompany.local/1.2.3.4'
|
||||||
|
#option nonwildcard 1
|
||||||
|
#list interface br-lan
|
||||||
|
#list notinterface lo
|
||||||
|
|
||||||
|
#config dhcp mesh
|
||||||
|
# option interface mesh
|
||||||
|
# option start X.10
|
||||||
|
# option limit 100
|
||||||
|
# option leasetime 6h
|
||||||
|
|
||||||
|
config dhcp lan
|
||||||
|
option interface lan
|
||||||
|
option start 100
|
||||||
|
option limit 150
|
||||||
|
option leasetime 12h
|
||||||
|
|
||||||
|
config dhcp wan
|
||||||
|
option interface wan
|
||||||
|
option ignore 1
|
|
@ -0,0 +1,4 @@
|
||||||
|
config dropbear
|
||||||
|
option PasswordAuth 'on'
|
||||||
|
option Port '22'
|
||||||
|
# option BannerFile '/etc/banner'
|
|
@ -0,0 +1,96 @@
|
||||||
|
config defaults
|
||||||
|
option syn_flood 1
|
||||||
|
option input ACCEPT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
|
||||||
|
config zone
|
||||||
|
option name lan
|
||||||
|
option input ACCEPT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
|
||||||
|
config zone
|
||||||
|
option name wan
|
||||||
|
option input REJECT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
option masq 1
|
||||||
|
option mtu_fix 1
|
||||||
|
|
||||||
|
config forwarding
|
||||||
|
option src lan
|
||||||
|
option dest wan
|
||||||
|
|
||||||
|
# We need to accept udp packets on port 68,
|
||||||
|
# see https://dev.openwrt.org/ticket/4108
|
||||||
|
config rule
|
||||||
|
option src wan
|
||||||
|
option proto udp
|
||||||
|
option dest_port 68
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
#Allow ping
|
||||||
|
config rule
|
||||||
|
option src wan
|
||||||
|
option proto icmp
|
||||||
|
option icmp_type echo-request
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
# include a file with users custom iptables rules
|
||||||
|
config include
|
||||||
|
option path /etc/firewall.user
|
||||||
|
|
||||||
|
|
||||||
|
### EXAMPLE CONFIG SECTIONS
|
||||||
|
# do not allow a specific ip to access wan
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option dest wan
|
||||||
|
# option proto tcp
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
# block a specific mac on wan
|
||||||
|
#config rule
|
||||||
|
# option dest wan
|
||||||
|
# option src_mac 00:11:22:33:44:66
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
# block incoming ICMP traffic on a zone
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option proto ICMP
|
||||||
|
# option target DROP
|
||||||
|
|
||||||
|
# port redirect port coming in on wan to lan
|
||||||
|
#config redirect
|
||||||
|
# option src wan
|
||||||
|
# option src_dport 80
|
||||||
|
# option dest lan
|
||||||
|
# option dest_ip 192.168.16.235
|
||||||
|
# option dest_port 80
|
||||||
|
# option proto tcp
|
||||||
|
|
||||||
|
|
||||||
|
### FULL CONFIG SECTIONS
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option src_mac 00:11:22:33:44:55
|
||||||
|
# option src_port 80
|
||||||
|
# option dest wan
|
||||||
|
# option dest_ip 194.25.2.129
|
||||||
|
# option dest_port 120
|
||||||
|
# option proto tcp
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
#config redirect
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option src_mac 00:11:22:33:44:55
|
||||||
|
# option src_port 1024
|
||||||
|
# option src_dport 80
|
||||||
|
# option dest_ip 194.25.2.129
|
||||||
|
# option dest_port 120
|
||||||
|
# option proto tcp
|
|
@ -0,0 +1,18 @@
|
||||||
|
config 'interface' 'loopback'
|
||||||
|
option 'ifname' 'lo'
|
||||||
|
option 'proto' 'static'
|
||||||
|
option 'ipaddr' '127.0.0.1'
|
||||||
|
option 'netmask' '255.0.0.0'
|
||||||
|
|
||||||
|
config 'interface' 'lan'
|
||||||
|
option 'proto' 'dhcp'
|
||||||
|
option 'ifname' 'eth0'
|
||||||
|
|
||||||
|
config 'interface' 'wlanmesch'
|
||||||
|
option 'ifname' 'ath1'
|
||||||
|
option 'mtu' '1527'
|
||||||
|
|
||||||
|
config 'interface' 'mesh'
|
||||||
|
option 'type' 'bridge'
|
||||||
|
option 'ifname' 'ath0 bat0 tap0'
|
||||||
|
option 'stp' '1'
|
|
@ -0,0 +1,20 @@
|
||||||
|
config 'script'
|
||||||
|
option 'version' '15'
|
||||||
|
option 'error_level' '0'
|
||||||
|
option 'logfile' '/var/log/nodewatcher.log'
|
||||||
|
|
||||||
|
config 'api'
|
||||||
|
option 'ipv4_address' '1'
|
||||||
|
option 'ipv6_interface' 'br-mesh'
|
||||||
|
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||||
|
|
||||||
|
config 'update'
|
||||||
|
option 'autoupdate' '1'
|
||||||
|
|
||||||
|
config 'crawl'
|
||||||
|
option 'method' 'hash'
|
||||||
|
option 'nickname' '1'
|
||||||
|
option 'password' '1'
|
||||||
|
option 'router_id' '1'
|
||||||
|
option 'update_hash' '1'
|
||||||
|
option 'login_string' '1'
|
|
@ -0,0 +1,86 @@
|
||||||
|
# QoS configuration for OpenWrt
|
||||||
|
|
||||||
|
# INTERFACES:
|
||||||
|
config interface wan
|
||||||
|
option classgroup "Default"
|
||||||
|
option enabled 1
|
||||||
|
option overhead 1
|
||||||
|
option upload 128
|
||||||
|
option download 1024
|
||||||
|
|
||||||
|
# RULES:
|
||||||
|
config classify
|
||||||
|
option target "Bulk"
|
||||||
|
option layer7 "edonkey"
|
||||||
|
config classify
|
||||||
|
option target "Bulk"
|
||||||
|
option layer7 "bittorrent"
|
||||||
|
config classify
|
||||||
|
option target "Priority"
|
||||||
|
option ports "22,53"
|
||||||
|
config classify
|
||||||
|
option target "Normal"
|
||||||
|
option proto "tcp"
|
||||||
|
option ports "20,21,25,80,110,443,993,995"
|
||||||
|
config classify
|
||||||
|
option target "Express"
|
||||||
|
option ports "5190"
|
||||||
|
config default
|
||||||
|
option target "Express"
|
||||||
|
option proto "udp"
|
||||||
|
option pktsize "-500"
|
||||||
|
config reclassify
|
||||||
|
option target "Priority"
|
||||||
|
option proto "icmp"
|
||||||
|
config default
|
||||||
|
option target "Bulk"
|
||||||
|
option portrange "1024-65535"
|
||||||
|
config reclassify
|
||||||
|
option target "Priority"
|
||||||
|
option proto "tcp"
|
||||||
|
option pktsize "-128"
|
||||||
|
option mark "!Bulk"
|
||||||
|
option tcpflags "SYN"
|
||||||
|
config reclassify
|
||||||
|
option target "Priority"
|
||||||
|
option proto "tcp"
|
||||||
|
option pktsize "-128"
|
||||||
|
option mark "!Bulk"
|
||||||
|
option tcpflags "ACK"
|
||||||
|
|
||||||
|
|
||||||
|
# Don't change the stuff below unless you
|
||||||
|
# really know what it means :)
|
||||||
|
|
||||||
|
config classgroup "Default"
|
||||||
|
option classes "Priority Express Normal Bulk"
|
||||||
|
option default "Normal"
|
||||||
|
|
||||||
|
|
||||||
|
config class "Priority"
|
||||||
|
option packetsize 400
|
||||||
|
option maxsize 400
|
||||||
|
option avgrate 10
|
||||||
|
option priority 20
|
||||||
|
config class "Priority_down"
|
||||||
|
option packetsize 1000
|
||||||
|
option avgrate 10
|
||||||
|
|
||||||
|
|
||||||
|
config class "Express"
|
||||||
|
option packetsize 1000
|
||||||
|
option maxsize 800
|
||||||
|
option avgrate 50
|
||||||
|
option priority 10
|
||||||
|
|
||||||
|
config class "Normal"
|
||||||
|
option packetsize 1500
|
||||||
|
option packetdelay 100
|
||||||
|
option avgrate 10
|
||||||
|
option priority 5
|
||||||
|
config class "Normal_down"
|
||||||
|
option avgrate 20
|
||||||
|
|
||||||
|
config class "Bulk"
|
||||||
|
option avgrate 1
|
||||||
|
option packetdelay 200
|
|
@ -0,0 +1,3 @@
|
||||||
|
config system
|
||||||
|
option hostname OpenWrt
|
||||||
|
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"
|
|
@ -0,0 +1,2 @@
|
||||||
|
config timeserver
|
||||||
|
option hostname time.fu-berlin.de
|
|
@ -0,0 +1,21 @@
|
||||||
|
config 'wifi-device' 'wifi0'
|
||||||
|
option 'type' 'atheros'
|
||||||
|
option 'disabled' '0'
|
||||||
|
option 'channel' '6'
|
||||||
|
option 'txpower' '15'
|
||||||
|
option 'bgscan' '0'
|
||||||
|
option 'diversity' '1'
|
||||||
|
|
||||||
|
config 'wifi-iface'
|
||||||
|
option 'device' 'wifi0'
|
||||||
|
option 'mode' 'adhoc'
|
||||||
|
option 'ssid' 'batman.oldenburg.freifunk.net'
|
||||||
|
option 'bssid' '02:CA:FF:EE:BA:BE'
|
||||||
|
option 'encryption' 'none'
|
||||||
|
option 'hidden' '1'
|
||||||
|
|
||||||
|
config 'wifi-iface'
|
||||||
|
option 'device' 'wifi0'
|
||||||
|
option 'mode' 'ap'
|
||||||
|
option 'ssid' 'oldenburg.freifunk.net'
|
||||||
|
option 'encryption' 'none'
|
|
@ -0,0 +1,9 @@
|
||||||
|
|
||||||
|
config 'mesh' 'bat0'
|
||||||
|
option 'interfaces' 'wlan0'
|
||||||
|
option 'orig_interval'
|
||||||
|
option 'log_level'
|
||||||
|
option 'aggregated_ogms'
|
||||||
|
option 'bonding'
|
||||||
|
option 'fragmentation'
|
||||||
|
option 'vis_mode'
|
|
@ -0,0 +1,27 @@
|
||||||
|
config dnsmasq
|
||||||
|
option domainneeded 1
|
||||||
|
option boguspriv 1
|
||||||
|
option filterwin2k '0' #enable for dial on demand
|
||||||
|
option localise_queries 1
|
||||||
|
option local '/lan/'
|
||||||
|
option domain 'lan'
|
||||||
|
option expandhosts 1
|
||||||
|
option nonegcache 0
|
||||||
|
option authoritative 1
|
||||||
|
option readethers 1
|
||||||
|
option leasefile '/tmp/dhcp.leases'
|
||||||
|
option resolvfile '/tmp/resolv.conf.auto'
|
||||||
|
#list server '/mycompany.local/1.2.3.4'
|
||||||
|
#option nonwildcard 1
|
||||||
|
#list interface br-lan
|
||||||
|
#list notinterface lo
|
||||||
|
|
||||||
|
config dhcp wlan0
|
||||||
|
option interface wlan0
|
||||||
|
option start 100
|
||||||
|
option limit 150
|
||||||
|
option leasetime 12h
|
||||||
|
|
||||||
|
config dhcp wan
|
||||||
|
option interface wan
|
||||||
|
option ignore 1
|
|
@ -0,0 +1,4 @@
|
||||||
|
config dropbear
|
||||||
|
option PasswordAuth 'on'
|
||||||
|
option Port '22'
|
||||||
|
# option BannerFile '/etc/banner'
|
|
@ -0,0 +1,96 @@
|
||||||
|
config defaults
|
||||||
|
option syn_flood 1
|
||||||
|
option input ACCEPT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
|
||||||
|
config zone
|
||||||
|
option name lan
|
||||||
|
option input ACCEPT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
|
||||||
|
config zone
|
||||||
|
option name wan
|
||||||
|
option input REJECT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
option masq 1
|
||||||
|
option mtu_fix 1
|
||||||
|
|
||||||
|
config forwarding
|
||||||
|
option src lan
|
||||||
|
option dest wan
|
||||||
|
|
||||||
|
# We need to accept udp packets on port 68,
|
