forked from freifunk-franken/firmware
Restructuring firmware direkctories, work in progress!
This commit is contained in:
commit
4092c53558
1384
build_configuration/.config_default
Normal file
1384
build_configuration/.config_default
Normal file
File diff suppressed because it is too large
Load Diff
3002
build_configuration/Atheros_AR231x_AR5312/.config
Normal file
3002
build_configuration/Atheros_AR231x_AR5312/.config
Normal file
File diff suppressed because it is too large
Load Diff
3331
build_configuration/Broadcom_BCM947xx_953xx_adhoc/.config
Normal file
3331
build_configuration/Broadcom_BCM947xx_953xx_adhoc/.config
Normal file
File diff suppressed because it is too large
Load Diff
3255
build_configuration/Broadcom_BCM947xx_953xx_ap/.config
Normal file
3255
build_configuration/Broadcom_BCM947xx_953xx_ap/.config
Normal file
File diff suppressed because it is too large
Load Diff
13
build_patches/batman_advanced/Config.in
Normal file
13
build_patches/batman_advanced/Config.in
Normal file
|
@ -0,0 +1,13 @@
|
|||
|
||||
config KMOD_BATMAN_ADV_DEBUG_LOG
|
||||
bool "enable verbose debug logging"
|
||||
depends PACKAGE_kmod-batman-adv
|
||||
default n
|
||||
config KMOD_BATMAN_ADV_BATCTL
|
||||
bool "enable batctl"
|
||||
depends PACKAGE_kmod-batman-adv
|
||||
default y
|
||||
help
|
||||
batctl is a more intuitive managment utility for B.A.T.M.A.N.-Advanced.
|
||||
It is an easier method for configuring batman-adv and
|
||||
provides some additional tools for debugging as well.
|
106
build_patches/batman_advanced/Makefile
Normal file
106
build_patches/batman_advanced/Makefile
Normal file
|
@ -0,0 +1,106 @@
|
|||
#
|
||||
# Copyright (C) 2010 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
#
|
||||
# $Id: Makefile 5624 2006-11-23 00:29:07Z nbd $
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=batman-adv
|
||||
|
||||
PKG_VERSION:=2010.2.0
|
||||
PKG_MD5SUM:=c233f06bd94432d7697ad78241e8bdd6
|
||||
BATCTL_MD5SUM:=f16d7332576c7b4fc9f8a37add235225
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=http://downloads.open-mesh.org/batman/releases/batman-adv-$(PKG_VERSION)
|
||||
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
PKG_TOOL_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/batctl-$(PKG_VERSION)
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
include $(INCLUDE_DIR)/kernel.mk
|
||||
|
||||
define KernelPackage/batman-adv
|
||||
URL:=http://www.open-mesh.org/
|
||||
MAINTAINER:=Marek Lindner <lindner_marek@yahoo.de>
|
||||
SUBMENU:=Network Support
|
||||
DEPENDS:=@!LINUX_2_4
|
||||
TITLE:=B.A.T.M.A.N. Adv
|
||||
FILES:=$(PKG_BUILD_DIR)/batman-adv.$(LINUX_KMOD_SUFFIX)
|
||||
AUTOLOAD:=$(call AutoLoad,50,batman-adv)
|
||||
endef
|
||||
|
||||
define KernelPackage/batman-adv/description
|
||||
B.A.T.M.A.N. advanced is a kernel module which allows to
|
||||
build layer 2 mesh networks. This package contains the
|
||||
version $(PKG_VERSION) of the kernel module plus its user space
|
||||
configuration & managerment tool batctl.
|
||||
endef
|
||||
|
||||
define KernelPackage/batman-adv/config
|
||||
source "$(SOURCE)/Config.in"
|
||||
endef
|
||||
|
||||
MAKE_BATMAN_ADV_ARGS += \
|
||||
CROSS_COMPILE="$(TARGET_CROSS)" \
|
||||
ARCH="$(LINUX_KARCH)" \
|
||||
PATH="$(TARGET_PATH)" \
|
||||
$(if $(CONFIG_KMOD_BATMAN_ADV_DEBUG_LOG),EXTRA_CFLAGS="-DCONFIG_BATMAN_ADV_DEBUG") \
|
||||
SUBDIRS="$(PKG_BUILD_DIR)" \
|
||||
LINUX_VERSION="$(LINUX_VERSION)" \
|
||||
REVISION="" modules
|
||||
|
||||
MAKE_BATCTL_ARGS += \
|
||||
CFLAGS="$(TARGET_CFLAGS)" \
|
||||
CCFLAGS="$(TARGET_CFLAGS)" \
|
||||
OFLAGS="$(TARGET_CFLAGS)" \
|
||||
REVISION="" \
|
||||
CC="$(TARGET_CC)" \
|
||||
NODEBUG=1 \
|
||||
UNAME="Linux" \
|
||||
INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \
|
||||
STRIP="/bin/true" \
|
||||
batctl install
|
||||
|
||||
ifneq ($(DEVELOPER)$(CONFIG_KMOD_BATMAN_ADV_BATCTL),)
|
||||
define Download/batctl
|
||||
FILE:=batctl-$(PKG_VERSION).tar.gz
|
||||
URL:=$(PKG_SOURCE_URL)
|
||||
MD5SUM:=$(BATCTL_MD5SUM)
|
||||
endef
|
||||
$(eval $(call Download,batctl))
|
||||
|
||||
BUILD_BATCTL = $(MAKE) -C $(PKG_TOOL_BUILD_DIR) $(MAKE_BATCTL_ARGS)
|
||||
endif
|
||||
|
||||
define Build/Compile
|
||||
tar xzf "$(DL_DIR)/batctl-$(PKG_VERSION).tar.gz" -C "$(BUILD_DIR)/$(PKG_NAME)"
|
||||
cp $(PKG_BUILD_DIR)/Makefile.kbuild $(PKG_BUILD_DIR)/Makefile
|
||||
$(MAKE) -C "$(LINUX_DIR)" $(MAKE_BATMAN_ADV_ARGS)
|
||||
$(BUILD_BATCTL)
|
||||
endef
|
||||
|
||||
define Build/Clean
|
||||
rm -rf $(BUILD_DIR)/$(PKG_NAME)/
|
||||
endef
|
||||
|
||||
ifneq ($(DEVELOPER)$(CONFIG_KMOD_BATMAN_ADV_BATCTL),)
|
||||
define KernelPackage/batman-adv/install
|
||||
$(INSTALL_DIR) $(1)/etc/config $(1)/etc/init.d
|
||||
$(INSTALL_BIN) ./files/etc/init.d/batman-adv $(1)/etc/init.d
|
||||
$(INSTALL_DATA) ./files/etc/config/batman-adv $(1)/etc/config
|
||||
$(INSTALL_DIR) $(1)/usr/sbin
|
||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/batctl $(1)/usr/sbin/
|
||||
endef
|
||||
else
|
||||
define KernelPackage/batman-adv/install
|
||||
$(INSTALL_DIR) $(1)/etc/config $(1)/etc/init.d
|
||||
$(INSTALL_BIN) ./files/etc/init.d/batman-adv $(1)/etc/init.d
|
||||
$(INSTALL_DATA) ./files/etc/config/batman-adv $(1)/etc/config
|
||||
endef
|
||||
endif
|
||||
|
||||
$(eval $(call KernelPackage,batman-adv))
|
|
@ -0,0 +1,9 @@
|
|||
|
||||
config 'mesh' 'bat0'
|
||||
option 'interfaces' 'wlan0'
|
||||
option 'orig_interval'
|
||||
option 'log_level'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'vis_mode'
|
102
build_patches/batman_advanced/files/etc/init.d/batman-adv
Normal file
102
build_patches/batman_advanced/files/etc/init.d/batman-adv
Normal file
|
@ -0,0 +1,102 @@
|
|||
#!/bin/sh /etc/rc.common
|
||||
START=90
|
||||
|
||||
is_module_loaded() {
|
||||
|
||||
if [ ! -d "/sys/module/batman_adv" ]; then
|
||||
echo "batman-adv module directory not found - was the kernel module loaded ?" >&2
|
||||
return 0
|
||||
fi
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
start_mesh () {
|
||||
local meshif="$1"
|
||||
local interfaces orig_interval log_level aggregated_ogms bonding fragmentation vis_mode
|
||||
|
||||
is_module_loaded
|
||||
[ $? -ne 1 ] && return
|
||||
|
||||
config_get interfaces "$meshif" interfaces
|
||||
config_get orig_interval "$meshif" orig_interval
|
||||
config_get log_level "$meshif" log_level
|
||||
config_get aggregated_ogms "$meshif" aggregated_ogms
|
||||
config_get bonding "$meshif" bonding
|
||||
config_get fragmentation "$meshif" fragmentation
|
||||
config_get vis_mode "$meshif" vis_mode
|
||||
|
||||
if [ "$interfaces" = "" ]; then
|
||||
echo Error, you must specify at least a network interface
|
||||
return
|
||||
fi
|
||||
|
||||
for interface in $interfaces
|
||||
do
|
||||
[ ! -f "/sys/class/net/$interface/batman_adv/mesh_iface" ] && echo "Can't add interface $interface - ignoring" && continue
|
||||
echo $meshif > /sys/class/net/$interface/batman_adv/mesh_iface
|
||||
done
|
||||
|
||||
if [ $orig_interval ]; then
|
||||
echo $orig_interval > /sys/class/net/$meshif/mesh/orig_interval
|
||||
fi
|
||||
|
||||
if [ $log_level ]; then
|
||||
echo $log_level > /sys/class/net/$meshif/mesh/log_level 2>&-
|
||||
fi
|
||||
|
||||
if [ $aggregated_ogms ]; then
|
||||
echo $aggregated_ogms > /sys/class/net/$meshif/mesh/aggregated_ogms
|
||||
fi
|
||||
|
||||
if [ $bonding ]; then
|
||||
echo $bonding > /sys/class/net/$meshif/mesh/bonding
|
||||
fi
|
||||
|
||||
if [ $fragmentation ]; then
|
||||
echo $fragmentation > /sys/class/net/$meshif/mesh/fragmentation
|
||||
fi
|
||||
|
||||
if [ $vis_mode ]; then
|
||||
echo $vis_mode > /sys/class/net/$meshif/mesh/vis_mode
|
||||
fi
|
||||
}
|
||||
|
||||
stop_mesh() {
|
||||
local meshif="$1"
|
||||
|
||||
is_module_loaded
|
||||
[ $? -ne 1 ] && return
|
||||
|
||||
for iface in $(ls /sys/class/net/*)
|
||||
do
|
||||
[ ! -f "$iface/batman_adv/mesh_iface" ] && continue
|
||||
[ "$(head -1 $iface/batman_adv/mesh_iface)" != "status: $meshif" ] && continue
|
||||
|
||||
echo "none" > $iface/batman_adv/mesh_iface
|
||||
done
|
||||
}
|
||||
|
||||
# can also be used with "batman-adv start bat0"
|
||||
start() {
|
||||
config_load batman-adv
|
||||
|
||||
if [ -n "$1" ]; then
|
||||
start_mesh $1
|
||||
else
|
||||
config_foreach start_mesh mesh
|
||||
fi
|
||||
}
|
||||
|
||||
# can also be used with "batman-adv stop bat0"
|
||||
stop () {
|
||||
config_load batman-adv
|
||||
|
||||
if [ -n "$1" ]; then
|
||||
stop_mesh $1
|
||||
else
|
||||
config_foreach stop_mesh mesh
|
||||
fi
|
||||
}
|
||||
|
||||
|
9
root_file_system/default/etc/banner
Normal file
9
root_file_system/default/etc/banner
Normal file
|
@ -0,0 +1,9 @@
|
|||
____ ____ _______
|
||||
| | | | | Freifunk
|
||||
|____ |____ | _ | | Oldenburg
|
||||
| | | | | Firmware
|
||||
| | |_______| |_____________
|
||||
|
||||
Welcome to the free wireless experience
|
||||
For more information take a look at http://freifunk-ol.de
|
||||
---------------------------------------------------------
|
20
root_file_system/default/etc/bat-hosts
Normal file
20
root_file_system/default/etc/bat-hosts
Normal file
|
@ -0,0 +1,20 @@
|
|||
06:21:91:2c:f3:09 Batman_TimWZ
|
||||
00:21:91:2c:f3:09 Node_TimWZ
|
||||
06:1e:58:c7:07:e5 Batman_TimKU
|
||||
00:1e:58:c7:07:e5 Node_TimKU
|
||||
06:22:b0:98:70:df Batman_FreWZ
|
||||
00:22:b0:98:70:df Node_FreWZ
|
||||
06:1e:58:b9:d4:39 Batman_FreKU
|
||||
