The OpenWrt function get_mac_label resides in /lib/functions/system.sh,
so it has to be included, if we want to use this function.
This include was missing in the fff-wireguard layer3 configuration
script, so it is added here.
Fixes: 68c7d75a1b ("treewide: exploit label MAC address from OpenWrt")
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Receive packet steering (RPS) is a linux feature to improve forwarding
performance by distributing the forwarding of packets across multiple
cpus. This is necessary for network devices which have less queues than
cpu cores.
OpenWrt allows to enable RPS easily by setting the global option
'packet_steering' in the network configuration. With earlier OpenWrt
versions this option was enabled by default. However, the default value
was changed with OpenWrt 21.02.
Enable this option agian to improve forwarding performance on routers
with multiple cpu cores.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Some devices had to be disabled starting with OpenWrt 21.02 due to their
new DSA switch drivers.
As support for DSA configuration has since been added to fff-network,
this makes use of this configuration for devices with DSA drivers.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Starting with OpenWrt 21.02 some devices now use upstream kernel drivers
for the built-in switch instead of relying on OpenWrt's swconfig driver.
The upstream kernel drivers use the Distributed Switch Architecture
(DSA) for configuration of the switch. Instead of explicitly configuring
the hardware switch, all ports appear as distinct interfaces and linux
bridges are offloaded to the hardware switch if possible.
To keep changes small, this patch adds support for DSA devices by
setting up a linux bridge, which is then treated just like the
cpuport-interface of the swconfig driver.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
To make it clear why the set sysctls are necessary, add appropriate
comments to them. Also reorder them for improved readability.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Many of the set sysctls are either unnecessary, are already default in
the kernel or in OpenWrts defaults, or the reason for them being
explicitly set is unknown.
Remove all those sysctls from fff-network, as unfounded deviations from
default values will cause hard-to-debug problems in the future.
The original motivation for this patch is the netdev_max_backlog sysctl,
which was set to a very low value without any reason or comment.
This hurt forwarding performance on mt7621 with DSA significantly and
took quite a while to discover.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
This migrates the support for the TP-Link CPE210 v1 and CPE510 v1
so they are recognized by the new two-port setup code.
Assignment of ports should be consistent to the ar71xx implementation,
i.e. primary port (PoE in) assigned to WAN and secondary port (PoE out)
assigned to CLIENT by default.
Note that this is the exact opposite of the default configuration of
what OpenWrt does (but both have been consistent in behavior).
Since they work again, also re-enable image transfer.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Support native two-port devices by adding TWO_PORT variable and
exploiting the LAN0PORT and LAN1PORT variables designed for the
TP-Link CPE devices. Since the latter have been converted to
real two-port devices, we can now repurpose these variable for
the new setup.
This exploits the existing WANDEV and SWITCHDEV variables to
define the primary and secondary interfaces.
Note that by default this takes the initial values from network.mode,
so if initial WAN/CLIENT should swapped, this has to be added to
the relevant network.* file of the devices.
No device-specific changes are done in this patch.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
So far, all one-port devices also triggered the switch-based setup
in configurenetwork, as the one-port condition was not checked
there. While the relevant parts are overwritten by the one-port
config which comes later in the script, it still creates a lot
of useless/broken switch/vlan setup entries in /etc/config/network.
Properly check for one-port vs. non-one-port in the file, without
touching anything else.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Dropbear supports ed25519 keys since OpenWrt 21.02.
Also, ecdsa is supported since v19.07, but disabled in our firmware.
Keep the generated ed25519 and ecdsa host key accross upgrades.
While at it, remove dss host keys, as they are not supported anymore.
5eb7864aadd5 ("dropbear: rewrite init script startup logic to handle both host key files")
8a7a93947004 ("dropbear: remove generation and configuration of DSS keys")
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Because wireguard is part of the Linux kernel starting with version 5.6,
the wireguard packages have been renamed upstream.
Update our dependencies to match this.