||||||
|
# see https://dev.openwrt.org/ticket/4108
|
||||||
|
config rule
|
||||||
|
option src wan
|
||||||
|
option proto udp
|
||||||
|
option dest_port 68
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
#Allow ping
|
||||||
|
config rule
|
||||||
|
option src wan
|
||||||
|
option proto icmp
|
||||||
|
option icmp_type echo-request
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
# include a file with users custom iptables rules
|
||||||
|
config include
|
||||||
|
option path /etc/firewall.user
|
||||||
|
|
||||||
|
|
||||||
|
### EXAMPLE CONFIG SECTIONS
|
||||||
|
# do not allow a specific ip to access wan
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option dest wan
|
||||||
|
# option proto tcp
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
# block a specific mac on wan
|
||||||
|
#config rule
|
||||||
|
# option dest wan
|
||||||
|
# option src_mac 00:11:22:33:44:66
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
# block incoming ICMP traffic on a zone
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option proto ICMP
|
||||||
|
# option target DROP
|
||||||
|
|
||||||
|
# port redirect port coming in on wan to lan
|
||||||
|
#config redirect
|
||||||
|
# option src wan
|
||||||
|
# option src_dport 80
|
||||||
|
# option dest lan
|
||||||
|
# option dest_ip 192.168.16.235
|
||||||
|
# option dest_port 80
|
||||||
|
# option proto tcp
|
||||||
|
|
||||||
|
|
||||||
|
### FULL CONFIG SECTIONS
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option src_mac 00:11:22:33:44:55
|
||||||
|
# option src_port 80
|
||||||
|
# option dest wan
|
||||||
|
# option dest_ip 194.25.2.129
|
||||||
|
# option dest_port 120
|
||||||
|
# option proto tcp
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
#config redirect
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option src_mac 00:11:22:33:44:55
|
||||||
|
# option src_port 1024
|
||||||
|
# option src_dport 80
|
||||||
|
# option dest_ip 194.25.2.129
|
||||||
|
# option dest_port 120
|
||||||
|
# option proto tcp
|
|
@ -0,0 +1,45 @@
|
||||||
|
#### VLAN configuration
|
||||||
|
config switch eth0
|
||||||
|
option enable 1
|
||||||
|
|
||||||
|
config switch_vlan eth0_0
|
||||||
|
option device "eth0"
|
||||||
|
option vlan 0
|
||||||
|
option ports "1 2 3 4 5"
|
||||||
|
|
||||||
|
config switch_vlan eth0_1
|
||||||
|
option device "eth0"
|
||||||
|
option vlan 1
|
||||||
|
option ports "0 5"
|
||||||
|
|
||||||
|
#### Loopback configuration
|
||||||
|
config interface loopback
|
||||||
|
option ifname "lo"
|
||||||
|
option proto static
|
||||||
|
option ipaddr 127.0.0.1
|
||||||
|
option netmask 255.0.0.0
|
||||||
|
|
||||||
|
|
||||||
|
#### LAN configuration
|
||||||
|
config interface lan
|
||||||
|
option type bridge
|
||||||
|
option ifname "eth0.0"
|
||||||
|
option proto static
|
||||||
|
option ipaddr 192.168.1.1
|
||||||
|
option netmask 255.255.255.0
|
||||||
|
|
||||||
|
|
||||||
|
#### WAN configuration
|
||||||
|
config interface wan
|
||||||
|
option ifname "eth0.1"
|
||||||
|
option proto dhcp
|
||||||
|
|
||||||
|
config interface wlan0
|
||||||
|
option proto static
|
||||||
|
option ipaddr 192.168.2.1
|
||||||
|
option netmask 255.255.255.0
|
||||||
|
|
||||||
|
config interface mesh
|
||||||
|
option type bridge
|
||||||
|
option ifname "bat0 tap0"
|
||||||
|
option stp 1
|
|
@ -0,0 +1,20 @@
|
||||||
|
config 'script'
|
||||||
|
option 'version' '15'
|
||||||
|
option 'error_level' '0'
|
||||||
|
option 'logfile' '/var/log/nodewatcher.log'
|
||||||
|
|
||||||
|
config 'api'
|
||||||
|
option 'ipv4_address' '1'
|
||||||
|
option 'ipv6_interface' 'br-mesh'
|
||||||
|
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||||
|
|
||||||
|
config 'update'
|
||||||
|
option 'autoupdate' '1'
|
||||||
|
|
||||||
|
config 'crawl'
|
||||||
|
option 'method' 'hash'
|
||||||
|
option 'nickname' '1'
|
||||||
|
option 'password' '1'
|
||||||
|
option 'router_id' '1'
|
||||||
|
option 'update_hash' '1'
|
||||||
|
option 'login_string' '1'
|
|
@ -0,0 +1,3 @@
|
||||||
|
config system
|
||||||
|
option hostname OpenWrt
|
||||||
|
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"
|
|
@ -0,0 +1,2 @@
|
||||||
|
config timeserver
|
||||||
|
option hostname time.fu-berlin.de
|
|
@ -0,0 +1,16 @@
|
||||||
|
config wifi-device radio0
|
||||||
|
option type mac80211
|
||||||
|
option channel 5
|
||||||
|
option macaddr 00:12:17:cc:ef:0d
|
||||||
|
option hwmode 11g
|
||||||
|
|
||||||
|
# REMOVE THIS LINE TO ENABLE WIFI:
|
||||||
|
option disabled 0
|
||||||
|
|
||||||
|
config wifi-iface
|
||||||
|
option device radio0
|
||||||
|
option network wlan0
|
||||||
|
option mode adhoc
|
||||||
|
option ssid batman.oldenburg.freifunk.net
|
||||||
|
option encryption none
|
||||||
|
option bssid 02:CA:FF:EE:BA:BE
|
|
@ -0,0 +1,8 @@
|
||||||
|
config 'mesh' 'bat0'
|
||||||
|
option 'interfaces'
|
||||||
|
option 'orig_interval'
|
||||||
|
option 'log_level'
|
||||||
|
option 'aggregated_ogms'
|
||||||
|
option 'bonding'
|
||||||
|
option 'fragmentation'
|
||||||
|
option 'vis_mode'
|
|
@ -0,0 +1,30 @@
|
||||||
|
config dnsmasq
|
||||||
|
option domainneeded 1
|
||||||
|
option boguspriv 1
|
||||||
|
option filterwin2k 0 # enable for dial on demand
|
||||||
|
option localise_queries 1
|
||||||
|
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
|
||||||
|
option rebind_localhost 0 # enable for RBL checking and similar services
|
||||||
|
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
|
||||||
|
option local '/lan/'
|
||||||
|
option domain 'lan'
|
||||||
|
option expandhosts 1
|
||||||
|
option nonegcache 0
|
||||||
|
option authoritative 1
|
||||||
|
option readethers 1
|
||||||
|
option leasefile '/tmp/dhcp.leases'
|
||||||
|
option resolvfile '/tmp/resolv.conf.auto'
|
||||||
|
#list server '/mycompany.local/1.2.3.4'
|
||||||
|
#option nonwildcard 1
|
||||||
|
#list interface br-lan
|
||||||
|
#list notinterface lo
|
||||||
|
|
||||||
|
config dhcp lan
|
||||||
|
option interface lan
|
||||||
|
option start 100
|
||||||
|
option limit 150
|
||||||
|
option leasetime 12h
|
||||||
|
|
||||||
|
config dhcp wan
|
||||||
|
option interface wan
|
||||||
|
option ignore 1
|
|
@ -0,0 +1,4 @@
|
||||||
|
config dropbear
|
||||||
|
option PasswordAuth 'on'
|
||||||
|
option Port '22'
|
||||||
|
# option BannerFile '/etc/banner'
|
|
@ -0,0 +1,96 @@
|
||||||
|
config defaults
|
||||||
|
option syn_flood 1
|
||||||
|
option input ACCEPT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
|
||||||
|
config zone
|
||||||
|
option name lan
|
||||||
|
option input ACCEPT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
|
||||||
|
config zone
|
||||||
|
option name wan
|
||||||
|
option input REJECT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
option masq 1
|
||||||
|
option mtu_fix 1
|
||||||
|
|
||||||
|
config forwarding
|
||||||
|
option src lan
|
||||||
|
option dest wan
|
||||||
|
|
||||||
|
# We need to accept udp packets on port 68,
|
||||||
|
# see https://dev.openwrt.org/ticket/4108
|
||||||
|
config rule
|
||||||
|
option src wan
|
||||||
|
option proto udp
|
||||||
|
option dest_port 68
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
#Allow ping
|
||||||
|
config rule
|
||||||
|
option src wan
|
||||||
|
option proto icmp
|
||||||
|
option icmp_type echo-request
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
# include a file with users custom iptables rules
|
||||||
|
config include
|
||||||
|
option path /etc/firewall.user
|
||||||
|
|
||||||
|
|
||||||
|
### EXAMPLE CONFIG SECTIONS
|
||||||
|
# do not allow a specific ip to access wan
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option dest wan
|
||||||
|
# option proto tcp
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
# block a specific mac on wan
|
||||||
|
#config rule
|
||||||
|
# option dest wan
|
||||||
|
# option src_mac 00:11:22:33:44:66
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
# block incoming ICMP traffic on a zone
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option proto ICMP
|
||||||
|
# option target DROP
|
||||||
|
|
||||||
|
# port redirect port coming in on wan to lan
|
||||||
|
#config redirect
|
||||||
|
# option src wan
|
||||||
|
# option src_dport 80
|
||||||
|
# option dest lan
|
||||||
|
# option dest_ip 192.168.16.235
|
||||||
|
# option dest_port 80
|
||||||
|
# option proto tcp
|
||||||
|
|
||||||
|
|
||||||
|
### FULL CONFIG SECTIONS
|
||||||
|
#config rule
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option src_mac 00:11:22:33:44:55
|
||||||
|
# option src_port 80
|
||||||
|
# option dest wan
|
||||||
|
# option dest_ip 194.25.2.129
|
||||||
|
# option dest_port 120
|
||||||
|
# option proto tcp
|
||||||
|
# option target REJECT
|
||||||
|
|
||||||
|
#config redirect
|
||||||
|
# option src lan
|
||||||
|
# option src_ip 192.168.45.2
|
||||||
|
# option src_mac 00:11:22:33:44:55
|
||||||
|
# option src_port 1024
|
||||||
|
# option src_dport 80
|
||||||
|
# option dest_ip 194.25.2.129
|
||||||
|
# option dest_port 120
|
||||||
|
# option proto tcp
|
|
@ -0,0 +1,33 @@
|
||||||
|
config 'interface' 'loopback'
|
||||||
|
option 'ifname' 'lo'
|
||||||
|
option 'proto' 'static'
|
||||||
|
option 'ipaddr' '127.0.0.1'
|
||||||
|
option 'netmask' '255.0.0.0'
|
||||||
|
|
||||||
|
config 'interface' 'lan'
|
||||||
|
option 'proto' 'dhcp'
|
||||||
|
option 'ifname' 'eth0.1'
|
||||||
|
|
||||||
|
config 'interface' 'mesh'
|
||||||
|
option 'type' 'bridge'
|
||||||
|
option 'ifname' 'wl0 tap0'
|
||||||
|
option 'stp' '1'
|
||||||
|
|
||||||
|
config 'switch' 'eth0'
|
||||||
|
option 'name' 'eth0'
|
||||||
|
option 'reset' '1'
|
||||||
|
option 'enable_vlan' '1'
|
||||||
|
|
||||||
|
config 'switch_vlan' 'eth0_1'
|
||||||
|
option 'device' 'eth0'
|
||||||
|
option 'vlan' '1'
|
||||||
|
option 'ports' '0 1 2 3 5t'
|
||||||
|
|
||||||
|
config 'switch_vlan' 'eth0_2'
|
||||||
|
option 'device' 'eth0'
|
||||||
|
option 'vlan' '2'
|
||||||
|
option 'ports' '4 5t'
|
||||||
|
|
||||||
|
config 'interface' 'wan'
|
||||||
|
option 'ifname' 'eth0.2'
|
||||||
|
option 'proto' 'dhcp'
|
|
@ -0,0 +1,22 @@
|
||||||
|
|
||||||
|
config 'script'
|
||||||
|
option 'version' '15'