00:1e:58:b9:d4:39 Node_FreKU
|
||||
06:18:84:80:83:8d Batman_BjoFON
|
||||
00:18:84:80:83:8d Node_BjoFON
|
||||
06:22:B0:96:7C:D7 Batman_BjoDIR
|
||||
00:22:B0:96:7C:D7 Node_BjoDIR
|
||||
06:18:84:81:73:21 Batman_BjoBalk
|
||||
00:18:84:81:73:21 Node_BjoBalk
|
||||
0A:24:01:17:B7:55 Batman_floh1111_dir300
|
||||
00:24:01:17:B7:55 Node_floh1111_dir300
|
||||
00:13:e8:ab:47:49 Client_RedLap
|
||||
1c:4b:d6:b8:17:dc Client_Freddy
|
||||
00:16:6F:47:51:AA Client_floh1111
|
||||
00:80:48:3b:ab:0e Client_Bjo
|
8
root_file_system/default/etc/config_dir300/batman-adv
Normal file
8
root_file_system/default/etc/config_dir300/batman-adv
Normal file
|
@ -0,0 +1,8 @@
|
|||
config 'mesh' 'bat0'
|
||||
option 'interfaces' 'ath1'
|
||||
option 'orig_interval'
|
||||
option 'log_level'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'vis_mode'
|
33
root_file_system/default/etc/config_dir300/dhcp
Normal file
33
root_file_system/default/etc/config_dir300/dhcp
Normal file
|
@ -0,0 +1,33 @@
|
|||
config dnsmasq
|
||||
option domainneeded 1
|
||||
option boguspriv 1
|
||||
option filterwin2k '0' #enable for dial on demand
|
||||
option localise_queries 1
|
||||
option local '/lan/'
|
||||
option domain 'lan'
|
||||
option expandhosts 1
|
||||
option nonegcache 0
|
||||
option authoritative 0
|
||||
option readethers 1
|
||||
option leasefile '/tmp/dhcp.leases'
|
||||
option resolvfile '/tmp/resolv.conf.auto'
|
||||
#list server '/mycompany.local/1.2.3.4'
|
||||
#option nonwildcard 1
|
||||
#list interface br-lan
|
||||
#list notinterface lo
|
||||
|
||||
#config dhcp mesh
|
||||
# option interface mesh
|
||||
# option start X.10
|
||||
# option limit 100
|
||||
# option leasetime 6h
|
||||
|
||||
config dhcp lan
|
||||
option interface lan
|
||||
option start 100
|
||||
option limit 150
|
||||
option leasetime 12h
|
||||
|
||||
config dhcp wan
|
||||
option interface wan
|
||||
option ignore 1
|
4
root_file_system/default/etc/config_dir300/dropbear
Normal file
4
root_file_system/default/etc/config_dir300/dropbear
Normal file
|
@ -0,0 +1,4 @@
|
|||
config dropbear
|
||||
option PasswordAuth 'on'
|
||||
option Port '22'
|
||||
# option BannerFile '/etc/banner'
|
96
root_file_system/default/etc/config_dir300/firewall
Normal file
96
root_file_system/default/etc/config_dir300/firewall
Normal file
|
@ -0,0 +1,96 @@
|
|||
config defaults
|
||||
option syn_flood 1
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name lan
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name wan
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
option masq 1
|
||||
option mtu_fix 1
|
||||
|
||||
config forwarding
|
||||
option src lan
|
||||
option dest wan
|
||||
|
||||
# We need to accept udp packets on port 68,
|
||||
# see https://dev.openwrt.org/ticket/4108
|
||||
config rule
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 68
|
||||
option target ACCEPT
|
||||
|
||||
#Allow ping
|
||||
config rule
|
||||
option src wan
|
||||
option proto icmp
|
||||
option icmp_type echo-request
|
||||
option target ACCEPT
|
||||
|
||||
# include a file with users custom iptables rules
|
||||
config include
|
||||
option path /etc/firewall.user
|
||||
|
||||
|
||||
### EXAMPLE CONFIG SECTIONS
|
||||
# do not allow a specific ip to access wan
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option dest wan
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
# block a specific mac on wan
|
||||
#config rule
|
||||
# option dest wan
|
||||
# option src_mac 00:11:22:33:44:66
|
||||
# option target REJECT
|
||||
|
||||
# block incoming ICMP traffic on a zone
|
||||
#config rule
|
||||
# option src lan
|
||||
# option proto ICMP
|
||||
# option target DROP
|
||||
|
||||
# port redirect port coming in on wan to lan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 80
|
||||
# option dest lan
|
||||
# option dest_ip 192.168.16.235
|
||||
# option dest_port 80
|
||||
# option proto tcp
|
||||
|
||||
|
||||
### FULL CONFIG SECTIONS
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 80
|
||||
# option dest wan
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
#config redirect
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 1024
|
||||
# option src_dport 80
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
37
root_file_system/default/etc/config_dir300/network
Normal file
37
root_file_system/default/etc/config_dir300/network
Normal file
|
@ -0,0 +1,37 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
#config 'interface' 'lan'
|
||||
# option 'proto' 'dhcp'
|
||||
# option 'ifname' 'eth0.1'
|
||||
|
||||
config 'interface' 'wlanmesch'
|
||||
option 'ifname' 'ath1'
|
||||
option 'mtu' '1527'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'eth0.1 ath0 bat0 tap0'
|
||||
option 'stp' '1'
|
||||
|
||||
config 'switch' 'eth0'
|
||||
option 'name' 'eth0'
|
||||
option 'reset' '1'
|
||||
option 'enable_vlan' '1'
|
||||
|
||||
config 'switch_vlan' 'eth0_1'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '1'
|
||||
option 'ports' '0 1 2 3 5t'
|
||||
|
||||
config 'switch_vlan' 'eth0_2'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '2'
|
||||
option 'ports' '4 5t'
|
||||
|
||||
config 'interface' 'wan'
|
||||
option 'ifname' 'eth0.2'
|
||||
option 'proto' 'dhcp'
|
24
root_file_system/default/etc/config_dir300/nodewatcher
Normal file
24
root_file_system/default/etc/config_dir300/nodewatcher
Normal file
|
@ -0,0 +1,24 @@
|
|||
config 'script'
|
||||
option 'version' '15'
|
||||
option 'error_level' '0'
|
||||
option 'logfile' '/var/log/nodewatcher.log'
|
||||
|
||||
config 'api'
|
||||
option 'ipv4_address' '1'
|
||||
option 'ipv6_interface' 'br-mesh'
|
||||
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||
|
||||
config 'update'
|
||||
option 'autoupdate' '1'
|
||||
|
||||
config 'crawl'
|
||||
option 'method' 'hash'
|
||||
option 'nickname' '1'
|
||||
option 'password' '1'
|
||||
option 'router_id' '1'
|
||||
option 'update_hash' '1'
|
||||
option 'login_string' '1'
|
||||
|
||||
config 'network'
|
||||
option 'mesh-interface' 'br-mesh'
|
||||
option 'client-interfaces' 'ath0'
|
86
root_file_system/default/etc/config_dir300/qos
Normal file
86
root_file_system/default/etc/config_dir300/qos
Normal file
|
@ -0,0 +1,86 @@
|
|||
# QoS configuration for OpenWrt
|
||||
|
||||
# INTERFACES:
|
||||
config interface wan
|
||||
option classgroup "Default"
|
||||
option enabled 1
|
||||
option overhead 1
|
||||
option upload 128
|
||||
option download 1024
|
||||
|
||||
# RULES:
|
||||
config classify
|
||||
option target "Bulk"
|
||||
option layer7 "edonkey"
|
||||
config classify
|
||||
option target "Bulk"
|
||||
option layer7 "bittorrent"
|
||||
config classify
|
||||
option target "Priority"
|
||||
option ports "22,53"
|
||||
config classify
|
||||
option target "Normal"
|
||||
option proto "tcp"
|
||||
option ports "20,21,25,80,110,443,993,995"
|
||||
config classify
|
||||
option target "Express"
|
||||
option ports "5190"
|
||||
config default
|
||||
option target "Express"
|
||||
option proto "udp"
|
||||
option pktsize "-500"
|
||||
config reclassify
|
||||
option target "Priority"
|
||||
option proto "icmp"
|
||||
config default
|
||||
option target "Bulk"
|
||||
option portrange "1024-65535"
|
||||
config reclassify
|
||||
option target "Priority"
|
||||
option proto "tcp"
|
||||
option pktsize "-128"
|
||||
option mark "!Bulk"
|
||||
option tcpflags "SYN"
|
||||
config reclassify
|
||||
option target "Priority"
|
||||
option proto "tcp"
|
||||
option pktsize "-128"
|
||||
option mark "!Bulk"
|
||||
option tcpflags "ACK"
|
||||
|
||||
|
||||
# Don't change the stuff below unless you
|
||||
# really know what it means :)
|
||||
|
||||
config classgroup "Default"
|
||||
option classes "Priority Express Normal Bulk"
|
||||
option default "Normal"
|
||||
|
||||
|
||||
config class "Priority"
|
||||
option packetsize 400
|
||||
option maxsize 400
|
||||
option avgrate 10
|
||||
option priority 20
|
||||
config class "Priority_down"
|
||||
option packetsize 1000
|
||||
option avgrate 10
|
||||
|
||||
|
||||
config class "Express"
|
||||
option packetsize 1000
|
||||
option maxsize 800
|
||||
option avgrate 50
|
||||
option priority 10
|
||||
|
||||
config class "Normal"
|
||||
option packetsize 1500
|
||||
option packetdelay 100
|
||||
option avgrate 10
|
||||
option priority 5
|
||||
config class "Normal_down"
|
||||
option avgrate 20
|
||||
|
||||
config class "Bulk"
|
||||
option avgrate 1
|
||||
option packetdelay 200
|
3
root_file_system/default/etc/config_dir300/system
Normal file
3
root_file_system/default/etc/config_dir300/system
Normal file
|
@ -0,0 +1,3 @@
|
|||
config system
|
||||
option hostname OpenWrt
|
||||
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"
|
2
root_file_system/default/etc/config_dir300/timeserver
Normal file
2
root_file_system/default/etc/config_dir300/timeserver
Normal file
|
@ -0,0 +1,2 @@
|
|||
config timeserver
|
||||
option hostname time.fu-berlin.de
|
21
root_file_system/default/etc/config_dir300/wireless
Normal file
21
root_file_system/default/etc/config_dir300/wireless
Normal file
|
@ -0,0 +1,21 @@
|
|||
config 'wifi-device' 'wifi0'
|
||||
option 'type' 'atheros'
|
||||
option 'disabled' '0'
|
||||
option 'channel' '6'
|
||||
option 'txpower' '15'
|
||||
option 'bgscan' '0'
|
||||
option 'diversity' '1'
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'wifi0'
|
||||
option 'mode' 'adhoc'
