The default cachesize for dnsmasq is 150 entries, which results in a
poor cache hit rate.
Raise the default to 1024 to provide better cache hit rates on all
devices while still keeping memory usage in check.
Further increase the cachesize to 8192 entries for systems with enough
ram (currently more than 64MB).
The memory usage will increase roughly 100B per entry.
The size was chosen empirically. Higher values don't seem to increase
cache hit rate a lot.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This adds snmp-utils support to facilitate testing future uses for s2nproxy
WIP/RFC for s2nproxy:
freifunk-franken/firmware#194
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The OOM killer does not make much sense on a router, because regardless
of which process is killed, most of the time some essential core
functionality is affected.
Set the panic on OOM sysctl, so every OOM leads to a kernel panic and
results in a reboot of the router, which restores a clean state.
Fixes: #131
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Previously, some interfaces in the client ifname list have been kept.
The actual reason for this is unknown, it might have been used for the
bat0 interfaces.
Filtering the interface list in this way might lead to interfaces being
retained unintentionally, especially with the diverse naming of DSA
interfaces.
As it is not required anymore, remove the retention of some interfaces
completely.
Fixes: #207
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Currently we are utilizing stacked bridges to keep configuration of DSA
devices as close as possible to swconfig devices. The lower bridge is
for configuration of the DSA hardware and is vlan-aware, while the upper
bridge is used to connect wireless interfaces to the client interface.
A packet arriving from the switch might have the offload_fwd_mark flag
set in the skb to prevent it from being sent to DSA ports, as this has
already been done in hardware.
However, this flag is not cleared before the skb is processed by the
upper bridge, which prevents it from being sent to any other ports of
that bridge. Therefore, communication is not possible between different
ports of that bridge, while communication with the bridge interface
itself is possible.
This issue affects both the layer3 and node variant, but due to the
layer 2 architecture of the node firmware, it is far more noticeable in
the node firmware, as it prevents ethernet clients from sending packets
to the gateway.
Work around this issue by clearing the offload_fwd_mark flag before
passing the skb up.
Fixes: #205
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
The base network configuration has been completely migrated to
uci-defaults scripts and any existing network configuration is dropped.
Therefore, the hardcoded /etc/config/network configuration file is not
required anymore. Remove it.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
With the recent rework of the network configuration, any existing
configuration is dropped in a uci-defaults script (22-network-base) and
generated from scratch. When rebasing this rather old patchset, the
packet_steering option was overlooked, so it is missing now.
Restore the removed packet_steering option by setting it using a
dedicated uci-defaults script.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
With a recent patchset the initial boot process of the fff-network
package has been significantly altered. The base network configuration
is now generated by a uci-defaults script which completely drops
any existing network configuration first (22-network-base).
Reorder some uci-defaults scripts which extend the base network
configuration with layer3-specific rules, so they are executed after
22-network-base.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Most of the configuration done in configurenetwork is static and does
not change after the first boot. Move this static configuration into a
uci-defaults script, which is only executed on first boot.
Configuration which might be changed at runtime (e.g. port assignment),
is kept in the configurenetwork script.
To improve readability and speed, combine multiple uci commands into a
uci batch. Drop any existing network configuration before applying our
own configuration. This requires the network.globals section to be
created explicitly. Also, the fdff:: addresses, ETHMESHMAC and ROUTERMAC
can be set unconditionally, as the uci-defaults script is only executed
once. Other than that, the static configuration has not been altered.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The explicit restat of fff-uradvd is not necessary anymore, as
appropriate procd reload triggers have been added, and reload_config is
executed after every run of configurenetwork.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Instead of both setting values in the uci configuration and applying
them manually, only set the values in the uci configuration and do a
combined reload_config afterward.
This not only ensures that the changes to the configuration are actually
correct, but also decreases the runtime of configurenetwork.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
fff-uradvd depends on values stored in the uci network config.
Therefore, a reload is required if the uci network config is modified.
As fff-uradvd does not support reloads, and possibly changing values are
given as command parameters, do a restart on procd reload.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Bump core, packages and routing.
Remove upstreamed build patches.
Remove ath10k memory hack and use the newly added ath10k-smallbuffers
variant instead, but only for devices which actually require it
(and therefore use ath10k-ct-smallbuffers by default).
Adjust for the newly introduced band option for wireless devices, which
is now emitted by OpenWrt by default.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
COMMITCOUNT allows to have the PKG_RELEASE calculated automatically
based on the number of commits for the package folder.
AUTORELEASE will count the number of commits since the last upstream
bump. This is relevant for packages with PKG_VERSION or
PKG_SOURCE_DATE set, but will not work for us since it assumes the
use of certain identifiers in commit titles.
COMMITCOUNT works fine for most of our packages, with the following
exceptions:
* fff-nodewatcher would yield a commit count of 55, while the
current PKG_RELEASE is 61. Thus, we do not touch it for now.
* Packages that have been renamed will start counting from 1 after
the rename, since folder renames are not tracked by git. This
will result in descreasing PKG_RELEASE after the change for
these packages.
However, since moving essentially creates a new package anyway,
counting from 1 makes sense conceptually, and PKG_RELEASE is
still replaced for these packages.
* alfred-json and fff-macnock use upstream code and thus would
normally require AUTORELEASE. As discussed above, this will
not work for us, so just leave these two untouched.
Note that all this is quite irrelevant for the way we use packages
currently, as without opkg PKG_RELEASE does not matter to us anyway.
So, let's just be happy about not having to bump PKG_RELEASE
anymore, while keeping the basic functionality intact.
The only package where the PKG_RELEASE is actually used for
something is fff-nodewatcher, where the version will be displayed
in the Monitoring.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[fabian@blaese.de: rebase, add new packages]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
With this new package it is possible to do SNAT for client IPv4.
The user must set a router_ip in gateway.meta.router_ip, so an ip
address is available for peering interfaces and reachability.
Currently, no extra filtering is done, so the client interface should
only use ip ranges, which are already filtered from being announced
(e.g. 192.168.0.0/16).
Using NAT for IPv4 significantly reduces the need for big
Freifunk-global IP range allocations.
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Co-authored-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Christian Dresel <freifunk@dresel.systems>
The removal of CIDR masks from ip addresses is changed to utilize
variable substitutions, which simplifies the expression.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
The router_ip option can be a list of multiple ip addresses. It is also
possible to specify a subnet using a CIDR mask.
Only a single ip is required for peering interfaces, so select only the
first list entry and remove the CIDR mask.
Fixes: #197
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Without a vid, netifd is running in an ifup-loop.
This situation is comming up after firstboot. An existing hoodfile causes a set vid.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Openwrt v21.02.0 contains a new Batman Adv that now offers hop_penalty per hardif.
We can use this to prefer one tunnel for outgoing traffic if there are several VPNs. Eg. fastd and vxlan.
This Patch sets the hop_penalty for the fastd tunnel to 30.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
This package adds vxlan support to the node variant and configures the vxlan-vpn tunnels to the gateways.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
---
A vpn section for vxlan in hoodfile:
"vpn": [
{
"name": "gatewayname",
"protocol": "vxlan",
"address": "gateway.url" (or IP)
}
"name" is optional.
---
This rewrite makes vpn-select modular to easely add new vpn-protocols.
The stuff dependent on the vpn-protocol is outsourced to files in /usr/lib/vpn-select.d/ and comes in with the respective vpn package. In this way it is easy to select or deselect vpnprotocols to be build in.
vpn-stop is removed to use the protocol independent start/stop mechanism of vpn-select. Instead, a symlink is used.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
20-clamp-mss:
Clamping is done in other parts of the network and to a very low static
value. This rules is very likely doing nothing at the moment.
20-filter-ssh:
These rules make use of the conntrack module to ratelimit incoming
connections. Using conntrack comes with a performance penalty for all
traffic. As an alternative, dropbear could be run behind an inetd(-like)
service that does the ratelimit, should removing this rule result in an
actual attack vector.
Removing both rules would enable us to unload the conntrack module all
together, potentially improving overall performance.
Fixes#183
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Acked-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Suppresses the unhelpful "uci: Entry not found" message when running
configure-layer3 -c in case there is no `ip6addr` set on the client
interface.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Some OpenWrt targets do not have subtargets. The filename only contains
the chipset in that case. Split the removal of chipset and subtarget
into multiple expressions, so the removal of the chipset works on
targets without subtargets as well.
Fixes: #187
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This reverts commit de9d4abf44.
As the compat_version has been bumped with the last release, this hack
can be removed, because the compat_version now is in sync with upstream.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Some devices use .tar or .img for their firmware images. Our buildscript
currently only generates checksums for .bin files. Therefore, generate
checksums for .tar and .img files as well.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-By: Johannes Kimmel <fff@bareminimum.eu>
Our last firmware release has a very specific edge case failure, where
only the edgerouter-x using the node-variant images is unable to boot.
The root cause of this issue could not be identified, but using a
slightly newer or slightly older kernel release than the 5.4.154
included with openwrt-21.02.1 fixes this issue.
Therefore, cherry pick the kernel bumps to 5.4.163 from the
openwrt-21.02 branch until the next OpenWrt release to fix this issue.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-By: Johannes Kimmel <fff@bareminimum.eu>
The mosquitto server is not necessary for the intended use case of
fff-mqtt. It was added to this package accidentally. Remove it to
prevent from running the server unintentionally.
Fixes: #174
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Add the missing subtarget variable, so the resulting binary is copied
from the correct location inside the OpenWrt build dir.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
If the router_ips don't happen to be included in the client network's
subnet, the decision defaults to a main table lookup. This causes
packets to choose the wrong interface.
This patch forces packets from a router_ip to be routed via the fff table.
Fixes: #175
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Memory consumption has increased enough with OpenWrt 21.02, that
devices with 32 MB memory do not work reliably anymore.
It might be possible to work around the 4 MB flash limitation, but
reducing memory consumption is quite a bit harder. It is very likely
that this is only possible with a signifcant reduction of feature.
As we do not support any devices that have enough memory but only 4 MB
of flash, drop support for devices with less than 8/64 MB alltogether.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed by: Robert Langhammer <rlanghammer@web.de>
OpenWrt images contain a compat_version, which is used to block upgrades
to newer versions with incompatible configuration, if the configuration
cannot be migrated.
As we maintain our own configuration and all OpenWrt configuration files
are dropped on an upgrade, this upgrade block is not required.
To simplify the upgrade process, retain the old compat_version for the
next release. The compat_version should be bumped manually on release, so
we stay compatible with OpenWrt releases.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed by: Robert Langhammer <rlanghammer@web.de>
The port override feature of network.config is hard to maintain, since
changes to devices (e.g. port configuration updates, switch to DSA) have
to be applied to this manual override as well.
As this feature is probably hardly used anyway, remove it.
The port override migration for the Archer C7 v2 is not necessary
anymore, remove it as well.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
With this package the mqtt settings can be configured over the webui.
Each user can use its own mqtt broker or a broker from another user.
This means that the user has a free choice of where to send or get data.
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Acked-by: Fabian Bläse <fabian@blaese.de>
This package allows to publish monitoring data from alfred
to the mqtt broker.
Anyone can access this data and can build its own monitoring.
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Acked-by: Fabian Bläse <fabian@blaese.de>
This package provides mosquitto and default settings.
mosquitto is used for mqtt communication.
With mqtt we can use a distributed mqtt broker for decentralized
communication.
We can use this for monitoring data or router configuration.
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Acked-by: Fabian Bläse <fabian@blaese.de>
If the user did not specify a dns server, set a fallback. Since we
already have multiple servers available on an anycast address, this
address is chosen instead of as specific server. This should avoid the
issue that the default server might deprecate suddenly.
A warning is still displayed to remind the user to conscientiously
choose a server and not rely on defaults.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
These entries are overwritten by any call to `configuregateway`.
Since they never get used, they should be removed.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
With this patch all installed tables are flushed.
We no longer have to worry about the modules
installed or not. (nat, mangle ...)
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
If the bridge created for DSA devices is configured without any members,
a single netifd reload is currently not sufficient to correctly apply
network settings. This is due to a bug in netifd (FS#4104).
Temporarily add a simple workaround by always configuring the bridge,
even if it does not have any member ports.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Due to the switch from swconfig to DSA, the switchport names have to be
migrated for some devices. Add a script to translate the switchport
names to their DSA equivalents, where applicable.
Fixes: #156
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Tested-by: Fabian Bläse <fabian@blaese.de>
This patch fixes the forwarding behavior of bridge in bridge
configurations with DSA.
Without it, the configuration of the upper bridge might overwrite
settings of the lower bridge. For example, a vlan-aware bridge
with DSA interfaces in it might be offloaded to the DSA hardware. If the
bridge interface itself gets slave of a different bridge without vlan
filtering, the vlan filtering setting of the lower bridge is overwritten
by the upper bridge, which results in an incorrect hardware
configuration.
This was backported from kernel 5.7.
Ref: https://github.com/openwrt/openwrt/pull/4493
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Since the ipq40xx ethernet driver has built-in handling for a few vlan
ids, this target requires a driver patch that disables this
functionality, so all vlan ids can be handled by the linux kernel.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Tested-by: Fabian Bläse <fabian@blaese.de>
For some purposes (e.g. SNAT, vxlan) it might be necessary to have an
additional address just for the router which is not attached to any
interfaces. Addresses like this are typically added to the loopback
interface.
The new options "router_ip" and "router_ip6" are added to the gateway
config to allow the user to configure such addresses. It is possible to
both specify the address with or without a subnet size.
The default configuration contains the IPv4 loopback address
(127.0.0.1/8) explicitly, but this is not necessary. These addresses are
configured automatically, even if they are not present in the
configuration, so they can safely be removed, if present.
The filters of our routing daemon babeld are adjusted accordingly, so
the newly added addresses are announced correctly.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
This currently includes a patch to add the label-mac alias in the
devices DTS file, which is also submitted upstream.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Tested-by: Fabian Bläse <fabian@blaese.de>
The SIGHUP signal is sent to a process if a hangup is detected on the
controlling terminal. This might happen if the ssh session, from which
the test mode was started, is disconnected.
Because ssh session disconnects might happen due to network
reconfiguration, aborting the test mode without restoring the old
settings might make the device unreachable.
Instead, disable the SIGHUP signal when test mode is activated, so
the script is either killed by the user (after successful configuration)
or the timer expires and the old settings are restored.
Fixes: #141
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
The IPv4 source routing features was removed from babeld with version
1.10. Therefore, the first_table_number option is not needed anymore and
its existance stops babeld from starting up.
As babeld 1.10 is included with OpenWrt 21.02, which is currently used
for our firmware, this option is removed.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
The OpenWrt function get_mac_label resides in /lib/functions/system.sh,
so it has to be included, if we want to use this function.
This include was missing in the fff-wireguard layer3 configuration
script, so it is added here.
Fixes: 68c7d75a1b ("treewide: exploit label MAC address from OpenWrt")
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Receive packet steering (RPS) is a linux feature to improve forwarding
performance by distributing the forwarding of packets across multiple
cpus. This is necessary for network devices which have less queues than
cpu cores.
OpenWrt allows to enable RPS easily by setting the global option
'packet_steering' in the network configuration. With earlier OpenWrt
versions this option was enabled by default. However, the default value
was changed with OpenWrt 21.02.
Enable this option agian to improve forwarding performance on routers
with multiple cpu cores.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Some devices had to be disabled starting with OpenWrt 21.02 due to their
new DSA switch drivers.
As support for DSA configuration has since been added to fff-network,
this makes use of this configuration for devices with DSA drivers.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Starting with OpenWrt 21.02 some devices now use upstream kernel drivers
for the built-in switch instead of relying on OpenWrt's swconfig driver.
The upstream kernel drivers use the Distributed Switch Architecture
(DSA) for configuration of the switch. Instead of explicitly configuring
the hardware switch, all ports appear as distinct interfaces and linux
bridges are offloaded to the hardware switch if possible.
To keep changes small, this patch adds support for DSA devices by
setting up a linux bridge, which is then treated just like the
cpuport-interface of the swconfig driver.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
With commit 1946aaca87 the variantselection has changed.
This adapts dep-tree to the new situation.
Additional:
* The variant can now passed by as an option.
* A help text is added.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
git pull combines two steps: fetch and merge. When checking out
another revision into an existing build directory, git pull tries to merge
the changes from the new revision into the current HEAD, before checking
out the new revision with git checkout. Because we apply various patches
to OpenWrt, the merge step almost certainly fails, so the new revision
is not checked out.
