forked from freifunk-franken/firmware
Compare commits
12 Commits
openwrt230
...
master
Author | SHA1 | Date |
---|---|---|
Fabian Bläse | d593b1aa5e | |
Fabian Bläse | 3dc5905241 | |
Robert Langhammer | 4762825411 | |
Fabian Bläse | 1d2c835b53 | |
Fabian Bläse | 797c3ddca0 | |
Fabian Bläse | daa25fded8 | |
Fabian Bläse | 6acdc6efa1 | |
Fabian Bläse | cef7bc3c88 | |
Fabian Bläse | 86c893161f | |
Fabian Bläse | 7391ac8312 | |
Fabian Bläse | 23a3af46d2 | |
Fabian Bläse | 94c5340700 |
|
@ -4,7 +4,7 @@ clone:
|
|||
settings:
|
||||
tags: true
|
||||
|
||||
pipeline:
|
||||
steps:
|
||||
buildall-layer3:
|
||||
image: openwrtorg/imagebuilder
|
||||
commands:
|
||||
|
@ -42,4 +42,5 @@ pipeline:
|
|||
- echo "You can download the built firmware images here:"
|
||||
- echo "https://ci.fff.community/artifacts/$(git describe --tags)"
|
||||
|
||||
branches: [ master ]
|
||||
when:
|
||||
branch: [ master ]
|
||||
|
|
|
@ -4,4 +4,5 @@ images=("openwrt-${chipset}-${subtarget}-tplink_archer-c50-v3-squashfs-*"
|
|||
"openwrt-${chipset}-${subtarget}-tplink_archer-c50-v4-squashfs-*"
|
||||
"openwrt-${chipset}-${subtarget}-tplink_tl-wr841n-v13-squashfs-*"
|
||||
"openwrt-${chipset}-${subtarget}-xiaomi_mi-router-4a-100m-squashfs-*"
|
||||
"openwrt-${chipset}-${subtarget}-xiaomi_mi-router-4a-100m-intl-squashfs-*"
|
||||
)
|
||||
|
|
|
@ -12,6 +12,8 @@ CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_tplink_tl-wr841n-v13=y
|
|||
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tplink_tl-wr841n-v13=""
|
||||
CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=y
|
||||
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=""
|
||||
CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m-intl=y
|
||||
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m-intl=""
|
||||
CONFIG_BUSYBOX_CUSTOM=y
|
||||
CONFIG_TARGET_PER_DEVICE_ROOTFS=y
|
||||
# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
|
||||
|
|
|
@ -7,9 +7,9 @@ set -o pipefail
|
|||
builddir=./build
|
||||
|
||||
# OpenWrt: package hashes correspond to core repo version
|
||||
OPENWRTREV="v23.05.2"
|
||||
PACKAGEREV="8e3a1824645f5e73ec44c897ac0755c53fb4a1f8"
|
||||
ROUTINGREV="83ef3784a9092cfd0a900cc28e2ed4e13671d667"
|
||||
OPENWRTREV="v23.05.3"
|
||||
PACKAGEREV="063b2393cbc3e5aab9d2b40b2911cab1c3967c59"
|
||||
ROUTINGREV="648753932d5a7deff7f2bdb33c000018a709ad84"
|
||||
|
||||
# Gluon packages: master from 2020-02-04
|
||||
GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c"
|
||||
|
|
|
@ -82,12 +82,12 @@ babel_reload() {
|
|||
# switch implementation temporarily
|
||||
case $implementation in
|
||||
bird2)
|
||||
/etc/init.d/babeld stop 2>/dev/null
|
||||
/etc/init.d/fff-bird start
|
||||
[ -f /etc/init.d/babeld ] && /etc/init.d/babeld stop 2>/dev/null
|
||||
[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird start
|
||||
;;
|
||||
babeld)
|
||||
/etc/init.d/fff-bird stop 2>/dev/null
|
||||
/etc/init.d/babeld start
|
||||
[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird stop 2>/dev/null
|
||||
[ -f /etc/init.d/babeld ] && /etc/init.d/babeld start
|
||||
;;
|
||||
esac
|
||||
|
||||
|
@ -101,12 +101,12 @@ babel_apply() {
|
|||
# switch implementation persistently
|
||||
case $implementation in
|
||||
bird2)
|
||||
/etc/init.d/babeld disable
|
||||
/etc/init.d/fff-bird enable
|
||||
[ -f /etc/init.d/babeld ] && /etc/init.d/babeld disable
|
||||
[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird enable
|
||||
;;
|
||||
babeld)
|
||||
/etc/init.d/fff-bird disable
|
||||
/etc/init.d/babeld enable
|
||||
[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird disable
|
||||
[ -f /etc/init.d/babeld ] && /etc/init.d/babeld enable
|
||||
;;
|
||||
esac