|
||||||
|
option 'error_level' '0'
|
||||||
|
option 'logfile' '/var/log/nodewatcher.log'
|
||||||
|
|
||||||
|
config 'api'
|
||||||
|
option 'ipv4_address' '1'
|
||||||
|
option 'ipv6_interface' 'br-mesh'
|
||||||
|
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||||
|
|
||||||
|
config 'update'
|
||||||
|
option 'autoupdate' '1'
|
||||||
|
|
||||||
|
config 'crawl'
|
||||||
|
option 'method' 'hash'
|
||||||
|
option 'nickname' '1'
|
||||||
|
option 'password' '1'
|
||||||
|
option 'login_string' '1'
|
||||||
|
option 'router_id' '1'
|
||||||
|
option 'update_hash' '1'
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
config system
|
||||||
|
option hostname OpenWrt
|
||||||
|
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"
|
|
@ -0,0 +1,2 @@
|
||||||
|
config timeserver
|
||||||
|
option hostname time.fu-berlin.de
|
|
@ -0,0 +1,10 @@
|
||||||
|
config wifi-device wl0
|
||||||
|
option type broadcom
|
||||||
|
option channel 6
|
||||||
|
option disabled 0
|
||||||
|
|
||||||
|
config wifi-iface
|
||||||
|
option device wl0
|
||||||
|
option mode ap
|
||||||
|
option ssid oldenburg.freifunk.net
|
||||||
|
option encryption none
|
|
@ -0,0 +1,17 @@
|
||||||
|
*/5 * * * * killall klogd
|
||||||
|
*/5 * * * * killall syslogd
|
||||||
|
*/5 * * * * killall logger
|
||||||
|
|
||||||
|
*/5 * * * * sh /etc/nodewatcher.sh
|
||||||
|
*/5 * * * * sh /etc/tincstart.sh
|
||||||
|
|
||||||
|
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
|
||||||
|
|
||||||
|
#Enable zapp script if you are running a gateway
|
||||||
|
#*/1 * * * * /etc/init.d/zapp
|
||||||
|
|
||||||
|
*/5 * * * * killall -HUP dnsmasq
|
||||||
|
#* * * * * /usr/sbin/ff_olsr_test_gw
|
||||||
|
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
|
||||||
|
#0 */4 * * * /usr/sbin/ff_rdate
|
||||||
|
#17 * * * * /usr/sbin/ff_mapupdate
|
|
@ -0,0 +1,45 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#iptables -F
|
||||||
|
#
|
||||||
|
#iptables -P INPUT DROP
|
||||||
|
#iptables -P OUTPUT DROP
|
||||||
|
#iptables -P FORWARD DROP
|
||||||
|
#
|
||||||
|
#for proto in tcp udp
|
||||||
|
#do
|
||||||
|
# for port in 53 666 655
|
||||||
|
# do
|
||||||
|
# iptables -A OUTPUT -p $proto --dport $port -j ACCEPT
|
||||||
|
# iptables -A OUTPUT -p $proto --sport $port -j ACCEPT
|
||||||
|
# iptables -A INPUT -p $proto --dport $port -j ACCEPT
|
||||||
|
# iptables -A INPUT -p $proto --sport $port -j ACCEPT
|
||||||
|
# done
|
||||||
|
#done
|
||||||
|
#
|
||||||
|
#iptables -A OUTPUT -p icmp -j ACCEPT
|
||||||
|
#iptables -A INPUT -p icmp -j ACCEPT
|
||||||
|
#
|
||||||
|
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
|
#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#iptables -A OUTPUT -p tcp --sport 1024: -j ACCEPT
|
||||||
|
#iptables -A OUTPUT -p udp --sport 1024: -j ACCEPT
|
||||||
|
|
||||||
|
# mastersword.de
|
||||||
|
#iptables -A OUTPUT -p tcp -d 78.46.215.78 -j ACCEPT
|
||||||
|
#iptables -A INPUT -p tcp -s 78.46.215.78 -j ACCEPT
|
||||||
|
|
||||||
|
# gw1.freifunk-ol.de
|
||||||
|
#iptables -A OUTPUT -p tcp -d 178.33.33.102 -j ACCEPT
|
||||||
|
#iptables -A INPUT -p tcp -s 178.33.33.102 -j ACCEPT
|
||||||
|
|
||||||
|
# freifunk-ol.de
|
||||||
|
#iptables -A OUTPUT -p tcp -d 178.33.33.208 -j ACCEPT
|
||||||
|
#iptables -A INPUT -p tcp -s 178.33.33.208 -j ACCEPT
|
||||||
|
|
||||||
|
#Masquerade interface for gateway
|
||||||
|
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||||
|
|
||||||
|
#solves MTU problem with bad ISP´s
|
||||||
|
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
|
@ -0,0 +1,2 @@
|
||||||
|
FIRMWARE_VERSION="0.1"
|
||||||
|
RELEASE_DATE="15.02.2010"
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
wget -T15 http://$(cat /etc/config/nodewatcher | grep url | awk '{ print $3 }' | sed -e "s/\]'//g" -e "s/'\[//g")/api_nodewatcher.php?section=get_hostnames_and_mac -O - | grep -v -e "^..-..-" | sort -u > /etc/bat-hosts
|
|
@ -0,0 +1,3 @@
|
||||||
|
[ ifup = "$ACTION" -a "$DEVICE" = eth0 ] && {
|
||||||
|
sh /etc/tincstart.sh
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
[ ifup = "$ACTION" -a "$DEVICE" = eth0 ] && {
|
||||||
|
sh /etc/nodewatcher.sh
|
||||||
|
}
|
|
@ -0,0 +1,622 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# If you got false positives, try a higher value
|
||||||
|
BOGOTHRESH=200
|
||||||
|
|
||||||
|
# Note: for mail alarm, you need "ssmtp" installed and configured.
|
||||||
|
# Example /etc/ssmtp/ssmtp.conf (debian/ubuntu) for GMX needs:
|
||||||
|
# mailhub=mail.gmx.net:25 FromLineOverride=YES
|
||||||
|
# AuthUser=$MAILFROM AuthPass=x UseSTARTTLS=YES
|
||||||
|
MAILFROM=sender-address@domain.de
|
||||||
|
MAILADDR=receiver-address@domain.de
|
||||||
|
|
||||||
|
# Insert IPs you trust
|
||||||
|
#TRUSTEDIP="$TRUSTEDIP 1.2.3.4"
|
||||||
|
#TRUSTEDIP="$TRUSTEDIP 2.3.4.5"
|
||||||
|
|
||||||
|
# 0: Do not save, 1: save conntrack if zapp
|
||||||
|
DEBUGSAVE=0
|
||||||
|
# Empty: No log in /var/log/zapp/, otherwise string to prepend to saved bogothresh files
|
||||||
|
DEBUGLOGS= #$(date "+%b%d %H:%M")
|
||||||
|
|
||||||
|
# 0: Manual clear, or minutes until auto-clear blockade (5-1439)
|
||||||
|
CLEARTIME=360
|
||||||
|
|
||||||
|
WEBSERVER=/www
|
||||||
|
|
||||||
|
# --- END OF CONFIGURATION SETTINGS ---
|
||||||
|
|
||||||
|
# This script uses case-esac for speed with busybox-ash. Current version under:
|
||||||
|
# http://ff-firmware.cvs.sourceforge.net/viewvc/*checkout*/ff-firmware/ff-devel/freifunk-zapp/etc/init.d/S92zapp
|
||||||
|
|
||||||
|
# When running via cron, the PATH is unset
|
||||||
|
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|
||||||
|
# We start a netcat-based webserver on this port if someone is blocked
|
||||||
|
BLOCKPORT=8090
|
||||||
|
|
||||||
|
CRONUSR=root
|
||||||
|
CRONDIR=/var/spool/cron/crontabs
|
||||||
|
|
||||||
|
# First argument may be an input file
|
||||||
|
CONN=${1:-/proc/net/ip_conntrack}
|
||||||
|
|
||||||
|
# This script calls itself with the IP to analyze why its blocking
|
||||||
|
DEBIP=$2
|
||||||
|
case $1 in '')DEBUG=false;;*)DEBUG=true;;esac
|
||||||
|
|
||||||
|
case $DEBUGLOGS in "");;*)test -d /var/log/zapp || mkdir -p /var/log/zapp;;esac
|
||||||
|
|
||||||
|
# Find out our IP that is used to connect to the Internet
|
||||||
|
DEV=$(ip route get 1.1.1.1/1|sed -n '1{s/.* dev \([^ ]\+\).*/\1/;p}')
|
||||||
|
ADR=$(ip -f inet addr list dev $DEV scope global|sed -n '2s/^.*inet \([0-9\.]\+\).*/\1/p')
|
||||||
|
PAT=$(sed 's/\./_/g'<<Q
|
||||||
|
$ADR
|
||||||
|
Q
|
||||||
|
)
|
||||||
|
UNK=0
|
||||||
|
|
||||||
|
which () {
|
||||||
|
# Note: do not unset IFS (busybox ash and bash are different here)
|
||||||
|
for p in $(sed 's/:/ /g'<<Q
|
||||||
|
$PATH
|
||||||
|
Q
|
||||||
|
);do
|
||||||
|
test -x $p/$1 && return 0
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# Freifunk Firmware Configs
|
||||||
|
which nvram && {
|
||||||
|
ff_zapp_thresh=$(nvram get ff_zapp_thresh)
|
||||||
|
BOGOTHRESH=${ff_zapp_thresh:-$BOGOTHRESH}
|
||||||
|
}
|
||||||
|
|
||||||
|
case $BOGOTHRESH in ""|0)exit 0;;esac
|
||||||
|
|
||||||
|
NC_CMD=
|
||||||
|
which nc && NC_CMD=nc
|
||||||
|
which nc-hobbit && NC_CMD=nc-hobbit
|
||||||
|
which netcat && NC_CMD=netcat
|
||||||
|
which nc6 && NC_CMD=nc6
|
||||||
|
# Note: busybox nc unusable, "-q" only Debian, GNU netcat "-c" unusable
|
||||||
|
$NC_CMD -h 2>&1 | egrep -q '\-l\b' || NC_CMD=
|
||||||
|
|
||||||
|
# 1=-I/-D 2=proto 3=srcip, 4=dport, 5=to
|
||||||
|
portfw () {
|
||||||
|
local to
|
||||||
|
case $1 in "-D")
|
||||||
|
to=$(iptables -t nat -nL PREROUTING|sed -n "s/^DNAT[[:space:]]\\+$2[[:space:]]\\+[^[:space:]]\\+[[:space:]]\\+$3[[:space:]]\\+![[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+[[:space:]]\\+$2[[:space:]]\\+dpt:$4[[:space:]]\\+to://;tp;b;:p p;q")
|
||||||
|
;;esac
|
||||||
|
to=${to:-$5}
|
||||||
|
iptables -t nat $1 PREROUTING --proto $2 -s $3 ! -d ${to%:*} --dport $4 -j DNAT --to $to
|
||||||
|
}
|
||||||
|
|
||||||
|
netcatruns () {
|
||||||
|
for pid in $(pidof $NC_CMD);do
|
||||||
|
ppid=$(sed -n 's/^PPid: //p' /proc/$pid/status)
|
||||||
|
case $(sed -n 's/^Name: //p' /proc/$ppid/status) in ${0##*/})
|
||||||
|
# Check netstat: release the IP currently grabbing our blocking page
|
||||||
|
case "$1" in "GET /let-me-browse-again"*)
|
||||||
|
le=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\4 \3 \2 \1/'))
|
||||||
|
be=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\1 \2 \3 \4/'))
|
||||||
|
eval $(sed -n '/^ *[0-9]\+: \+'$le':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\4 )).$(( 0x\3 )).$(( 0x\2 )).$(( 0x\1 ))/;p;q};/^ *[0-9]\+: \+'$be':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\1 )).$(( 0x\2 )).$(( 0x\3 )).$(( 0x\4 ))/;p;q}' /proc/net/tcp)
|
||||||
|
portfw -D tcp $ip 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
|
||||||
|
;;esac
|
||||||
|
return 0
|
||||||
|
;;esac
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# Add (-I) or remove (-D) iptables rules
|
||||||
|
block () {
|
||||||
|
# Freifunk Firmware Configs
|
||||||
|
which nvram && {
|
||||||
|
ff_adm_mail=$(nvram get ff_adm_mail)
|
||||||
|
ff_zapp_time=$(nvram get ff_zapp_time)
|
||||||
|
ff_zapp_debug=$(nvram get ff_zapp_debug)
|
||||||
|
ff_zapp_server=$(nvram get ff_zapp_server)
|
||||||
|
ff_zapp_strict=$(nvram get ff_zapp_strict)
|
||||||
|
MAILFROM=${ff_adm_mail:-$MAILFROM}
|
||||||
|
MAILADDR=${ff_adm_mail:-$MAILADDR}
|
||||||
|
CLEARTIME=${ff_zapp_time:-$CLEARTIME}
|
||||||
|
DEBUGSAVE=${ff_zapp_debug:-$DEBUGSAVE}
|
||||||
|
WEBSERVER=${ff_zapp_server:-$WEBSERVER}
|
||||||
|
IFS=\;
|
||||||
|
for i in $(nvram get ff_zapp_trusted); do
|
||||||
|
TRUSTEDIP="$TRUSTEDIP $i"
|
||||||
|
done
|
||||||
|
unset IFS
|
||||||
|
}
|
||||||
|
|
||||||
|
for i in $TRUSTEDIP;do
|
||||||
|
case $2 in $i)
|
||||||
|
# Prevents re-blocking next run
|
||||||
|
iptables $1 FORWARD -s $2
|
||||||
|
iptables $1 FORWARD -d $2
|
||||||
|
return
|
||||||
|
;;esac
|
||||||
|
done
|
||||||
|
|
||||||
|
# Note: FreifunkFW does not have REJECT out-of-the-box
|
||||||
|
jump=DROP
|
||||||
|
iptables -I OUTPUT -d 127.0.0.1 -j REJECT 2>&- && iptables -D OUTPUT -d 127.0.0.1 -j REJECT 2>&- && jump=REJECT