As the merge isn't needed anyway, use git fetch instead, which only
fetches updates from the remote without actually applying them.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
It is hard to read non colorized ip output.
This adds an alias to colorize ip by default.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
To make it clear why the set sysctls are necessary, add appropriate
comments to them. Also reorder them for improved readability.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Many of the set sysctls are either unnecessary, are already default in
the kernel or in OpenWrts defaults, or the reason for them being
explicitly set is unknown.
Remove all those sysctls from fff-network, as unfounded deviations from
default values will cause hard-to-debug problems in the future.
The original motivation for this patch is the netdev_max_backlog sysctl,
which was set to a very low value without any reason or comment.
This hurt forwarding performance on mt7621 with DSA significantly and
took quite a while to discover.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Use the git.freifunk-franken.de OpenWrt mirror for OpenWrt itsel and
OpenWrt feeds to reduce upstream traffic.
This is especially important since a clean build currently requires
a fresh clone of all repositories.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Bump core, packages and routing.
Refresh patches.
This includes babeld 1.10.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This migrates the support for the TP-Link CPE210 v1 and CPE510 v1
so they are recognized by the new two-port setup code.
Assignment of ports should be consistent to the ar71xx implementation,
i.e. primary port (PoE in) assigned to WAN and secondary port (PoE out)
assigned to CLIENT by default.
Note that this is the exact opposite of the default configuration of
what OpenWrt does (but both have been consistent in behavior).
Since they work again, also re-enable image transfer.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Support native two-port devices by adding TWO_PORT variable and
exploiting the LAN0PORT and LAN1PORT variables designed for the
TP-Link CPE devices. Since the latter have been converted to
real two-port devices, we can now repurpose these variable for
the new setup.
This exploits the existing WANDEV and SWITCHDEV variables to
define the primary and secondary interfaces.
Note that by default this takes the initial values from network.mode,
so if initial WAN/CLIENT should swapped, this has to be added to
the relevant network.* file of the devices.
No device-specific changes are done in this patch.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
So far, all one-port devices also triggered the switch-based setup
in configurenetwork, as the one-port condition was not checked
there. While the relevant parts are overwritten by the one-port
config which comes later in the script, it still creates a lot
of useless/broken switch/vlan setup entries in /etc/config/network.
Properly check for one-port vs. non-one-port in the file, without
touching anything else.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Dropbear supports ed25519 keys since OpenWrt 21.02.
Also, ecdsa is supported since v19.07, but disabled in our firmware.
Keep the generated ed25519 and ecdsa host key accross upgrades.
While at it, remove dss host keys, as they are not supported anymore.
5eb7864aadd5 ("dropbear: rewrite init script startup logic to handle both host key files")
8a7a93947004 ("dropbear: remove generation and configuration of DSS keys")
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Because wireguard is part of the Linux kernel starting with version 5.6,
the wireguard packages have been renamed upstream.
Update our dependencies to match this.
This fixes build for the layer3 variant.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[add fix comment]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
OpenWrt 21.02 has switched all MT7621 devices to DSA. Since we
do not support network config in this case, disable all these
devices by commenting out their image selectors.
Note that this will still build them, and only prevent having the
images in our dedicated folder.
If support is reestablished, this patch simply needs to be
reverted.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
OpenWrt 21.02 only uses ath79, ar71xx has been dropped. However,
in ath79 the TP-Link CPE210 v1 and CPE510 v1 are implemented as
two-port devices. We currently do not support that in our firmware.
Thus, disable both devices by commenting out their image selectors.
Note that this will still build them, and only prevent having the
images in our dedicated folder.
If support is reestablished, this patch simply needs to be
reverted.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The subtarget has been renamed upstream, so let's just update our
stuff.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The Bullet M (XM) was sold with two different SoCs, AR7241 and
AR7240, which cannot be served by one DTS. This implements both
versions as done in OpenWrt.
Note that those variants may not be distinguished from the outside.
The AR7241 version appears to be the more recent and more abundant
version.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
These hacks have been removed in OpenWrt commit 1e27befe63ff ("mac80211:
remove ath10k_pci memory hacks").
However, since we still use mainline ath10k, we will need them.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This effectively reverts upstream commit e79df3516d3e ("build: add
libustream and certs to default pkgs").
The libustream-wolfssl library conflicts with the libustream-mbedtls
we are selecting in fff-web-ui and is probably much bigger.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
In the latest release, OpenWrt provides the label MAC address for
many devices. All of our devices should be covered.
In can be retrieved by the function
get_mac_label
from /lib/functions/system.sh
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Some devices were renamed since the last stable release.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Bump core, packages and routing.
Refresh patches, remove upstreamed ones.
The patch "Add batman-adv patch to remove gw mode switch message" is
removed since batman-adv dropped the sysfs entirely. There was no
obvious replacement for the debug output, so this is dropped until
the problem is found again with a different source (which may never
happen).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The SPDX license identifier provides a standardized way for specifying
licenses that is both human- and machine-readable. It is used upstream
both in OpenWrt and the Linux kernel.
Replace licenses in our repository by those identifiers.
The full-text licenses corresponding to these identifiers are
provided in the LICENSES folder.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
We do not use any *.tpl files anymore, so remove the routine for
installing them.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
So far, we remove the old and copy a fresh new OpenWrt directory
into the build directory on prepare. There is no need to do this,
as OpenWrt/Make is capable of detecting changes and we do properly
update the feeds and patches already.
So, just clone the OpenWrt main repo into builddir directly, and
just checkout/apply patches during prepare.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Bump main repo, packages and routing.
Refresh patches, drop patch applied to mt76.
Relevant changes are mostly security fixes for netifd and odhcp6c
and bug fixes for dnsmasq.
More information:
https://openwrt.org/releases/19.07/notes-19.07.7
This also includes two non-trivial fixes to alfred (openwrt-routing):
97e760095578 ("alfred: Fix procd process handling for disable state")
369908cb0a0e ("alfred: Start up alfred without valid interfaces")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This adds an option 'disabled' that will allow to disable
nodewatcher when desired.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This package is the owner of the config file, so add it to the
Makefile. This will have vanilla OpenWrt copy it during upgrade.
Since we disable this mechanism, it will not change anything for
our standard firmware. But it will improve the situation if this
package is used in vanilla OpenWrt.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
If /etc/config/nodewatcher already exists, a proper uci-defaults
script should not overwrite it. Since this package is the owner
of the config file, this change won't change anything for the
current firmware, but will allow to use this as a package, too.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The uci-defaults scripts are meant to provide defaults for a
specific package. Distributing them across several packages makes
no sense and just makes maintainance worse.
Thus, move the network part of the initialization back to the
proper package. While at it, suppress output from add commands.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
With commit [1] the ipv4 firewall on wan interface was removed.
This patch adds the ssh connection limit for ipv4.
IPv6 is already limited.
[1] 52e15e072c ("fff-firewall: Remove ssh firewall on WAN interface")
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
[improve commit reference]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The dynamic completion of the variants is broken since 1946aaca87
("fff: create proper package variants instead of copying file").
This hardcodes the available variants. They won't change often.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
[add more verbose commit reference]
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Removes the firewall ebtables entry.
alfred-monitoring-proxy is only useful in layer3 variant, where no
ebtables rules are set.
With this typo the ebtables command was never active and the
resulting error was never shown.
Fixes: 9b5d3f1aeb ("fff-alfred-monitoring-proxy: add package")
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
[fix typos in message, add Fixes:]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In '/etc/network.ubnt,unifiac-mesh', we include a file that does
not exist on ath79 anymore. This causes the script execution to
abort and will have configurenetwork not run at all, making the
device quite inaccessible.
Remove the include as it never had any use anyway. Remove another
unused include as well, and add the proper dependency instead.
This fix was first proposed more than 2.5 years ago.
Fixes: #130 (gitea)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The "available" amount of memory is helpful for several forensic
and debugging cases. Send it via alfred.
Monitoring support has already been implemented.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Source address filtering (RFC3704) can be used to mitigate source
address spoofing. However, strict mode only works when routes are
strictly symmetric. If routes are asymmetric, it can happen that
the best route to the source address of a packet is via a different
interface.
Because there is no guarantee that routes have to be symmetric in the
Freifunk Franken backbone network, we cannot use strict mode. Because
default routes are used in the Freifunk Franken backone, loose mode
could be used, but does not make any sense. Instead, revert back to the
kernel default setting, which currently is 0 (disabled).
While this change affects both layer3 and node variant, nothing changes
for the node firmware, because it does not forward packets.
Fixes: #123
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Previously, an additional wan6 interface for SLAAC has been added, which
references the wan interface for its interface.
However, OpenWrt waits until the wan interface is completely up, until
it tries to start up interfaces that depend on it.
This not only can delay the configuration of IPv6 addresses
significantly, but also makes configuration of the wan6 interface
impossible in WAN networks with out a DHCP server.
To solve this issue, a separate interface wan4 for dhcp, which also
reference the wan interface, is created and the proto of wan is set to
none.
Fixes: #114
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Migration from ar71xx to ath79 included changes to the ethernet/switch
driver for the target. This introduced a peculiar issue where
eth0 and eth1 are swapped for several devices. Most of the relevant
cases were already covered in 1cf4d762ff ("treewide: move devices
from ar71xx to ath79").
This switch also affects the Nanostation M, where the PoE-in port
is now eth1 und the PoE-out port is eth0. However, no action was
taken in the referenced patch, as nobody was aware of it then.
Since the Nanostation M is a two-port device, which we cannot
implement properly so far, it was implemented as a one-port with
the "primary" PoE-in port so far. This was broken by the ath79
introduction and is now fixed in this patch by using the one-port
setup on eth1. That way, the PoE-in port can now be switched by
ETHMODE as usual again.
Note that custom scripts, e.g. to set up the second port, need to
be adjusted manually, as that one is eth0 now.
Fixes: 1cf4d762ff ("treewide: move devices from ar71xx to ath79")
Fixes: #109 (gitea)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
We use the one-port implementation also on two-ports like the
Nanostation M. Therefore, hard-coding eth0 in configurenetwork
will break if the port implemented for the one-port setup
(SWITCHDEV/WANDEV) is not eth0.
Just use SWITCHDEV instead, like done for the rest of the one-port
setup.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Previously, we have added a passwd function to our shell which executes
passwd and restarts uhttpd afterwards, so the WebUI password is updated.
This adds the ability to still pass command-line arguments to passwd.
The quoting of the shell variable $@ is special:
"$@" expands to "$1" "$2" .., so its use is correct here.
Fixes: #117
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Some time ago, the firmware created a directory for each target
and built OpenWrt separately there. In this situation, it made
sense to download files only once and share them between these
build directories.
However, since we nowadays only have one build directory for all
targets, this makes no sense anymore. Remove the link.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
When creating a new uci section, the safest way to refer to it is
with index '-1'. While it (probably) does not make a functional
difference for our specific case, since we expect to only have one
section anyway, let's just make sure and use the proper indexing.
While at it, suppress output from the 'add' command.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
So far, we ensure the selection of a specific variant by copying
included Make files. This not only breaks if the packages are used
as a feed, but also is against the concept of how packages are used.
In this patch, the fff package is converted into a set of variants
that allow selection via a FFF_VARIANT variable that is exported by
buildscript. If no export happens, e.g. when using packages in a
feed, no package is selected.
Since the names fff-node and fff-layer3 are not available anymore,
the packages for the variants are called (though irrelevant for
the user):
* fff-variant-layer3
* fff-variant-node
The only drawback is that we now have to specify the list of
available variants in the buildscript. However, these values are
hardcoded in several other places as well, and the former code
based on file names was not really appealing anyway.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Allow setting WAN vlan/interface from gateway config.
A configuration without explicit definition of a WAN interface is
valid at the moment and results in the default configuration from
fff-network being used.
Originally, it was intended to automatically set WAN to vlan 2, if nothing was
specified. As this would break devices, which don't use swconfig for
WAN, the already configured WAN interface is left untouched.
Fixes: #85 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Instead of exposing the CPUPORT variable to the calling script
directly, wrap it into a function which can be called there.
Fixes: #52 (gitea)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
So far, we define PORTORDER individually in each network.* file.
This creates a lot of duplications, and makes the code to parse those
values very ugly (and it's only used outside of configurenetwork
anyway).
Therefore, move the assignment to a library file, and wrap it into
a function for tidyness. This gives us more overview and nicer
implementation of the retrieval.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
With 8d66bdf the port configuration of TP-Link Archer C7 has been
changed to a single-interface configuration.
This had unforseen side effects on upgraded devices. Because WANDEV
is evaluated from the updated network.* file, the port configuration
of the switch is evaluated from the update-safe network.config, which
is now incompatible with the updated interface configuration.
Therefore, a migration script has to be added, which updates the port
configuration in network.config to the new single-interface network
configuration.
Fixes: #60 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
In earlier firmware versions the prefix had to be written
in an incorrect syntax (missing a trailing colon).
To make hoodfiles with this old incorrect syntax work with
newer firmware versions like this one, we have to fix the
incorrect syntax. Both the old, incorrect and the correct
syntax work with this fix, so in the far away future, the
correct syntax can be used in hoodfiles.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit e5da228cb1.
With the patch there can be situations with just "*" in traceroute,
breaking MTU in wireguard. If R1 with IPv6 address from provider P1
is connected to Freifunk via wireguard, and another R2 with address
from provider P2 is behind it, then R1 won't answer to traceroutes
sent from R2.
Revert the patch for now.
Fixes: #66 (gitea)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
PKG_BUILD_DIR has the following default values set in include/package.mk,
in case no BUILD_VARIANT is set:
With PKG_VERSION set: $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
Without PKG_VERSION: $(BUILD_DIR)/$(PKG_NAME)
Consequently, all PKG_BUILD_DIR definitions in our packages are
redundant. Remove them.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
We do not use the IPv4 functionality of odhcpd, but use dnsmasq
for that. Use odhcpd-ipv6only instead.
This is also the default for OpenWrt.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Other than atoi, strtol allows to detect parsing errors.
Therefore atoi is replaced with strtol and appropriate error
checks are added.
Fixes: #33 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
If the password is changed via SSH, the web UI still
used the old password until uhttpd is restart.
Fix it by forcing uhttpd restart when passwd is called.
Fixes: #11 (gitea)
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
[add commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The owipcalc tool provides an "add" algorithm which can be used
to concateneted IPv6 addresses from prefix and suffix.
Since it's available upstream and our string manipulation is ugly,
let's replace our IP concatenation with that tool. The package
consists of a single .c file with about 1000 lines resulting in
about 4 kB for the ipk package.
This patch does _not_ introduce any conceptual changes yet. Thus,
the "wrong" IPv6 prefix from KeyXchange will be expected in the
same format, it is just healed for the new code for now.
The change allows to get rid of some bloat, i.e. some quite trivial
custom functions on the way. This also drops the ipTidyColon()
function, as owipcalc seems to return the collapsed version by default.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The variables SERVICE_WRITE_PID and SERVICE_DAEMONIZE are not used by
procd, so they are removed.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The configuration of our firewall depends on the network configuration.
Most importantly, the firewall has to be restarted, if the WAN-interface
is changed.
Therefore, a procd reload trigger is added to the init-script, so our
firewall is automatically restarted, when the network configuration is
changed.
Fixes: #46 (gitea)
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
[fabian@blaese.de: Remove unrelated changes]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Some sysctls currently are completely useless, as they only exist if
specific kernel configurations are enabled, which we have not.
To hide the error message and prevent them from interfering
unintentionally, if new kernel configurations are activated in the
future, they are removed.
Fixes: #42 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
The net.ipv4.netfilter.ip* sysctls have been moved to
net.netfilter.nf* a long time ago, so they have been useless in our
firmware for quite a while.
It probably originally has been added because it was included in the
OpenWrt defaults and in earlier versions of our firmware the OpenWrt
defaults file got overwritten by our own one.
Because there does not seem to be any obvious reason to keep them (they
have been added without a comment in the commit or file) and they have
been inactive ever since they were moved in the kernel, they are removed
completely instead of using the correct path.
Fixes: #42 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Bump main repo and packages. (No changes for routing.)
Refresh patches (no diff returned).
This is a small release containing mostly kernel and package updates
and security fixes.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
vxlan support in 19.07.5 is very limited.