|
||||
option 'ssid' 'batman.oldenburg.freifunk.net'
|
||||
option 'bssid' '02:CA:FF:EE:BA:BE'
|
||||
option 'encryption' 'none'
|
||||
option 'hidden' '1'
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'wifi0'
|
||||
option 'mode' 'ap'
|
||||
option 'ssid' 'oldenburg.freifunk.net'
|
||||
option 'encryption' 'none'
|
8
root_file_system/default/etc/config_fonera/batman-adv
Normal file
8
root_file_system/default/etc/config_fonera/batman-adv
Normal file
|
@ -0,0 +1,8 @@
|
|||
config 'mesh' 'bat0'
|
||||
option 'interfaces' 'ath1'
|
||||
option 'orig_interval'
|
||||
option 'log_level'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'vis_mode'
|
33
root_file_system/default/etc/config_fonera/dhcp
Normal file
33
root_file_system/default/etc/config_fonera/dhcp
Normal file
|
@ -0,0 +1,33 @@
|
|||
config dnsmasq
|
||||
option domainneeded 1
|
||||
option boguspriv 1
|
||||
option filterwin2k '0' #enable for dial on demand
|
||||
option localise_queries 1
|
||||
option local '/lan/'
|
||||
option domain 'lan'
|
||||
option expandhosts 1
|
||||
option nonegcache 0
|
||||
option authoritative 0
|
||||
option readethers 1
|
||||
option leasefile '/tmp/dhcp.leases'
|
||||
option resolvfile '/tmp/resolv.conf.auto'
|
||||
#list server '/mycompany.local/1.2.3.4'
|
||||
#option nonwildcard 1
|
||||
#list interface br-lan
|
||||
#list notinterface lo
|
||||
|
||||
#config dhcp mesh
|
||||
# option interface mesh
|
||||
# option start X.10
|
||||
# option limit 100
|
||||
# option leasetime 6h
|
||||
|
||||
config dhcp lan
|
||||
option interface lan
|
||||
option start 100
|
||||
option limit 150
|
||||
option leasetime 12h
|
||||
|
||||
config dhcp wan
|
||||
option interface wan
|
||||
option ignore 1
|
4
root_file_system/default/etc/config_fonera/dropbear
Normal file
4
root_file_system/default/etc/config_fonera/dropbear
Normal file
|
@ -0,0 +1,4 @@
|
|||
config dropbear
|
||||
option PasswordAuth 'on'
|
||||
option Port '22'
|
||||
# option BannerFile '/etc/banner'
|
96
root_file_system/default/etc/config_fonera/firewall
Normal file
96
root_file_system/default/etc/config_fonera/firewall
Normal file
|
@ -0,0 +1,96 @@
|
|||
config defaults
|
||||
option syn_flood 1
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name lan
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name wan
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
option masq 1
|
||||
option mtu_fix 1
|
||||
|
||||
config forwarding
|
||||
option src lan
|
||||
option dest wan
|
||||
|
||||
# We need to accept udp packets on port 68,
|
||||
# see https://dev.openwrt.org/ticket/4108
|
||||
config rule
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 68
|
||||
option target ACCEPT
|
||||
|
||||
#Allow ping
|
||||
config rule
|
||||
option src wan
|
||||
option proto icmp
|
||||
option icmp_type echo-request
|
||||
option target ACCEPT
|
||||
|
||||
# include a file with users custom iptables rules
|
||||
config include
|
||||
option path /etc/firewall.user
|
||||
|
||||
|
||||
### EXAMPLE CONFIG SECTIONS
|
||||
# do not allow a specific ip to access wan
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option dest wan
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
# block a specific mac on wan
|
||||
#config rule
|
||||
# option dest wan
|
||||
# option src_mac 00:11:22:33:44:66
|
||||
# option target REJECT
|
||||
|
||||
# block incoming ICMP traffic on a zone
|
||||
#config rule
|
||||
# option src lan
|
||||
# option proto ICMP
|
||||
# option target DROP
|
||||
|
||||
# port redirect port coming in on wan to lan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 80
|
||||
# option dest lan
|
||||
# option dest_ip 192.168.16.235
|
||||
# option dest_port 80
|
||||
# option proto tcp
|
||||
|
||||
|
||||
### FULL CONFIG SECTIONS
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 80
|
||||
# option dest wan
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
#config redirect
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 1024
|
||||
# option src_dport 80
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
18
root_file_system/default/etc/config_fonera/network
Normal file
18
root_file_system/default/etc/config_fonera/network
Normal file
|
@ -0,0 +1,18 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
config 'interface' 'lan'
|
||||
option 'proto' 'dhcp'
|
||||
option 'ifname' 'eth0'
|
||||
|
||||
config 'interface' 'wlanmesch'
|
||||
option 'ifname' 'ath1'
|
||||
option 'mtu' '1527'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'ath0 bat0 tap0'
|
||||
option 'stp' '1'
|
20
root_file_system/default/etc/config_fonera/nodewatcher
Normal file
20
root_file_system/default/etc/config_fonera/nodewatcher
Normal file
|
@ -0,0 +1,20 @@
|
|||
config 'script'
|
||||
option 'version' '15'
|
||||
option 'error_level' '0'
|
||||
option 'logfile' '/var/log/nodewatcher.log'
|
||||
|
||||
config 'api'
|
||||
option 'ipv4_address' '1'
|
||||
option 'ipv6_interface' 'br-mesh'
|
||||
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||
|
||||
config 'update'
|
||||
option 'autoupdate' '1'
|
||||
|
||||
config 'crawl'
|
||||
option 'method' 'hash'
|
||||
option 'nickname' '1'
|
||||
option 'password' '1'
|
||||
option 'router_id' '1'
|
||||
option 'update_hash' '1'
|
||||
option 'login_string' '1'
|
86
root_file_system/default/etc/config_fonera/qos
Normal file
86
root_file_system/default/etc/config_fonera/qos
Normal file
|
@ -0,0 +1,86 @@
|
|||
# QoS configuration for OpenWrt
|
||||
|
||||
# INTERFACES:
|
||||
config interface wan
|
||||
option classgroup "Default"
|
||||
option enabled 1
|
||||
option overhead 1
|
||||
option upload 128
|
||||
option download 1024
|
||||
|
||||
# RULES:
|
||||
config classify
|
||||
option target "Bulk"
|
||||
option layer7 "edonkey"
|
||||
config classify
|
||||
option target "Bulk"
|
||||
option layer7 "bittorrent"
|
||||
config classify
|
||||
option target "Priority"
|
||||
option ports "22,53"
|
||||
config classify
|
||||
option target "Normal"
|
||||
option proto "tcp"
|
||||
option ports "20,21,25,80,110,443,993,995"
|
||||
config classify
|
||||
option target "Express"
|
||||
option ports "5190"
|
||||
config default
|
||||
option target "Express"
|
||||
option proto "udp"
|
||||
option pktsize "-500"
|
||||
config reclassify
|
||||
option target "Priority"
|
||||
option proto "icmp"
|
||||
config default
|
||||
option target "Bulk"
|
||||
option portrange "1024-65535"
|
||||
config reclassify
|
||||
option target "Priority"
|
||||
option proto "tcp"
|
||||
option pktsize "-128"
|
||||
option mark "!Bulk"
|
||||
option tcpflags "SYN"
|
||||
config reclassify
|
||||
option target "Priority"
|
||||
option proto "tcp"
|
||||
option pktsize "-128"
|
||||
option mark "!Bulk"
|
||||
option tcpflags "ACK"
|
||||
|
||||
|
||||
# Don't change the stuff below unless you
|
||||
# really know what it means :)
|
||||
|
||||
config classgroup "Default"
|
||||
option classes "Priority Express Normal Bulk"
|
||||
option default "Normal"
|
||||
|
||||
|
||||
config class "Priority"
|
||||
option packetsize 400
|
||||
option maxsize 400
|
||||
option avgrate 10
|
||||
option priority 20
|
||||
config class "Priority_down"
|
||||
option packetsize 1000
|
||||
option avgrate 10
|
||||
|
||||
|
||||
config class "Express"
|
||||
option packetsize 1000
|
||||
option maxsize 800
|
||||
option avgrate 50
|
||||
option priority 10
|
||||
|
||||
config class "Normal"
|
||||
option packetsize 1500
|
||||
option packetdelay 100
|
||||
option avgrate 10
|
||||
option priority 5
|
||||
config class "Normal_down"
|
||||
option avgrate 20
|
||||
|
||||
config class "Bulk"
|
||||
option avgrate 1
|
||||
option packetdelay 200
|
3
root_file_system/default/etc/config_fonera/system
Normal file
3
root_file_system/default/etc/config_fonera/system
Normal file
|
@ -0,0 +1,3 @@
|
|||
config system
|
||||
option hostname OpenWrt
|
||||
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"
|
2
root_file_system/default/etc/config_fonera/timeserver
Normal file
2
root_file_system/default/etc/config_fonera/timeserver
Normal file
|
@ -0,0 +1,2 @@
|
|||
config timeserver
|
||||
option hostname time.fu-berlin.de
|
21
root_file_system/default/etc/config_fonera/wireless
Normal file
21
root_file_system/default/etc/config_fonera/wireless
Normal file
|
@ -0,0 +1,21 @@
|
|||
config 'wifi-device' 'wifi0'
|
||||
option 'type' 'atheros'
|
||||
option 'disabled' '0'
|
||||
option 'channel' '6'
|
||||
option 'txpower' '15'
|
||||
option 'bgscan' '0'
|
||||
option 'diversity' '1'
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'wifi0'
|
||||
option 'mode' 'adhoc'
|
||||
option 'ssid' 'batman.oldenburg.freifunk.net'
|
||||
option 'bssid' '02:CA:FF:EE:BA:BE'
|
||||
option 'encryption' 'none'
|
||||
option 'hidden' '1'
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'wifi0'
|
||||
option 'mode' 'ap'
|
||||
option 'ssid' 'oldenburg.freifunk.net'
|
||||
option 'encryption' 'none'
|
|
@ -0,0 +1,9 @@
|
|||
|
||||
config 'mesh' 'bat0'
|
||||
option 'interfaces' 'wlan0'
|
||||
option 'orig_interval'
|
||||
option 'log_level'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'vis_mode'
|
27
root_file_system/default/etc/config_wrt54g_adhoc/dhcp
Normal file
27
root_file_system/default/etc/config_wrt54g_adhoc/dhcp
Normal file
|
@ -0,0 +1,27 @@
|
|||
config dnsmasq
|
||||
option domainneeded 1
|
||||
option boguspriv 1
|
||||