|
||||||
|
|
||||||
|
iptables $1 FORWARD -s $2 -j $jump
|
||||||
|
iptables $1 FORWARD -d $2 -j $jump
|
||||||
|
|
||||||
|
# Allowing ping is always a good idea
|
||||||
|
iptables $1 FORWARD -s $2 --proto icmp -j ACCEPT
|
||||||
|
iptables $1 FORWARD -d $2 --proto icmp -j ACCEPT
|
||||||
|
|
||||||
|
# Allow TCP up to port 1023
|
||||||
|
iptables $1 FORWARD -s $2 --proto tcp --dport :1023 -j ACCEPT
|
||||||
|
iptables $1 FORWARD -d $2 --proto tcp --sport :1023 -j ACCEPT
|
||||||
|
|
||||||
|
# Note: Freifunk FW does not have REDIRECT, use DNAT instead,
|
||||||
|
# which needs the correct outgoing interface IP for redirection.
|
||||||
|
ifip=$(ip route get $2|sed -n 's/^.* src \([^ ]\+\).*/\1/p')
|
||||||
|
|
||||||
|
# Allow DNS, redirect to our local dnsmasq if applicable
|
||||||
|
if pidof dnsmasq >&-; then
|
||||||
|
portfw $1 udp $2 53 ${ifip:-$ADR}:53
|
||||||
|
portfw $1 tcp $2 53 ${ifip:-$ADR}:53
|
||||||
|
else
|
||||||
|
iptables $1 FORWARD -s $2 --proto udp --dport 53 -j ACCEPT
|
||||||
|
iptables $1 FORWARD -d $2 --proto udp --sport 53 -j ACCEPT
|
||||||
|
fi
|
||||||
|
|
||||||
|
# It's polite to tell a blocked user what's going on
|
||||||
|
case $NC_CMD in "");;*)
|
||||||
|
portfw $1 tcp $2 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
|
||||||
|
case $1 in "-D")
|
||||||
|
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
|
||||||
|
sed -i -e "/\/${0##*/} unblock $2\$/d" $CRONDIR/$CRONUSR
|
||||||
|
echo $CRONUSR > $CRONDIR/cron.update
|
||||||
|
};;esac
|
||||||
|
if ! iptables -t nat -nL PREROUTING|egrep -q "\\bto:[^:]+:$BLOCKPORT\\b"; then
|
||||||
|
netcatruns && (echo "Stopping netcat server" >&2;kill $ppid $pid)
|
||||||
|
fi
|
||||||
|
;;*)
|
||||||
|
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
|
||||||
|
min=$(date +%M)
|
||||||
|
min=$(( $(date +%k ) * 60 + ${min#0} + $CLEARTIME ))
|
||||||
|
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
|
||||||
|
sed -i -e "\$a$(( $min % 60 )) $(( $min / 60 % 24 )) * * * $me unblock $2" $CRONDIR/$CRONUSR
|
||||||
|
echo $CRONUSR > $CRONDIR/cron.update
|
||||||
|
};;esac
|
||||||
|
if ! netcatruns; then
|
||||||
|
echo "Starting netcat server for $2" >&2
|
||||||
|
while true;do ($NC_CMD -l -p $BLOCKPORT <<EOF
|
||||||
|
HTTP/1.0 200 OK
|
||||||
|
Expires: -1
|
||||||
|
Pragma: no-cache
|
||||||
|
Cache-Control: no-cache
|
||||||
|
Content-Type: text/html; charset=utf-8
|
||||||
|
|
||||||
|
<HTML>
|
||||||
|
<HEAD><TITLE>Sorry...</TITLE>
|
||||||
|
<META HTTP-EQUIV="Expires" CONTENT="-1">
|
||||||
|
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
|
||||||
|
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
|
||||||
|
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8">
|
||||||
|
<STYLE TYPE="text/css"></STYLE>
|
||||||
|
</HEAD>
|
||||||
|
<BODY ONLOAD="if ('/let-me-browse-again' == window.location.pathname)location.href=document.referrer">
|
||||||
|
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"><!--
|
||||||
|
function addrule(selector, rule)
|
||||||
|
{
|
||||||
|
if (null!=document.styleSheets && 0<document.styleSheets.length)
|
||||||
|
{
|
||||||
|
if (null!=document.styleSheets[0].cssRules)
|
||||||
|
{
|
||||||
|
document.styleSheets[0].insertRule(selector+"{"+rule+"}", 0);
|
||||||
|
}
|
||||||
|
else if (null!=document.styleSheets[0].rules)
|
||||||
|
{
|
||||||
|
document.styleSheets[0].addRule(selector, rule);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (null != navigator.language && "de" == navigator.language ||
|
||||||
|
null != navigator.browserLanguage && "de" == navigator.browserLanguage)
|
||||||
|
{
|
||||||
|
addrule(".de", "display:block");
|
||||||
|
addrule(".fr", "display:none");
|
||||||
|
addrule(".en", "display:none");
|
||||||
|
}
|
||||||
|
else if (null != navigator.language && "fr" == navigator.language ||
|
||||||
|
null != navigator.browserLanguage && "fr" == navigator.browserLanguage)
|
||||||
|
{
|
||||||
|
addrule(".de", "display:none");
|
||||||
|
addrule(".fr", "display:block");
|
||||||
|
addrule(".en", "display:none");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
addrule(".de", "display:none");
|
||||||
|
addrule(".fr", "display:none");
|
||||||
|
addrule(".en", "display:block");
|
||||||
|
}
|
||||||
|
//--></SCRIPT>
|
||||||
|
<H1>Zapped on $(uname -n) (${ifip:-$ADR})</H1>
|
||||||
|
|
||||||
|
<DIV CLASS="en">
|
||||||
|
<P><SMALL CLASS="de">Deutsch: siehe unten</SMALL><SMALL CLASS="fr">français : voir ci-dessous</SMALL></P>
|
||||||
|
<HR>
|
||||||
|
<P>Hello! You are a victim of a filesharing blockade. Your PC opens too
|
||||||
|
much connections to different Internet hosts. This may be caused by the
|
||||||
|
VoIP program Skype, by a filesharing program or by another program with
|
||||||
|
this unusual communication pattern. $(test -f $WEBSERVER/cgi-bin-skype.html &&
|
||||||
|
echo "For operating the Skype VoIP program please read this
|
||||||
|
<A HREF='http://$ifip/cgi-bin-skype.html'>Information Page</A>.")
|
||||||
|
</P>
|
||||||
|
<P>TCP based services still work (ports up to 1023), but UDP based services are blocked now.</P>
|
||||||
|
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
||||||
|
VALUE='I have read this page and stopped the respective program. Please restore access to the Web.'
|
||||||
|
TYPE='submit'></FORM>
|
||||||
|
<P>The blockade $(case $CLEARTIME in ""|0) echo "needs to be removed manually.";;*)echo "will be
|
||||||
|
removed after $CLEARTIME minutes. Alternatively, the blockade can be removed manually.";;esac)
|
||||||
|
For this, send an email to <A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
||||||
|
</P>
|
||||||
|
</DIV>
|
||||||
|
|
||||||
|
<DIV CLASS="de">
|
||||||
|
<HR>
|
||||||
|
<P>Hallo! Du bist das Opfer einer Filesharing-Sperre geworden. Dein Rechner
|
||||||
|
öffnet zuviele Verbindungen zu verschiedenen Internet-Rechnern. Dies
|
||||||
|
kann ausgelöst werden durch das VoIP-Programm Skype, durch ein
|
||||||
|
Filesharing-Programm oder durch ein anderes Programm welches dieses ungewöhnliche
|
||||||
|
Kommunikationsmuster aufweist. $(test -f $WEBSERVER/cgi-bin-skype.html &&
|
||||||
|
echo "Zum Betrieb des VoIP-Programms Skype lies bitte diese
|
||||||
|
<A HREF='http://$ifip/cgi-bin-skype.html'>Informationsseite</A>.")
|
||||||
|
</P>
|
||||||
|
<P><B>Hinweis:</B> TCP-basierte Dienste (Ports bis 1023) funktionieren, aber UDP-basierte Dienste sind nun gesperrt.</P>
|
||||||
|
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
||||||
|
VALUE='Ich habe verstanden und das entsprechende Programm beendet. Bitte Web-Zugang freigeben.'
|
||||||
|
TYPE='submit'></FORM>
|
||||||
|
<P>Die Sperre $(case $CLEARTIME in ""|0)echo "muss manuell entfernt werden.";;*)
|
||||||
|
echo "wird nach $CLEARTIME Minuten entfernt. Wahlweise kann die Sperre
|
||||||
|
auch manuell entfernt werden.";;esac) Sende dazu eine Mail an
|
||||||
|
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
||||||
|
</P>
|
||||||
|
</DIV>
|
||||||
|
|
||||||
|
<DIV CLASS="fr">
|
||||||
|
<HR>
|
||||||
|
<P>Bonjour! Vous êtes victime du mécanisme de blocage de partage de fichiers. Votre
|
||||||
|
ordinateur ouvre trop de connexions simultanées vers trop d'hôtes Internet différents.
|
||||||
|
Ceci peut venir du logiciel de communications Skype, d'un logiciel de partage de fichiers,
|
||||||
|
ou d'un autre programme qui aurait ce même comportement inhabituel, comme certains virus.
|
||||||
|
$(test -f $WEBSERVER/cgi-bin-skype.html &&
|
||||||
|
echo "Pour l'utilisation de Skype en voix sur IP (VoIP) merci de lire cette
|
||||||
|
<A HREF='http://$ifip/cgi-bin-skype.html'>page d'informations</A>.")
|
||||||
|
</P>
|
||||||
|
<P><B>Précisions:</B> Les services TCP restent fonctionnels (Ports jusqu'au n° 1023) mais les
|
||||||
|
services UDP sont bloqués.
|
||||||
|
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
||||||
|
VALUE='J‘ai lu cette page et j‘ai arrêté les programmes suspectés. Lever le blocage!'