This fixes build for the layer3 variant.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[add fix comment]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The Bullet M (XM) was sold with two different SoCs, AR7241 and
AR7240, which cannot be served by one DTS. This implements both
versions as done in OpenWrt.
Note that those variants may not be distinguished from the outside.
The AR7241 version appears to be the more recent and more abundant
version.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
In the latest release, OpenWrt provides the label MAC address for
many devices. All of our devices should be covered.
In can be retrieved by the function
get_mac_label
from /lib/functions/system.sh
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Some devices were renamed since the last stable release.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The SPDX license identifier provides a standardized way for specifying
licenses that is both human- and machine-readable. It is used upstream
both in OpenWrt and the Linux kernel.
Replace licenses in our repository by those identifiers.
The full-text licenses corresponding to these identifiers are
provided in the LICENSES folder.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
This adds an option 'disabled' that will allow to disable
nodewatcher when desired.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This package is the owner of the config file, so add it to the
Makefile. This will have vanilla OpenWrt copy it during upgrade.
Since we disable this mechanism, it will not change anything for
our standard firmware. But it will improve the situation if this
package is used in vanilla OpenWrt.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
If /etc/config/nodewatcher already exists, a proper uci-defaults
script should not overwrite it. Since this package is the owner
of the config file, this change won't change anything for the
current firmware, but will allow to use this as a package, too.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The uci-defaults scripts are meant to provide defaults for a
specific package. Distributing them across several packages makes
no sense and just makes maintainance worse.
Thus, move the network part of the initialization back to the
proper package. While at it, suppress output from add commands.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
With commit [1] the ipv4 firewall on wan interface was removed.
This patch adds the ssh connection limit for ipv4.
IPv6 is already limited.
[1] 52e15e072c ("fff-firewall: Remove ssh firewall on WAN interface")
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
[improve commit reference]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Removes the firewall ebtables entry.
alfred-monitoring-proxy is only useful in layer3 variant, where no
ebtables rules are set.
With this typo the ebtables command was never active and the
resulting error was never shown.
Fixes: 9b5d3f1aeb ("fff-alfred-monitoring-proxy: add package")
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
[fix typos in message, add Fixes:]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In '/etc/network.ubnt,unifiac-mesh', we include a file that does
not exist on ath79 anymore. This causes the script execution to
abort and will have configurenetwork not run at all, making the
device quite inaccessible.
Remove the include as it never had any use anyway. Remove another
unused include as well, and add the proper dependency instead.
This fix was first proposed more than 2.5 years ago.
Fixes: #130 (gitea)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The "available" amount of memory is helpful for several forensic
and debugging cases. Send it via alfred.
Monitoring support has already been implemented.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Source address filtering (RFC3704) can be used to mitigate source
address spoofing. However, strict mode only works when routes are
strictly symmetric. If routes are asymmetric, it can happen that
the best route to the source address of a packet is via a different
interface.
Because there is no guarantee that routes have to be symmetric in the
Freifunk Franken backbone network, we cannot use strict mode. Because
default routes are used in the Freifunk Franken backone, loose mode
could be used, but does not make any sense. Instead, revert back to the
kernel default setting, which currently is 0 (disabled).
While this change affects both layer3 and node variant, nothing changes
for the node firmware, because it does not forward packets.
Fixes: #123
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Previously, an additional wan6 interface for SLAAC has been added, which
references the wan interface for its interface.
However, OpenWrt waits until the wan interface is completely up, until
it tries to start up interfaces that depend on it.
This not only can delay the configuration of IPv6 addresses
significantly, but also makes configuration of the wan6 interface
impossible in WAN networks with out a DHCP server.
To solve this issue, a separate interface wan4 for dhcp, which also
reference the wan interface, is created and the proto of wan is set to
none.
Fixes: #114
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Migration from ar71xx to ath79 included changes to the ethernet/switch
driver for the target. This introduced a peculiar issue where
eth0 and eth1 are swapped for several devices. Most of the relevant
cases were already covered in 1cf4d762ff ("treewide: move devices
from ar71xx to ath79").