This set of patches adds
- more flexible source ip selection
- control over most options
- multiple remote endpoint configuration
List of patches backported:
- 5222aadbf3 vxlan: remove mandatory peeraddr
- 65e9de3c33 vxlan: add capability for multiple fdb entries
- 036221ce5a vxlan: add extra config options
- ad3044c424 vxlan: fix rsc config option
- 3f5619f259 vxlan: allow for dynamic source ip selection (FS#3426)
- a3c033e2af netifd: vxlan: handle srcport range
- 226566b967 netifd: vxlan: refactor mapping of boolean attrs
- 11223f5550 netifd: vxlan: add most missing boolean options
- 55a7b6b7f2 netifd: vxlan: add aging and maxaddress options
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Tested-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[refresh patches and remove some bloat]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The package 'realpath' isn't available anymore on Debian 10, it is
part of coreutils now.
Reported-by: Felix Luber <Felix.Luber@servercreator.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The only part that is changed regularly inside buildscript are
the OpenWrt and package revisions and the selected packages.
Move them up and put them into dedicated variables so it is more
obvious what to change and easier to do so.
While at it, remove outdated COMPAT_VERSION comment from Gluon
package; we don't pull it from there anyway. Update comment on
feed definition syntax as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The cake scheduler is a popular fair queuing scheduler, which is also
capable of shaping traffic. Due to its sensible defaults it is very
easy to set up.
When tunnel traffic exceeds the capability of the transport connection,
firmware users might want to shape traffic, so meaningful queueing can be done
before tunnel packets are dropped. As this is typically combined with a fair
scheduler, cake provides a simple yet very powerful solution for both problems.
Therefore the cake kernel module is now included in the layer3 variant.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
When neither peer_ip nor ipaddr are set, no ipv4 address for peering
interfaces is available. Therefore, no IPv4 routes can be advertised.
Other than that, a configuration like this is perfectly valid and
configuration is already continued. Therefore, the "FATAL" message might
be misleading so it is replaced with "WARNING" and clarified slightly.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Grepping `/proc/cpuinfo` does not yield the correct number of available
cpus when running in a docker container or setting the number of
available cpus with taskset.
```
$ taskset 1 grep -c processor /proc/cpuinfo
8
$ taskset 1 nproc
1
```
This will prevent using too many build jobs on environments where the
number of available cpus is reduced.
`nproc` is part of `coreutils`.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
On call -t we write the pid on /tmp/configure-layer3-pid.
If the script exits from user we use trap to run the new function keep_changes()
If the connections to the router lost, the user can run configure-layer3 -k after
reconnect to keep changes manually
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[wrap and rephrase exit comment, bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds a script to init.d to automatically call
the appropriate configure-layer3 commands after an upgrade,
so the configuration of the device is restored.
The changes are applied if configure-layer3 is successful.
Otherwise, they are reverted. Due to this, no additional checks for
the configuration are necessary: The configure-layer3 script
will fail if the config version is wrong or no configuration exists at all.
After executing the script destroys itself. With START=99,
the execution happens _after_ uci-defaults and configurenetwork,
and no interference is expected.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
[convert to init.d, extend commit message, rebase]
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Creating a directory via a .keep subfile is not really nice.
Use the OpenWrt mechanism for this instead.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
The former fff-web package is essentially for serving a user
interface (UI). Therefore, include the UI in the name to distinguish
it from other web packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
There might be scenarios where a user only needs the hood file,
but no WebUI (e.g. for 4M devices and node firmware), or only
the WebUI, but no hood file (e.g. layer3 firmware).
This separates the HTTP server (section) for the hood file into a
separate package fff-web-hood. The new package is then only added
to the node firmware.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Build/Prepare and Build/Configure are not required for packages
which only contain local files and do not need any compilation.
Remove them.
Note that Build/Compile needs to be present and empty to overwrite
the defaults, though.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The name br-mesh is actually quite misleading, since the bridge
actually includes the "client" interfaces. In order to make this
obvious, and to prevent confusion with the properly named wXmesh
interfaces, rename them to br-client.
Note that br-mesh is also particularly disturbing for the layer 3
firmware without batman-adv.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The term "gateway" is ambiguous, and we are using "layer 3" for this
flavor now. Reflect that in the package name as well.
This is cosmetic otherwise.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
configuregateway and it's gateway.d files represent a specific
functionality that other packages depend on. Thus, it is put into
a package of its own so dependencies can be expressed more properly.
While at, use the chance to get rid of the ambiguous term "gateway"
and rename the script to configure-layer3 and the folders to layer3.d.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
With this patch the router answers in traceroute over the fff table with
Freifunk IPs and not with the WAN IP. All other connections use the fff
table too.
We already have the rules with 5000 and 5001 so that wireguard does not use
the fff table anyway and connect the VPN only via the main table.
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Acked-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Some packages contain a whitespace at the start of TITLE, some
don't. This is completely irrelevant since Make strips leading
and trailing spaces anyway. Nevertheless, make it consistent.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
To add new menu items in other packages we need a modular construction:
- Simpel Babelweb
- Layer 3 configuration
and so on
Every menu item needs a file in /www/menu/ssl/ with the content
link,name
- link is the name of the html file without extension (.html)
- name is the text of the link in the webui
While at it, rename "Password" menu item to German "Passwort".
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
[bump PKG_RELEASE, use /www/menu, use script_file for link,
improve use of class_active, commit message adjustments,
improve variable names, keep HTML umlaut, keep Logout]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Certain files are only included, but are not meant to be accessed
via HTTP directly. Move those to a dedicated directory that is not
served via HTTP.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Add support for the TP-Link Archer C50 v4, a low-cost mt7628-based
dual-band router.
Label MAC address is on ethernet and 2.4 GHz WiFi.
The v4 uses the same hardware as the v3 variant, but v4 includes
the newer split uboot.
ATTENTION:
Initial flashing of this device requires additional steps:
As all installation methods require an U-Boot to be integrated into the
image (and we do not ship one with the image) we are not able to create
an image in our build-process.
Download a TP-Link image from their Website and a FFF/OpenWRT sysupgrade
image for the device and build yourself a factory image like following:
TP-Link image: tpl.bin
OpenWRT sysupgrade image: owrt.bin
> dd if=tpl.bin of=boot.bin bs=131584 count=1
> cat owrt.bin >> boot.bin
This image can be used for Web-UI and recovery, but not TFTP.
Additional instruction can be found in the OpenWrt commit
01dcd574a248 ("ramips: add support for Archer C50 v4")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Fixes low signal issue for 2.4 GHz for the TP-Link Archer C50 v4.
The first two bytes in the eeprom are the chip id. The working
devices have 0x7628 there, whereas the non-working devices have
0x7600 there. This chip id gets checked by the function
mt7603_check_eeprom() which leads the driver to ignore the
contents of the eeprom partition and load default values from otp.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This firewall was introduced as a countermeasure for very slow routers
directly connected to the internet without any firewall.
Our routers have got quite a bit faster since then. Also, a setup like
this is highly uncommon, especially for slower routers.
Therefore this firewall rule is removed.
Fixes: #138
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
When using NATs and tunnels at the same time, the correct
source address has to be used so the ICMP errors is sent
through the NAT. This is necessary so the NAT can modify
the ICMP payload so it is correctly identified by the
destination host, which is required for PMTUD
Fixes: #142
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
For historic reasons, the wan interface is set to eth1 as default
value. When updating the config for one-port devices in
configurenetwork, the same value is put there again if the mode
is switched to something != WAN, instead of just removing the
value.
While ifname actually is a mandatory value, this has been handled
inconsistently in the past, where ethmesh ifname was deleted, and
wan ifname was just changed back to eth1, when assigning the
actually relevant eth0 to a different task.
This concept was set up with a one-port device in mind, i.e. a
device where there is no eth1. However, this very setup routine
got applied to the Nanostation M as well (which is treated as
as one-port), where we suddenly have two interfaces and the eth1
exists.
So, while the user assumes it's unconfigured, the second port
actually becomes set up as WAN if the first one is != WAN.
If connected to a second device with CLIENT (=default) to provide
PoE there, this will create a loop.
So, finally, in order to somehow fix this mess, this patch just
changes the hardcoded "eth1" to "eth2". While this is no proper
fix, it perpetuates the original idea of keeping wan set to
something, but nothing which actually exists. However, there are
no sideeffects and we keep this minimal-invasive.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This seems to be a copy/paste error, what we want here is to
delete the entry from ethmesh, as we use WAN.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Users might want to manually set up proper scheduling or qos using tc.
bmon can be used to monitor current throughput and packet rates.
Both are now included in layer3 variant.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Flashing instructions:
The factory image needs to be uploaded via the OEM firmware GUI.
Notes:
The device is implemented as two-port in OpenWrt, i.e. it has
eth0/eth1 interfaces without switch setup. As our firmware currently
does not support that, this uses a switch setup with one port for
LAN.
Signed-off-by: Fabian Eppig <fabian@eppig.de>
[add commit message, apply alphetic sorting in bsp, remove config
changes apart from adding CONFIG_TARGET_DEVICE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
What was intended as grouping of logic operators actually invoked
a subshell. Remove the subshell by using a better choice of operators.
Found by shellcheck.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This removes two useless cat as found by shellcheck:
sumnew=$(cat "$hoodfiletmp" 2>/dev/null | sha256sum | cut -f1 -d " ")
^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
While not functionally relevant in our case, note that
cat <non-existant-file> | sha256sum
actually returns a hash code, while
sha256sum <non-existant-file>
does not return anything on stdout.
Since we check the existance of $hoodfiletmp before calling sha256sum,
though, we always have a hash value for at least one file, so two empty
checksum won't happen at that point.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Until now, IPv6 connectivity was only ensured by some custom sysctls.
OpenWrt has a proper way of enabling IPv6 client (SLAAC, as well as DHCPv6)
for an interface. Switching to OpenWrt's way of configuring client addresses
for an interface might also make configuration more reliable, as the appropriate
sysctls are now set by netifd. Especially OnePort and TwoPort devices will
benefit from this change, as IPv6 auto configuration does not have to be manually
enabled and disabled for a physical interface, but rather is set as an option for
our logical wan interface.
At the same time this change enables DHCPv6 client support for WAN.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The hidden AP creation is moved to the end of
configurehood, so it is executed right after hoodfile
changes are processed.
When keeping the long sleep before trying to gather hoodfiles
via wireless or ethernet, this should decrease the delay after
hood changes to a minimum, as mesh nodes don't have to wait
until configurehood on VPN nodes is executed a second time.
Because hoodfiles gathered via wireless or ethernet are not
copied to hoodfilewww (which is used to deliver the active
hoodfile via ethernet or wireless), only authoritative hoodfiles
(keyxchange and gateway) trigger the creation of a hidden AP.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of seperately checking for various conditions,
which don't actually guarantee that the hoodfile can be
fetched in a certain way (e.g. internet is available but
keyxchange is down), the already built in return value of
the hoodfile gathering functions is utilized.
This change slightly changes the behaviour of nodes in
certian edge cases:
- If no hoodfile could be fetched from keyxchange, the
next delivery method (getGatewayHoodfile) is used
- If the gateway is unable to deliver a hoodfile, nodes
now behave like the gateway is unreachable, instead of
continuing to use old hoodfiles
These behaviour changes should be an improvement over the
previous behaviour:
- VPN nodes don't disconnect and break the whole network
if the keyxchange is unreachable, but instead try to
fetch the hoodfile from the gateway
- Instead of checking for batman gateway announcements,
which are completely unrelated to hoodfile delivery using
fe80::1, the actual status of the hoodfile download is
utilized. This has two effects:
- hoodfile delivery using fe80::1 works even if batmans
gateway selection isn't used at all
- if the batman gateway selection is active, but fe80::1
hoodfile delivery is broken in the hood, the nodes disconnect
from the hood and try to gather their hoodfile from nerby
nodes. Previously they continued to use the old hoodfile.
This should make misconfigured gateways more apparent.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds new strings to the support list for the TP-Link CPE210 v3
that are supposed to work with the existing setup.
Without it, the factory image won't be accepted by the vendor UI on
these newer revisions.
This has been merged upstream in commit 4a2380a1e778.
Backport to 19.07 is planned already, so the patch can be removed
again when we move to the next point release.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
This adds a few improvements and fixes for vxlan support.
The following two patches are already backported to openwrt-1907 and
can be dropped after bumping to the next point release:
0011-vxlan-fix-udp-checksum-control.patch
0012-vxlan-bump-and-change-to-PKG_RELEASE.patch
The other two patches won't be backported and have to be kept until
we move up to 20.xx:
0013-vxlan-remove-mandatory-peeraddr.patch
0014-vxlan-add-capability-for-multiple-fdb-entries.patch
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Tested-by: Johannes Kimmel <fff@bareminimum.eu>
The factory image can either be flashed via the vendor WebUI or
the bootloader using nmrpflash.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
mtr can be a very helpful tool when debugging unstable
networks. The tool is able to list packet loss to all
routers to a destination in a nice console-based interface.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
For the layer-3 firmware, we currently do not support a hood file
for automatically creating a mesh. However, the link for the
hood file is still created in fff-web.
Move this setup to fff-hoods, which is specific to the node firmware.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
OpenWrt only builds and installs a packet for each architecture.
If a package is already fully built and installed for a architecture,
it is not rebuilt.
Because we have two different BSPs building two different targets (BOARDs)
using the same architecture (ath79 and ar71xx, mips), the fff-network package
is not reinstalled when switching between those.
However, we have defined an install step, which copies the necessary network
files seperated by board. But because the package is not rebuilt when switching
targets, the wrong network files might be present in the package.
To resolve this issue, the network files are now seperated by ARCH instead of
the target (i.e. the BOARD variable).
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This patch moves device support for ar71xx devices that are supported
in ath79. Building them with ath79 will be the new default.
The only devices remaining in ar71xx will be the following, as backporting
them to openwrt-19.07 is too complicated:
- cpe210-v1
- cpe510-v1
Accordingly, no tiny devices are left in ar71xx and we can drop the relevant
patches, and build ar71xx as generic again.
For the tl-wr741nd-v2, in ath79 the tplink_tl-wr741-v1 image is used.
The move from ar71xx to ath79 requires some adjustments on the way:
- The board names and image names on ath79 contain the vendor name,
where the former have it separated by a comma (tplink,cpe210-v2)
and the latter use an underscore (tplink_cpe210-v2). It is
safe to assume that this is the only difference between board and
image names.
Consequently, the ath79 devices will use their full board name also
in our firmware. A lot of renames in fff-boardname can be dropped.
The rename for fff-sysupgrade is already present in fff-upgrade.sh
While at it, fix that for the WDR4900 v1 as well.
- Due to a different switch driver, the startup of ethernet devices
is altered, which leads to eth0 and eth1 being swapped for some ath79
devices compared to ar71xx. This has been adjusted for SWITCHDEV/WANDEV
and MAC address setup.
- Since we have direct support for the AC Mesh now, use the proper
name instead of the AC Lite image. For Ubiquiti, different device
variants are now available as separate images.
- Remove left-over power-m-xw entry in cpuport file
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
This patch is already included in the openwrt-19.07 branch,
so our backport can be removed when upgrading to or past
OpenWrt 19.07.4.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[adjust commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The babel interface type 'tunnel' has some disadvantageous properties for
our network.
First, babel tries to evaluate the tunnel performance using the rtt. However,
this makes the network quite unstable, as rtt might fluctuate a lot, especially
on less reliable connections (e.g. LTE). Instead of fully falling back to an alternate
route, this rtt evaluation leads to a lot of flapping routes. Additionally, rtt
evaluation changes the metric of routes quite often, which leads to many unnessessary
babel messages in our network.
Also, babeld disables split-horizon processing on 'tunnel' interfaces per default.
However, split-horizon processing can be done in our point-to-point tunnel setup without
any issues and has the advantage of significantly reduced babel messages on a link with
many uplink routes.
Therefore, wireguard babel peers now use the interface type 'wired'.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE, adjust commit title prefix]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
As we now log output of cron scripts to syslog, the debug
output of curl spams the rather short-lived syslog. As this
debug output is unessesary most of the time, it now is disabled.
Instead, curl's silent option is used, together with '-S', which
reenables error output.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
IPv4 is not a requirement for VPN nodes. However, a working DNS
is a requirement for nodes connecting via VPN. Therefore the
hardcoded IPv4 address is removed from the internet test.