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ define Package/fff-extra
|
|||
TITLE:=Freifunk-Franken gateway configuration
|
||||
URL:=https://www.freifunk-franken.de
|
||||
DEPENDS:=+bmon \
|
||||
+ethtool \
|
||||
+htop \
|
||||
+procps-ng \
|
||||
+procps-ng-vmstat \
|
||||
|
|
|
@ -10,7 +10,8 @@ define Package/$(PKG_NAME)
|
|||
CATEGORY:=Freifunk
|
||||
TITLE:=Freifunk-Franken firewall
|
||||
URL:=https://www.freifunk-franken.de
|
||||
DEPENDS:=+nftables
|
||||
DEPENDS:=+kmod-nft-bridge \
|
||||
+nftables
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/description
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
nft -f /etc/nftables-fff.conf
|
|
@ -7,7 +7,7 @@
|
|||
BOARD="$(uci get board.model.name)"
|
||||
|
||||
# only migrate appropriate config versions
|
||||
[ "$(uci -q get gateway.meta.config_version)" = "1" ] || exit 1
|
||||
[ "$(uci -q get gateway.meta.config_version)" = "1" ] || exit 0
|
||||
|
||||
translate_ports() {
|
||||
local vlan="$1"
|
||||
|
@ -77,3 +77,5 @@ esac
|
|||
|
||||
uci set gateway.meta.config_version='2'
|
||||
uci commit gateway
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
BOARD="$(uci get board.model.name)"
|
||||
|
||||
# only migrate appropriate config versions
|
||||
[ "$(uci -q get gateway.meta.config_version)" = "2" ] || exit 1
|
||||
[ "$(uci -q get gateway.meta.config_version)" = "2" ] || exit 0
|
||||
|
||||
translate_ports() {
|
||||
local vlan="$1"
|
||||
|
@ -74,3 +74,5 @@ esac
|
|||
|
||||
uci set gateway.meta.config_version='3'
|
||||
uci commit gateway
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -12,7 +12,8 @@ get_cpu_port() {
|
|||
tplink,tl-wr1043nd-v2|\
|
||||
tplink,tl-wr1043nd-v3|\
|
||||
tplink,tl-wr841n-v13|\
|
||||
xiaomi,mi-router-4a-100m)
|
||||
xiaomi,mi-router-4a-100m|\
|
||||
xiaomi,mi-router-4a-100m-intl)
|
||||
CPUPORT="6t"
|
||||
;;
|
||||
avm,fritzbox-4040|\
|
||||
|
|
|
@ -36,7 +36,8 @@ get_port_order() {
|
|||
tplink,cpe510-v1)
|
||||
PORTORDER="5 4"
|
||||
;;
|
||||
xiaomi,mi-router-4a-100m)
|
||||
xiaomi,mi-router-4a-100m|\
|
||||
xiaomi,mi-router-4a-100m-intl)
|
||||
PORTORDER="0 2 4"
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -48,19 +48,12 @@ for filename in $(grep 'up\|unknown' /sys/class/net/*/operstate); do
|
|||
|
||||
interface_data=$interface_data"<$iface><name>$iface</name>$addrs<traffic_rx>$traffic_rx</traffic_rx><traffic_tx>$traffic_tx</traffic_tx>"
|
||||
|
||||
interface_data=$interface_data$(iwconfig "${iface}" 2>/dev/null | awk -F':' '
|
||||
/Mode/{ split($2, m, " "); printf "<wlan_mode>"m[1]"</wlan_mode>" }
|
||||
/Cell/{ split($0, c, " "); printf "<wlan_bssid>"c[5]"</wlan_bssid>" }
|
||||
/ESSID/ { split($0, e, "\""); printf "<wlan_essid>"e[2]"</wlan_essid>" }
|
||||
/Freq/{ split($3, f, " "); printf "<wlan_frequency>"f[1]f[2]"</wlan_frequency>" }
|
||||
/Tx-Power/{ split($0, p, "="); sub(/[[:space:]]*$/, "", p[2]); printf "<wlan_tx_power>"p[2]"</wlan_tx_power>" }
|
||||
')
|
||||
|
||||
interface_data=$interface_data$(iw dev "${iface}" info 2>/dev/null | awk '
|
||||
/ssid/{ split($0, s, " "); printf "<wlan_ssid>"s[2]"</wlan_ssid>" }
|
||||
/type/ { split($0, t, " "); printf "<wlan_type>"t[2]"</wlan_type>" }
|
||||
/channel/{ split($0, c, " "); printf "<wlan_channel>"c[2]"</wlan_channel>" }
|
||||
/width/{ split($0, w, ": "); sub(/ .*/, "", w[2]); printf "<wlan_width>"w[2]"</wlan_width>" }
|
||||
/txpower/{ sub(/\.../, "", $2); print "<wlan_tx_power>"$2" dBm</wlan_tx_power>" }
|
||||
')
|
||||
|
||||
interface_data=$interface_data"</$iface>"
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
. /lib/functions/fff/network
|
||||
|
||||
WANDEV=eth0
|
||||
SWITCHDEV=eth0
|
||||
CLIENT_PORTS="6t 4"
|
||||
WAN_PORTS="6t 0"
|
||||
BATMAN_PORTS="6t 2"