This switch also affects the Nanostation M, where the PoE-in port
is now eth1 und the PoE-out port is eth0. However, no action was
taken in the referenced patch, as nobody was aware of it then.
Since the Nanostation M is a two-port device, which we cannot
implement properly so far, it was implemented as a one-port with
the "primary" PoE-in port so far. This was broken by the ath79
introduction and is now fixed in this patch by using the one-port
setup on eth1. That way, the PoE-in port can now be switched by
ETHMODE as usual again.
Note that custom scripts, e.g. to set up the second port, need to
be adjusted manually, as that one is eth0 now.
Fixes: 1cf4d762ff ("treewide: move devices from ar71xx to ath79")
Fixes: #109 (gitea)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
We use the one-port implementation also on two-ports like the
Nanostation M. Therefore, hard-coding eth0 in configurenetwork
will break if the port implemented for the one-port setup
(SWITCHDEV/WANDEV) is not eth0.
Just use SWITCHDEV instead, like done for the rest of the one-port
setup.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
When creating a new uci section, the safest way to refer to it is
with index '-1'. While it (probably) does not make a functional
difference for our specific case, since we expect to only have one
section anyway, let's just make sure and use the proper indexing.
While at it, suppress output from the 'add' command.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
So far, we ensure the selection of a specific variant by copying
included Make files. This not only breaks if the packages are used
as a feed, but also is against the concept of how packages are used.
In this patch, the fff package is converted into a set of variants
that allow selection via a FFF_VARIANT variable that is exported by
buildscript. If no export happens, e.g. when using packages in a
feed, no package is selected.
Since the names fff-node and fff-layer3 are not available anymore,
the packages for the variants are called (though irrelevant for
the user):
* fff-variant-layer3
* fff-variant-node
The only drawback is that we now have to specify the list of
available variants in the buildscript. However, these values are
hardcoded in several other places as well, and the former code
based on file names was not really appealing anyway.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Allow setting WAN vlan/interface from gateway config.
A configuration without explicit definition of a WAN interface is
valid at the moment and results in the default configuration from
fff-network being used.
Originally, it was intended to automatically set WAN to vlan 2, if nothing was
specified. As this would break devices, which don't use swconfig for
WAN, the already configured WAN interface is left untouched.
Fixes: #85 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Instead of exposing the CPUPORT variable to the calling script
directly, wrap it into a function which can be called there.
Fixes: #52 (gitea)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
So far, we define PORTORDER individually in each network.* file.
This creates a lot of duplications, and makes the code to parse those
values very ugly (and it's only used outside of configurenetwork
anyway).
Therefore, move the assignment to a library file, and wrap it into
a function for tidyness. This gives us more overview and nicer
implementation of the retrieval.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
With 8d66bdf the port configuration of TP-Link Archer C7 has been
changed to a single-interface configuration.
This had unforseen side effects on upgraded devices. Because WANDEV
is evaluated from the updated network.* file, the port configuration
of the switch is evaluated from the update-safe network.config, which
is now incompatible with the updated interface configuration.
Therefore, a migration script has to be added, which updates the port
configuration in network.config to the new single-interface network
configuration.
Fixes: #60 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
In earlier firmware versions the prefix had to be written
in an incorrect syntax (missing a trailing colon).
To make hoodfiles with this old incorrect syntax work with
newer firmware versions like this one, we have to fix the
incorrect syntax. Both the old, incorrect and the correct
syntax work with this fix, so in the far away future, the
correct syntax can be used in hoodfiles.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit e5da228cb1.
With the patch there can be situations with just "*" in traceroute,
breaking MTU in wireguard. If R1 with IPv6 address from provider P1
is connected to Freifunk via wireguard, and another R2 with address
from provider P2 is behind it, then R1 won't answer to traceroutes
sent from R2.
Revert the patch for now.