option filterwin2k '0' #enable for dial on demand
|
||||
option localise_queries 1
|
||||
option local '/lan/'
|
||||
option domain 'lan'
|
||||
option expandhosts 1
|
||||
option nonegcache 0
|
||||
option authoritative 1
|
||||
option readethers 1
|
||||
option leasefile '/tmp/dhcp.leases'
|
||||
option resolvfile '/tmp/resolv.conf.auto'
|
||||
#list server '/mycompany.local/1.2.3.4'
|
||||
#option nonwildcard 1
|
||||
#list interface br-lan
|
||||
#list notinterface lo
|
||||
|
||||
config dhcp wlan0
|
||||
option interface wlan0
|
||||
option start 100
|
||||
option limit 150
|
||||
option leasetime 12h
|
||||
|
||||
config dhcp wan
|
||||
option interface wan
|
||||
option ignore 1
|
|
@ -0,0 +1,4 @@
|
|||
config dropbear
|
||||
option PasswordAuth 'on'
|
||||
option Port '22'
|
||||
# option BannerFile '/etc/banner'
|
96
root_file_system/default/etc/config_wrt54g_adhoc/firewall_
Normal file
96
root_file_system/default/etc/config_wrt54g_adhoc/firewall_
Normal file
|
@ -0,0 +1,96 @@
|
|||
config defaults
|
||||
option syn_flood 1
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name lan
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name wan
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
option masq 1
|
||||
option mtu_fix 1
|
||||
|
||||
config forwarding
|
||||
option src lan
|
||||
option dest wan
|
||||
|
||||
# We need to accept udp packets on port 68,
|
||||
# see https://dev.openwrt.org/ticket/4108
|
||||
config rule
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 68
|
||||
option target ACCEPT
|
||||
|
||||
#Allow ping
|
||||
config rule
|
||||
option src wan
|
||||
option proto icmp
|
||||
option icmp_type echo-request
|
||||
option target ACCEPT
|
||||
|
||||
# include a file with users custom iptables rules
|
||||
config include
|
||||
option path /etc/firewall.user
|
||||
|
||||
|
||||
### EXAMPLE CONFIG SECTIONS
|
||||
# do not allow a specific ip to access wan
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option dest wan
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
# block a specific mac on wan
|
||||
#config rule
|
||||
# option dest wan
|
||||
# option src_mac 00:11:22:33:44:66
|
||||
# option target REJECT
|
||||
|
||||
# block incoming ICMP traffic on a zone
|
||||
#config rule
|
||||
# option src lan
|
||||
# option proto ICMP
|
||||
# option target DROP
|
||||
|
||||
# port redirect port coming in on wan to lan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 80
|
||||
# option dest lan
|
||||
# option dest_ip 192.168.16.235
|
||||
# option dest_port 80
|
||||
# option proto tcp
|
||||
|
||||
|
||||
### FULL CONFIG SECTIONS
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 80
|
||||
# option dest wan
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
#config redirect
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 1024
|
||||
# option src_dport 80
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
45
root_file_system/default/etc/config_wrt54g_adhoc/network
Normal file
45
root_file_system/default/etc/config_wrt54g_adhoc/network
Normal file
|
@ -0,0 +1,45 @@
|
|||
#### VLAN configuration
|
||||
config switch eth0
|
||||
option enable 1
|
||||
|
||||
config switch_vlan eth0_0
|
||||
option device "eth0"
|
||||
option vlan 0
|
||||
option ports "1 2 3 4 5"
|
||||
|
||||
config switch_vlan eth0_1
|
||||
option device "eth0"
|
||||
option vlan 1
|
||||
option ports "0 5"
|
||||
|
||||
#### Loopback configuration
|
||||
config interface loopback
|
||||
option ifname "lo"
|
||||
option proto static
|
||||
option ipaddr 127.0.0.1
|
||||
option netmask 255.0.0.0
|
||||
|
||||
|
||||
#### LAN configuration
|
||||
config interface lan
|
||||
option type bridge
|
||||
option ifname "eth0.0"
|
||||
option proto static
|
||||
option ipaddr 192.168.1.1
|
||||
option netmask 255.255.255.0
|
||||
|
||||
|
||||
#### WAN configuration
|
||||
config interface wan
|
||||
option ifname "eth0.1"
|
||||
option proto dhcp
|
||||
|
||||
config interface wlan0
|
||||
option proto static
|
||||
option ipaddr 192.168.2.1
|
||||
option netmask 255.255.255.0
|
||||
|
||||
config interface mesh
|
||||
option type bridge
|
||||
option ifname "bat0 tap0"
|
||||
option stp 1
|
20
root_file_system/default/etc/config_wrt54g_adhoc/nodewatcher
Normal file
20
root_file_system/default/etc/config_wrt54g_adhoc/nodewatcher
Normal file
|
@ -0,0 +1,20 @@
|
|||
config 'script'
|
||||
option 'version' '15'
|
||||
option 'error_level' '0'
|
||||
option 'logfile' '/var/log/nodewatcher.log'
|
||||
|
||||
config 'api'
|
||||
option 'ipv4_address' '1'
|
||||
option 'ipv6_interface' 'br-mesh'
|
||||
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||
|
||||
config 'update'
|
||||
option 'autoupdate' '1'
|
||||
|
||||
config 'crawl'
|
||||
option 'method' 'hash'
|
||||
option 'nickname' '1'
|
||||
option 'password' '1'
|
||||
option 'router_id' '1'
|
||||
option 'update_hash' '1'
|
||||
option 'login_string' '1'
|
3
root_file_system/default/etc/config_wrt54g_adhoc/system
Normal file
3
root_file_system/default/etc/config_wrt54g_adhoc/system
Normal file
|
@ -0,0 +1,3 @@
|
|||
config system
|
||||
option hostname OpenWrt
|
||||
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"
|
|
@ -0,0 +1,2 @@
|
|||
config timeserver
|
||||
option hostname time.fu-berlin.de
|
16
root_file_system/default/etc/config_wrt54g_adhoc/wireless
Normal file
16
root_file_system/default/etc/config_wrt54g_adhoc/wireless
Normal file
|
@ -0,0 +1,16 @@
|
|||
config wifi-device radio0
|
||||
option type mac80211
|
||||
option channel 5
|
||||
option macaddr 00:12:17:cc:ef:0d
|
||||
option hwmode 11g
|
||||
|
||||
# REMOVE THIS LINE TO ENABLE WIFI:
|
||||
option disabled 0
|
||||
|
||||
config wifi-iface
|
||||
option device radio0
|
||||
option network wlan0
|
||||
option mode adhoc
|
||||
option ssid batman.oldenburg.freifunk.net
|
||||
option encryption none
|
||||
option bssid 02:CA:FF:EE:BA:BE
|
8
root_file_system/default/etc/config_wrt54g_ap/batman-adv
Normal file
8
root_file_system/default/etc/config_wrt54g_ap/batman-adv
Normal file
|
@ -0,0 +1,8 @@
|
|||
config 'mesh' 'bat0'
|
||||
option 'interfaces'
|
||||
option 'orig_interval'
|
||||
option 'log_level'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'vis_mode'
|
30
root_file_system/default/etc/config_wrt54g_ap/dhcp
Normal file
30
root_file_system/default/etc/config_wrt54g_ap/dhcp
Normal file
|
@ -0,0 +1,30 @@
|
|||
config dnsmasq
|
||||
option domainneeded 1
|
||||
option boguspriv 1
|
||||
option filterwin2k 0 # enable for dial on demand
|
||||
option localise_queries 1
|
||||
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
|
||||
option rebind_localhost 0 # enable for RBL checking and similar services
|
||||
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
|
||||
option local '/lan/'
|
||||
option domain 'lan'
|
||||
option expandhosts 1
|
||||
option nonegcache 0
|
||||
option authoritative 1
|
||||
option readethers 1
|
||||
option leasefile '/tmp/dhcp.leases'
|
||||
option resolvfile '/tmp/resolv.conf.auto'
|
||||
#list server '/mycompany.local/1.2.3.4'
|
||||
#option nonwildcard 1
|
||||
#list interface br-lan
|
||||
#list notinterface lo
|
||||
|
||||
config dhcp lan
|
||||
option interface lan
|
||||
option start 100
|
||||
option limit 150
|
||||
option leasetime 12h
|
||||
|
||||
config dhcp wan
|
||||
option interface wan
|
||||
option ignore 1
|
4
root_file_system/default/etc/config_wrt54g_ap/dropbear
Normal file
4
root_file_system/default/etc/config_wrt54g_ap/dropbear
Normal file
|
@ -0,0 +1,4 @@
|
|||
config dropbear
|
||||
option PasswordAuth 'on'
|
||||
option Port '22'
|
||||
# option BannerFile '/etc/banner'
|
96
root_file_system/default/etc/config_wrt54g_ap/firewall
Normal file
96
root_file_system/default/etc/config_wrt54g_ap/firewall
Normal file
|
@ -0,0 +1,96 @@
|
|||
config defaults
|
||||
option syn_flood 1
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name lan
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name wan
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
option masq 1
|
||||
option mtu_fix 1
|
||||
|
||||
config forwarding
|
||||
option src lan
|
||||
option dest wan
|
||||
|
||||
# We need to accept udp packets on port 68,
|
||||
# see https://dev.openwrt.org/ticket/4108
|
||||
config rule
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 68
|
||||
option target ACCEPT
|
||||
|
||||
#Allow ping
|
||||
config rule
|
||||
option src wan
|
||||
option proto icmp
|
||||
option icmp_type echo-request
|
||||
option target ACCEPT
|
||||
|
||||
# include a file with users custom iptables rules
|
||||
config include
|
||||
option path /etc/firewall.user
|
||||
|
||||
|
||||
### EXAMPLE CONFIG SECTIONS
|
||||
# do not allow a specific ip to access wan
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option dest wan
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
# block a specific mac on wan
|
||||
#config rule
|
||||
# option dest wan
|
||||
# option src_mac 00:11:22:33:44:66
|
||||
# option target REJECT
|
||||
|
||||
# block incoming ICMP traffic on a zone
|
||||
#config rule
|
||||
# option src lan
|
||||
# option proto ICMP
|
||||
# option target DROP
|
||||
|
||||
# port redirect port coming in on wan to lan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 80
|
||||
# option dest lan
|
||||
# option dest_ip 192.168.16.235
|
||||
# option dest_port 80
|
||||