To improve readability, a loop is used instead of having a seperate
ping command for each host. The ping utility built into our firmware
supports both IPv4 and IPv6.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Bump main repo, packages and routing repos.
Refresh patches, drop upstreamed ones.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The configurehood script unconditionally sources various
libraries from other packages, which previously have not
been included in the fff-hoods package dependencies.
Add the missing dependencies to fff-network, fff-wireless,
fff-timeserver and jshn.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Do not suppress errors from uci command without a reason.
While at it, remove unused sourcing of library. This is a left-over
from the transition to KeyXchangeV2.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Do not suppress errors from uci command without a reason.
Despite, remove executable bit for sourced file.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The concept of configuregateway is to respond on the return codes
of the gateway.d files, and exit if anyone returns something different
than zero.
Thus, let's not exit in gateway.d files directly, but stick to that
logic and return 1.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Move retrieval of config version, as it makes sense to check for
existance of containing file beforehand.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
We check the return code in configuregateway, so let's give success
explicitly. This might not be strictly necessary now, but providing
it will make our lifes easier if the file is changed later.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This explicitly checks whether the config version is set at all,
instead of just comparing it, and provides a specific error message
for that case.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
We provide our own error message, so suppress the built-in one.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The ath10k seems to have an issue with large frames
transmitted over 802.11s. This issue has been worked around
in ath10k-ct. The same patch has now been merged into OpenWrt.
As this might fix mesh issues with ath10k devices, it is backported
to our firmware using a build patch.
Link: 066ec97167
Link: https://github.com/greearb/ath10k-ct/issues/89
Link: 9e5ab25027
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This updates the macnocker to a newer revision,
which moves 'interface not running' log messages to
log_trace, so it only appears when the highest debugging
level is activated.
Fixes: #139
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
When adding support for the TP-Link Archer C50 v3 and TL-WR841N v13,
their CPU port provided for layer-3 setup has not been set correctly.
Do it now.
Fixes: d165915178 ("ramips/mt76x8: Add support for TP-Link Archer C50 v3")
Fixes: 9343153547 ("ramips/mt76x8: Add support for TP-Link TL-WR841N v13")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This updates the macnocker to a newer revision, which
fixes log spamming if the batman interface is not running.
Fixes: #104
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This removes unnecessary package variables and rearranges the
remaining ones based on the common style in OpenWrt trunk.
In particular, this drops PKG_VERSION in favor of PKG_SOURCE_DATE,
since it does not seem reasonable to tag a version every time we
want to pull it. Despite, while we effectively pull via the
variable PKG_SOURCE_VERSION anyway, the PKG_VERSION might even
have hidden changes if not properly adjusted.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
uci-defaults scripts are supposed to be run once after firstboot
and then removed. However, the removal only takes place if the
subshell created for the sourced scripts returns exit code 0.
For some of the files, the last command returned a different exit
code, though, leading to the script remaining in its location and
being executed for every boot.
To prevent cases like the latter, this adds an "exit 0" to all
uci-defaults files in our package store. While at it, remove the
shebang for all these files since they are sourced (and not
executed).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
So far, all output created by scripts run with micrond has been
discarded. Since there is no reason for that and it also does not
match the expected behavior, this enables both stdout and stderr
output for the service.
If not desired, a user can still use >/dev/null or similar in his/her
micrond jobs to disable output easily and similar to what it would be
on other systems.
For our firmware, this will mean that all micrond script will now
start to spam logread.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Add traffic control status and rates to alfred data, which is also
available for the Monitoring then.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
babeld is updated to 1.9.2 using a feed patch.
The new version includes fixes a few minor issues.
With babeld 1.9.2 a fix for IPv4 xroutes has been
introduced. Therefore, our own patch isn't necessary anymore,
so it is removed.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The version of batman_adv is read in a script inside fff-nodewatcher,
so it is possible that batman_adv is not installed.
Therefore, a new test is added to check if batman_adv is installed,
before reading and reporting its version.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
If a subscript exits with an exit status != 0, its output should not
be used. Because sending incomplete data sets might result in weird
edge cases, the nodewatcher is terminated and the output of other
subscripts is discarded.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Because nodewatcher is executed using a cron, but
our cron has no way to report the origin of a specific
log entry, a 'nodewatcher:' prefix is added to all debug
output.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Debug output is written to stderr now.
Therefore the output is happening in real time and
the current date and time are not necessary anymore.
Typically the date and time are added by the syslog
daemon.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Maintaining a logfile manually is complicated and
has no major improvements over just logging to stderr,
because nodewatcher is no deamon and can be run manually
for debugging purposes.
Also, the debug output from subscripts currently is not
written to the log file anyway and the debug level is not
used eiher.
Therefore, the file logging and debug level is removed
from nodewatcher, which simplifies the code a bit.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
If wireless config has changed, reload_config will automatically
adjust wireless interfaces.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This is a purely cosmetic change to enhance the readability
of the function.
Also add some empty lines and comments for overview.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
So far, nodewatcher version has to be specified twice, once in the
Makefile and again in the nodewatcher script.
With this patch, a version file is created during build than can
be read in nodewatcher script, so version only has to be specified
once anymore. The file name mimics the version files already present
for OpenWrt and our firmware.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This consolidates the code in nodewatcher.d/10-systemdata.sh by:
- Slightly reordering data retrieval
- Moving XML node assembly to corresponding data retrieval, making
the whole file easier to read
- Changing some if statements to shorter binary condition shortcuts
- Reduce the number of variables by merging some code into the XML
node assembly
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This applies some tiny improvements to just-moved nodewatcher.d code:
- Remove comments about obvious things
- Introduce newlines to make code easier to read
- Use shorter conditional syntax for easy cases
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This solves the following issues with the uci-defaults script in
fff-nodewatcher:
- Remove /bin/sh in non-executable file
- Only commit to changed config
- Use "-1" for uci node indexing, as this will be the node just
created
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This splits up the data extraction/assembly of the nodewatcher
script into several parts and distributes them across packages, so
that each nodewatcher.d subscript is located in the package providing
the relevant functionality. This allows to extend the nodewatcher data
by enabling/disabling packages.
This scheme is not perfectly fulfilled for fff-network vs. fff-wireless,
as data cannot uniquely assigned there and the XML syntax does not allow
separation anyway.
In general, this moves code without applying code improvements, yielding
at an easy comparison of moved fragments. However, the following changes
were done to improve experience:
- The function writing debug output has been renamed from "err" to "debug"
- Since we catch the stdout of the nodewatcher.d functions anyway,
those scripts were adjusted to echo output directly instead of first
writing it into a variable and then outputting it at the end.
- The uci config has been kept, but initialization for the network part
has been moved to the fff-network package.
- Space indent has been changed to tab, which is more common in the
firmware and requires less space.
- Remove support for nodewatcher run without uci config. Script-based
nodewatcher on other platforms will have altered code anyway, and
splitting it up will prevent effective use as a blueprint for those
cases. After this change, nodewatcher in firmware is supposed to be
used only for this firmware.
Note that since the nodewatcher.d scripts are evaluated by using their
echo output, having a function created uncaught output to stdout there
will corrupt the XML.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
[rebase and adjustments for current master, use simpler mechanism to
call nodewatcher.d scripts, use tab indent, remove debug() definition
where not needed, do not remove uci config, add commit message, use
echo -n]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
[remove 'local' modifier for variable not inside a function, fix typo]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
The user might create a vlan without any ports.
This setup lead to "uci: Entry not found" error messages,
while still working as intended.
The '-q' flag is added to the corresponding uci query to
hide this error. While this isn't strictly necessary, the
uci subcommand is quoted to bring it in line with the other
subcommands.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
While buildscript checks whether selected_bsp exists, it does not
verify whether it is pointing to a sensible direction.
Since we use the target file name and content to derive build folders
etc., though, this patch adds a check and exits the script if the
link is broken.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
When installing feed packages that already have been installed
from a different feed, OpenWrts feeds script does not change
the feed, but keeps the already installed package.
Therefore, packages are not updated to the correct feed on
updatefeeds, when the package is moved to a different feed
in our buildscript.
The update_feeds function already contains code to clean the already
installed feeds, but only removes the symlinks to the feed directory.
OpenWrts package installation directory (packages/feeds/*) is not
removed, however.
The 'clean' command of the scripts/feeds script properly cleans up
both directories. Hence, the 'rm' command is replaced with it.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Our checkout of the Gluon packages is from 2017. This uses a recent
version which pulls in some improvements for simple-tc.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
micrond has been accepted into the official OpenWrt package repo
and is available in the openwrt-19.07 stable branch. Use this
source instead of the Gluon packages.
During merge, a few fixes/adjustments were made, including transfer
to procd.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
We do not use this package anymore, so remove it from package
selector as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Because we nowadays only use bsp files as a wrapper for
OpenWrt targets, the machine variable got obsolete.
It's only use today is to locate the configuration folder for
a specific bsp.
Instead of explicitly defining this variable, it is now generated
from the filename of the bsp.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds vxlan support to facilitate testing future uses for vxlan.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Because we might want to support different subtargets
inside a single target in the future, the name is changed
so it includes the subtarget as well.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Flashing instructions:
The image can only be flashed via TFTP, not via WebUI.
1. Configure PC with static IP 192.168.0.66/24 and tftp server.
2. Rename "...-tftp-recovery.bin" to "tp_recovery.bin" and place
it in tftp server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
device starts downloading the file.
4. Router will download file from server, write it to flash and reboot.
ref: 24043a0d2e
Signed-off-by: Dominik Heidler <dominik@heidler.eu>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[add commit message, rebase]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This adds support for the TP-Link Archer C50 v3 and adds the
necessary mt76x8 (sub-)target to our firmare.
Flashing instructions:
The image can only be flashed via TFTP, not via WebUI.
1. Configure PC with static IP 192.168.0.66/24 and tftp server.
2. Rename "...-tftp-recovery.bin" to "tp_recovery.bin" and place it
in tftp server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
device starts downloading the file.
4. Router will download file from server, write it to flash and reboot.
ref: 14951e8f8e
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[extend commit title and add commit message, rebase]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, we are selecting specific squashfs images to be copied
from openwrt bin folder to our "final" bin directory. This has
the disadvantage that additional image types/names have to be
added explicitly, bloating the relevant code in buildscript.
With this patch, this behavior is changed in order to copy all
squashfs images for a particular device. To achieve that, the
image names in the bsp files are changed to contain a wildcard
that will be evaluated in buildscript.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
So far, the bsp for the mpc85xx target has been named "wdr4900" since
this device was the only one built from it.
Since all other files use the target name, though, use the target
name for mpc85xx as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This patch harmonizes the options in the OpenWrt .config files
across targets. Many of them have evolved somewhat independently,
and unifying them should make maintenance easier in the future.
The most important change is the consistent per-device build applied:
When building devices with OpenWrt, you have the option to either
build a default image for the (sub)target, an image for a single
device, or images for multiple devices. This is controlled by
CONFIG_TARGET_MULTI_PROFILE. In addition, the option
CONFIG_TARGET_PER_DEVICE_ROOTFS will toggle whether packages
are selected per-device or per-target.
When we build only a single device per target, setting these options
will only have minor effect. As soon as a second device is added
though, impact will be heavy, and devices may end up with no/wrong
packages.
Thus, this patch sets both options to "y" on all targets, which
essentially eliminates this problem for the future (and corresponds
to what the OpenWrt build bots do).
The only option not harmonized is the CONFIG_TARGET_SQUASHFS_BLOCK_SIZE.
All ath10k settings are target-dependent as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
On modern targets in OpenWrt, the board name follows the
"vendor,model" syntax. Since commas in file names are uncommon
and ugly, file names use the same pattern with an underscore,
"vendor_model".
Since this also applies to image file names, this patch
adjusts fff-upgrade.sh to replace the comma from board name
by an underscore for all devices. This should be possible
without harm as OpenWrt images can safely be expected to
either contain a comma in the right place or no comma at all.
It has been discussed whether the same should be applied to
the network.* files as well. However, expecting those to
be removed in the foreseeable future does make this undesirable,
as a lot of code would be inserted now and be removed again a few
months later, only to fix the name for one device.
For the same reason, we won't touch the board name replace
for the TL-WDR4900 v1 for now.
Suggested-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
OpenWrt offers two variants of ath10k driver and firmware, the
"normal" mainline/QCA variant and the "CT" variant [1]
developed as fork by Candela Technologies.
Both deviate from each other with respect to their feature set,
level of support and system impact (i.e. memory consumption).
Since the 19.07 release, OpenWrt has made the "CT" variant its
default for supporting (almost) all ath10k chips. [2]
However, for this firmware the CT driver/firmware introduces a number
of (potential) drawbacks:
- CT memory consumption seems to be higher. (This still needs to be
verified for the new kmod-ath10k-ct-smallbuffers variant.) This
is particularly a problem on several ath10k devices with 64 MB RAM,
where the devices run into OOM regularly (i.e. C60 v1/v2). [3]
- Though CT has active support, it is still just a fork effectively
maintained by one person.
- With CT driver/firmware there are frequent reports that the
combination of AP and 802.11s is not working. [4] While this issue
couldn't be reproduced in recent tests, it still is explicitly
not supported, and there is no interest to change that at the
moment. [5]
Due to these reasons, it seems more appropriate for us to use the
mainline/QCA variant of ath10k driver and firmwares. This patch
applies that to all affected devices.
Note that currently the mainline driver also benefits from a local
patch in OpenWrt that reduces the memory footprint. This patch has
been removed in master, so we will need to keep it locally when using
a 20.xx OpenWrt release. [6]
[1] https://github.com/greearb/ath10k-ct.git
[2] 61b5b4971e
[3] 1ac627024d
[4] https://github.com/freifunk-berlin/firmware/issues/696https://forum.openwrt.org/t/ath10k-ct-and-802-11s-mesh-not-working-on-archer-c7/13877
[5] https://github.com/openwrt/openwrt/pull/2341#issuecomment-580904873
[6] 1e27befe63
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Reducing the amount of squashfs fragments cached in memory might reduce
memory usage, especially for systems with very little memory and
big squashfs blocksizes.
Because only ar71xx-tiny contains 32/4 (memory/flash) devices, the
reduction of the fragment cache is only applied to the ar71xx bsp.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The ubnt-power-m-xw identifier was introduced in 0447d0c709
("fff-boardname: introduce new ubnt boards") assuming that the
Ubiquiti Powerbeam M2 XW had a separate model identifier in
/var/sysinfo/model (otherwise, it was derived from loco-m-xw image).
However, OpenWrt has never known about a PowerBeam device. Consequently,
on devices nothing changed, and all PowerBeam devices were still
recognized as Nanostation Loco M XW.
Thus, this patch removes all references to a ubnt-power-m-xw, as it's
never been working anyway.
Note that this also implies that any user of a PowerBeam would have
used the wrong antenna_gain values of the Loco M XW by default (and
will continue to do so).
However, actually the Loco M XW has never been tested or supported
officially for this firmware. The image was only used for the
support of the Powerbeam M2 XW in 68314ea943 ("Add support for
Powerbeam M2 XW"). However, since the firmware is expected to work
and seems to be installed on several devices already, we won't remove
the image for now.
For further reference:
The board and model names set in ar71xx are found in the OpenWrt file
target/linux/ar71xx/base-files/lib/ar71xx.sh
Fixes: 0447d0c709 ("fff-boardname: introduce new ubnt boards")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
User can see the fastd public key in the webui
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The suffix for Edgerouter X (SFP) have been changed
from '.tar' to '.bin'. Therefore our BSP has to be adjusted
to copy the correct file path.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Suppress error in show_info when simple-tc is not built into the
firmware.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This new packages is meant to serve as meta-package to store
setup for simple-tc.
This achieves two objectives:
- Increase general maintainability by having relevant code in one
location.
- Provide the option to include/exclude simple-tc functionality
just by selecting/deselecting the fff-simple-tc package.
This will allow for easier testing of image size impact of this
functionality, too.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The ethernet MAC addresses of the Archer C60 v1/v2 were swapped
compared to the vendor assignment. This has been fixed in OpenWrt
after 19.07.2.
Apply this to our firmware already, so we cannot forget it later
and prevent having messed-up br-mesh MAC addresses.
The OpenWrt patches can be removed again when bumping to 19.07.3.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
At the moment, the ETHMESHMAC for the TL-WR1043ND v4 is loaded from
the config partition. The data there is written by the stock firmware,
and thus is dependent on the version installed before and may even
vary in position.