|
|
@ -4,7 +4,7 @@ table bridge filter {
|
|||
# vom Gateway (also vom BATMAN) kommen darf.
|
||||
chain IN_ONLY {
|
||||
# -i ! bat0 --logical-in br-client -j DROP
|
||||
iifname != "bat0" counter drop
|
||||
iifname != "bat0" ibrname "br-client" counter drop
|
||||
counter
|
||||
}
|
||||
|
||||
|
@ -12,7 +12,7 @@ table bridge filter {
|
|||
# in Richtung Gateway (also ins BATMAN) gesendet werden darf.
|
||||
chain OUT_ONLY {
|
||||
# --logical-out br-client -o ! bat0 -j DROP
|
||||
oifname != "bat0" counter drop
|
||||
oifname != "bat0" obrname "br-client" counter drop
|
||||
counter
|
||||
}
|
||||
|
||||
|
@ -24,21 +24,21 @@ table bridge filter {
|
|||
type filter hook input priority filter; policy accept;
|
||||
|
||||
# -d Multicast -i ! bat0 --logical-in br-client -j ACCEPT
|
||||
iifname != "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter packets 0 bytes 0 accept
|
||||
iifname != "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 ibrname "br-client" counter packets 0 bytes 0 accept
|
||||
}
|
||||
|
||||
chain FORWARD {
|
||||
type filter hook forward priority filter; policy accept;
|
||||
|
||||
# -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
|
||||
oifname "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter packets 0 bytes 0 jump MULTICAST_OUT
|
||||
oifname "bat0" obrname "br-client" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter packets 0 bytes 0 jump MULTICAST_OUT
|
||||
}
|
||||
|
||||
chain OUTPUT {
|
||||
type filter hook output priority filter; policy accept;
|
||||
|
||||
# -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
|
||||
oifname "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter jump MULTICAST_OUT
|
||||
oifname "bat0" obrname "br-client" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter jump MULTICAST_OUT
|
||||
}
|
||||
}
|
||||
__EOF
|
||||
|
|
|
@ -4,27 +4,27 @@ table bridge filter {
|
|||
# No input from/to local node ip from batman
|
||||
|
||||
# -p IPv6 -i bat0 --logical-in br-client --ip6-src fdff::1 -j DROP
|
||||
iifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
|
||||
iifname "bat0" ibrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
|
||||
# -p IPv6 -i bat0 --logical-in br-client --ip6-dst fdff::1 -j DROP
|
||||
iifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
|
||||
iifname "bat0" ibrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
|
||||
}
|
||||
|
||||
chain FORWARD {
|
||||
# Do not forward local node ip
|
||||
|
||||
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
|
||||
oifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
|
||||
oifname "bat0" obrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
|
||||
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
|
||||
oifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
|
||||
oifname "bat0" obrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
|
||||
}
|
||||
|
||||
chain OUTPUT {
|
||||
# Do not output local node ip to batman
|
||||
|
||||
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
|
||||
oifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
|
||||
oifname "bat0" obrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
|
||||
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
|
||||
oifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
|
||||
oifname "bat0" obrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
|
||||
}
|
||||
}
|
||||
__EOF
|
||||
|
|
|
@ -4,8 +4,6 @@
|
|||
START=96
|
||||
boot() {
|
||||
LOCALCONFIGSCRIPT="/etc/rc.local.fff_userconfig"
|
||||
#add LOCALCONFIGSCRIPT to sysupgrade regardless if it already exists or not to prevent data loss
|
||||
grep -q ^"${LOCALCONFIGSCRIPT}"$ /etc/sysupgrade.conf || echo "$LOCALCONFIGSCRIPT" >> /etc/sysupgrade.conf
|
||||
|
||||
# process user commands
|
||||
[ -f "${LOCALCONFIGSCRIPT}" ] && {
|
||||
|
|
|
@ -12,6 +12,8 @@ cat > /etc/sysupgrade.conf <<-__EOF__
|
|||
/etc/config/fff
|
||||
/etc/config/gateway
|
||||
/etc/hoodfile
|
||||
/etc/nftables-fff.conf
|
||||
/etc/rc.local.fff_userconfig
|
||||
__EOF__
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/sh /etc/rc.common
|
||||
|
||||
START=99
|
||||
|
||||
boot() {
|
||||
# first we disable the init.d
|
||||
/etc/init.d/fff-wireless-update disable
|
||||
# we must delete the symlink manually
|
||||
rm -f /etc/rc.d/S99fff-wireless-update
|
||||
|
||||
# Starting with OpenWrt 23.05, reload_config does not
|
||||
# properly start the wifi access point on some devices.
|
||||
# This seems to be an issue with the reloading of hostapd,
|
||||
# which throws errors, but does not restart hostapd.
|
||||
# see https://git.freifunk-franken.de/freifunk-franken/firmware/issues/319
|
||||
#
|
||||
# workaround: manually restart wifi completely
|
||||
# after any automatic post-update configuration (fff-layer3-config, ...)
|
||||
sleep 20
|
||||
wifi
|
||||
}
|
Loading…
Reference in New Issue