Fixes: #66 (gitea)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
PKG_BUILD_DIR has the following default values set in include/package.mk,
in case no BUILD_VARIANT is set:
With PKG_VERSION set: $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
Without PKG_VERSION: $(BUILD_DIR)/$(PKG_NAME)
Consequently, all PKG_BUILD_DIR definitions in our packages are
redundant. Remove them.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
We do not use the IPv4 functionality of odhcpd, but use dnsmasq
for that. Use odhcpd-ipv6only instead.
This is also the default for OpenWrt.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Other than atoi, strtol allows to detect parsing errors.
Therefore atoi is replaced with strtol and appropriate error
checks are added.
Fixes: #33 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
The owipcalc tool provides an "add" algorithm which can be used
to concateneted IPv6 addresses from prefix and suffix.
Since it's available upstream and our string manipulation is ugly,
let's replace our IP concatenation with that tool. The package
consists of a single .c file with about 1000 lines resulting in
about 4 kB for the ipk package.
This patch does _not_ introduce any conceptual changes yet. Thus,
the "wrong" IPv6 prefix from KeyXchange will be expected in the
same format, it is just healed for the new code for now.
The change allows to get rid of some bloat, i.e. some quite trivial
custom functions on the way. This also drops the ipTidyColon()
function, as owipcalc seems to return the collapsed version by default.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The variables SERVICE_WRITE_PID and SERVICE_DAEMONIZE are not used by
procd, so they are removed.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The configuration of our firewall depends on the network configuration.
Most importantly, the firewall has to be restarted, if the WAN-interface
is changed.
Therefore, a procd reload trigger is added to the init-script, so our
firewall is automatically restarted, when the network configuration is
changed.
Fixes: #46 (gitea)
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
[fabian@blaese.de: Remove unrelated changes]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Some sysctls currently are completely useless, as they only exist if
specific kernel configurations are enabled, which we have not.
To hide the error message and prevent them from interfering
unintentionally, if new kernel configurations are activated in the
future, they are removed.
Fixes: #42 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
The net.ipv4.netfilter.ip* sysctls have been moved to
net.netfilter.nf* a long time ago, so they have been useless in our
firmware for quite a while.
It probably originally has been added because it was included in the
OpenWrt defaults and in earlier versions of our firmware the OpenWrt
defaults file got overwritten by our own one.
Because there does not seem to be any obvious reason to keep them (they
have been added without a comment in the commit or file) and they have
been inactive ever since they were moved in the kernel, they are removed
completely instead of using the correct path.
Fixes: #42 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
The cake scheduler is a popular fair queuing scheduler, which is also
capable of shaping traffic. Due to its sensible defaults it is very
easy to set up.
When tunnel traffic exceeds the capability of the transport connection,
firmware users might want to shape traffic, so meaningful queueing can be done
before tunnel packets are dropped. As this is typically combined with a fair
scheduler, cake provides a simple yet very powerful solution for both problems.
Therefore the cake kernel module is now included in the layer3 variant.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
When neither peer_ip nor ipaddr are set, no ipv4 address for peering
interfaces is available. Therefore, no IPv4 routes can be advertised.
Other than that, a configuration like this is perfectly valid and
configuration is already continued. Therefore, the "FATAL" message might
be misleading so it is replaced with "WARNING" and clarified slightly.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
On call -t we write the pid on /tmp/configure-layer3-pid.
If the script exits from user we use trap to run the new function keep_changes()
If the connections to the router lost, the user can run configure-layer3 -k after
reconnect to keep changes manually
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[wrap and rephrase exit comment, bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds a script to init.d to automatically call
the appropriate configure-layer3 commands after an upgrade,
so the configuration of the device is restored.
The changes are applied if configure-layer3 is successful.
Otherwise, they are reverted. Due to this, no additional checks for
the configuration are necessary: The configure-layer3 script
will fail if the config version is wrong or no configuration exists at all.
After executing the script destroys itself. With START=99,
the execution happens _after_ uci-defaults and configurenetwork,
and no interference is expected.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
[convert to init.d, extend commit message, rebase]
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Creating a directory via a .keep subfile is not really nice.
