The packages rsync and python3-distutils are required for a successful
build, but missing in the prerequisites of the README. Add them.
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Use color output when the `tput` command is available.
`tput` handles terminal-dependant capabilities, so the script should
remain portable.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
This reverts commit 3e27bff731.
Removing these busybox features breaks wireless configuration in various
confusing ways. Revert this change until further analysis.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Device support is based on the patch set linked in the OpenWrt Wiki. [1][2]
The aux-loader blob is not included, as it is only required for initial
installation.
Two additional kernel patches for mvpp2 are added to allow receive
hashing to work properly in the DSA setup of the device.
[1] https://openwrt.org/toh/mikrotik/rb5009ug_s_in#installation
[2] https://paste.myconan.net/482114
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Building htop with lm-sensors support currently breaks x86_64 image
building. Disable lm-sensors support for all platforms for now, because
we are currently not including lm-sensors anyway.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
- enable persistent history, save it to tmpfs (ram)
- increase history size to 1024
- enable reverse-i search
- enable watch command
- enable top SMP command
Signed-off-by: Fabian Bläse <fabian@blaese.de>
fff-extra: feature_top_smp (apply for all targets or move to dependency!)
A bigger squashfs block size improves compression ratio. The improved
compression ratio is necessary for the Archer C60 devices (v1 + v2)
because they include large wifi drivers.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
On a typical Freifunk router, only a small subset of bird protocols
is in use. Disable unused bird protocols to save disk space.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Devices with large flash can hold more packages and tools to improve
user experience. Create an additional package which can be used to
select packages only on targets with large flash (currently >= 16 MiB).
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Babeld has been replaced with bird by default for quite some time now.
Remove babeld and all configurations scripts (fff-babeld) to reduce
image size.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Instead of fetching the complete git repositories, only download
reachable commits and trees. Anything missing will be automatically
fetched on-demand.
The blobless prepare step is about 10% faster and uses 300M less
diskspace.
Additionally the following repository options are disabled:
gc.auto:
The checkouts are short lived, garbage collection are likely never
useful
advice.detachedHead:
Disable the repeating warning message that the repositories are in a
detached state for cleaner logs.
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Add the following option to the client config section in
`/etc/config/gateway` to enable a basic stateful firewall:
```
config client
option stateful_firewall '1'
```
The firewall will forward icmp mesages and allow any outbound client
traffic and related inbound traffic.
Acked-by: Fabian Bläse <fabian@blaese.de>
OpenWrt images contain a compat_version, which is used to block upgrades
to newer versions with incompatible configuration, if the configuration
cannot be migrated.
As we maintain our own configuration and all OpenWrt configuration files
are dropped on an upgrade, this upgrade block is not required.
To simplify the upgrade process, retain the old compat_version for the
next sysupgrade release. The compat_version will then be bumped
automatically by the `05_compat-version` board.d script.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Include nftables and appropriate modules. Translate ip- and ebtables
rules to their nftables counterparts. Remove ip/ebtables and modules.
This change intentionally tries to keep structural changes at a minimum
to keep the rule translation comprehensible.
kmod-nft-bridge is not required for fff-node, because it was merged into
a single kernel module since Linux 4.17:
[1] 02c7b25e5f
[2] fbaf48387eFixes: #252
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Co-authored-by: Johannes Kimmel <fff@bareminimum.eu>
OpenWrt 22.03 introduced a generic subtarget for the octeon platform and
moved all targets without a subtarget into it. Adjust our BSP and config
to accomodate this change.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
It might be desired by the user to change the channel width of the
wireless radios. Implement a layer3 option to make channel width
configurable by the user.
Fixes: #276
Signed-off-by: Fabian Bläse <fabian@blaese.de>
When reverting configured settings, it is not an error if no temporary
directory for bird babel peers has been created.
Use rm -rf to prevent an error message and early exit of
configure-layer3 scripts.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
The flash of some devices is too small to accomodate the additional
wolfssl library, which is included by default on OpenWrt 22.03.