# option proto tcp
|
||||
|
||||
|
||||
### FULL CONFIG SECTIONS
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 80
|
||||
# option dest wan
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
#config redirect
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 1024
|
||||
# option src_dport 80
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
33
root_file_system/default/etc/config_wrt54g_ap/network
Normal file
33
root_file_system/default/etc/config_wrt54g_ap/network
Normal file
|
@ -0,0 +1,33 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
config 'interface' 'lan'
|
||||
option 'proto' 'dhcp'
|
||||
option 'ifname' 'eth0.1'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'wl0 tap0'
|
||||
option 'stp' '1'
|
||||
|
||||
config 'switch' 'eth0'
|
||||
option 'name' 'eth0'
|
||||
option 'reset' '1'
|
||||
option 'enable_vlan' '1'
|
||||
|
||||
config 'switch_vlan' 'eth0_1'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '1'
|
||||
option 'ports' '0 1 2 3 5t'
|
||||
|
||||
config 'switch_vlan' 'eth0_2'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '2'
|
||||
option 'ports' '4 5t'
|
||||
|
||||
config 'interface' 'wan'
|
||||
option 'ifname' 'eth0.2'
|
||||
option 'proto' 'dhcp'
|
22
root_file_system/default/etc/config_wrt54g_ap/nodewatcher
Normal file
22
root_file_system/default/etc/config_wrt54g_ap/nodewatcher
Normal file
|
@ -0,0 +1,22 @@
|
|||
|
||||
config 'script'
|
||||
option 'version' '15'
|
||||
option 'error_level' '0'
|
||||
option 'logfile' '/var/log/nodewatcher.log'
|
||||
|
||||
config 'api'
|
||||
option 'ipv4_address' '1'
|
||||
option 'ipv6_interface' 'br-mesh'
|
||||
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||
|
||||
config 'update'
|
||||
option 'autoupdate' '1'
|
||||
|
||||
config 'crawl'
|
||||
option 'method' 'hash'
|
||||
option 'nickname' '1'
|
||||
option 'password' '1'
|
||||
option 'login_string' '1'
|
||||
option 'router_id' '1'
|
||||
option 'update_hash' '1'
|
||||
|
3
root_file_system/default/etc/config_wrt54g_ap/system
Normal file
3
root_file_system/default/etc/config_wrt54g_ap/system
Normal file
|
@ -0,0 +1,3 @@
|
|||
config system
|
||||
option hostname OpenWrt
|
||||
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"
|
2
root_file_system/default/etc/config_wrt54g_ap/timeserver
Normal file
2
root_file_system/default/etc/config_wrt54g_ap/timeserver
Normal file
|
@ -0,0 +1,2 @@
|
|||
config timeserver
|
||||
option hostname time.fu-berlin.de
|
10
root_file_system/default/etc/config_wrt54g_ap/wireless
Normal file
10
root_file_system/default/etc/config_wrt54g_ap/wireless
Normal file
|
@ -0,0 +1,10 @@
|
|||
config wifi-device wl0
|
||||
option type broadcom
|
||||
option channel 6
|
||||
option disabled 0
|
||||
|
||||
config wifi-iface
|
||||
option device wl0
|
||||
option mode ap
|
||||
option ssid oldenburg.freifunk.net
|
||||
option encryption none
|
17
root_file_system/default/etc/crontabs/root
Normal file
17
root_file_system/default/etc/crontabs/root
Normal file
|
@ -0,0 +1,17 @@
|
|||
*/5 * * * * killall klogd
|
||||
*/5 * * * * killall syslogd
|
||||
*/5 * * * * killall logger
|
||||
|
||||
*/5 * * * * sh /etc/nodewatcher.sh
|
||||
*/5 * * * * sh /etc/tincstart.sh
|
||||
|
||||
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
|
||||
|
||||
#Enable zapp script if you are running a gateway
|
||||
#*/1 * * * * /etc/init.d/zapp
|
||||
|
||||
*/5 * * * * killall -HUP dnsmasq
|
||||
#* * * * * /usr/sbin/ff_olsr_test_gw
|
||||
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
|
||||
#0 */4 * * * /usr/sbin/ff_rdate
|
||||
#17 * * * * /usr/sbin/ff_mapupdate
|
45
root_file_system/default/etc/firewall.user
Executable file
45
root_file_system/default/etc/firewall.user
Executable file
|
@ -0,0 +1,45 @@
|
|||
#!/bin/sh
|
||||
#iptables -F
|
||||
#
|
||||
#iptables -P INPUT DROP
|
||||
#iptables -P OUTPUT DROP
|
||||
#iptables -P FORWARD DROP
|
||||
#
|
||||
#for proto in tcp udp
|
||||
#do
|
||||
# for port in 53 666 655
|
||||
# do
|
||||
# iptables -A OUTPUT -p $proto --dport $port -j ACCEPT
|
||||
# iptables -A OUTPUT -p $proto --sport $port -j ACCEPT
|
||||
# iptables -A INPUT -p $proto --dport $port -j ACCEPT
|
||||
# iptables -A INPUT -p $proto --sport $port -j ACCEPT
|
||||
# done
|
||||
#done
|
||||
#
|
||||
#iptables -A OUTPUT -p icmp -j ACCEPT
|
||||
#iptables -A INPUT -p icmp -j ACCEPT
|
||||
#
|
||||
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
|
||||
#
|
||||
#
|
||||
#iptables -A OUTPUT -p tcp --sport 1024: -j ACCEPT
|
||||
#iptables -A OUTPUT -p udp --sport 1024: -j ACCEPT
|
||||
|
||||
# mastersword.de
|
||||
#iptables -A OUTPUT -p tcp -d 78.46.215.78 -j ACCEPT
|
||||
#iptables -A INPUT -p tcp -s 78.46.215.78 -j ACCEPT
|
||||
|
||||
# gw1.freifunk-ol.de
|
||||
#iptables -A OUTPUT -p tcp -d 178.33.33.102 -j ACCEPT
|
||||
#iptables -A INPUT -p tcp -s 178.33.33.102 -j ACCEPT
|
||||
|
||||
# freifunk-ol.de
|
||||
#iptables -A OUTPUT -p tcp -d 178.33.33.208 -j ACCEPT
|
||||
#iptables -A INPUT -p tcp -s 178.33.33.208 -j ACCEPT
|
||||
|
||||
#Masquerade interface for gateway
|
||||
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
#solves MTU problem with bad ISP´s
|
||||
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
2
root_file_system/default/etc/firmware_release
Normal file
2
root_file_system/default/etc/firmware_release
Normal file
|
@ -0,0 +1,2 @@
|
|||
FIRMWARE_VERSION="0.1"
|
||||
RELEASE_DATE="15.02.2010"
|
3
root_file_system/default/etc/hostsupdate.sh
Normal file
3
root_file_system/default/etc/hostsupdate.sh
Normal file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
|
||||
wget -T15 http://$(cat /etc/config/nodewatcher | grep url | awk '{ print $3 }' | sed -e "s/\]'//g" -e "s/'\[//g")/api_nodewatcher.php?section=get_hostnames_and_mac -O - | grep -v -e "^..-..-" | sort -u > /etc/bat-hosts
|
3
root_file_system/default/etc/hotplug.d/iface/50-tincstart
Executable file
3
root_file_system/default/etc/hotplug.d/iface/50-tincstart
Executable file
|
@ -0,0 +1,3 @@
|
|||
[ ifup = "$ACTION" -a "$DEVICE" = eth0 ] && {
|
||||
sh /etc/tincstart.sh
|
||||
}
|
3
root_file_system/default/etc/hotplug.d/iface/51-nodewatcher
Executable file
3
root_file_system/default/etc/hotplug.d/iface/51-nodewatcher
Executable file
|
@ -0,0 +1,3 @@
|
|||
[ ifup = "$ACTION" -a "$DEVICE" = eth0 ] && {
|
||||
sh /etc/nodewatcher.sh
|
||||
}
|
622
root_file_system/default/etc/init.d/zapp
Executable file
622
root_file_system/default/etc/init.d/zapp
Executable file
|
@ -0,0 +1,622 @@
|
|||
#!/bin/sh
|
||||
|
||||
# If you got false positives, try a higher value
|
||||
BOGOTHRESH=200
|
||||
|
||||
# Note: for mail alarm, you need "ssmtp" installed and configured.
|
||||
# Example /etc/ssmtp/ssmtp.conf (debian/ubuntu) for GMX needs:
|
||||
# mailhub=mail.gmx.net:25 FromLineOverride=YES
|
||||
# AuthUser=$MAILFROM AuthPass=x UseSTARTTLS=YES
|
||||
MAILFROM=sender-address@domain.de
|
||||
MAILADDR=receiver-address@domain.de
|
||||
|
||||
# Insert IPs you trust
|
||||
#TRUSTEDIP="$TRUSTEDIP 1.2.3.4"
|
||||
#TRUSTEDIP="$TRUSTEDIP 2.3.4.5"
|
||||
|
||||
# 0: Do not save, 1: save conntrack if zapp
|
||||
DEBUGSAVE=0
|
||||
# Empty: No log in /var/log/zapp/, otherwise string to prepend to saved bogothresh files
|
||||
DEBUGLOGS= #$(date "+%b%d %H:%M")
|
||||
|
||||
# 0: Manual clear, or minutes until auto-clear blockade (5-1439)
|
||||
CLEARTIME=360
|
||||
|
||||
WEBSERVER=/www
|
||||
|
||||
# --- END OF CONFIGURATION SETTINGS ---
|
||||
|
||||
# This script uses case-esac for speed with busybox-ash. Current version under:
|
||||
# http://ff-firmware.cvs.sourceforge.net/viewvc/*checkout*/ff-firmware/ff-devel/freifunk-zapp/etc/init.d/S92zapp
|
||||
|
||||
# When running via cron, the PATH is unset
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
# We start a netcat-based webserver on this port if someone is blocked
|
||||
BLOCKPORT=8090
|
||||
|
||||
CRONUSR=root
|
||||
CRONDIR=/var/spool/cron/crontabs
|
||||
|
||||
# First argument may be an input file
|
||||
CONN=${1:-/proc/net/ip_conntrack}
|
||||
|
||||
# This script calls itself with the IP to analyze why its blocking
|
||||
DEBIP=$2
|
||||
case $1 in '')DEBUG=false;;*)DEBUG=true;;esac
|
||||
|
||||
case $DEBUGLOGS in "");;*)test -d /var/log/zapp || mkdir -p /var/log/zapp;;esac
|
||||
|
||||
# Find out our IP that is used to connect to the Internet
|
||||
DEV=$(ip route get 1.1.1.1/1|sed -n '1{s/.* dev \([^ ]\+\).*/\1/;p}')
|
||||
ADR=$(ip -f inet addr list dev $DEV scope global|sed -n '2s/^.*inet \([0-9\.]\+\).*/\1/p')
|
||||
PAT=$(sed 's/\./_/g'<<Q
|
||||
$ADR
|
||||
Q
|
||||
)
|
||||
UNK=0
|
||||
|
||||
which () {
|
||||
# Note: do not unset IFS (busybox ash and bash are different here)
|
||||
for p in $(sed 's/:/ /g'<<Q
|
||||
$PATH
|
||||
Q
|
||||
);do
|
||||
test -x $p/$1 && return 0
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
# Freifunk Firmware Configs
|
||||
which nvram && {
|
||||
ff_zapp_thresh=$(nvram get ff_zapp_thresh)
|
||||
BOGOTHRESH=${ff_zapp_thresh:-$BOGOTHRESH}
|
||||
}
|
||||
|
||||
case $BOGOTHRESH in ""|0)exit 0;;esac
|
||||
|
||||
NC_CMD=
|
||||
which nc && NC_CMD=nc
|
||||
which nc-hobbit && NC_CMD=nc-hobbit
|
||||
which netcat && NC_CMD=netcat
|
||||
which nc6 && NC_CMD=nc6
|
||||
# Note: busybox nc unusable, "-q" only Debian, GNU netcat "-c" unusable
|
||||
$NC_CMD -h 2>&1 | egrep -q '\-l\b' || NC_CMD=
|
||||
|
||||
# 1=-I/-D 2=proto 3=srcip, 4=dport, 5=to
|