Use the OpenWrt mechanism for this instead.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
The former fff-web package is essentially for serving a user
interface (UI). Therefore, include the UI in the name to distinguish
it from other web packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
There might be scenarios where a user only needs the hood file,
but no WebUI (e.g. for 4M devices and node firmware), or only
the WebUI, but no hood file (e.g. layer3 firmware).
This separates the HTTP server (section) for the hood file into a
separate package fff-web-hood. The new package is then only added
to the node firmware.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Build/Prepare and Build/Configure are not required for packages
which only contain local files and do not need any compilation.
Remove them.
Note that Build/Compile needs to be present and empty to overwrite
the defaults, though.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The name br-mesh is actually quite misleading, since the bridge
actually includes the "client" interfaces. In order to make this
obvious, and to prevent confusion with the properly named wXmesh
interfaces, rename them to br-client.
Note that br-mesh is also particularly disturbing for the layer 3
firmware without batman-adv.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The term "gateway" is ambiguous, and we are using "layer 3" for this
flavor now. Reflect that in the package name as well.
This is cosmetic otherwise.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
configuregateway and it's gateway.d files represent a specific
functionality that other packages depend on. Thus, it is put into
a package of its own so dependencies can be expressed more properly.
While at, use the chance to get rid of the ambiguous term "gateway"
and rename the script to configure-layer3 and the folders to layer3.d.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
With this patch the router answers in traceroute over the fff table with
Freifunk IPs and not with the WAN IP. All other connections use the fff
table too.
We already have the rules with 5000 and 5001 so that wireguard does not use
the fff table anyway and connect the VPN only via the main table.
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Acked-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Some packages contain a whitespace at the start of TITLE, some
don't. This is completely irrelevant since Make strips leading
and trailing spaces anyway. Nevertheless, make it consistent.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
To add new menu items in other packages we need a modular construction:
- Simpel Babelweb
- Layer 3 configuration
and so on
Every menu item needs a file in /www/menu/ssl/ with the content
link,name
- link is the name of the html file without extension (.html)
- name is the text of the link in the webui
While at it, rename "Password" menu item to German "Passwort".
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
[bump PKG_RELEASE, use /www/menu, use script_file for link,
improve use of class_active, commit message adjustments,
improve variable names, keep HTML umlaut, keep Logout]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Certain files are only included, but are not meant to be accessed
via HTTP directly. Move those to a dedicated directory that is not
served via HTTP.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Add support for the TP-Link Archer C50 v4, a low-cost mt7628-based
dual-band router.
Label MAC address is on ethernet and 2.4 GHz WiFi.
The v4 uses the same hardware as the v3 variant, but v4 includes
the newer split uboot.
ATTENTION:
Initial flashing of this device requires additional steps:
As all installation methods require an U-Boot to be integrated into the
image (and we do not ship one with the image) we are not able to create
an image in our build-process.
Download a TP-Link image from their Website and a FFF/OpenWRT sysupgrade
image for the device and build yourself a factory image like following:
TP-Link image: tpl.bin
OpenWRT sysupgrade image: owrt.bin
> dd if=tpl.bin of=boot.bin bs=131584 count=1
> cat owrt.bin >> boot.bin
This image can be used for Web-UI and recovery, but not TFTP.
Additional instruction can be found in the OpenWrt commit
01dcd574a248 ("ramips: add support for Archer C50 v4")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This firewall was introduced as a countermeasure for very slow routers
directly connected to the internet without any firewall.
Our routers have got quite a bit faster since then. Also, a setup like
this is highly uncommon, especially for slower routers.
Therefore this firewall rule is removed.
Fixes: #138
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
When using NATs and tunnels at the same time, the correct
source address has to be used so the ICMP errors is sent
through the NAT. This is necessary so the NAT can modify
the ICMP payload so it is correctly identified by the
destination host, which is required for PMTUD
Fixes: #142
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
For historic reasons, the wan interface is set to eth1 as default
value. When updating the config for one-port devices in
configurenetwork, the same value is put there again if the mode
is switched to something != WAN, instead of just removing the
value.