Instead, this patch uses the product-info partition, which is not
modified by stock firmware.
While at it, update the sourced library files and the comment for
both v4 and v5.
ref: 53839da46e
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
In OpenWrt commit 27eea249213b ("ar71xx: fix MAC address setup for
TL-WDR4300 board") the LAN/WAN MAC addresses for the TL-WDR3600,
TL-WDR4300 and TL-WDR4310 were changed.
This creates an overlap of the LAN und 5 GHz MAC addresses, where
the first will also affect the BATMAN interface eth0.3.
To keep BATMAN interfaces with separate addresses, this patch will
set the ETHMESHMAC to eth0 +1, corresponding to the virtual WAN device
(VLAN 2) OpenWrt sets up (which we aren't using anyway).
ref: https://github.com/openwrt/openwrt/commit/27eea249213b04a372491009850926f9282d13
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
In OpenWrt commit 8a21bc36229d ("ar71xx: fix MAC addresses for
Archer C5 v1, C7 v1/v2, WDR4900 v2") the WiFi MAC addresses for
the Archer C7 v2 were changed.
This creates an overlap of the LAN und 2.4 GHz MAC addresses, where
the first will also affect the BATMAN interface eth1.3.
To keep BATMAN interfaces with separate addresses, this patch will
set the ETHMESHMAC from eth0, corresponding to the separate WAN
device we are not using in our firmware anyway.
ref: https://github.com/openwrt/openwrt/commit/8a21bc36229d3eabad213ae47fddb4d86d76ac
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The rssileds package has never been working for our firmware, and
most probably there is no way to make it work with the current
frequent status changes of WiFi interfaces.
So, the package is just wasted space on the flash, particularly for
the "tiny" TP-Link WA850RE v1. Despite, it has a dependency on
libiwinfo, which we plan to remove as well.
Consequently, this patch removes the package for all devices. As the
package is selected per-device, we also have to remove it per-device.
The choice of devices is based on which of them includes the package
in OpenWrt 19.07.2.
The script for disabling rssileds is kept as well, as the manual
removal of the package is prone to have it overlooked for newly added
devices or when OpenWrt changes the setting for existing ones.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The iwinfo utility is not used anywhere, so it can be removed.
This saves an additional xy KiB of space in the compressed binary,
which allows building our firmware with OpenWRT 19.07.2 for
non-LZMA 4 MiB flash devices.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This prepares the fff-web package for removal of the iwinfo binary.
Instead of using the 'iwinfo' wrapper, the nl80211 utility 'iw' is used
from now on, which is possible, because we only support devices with
nl80211 drivers anyway.
Because iw reports the frequency instead of the channel, and does not allow
easily parsing the mode and encryption parameters, the table is adjusted accordingly.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Previously, the squashfs blocksize has been increased to 512 bytes,
to increase compression efficiency, because the OpenWRT default blocksize
has been only 256 bytes.
Since OpenWRT 18.06 the blocksize has been increased to 1024 bytes for
devices with a small flash. Because increased blocksize gives us additional
headroom for devices with only 4 MiB flash, our own 512 byte override is removed.
The default blocksize for the other targets in our firmware is 256, which is lower
than our current override. Therefore it is not changed in this commit.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
A wpa_supplicant is not necessary for our firmware,
because it does not connect to encrypted WiFi networks.
Therefore it is possible to use the smaller hostapd-mini
instead of the combined wpad-mini packages.
Some user might use an unsupported setup, where an encrypted
wifi is used for wan uplink. This is not possible anymore.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The mac80211 interface script in OpenWrt depends on wpa_supplicant
for the creation of station interfaces. While this is conveniant, it
isn't strictly necessary for connecting to unencrypted networks.
To be able to create station interfaces if wpa_supplicant is removed,
the station interface for obtaining the initial configuration is now
created using iw commands only.
This makes it possible to replace wpad-mini with hostapd-mini, which
does not include wpa_supplicant and therefore shrinks the uncompressed
binary by around 200KiB.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This follows the changes introduced in
6a25fd5ce5
This is a result of the switch to openwrt-19.07.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[fabian@blaese.de: Rebase onto fff firmware master]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
This migrates to the new configuration architecture introduced
and required in
54af5a209e
This is a side-effect of the switch to openwrt-19.07.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[fabian@blaese.de: Rebase onto fff firmware master]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
The bsp .config only contain configuration, which differs from
the OpenWRT defaults. With OpenWRT 19.07, some defaults were
changed, so overriding them isn't necessary anymore.
This includes the switch from ath10k to ath10k-ct, which is now
default in OpenWRT. Our previous setup used the ct driver, but the
non-ct firmware for some devices. All devices are now reverted to
the OpenWRT default, which uses the ct variant for both the firmware
and the driver. According to some reports, the ct driver breaks
802.11s mesh for some devices, therefore these changes should be tested
before release if possible.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Refresh patches for main repo, packages and routing.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Bumped openwrt main repo, packages and routing to 19.07.2.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This always disables rssileds if the package is installed, and thus
saves us from specifying particular devices.
Since rssileds do not work with our concept of resetting WiFi
interfaces, we cannot use it anyway.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
To use a whitelist easily, it is necessary to make the fastd key
update-safe.
This patch saves the key to uci fff config and recovers it for
use after a firmware upgrade.
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: lemmi <lemmi@nerd2nerd.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE, rephrase commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The WiFi configuration scripts have been moved to an earlier point
in initialization sequence in c39de8f7d5 ("fff-wireless: initialize
WiFi config before setting up wXsta"), which has them run before
the script setting board name in uci config files. Since the script
setting manual antenna gain and fixing rssileds depends on having a
board name, though, the move broke this functionality.
Since the board name set up script itself does not depend on anything
else in the uci-defaults scripts, let's move this one to a relatively
early point in initialization (and save us from touching anything
else).
Fixes: c39de8f7d5 ("fff-wireless: initialize WiFi config before setting up wXsta")
Fixes: #135
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The configuregateway script calls only "apply" and not "commit".
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[commit title and message facelift, bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Previously the HT/VHT mode was detected using the output of iw phy. This
command erroneously used the $radio variable, which doesn't contain the
phy name. Therefore it doesn't work like it is supposed to.
As we don't completely configure the wifi-device sections, but only adjust
some of OpenWRTs default values, the HT/VHT detection can easily be done by
just checking if the previous mode did contain "VHT".
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
To make it easier to find the correct binary, this creates
a seperate folder for every variant and copies the binaries
appropriately.
The folder is created with "-p" to suppress errors, if it already
exists. This means the misplaced creation of the "bin"-folder inside
the build function can be ommited.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The old name "sysupgrade.sh" is easy to be confused with OpenWrt's
/sbin/sysupgrade. Rename our script to clearly indicate its
purpose.
While at it, move from /etc to /sbin, as the former is an odd location
for an executable script.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The qca9888-ct firmware is used as a device package for the
C60v1 and C60v2. It doesn't get built however, as it isn't selected
anywhere.
To be able to use the firmware, it is now configured to be built as a module.
Fixes: #129
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Previously the TP-Link Archer C7v2 was configured to use
two Switch CPU Interfaces. One for Trunk (Client + Batman), one
for WAN.
As this setup is very uncommon in our firmware at the moment and does interfere
with the automatic CPU Port setup in layer3 variant, it is converted to a single
trunk port setup just like all of the other routers with integrated managed switches.
As eth0 is now used as the switchport, this change would require to setup
a different ETHMESHMAC if mac addresses would be shared between interfaces.
The device does seems to have 4 discrete mac addresses however, so the
explicit ETHMESHMAC setting is completely removed instead.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
To make use of MCS 8 and 9 which have been introduced with
802.11ac, htmode has to be set to VHTxx.
By checking if the radio supports it, the htmode is configured
to the appropriate HT/VHT setting.
Fixes: #130
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
The script for setting up wXsta (/etc/uci-defaults/24c-fff-wXsta) runs
before the main WiFi config script (/etc/uci-defaults/60-fff-wireless),
so the wXsta config is deleted again by
config_foreach removeWifiIface wifi-iface
This moves the latter script (and another script for WiFi config)
before the wXsta setup, so the WiFi config will be set up correctly.
Fixes: #128
Fixes: 3d9eb1db2e ("fff-hoods/fff-wireless: Reconfigure instead of
delete and create")
Reported-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Some output and exit status are hidden, as they are a valid behaviour
if the device doesn't have any radios.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
The builds for all BSPs have been merged into a single OpenWRT buildroot.
A prepare between builds cleans everything that has already been built,
including host tools. Building for multiple targets therefore takes quite
a bit longer than it has to.
This removes the prepare command between builds in the buildall command.
It now behaves exactly like multiple conscutive "selectbsp, build" commands,
which speeds up the build for multiple devices a lot.
This now means, that prepare has to be executed before buildall can be used,
just like with the 'build' command.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
If no hoodfile is present or hoodfile support is not compiled
into the firmware, no upgrade path is available. This currently
is the case for layer3 variant.
A fallback to our default firmware host is added. At the moment
both variants don't have a trust anchor for TLS and the wget, that
is currently used, doesn't support TLS. Therefore it is currently
necessary to use a unencrypted http URL.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
As we now have multiple variants, the binaries on the update server
should be seperated into different directories.
To allow the firmware to decide which variant it wants to download,
the "$VARIANT/current" part is removed from the hoodfiles. Instead
it is added inside the upgrade path function in fff-hoodutils.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
This simplifies and shortens filenames quite significantly.
A rewrite script will be installed on the update servers
to allow updating routers with older firmwares.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
This also introduces a variant variable in our buildscript, as
it is necessery multiple times in the build process.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
For some reason sysupgrade seems to return exit status != 0
even on successful calls. As the binary is removed if
sysupgrade exists with a failure status, it is possible that
it got deleted while a sysupgrade has been in progress.
This removal was added to ensure that only one binary occupies
space in tmpfs (which is stored in memory) when upgrading.
If sysupgrade fails and the user starts another try, the old
binary is overwritten by moving the new one to the same location.
Therefore the removal of binaries on sysupgrade failure can be
removed completely.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
With the current OpenWrt patches, both CPE210 v2 and v3 can be
flashed with each other's images. Introduce a separate entry
in tplink_safeloader.c to prevent crossflashing.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The rssileds set up by OpenWrt cannot be used in our firmware.
Despite that those are bound to "wlan0" initially, we also cannot
change them to one of our interfaces, as the interface recreation
due to configurehood seems to break something in rssileds, causing
high load.
This patch now disables the rssileds entirely, which has been found
to be the only solution reliably solving the problem of high load
under all circumstances.
While at it, add all remaining devices with rssileds enabled in
openwrt-18.06. (When updating to openwrt-19.07, most of the ubnt
will have to be added.)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This merges the wifi.* files into a single script, which improves
overview/manageability and makes merging of cases possible.
While at it, remove suppression of errors with "-q".
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
As the originally used version string did not include
the daemons name, it is changed to versions like:
babeld-1.9.1+fff2
Signed-off-by: Fabian Bläse <fabian@blaese.de>
This introduces the pending upstream fix and a patch to change
babeld version.
This applies the naming scheme as for batman-adv:
openwrt-PKG_VERSION-PKG_REVISION
e.g. openwrt-1.9.1-2
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The build variant previously only got applied in the prepare
step. Therefore selecting a new variant for a subsequent build
without calling prepare again produced a build with a different
variant than the selected one.
As the filename and version number is evaluated in the prebuild
step, which is called on every build, the version number did use
selected variant, so the build variant did not match the variant
in the version string.
As applying the variant only causes the fff-base package to be
fully rebuilt, this step is moved into a function and also executed
in buildscripts prebuild step. It is therefore always applied when
starting a new build.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, we have meta packages and config packages for the variants
in parallel, e.g. fff-node and fff-variant-node.
Since the sole purpose of the meta packages is to define
dependencies, one can just merge them into the corresponding config
packages to reduce overhead.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
In some cases (mostly for one-port devices) IF_WAN was used
although not set, resulting in not obviously iptables error
messages like
- Bad argument `conntrack'
- Bad argument `REJECT'
Thus, check whether IF_WAN is set to something before using it.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
In OpenWrt commit 055cdab2bb22 ("uclient: add ALTERNATIVES for wget")
uclient is registered as ALTERNATIVES provider for wget. Since
the priority for busybox as provider is lowest, this overwrites
the link set for /usr/bin/wget, now pointing to uclient wget.
However, uclient wget does not support IPv6 link-local addresses,
as it's not aware of the "%" to separate address from link identifier.
To prevent wget from failing when those addresses are used, this
patch explicitly uses busybox wget.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
By running "./buildscript updatefeeds", the feeds in build dir are
recreated without touching the rest of the directory.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This removes the target variable, as it is just an alias for
builddir now.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
So far, building the firmware happens in parallel subdirectories
of "build", one for each subtarget. However, OpenWrt itself is
capable of hosting several target builds in its directory, so
there is no need for this extra separation.
This patch thus build all targets/subtargets directly in the
"build" folder.
Since most of the time during build is spent for the toolchain,
this will also significantly boost build time if more than one
target is used.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
As odhcpd is used as router advertisement server in layer3 variant,
but configurenetwork is still necessary, the dependency to fff-uradvd has
to be removed.
This is done by first checking, if the fff-uradvd service exists, before it
is restarted.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
On layer3 variant ("gateway firmware"), 60-fff-gateway.conf
changes "forwarding" for all interfaces, overwriting the
changes from 51-fff-network-$iface.conf.
By putting the WAN-specific commands after 60-fff-gateway.conf
this patch should provide the correct device-specific value
for WAN interface now.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[Rephrased commit title and added message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, if build fails, but images from last successful build are
present in OpenWrt build directory (build/bin/targets/...), those
are copied even after unsuccessful build.
This results in the old images being copied to the bin folder and
being labelled with the new firmware revision. (!)
As our error check also only looks at whether images are there,
the image copying process will look like a success.
This patch deletes old images of the target/subtarget to be built,
so that the copy-firmware step will find nothing if the build
stop to early.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
babeld filters routes before announcing them with the
redistribute filters.
Users might add unknown public subnets to the client interface,
so redistribute filters have to be generated for these addresses.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
This adds two checks:
- Does gateway config exist?
- Does gateway config version match?
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
In d9ec8edb15 ("batman-adv: Move from DEBUGFS to batctl") we
switched from deprecated DEBUGFS to batctl.
Despite debugfs, batctl seems to also have deprecated sysfs
(https://www.open-mesh.org/news/90).
This patch thus replaces a reference to iface_status by the
corresponding batctl command.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This renames two options for wireguard interfaces in
/etc/config/gateway:
public_key -> remote_public_key
private_key -> local_private_key
Signed-off-by: Alexander Gutzeit <alexander.gutzeit@web.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[adjusted commit message/title, added version bump, remove
rename for network config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
"ip" is one of the most essential tools on a gateway. At the moment
there is only one dependency to the metapackage ip from the nodewatcher,
which pulls ip-tiny. Dropping the nodewatcher causes a fallback to the
busybox built-in ip-command.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
[fabian@blaese.de: rebase onto master]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
This package adds gateway.d scripts which create
peering interfaces using wireguard.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
When the user removes a peer from /etc/config/gateway,
the script has to be able to find any leftover configurations
that have been created for it.
This can be made very easy by prepending a prefix to every
automatically generated configuration.
This also allows to remove the nasty check for the babeld default interface.
Therefore the naming check for cfg* also can be removed.
As a side effect all manually created configuration blocks that do not match a
prefix will not be touched by configuregateway.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Various things have to be done for every interface on
which babeld shall run.
Those procedures are moved into functions to reduce duplicate code.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This adds a line containing the device name and the current
firmware version to the MOTD shown after logging in via SSH, e.g.
> TP-Link TL-WR1043N/ND v2 @ jubtl9_20190320
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Previously, when configurehood switched status, all WiFi devices
were completely rewritten and all interfaces were deleted and
recreated. This is both unnecessary and ugly.
This patch redesigns WiFi setup to create all interfaces (in
parallel) initially, and then only to enable/disable them as
necessary. Where reconfiguration is necessary, only the variable
parts are changed.
Since most of the wifi-device config is already created by
OpenWrt, this builds based on the existing wifi-devices and
only removes the default wifi-ifaces.