||||
portfw () {
|
||||
local to
|
||||
case $1 in "-D")
|
||||
to=$(iptables -t nat -nL PREROUTING|sed -n "s/^DNAT[[:space:]]\\+$2[[:space:]]\\+[^[:space:]]\\+[[:space:]]\\+$3[[:space:]]\\+![[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+[[:space:]]\\+$2[[:space:]]\\+dpt:$4[[:space:]]\\+to://;tp;b;:p p;q")
|
||||
;;esac
|
||||
to=${to:-$5}
|
||||
iptables -t nat $1 PREROUTING --proto $2 -s $3 ! -d ${to%:*} --dport $4 -j DNAT --to $to
|
||||
}
|
||||
|
||||
netcatruns () {
|
||||
for pid in $(pidof $NC_CMD);do
|
||||
ppid=$(sed -n 's/^PPid: //p' /proc/$pid/status)
|
||||
case $(sed -n 's/^Name: //p' /proc/$ppid/status) in ${0##*/})
|
||||
# Check netstat: release the IP currently grabbing our blocking page
|
||||
case "$1" in "GET /let-me-browse-again"*)
|
||||
le=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\4 \3 \2 \1/'))
|
||||
be=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\1 \2 \3 \4/'))
|
||||
eval $(sed -n '/^ *[0-9]\+: \+'$le':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\4 )).$(( 0x\3 )).$(( 0x\2 )).$(( 0x\1 ))/;p;q};/^ *[0-9]\+: \+'$be':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\1 )).$(( 0x\2 )).$(( 0x\3 )).$(( 0x\4 ))/;p;q}' /proc/net/tcp)
|
||||
portfw -D tcp $ip 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
|
||||
;;esac
|
||||
return 0
|
||||
;;esac
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
# Add (-I) or remove (-D) iptables rules
|
||||
block () {
|
||||
# Freifunk Firmware Configs
|
||||
which nvram && {
|
||||
ff_adm_mail=$(nvram get ff_adm_mail)
|
||||
ff_zapp_time=$(nvram get ff_zapp_time)
|
||||
ff_zapp_debug=$(nvram get ff_zapp_debug)
|
||||
ff_zapp_server=$(nvram get ff_zapp_server)
|
||||
ff_zapp_strict=$(nvram get ff_zapp_strict)
|
||||
MAILFROM=${ff_adm_mail:-$MAILFROM}
|
||||
MAILADDR=${ff_adm_mail:-$MAILADDR}
|
||||
CLEARTIME=${ff_zapp_time:-$CLEARTIME}
|
||||
DEBUGSAVE=${ff_zapp_debug:-$DEBUGSAVE}
|
||||
WEBSERVER=${ff_zapp_server:-$WEBSERVER}
|
||||
IFS=\;
|
||||
for i in $(nvram get ff_zapp_trusted); do
|
||||
TRUSTEDIP="$TRUSTEDIP $i"
|
||||
done
|
||||
unset IFS
|
||||
}
|
||||
|
||||
for i in $TRUSTEDIP;do
|
||||
case $2 in $i)
|
||||
# Prevents re-blocking next run
|
||||
iptables $1 FORWARD -s $2
|
||||
iptables $1 FORWARD -d $2
|
||||
return
|
||||
;;esac
|
||||
done
|
||||
|
||||
# Note: FreifunkFW does not have REJECT out-of-the-box
|
||||
jump=DROP
|
||||
iptables -I OUTPUT -d 127.0.0.1 -j REJECT 2>&- && iptables -D OUTPUT -d 127.0.0.1 -j REJECT 2>&- && jump=REJECT
|
||||
|
||||
iptables $1 FORWARD -s $2 -j $jump
|
||||
iptables $1 FORWARD -d $2 -j $jump
|
||||
|
||||
# Allowing ping is always a good idea
|
||||
iptables $1 FORWARD -s $2 --proto icmp -j ACCEPT
|
||||
iptables $1 FORWARD -d $2 --proto icmp -j ACCEPT
|
||||
|
||||
# Allow TCP up to port 1023
|
||||
iptables $1 FORWARD -s $2 --proto tcp --dport :1023 -j ACCEPT
|
||||
iptables $1 FORWARD -d $2 --proto tcp --sport :1023 -j ACCEPT
|
||||
|
||||
# Note: Freifunk FW does not have REDIRECT, use DNAT instead,
|
||||
# which needs the correct outgoing interface IP for redirection.
|
||||
ifip=$(ip route get $2|sed -n 's/^.* src \([^ ]\+\).*/\1/p')
|
||||
|
||||
# Allow DNS, redirect to our local dnsmasq if applicable
|
||||
if pidof dnsmasq >&-; then
|
||||
portfw $1 udp $2 53 ${ifip:-$ADR}:53
|
||||
portfw $1 tcp $2 53 ${ifip:-$ADR}:53
|
||||
else
|
||||
iptables $1 FORWARD -s $2 --proto udp --dport 53 -j ACCEPT
|
||||
iptables $1 FORWARD -d $2 --proto udp --sport 53 -j ACCEPT
|
||||
fi
|
||||
|
||||
# It's polite to tell a blocked user what's going on
|
||||
case $NC_CMD in "");;*)
|
||||
portfw $1 tcp $2 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
|
||||
case $1 in "-D")
|
||||
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
|
||||
sed -i -e "/\/${0##*/} unblock $2\$/d" $CRONDIR/$CRONUSR
|
||||
echo $CRONUSR > $CRONDIR/cron.update
|
||||
};;esac
|
||||
if ! iptables -t nat -nL PREROUTING|egrep -q "\\bto:[^:]+:$BLOCKPORT\\b"; then
|
||||
netcatruns && (echo "Stopping netcat server" >&2;kill $ppid $pid)
|
||||
fi
|
||||
;;*)
|
||||
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
|
||||
min=$(date +%M)
|
||||
min=$(( $(date +%k ) * 60 + ${min#0} + $CLEARTIME ))
|
||||
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
|
||||
sed -i -e "\$a$(( $min % 60 )) $(( $min / 60 % 24 )) * * * $me unblock $2" $CRONDIR/$CRONUSR
|
||||
echo $CRONUSR > $CRONDIR/cron.update
|
||||
};;esac
|
||||
if ! netcatruns; then
|
||||
echo "Starting netcat server for $2" >&2
|
||||
while true;do ($NC_CMD -l -p $BLOCKPORT <<EOF
|
||||
HTTP/1.0 200 OK
|
||||
Expires: -1
|
||||
Pragma: no-cache
|
||||
Cache-Control: no-cache
|
||||
Content-Type: text/html; charset=utf-8
|
||||
|
||||
<HTML>
|
||||
<HEAD><TITLE>Sorry...</TITLE>
|
||||
<META HTTP-EQUIV="Expires" CONTENT="-1">
|
||||
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
|
||||
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
|
||||
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8">
|
||||
<STYLE TYPE="text/css"></STYLE>
|
||||
</HEAD>
|
||||
<BODY ONLOAD="if ('/let-me-browse-again' == window.location.pathname)location.href=document.referrer">
|
||||
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"><!--
|
||||
function addrule(selector, rule)
|
||||
{
|
||||
if (null!=document.styleSheets && 0<document.styleSheets.length)
|
||||
{
|
||||
if (null!=document.styleSheets[0].cssRules)
|
||||
{
|
||||
document.styleSheets[0].insertRule(selector+"{"+rule+"}", 0);
|
||||
}
|
||||
else if (null!=document.styleSheets[0].rules)
|
||||
{
|
||||
document.styleSheets[0].addRule(selector, rule);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (null != navigator.language && "de" == navigator.language ||
|
||||
null != navigator.browserLanguage && "de" == navigator.browserLanguage)
|
||||
{
|
||||
addrule(".de", "display:block");
|
||||
addrule(".fr", "display:none");
|
||||
addrule(".en", "display:none");
|
||||
}
|
||||
else if (null != navigator.language && "fr" == navigator.language ||
|
||||
null != navigator.browserLanguage && "fr" == navigator.browserLanguage)
|
||||
{
|
||||
addrule(".de", "display:none");
|
||||
addrule(".fr", "display:block");
|
||||
addrule(".en", "display:none");
|
||||
}
|
||||
else
|
||||
{
|
||||
addrule(".de", "display:none");
|
||||
addrule(".fr", "display:none");
|
||||
addrule(".en", "display:block");
|
||||
}
|
||||
//--></SCRIPT>
|
||||
<H1>Zapped on $(uname -n) (${ifip:-$ADR})</H1>
|
||||
|
||||
<DIV CLASS="en">
|
||||
<P><SMALL CLASS="de">Deutsch: siehe unten</SMALL><SMALL CLASS="fr">français : voir ci-dessous</SMALL></P>
|
||||
<HR>
|
||||
<P>Hello! You are a victim of a filesharing blockade. Your PC opens too
|
||||
much connections to different Internet hosts. This may be caused by the
|
||||
VoIP program Skype, by a filesharing program or by another program with
|
||||
this unusual communication pattern. $(test -f $WEBSERVER/cgi-bin-skype.html &&
|
||||
echo "For operating the Skype VoIP program please read this
|
||||
<A HREF='http://$ifip/cgi-bin-skype.html'>Information Page</A>.")
|
||||
</P>
|
||||
<P>TCP based services still work (ports up to 1023), but UDP based services are blocked now.</P>
|
||||
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
||||
VALUE='I have read this page and stopped the respective program. Please restore access to the Web.'
|
||||
TYPE='submit'></FORM>
|
||||
<P>The blockade $(case $CLEARTIME in ""|0) echo "needs to be removed manually.";;*)echo "will be
|
||||
removed after $CLEARTIME minutes. Alternatively, the blockade can be removed manually.";;esac)
|
||||
For this, send an email to <A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
||||
</P>
|
||||
</DIV>
|
||||
|
||||
<DIV CLASS="de">
|
||||
<HR>
|
||||
<P>Hallo! Du bist das Opfer einer Filesharing-Sperre geworden. Dein Rechner
|
||||
öffnet zuviele Verbindungen zu verschiedenen Internet-Rechnern. Dies
|
||||
kann ausgelöst werden durch das VoIP-Programm Skype, durch ein
|
||||
Filesharing-Programm oder durch ein anderes Programm welches dieses ungewöhnliche
|
||||
Kommunikationsmuster aufweist. $(test -f $WEBSERVER/cgi-bin-skype.html &&
|
||||
echo "Zum Betrieb des VoIP-Programms Skype lies bitte diese
|
||||
<A HREF='http://$ifip/cgi-bin-skype.html'>Informationsseite</A>.")
|
||||
</P>
|
||||
<P><B>Hinweis:</B> TCP-basierte Dienste (Ports bis 1023) funktionieren, aber UDP-basierte Dienste sind nun gesperrt.</P>
|
||||
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
||||
VALUE='Ich habe verstanden und das entsprechende Programm beendet. Bitte Web-Zugang freigeben.'
|
||||
TYPE='submit'></FORM>
|
||||
<P>Die Sperre $(case $CLEARTIME in ""|0)echo "muss manuell entfernt werden.";;*)
|
||||
echo "wird nach $CLEARTIME Minuten entfernt. Wahlweise kann die Sperre
|
||||
auch manuell entfernt werden.";;esac) Sende dazu eine Mail an
|
||||
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
||||
</P>
|
||||
</DIV>
|
||||
|
||||
<DIV CLASS="fr">
|
||||
<HR>
|
||||
<P>Bonjour! Vous êtes victime du mécanisme de blocage de partage de fichiers. Votre
|
||||
ordinateur ouvre trop de connexions simultanées vers trop d'hôtes Internet différents.
|
||||
Ceci peut venir du logiciel de communications Skype, d'un logiciel de partage de fichiers,
|
||||
ou d'un autre programme qui aurait ce même comportement inhabituel, comme certains virus.