While ifname actually is a mandatory value, this has been handled
inconsistently in the past, where ethmesh ifname was deleted, and
wan ifname was just changed back to eth1, when assigning the
actually relevant eth0 to a different task.
This concept was set up with a one-port device in mind, i.e. a
device where there is no eth1. However, this very setup routine
got applied to the Nanostation M as well (which is treated as
as one-port), where we suddenly have two interfaces and the eth1
exists.
So, while the user assumes it's unconfigured, the second port
actually becomes set up as WAN if the first one is != WAN.
If connected to a second device with CLIENT (=default) to provide
PoE there, this will create a loop.
So, finally, in order to somehow fix this mess, this patch just
changes the hardcoded "eth1" to "eth2". While this is no proper
fix, it perpetuates the original idea of keeping wan set to
something, but nothing which actually exists. However, there are
no sideeffects and we keep this minimal-invasive.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This seems to be a copy/paste error, what we want here is to
delete the entry from ethmesh, as we use WAN.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Users might want to manually set up proper scheduling or qos using tc.
bmon can be used to monitor current throughput and packet rates.
Both are now included in layer3 variant.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Flashing instructions:
The factory image needs to be uploaded via the OEM firmware GUI.
Notes:
The device is implemented as two-port in OpenWrt, i.e. it has
eth0/eth1 interfaces without switch setup. As our firmware currently
does not support that, this uses a switch setup with one port for
LAN.
Signed-off-by: Fabian Eppig <fabian@eppig.de>
[add commit message, apply alphetic sorting in bsp, remove config
changes apart from adding CONFIG_TARGET_DEVICE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
What was intended as grouping of logic operators actually invoked
a subshell. Remove the subshell by using a better choice of operators.
Found by shellcheck.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This removes two useless cat as found by shellcheck:
sumnew=$(cat "$hoodfiletmp" 2>/dev/null | sha256sum | cut -f1 -d " ")
^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
While not functionally relevant in our case, note that
cat <non-existant-file> | sha256sum
actually returns a hash code, while
sha256sum <non-existant-file>
does not return anything on stdout.
Since we check the existance of $hoodfiletmp before calling sha256sum,
though, we always have a hash value for at least one file, so two empty
checksum won't happen at that point.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Until now, IPv6 connectivity was only ensured by some custom sysctls.
OpenWrt has a proper way of enabling IPv6 client (SLAAC, as well as DHCPv6)
for an interface. Switching to OpenWrt's way of configuring client addresses
for an interface might also make configuration more reliable, as the appropriate
sysctls are now set by netifd. Especially OnePort and TwoPort devices will
benefit from this change, as IPv6 auto configuration does not have to be manually
enabled and disabled for a physical interface, but rather is set as an option for
our logical wan interface.
At the same time this change enables DHCPv6 client support for WAN.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The hidden AP creation is moved to the end of
configurehood, so it is executed right after hoodfile
changes are processed.
When keeping the long sleep before trying to gather hoodfiles
via wireless or ethernet, this should decrease the delay after
hood changes to a minimum, as mesh nodes don't have to wait
until configurehood on VPN nodes is executed a second time.
Because hoodfiles gathered via wireless or ethernet are not
copied to hoodfilewww (which is used to deliver the active
hoodfile via ethernet or wireless), only authoritative hoodfiles
(keyxchange and gateway) trigger the creation of a hidden AP.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of seperately checking for various conditions,
which don't actually guarantee that the hoodfile can be
fetched in a certain way (e.g. internet is available but
keyxchange is down), the already built in return value of
the hoodfile gathering functions is utilized.