|
||||||
|
TYPE='submit'></FORM>
|
||||||
|
<P>Le blocage $(case $CLEARTIME in ""|0)echo "doit être désactivé manuellement.";;*)
|
||||||
|
echo "sera levé automatiquement dans $CLEARTIME minutes. Il est aussi possible de
|
||||||
|
le faire manuellement.";;esac) en envoyant un mail à
|
||||||
|
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
||||||
|
</P>
|
||||||
|
</DIV>
|
||||||
|
</BODY>
|
||||||
|
<HEAD>
|
||||||
|
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
|
||||||
|
<META HTTP-EQUIV="Expires" CONTENT="-1">
|
||||||
|
</HEAD>
|
||||||
|
</HTML>
|
||||||
|
EOF
|
||||||
|
)|(read -r GET && netcatruns "$GET" && kill $pid)
|
||||||
|
done >&- 2>&- &
|
||||||
|
fi
|
||||||
|
;;esac
|
||||||
|
;;esac
|
||||||
|
}
|
||||||
|
|
||||||
|
zapp () {
|
||||||
|
# Block an IP and send a mail to the admin
|
||||||
|
ip=$(echo $1|sed -e 's/^[A-Z]\+_//;s/=.*//;s/_/./g')
|
||||||
|
if $DEBUG; then
|
||||||
|
# Prevent script recursion
|
||||||
|
case $DEBIP in "")
|
||||||
|
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)"
|
||||||
|
echo
|
||||||
|
$0 "$CONN" ${1%=*}
|
||||||
|
;;esac
|
||||||
|
elif ! iptables -nL FORWARD | egrep -q "\\b$(echo $ip|sed 's/\./\\&/g')\\b";then
|
||||||
|
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)" >> /var/log/zappfile.txt
|
||||||
|
mac=$(sed -n 's/^'$(echo $ip|sed 's/\./\\./g')' \+\([^ ]\+ \+\)\{2\}\([^ ]\+\).*/\2/p' /proc/net/arp)
|
||||||
|
|
||||||
|
# Disabled, because we cannot unblock this currently
|
||||||
|
case 0 in 1)case $mac in '');;*)
|
||||||
|
echo "Also zapping $mac at $(date)" >> /var/log/zappfile.txt
|
||||||
|
iptables -I FORWARD -m mac --mac-source $mac -j $jump
|
||||||
|
;;esac;;esac
|
||||||
|
|
||||||
|
block -I $ip
|
||||||
|
|
||||||
|
case $DEBUGSAVE in 1)
|
||||||
|
# Save current conntrack for later analysis
|
||||||
|
cat "$CONN"|gzip -c>/var/log/zappfile-$ip-$(date).txt.gz
|
||||||
|
;;esac
|
||||||
|
|
||||||
|
which ssmtp && cat|ssmtp $MAILADDR<<EOF
|
||||||
|
To: $MAILADDR
|
||||||
|
From: $MAILFROM
|
||||||
|
Subject: Zappfile extended on $(uname -n)
|
||||||
|
|
||||||
|
The following IP exeeded the conntrack limit and was added to the zappfile:
|
||||||
|
|
||||||
|
IP: $ip
|
||||||
|
MAC: $mac
|
||||||
|
Date: $(date)
|
||||||
|
Bogopoints: $2
|
||||||
|
Threshold: $BOGOTHRESH
|
||||||
|
|
||||||
|
The forwarding firewall now has the following rules:
|
||||||
|
|
||||||
|
$(iptables -nL FORWARD)
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# TCP rules:
|
||||||
|
# * Bittorrent opens and uses lots of TCP connections
|
||||||
|
# * BT also uses a higher bandwidth, especially on port 688x
|
||||||
|
# * General: lots of TCP traffic from/to different peers (!port 80)
|
||||||
|
tcp () {
|
||||||
|
# We only count traffic generated by others
|
||||||
|
case $3 in $PAT);;*)
|
||||||
|
case "${10}" in
|
||||||
|
# We count unreplied connection attempts because
|
||||||
|
# lots of P2P peers may not have correct portfw
|
||||||
|
# as well as currently active transfers
|
||||||
|
SYN_SENT|SYN_RECV|ESTABLISHED)
|
||||||
|
case $4 in
|
||||||
|
# HTTP, HTTPS: browsers tend to open multiple connections
|
||||||
|
80|443)
|
||||||
|
case $9 in
|
||||||
|
?????)
|
||||||
|
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
case ${DEBIP#IP_} in $1)echo "tcp ham $1:$2 $3:$4";;esac
|
||||||
|
;;
|
||||||
|
# Punish traffic on ports 6880-6889
|
||||||
|
688*)
|
||||||
|
case $9 in
|
||||||
|
?????)
|
||||||
|
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
case ${DEBIP#IP_} in $1)echo "tcp p2p $1:$2 $3:$4";;esac
|
||||||
|
;;
|
||||||
|
# Everything else is normal tcp
|
||||||
|
*)
|
||||||
|
case $9 in
|
||||||
|
?????)
|
||||||
|
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
case ${DEBIP#IP_} in $1)echo "tcp std $1:$2 $3:$4";;esac
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
eval "TCP_$1_$3=\$(( \$TCP_$1_$3 + 1 ))"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;esac
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
# UDP rules:
|
||||||
|
# * Bittorrent DHT feature got us unreplied incoming UDP from diverse IPs (sport likely 688x)
|
||||||
|
# * P2P-user with DHT: incoming UDP dport(unreplied) is port the P2P-user configured for DHT
|
||||||
|
# * P2P-user none DHT: Peers seeking DHT, we have a P2P-user currently, lower tolerance
|
||||||
|
# * General: lots of UDP traffic from/to different peers(!port 53)
|
||||||
|
|
||||||
|
udp () {
|
||||||
|
case ${10} in "[UNREPLIED]") case $3 in $PAT)
|
||||||
|
# We are contacted by incoming UDP (without reason). If that is the case
|
||||||
|
# it is likely that we have at least one P2P user now. Especially if that
|
||||||
|
# peer sends us from his port 688x which is the default for Bittorrent.
|
||||||
|
case $2 in
|
||||||
|
668*)
|
||||||
|
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
|
||||||
|
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
case $4 in
|
||||||
|
688*)
|
||||||
|
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
|
||||||
|
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 1 ));;esac"
|
||||||
|
case $DEBIP in '');;*)echo "nak udp $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
eval "UNK_$1=\$(( \$UNK_$1 + 1 ))"
|
||||||
|
;;esac;;esac
|
||||||
|
# We only count traffic generated by others
|
||||||
|
case $3 in $PAT);;*)
|
||||||
|
case $4 in
|
||||||
|
# DNS: resolvers tend to open multiple connections
|
||||||
|
53)
|
||||||
|
case ${10} in
|
||||||
|
"[UNREPLIED]")
|
||||||
|
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac";;
|
||||||
|
*)
|
||||||
|
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac";;
|
||||||
|
esac
|
||||||
|
case ${DEBIP#IP_} in $1)echo "udp ham $1:$2 $3:$4";;esac
|
||||||
|
;;
|
||||||
|
# Punish traffic on ports 6880-6889
|
||||||
|
688*)
|
||||||
|
case ${10} in
|
||||||
|
"[UNREPLIED]")
|
||||||
|
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac";;
|
||||||
|
*)
|
||||||
|
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac";;
|
||||||
|
esac
|
||||||
|
case ${DEBIP#IP_} in $1)echo "udp p2p $1:$2 $3:$4";;esac
|
||||||
|
;;
|
||||||
|
# Everything else is normal udp
|
||||||
|
*)
|
||||||
|
case ${10} in
|
||||||
|
"[UNREPLIED]")
|
||||||
|
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac";;
|
||||||
|
*)
|
||||||
|
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac";;
|
||||||
|
esac
|
||||||
|
case ${DEBIP#IP_} in $1)echo "udp std $1:$2 $3:$4";;esac
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
eval "UDP_$1_$3=\$(( \$UDP_$1_$3 + 1 ))"
|
||||||
|
;;esac
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
block)
|
||||||
|
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
|
||||||
|
block "-I" $2
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
unblock|clear)
|
||||||
|
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
|
||||||
|
block "-D" $2
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
start|stop)
|
||||||
|
test ! -f $CRONDIR/$CRONUSR && (echo "No $CRONDIR/$CRONUSR" 2>&-;exit 1)
|
||||||
|
if egrep -q "/${0##*/}" $CRONDIR/$CRONUSR; then
|
||||||
|
case $1 in stop)
|
||||||
|
echo "Removing ${0##*/} from cron"
|
||||||
|
sed -i -e "/\/${0##*/}/d" $CRONDIR/$CRONUSR
|
||||||
|
;;esac
|
||||||
|
else
|
||||||
|
case $1 in start)
|
||||||
|
case $BOGOTHRESH in 0);;*)
|
||||||
|
echo "Adding ${0##*/} to cron"
|
||||||
|
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
|
||||||
|
sed -i -e "\$a*/1 * * * * $me" $CRONDIR/$CRONUSR
|
||||||
|
;;esac
|
||||||
|
;;esac
|
||||||
|
fi
|
||||||
|
echo $CRONUSR > $CRONDIR/cron.update
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
status)
|
||||||
|
echo "Firewall status:"
|
||||||
|
iptables -nL FORWARD|egrep '^(DROP|REJECT)? +all +-- +[1-9][0-9\.]+ +0.0.0.0/0\b' || echo " No IPs blocked"
|
||||||
|
egrep -q "/${0##*/}" $CRONDIR/$CRONUSR && echo "Running via cron" || echo "Not running via cron"
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
-h|--help|help)
|
||||||
|
cat<<EOF
|
||||||
|
This script examines the kernel conntrack table and blocks a source IP if
|
||||||
|
it detects a filesharing application. Read the script file for details.
|
||||||
|
|
||||||
|
Usage: $0 {start|stop|block [IP]|unblock [IP]|help|[file]}
|
||||||
|
|
||||||
|
start add this scipt as cron job
|
||||||
|
stop remove this script from cron
|
||||||
|
status show a list of blocked IPs
|
||||||
|
block manually block an IP
|
||||||
|
unblock manually unblock an IP
|
||||||
|
[file] parse [file] instead /proc/net/ip_conntrack (for testing)
|
||||||
|
No args normal function, e.g. called by cron without arguments
|
||||||
|
|
||||||
|
Note1: if netcat is installed, this script tries to inform a blocked user
|
||||||
|
by starting a simple web server. If also ssmtp is installed, this script
|
||||||
|
informs you by e-mail about the filesharing and blocking incidents. If
|
||||||
|
someone is blocked, this is recorded in /var/log/zapp* files for later
|
||||||
|
analysis. To analyze, unpack the gzipped conntrack file of the incident
|
||||||
|
and start this script by supplying the filename.
|
||||||
|
|
||||||
|
Note2: to install on Freifunk-FW copy this script to /etc/init.d/S92zapp
|
||||||
|
and restart the router. On other systems it shoud be sufficient to start
|
||||||
|
this script with "$0 start".