|
||||
$(test -f $WEBSERVER/cgi-bin-skype.html &&
|
||||
echo "Pour l'utilisation de Skype en voix sur IP (VoIP) merci de lire cette
|
||||
<A HREF='http://$ifip/cgi-bin-skype.html'>page d'informations</A>.")
|
||||
</P>
|
||||
<P><B>Précisions:</B> Les services TCP restent fonctionnels (Ports jusqu'au n° 1023) mais les
|
||||
services UDP sont bloqués.
|
||||
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
||||
VALUE='J‘ai lu cette page et j‘ai arrêté les programmes suspectés. Lever le blocage!'
|
||||
TYPE='submit'></FORM>
|
||||
<P>Le blocage $(case $CLEARTIME in ""|0)echo "doit être désactivé manuellement.";;*)
|
||||
echo "sera levé automatiquement dans $CLEARTIME minutes. Il est aussi possible de
|
||||
le faire manuellement.";;esac) en envoyant un mail à
|
||||
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
||||
</P>
|
||||
</DIV>
|
||||
</BODY>
|
||||
<HEAD>
|
||||
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
|
||||
<META HTTP-EQUIV="Expires" CONTENT="-1">
|
||||
</HEAD>
|
||||
</HTML>
|
||||
EOF
|
||||
)|(read -r GET && netcatruns "$GET" && kill $pid)
|
||||
done >&- 2>&- &
|
||||
fi
|
||||
;;esac
|
||||
;;esac
|
||||
}
|
||||
|
||||
zapp () {
|
||||
# Block an IP and send a mail to the admin
|
||||
ip=$(echo $1|sed -e 's/^[A-Z]\+_//;s/=.*//;s/_/./g')
|
||||
if $DEBUG; then
|
||||
# Prevent script recursion
|
||||
case $DEBIP in "")
|
||||
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)"
|
||||
echo
|
||||
$0 "$CONN" ${1%=*}
|
||||
;;esac
|
||||
elif ! iptables -nL FORWARD | egrep -q "\\b$(echo $ip|sed 's/\./\\&/g')\\b";then
|
||||
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)" >> /var/log/zappfile.txt
|
||||
mac=$(sed -n 's/^'$(echo $ip|sed 's/\./\\./g')' \+\([^ ]\+ \+\)\{2\}\([^ ]\+\).*/\2/p' /proc/net/arp)
|
||||
|
||||
# Disabled, because we cannot unblock this currently
|
||||
case 0 in 1)case $mac in '');;*)
|
||||
echo "Also zapping $mac at $(date)" >> /var/log/zappfile.txt
|
||||
iptables -I FORWARD -m mac --mac-source $mac -j $jump
|
||||
;;esac;;esac
|
||||
|
||||
block -I $ip
|
||||
|
||||
case $DEBUGSAVE in 1)
|
||||
# Save current conntrack for later analysis
|
||||
cat "$CONN"|gzip -c>/var/log/zappfile-$ip-$(date).txt.gz
|
||||
;;esac
|
||||
|
||||
which ssmtp && cat|ssmtp $MAILADDR<<EOF
|
||||
To: $MAILADDR
|
||||
From: $MAILFROM
|
||||
Subject: Zappfile extended on $(uname -n)
|
||||
|
||||
The following IP exeeded the conntrack limit and was added to the zappfile:
|
||||
|
||||
IP: $ip
|
||||
MAC: $mac
|
||||
Date: $(date)
|
||||
Bogopoints: $2
|
||||
Threshold: $BOGOTHRESH
|
||||
|
||||
The forwarding firewall now has the following rules:
|
||||
|
||||
$(iptables -nL FORWARD)
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
# TCP rules:
|
||||
# * Bittorrent opens and uses lots of TCP connections
|
||||
# * BT also uses a higher bandwidth, especially on port 688x
|
||||
# * General: lots of TCP traffic from/to different peers (!port 80)
|
||||
tcp () {
|
||||
# We only count traffic generated by others
|
||||
case $3 in $PAT);;*)
|
||||
case "${10}" in
|
||||
# We count unreplied connection attempts because
|
||||
# lots of P2P peers may not have correct portfw
|
||||
# as well as currently active transfers
|
||||
SYN_SENT|SYN_RECV|ESTABLISHED)
|
||||
case $4 in
|
||||
# HTTP, HTTPS: browsers tend to open multiple connections
|
||||
80|443)
|
||||
case $9 in
|
||||
?????)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac"
|
||||
;;
|
||||
*)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac"
|
||||
;;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "tcp ham $1:$2 $3:$4";;esac
|
||||
;;
|
||||
# Punish traffic on ports 6880-6889
|
||||
688*)
|
||||
case $9 in
|
||||
?????)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac"
|
||||
;;
|
||||
*)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac"
|
||||
;;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "tcp p2p $1:$2 $3:$4";;esac
|
||||
;;
|
||||
# Everything else is normal tcp
|
||||
*)
|
||||
case $9 in
|
||||
?????)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac"
|
||||
;;
|
||||
*)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac"
|
||||
;;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "tcp std $1:$2 $3:$4";;esac
|
||||
;;
|
||||
esac
|
||||
eval "TCP_$1_$3=\$(( \$TCP_$1_$3 + 1 ))"
|
||||
;;
|
||||
esac
|
||||
;;esac
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# UDP rules:
|
||||
# * Bittorrent DHT feature got us unreplied incoming UDP from diverse IPs (sport likely 688x)
|
||||
# * P2P-user with DHT: incoming UDP dport(unreplied) is port the P2P-user configured for DHT
|
||||
# * P2P-user none DHT: Peers seeking DHT, we have a P2P-user currently, lower tolerance
|
||||
# * General: lots of UDP traffic from/to different peers(!port 53)
|
||||
|
||||
udp () {
|
||||
case ${10} in "[UNREPLIED]") case $3 in $PAT)
|
||||
# We are contacted by incoming UDP (without reason). If that is the case
|
||||
# it is likely that we have at least one P2P user now. Especially if that
|
||||
# peer sends us from his port 688x which is the default for Bittorrent.
|
||||
case $2 in
|
||||
668*)
|
||||
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
|
||||
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
||||
;;
|
||||
*)
|
||||
case $4 in
|
||||
688*)
|
||||
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
|
||||
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
||||
;;
|
||||
*)
|
||||
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 1 ));;esac"
|
||||
case $DEBIP in '');;*)echo "nak udp $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
eval "UNK_$1=\$(( \$UNK_$1 + 1 ))"
|
||||
;;esac;;esac
|
||||
# We only count traffic generated by others
|
||||
case $3 in $PAT);;*)
|
||||
case $4 in
|
||||
# DNS: resolvers tend to open multiple connections
|
||||
53)
|
||||
case ${10} in
|
||||
"[UNREPLIED]")
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac";;
|
||||
*)
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac";;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "udp ham $1:$2 $3:$4";;esac
|
||||
;;
|
||||
# Punish traffic on ports 6880-6889
|
||||
688*)
|
||||
case ${10} in
|
||||
"[UNREPLIED]")
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac";;
|
||||
*)
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac";;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "udp p2p $1:$2 $3:$4";;esac
|
||||
;;
|
||||
# Everything else is normal udp
|
||||
*)
|
||||
case ${10} in
|
||||
"[UNREPLIED]")
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac";;
|
||||
*)
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac";;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "udp std $1:$2 $3:$4";;esac
|
||||
;;
|
||||
esac
|
||||
eval "UDP_$1_$3=\$(( \$UDP_$1_$3 + 1 ))"
|
||||
;;esac
|
||||
return 0
|
||||
}
|
||||
|
||||
case $1 in
|
||||
block)
|
||||
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
|
||||
block "-I" $2
|
||||
exit 0
|
||||
;;
|
||||
unblock|clear)
|
||||
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
|
||||
block "-D" $2
|
||||
exit 0
|
||||
;;
|
||||
start|stop)
|
||||
test ! -f $CRONDIR/$CRONUSR && (echo "No $CRONDIR/$CRONUSR" 2>&-;exit 1)
|
||||
if egrep -q "/${0##*/}" $CRONDIR/$CRONUSR; then
|
||||
case $1 in stop)
|
||||
echo "Removing ${0##*/} from cron"
|
||||
sed -i -e "/\/${0##*/}/d" $CRONDIR/$CRONUSR
|
||||
;;esac
|
||||
else
|
||||
case $1 in start)
|
||||
case $BOGOTHRESH in 0);;*)
|
||||
echo "Adding ${0##*/} to cron"
|
||||
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
|
||||
sed -i -e "\$a*/1 * * * * $me" $CRONDIR/$CRONUSR
|
||||
;;esac
|
||||
;;esac
|
||||
fi
|
||||
echo $CRONUSR > $CRONDIR/cron.update
|
||||
exit 0
|
||||
;;
|
||||
status)
|
||||
echo "Firewall status:"
|
||||
iptables -nL FORWARD|egrep '^(DROP|REJECT)? +all +-- +[1-9][0-9\.]+ +0.0.0.0/0\b' || echo " No IPs blocked"
|
||||
egrep -q "/${0##*/}" $CRONDIR/$CRONUSR && echo "Running via cron" || echo "Not running via cron"
|
||||
exit 0
|
||||
;;
|
||||
-h|--help|help)
|
||||
cat<<EOF
|
||||
This script examines the kernel conntrack table and blocks a source IP if
|
||||
it detects a filesharing application. Read the script file for details.
|
||||
|
||||
Usage: $0 {start|stop|block [IP]|unblock [IP]|help|[file]}
|
||||
|
||||
start add this scipt as cron job
|
||||
stop remove this script from cron
|
||||
status show a list of blocked IPs
|
||||
block manually block an IP
|
||||
unblock manually unblock an IP
|
||||
[file] parse [file] instead /proc/net/ip_conntrack (for testing)
|
||||
No args normal function, e.g. called by cron without arguments
|
||||
|
||||
Note1: if netcat is installed, this script tries to inform a blocked user
|
||||
by starting a simple web server. If also ssmtp is installed, this script
|
||||
informs you by e-mail about the filesharing and blocking incidents. If
|
||||
someone is blocked, this is recorded in /var/log/zapp* files for later
|
||||
analysis. To analyze, unpack the gzipped conntrack file of the incident
|
||||
and start this script by supplying the filename.
|
||||
|
||||
Note2: to install on Freifunk-FW copy this script to /etc/init.d/S92zapp
|
||||
and restart the router. On other systems it shoud be sufficient to start
|
||||
this script with "$0 start".