This change slightly changes the behaviour of nodes in
certian edge cases:
- If no hoodfile could be fetched from keyxchange, the
next delivery method (getGatewayHoodfile) is used
- If the gateway is unable to deliver a hoodfile, nodes
now behave like the gateway is unreachable, instead of
continuing to use old hoodfiles
These behaviour changes should be an improvement over the
previous behaviour:
- VPN nodes don't disconnect and break the whole network
if the keyxchange is unreachable, but instead try to
fetch the hoodfile from the gateway
- Instead of checking for batman gateway announcements,
which are completely unrelated to hoodfile delivery using
fe80::1, the actual status of the hoodfile download is
utilized. This has two effects:
- hoodfile delivery using fe80::1 works even if batmans
gateway selection isn't used at all
- if the batman gateway selection is active, but fe80::1
hoodfile delivery is broken in the hood, the nodes disconnect
from the hood and try to gather their hoodfile from nerby
nodes. Previously they continued to use the old hoodfile.
This should make misconfigured gateways more apparent.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The factory image can either be flashed via the vendor WebUI or
the bootloader using nmrpflash.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
mtr can be a very helpful tool when debugging unstable
networks. The tool is able to list packet loss to all
routers to a destination in a nice console-based interface.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
For the layer-3 firmware, we currently do not support a hood file
for automatically creating a mesh. However, the link for the
hood file is still created in fff-web.
Move this setup to fff-hoods, which is specific to the node firmware.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
OpenWrt only builds and installs a packet for each architecture.
If a package is already fully built and installed for a architecture,
it is not rebuilt.
Because we have two different BSPs building two different targets (BOARDs)
using the same architecture (ath79 and ar71xx, mips), the fff-network package
is not reinstalled when switching between those.
However, we have defined an install step, which copies the necessary network
files seperated by board. But because the package is not rebuilt when switching
targets, the wrong network files might be present in the package.
To resolve this issue, the network files are now seperated by ARCH instead of
the target (i.e. the BOARD variable).
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This patch moves device support for ar71xx devices that are supported
in ath79. Building them with ath79 will be the new default.
The only devices remaining in ar71xx will be the following, as backporting
them to openwrt-19.07 is too complicated:
- cpe210-v1
- cpe510-v1
Accordingly, no tiny devices are left in ar71xx and we can drop the relevant
patches, and build ar71xx as generic again.
For the tl-wr741nd-v2, in ath79 the tplink_tl-wr741-v1 image is used.
The move from ar71xx to ath79 requires some adjustments on the way:
- The board names and image names on ath79 contain the vendor name,
where the former have it separated by a comma (tplink,cpe210-v2)
and the latter use an underscore (tplink_cpe210-v2). It is
safe to assume that this is the only difference between board and
image names.
Consequently, the ath79 devices will use their full board name also
in our firmware. A lot of renames in fff-boardname can be dropped.
The rename for fff-sysupgrade is already present in fff-upgrade.sh
While at it, fix that for the WDR4900 v1 as well.
- Due to a different switch driver, the startup of ethernet devices
is altered, which leads to eth0 and eth1 being swapped for some ath79
devices compared to ar71xx. This has been adjusted for SWITCHDEV/WANDEV
and MAC address setup.
- Since we have direct support for the AC Mesh now, use the proper
name instead of the AC Lite image. For Ubiquiti, different device
variants are now available as separate images.
- Remove left-over power-m-xw entry in cpuport file
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
The babel interface type 'tunnel' has some disadvantageous properties for
our network.
First, babel tries to evaluate the tunnel performance using the rtt. However,
this makes the network quite unstable, as rtt might fluctuate a lot, especially
on less reliable connections (e.g. LTE). Instead of fully falling back to an alternate
route, this rtt evaluation leads to a lot of flapping routes. Additionally, rtt
evaluation changes the metric of routes quite often, which leads to many unnessessary
babel messages in our network.
Also, babeld disables split-horizon processing on 'tunnel' interfaces per default.
However, split-horizon processing can be done in our point-to-point tunnel setup without
any issues and has the advantage of significantly reduced babel messages on a link with
many uplink routes.
Therefore, wireguard babel peers now use the interface type 'wired'.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE, adjust commit title prefix]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
As we now log output of cron scripts to syslog, the debug
output of curl spams the rather short-lived syslog. As this
debug output is unessesary most of the time, it now is disabled.