|
||||||
|
EOF
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if ! $DEBUG; then
|
||||||
|
if [ -f /proc/sys/net/netfilter/nf_conntrack_acct ] &&
|
||||||
|
[ 0 = $(cat /proc/sys/net/netfilter/nf_conntrack_acct) ]
|
||||||
|
then
|
||||||
|
# Kernel-2.6 needs accounting=on for correct ip_conntrack format
|
||||||
|
echo "Kernel accounting not enabled, which is required." >&2
|
||||||
|
echo "Use 'sysctl -w net.netfilter.nf_conntrack_acct=1'" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Different kernels have differnt formats, script lines doubled to prevent too much compare operations
|
||||||
|
REL=$(uname -r)
|
||||||
|
case ${REL#2.4} in $REL)
|
||||||
|
# Kernel 2.6 output has [STATUS] in different positions, shift to end
|
||||||
|
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
|
||||||
|
set $l
|
||||||
|
case $1 in
|
||||||
|
tcp)
|
||||||
|
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${11#src=} ${13#sport=} ${12#dst=} ${14#dport=} $(( ${10#bytes=} + ${16#bytes=} )) $4
|
||||||
|
;;
|
||||||
|
udp)
|
||||||
|
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${10#src=} ${12#sport=} ${11#dst=} ${13#dport=} $(( ${9#bytes=}+${15#bytes=} )) ${19}
|
||||||
|
;;
|
||||||
|
eof)
|
||||||
|
# If probably no P2P client active double threshold
|
||||||
|
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
|
||||||
|
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
|
||||||
|
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
|
||||||
|
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
|
||||||
|
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
;;*)
|
||||||
|
# Kernel 2.4 output has [STATUS] in different positions, shift to end
|
||||||
|
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
|
||||||
|
set $l
|
||||||
|
case $1 in
|
||||||
|
tcp)
|
||||||
|
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${9#src=} ${11#sport=} ${10#dst=} ${12#dport=} ${15#bytes=} $4
|
||||||
|
;;
|
||||||
|
udp)
|
||||||
|
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${8#src=} ${10#sport=} ${9#dst=} ${11#dport=} ${14#bytes=} ${15}
|
||||||
|
;;
|
||||||
|
eof)
|
||||||
|
# If probably no P2P client active double threshold
|
||||||
|
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
|
||||||
|
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
|
||||||
|
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
|
||||||
|
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
|
||||||
|
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
;;esac
|
||||||
|
|
||||||
|
exit 0
|
|
@ -0,0 +1,576 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# Netmon Nodewatcher (C) 2010-2011 Freifunk Oldenburg
|
||||||
|
# Lizenz: GPL
|
||||||
|
|
||||||
|
if [ -f /etc/config/nodewatcher ];then
|
||||||
|
API_IPV4_ADRESS=`uci get nodewatcher.@api[0].ipv4_address`
|
||||||
|
API_IPV6_ADRESS=`uci get nodewatcher.@api[0].ipv6_address`
|
||||||
|
API_IPV6_INTERFACE=`uci get nodewatcher.@api[0].ipv6_interface`
|
||||||
|
SCRIPT_VERSION=`uci get nodewatcher.@script[0].version`
|
||||||
|
SCRIPT_ERROR_LEVEL=`uci get nodewatcher.@script[0].error_level`
|
||||||
|
SCRIPT_LOGFILE=`uci get nodewatcher.@script[0].logfile`
|
||||||
|
CRAWL_METHOD=`uci get nodewatcher.@crawl[0].method`
|
||||||
|
CRAWL_ROUTER_ID=`uci get nodewatcher.@crawl[0].router_id`
|
||||||
|
CRAWL_UPDATE_HASH=`uci get nodewatcher.@crawl[0].update_hash`
|
||||||
|
CRAWL_NICKNAME=`uci get nodewatcher.@crawl[0].nickname`
|
||||||
|
CRAWL_PASSWORD=`uci get nodewatcher.@crawl[0].password`
|
||||||
|
UPDATE_AUTOUPDATE=`uci get nodewatcher.@update[0].autoupdate`
|
||||||
|
else
|
||||||
|
. /etc/nodewatcher_config
|
||||||
|
fi
|
||||||
|
|
||||||
|
delete_log() {
|
||||||
|
if [ -f $logfile ]; then
|
||||||
|
if [ `ls -la $logfile | awk '{ print $5 }'` -gt "6000" ]; then
|
||||||
|
sed -i '1,60d' $logfile
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Logfile wurde verkleinert" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
urlencode() {
|
||||||
|
arg="$1"
|
||||||
|
i=0
|
||||||
|
while [ $i -lt ${#arg} ]; do
|
||||||
|
c=${arg:$i:1}
|
||||||
|
|
||||||
|
if echo "$c" | grep -q '[a-zA-Z/:_\.\-]'; then
|
||||||
|
echo -n "$c"
|
||||||
|
else
|
||||||
|
echo -n "%"
|
||||||
|
printf "%X" "'$c'"
|
||||||
|
fi
|
||||||
|
i=$((i+1))
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
convert_space() {
|
||||||
|
arg="$1"
|
||||||
|
echo $1 | sed "s/ /%20/g"
|
||||||
|
}
|
||||||
|
|
||||||
|
get_url() {
|
||||||
|
if [[ $API_IPV4_ADRESS != "1" ]]; then
|
||||||
|
url=$API_IPV4_ADRESS
|
||||||
|
else
|
||||||
|
url="[$API_IPV6_ADRESS"%"$API_IPV6_INTERFACE]"
|
||||||
|
fi
|
||||||
|
echo $url
|
||||||
|
}
|
||||||
|
|
||||||
|
do_ping() {
|
||||||
|
if [[ $API_IPV4_ADRESS != "1" ]]; then
|
||||||
|
command="ping -c 2 "$API_IPV4_ADRESS
|
||||||
|
else
|
||||||
|
command="ping -c 2 -I "$API_IPV6_INTERFACE" "$API_IPV6_ADRESS
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Pinging..." >> $logfile
|
||||||
|
fi
|
||||||
|
|
||||||
|
ping_return=`$command`
|
||||||
|
|
||||||
|
if [ $error_level -gt "2" ]; then
|
||||||
|
echo $ping_return
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
update() {
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Suche neue Version" >> $logfile
|
||||||
|
fi
|
||||||
|
netmon_api=`get_url`
|
||||||
|
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=version"
|
||||||
|
ergebnis=`$command`
|
||||||
|
return=`echo $ergebnis| cut '-d;' -f1`
|
||||||
|
version=`echo $ergebnis| cut '-d;' -f2`
|
||||||
|
|
||||||
|
if [[ $return = "success" ]]; then
|
||||||
|
if [[ $version -gt $SCRIPT_VERSION ]]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Eine neue Version ist Verfügbar, script wird geupdated" >> $logfile
|
||||||
|
fi
|
||||||
|
wget -q -O $SCRIPT_DIR/nodewatcher.sh http://$netmon_api/api_nodewatcher.php?section=update
|
||||||
|
uci set nodewatcher.@script[0].version=$version
|
||||||
|
uci commit
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Das Script ist aktuell" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Beim Update ist ein Fehler aufgetreten: $ergebnis" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
assign() {
|
||||||
|
netmon_api=`get_url`
|
||||||
|
hostname=`cat /proc/sys/kernel/hostname`
|
||||||
|
|
||||||
|
#Choose right login String
|
||||||
|
login_strings="$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')"
|
||||||
|
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=test_login_strings&login_strings=$login_strings"
|
||||||
|
ergebnis=`$command`
|
||||||
|
if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
|
||||||
|
router_auto_assign_login_string=`echo $ergebnis| cut '-d;' -f2`
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Es existiert ein Router mit dem Login String $router_auto_assign_login_string" >> $logfile
|
||||||
|
fi
|
||||||
|
elif [ `echo $ergebnis| cut '-d;' -f1` = "error" ]; then
|
||||||
|
router_auto_assign_login_string=`echo $login_strings| cut '-d;' -f1`
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Es existiert kein Router mit einem der Login Strings: $login_strings" >> $logfile
|
||||||
|
echo "`date`: Nutze $router_auto_assign_login_string als login string" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Try to assign Router with choosen login string
|
||||||
|
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=router_auto_assign&router_auto_assign_login_string=$router_auto_assign_login_string&hostname=$hostname"
|
||||||
|
ergebnis=`$command`
|
||||||
|
if [ `echo $ergebnis| cut '-d;' -f1` != "success" ]; then
|
||||||
|
if [ `echo $ergebnis| cut '-d;' -f2` = "already_assigned" ]; then
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Der Login String `echo $ergebnis| cut '-d;' -f3` ist bereits mit einem Router verknüpft" >> $logfile
|
||||||
|
fi
|
||||||
|
elif [ `echo $ergebnis| cut '-d;' -f2` = "autoassign_not_allowed" ]; then
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Der dem Login String `echo $ergebnis| cut '-d;' -f3` zugewiesene Router erlaubt autoassign nicht" >> $logfile
|
||||||
|
fi
|
||||||
|
elif [ `echo $ergebnis| cut '-d;' -f2` = "new_not_assigned" ]; then
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Router wurde der Liste der nicht zugewiesenen Router hinzugefügt" >> $logfile
|
||||||
|
fi
|
||||||
|
elif [ `echo $ergebnis| cut '-d;' -f2` = "updated_not_assigned" ]; then
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Router auf der Liste der nicht zugewiesenen Router wurde geupdated" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Der Router wurde nicht mit Netmon verknüpft" >> $logfile
|
||||||
|
fi
|
||||||
|
elif [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
|
||||||
|
#write new config
|
||||||
|
uci set nodewatcher.@crawl[0].router_id=`echo $ergebnis| cut '-d;' -f2`
|
||||||
|
uci set nodewatcher.@crawl[0].update_hash=`echo $ergebnis| cut '-d;' -f3`
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Der Router wurde mit Netmon verknüpft" >> $logfile
|
||||||
|
fi
|
||||||
|
uci commit
|
||||||
|
|
||||||
|
configure
|
||||||
|
|
||||||
|
can_crawl=1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
configure() {
|
||||||
|
netmon_api=`get_url`
|
||||||
|
authentificationmethod=$CRAWL_METHOD
|
||||||
|
router_id=$CRAWL_ROUTER_ID
|
||||||
|
router_auto_update_hash=$CRAWL_UPDATE_HASH
|
||||||
|
|
||||||
|
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=get_standart_data&authentificationmethod=$authentificationmethod&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id"
|
||||||
|
ergebnis=`$command`
|
||||||
|
|
||||||
|
if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
|
||||||
|
#uci set freifunk.contact.location=`echo $ergebnis| cut '-d;' -f3`
|
||||||
|
|
||||||
|
uci set system.@system[0].hostname=`echo $ergebnis| cut '-d;' -f4`
|
||||||
|
echo `echo $ergebnis| cut '-d;' -f4` > /proc/sys/kernel/hostname
|
||||||
|
|
||||||
|
# uci get system.@system[0].latitude=
|
||||||
|
# uci get system.@system[0].longitude=
|
||||||
|
# uci get freifunk.community.ssid=
|
||||||
|
# uci get freifunk.contact.nickname=
|
||||||
|
# uci get freifunk.contact.mail=
|
||||||
|
# uci get freifunk.community.prefix=
|
||||||
|
# uci get freifunk.contact.note=
|
||||||
|
|
||||||
|
uci commit
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Der Router wurde konfiguriert" >> $logfile
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Fehler bei der Konfiguration: $ergebnis" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
crawl() {
|
||||||
|
#Get API and authentication configuration
|
||||||
|
netmon_api=`get_url`
|
||||||
|
authentificationmethod=$CRAWL_METHOD
|
||||||
|
nickname=$CRAWL_NICKNAME
|
||||||
|
password=$CRAWL_PASSWORD
|
||||||
|
router_id=$CRAWL_ROUTER_ID
|
||||||
|
router_auto_update_hash=$CRAWL_UPDATE_HASH
|
||||||
|
|
||||||
|
#Get system data from UCI
|
||||||
|
if which uci >/dev/null; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: UCI is installed, trying to collect extra data UCI" >> $logfile
|
||||||
|
fi
|
||||||
|
location="`uci get freifunk.contact.location`"
|
||||||
|
location=`urlencode "$location"`
|
||||||
|
latitude="`uci get system.@system[0].latitude`"
|
||||||
|
longitude="`uci get system.@system[0].longitude`"
|
||||||
|
|
||||||
|
community_essid="`uci get freifunk.community.ssid`"
|
||||||
|
community_nickname="`uci get freifunk.contact.nickname`"
|
||||||
|
community_email="`uci get freifunk.contact.mail`"
|
||||||
|
community_prefix="`uci get freifunk.community.prefix`"
|
||||||
|
description="`uci get freifunk.contact.note`"
|
||||||
|
description=`urlencode "$description"`
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Get system data from LUA
|
||||||
|
if which lua >/dev/null; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: LUA is installed, trying to collect extra data LUA" >> $logfile
|
||||||
|
fi
|
||||||
|
luciname=`lua -l luci.version -e 'print(luci.version.luciname)'`
|
||||||
|
luciname=`urlencode "$luciname"`
|
||||||
|
lucversion=`lua -l luci.version -e 'print(luci.version.luciversion)'`
|
||||||
|
lucversion=`urlencode "$lucversion"`
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Get system data from other locations
|
||||||
|
hostname="`cat /proc/sys/kernel/hostname`"
|
||||||
|
uptime=`cat /proc/uptime | awk '{ print $1 }'`
|
||||||
|
idletime=`cat /proc/uptime | awk '{ print $2 }'`
|
||||||
|
|
||||||
|
memory_total=`cat /proc/meminfo | grep 'MemTotal' | awk '{ print $2 }'`
|
||||||
|
memory_caching=`cat /proc/meminfo | grep -m 1 'Cached:' | awk '{ print $2 }'`
|
||||||
|
memory_buffering=`cat /proc/meminfo | grep 'Buffers' | awk '{ print $2 }'`
|
||||||
|
memory_free=`cat /proc/meminfo | grep 'MemFree' | awk '{ print $2 }'`
|
||||||
|
cpu=`grep -m 1 "cpu model" /proc/cpuinfo | cut -d ":" -f 2`
|
||||||
|
if [ -n $cpu ]; then
|