This patch will not change the logic (codeflow) of configurehood,
but only affects how action on the WiFi devices/interfaces is
taken.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The two different names "wXmesh" and "wXibss" have no functional
purpose and are just for indication. Remove this distinction, so
mesh is just mesh.
This will make further adjustment easier and clearer.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Removing the tunneldigger, this patch is no longer needed.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[Bump PKG_RELEASE and SCRIPT_VERSION]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
It is not always necessary to add a host route for the gre peer address.
This introduces a new config option 'nohostroute' (similar to the
option introduced for wireguard in d8e2e19) to allow to disable
the creation of those routes explicitely.
This is a backport from OpenWrt master.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
OpenWrt saves additional config (and other) files included with
list_changed_conffiles in /sbin/sysupgrade.
This is only active since openwrt-18.06, since before that it was
suppressed by missing opkg.
Since we expect to only save what is in sysupgrade.conf, remove the
additional file list (and thus regain pre-openwrt-18.06
behavior).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The symbols BUSYBOX_CONFIG_WGET and
BUSYBOX_CONFIG_FEATURE_WGET_TIMEOUT are set in different
packages and do not correlate with where Busybox wget is
actually used.
This updates packages dependencies based on the current
situation.
Note that with current firmware, both two versions of wget
are installed:
/bin/wget
/usr/bin/wget
The latter is from busybox and is used as the default version.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
PKG_VERSION is meant to refer to the version of external packages,
as we do e.g. in the tunneldigger package.
For our own packages, we just need the PKG_RELEASE variable.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
[Rebased onto current state of master]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Although this tag is very old, this is how PKG_VERSION is meant
to be used.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This hasn't been used since it was replaced. Remove it.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Because DNS Forwarding is done by dnsmasq which we configure
inside the fff-dhcp package, the configuration scripts for dns
are placed in this package.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
These packages are pulled automatically by OpenWrt where needed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
We use simple-tc for traffic shaping. If those packages are
actually dependencies of other packages, they should be added
there.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Looks like we do not need this package.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
User configuration for layer3 firmware is stored in
/etc/config/gateway. To preserve this file across updates it
is added to sysupgrade.conf
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
fff-gateway is mandatory when compiling layer3 firmware.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This will prevent batman-adv packet fragmentation on 802.11s mesh.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This interface was using 1500 anyway and setting ethernet to
MTU > 1500 might not be a good idea.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langammer <rlanghammer@web.de>
When running OpenWrt master, "type <functionname>" only returns
"<functionname> is a function". Thus, to make the implementation
future-proof and since it is also working with the current state,
change the grep in execute_subshell to match "function".
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
When using IPv6 addresses (or DNS which has AAAA record) as endpoint,
add_host_dependency fails for some reason which causes the wireguard
interface to disappear.
This patch backports an option from OpenWrt master, where
host_dependency can be disabled by adding 'option nohostroute 1'
to the interface.
This is an alternate approach based on the work of Fabian Bläse.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
At the moment sysupgrade via WebUI is broken on many devices.
This is reproducible: While the (few) status messages seem
normal, the device boots again with the old firmware.
Sysupgrade via SSH always works.
The sysupgrade call in upgrade.html directly uses the path of
the uploaded firmware file as argument. From several tests and
based on caught stdout/stderr from this line, it looks like haserl
deletes the uploaded firmware file due to a hidden trigger before
or even while it is processed by sysupgrade.
The easiest way to work around that is to just rename the file
before using it as argument to sysupgrade. This will preserve the
file DURING sysupgrade. If sysupgrade fails explicitly (status
code != 0), remove the file to provide sufficient memory for
another upload.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This adds scripts to configure vlan and client network.
This also adds sysctl settings to enable forwarding.
Note:
Devices specific properties are sourced from fff-network package.
This creates a dependency on fff-boardname and fff-network.
These properties should be located elsewhere in the future.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This provides the CPUPORT which is needed for the gateway firmware.
The script is supposed to be sourced.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This adds a configuration script for applying hostname,
coordinates, hoodname and contact address.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This introduces a new script for simple gateway configuration.
The main configuregateway script is able to execute functions
for various steps like 'configure' or 'apply' from scripts in /etc/gateway.d.
This makes it easy to distribute configuration to the appropriate packages.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Since batctl can suppress headers, we do not have to count lines.
Cosmetical change.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This might reduce the chance to break devices with 32 MB RAM
during sysupgrade.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The buildscript knows two different types of patches, which are
applied to pulled-in repositories:
1. Feed patches
Those are applied as "GIT patches" to the relevant repos,
directly after those have been checked out.
They reside in subfolders of the build_patches folder, and
have to be selected individually and manually in the
buildscript.sh.
2. Build patches
Those are applied later in the process, just using the system
patch tool, and changing the $target directory.
All patches in the folder "build_patches/openwrt" are read
and applied automatically.
This is both inconsistent (two different types of patches in
the same dir) and annoying (feed patches have to be specified
by hand), especially for unexperienced developers.
This patch addresses this by:
- separating files into two dirs: build_patches and feed_patches
- automatically scanning feed patches and thus having similar
experience for the user (I cannot think of a case where we
provide a patch, but do not use it)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The debug filesystem will be deprecated and disabled by default
in newer versions of B.A.T.M.A.N.
This patch switches our code to the batctl, as recommended.
Since batctl can suppress headers, this actually makes our life
easier ...
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
When adding support for a previously-generic device, the
correct MIPS MACH has to be added. The compiled image
will lead to bootloops otherwise.
Because this might not be obvious, a note is added to the
READMEs section about supporting a new device.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In OpenWrt 18.06.2, tiny devices have increased in size so that
another packages removal is requires.
Fixes#122.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
So far, we only saw the files affected, but not the patch used.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
This fixes a typo in description and introduces a single variable
for the sysctlfile.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
This is just meant to make image names shorter.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
With this change, based on a tag "20190101" two firmwares
node-20190101
layer3-20190101
can be created based on build variant.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Currently, Makefile use a mixture of tabs and spaces with various
indents. This harmonizes all Makefiles to use tab indentation only.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Since we went on to the KeyXchangeV2, fff-vpn-select is a pure
subpackage/utility of fff-hoods. Thus, we should not manually
select it, but have it selected indirectly by fff-hoods.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Refresh patches.
This introduces backported BATMAN fixes up to v2019.0.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
tcp timestamps can improve tcp performance a lot, especially
with unstable networks like wifi.
Linux default behaviour is enabled so the tcp timestamps setting
is removed from sysctl configuration.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This Package adds a router advertisement daemon and
appropriate Freifunk Franken specific configuration for it.
The ra_default option is set to '2' to force the default flag,
even if no default route for ipv6 is present.
This is necessary, because otherwise fc00::/7 targets would be
unreachable, since odhcpd is unable to send specific routes inside a RA.
This won't affect clients ability to reach hosts which have a dual stack
connection, typical network stacks prefer IPv4 over IPv6 ULA when no
public IPv6 address is available.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Configuration of Router Advertisements is done in a seperate package.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
This device is still in PR state in OpenWrt, since ar71xx target
is deprecated and thus lacking reviewers.
It worked nicely for me anyway, so I include the current state of
the PR (has not changed for months).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
With our dynamic resetting of WiFi interfaces, the rssileds
of OpenWrt do not work correctly. This disables them as a
workaround, since they otherwise create about 20 % CPU load.
Since the MACH file for all CPE210/510 is the same, no adjustment
of the OpenWrt-tiny patch is needed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
The proxy only sends data from alfred master to the Monitoring.
It does not require the device to produce alfred-data in the
nodewatcher itself.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
The wget from busybox we are using ignores the -t option,
although it does not throw errors in the currently used version.
However, specifying the -t option in calls where it is not used
is misleading, so it should be removed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This improves the curl call by:
- Using full executable path
- Removing redundant -X POST
- Using --data-binary instead of --data
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
By using the alfred2 mechanism of the Monitoring, we get rid
of the embracing {"64":...} key-value construct.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Section title is removed because it doesn't seem to make much sense there.
Signed-off-by: Andreas Düring <gh@duering-andreas.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Signed-off-by: Andreas Düring <gh@duering-andreas.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Signed-off-by: Andreas Düring <gh@duering-andreas.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
to reflect the order in which you would call the commands.
Signed-off-by: Andreas Düring <gh@duering-andreas.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Signed-off-by: Andreas Düring <gh@duering-andreas.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Remove mentions of "selectcommunity" command and community file.
Start removing mentions of bsp which is not available.
Fix buildscript commands (there is no kernel config).
Signed-off-by: Andreas Düring <gh@duering-andreas.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
CC: kratz00@gmx.de
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
- Changed subject
- Changed curl parameters
- Added firewall rule
- Configure alfred to be master
- Add fff-nodewatcher as dep, because we use the alfred config
- Change data handling during curl to pipe
- Add newline on cron rule
Signed-off-by: Fabian Bläse <fabian@blaese.de>
- Fix alfred master mode introduced by packaging alfred
- Adjust monitoring-proxy waittime to suggestion
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This firewall blocks all communication with fe80::1 from a
Client to Batman and to the Node.
We need this because some crap devices (e.g. a wrongly
connected router on a clientport) have fe80::1 as address
and break our setup.
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
When using local hoodfile neither this nor central hoodfile
downloaded earlier should be offered to neighbours, so remove it
from the webroot.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Instead of overwriting local variable to local hoodfile location,
copy it to the commonly used location. This makes the local hoodfile
behave exactly like central hoodfiles, which prevents some border cases.
The previous behaviour mainly caused issues when using getJsonPath() and
getUpgradePath() from fff-hoodutils.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This make it easier to use new targets without subtarget.
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Based on the documentation, BLA will only help if two nodes
are connected via WiFi AND via Ethernet cable on CLIENT ports!
For a "correct" setup, e.g. WiFi and BATMAN port connection,
BLA won't have an effect.
Since the former case is possible and there are no known
drawbacks, we enable BLA.
This removes the line to disable BLA, so it will be enabled as
B.A.T.M.A.N. enables it by default.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
This shows the configured peers for fastd and L2TP.
Note that "configured" does not tell whether they are working.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
USB support is removed because of very limited flash.
This allows building for tl-mr3020 again.
USB support has no known use case for this firmware.
Most usb devices would require additional drivers anyway.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of manually overwriting basic and supported rates,
this patch makes use of a new OpenWRT option "legacy_rates",
which disables 802.11b data rates.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
So far, the Monitoring evaluates hoods based on their names.
This introduces several problems, most prominently a hood
re-creation if it is renamed at the KeyXchange.
Since we have unique hood IDs in the KeyXchange and the
Monitoring retrieves those via hoods.php, it is logical use this
information instead of relying on string comparison.
This requires the hood files to contain an additional field "id".
While this has not been implemented, the changes in this patch
will still work and just write empty data to the uci field and
alfred data.
For local hoods, the "id" in the hood file will remain unset.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
When setting up a node, router solicitations can be used to speed
up receiving router advertisements a lot. This mechanism has been
previously disabled by our custom sysctl config.
However because linux does not send router solicitations, if it
doesn't accept router advertisements, which is disabled for every
link except WAN, this option can safely be set to it's default value
for all interfaces.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Since the MacNocker was introduced, the hood information in
UCI is DELETED if the hood is lost.
If the router still successfully sends alfred data in this state,
the Monitoring will treat it as a V1 device. This is annoying,
especially since it looks like a loop.
An easy solution is to send an empty <hood> field in those cases,
as V2 routers are detected by them knowing their hood.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This sysfs option no longer exists.
The no_rebroadcast option was used as part of gluon’s
batman-adv-legacy implementation, after open-mesh decided
to not include it into batman-adv v14:
https://patchwork.open-mesh.org/patch/3434/
Our firmware has included (and enabled) it since December 2013.
With the upgrade to batman-adv v15 (pulled from openwrt-routing
then) in October 2017, the custom patch was no longer included.
It looks like open-mesh provides an equivalent built-in
solution now:
https://git.open-mesh.org/batman-adv.git/commit/a00797d8fa8fd1471e8be1ac23d506f76d866aaa
Thus, the option can be removed.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
The "ipv4" option is used to enforce using ipv4 when
using dns for fastd remotes.
However this option was incorrectly always set which
makes ipv6 connections impossible.
Because enforcing ipv4 is not necessary, this option
is removed.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Fabian Bläse <fabian@blaese.de>
This is based on the configurehood-Patch from Tim Niemeyer.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This is based on a similar patch from Tim Niemeyer.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Instead of having 1000 routers accessing the KeyXchange in the
same second, this will dilute the request within a period of
15 seconds.
Same is done for queries from gateways.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
The V2 firmware requires initialization of the WiFi interfaces
by a hood file. If a one-port (or two-port) device is isolated,
it won't get this information from other WiFi nodes (w2sta mode).
In addition, it cannot be connected to the internet, as this would
require the port to be in WAN mode. It is also not possible to
connect a client device for configuration, since WiFi is not
configured and the LAN port is in BATMAN mode.
To enable configuration of an isolated one-port/two-port device,
this patch thus changes the default port config to CLIENT, so
the user can choose the desired configuration more easily.
For two-port, we will have one port WAN and the second port
CLIENT.
Fixes#110
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Harald Thuemmler <int@bnhof.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The previous version seemed to work only for numeric data.
Fixes#113
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
nodewatcher and configurehood have both been run with */5 in micrond.
This may lead to nodewatcher accessing information just being
changed by configurehood. To prevent this, we just change the
start of configurehood, as this has no known disadvantages.
A change of the nodewatcher start would also solve the problem,
but nodewatcher is synchronized to the alfred-master and the
Monitoring.
Fixes#96.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
OpenWRT changed their structure to use sysctl.d subfiles.
The default sysctl.conf is empty and kernel.panic=3 is defined
elsewhere. Thus, we do not need sysctl.conf anymore.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
[Set PKG_RELEASE back to 1]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The syntax " -m state --state " seems to be not supported anymore.
The replace should not change behavior compared to
lede-17.01-based firmware.
Added required dependency.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Refresh patches.
Bumps batman-adv to 2018.1
This goes beyond 18.06.0 since the release contains bug which
have been fixed in the later snapshots.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
[fabian@blaese.de: Use 18.06.1 for OpenWRT and packages]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fixes: #101
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Like the network.* files, this introduces wifi.* files to set
device-specific settings.
In contrast to the former, the wifi.* settings are only run during
firstboot and only if there is a file present.
In this patch, we set the antenna gain values for the devices not
treated correctly in OpenWRT.
Side conditions:
- The script requires 50-fff-boardname and 60-fff-wireless
beforehand, so I chose 62 as number.
- The wifi command is not necessary, since after firstboot
configurehood will run "wifi" in any case
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
- Changed to base on the ubnt board names
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The vpn-select is used by fff-hoods.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Seems like the /etc/config/fff is owned by fff-config.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
By removing the reference to the hood file from vpn-select, we
remove the entire dependency from fff-hoodutils.
vpn-select will now work with any file provided, as long as
it has the correct syntax. At the moment, the only provider
is the configurehood script. Since the various hood file variants
are handled there, it seems logical that configurehood also
chooses and provides the correct hood file for vpn-select, instead
of vpn-select which had no other contact with hood file choice.
This is simple, tidy and effective.
Adjusted some comments.
Fixes#106
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
== is a bash specific alias for = , and
should not be used in #!/bin/sh scripts. Not in #!/usr/bin/haserl scripts
either, where the shell defaults to /bin/sh.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
- rebased
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
This is simpler than the previous approach and does not rely
on parsing.
This fixes:
- Interfaces being accounted for multiple times for certain
devices
- Errors when output of bridge function changes (as with the
current OpenWrt master)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This patch suppresses the messages batman writes to
the kernel log when gw_mode is changed. This is done
to avoid spamming the log with negligible messages
when gw_mode is switched frequently.
Fixes: #93
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Timestamps in hood file currently only change if changes are
made. Thus, there is no reason to remove them for comparison.
This also fixes the wrong quote characters in the script, which
changed the script in a way the timestamps aren't removed right
now anyway.
After this change, a hood reconfiguration may be triggered by
just changing the timestamp at the keyxchange.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
With this patch, changing the hood file happens in
memory, so we do not have to write on flash "frequently".
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This will copy to hoodfilewww every 5 minutes!
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
At the moment, we use the same file for detecting changes in a
new hood file and for broadcasting the hood information to be used
by mesh routers.