In the future, the currently included mbedtls library should be replaced
with wolfssl, so WPA3, OWE and 802.11s encryption can be used.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
A Linux patch which changed the kernel behavior of pci device naming
was backported to Linux 5.4, and is therefore included in OpenWrt
21.02.5.
However, the OpenWrt scripts generating the default uci configuration
were not updated to accomodate this change. Therefore, wifi interface
configuration does have various side effects on the wdr4900. Most of the
time, more than two wifi radio/interface configurations are generated,
which results in wifi not working properly (because our own
configuration layer relies on the default configuration done by
OpenWrt).
Backport a patch from OpenWrt 22.03 / master, which works around this
problem but has not been applied to the 21.02 branch.
Based on: 7f4b4c29f3 (OpenWrt)
Ref: https://github.com/openwrt/openwrt/issues/11002
Ref: https://github.com/openwrt/openwrt/pull/11005
Ref: https://github.com/openwrt/openwrt/issues/10530
Ref: https://github.com/openwrt/openwrt/pull/10554Fixes: #267
Signed-off-by: Fabian Bläse <fabian@blaese.de>
By default OpenWRT generates A and AAAA records for the routers
hostname. This might interferes with upstream records and breaks when
DNSSEC is utilized.
Therefore, disable this features.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Add support for a new SPI flash to the Linux kernel. It is required for
recent versions of the Xiaomi Mi 4A Gigabit, which utilizes this SPI
flash.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
The tool dep-tree is broken since commit "Simplify firmware variant selection"
Use the new package names for the roots of the tree to fix it.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The bird2 babel implementation has proven to be the more reliable option
over babeld, especially on low-end hardware. It has been working
flawlessly on many test installations.
Use bird2 instead of babeld, if no implementation is specified via uci.
While at it, use the automatically incrementing $(COMMITCOUNT) for
PKG_RELEASE.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Many functions of configure-layer3 terminate the program after
successful execution, as they were originally only intended for
execution of configure-layer3 commands.
However, some functions are used both for command exection, but also as
helper functions. For example, revert_changes() is used as a helper
function in test_changes(). Terminating the program at the end of the
function therefore ends the exection of test_changes() prematurely. As a
result, the test mode of configure-layer3 never reloads services after
a successful configuration revert.
Replace exit commands with appropriate function return values, which can
then be evaluated by the caller where appropriate.
While at it, add a missing return to the parameter validation in
execute_subshell().
Fixes: #256
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Support for devices with two ports was originally intended for built-in
swconfig switches with only two externally exposed ethernet ports.
With the switch from ath71xx to ath79, the only device which ever made
use of this uncommon configuration (CPE210-v1) now has to dedicated
interfaces exposed to Linux. Therefore, two-port support was modified to
support two distinct interfaces instead of swconfig switch
configuration, which also simplified support for a few other devices.
However, the Web UI has not been taken into account. Due to the way the
Web UI detected a two-port device, the already implemented port selector
is not shown.
Use the TWO_PORT variable introduced with the change mentioned above to
detect two-port devices instead.
Fixes: #257
Fixes: c22032e254 ("fff-network: support native two-port devices")
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Currently router ipv6 addresses imported via the direct protocol from
the lo interface are all filtered. This should fix it.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The stderr of batctl should be redirected.
In a row of pipes a redirection at the end will only redirect the output of the last command! Put it on the right place.
It's just shell grammar.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
The update notification has been botched into the web ui a long time
ago. It has not been overhauled ever since.
Make it at least a little bit less ugly.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
None of our current settings require a reboot to be applied. Only a
hood change is not done immediately. Therefore, the user is not required
to reboot the router after changing settings, so remove the reboot
request.
Fixes: #107
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
A full reboot is not required for changing the port mode. The port mode
is configured dynamically using configurenetwork, which can be launched
after the port mode has been changed.
Fixes: #107
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>