||||||
|
cpu=`grep -m 1 "model name" /proc/cpuinfo | cut -d ":" -f 2`
|
||||||
|
fi
|
||||||
|
cpu=`urlencode "$cpu"`
|
||||||
|
|
||||||
|
chipset=`grep -m 1 "system type" /proc/cpuinfo | cut -d ":" -f 2`
|
||||||
|
chipset=`urlencode "$chipset"`
|
||||||
|
local_time="`date +%s`"
|
||||||
|
processes=`cat /proc/loadavg | awk '{ print $4 }'`
|
||||||
|
loadavg=`cat /proc/loadavg | awk '{ print $1 }'`
|
||||||
|
|
||||||
|
if which batctl >/dev/null; then
|
||||||
|
batman_adv_version=`batctl -v | awk '{ print $2 }'`
|
||||||
|
fi
|
||||||
|
kernel_version=`uname -r`
|
||||||
|
nodewatcher_version=$SCRIPT_VERSION
|
||||||
|
|
||||||
|
openwrt_version_file="/etc/openwrt_release"
|
||||||
|
if [ -f $openwrt_version_file ]; then
|
||||||
|
. $openwrt_version_file
|
||||||
|
|
||||||
|
distname=$DISTRIB_ID
|
||||||
|
distversion=$DISTRIB_RELEASE
|
||||||
|
fi
|
||||||
|
|
||||||
|
firmware_version_file="/etc/firmware_release"
|
||||||
|
if [ -f $firmware_version_file ]; then
|
||||||
|
. $firmware_version_file
|
||||||
|
|
||||||
|
firmware_version=$FIRMWARE_VERSION
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Send system data
|
||||||
|
command="http://$netmon_api/api_nodewatcher.php?section=insert_crawl_system_data&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&status=online&hostname=$hostname&description=$description&location=$location&latitude=$latitude&longitude=$longitude&luciname=$luciname&luciversion=$luciversion&distname=$distname&distversion=$distversion&chipset=$chipset&cpu=$cpu&memory_total=$memory_total&memory_caching=$memory_caching&memory_buffering=$memory_buffering&memory_free=$memory_free&loadavg=$loadavg&processes=$processes&uptime=$uptime&idletime=$idletime&local_time=$local_time&community_essid=$community_essid&community_nickname=$community_nickname&community_email=$community_email&community_prefix=$community_prefix&batman_advanced_version=$batman_adv_version&kernel_version=$kernel_version&nodewatcher_version=$nodewatcher_version&firmware_version=$firmware_version"
|
||||||
|
command="wget -q -O - "$command
|
||||||
|
if [ "$1" = "debug" ]; then
|
||||||
|
echo $command
|
||||||
|
else
|
||||||
|
i=0
|
||||||
|
while [ $i -le 5 ]
|
||||||
|
do
|
||||||
|
return_interface=`$command`
|
||||||
|
|
||||||
|
if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Das Senden der System und Batman Statusdaten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||||
|
fi
|
||||||
|
break;
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Error! Das Senden der System und Batman Statusdaten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Get interfaces
|
||||||
|
IFACES=`cat /proc/net/dev | awk -F: '!/\|/ { gsub(/[[:space:]]*/, "", $1); split($2, a, " "); printf("%s=%s=%s ", $1, a[1], a[9]) }'`
|
||||||
|
|
||||||
|
#Loop interfaces
|
||||||
|
for entry in $IFACES; do
|
||||||
|
int=""
|
||||||
|
iface=`echo $entry | cut -d '=' -f 1`
|
||||||
|
rcv=`echo $entry | cut -d '=' -f 2`
|
||||||
|
xmt=`echo $entry | cut -d '=' -f 3`
|
||||||
|
|
||||||
|
wlan_mode=""
|
||||||
|
wlan_bssid=""
|
||||||
|
wlan_essid=""
|
||||||
|
wlan_frequency=""
|
||||||
|
wlan_tx_power=""
|
||||||
|
|
||||||
|
if [ "$iface" != "lo" ]; then
|
||||||
|
if [ "`ifconfig ${iface} | grep UP`" != "" ]; then
|
||||||
|
#Get interface data
|
||||||
|
name="${iface}"
|
||||||
|
mac_addr="`ifconfig ${iface} | grep 'HWaddr' | awk '{ print $5}'`"
|
||||||
|
ipv4_addr="`ifconfig ${iface} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`"
|
||||||
|
ipv6_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Global' | awk '{ print $3}'`"
|
||||||
|
ipv6_link_local_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Link' | awk '{ print $3}'`"
|
||||||
|
mtu="`ifconfig ${iface} | grep 'MTU' | cut -d: -f2 | awk '{ print $1}'`"
|
||||||
|
traffic_rx="$rcv"
|
||||||
|
traffic_tx="$xmt"
|
||||||
|
|
||||||
|
int=$int"int[$name][name]=$name&int[$name][mac_addr]=$mac_addr&int[$name][ipv4_addr]=$ipv4_addr&int[$name][ipv6_addr]=$ipv6_addr&int[$name][ipv6_link_local_addr]=$ipv6_link_local_addr&int[$name][traffic_rx]=$traffic_rx&int[$name][traffic_tx]=$traffic_tx&int[$name][mtu]=$mtu&"
|
||||||
|
|
||||||
|
if [ "`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`" != "" ]; then
|
||||||
|
wlan_mode="`iwconfig ${iface} 2>/dev/null | grep 'Mode' | awk '{ print $1 }' | cut -d ':' -f 2`"
|
||||||
|
|
||||||
|
if [ $wlan_mode = "Master" ]; then
|
||||||
|
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep 'Access Point' | awk '{ print $6 }'`"
|
||||||
|
elif [ $wlan_mode = "Ad-Hoc" ]; then
|
||||||
|
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep Cell | awk '{ print $5 }'`"
|
||||||
|
fi
|
||||||
|
|
||||||
|
wlan_essid="`iwconfig ${iface} 2>/dev/null | grep ESSID | awk '{ split($4, a, \"\\"\"); printf(\"%s\", a[2]); }'`"
|
||||||
|
wlan_frequency="`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`"
|
||||||
|
wlan_tx_power="`iwconfig ${iface} 2>/dev/null | grep 'Tx-Power' | awk '{ print $4 }' | cut -d '=' -f 2`"
|
||||||
|
int=$int"int[$name][wlan_mode]=$wlan_mode&int[$name][wlan_frequency]=$wlan_frequency&int[$name][wlan_essid]=$wlan_essid&int[$name][wlan_bssid]=$wlan_bssid&int[$name][wlan_tx_power]=$wlan_tx_power&"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Send interface status data
|
||||||
|
command="http://$netmon_api/api_nodewatcher.php?section=insert_crawl_interfaces_data&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&$int"
|
||||||
|
command="wget -q -O - "$command
|
||||||
|
if [ "$1" = "debug" ]; then
|
||||||
|
echo $command
|
||||||
|
else
|
||||||
|
i=0
|
||||||
|
while [ $i -le 5 ]
|
||||||
|
do
|
||||||
|
return_interface=`$command`
|
||||||
|
if [ `echo $return_interface | cut '-d;' -f1`="success" ]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Das Senden der Interface Statusdaten ($name) war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||||
|
fi
|
||||||
|
break;
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Error! Das Senden der Interface Statusdaten ($name) war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||||
|
echo "`date`: $command" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
#B.A.T.M.A.N. advanced
|
||||||
|
mv /etc/bat-hosts /etc/bat-hosts.tmp
|
||||||
|
if which batctl >/dev/null; then
|
||||||
|
batman_check_running=`batctl if | grep 'Error'`
|
||||||
|
if [ "$batman_check_running" == "" ]; then
|
||||||
|
has_active_interface="0"
|
||||||
|
BAT_ADV_IFACES=`batctl if | awk '{ print $1 }' | cut -d ':' -f 1`
|
||||||
|
for device_name in $BAT_ADV_IFACES; do
|
||||||
|
if [ "`batctl if | grep $device_name | grep active`" != "" ]; then
|
||||||
|
status='active'
|
||||||
|
has_active_interface="1"
|
||||||
|
else
|
||||||
|
status='inactive'
|
||||||
|
fi
|
||||||
|
|
||||||
|
command="http://$netmon_api/api_nodewatcher.php?section=insert_batman_adv_interfaces&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&bat_adv_int[$device_name][name]=$device_name&bat_adv_int[$device_name][status]=$status"
|
||||||
|
command="wget -q -O - "$command
|
||||||
|
if [ "$1" = "debug" ]; then
|
||||||
|
echo $command
|
||||||
|
else
|
||||||
|
i=0
|
||||||
|
while [ $i -le 5 ]
|
||||||
|
do
|
||||||
|
return_interface="`$command`"
|
||||||
|
|
||||||
|
if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Das Senden des Batman Advanced Interfaces ($device_name) war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||||
|
fi
|
||||||
|
break;
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Error! Das Senden des Batman Advanced Interfaces ($device_name) war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ $has_active_interface = "1" ]; then
|
||||||
|
BAT_ADV_ORIGINATORS=`batctl o | grep 'No batman nodes in range'`
|
||||||
|
if [ "$BAT_ADV_ORIGINATORS" == "" ]; then
|
||||||
|
OLDIFS=$IFS
|
||||||
|
IFS="
|
||||||
|
"
|
||||||
|
BAT_ADV_ORIGINATORS=`batctl o | awk '/O/ {next} /B/ {next} {print}'`
|
||||||
|
for row in $BAT_ADV_ORIGINATORS; do
|
||||||
|
originator=`echo $row | awk '{print $1}'`
|
||||||
|
last_seen=`echo $row | awk '{print $2}'`
|
||||||
|
last_seen="${last_seen//s/}"
|
||||||
|
link_quality=`echo $row | awk '{print $3}'`
|
||||||
|
link_quality="${link_quality//(/}"
|
||||||
|
link_quality="${link_quality//)/}"
|
||||||
|
|
||||||
|
batman_adv_originators=$batman_adv_originators"bat_adv_orig[$originator][originator]=$originator&bat_adv_orig[$originator][link_quality]=$link_quality&bat_adv_orig[$originator][last_seen]=$last_seen&"
|
||||||
|
done
|
||||||
|
IFS=$OLDIFS
|
||||||
|
|
||||||
|
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=insert_batman_adv_originators&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&$batman_adv_originators"
|
||||||
|
if [ "$1" = "debug" ]; then
|
||||||
|
echo $command
|
||||||
|
else
|
||||||
|
i=0
|
||||||
|
while [ $i -le 5 ]
|
||||||
|
do
|
||||||
|
return_interface="`$command`"
|
||||||
|
|
||||||
|
if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Das Senden der Batman Advaned Originator Daten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||||
|
fi
|
||||||
|
break;
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Error! Das Senden der Batman Advaned Originator Daten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
mv /etc/bat-hosts.tmp /etc/bat-hosts
|
||||||
|
|
||||||
|
#CLIENTS
|
||||||
|
MESHDEVICE='br-mesh'
|
||||||
|
CLIENTDEVICE='ath0'
|
||||||
|
SEDDEV=`brctl showstp $MESHDEVICE | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
|
||||||
|
CLIENT_MACS=`brctl showmacs $MESHDEVICE | sed -e "$SEDDEV" | awk '{if ($3 != "yes" && $1 == "ath0") print $2}'`
|
||||||
|
i=0
|
||||||
|
for client in $CLIENT_MACS; do
|
||||||
|
# clients=$clients"clients[$i][mac_addr]=$client&"
|
||||||
|
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||||
|
done
|
||||||
|
client_count=$i
|
||||||
|
|
||||||
|
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=insert_clients&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&client_count=$client_count"
|
||||||
|
if [ "$1" = "debug" ]; then
|
||||||
|
echo $command
|
||||||
|
else
|
||||||
|
i=0
|
||||||
|
while [ $i -le 5 ]
|
||||||
|
do
|
||||||
|
return_interface="`$command`"
|
||||||
|
if [ `echo $return_interface | cut '-d;' -f1`="success" ]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Das Senden der Client Daten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||||
|
fi
|
||||||
|
break;
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "0" ]; then
|
||||||
|
echo "`date`: Error! Das Senden der Client Daten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
LANG=C
|
||||||
|
|
||||||
|
SCRIPT_DIR=`dirname $0`
|
||||||
|
error_level=$SCRIPT_ERROR_LEVEL
|
||||||
|
logfile=$SCRIPT_LOGFILE
|
||||||
|
|
||||||
|
if [[ $UPDATE_AUTOUPDATE == '1' ]]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Autoupdate ist an" >> $logfile
|
||||||
|
fi
|
||||||
|
update
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Autoupdate ist aus" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$1" == "update" ]]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Führe manuelles update aus" >> $logfile
|
||||||
|
fi
|
||||||
|
update
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Prüfe Authentifizierungsmethode" >> $logfile
|
||||||
|
fi
|
||||||
|
|
||||||
|
can_crawl=1
|
||||||
|
if [ $CRAWL_METHOD == "login" ]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Authentifizierungsmethode ist: Username und Passwort" >> $logfile
|
||||||
|
fi
|
||||||
|
elif [ $CRAWL_METHOD == "hash" ]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Authentifizierungsmethode ist: Autoassign und Hash" >> $logfile
|
||||||
|
echo "`date`: Prüfe ob Roter schon mit Netmon verknüpft ist" >> $logfile
|
||||||
|
fi
|
||||||
|
if [ $CRAWL_UPDATE_HASH == "1" ]; then
|
||||||
|
can_crawl=0
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Der Router ist noch NICHT mit Netmon verknüpft" >> $logfile
|
||||||
|
echo "`date`: Versuche verknüpfung herzustellen" >> $logfile
|
||||||
|
fi
|
||||||
|
assign
|
||||||
|
else
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Der Router ist bereits mit Netmon verknüpft" >> $logfile
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $can_crawl == 1 ]; then
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Prüfe Logfile" >> $logfile
|
||||||
|
fi
|
||||||
|
delete_log
|
||||||
|
|
||||||
|
if [ $error_level -gt "1" ]; then
|
||||||
|
echo "`date`: Sende aktuelle Statusdaten" >> $logfile
|
||||||
|
fi
|
||||||
|
crawl
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
|
@ -0,0 +1,3 @@
|
||||||
|
root:$1$OmvoKpjK$e.lPVnBxsrAbNV4EoH3xb1:0:0:root:/root:/bin/ash
|
||||||
|
nobody:*:65534:65534:nobody:/var:/bin/false
|
||||||
|
daemon:*:65534:65534:daemon:/var:/bin/false
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Put your custom commands here that should be executed once