However, there may be situations where we don't want to broadcast
an existing hoodfile. We, on the other hand, cannot delete it
then, as we need the file for checking changes in the temporary
hoodfile.
We also cannot just switch the wXconfig state to achieve this
goal, as we need a trigger to do that (which is the same file we
are discussing about).
So, in this patch, we introduce two files, one for the checksum
comparison and one for the hood info broadcast. Those can now be
set and deleted (in a later patch) as it is required by their
respective tasks. This should also improve code clarity to the
reader ...
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
To provide data processing information for SSH access without
annoying users too much, this adds a pointer to more extensive
information to the banner displayed after login.
The referenced files then contain similar information to what
is shown in the WebUI.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This adds a first version of data processing information to the
Web UI's settings page (where the information is entered).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
According to the upstream repo, vis_mode has been removed since
batman-adv 2014.0.0.
See openwrt-routing/packages 8a66ed1.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
To reduce the number of possible corner cases
in the first keyxchangev2 release, this patch
removes the sector file with the intention to
add it back after release.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
This patch allows to modify the bs-partition on the AC Mesh.
Without the patch, the bs partition on the AC Mesh is locked
forever. This can be a problem if
a) the bs partition has not been updated correctly during initial flash
b) the sysupgrade mechanism is altered by OpenWRT in order to account for
the flip flop layout
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Occationally /proc/net/if_inet6 contains interface IDs with
three digits. In this case, the regex in wait_for_ll_address()
does not work anymore and alfred is not starting.
This patch changes the evaluation so that fields are used instead
of the mere position by counting characters.
This is a backport from openwrt-routing and can be removed when
updating to OpenWRT 18.06, but not for newer versions of 17.01.
Fixes#98.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhgammer <rlanghammer@web.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Fixes#95
This reverts commit 6cc6b4b786.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Fixes#68
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
In commit 5c1d3b1, conditions were changed so that "wifi" is called
almost every run directly before the network status (internet vs.
gateway contact vs. wXsta).
This causes strange effects configurehood and nodewatcher, which is
called at the same time.
The fix only does "wifi" if required and waits 10 sec. after that.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Fixes#83
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Just disable autoconf.
Some sysctl's are currently not available due some missing kernel
features. Maybe some day they reappear.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
The simplest and fasted way to
Fixes#72
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Code which is reused by other functionalities is put into the
fff-hoodutils package, so it can be used without including
configurehood.
This also allows setting missing dependencies of other packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This addresses a bunch of issues:
- Previously, only the presence of w2configap was checked. With
only 5 GHz, this would have caused a recreation every 5 min.
(Note that this is only valid for a 5 GHz only device, as we
always create all interfaces for disabled radios)
- The two outer if-statements are merged
- We now check for presence of wXmesh to enable wXconfigap. Although
this is no necessity (as the hood file contains the whole config)
this assumes that a disabled wXmesh means no intent of the owner
to connect to other devices on this radio.
- With the dependency of wXconfigap from wXmesh, this patch now
enables the deactivation of hood file transmitting by disabling
meshing in the hood file
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Bug 1: If devices with hidden SSID are present, the matched
SSID in the awk contains the newline (="unknown\n\t"). This
destroys the table after the sort.
Bug 2: If SSIDs contain ampersands (yes, people do that),
they are now converted to &.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
The actual calculation is done in the Monitoring.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This adds data about the clients per interface
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Since the reverted patch, device specific antenna gain is not set for some reason.
Reverting the patch in question fixes this issue.
THIS SHOULD BE ONLY CONSIDERD AS A TEMPORARY FIX UNTIL THE ISSUE IS FIXED PROPERLY!
Fixes: #85
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This is a workaround to enable alfred on routers which do not see
a configap during initial boot.
Fixes: #78
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
The AR150 seems to have the same MAC address on eth0, eth1 and
phy0. Although it is not a ONEPORT, we can use the shifted bit
like for the ONEPORT devices to get a distinct ETHMESHMAC.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Instead of using the hiddenapflag file, we can just check whether
the hood file copy used by the webserver is present. As a second
condition, we check whether the w2configap is not configured yet.
This fixes the following minor issue:
Previously, if configurehood has run once, the hiddenapflag was
set, but the configap not set up yet. If then a restart happens,
the flag is gone (/tmp), but not recreated until a change in the
hood file appears. Thus, no configap would be set up until that
point.
Since we check for a real condition now, this can't be happening.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Changes:
- Remove first line (headline) previously parsed as gateway
- Delete leading whitespaces for netif correctly (regex
"\\[" changed to "\\[ *")
- Remove netif whitespaces first, so they are not changed to
"false"
- Include trailing whitespace in regex for selection marker
- Remove useless replacement " " to " "
This is designed to support BATMAN compatibility version 14 AND 15
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
If the mac is read from /sys/class/net/${iface}/address, some
devices (WA860RE, Picostation) will not set the fdff addresses.
This can be fixed by using the $ROUTERMAC in configurenetwork.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Previously, IPv6 addresses were constructed by reading from
the device config file in the function. To have more options,
it is better to use the address itself as parameter.
By this way we can decide what we use for getting the MAC when
calling.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This is a cosmetical patch, however it does increase the overview
a lot in my opinion.
We cannot drop the special case of the two-port devices, because
we need the current setup to enable setting port mode in the Web
UI.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Add a complete hoodfile to /etc/hoodfile to use only this file
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
- Changed according to Adrian's review
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
After the remerge the LEDE git source is broken, thus we switch
to the OpenWRT sources.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This patch additional information to the nodewatcher XML:
- wlan_channel: Channel of interface (number only)
- wlan_ssid: SSID available through iw dev
- wlan_type: Type of interface (AP, mesh, IBSS)
- wlan_width: Width of frequency band (20 vs. 40 MHz, number only)
The nodewatcher file from this patch can be copied manually to
devices with older firmware.
The patch includes some comment typo fixes.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
To prevent connecting hoods, this patch loads keyxchange files
from the local network (eth0.3/eth0) before it uses the gateway.
Thus, if other files are provided via wXconfigap, they are just
ignored. If a router is connected to two hoods by cable, it will
just disable the interfaces where a second hood file is detected
and wait until the next call of configurehood.
If cable and wXmesh are different, the cable has precedence.
If two hoods are present via cable on the same eth, wXmesh has
precedence.
If two hoods are present via cable on different eth, the first
eth has precedence and all others are disabled.
If cable has precedence, wXmesh is configured with the hood
file from cable.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
The configurehood script is started at the same time for all
routers. Thus, if one router sets up its configap, another may
just go into wXsta at the very same moment. This creates a race
condition between configap setup and wXsta download.
To circumvent this, we add a sleep to the wXsta routine, so the
wXsta always comes later, but is still run every 5 minutes.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This is the correct firmware for the Unifi AC Mesh I have only
tested at Unifi AC Mesh and not at Unifi AC lite But my information
is, that both have the same Hardware
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
We need the new tunneldigger because the old broker no longer works with the current kernel.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Since we change only the network part of uci, we only need to
commit this part and not the whole config five times.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
- Rebased
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
We do not use encrypted tunnels, so we can use urandom generating the keys to prevent blocking due to low entropy.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This includes the new options introduced due to the
/etc/config/fff file into the WebUI.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Update notification is enabled by default. If required, this
allows disabling it permanently.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This implements an upgrade safe solution for the PoE passthrough
on multiple devices. Since LEDE already provides the relevant
settings, a check whether those are in place enables both
identification of affected devices and automatic deactivation
if parameters are changed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This moves the FFF configuration from
/etc/config/system to a new file /etc/config/fff. Thus,
this file can be copied as a whole during upgrade (with
compatibility provided) and then resulting values in
other files are re-set later.
This also fixes the bandwidth settings not being persistent
during upgrade. Other settings may join ...
I tried to go through all the code and update all occurrences
of the relevant system variables (looking for "system" both
in GitHub and my local src folder).
Note that a downgrade will result in loss of configuration!
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
- Rebased
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This patch introduced more detailed information about the
hood in the WebUI, i.e. channel and SSIDs.
The patch includes a reorganization of the columns.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Tested-By: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Using wifi devices makes it possible to get mac address
without having to configure wifi networks.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-By: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
- Increment package version
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
During system boot, the dependency of alfred to the bat0
interface is problematic. In some circumstances (no eth mesh
and no wifi mesh), the mesh interfaces are disabled, the
bat0 interface is removed and the station mode is entered.
Because alfred is started after the station mode (current
boot order), it doesn't start up with the missing bat0 interface.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Some JSON beautifiers put spaces between identifier and value.
This is necessary to tolerate that.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This makes use of the SWITCHDEV variable to ensure that the
correct interface is used for mac address fixing on devices,
that do not use eth0 for the switch.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Prepares a subtarget variable for cases where it is not 'generic'
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
- Rebased
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Move the variable definition to the implementation file. This is more
intuitive and the variable is not used otherwise.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
We only want to remove WiFi interfaces, not devices during
reconfiguration. This still allows for complete reconfiguration,
but does not remove device attributes like a disabled 5 GHz or
similar.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Some MAC adresses were forgotten/not updated in a previous
patch. This is fixed now.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This is based on the LEDE pull request as on 2017-10-17.
Tested successfully on device (including flashing factory
image, no TFTP).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This patch achieves multiple goals:
- Align WR841 boardnames with image names
- Fix wrong name replace in sysupgrade
- Support sysupgrade of WR841 v12
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
- Rebased
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
This adds information to the switch port overview and shows
the VLAN configuration. For some routers the port order is
provided, so the physical arrangement is resembled in the
Web UI.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This allows for more latitude when evaluating the addresses needed for br-mesh and ethmesh.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The ROUTERMAC is not set in the network.* file. This causes a problem
when the ULA addresses are set based on the br-mesh MAC. If we just
add the ROUTERMAC, everything should be fine.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This puts the code for creating IPv6 addresses from MAC
address and EUI into functions, so it can be reused.
This should be particularly helpful if code is rewritten later.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Since names may change, this puts the relevant file names for
hood files into variables, so they can be changed at once
without the risk of forgetting some occurrences.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
While the hood file is only set by the keyexchange/hood, this
introduces a local additional configuration in a second file.
This file is retrieved from the first configap we got in w2sta
mode, of which we save the fdff address to identify it later.
Thus, a router always "knows" its specific uplink, as long as
the gateway connection is stable; otherwise: reset.
The implementation is similar to the hoodfiles with a tmp
version and a copy in the /www/public. On the "section head",
the initial configuration is located in /etc/sectorfile and
distributed from there to other nodes. Syntax should be like
the node file, except that it only contains the values to be
overwritten.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This prevents setup if a channel is missing (json defective)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Since disabling 5 GHz is complicated with KeyXchange v2, we
enable it again.
This may lead to an instable device!
This reverts commit f47e046293.
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Since there is a PKG_NAME variable, there is no need to repeat
the individual package name five times.
This makes editing and particularly copying Makefiles much
easier, as only the PKG_NAME has to be changed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This fixes a missing /tmp/keyxchangev2data due to gateway
misconfiguration.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
- Added double quote around $jsonfile
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Christian Dresel <fff@chrisi01.de>
This removes all references to community.cfg except in the
buildscript and except the file itself.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is a first consolidation step which gets rid of
/tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/*
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This package connects to keyxchangev2
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
we need some little changes and copy some things to fff-hood later
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Need more parameters in wifiAddAP to add hidden AP
Need new function wifiAddSta to add a station and download hoodfile
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is not compatible with the old Batman!
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
- Fixes dnsmasq CVE-2017-13704
- Adds LED support to WA850RE v1
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Fixes: #55
This reintroduces the broken simple-tc.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Do this by applying the path within the patch function.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Changes that are relevant for us:
gluon:
update batman-adv-legacy
lede:
mbed-tls security fixes
kernel update
procd update
switch Ports on tl-wr741nd
mac address von tl-wr1043nd-v4
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Christian Dresel <fff@chrisi01.de> (auf einen 1043 v4)
Reviewed-by: Christian Dresel <fff@chrisi01.de>
In src/packages/fff/fff-wireless/files/lib/functions/fff/wireless line 26:
local radio="radio$(echo $phy | tr -d -C [0-9])"
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2060: Quote parameters to tr to prevent glob expansion.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Bug: If /tmp/run/fastd.${project}.pid is missing, the directory
/proc/ is checked instead of /proc/{something}.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This writes CLIENT/BATMAN/WAN port configurations for devices
with switches to a separate file. This file can be changed
based on the desired setup and is then preserved during
firmware upgrade. In case of a future bugfix concerning the
entries of a specific network.* file, this will still be
effective as only the port configurations reside in the
new file, while the other settings could be overwritten by
the upgrade.
For one- and two-port devices, adjustments have been made so
that their relevant settings also reside in the new file now.
This also adds a WebUI interface for setting the two-port
devices (CPE210 and CPE510).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
- Changed doc in network.mode
This only sets the switch configs if they are not set yet.
If the network.* file is edited, add FORCEPARSE=1 to apply
the changes.
Fixes#56
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
- Rebased
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewd-by: Tobias Klaus <tk+ff@meskal.net>
- added quotes
Signed-off-by: Tobias Klaus <tk+ff@meskal.net>
With git am format, it is easier to apply the patches locally.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The WR841 v12 is using the file from v11, the new file has never
been used.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
.. otherwise the applied patches are not used while generating the
openwrt config.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Displays update notification for user, but does not provide
automatic updates. Version comparison is based on string match,
so build dates are not relevant.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Michael Fritscher <fff@mifritscher.de>
This reverts commit d6f2f18e49.
The Netmon is gone, so this workaround is not needed any longer.
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
- Removed micrond dependency and rebased
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
This reads the MAC address independent of option macaddr being set
in /etc/config/network. Tested (mesh only) on AR150, CPE210,
Pico M2HP and WR841 v10.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Restricts password to A-Z, a-z, 0-9 and !#$%()*+,.:;=?@^_
Fixes#40
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fixes: #41
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fixes#30
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
deleted some trailing whitespaces
Signed-off-by: Tobias Klaus <tk+ff@meskal.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Like in the earlier patch, this suppresses the integer overflow
warning for l2tp on 32 bit systems. However, like before, the
underlying counter variable is still a 32-bit integer, so the
traffic counters will just restart at zero after reaching
2^32 bytes = 4 GiB.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Reviewed-by: Dominik Heidler <dominik@heidler.eu>
This patch adds support for the WR841N v12. For TFTP recovery, the
image name has to be wr841nv11_tp_recovery.bin (with 11, not 12)!
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Dieses Patch fügt den Support für den WR1043 v4 hinzu. Dieses Patch
baut auf den LEDE Patch auf und darf erst nach dem LEDE Patch
applied werden.
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
- This will fix the LEDs on LEDE
- We will lose the power heartbeat trigger on the LED
- We will lose the VPN signaling on the LEDs
While remove the default system config, the LEDE system now
configures wrong ntp service. We fix this by deleting these
entries in the fff-timeserver package.
If the file is already present on the devices, we need to upgrade it.
Therefore the 05-config-system-migration is now part of the fff-sysupgrade
package.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Unfortunately the sysupgrade.conf is installed by base-files. The installed file
just contains examples and will be overwritten with this.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Changes the alfred version.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
- removes e.g. dnsmasq, firewall
- needs to add some of the basic packages to fff-base
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
The error only occurs if there isn't any network connection.
Fixes#23
Also added prevention for applying empty coordinates.
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Currently it seems to be more work to fix the ip validation in
ubox project (validate/validate.c). Therefore we just validate it
as string.
Fixes#9
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Fixes#16
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Tested-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Tested-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Including fix for CVE-2016-5195 (dirtycow).
Signed-off-by: Steffen Pankratz <kratz00@gmx.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Because we want to test this tunneldigger version in order to move on
with https://github.com/wlanslovenija/firmware-packages-opkg/pull/10
Signed-off-by: Steffen Pankratz <kratz00@gmx.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Robert Langhammer rlanghammer@web.de
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
This patch massivly improves the wireless performance of CPE210
Signed-off-by: Tobias Klaus <tk+ff@meskal.net>
Tested-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
5Ghz AdHoc is not working with current ath10k driver.
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Michael Fritscher <michael@fritscher.net>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
cleaned up config files (moved commands to script)
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Tested-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Jan Kraus <mayosemmel@gmail.com>
The current broker is no longer cutting off the first character from UUID
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Steffen Pankratz <kratz00@gmx.de>
It has applied to the wrong directory, so the error was still there.
