Include nftables and appropriate modules. Translate ip- and ebtables
rules to their nftables counterparts. Remove ip/ebtables and modules.
This change intentionally tries to keep structural changes at a minimum
to keep the rule translation comprehensible.
kmod-nft-bridge is not required for fff-node, because it was merged into
a single kernel module since Linux 4.17:
[1] 02c7b25e5f
[2] fbaf48387eFixes: #252
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Co-authored-by: Johannes Kimmel <fff@bareminimum.eu>
The name br-mesh is actually quite misleading, since the bridge
actually includes the "client" interfaces. In order to make this
obvious, and to prevent confusion with the properly named wXmesh
interfaces, rename them to br-client.
Note that br-mesh is also particularly disturbing for the layer 3
firmware without batman-adv.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
The mac80211 interface script in OpenWrt depends on wpa_supplicant
for the creation of station interfaces. While this is conveniant, it
isn't strictly necessary for connecting to unencrypted networks.
To be able to create station interfaces if wpa_supplicant is removed,
the station interface for obtaining the initial configuration is now
created using iw commands only.
This makes it possible to replace wpad-mini with hostapd-mini, which
does not include wpa_supplicant and therefore shrinks the uncompressed
binary by around 200KiB.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In OpenWrt commit 055cdab2bb22 ("uclient: add ALTERNATIVES for wget")
uclient is registered as ALTERNATIVES provider for wget. Since
the priority for busybox as provider is lowest, this overwrites
the link set for /usr/bin/wget, now pointing to uclient wget.
However, uclient wget does not support IPv6 link-local addresses,
as it's not aware of the "%" to separate address from link identifier.
To prevent wget from failing when those addresses are used, this
patch explicitly uses busybox wget.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Previously, when configurehood switched status, all WiFi devices
were completely rewritten and all interfaces were deleted and
recreated. This is both unnecessary and ugly.
This patch redesigns WiFi setup to create all interfaces (in
parallel) initially, and then only to enable/disable them as
necessary. Where reconfiguration is necessary, only the variable
parts are changed.
Since most of the wifi-device config is already created by
OpenWrt, this builds based on the existing wifi-devices and
only removes the default wifi-ifaces.
This patch will not change the logic (codeflow) of configurehood,
but only affects how action on the WiFi devices/interfaces is
taken.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The wget from busybox we are using ignores the -t option,
although it does not throw errors in the currently used version.
However, specifying the -t option in calls where it is not used
is misleading, so it should be removed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
This firewall blocks all communication with fe80::1 from a
Client to Batman and to the Node.
We need this because some crap devices (e.g. a wrongly
connected router on a clientport) have fe80::1 as address
and break our setup.
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of having 1000 routers accessing the KeyXchange in the
same second, this will dilute the request within a period of
15 seconds.
Same is done for queries from gateways.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
nodewatcher and configurehood have both been run with */5 in micrond.
This may lead to nodewatcher accessing information just being
changed by configurehood. To prevent this, we just change the
start of configurehood, as this has no known disadvantages.
A change of the nodewatcher start would also solve the problem,
but nodewatcher is synchronized to the alfred-master and the
Monitoring.
Fixes#96.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
== is a bash specific alias for = , and
should not be used in #!/bin/sh scripts. Not in #!/usr/bin/haserl scripts
either, where the shell defaults to /bin/sh.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
- rebased
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
This package connects to keyxchangev2
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>