|
||||||
|
# the system init finished. By default this file does nothing.
|
||||||
|
|
||||||
|
ifconfig br-mesh down
|
||||||
|
ifconfig br-mesh up
|
||||||
|
|
||||||
|
ifdown lan
|
||||||
|
ifup lan
|
||||||
|
|
||||||
|
rdate -s time.fu-berlin.de
|
||||||
|
|
||||||
|
chown root.root /etc/crontabs/root
|
||||||
|
/etc/init.d/cron stop
|
||||||
|
/etc/init.d/cron start
|
||||||
|
|
||||||
|
sh /etc/firewall.user
|
||||||
|
|
||||||
|
exit 0
|
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# SHOWMACS need br-ctl! NO BUSYBOX!
|
||||||
|
#
|
||||||
|
# Version 0.2
|
||||||
|
#
|
||||||
|
# by Tim Niemeyer (reddog@mastersword.de)
|
||||||
|
#
|
||||||
|
|
||||||
|
DEV=$1
|
||||||
|
|
||||||
|
SEDDEV=`brctl showstp $DEV | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
|
||||||
|
SEDMAC=`cat /etc/bat-hosts | sed -e "s/^/s\//;s/$/\/;/;s/ /\//"`
|
||||||
|
|
||||||
|
brctl showmacs $DEV | sed -e "$SEDMAC" | sed -e "$SEDDEV"
|
|
@ -0,0 +1,24 @@
|
||||||
|
kernel.panic=3
|
||||||
|
net.ipv4.conf.default.arp_ignore=1
|
||||||
|
net.ipv4.conf.all.arp_ignore=1
|
||||||
|
net.ipv4.ip_forward=1
|
||||||
|
net.ipv4.icmp_echo_ignore_broadcasts=1
|
||||||
|
net.ipv4.icmp_ignore_bogus_error_responses=1
|
||||||
|
net.ipv4.tcp_ecn=0
|
||||||
|
net.ipv4.tcp_fin_timeout=30
|
||||||
|
net.ipv4.tcp_keepalive_time=120
|
||||||
|
net.ipv4.tcp_syncookies=1
|
||||||
|
net.ipv4.tcp_timestamps=0
|
||||||
|
net.core.netdev_max_backlog=30
|
||||||
|
net.netfilter.nf_conntrack_checksum=0
|
||||||
|
net.ipv4.netfilter.ip_conntrack_checksum=0
|
||||||
|
net.ipv4.netfilter.ip_conntrack_max=16384
|
||||||
|
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
|
||||||
|
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
|
||||||
|
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
|
||||||
|
# net.ipv6.conf.all.forwarding=1
|
||||||
|
|
||||||
|
# disable bridge firewalling by default
|
||||||
|
net.bridge.bridge-nf-call-arptables=0
|
||||||
|
net.bridge.bridge-nf-call-ip6tables=0
|
||||||
|
net.bridge.bridge-nf-call-iptables=0
|
|
@ -0,0 +1,118 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#DEBUG="--debug=2"
|
||||||
|
DEBUG=""
|
||||||
|
SERVER="no"
|
||||||
|
SERVERNAME="batgw"
|
||||||
|
|
||||||
|
project="batvpn"
|
||||||
|
|
||||||
|
test_internet_host1="mastersword.de"
|
||||||
|
test_internet_host2="78.46.215.78"
|
||||||
|
|
||||||
|
#Only do something with tinc when the router has internet connection
|
||||||
|
if ping -w5 -c3 "$test_internet_host1" &>/dev/null || ping -w5 -c3 "$test_internet_host2" &>/dev/null
|
||||||
|
then
|
||||||
|
|
||||||
|
if [ "$SERVER" == "no" ]
|
||||||
|
then
|
||||||
|
hostname=$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
|
||||||
|
|
||||||
|
if [ "$hostname" == "" ]
|
||||||
|
then
|
||||||
|
hostname=$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$hostname" == "" ]
|
||||||
|
then
|
||||||
|
hostname=$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
hostname=$SERVERNAME
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -d /etc/tinc ]
|
||||||
|
then
|
||||||
|
mkdir /etc/tinc
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -d /etc/tinc/$project ]
|
||||||
|
then
|
||||||
|
mkdir /etc/tinc/$project
|
||||||
|
|
||||||
|
echo -n -e "\n\n" | tincd --pidfile=/etc/tinc/$project/tinc.pid -n $project -K
|
||||||
|
kill -HUP $(cat /etc/tinc/$project/tinc.pid)
|
||||||
|
sleep 3
|
||||||
|
mkdir /etc/tinc/$project/hosts
|
||||||
|
echo "ifconfig \$INTERFACE up" > /etc/tinc/$project/tinc-up
|
||||||
|
if [ "$SERVER" == "no" ]
|
||||||
|
then
|
||||||
|
echo "brctl addif br-mesh \$INTERFACE" >> /etc/tinc/$project/tinc-up
|
||||||
|
fi
|
||||||
|
chmod +x /etc/tinc/$project/tinc-up
|
||||||
|
fi
|
||||||
|
|
||||||
|
pubkey=$(for line in $(cat /etc/tinc/$project/rsa_key.pub | sed -e 's/$/%0a/g' | sed -e 's/+/%2b/g' | sed -e 's/ /%20/g'); do echo -n $line; done)
|
||||||
|
port=666
|
||||||
|
|
||||||
|
cat <<EOF > /etc/tinc/$project/tinc.conf
|
||||||
|
Name = $hostname
|
||||||
|
Mode = Switch
|
||||||
|
#PingTimeout = 30
|
||||||
|
Hostnames = yes
|
||||||
|
#GraphDumpFile = /tmp/vpn-graph.dot
|
||||||
|
TCPOnly = yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# we need this only for first startup
|
||||||
|
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
|
||||||
|
then
|
||||||
|
cat <<EOF > /etc/tinc/$project/hosts/$hostname
|
||||||
|
Address = 0.0.0.0
|
||||||
|
Port = $port
|
||||||
|
EOF
|
||||||
|
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
|
||||||
|
fi
|
||||||
|
|
||||||
|
# fire up
|
||||||
|
if [ "$(ps aux | grep tincd | grep -v grep)" == "" ]
|
||||||
|
then
|
||||||
|
tincd -c /etc/tinc/$project --pidfile=/etc/tinc/$project/tinc.pid --logfile=/var/log/tinc.log $DEBUG
|
||||||
|
# sleep 1
|
||||||
|
# brctl addif br-mesh tap0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# register
|
||||||
|
wget -T15 "http://mastersword.de/~reddog/tinc/?name=$hostname&port=$port&key=$pubkey" -O /etc/tinc/$project/output
|
||||||
|
|
||||||
|
filenames=$(cat /etc/tinc/$project/output| grep ^#### | sed -e 's/^####//' | sed -e 's/.conf//g')
|
||||||
|
for file in $filenames
|
||||||
|
do
|
||||||
|
grep -A100 $file /etc/tinc/$project/output | grep -v $file | grep -m1 ^### -B100 | grep -v ^### > /etc/tinc/$project/hosts/$file.new
|
||||||
|
if [ "$(diff /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file 2>&1)" == "" ]
|
||||||
|
then
|
||||||
|
/bin/rm /etc/tinc/$project/hosts/$file.new
|
||||||
|
else
|
||||||
|
/bin/mv /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file
|
||||||
|
fi
|
||||||
|
echo "ConnectTo=$file" >> /etc/tinc/$project/tinc.conf
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
|
||||||
|
then
|
||||||
|
cat <<EOF > /etc/tinc/$project/hosts/$hostname
|
||||||
|
Address = 0.0.0.0
|
||||||
|
Port = $port
|
||||||
|
EOF
|
||||||
|
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
|
||||||
|
fi
|
||||||
|
|
||||||
|
#reload
|
||||||
|
kill -HUP $(cat /etc/tinc/$project/tinc.pid)
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "Der Router kann keine Verbindung zum Tincserver aufbauen"
|
||||||
|
echo "Tincstart macht nichts!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
|
@ -0,0 +1,37 @@
|
||||||
|
config 'interface' 'loopback'
|
||||||
|
option 'ifname' 'lo'
|
||||||
|
option 'proto' 'static'
|
||||||
|
option 'ipaddr' '127.0.0.1'
|
||||||
|
option 'netmask' '255.0.0.0'
|
||||||
|
|
||||||
|
#config 'interface' 'lan'
|
||||||
|
# option 'proto' 'dhcp'
|
||||||
|
# option 'ifname' 'eth0.1'
|
||||||
|
|
||||||
|
config 'interface' 'wlanmesch'
|
||||||
|
option 'ifname' 'ath1'
|
||||||
|
option 'mtu' '1527'
|
||||||
|
|
||||||
|
config 'interface' 'mesh'
|
||||||
|
option 'type' 'bridge'
|
||||||
|
option 'ifname' 'eth0.1 ath0 bat0 tap0'
|
||||||
|
option 'stp' '1'
|
||||||
|
|
||||||
|
config 'switch' 'eth0'
|
||||||
|
option 'name' 'eth0'
|
||||||
|
option 'reset' '1'
|
||||||
|
option 'enable_vlan' '1'
|
||||||
|
|
||||||
|
config 'switch_vlan' 'eth0_1'
|
||||||
|
option 'device' 'eth0'
|
||||||
|
option 'vlan' '1'
|
||||||
|
option 'ports' '0 1 2 3 5t'
|
||||||
|
|
||||||
|
config 'switch_vlan' 'eth0_2'
|
||||||
|
option 'device' 'eth0'
|
||||||
|
option 'vlan' '2'
|
||||||
|
option 'ports' '4 5t'
|
||||||
|
|
||||||
|
config 'interface' 'wan'
|
||||||
|
option 'ifname' 'eth0.2'
|
||||||
|
option 'proto' 'dhcp'
|
|
@ -0,0 +1,18 @@
|
||||||
|
config 'interface' 'loopback'
|
||||||
|
option 'ifname' 'lo'
|
||||||
|
option 'proto' 'static'
|
||||||
|
option 'ipaddr' '127.0.0.1'
|
||||||
|
option 'netmask' '255.0.0.0'
|
||||||
|
|
||||||
|
config 'interface' 'lan'
|
||||||
|
option 'proto' 'dhcp'
|
||||||
|
option 'ifname' 'eth0'
|
||||||
|
|
||||||
|
config 'interface' 'wlanmesch'
|
||||||
|
option 'ifname' 'ath1'
|
||||||
|
option 'mtu' '1527'
|
||||||
|
|
||||||
|
config 'interface' 'mesh'
|
||||||
|
option 'type' 'bridge'
|
||||||
|
option 'ifname' 'ath0 bat0 tap0'
|
||||||
|
option 'stp' '1'
|
Loading…
Reference in New Issue