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Tested-by: Robert Langammer <rlanghammer@web.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Jan Kraus <mayosemmel@gmail.com>
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Jan Kraus <mayosemmel@gmail.com>
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Jan Kraus <mayosemmel@gmail.com>
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Jan Kraus <mayosemmel@gmail.com>
Flashing of stock firmware is different for different devices.
At least on TP-Link Images it's not working via sysupgrade.
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
Rebased to current master
Signd-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
- SC2006: Use $(..) instead of deprecated `..`
- SC2086: Double quote to prevent globbing and word splitting.
- SC2046: Quote this to prevent word splitting.
- SC2012: Use find instead of ls to better handle non-alphanumeric filenames.
- SC2004: $ on variables in (( )) is unnecessary.
- SC2016: Expressions don't expand in single quotes, use double quotes for that.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
- fixed typo in same line
Signed-off-by: Tobias Klaus <tk+ff@meskal.net>
On some devices cpuinfo returns no "system type". For that devices the
"platform" tag contains the relevant chipset information.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
- two more tabs to spaces
Signed-off-by: Tobias Klaus <tk+ff@meskal.net>
- mv /etc/network.* files to package
- mv /etc/config/network to package
- also removes the bsp specific root_file_system
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
- mtu of 1528 is enough for no fragmentation
- also some cleanups
- interface 'bat' was never needed
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Signed-off-by: Tobias Klaus <tk+ff@meskal.net>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Tested-by: Jan Kraus <mayosemmel@gmail.com>
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Changed mode of configurenetwork to 755
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
The script is only included in ar71xx builds and only executes on the
cpe210 v1.1 hardware.
It is intended to be called from /etc/rc.local.fff_userconfig since the
state of poe passthrough is reset on each reboot.
Signed-off-by: Tobias Klaus <tk+ff@meskal.net>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Tobias Klaus <tk+ff@meskal.net>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Freifunk ist eine nicht-kommerzielle Initiative für freie Funknetzwerke. Jeder Nutzer im Freifunk-Netz stellt einen günstigen WLAN-Router für sich selbst und den Datentransfer der anderen Teilnehmer zur Verfügung. Dieses Netzwerk kann von jedem genutzt werden.
Freifunk ist eine nicht-kommerzielle Initiative für freie Funknetzwerke. Jeder Nutzer im Freifunk-Netz stellt einen günstigen WLAN-Router für sich selbst und den Datentransfer der anderen Teilnehmer zur Verfügung. Dieses Netzwerk kann von jedem genutzt werden.
# Firmware selbst kompilieren
Weitere Informationen gibt es auf <https://freifunk.net/> und auf <https://wiki.freifunk-franken.de/w/Hauptseite>.
## Benutzung des Buildscripts
# Firmware selbst kompilieren
### Prerequisites
## Voraussetzungen
* `apt-get install zlib1g-dev lua5.2 build-essential unzip libncurses-dev gawk git subversion realpath libssl-dev` (Sicherlich müssen noch mehr Abhängigkeiten Installiert werden, diese Liste wird sich hoffentlich nach und nach Füllen. Ein erster Ansatzpunkt sind die Abhängigkeiten von OpenWRT selbst)
* `apt-get install zlib1g-dev lua5.2 build-essential unzip libncurses-dev gawk git subversion libssl-dev` (Sicherlich müssen noch mehr Abhängigkeiten installiert werden, diese Liste wird sich hoffentlich nach und nach füllen. Ein erster Ansatzpunkt sind die Abhängigkeiten von OpenWrt selbst)
Mit Hilfe der Community-Files werden Parameter, wie die ESSID, der Kanal sowie z.B. die Netmon-IP gesetzt. Diese Einstellungen sind Community weit einheitlich und müssen i.d.R. nicht geändert werden.
Je nachdem, für welche Hardware die Firmware gebaut werden soll, muss das BSP gewählt werden:
Ein BSP (Board-Support-Package) beschreibt, was zu tun ist, damit ein Firmware Image für eine spezielle Hardware gebaut werden kann.
Ein BSP (Board-Support-Package) beschreibt, was zu tun ist, damit ein Firmware Image für eine spezielle Hardware gebaut werden kann.
Typischerweise ist eine folgene Ordner-Struktur vorhanden:
Typischerweise besteht ein bsp aus:
* .config
* target-subtarget.bsp
* root_file_system/
* target-subtarget/.config
* etc/
* rc.local.board
* config/
* board
* network
* system
* crontabs/
* root
Die Daten des BSP werden nie alleine verwendet. Zuerst werden immer die Daten aus dem "default"-BSP zum Ziel kopiert, erst danach werden die Daten des eigentlichen BSPs dazu kopiert. Durch diesen Effekt kann ein BSP die "default" Daten überschreiben.
Die Daten des BSP werden nie alleine verwendet. Zuerst werden immer die Daten aus dem "default"-BSP zum Ziel kopiert, erst danach werden die Daten des eigentlichen BSPs dazu kopiert. Durch diesen Effekt kann ein BSP die "default" Daten überschreiben.
## Der Verwendung des Buildscripts
## Die Verwendung des Buildscripts
Das BSP file durch das Buildscript automatisch als dot-Script geladen, somit stehen dort alle Funktionen zur Verfügung.
Die BSP-Datei wird durch das Buildscript automatisch als dot-Script geladen, somit stehen dort alle Funktionen zur Verfügung.
Das Buildscript lädt ebenfalls automatisch das Community file und generiert ein dynamisches sed-Script, dies geschieht, damit die Templates mit den richtigen Werten gefüllt werden können.
Das Buildscript generiert ein dynamisches sed-Script. Dies geschieht, damit die Templates mit den richtigen Werten gefüllt werden können.
### `./buildscript selectvariant`
Hier wählt man aus ob man Node Firmware oder Layer3 Firmware bauen möchte:
* `./buildscript selectvariant [node/layer3]`
* Um die verschiedenen Varianten zu sehen, kann `./buildscript selectvariant help` ausgeführt werden.
### `./buildscript prepare`
### `./buildscript prepare`
* Sourcen werden in einen separaten src-Folder geladen, sofern diese nicht schon da sind. Zu den Sourcen zählen folgende Komponenten:
* Sourcen werden in einen separaten src-Folder geladen, sofern diese nicht schon da sind. Zu den Sourcen zählen folgende Komponenten:
* OpenWRT
* OpenWrt
* Sämtliche Packages (ggfs werden Patches angewandt)
* Sämtliche Packages (ggf. werden Patches angewandt)
* Eine OpenWrt Feed-Config wird mit dem lokalen Source Verzeichnis als Quelle angelegt
* Ein ggfs altes Target wird gelöscht
* OpenWRT wird ins Target exportiert (kopiert)
* Eine OpenWRT Feed-Config wird mit dem lokalen Source Verzeichnis als Quelle angelegt
* Die Feeds werden geladen
* Die Feeds werden geladen
* Spezielle Auswahl an Paketen wird geladen
* Spezielle Auswahl an Paketen wird geladen
* Patches werden angewandt
* Patches werden angewandt
* board_prepare() aus dem BSP wird aufgerufen (wird. z.B. fur Patches für eine bestimmte HW verwendet)
* board_prepare() aus dem BSP wird aufgerufen (wird z.B. für Patches für eine bestimmte Hardware verwendet)
### `./buildscript config openwrt`
Um das Arbeiten mit den .config-Dateien von OpenWrt zu vereinfachen, bietet das Buildscript die Möglichkeit das `menuconfig` von OpenWrt aufzurufen. Nachdem man die gewünschten Einstellungen vorgenommen hat, hat man die Möglichkeit, die frisch editierte Konfiguration in das BSP zu übernehmen.
Dieses Kommando arbeitet folgendermaßen:
* prebuild
* OpenWrt: `make menuconfig`
* Speichern, y/n?
* Config-Format vereinfachen
* Config ins BSP zurück speichern
### `./buildscript updatefeeds`
Aktualisiert die OpenWrt Feeds für zusätzliche Pakete, die in die Firmware eingebaut werden. Dabei werden die Referenzen im build/ Verzeichnis aktualisiert. Dieser Schritt wird bereits von `./buildscript prepare` übernommen, daher ist dies nur bei manuellen Änderungen der Feeds nötig.
### `./buildscript build`
### `./buildscript build`
Sollte man am besten mit Hilfe des Tools 'screen' oder ähnlichem laufen lassen um einen Abbruch des Builds bei Verbindungsproblemen oder ähnlichem zu verhindern.
* prebuild
* prebuild
* $target/files aufräumen
* $target/files aufräumen
* (In $target/files liegen Dateien, die später direkt im Ziel-Image landen)
* (In $target/files liegen Dateien, die später direkt im Ziel-Image landen)
Um das Arbeiten mit den OpenWRT .config's zu vereinfachen bietet das Buildscript die Möglichkeit die OpenWRT menuconfig und die OpenWRT kernel_menuconfig aufzurufen. Im Anschluss hat man die Möglichkeit die frisch editierten Configs in das BSP zu übernehmen.
Kann verwendet werden um für alle BSPs Firmware zu bauen. Das kann jedoch mehrere Stunden dauern.
* prebuild
* OpenWRT: `make menuconfig ; make kernel_menuconfig`
* Speichern, y/n?
* Config-Format vereinfachen
* Config ins BSP zurück speichern
## Erweiterung eines BSPs
## Erweiterung eines BSPs
Beispielhaftes Vorgehen um den WR1043V2 zu unterstützen.
Beispielhaftes Vorgehen um den WR1043V2 zu unterstützen.
Du fügst im board_postbuild ein, dass auch die Images für den wr1043v2 kopiert werden:
Du fügst die Dateinamen der Images, die zusätzlich kopiert werden sollen, in das `images`-Array ein. Hierbei können Wildcards verwendet werden, um z.B. sysupgrade.bin und ggf. meherere factory.bin Ergebnisse aus dem OpenWrt Buildverzeichnis in unser Buildverzeichnis zu kopieren.
Dann muss auf jeden Fall noch das Netzwerk richtig konfiguriert werden. Dazu muss man den Router sehr gut kennen, i.d.R. lernt man den erst beim Verwenden kennen, daher ist ein guter Startpunkt die Config vom v1 zu kopieren und erstmal zu gucken was passiert:
Dann muss auf jeden Fall noch das Netzwerk richtig konfiguriert werden. Dazu muss man den Router sehr gut kennen, i.d.R. lernt man den erst beim Verwenden kennen, daher ist ein guter Startpunkt die Config vom v1 zu kopieren und erstmal zu gucken was passiert.
Wichtig: Zur Laufzeit wird (wenn keine Anpassung in fff-boardname vorgenommen wurde) die Datei `network.$(cat /var/sysinfo/board_name)` geladen. Um den richtigen Dateinamen zu bestimmen kann zunächst ein normales OpenWrt in der gleichen Version auf den Router installiert werden; dort kan man sich dann diese Datei ansehen.
@ -109,8 +111,8 @@ Anschließend kann ein erstes Image erzeugt werden:
Jetzt gehst du n Kaffee trinken.
Jetzt gehst du n Kaffee trinken.
### Netzwerkeinstellungen korrekt setzen
### Netzwerkeinstellungen korrekt setzen
Am Ende sollte im bin/ Verzeichnis das Image für v1 und v2 liegen. Das v2 Image wird auf den Router geflasht. Achtung: Eventuell ist das Netzwerk jetzt so falsch eingestellt, dass man nicht mehr über Netzwerk auf den Router zugreifen kann. Am einfachsten ist es den Router dann über eine serielle Konsole zu verwenden. Theoretisch kann man an den unterschiedlichen LAN-Ports mit der IPv6 Link-Local aus der MAC Adresse des Geräts versuchen drauf zu kommen. Es kann auch sein, dass die IPv6 +/- 1 am Ende hat. Letztlich kann das funktionieren, ist aber aufwändig und da am LAN Einstellungen verändert werden sollen, ist die serielle Konsole das Mittel der Wahl!
Am Ende sollte im bin/ Verzeichnis unter anderem das Image für v1 und v2 liegen. Das v2 Image wird auf den Router geflasht. Achtung: Eventuell ist das Netzwerk jetzt so falsch eingestellt, dass man nicht mehr über Netzwerk auf den Router zugreifen kann. Am einfachsten ist es den Router dann über eine serielle Konsole zu verwenden. Alternativ kann aber auch der OpenWrt Failsafe Modus verwendet werden, dort werden unsere Netzwerkeinstellungen nicht angewendet. Außerdem kann man an den unterschiedlichen LAN-Ports mit der IPv6 Link-Local aus der MAC Adresse des Geräts versuchen drauf zu kommen. Es kann auch sein, dass die IPv6 +/- 1 am Ende hat. Letztlich kann das funktionieren, die serielle Konsole ist hier aber häufig einfacher!
Wenn man dann auf dem Router drauf ist, muss als erstes festgestellt werden, welches Ethernet-Device für den WAN Port zuständig ist. Mir sind da folgende Möglichkeiten bekannt. a) WAN ist eth0, b) WAN ist eth1, c) WAN ist teil vom Switch eth0. Dementsprechend wird das WANDEV auf dem Router in der /etc/network.tl-wr1043nd-v2 konfiguriert. Wenn WAN ein eigenes ethX hat, dann muss WAN_PORTS="" sein. Dann muss eingestellt werden welches Ethernet-Device an dem internen Switch angeschlossen ist (swconfig list). Dieses wird als SWITCHDEV konfiguriert. Ich glaub CLIENTIF musst nicht angepasst werden. Aber es muss noch eingestellt werden, welches Ethernet oder Wifi Device die MAC Adresse hat, die auch unter dem Gerät steht. Dieses Device wird als ROUTERMAC eingetragen. Nun ist es an der Zeit die Einstellungen zu testen, dafür muss die falsche Netzwerk-Config zurück gesetzt werden:
Wenn man dann auf dem Router drauf ist, muss als erstes festgestellt werden, welches Ethernet-Device für den WAN Port zuständig ist. Mir sind da folgende Möglichkeiten bekannt. a) WAN ist eth0, b) WAN ist eth1, c) WAN ist teil vom Switch eth0. Dementsprechend wird das WANDEV auf dem Router in der /etc/network.tl-wr1043nd-v2 konfiguriert. Wenn WAN ein eigenes ethX hat, dann muss WAN_PORTS="" sein. Dann muss eingestellt werden welches Ethernet-Device an dem internen Switch angeschlossen ist (swconfig list). Dieses wird als SWITCHDEV konfiguriert. Es muss noch eingestellt werden, welches Ethernet oder Wifi Device die MAC Adresse hat, die auch unter dem Gerät steht. Dieses Device wird als ROUTERMAC eingetragen. Nun ist es an der Zeit die Einstellungen zu testen, dafür muss die falsche Netzwerk-Config zurück gesetzt werden:
```
```
cp /rom/etc/config/network /etc/config/network
cp /rom/etc/config/network /etc/config/network
reboot
reboot
@ -124,7 +126,7 @@ reboot
```
```
### Einstellungen testen und ins BSP übernehmen
### Einstellungen testen und ins BSP übernehmen
Wenn jetzt die Ports immer noch alle korrekt funktionieren kann man die datei auf den eigenen PC kopieren:
Wenn jetzt die Ports immer noch alle korrekt funktionieren kann man die Datei auf den eigenen PC kopieren:
@ -134,3 +136,8 @@ Nun kann man mit `git status` die Änderungen sehen. Mit `git add` staged man di
### Patch schicken
### Patch schicken
Auf der Mailingliste franken-dev@freifunk.net kannst du natürlich jederzeit Fragen stellen, falls etwas nicht klar sein sollte.
Auf der Mailingliste franken-dev@freifunk.net kannst du natürlich jederzeit Fragen stellen, falls etwas nicht klar sein sollte.
## Hinzufügen von Paketen zum Image
Das Hinzufügen von Paketen sollte mit Bedacht erfolgen, da dies (bei unvorsichtiger Konfiguration) den Betrieb des Routers und eventuell des Freifunk-Netzes beeinträchtigen könnte.
Mit dem Firmware-Verzeichnis als Arbeitsverzeichnis kann mittels des Befehls `./build/<target>/scripts/feeds install <paket>` ein Paket zur menuconfig hinzugefügt werden.
Mittels des schon bekannten `./buildscript config openwrt` kann das Paket dann ausgewählt werden. Es wird beim anschließenden Build zum Image hinzugefügt.
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.