From d8eccf57e33286ecc1cd59a48267bfccfcacaa2b Mon Sep 17 00:00:00 2001
From: Tim Niemeyer <tim.niemeyer@mastersword.de>
Date: Sat, 30 Jan 2016 11:59:46 +0100
Subject: [PATCH] fff: advertise fdff:0::/64 to access web interface

This patch adds a prefix advertisment for each node. Every node get also
the IPs
* $prefix::MAC
* $prefix::link-local
* $prefix::1

::1 is duplicated so we need filtering to not forward data into the
network for ::1.

Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
---
 .../root_file_system/etc/firewall.user        | 19 +++++++++
 bsp/default/root_file_system/etc/network.sh   | 40 +++++++++++++++++++
 src/packages/fff/fff/Makefile                 |  4 +-
 3 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/bsp/default/root_file_system/etc/firewall.user b/bsp/default/root_file_system/etc/firewall.user
index 1af101c..8ae48dc 100755
--- a/bsp/default/root_file_system/etc/firewall.user
+++ b/bsp/default/root_file_system/etc/firewall.user
@@ -59,6 +59,14 @@ ebtables -A MULTICAST_OUT -p IPv4 --ip-proto igmp -j RETURN
 ######## INPUT ############
 ebtables -P INPUT ACCEPT
 
+# Erlaube router solicitation von client zu knoten
+ebtables -A INPUT -p IPv6 -i ! bat0 --ip6-proto ipv6-icmp --ip6-icmp-type router-solicitation -j ACCEPT
+ebtables -A INPUT -d Multicast --logical-in br-mesh -i ! bat0 -j ACCEPT
+
+# No input from/to local node ip from batman
+ebtables -A INPUT --logical-in br-mesh -i bat0 -p IPv6 --ip6-source fdff::1/128 -j DROP
+ebtables -A INPUT --logical-in br-mesh -i bat0 -p IPv6 --ip6-destination fdff::1/128 -j DROP
+
 # Erlaube nur DHCP Antworten von BATMAN -> KNOTEN
 ebtables -A INPUT -p IPv4 --ip-proto udp --ip-dport 68 -j IN_ONLY
 # Erlaube nur DHCPv6 Antworten von BATMAN -> KNOTEN
@@ -71,6 +79,10 @@ ebtables -A INPUT -p IPv6 -i bat0 --ip6-proto ipv6-icmp --ip6-icmp-type router-s
 ######## FORWARD ############
 ebtables -P FORWARD ACCEPT
 
+# Do not forward local node ip
+ebtables -A FORWARD --logical-out br-mesh -o bat0 -p IPv6 --ip6-destination fdff::1/128 -j DROP
+ebtables -A FORWARD --logical-out br-mesh -o bat0 -p IPv6 --ip6-source fdff::1/128 -j DROP
+
 # Erlaube nur DHCP Request von CLIENT -> BATMAN
 ebtables -A FORWARD -p IPv4 --ip-proto udp --ip-dport 67 -j OUT_ONLY
 # Erlaube nur DHCP Antworten von BATMAN -> CLIENT
@@ -89,6 +101,13 @@ ebtables -A FORWARD -d Multicast --logical-out br-mesh -o bat0 -j MULTICAST_OUT
 ######## OUTPUT ############
 ebtables -P OUTPUT ACCEPT
 
+# Erlaube router advertisment von knoten zu client
+ebtables -A OUTPUT -p IPv6 -o ! bat0 --ip6-proto ipv6-icmp --ip6-icmp-type router-advertisement -j ACCEPT
+
+# Do not output local node ip to batman
+ebtables -A OUTPUT --logical-out br-mesh -o bat0 -p IPv6 --ip6-destination fdff::1/128 -j DROP
+ebtables -A OUTPUT --logical-out br-mesh -o bat0 -p IPv6 --ip6-source fdff::1/128 -j DROP
+
 # Erlaube nur DHCP Request von KNOTEN -> BATMAN
 ebtables -A OUTPUT -p IPv4 --ip-proto udp --ip-dport 67 -j OUT_ONLY
 # Erlaube nur DHCPv6 Request von KNOTEN -> BATMAN
diff --git a/bsp/default/root_file_system/etc/network.sh b/bsp/default/root_file_system/etc/network.sh
index 836cb62..1a595a5 100644
--- a/bsp/default/root_file_system/etc/network.sh
+++ b/bsp/default/root_file_system/etc/network.sh
@@ -113,3 +113,43 @@ if [[ -n "$ETH0MAC" ]]; then
         ifconfig eth0 up
         /etc/init.d/network restart
 fi
+
+if uci get network.mesh.ip6addr
+then
+    echo "IPv6 for mesh is set already"
+else
+    # Some time needed :(
+    sleep 5
+
+    for ip in $(ip -6 addr show br-mesh | awk '/fdff/{ print $2 }'); do
+        ip -6 addr del $ip dev br-mesh
+    done
+
+    prefix="fdff:0::/64"
+    # Set $prefix::MAC as IP
+    suffix=$(awk -F: '{ print $1$2":"$3$4":"$5$6 }' /sys/class/net/br-mesh/address)
+    addr=$(echo $prefix | sed -e 's/\//'$suffix'\//')
+    ip -6 addr add $addr dev br-mesh
+
+    uci -q del network.globals
+    uci -q set network.globals=globals
+    uci -q set network.globals.ula_prefix=$prefix
+    uci -q add_list network.mesh.ip6addr=$addr
+    uci -q set network.mesh.proto=static
+
+    # Set $prefix::1 as IP
+    suffix="1"
+    addr=$(echo $prefix | sed -e 's/\//'$suffix'\//')
+    ip -6 addr add $addr dev br-mesh
+    uci -q add_list network.mesh.ip6addr=$addr
+
+    # Set $prefix::link-local as IP
+    suffix=$(awk -F: '{ printf("%02x%s:%sff:fe%s:%s%s\n", xor(("0x"$1),2), $2, $3, $4, $5, $6) }' /sys/class/net/br-mesh/address)
+    addr=$(echo $prefix | sed -e 's/\//'$suffix'\//')
+    ip -6 addr add $addr dev br-mesh
+    uci -q add_list network.mesh.ip6addr=$addr
+
+    uci -q commit network
+
+    /etc/init.d/fff-uradvd restart
+fi
diff --git a/src/packages/fff/fff/Makefile b/src/packages/fff/fff/Makefile
index e29713f..f480031 100644
--- a/src/packages/fff/fff/Makefile
+++ b/src/packages/fff/fff/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff
 PKG_VERSION:=0.0.1
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/fff
 
@@ -14,7 +14,7 @@ define Package/fff-base
     DEFAULT:=y
     TITLE:= Freifunk-Franken Base
     URL:=http://www.freifunk-franken.de
-    DEPENDS:=+micrond +fff-nodewatcher +fff-web
+    DEPENDS:=+micrond +fff-nodewatcher +fff-web +fff-uradvd
 endef
 
 define Package/fff-base/description