Instead, curl's silent option is used, together with '-S', which
reenables error output.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
IPv4 is not a requirement for VPN nodes. However, a working DNS
is a requirement for nodes connecting via VPN. Therefore the
hardcoded IPv4 address is removed from the internet test.
To improve readability, a loop is used instead of having a seperate
ping command for each host. The ping utility built into our firmware
supports both IPv4 and IPv6.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The configurehood script unconditionally sources various
libraries from other packages, which previously have not
been included in the fff-hoods package dependencies.
Add the missing dependencies to fff-network, fff-wireless,
fff-timeserver and jshn.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Do not suppress errors from uci command without a reason.
While at it, remove unused sourcing of library. This is a left-over
from the transition to KeyXchangeV2.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Do not suppress errors from uci command without a reason.
Despite, remove executable bit for sourced file.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The concept of configuregateway is to respond on the return codes
of the gateway.d files, and exit if anyone returns something different
than zero.
Thus, let's not exit in gateway.d files directly, but stick to that
logic and return 1.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Move retrieval of config version, as it makes sense to check for
existance of containing file beforehand.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
We check the return code in configuregateway, so let's give success
explicitly. This might not be strictly necessary now, but providing
it will make our lifes easier if the file is changed later.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This explicitly checks whether the config version is set at all,
instead of just comparing it, and provides a specific error message
for that case.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
We provide our own error message, so suppress the built-in one.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This updates the macnocker to a newer revision,
which moves 'interface not running' log messages to
log_trace, so it only appears when the highest debugging
level is activated.
Fixes: #139
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
When adding support for the TP-Link Archer C50 v3 and TL-WR841N v13,
their CPU port provided for layer-3 setup has not been set correctly.
Do it now.
Fixes: d165915178 ("ramips/mt76x8: Add support for TP-Link Archer C50 v3")
Fixes: 9343153547 ("ramips/mt76x8: Add support for TP-Link TL-WR841N v13")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This updates the macnocker to a newer revision, which
fixes log spamming if the batman interface is not running.
Fixes: #104
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This removes unnecessary package variables and rearranges the
remaining ones based on the common style in OpenWrt trunk.
In particular, this drops PKG_VERSION in favor of PKG_SOURCE_DATE,
since it does not seem reasonable to tag a version every time we
want to pull it. Despite, while we effectively pull via the
variable PKG_SOURCE_VERSION anyway, the PKG_VERSION might even
have hidden changes if not properly adjusted.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
uci-defaults scripts are supposed to be run once after firstboot
and then removed. However, the removal only takes place if the
subshell created for the sourced scripts returns exit code 0.
For some of the files, the last command returned a different exit
code, though, leading to the script remaining in its location and
being executed for every boot.
To prevent cases like the latter, this adds an "exit 0" to all
uci-defaults files in our package store. While at it, remove the
shebang for all these files since they are sourced (and not
executed).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Add traffic control status and rates to alfred data, which is also
available for the Monitoring then.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The version of batman_adv is read in a script inside fff-nodewatcher,
so it is possible that batman_adv is not installed.
Therefore, a new test is added to check if batman_adv is installed,
before reading and reporting its version.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
If a subscript exits with an exit status != 0, its output should not
be used. Because sending incomplete data sets might result in weird
edge cases, the nodewatcher is terminated and the output of other
subscripts is discarded.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Because nodewatcher is executed using a cron, but
our cron has no way to report the origin of a specific
log entry, a 'nodewatcher:' prefix is added to all debug
output.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Debug output is written to stderr now.
Therefore the output is happening in real time and
the current date and time are not necessary anymore.
Typically the date and time are added by the syslog
daemon.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Maintaining a logfile manually is complicated and
has no major improvements over just logging to stderr,
because nodewatcher is no deamon and can be run manually
for debugging purposes.
Also, the debug output from subscripts currently is not
written to the log file anyway and the debug level is not
used eiher.
Therefore, the file logging and debug level is removed
from nodewatcher, which simplifies the code a bit.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fabian Bläse
Adrian Schmutzler
Robert Langhammer
Christian Dresel
Fabian Eppig