|
||||
EOF
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
if ! $DEBUG; then
|
||||
if [ -f /proc/sys/net/netfilter/nf_conntrack_acct ] &&
|
||||
[ 0 = $(cat /proc/sys/net/netfilter/nf_conntrack_acct) ]
|
||||
then
|
||||
# Kernel-2.6 needs accounting=on for correct ip_conntrack format
|
||||
echo "Kernel accounting not enabled, which is required." >&2
|
||||
echo "Use 'sysctl -w net.netfilter.nf_conntrack_acct=1'" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Different kernels have differnt formats, script lines doubled to prevent too much compare operations
|
||||
REL=$(uname -r)
|
||||
case ${REL#2.4} in $REL)
|
||||
# Kernel 2.6 output has [STATUS] in different positions, shift to end
|
||||
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
|
||||
set $l
|
||||
case $1 in
|
||||
tcp)
|
||||
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${11#src=} ${13#sport=} ${12#dst=} ${14#dport=} $(( ${10#bytes=} + ${16#bytes=} )) $4
|
||||
;;
|
||||
udp)
|
||||
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${10#src=} ${12#sport=} ${11#dst=} ${13#dport=} $(( ${9#bytes=}+${15#bytes=} )) ${19}
|
||||
;;
|
||||
eof)
|
||||
# If probably no P2P client active double threshold
|
||||
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
|
||||
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
|
||||
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
|
||||
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
|
||||
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
|
||||
done
|
||||
;;
|
||||
esac
|
||||
done
|
||||
;;*)
|
||||
# Kernel 2.4 output has [STATUS] in different positions, shift to end
|
||||
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
|
||||
set $l
|
||||
case $1 in
|
||||
tcp)
|
||||
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${9#src=} ${11#sport=} ${10#dst=} ${12#dport=} ${15#bytes=} $4
|
||||
;;
|
||||
udp)
|
||||
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${8#src=} ${10#sport=} ${9#dst=} ${11#dport=} ${14#bytes=} ${15}
|
||||
;;
|
||||
eof)
|
||||
# If probably no P2P client active double threshold
|
||||
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
|
||||
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
|
||||
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
|
||||
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
|
||||
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
|
||||
done
|
||||
;;
|
||||
esac
|
||||
done
|
||||
;;esac
|
||||
|
||||
exit 0
|
576
root_file_system/default/etc/nodewatcher.sh
Executable file
576
root_file_system/default/etc/nodewatcher.sh
Executable file
|
@ -0,0 +1,576 @@
|
|||
#!/bin/sh
|
||||
# Netmon Nodewatcher (C) 2010-2011 Freifunk Oldenburg
|
||||
# Lizenz: GPL
|
||||
|
||||
if [ -f /etc/config/nodewatcher ];then
|
||||
API_IPV4_ADRESS=`uci get nodewatcher.@api[0].ipv4_address`
|
||||
API_IPV6_ADRESS=`uci get nodewatcher.@api[0].ipv6_address`
|
||||
API_IPV6_INTERFACE=`uci get nodewatcher.@api[0].ipv6_interface`
|
||||
SCRIPT_VERSION=`uci get nodewatcher.@script[0].version`
|
||||
SCRIPT_ERROR_LEVEL=`uci get nodewatcher.@script[0].error_level`
|
||||
SCRIPT_LOGFILE=`uci get nodewatcher.@script[0].logfile`
|
||||
CRAWL_METHOD=`uci get nodewatcher.@crawl[0].method`
|
||||
CRAWL_ROUTER_ID=`uci get nodewatcher.@crawl[0].router_id`
|
||||
CRAWL_UPDATE_HASH=`uci get nodewatcher.@crawl[0].update_hash`
|
||||
CRAWL_NICKNAME=`uci get nodewatcher.@crawl[0].nickname`
|
||||
CRAWL_PASSWORD=`uci get nodewatcher.@crawl[0].password`
|
||||
UPDATE_AUTOUPDATE=`uci get nodewatcher.@update[0].autoupdate`
|
||||
else
|
||||
. /etc/nodewatcher_config
|
||||
fi
|
||||
|
||||
delete_log() {
|
||||
if [ -f $logfile ]; then
|
||||
if [ `ls -la $logfile | awk '{ print $5 }'` -gt "6000" ]; then
|
||||
sed -i '1,60d' $logfile
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Logfile wurde verkleinert" >> $logfile
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
urlencode() {
|
||||
arg="$1"
|
||||
i=0
|
||||
while [ $i -lt ${#arg} ]; do
|
||||
c=${arg:$i:1}
|
||||
|
||||
if echo "$c" | grep -q '[a-zA-Z/:_\.\-]'; then
|
||||
echo -n "$c"
|
||||
else
|
||||
echo -n "%"
|
||||
printf "%X" "'$c'"
|
||||
fi
|
||||
i=$((i+1))
|
||||
done
|
||||
}
|
||||
|
||||
convert_space() {
|
||||
arg="$1"
|
||||
echo $1 | sed "s/ /%20/g"
|
||||
}
|
||||
|
||||
get_url() {
|
||||
if [[ $API_IPV4_ADRESS != "1" ]]; then
|
||||
url=$API_IPV4_ADRESS
|
||||
else
|
||||
url="[$API_IPV6_ADRESS"%"$API_IPV6_INTERFACE]"
|
||||
fi
|
||||
echo $url
|
||||
}
|
||||
|
||||
do_ping() {
|
||||
if [[ $API_IPV4_ADRESS != "1" ]]; then
|
||||
command="ping -c 2 "$API_IPV4_ADRESS
|
||||
else
|
||||
command="ping -c 2 -I "$API_IPV6_INTERFACE" "$API_IPV6_ADRESS
|
||||
fi
|
||||
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Pinging..." >> $logfile
|
||||
fi
|
||||
|
||||
ping_return=`$command`
|
||||
|
||||
if [ $error_level -gt "2" ]; then
|
||||
echo $ping_return
|
||||
fi
|
||||
}
|
||||
|
||||
update() {
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Suche neue Version" >> $logfile
|
||||
fi
|
||||
netmon_api=`get_url`
|
||||
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=version"
|
||||
ergebnis=`$command`
|
||||
return=`echo $ergebnis| cut '-d;' -f1`
|
||||
version=`echo $ergebnis| cut '-d;' -f2`
|
||||
|
||||
if [[ $return = "success" ]]; then
|
||||
if [[ $version -gt $SCRIPT_VERSION ]]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Eine neue Version ist Verfügbar, script wird geupdated" >> $logfile
|
||||
fi
|
||||
wget -q -O $SCRIPT_DIR/nodewatcher.sh http://$netmon_api/api_nodewatcher.php?section=update
|
||||
uci set nodewatcher.@script[0].version=$version
|
||||
uci commit
|
||||
else
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Das Script ist aktuell" >> $logfile
|
||||
fi
|
||||
fi
|
||||
else
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Beim Update ist ein Fehler aufgetreten: $ergebnis" >> $logfile
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
assign() {
|
||||
netmon_api=`get_url`
|
||||
hostname=`cat /proc/sys/kernel/hostname`
|
||||
|
||||
#Choose right login String
|
||||
login_strings="$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')"
|
||||
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=test_login_strings&login_strings=$login_strings"
|
||||
ergebnis=`$command`
|
||||
if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
|
||||
router_auto_assign_login_string=`echo $ergebnis| cut '-d;' -f2`
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Es existiert ein Router mit dem Login String $router_auto_assign_login_string" >> $logfile
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f1` = "error" ]; then
|
||||
router_auto_assign_login_string=`echo $login_strings| cut '-d;' -f1`
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Es existiert kein Router mit einem der Login Strings: $login_strings" >> $logfile
|
||||
echo "`date`: Nutze $router_auto_assign_login_string als login string" >> $logfile
|
||||
fi
|
||||
fi
|
||||
|
||||
#Try to assign Router with choosen login string
|
||||
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=router_auto_assign&router_auto_assign_login_string=$router_auto_assign_login_string&hostname=$hostname"
|
||||
ergebnis=`$command`
|
||||
if [ `echo $ergebnis| cut '-d;' -f1` != "success" ]; then
|
||||
if [ `echo $ergebnis| cut '-d;' -f2` = "already_assigned" ]; then
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Der Login String `echo $ergebnis| cut '-d;' -f3` ist bereits mit einem Router verknüpft" >> $logfile
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f2` = "autoassign_not_allowed" ]; then
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Der dem Login String `echo $ergebnis| cut '-d;' -f3` zugewiesene Router erlaubt autoassign nicht" >> $logfile
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f2` = "new_not_assigned" ]; then
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Router wurde der Liste der nicht zugewiesenen Router hinzugefügt" >> $logfile
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f2` = "updated_not_assigned" ]; then
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Router auf der Liste der nicht zugewiesenen Router wurde geupdated" >> $logfile
|
||||
fi
|
||||
fi
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Der Router wurde nicht mit Netmon verknüpft" >> $logfile
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
|
||||
#write new config
|
||||
uci set nodewatcher.@crawl[0].router_id=`echo $ergebnis| cut '-d;' -f2`
|
||||
uci set nodewatcher.@crawl[0].update_hash=`echo $ergebnis| cut '-d;' -f3`
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Der Router wurde mit Netmon verknüpft" >> $logfile
|
||||
fi
|
||||
uci commit
|
||||
|
||||
configure
|
||||
|
||||
can_crawl=1
|
||||
fi
|
||||
}
|
||||
|
||||
configure() {
|
||||
netmon_api=`get_url`
|
||||
authentificationmethod=$CRAWL_METHOD
|
||||
router_id=$CRAWL_ROUTER_ID
|
||||
router_auto_update_hash=$CRAWL_UPDATE_HASH
|
||||
|
||||
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=get_standart_data&authentificationmethod=$authentificationmethod&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id"
|
||||
ergebnis=`$command`
|
||||
|
||||
if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
|
||||
#uci set freifunk.contact.location=`echo $ergebnis| cut '-d;' -f3`
|
||||
|
||||
uci set system.@system[0].hostname=`echo $ergebnis| cut '-d;' -f4`
|
||||
echo `echo $ergebnis| cut '-d;' -f4` > /proc/sys/kernel/hostname
|
||||
|
||||
# uci get system.@system[0].latitude=
|
||||
# uci get system.@system[0].longitude=
|
||||
# uci get freifunk.community.ssid=
|
||||
# uci get freifunk.contact.nickname=
|
||||
# uci get freifunk.contact.mail=
|
||||
# uci get freifunk.community.prefix=
|
||||
# uci get freifunk.contact.note=
|
||||
|
||||
uci commit
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Der Router wurde konfiguriert" >> $logfile
|
||||
fi
|
||||
else
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Fehler bei der Konfiguration: $ergebnis" >> $logfile
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
crawl() {
|
||||
#Get API and authentication configuration
|
||||
netmon_api=`get_url`
|
||||
authentificationmethod=$CRAWL_METHOD
|
||||
nickname=$CRAWL_NICKNAME
|
||||
password=$CRAWL_PASSWORD
|
||||
router_id=$CRAWL_ROUTER_ID
|
||||
router_auto_update_hash=$CRAWL_UPDATE_HASH
|
||||
|
||||
#Get system data from UCI
|
||||
if which uci >/dev/null; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: UCI is installed, trying to collect extra data UCI" >> $logfile
|
||||
fi
|
||||
location="`uci get freifunk.contact.location`"
|
||||
location=`urlencode "$location"`
|
||||
latitude="`uci get system.@system[0].latitude`"
|
||||
longitude="`uci get system.@system[0].longitude`"
|
||||
|
||||
community_essid="`uci get freifunk.community.ssid`"
|
||||
community_nickname="`uci get freifunk.contact.nickname`"
|
||||
community_email="`uci get freifunk.contact.mail`"
|
||||
community_prefix="`uci get freifunk.community.prefix`"
|
||||
description="`uci get freifunk.contact.note`"
|
||||
description=`urlencode "$description"`
|
||||
fi
|
||||
|
||||
#Get system data from LUA
|
||||
if which lua >/dev/null; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: LUA is installed, trying to collect extra data LUA" >> $logfile
|
||||
fi
|
||||
luciname=`lua -l luci.version -e 'print(luci.version.luciname)'`
|
||||
luciname=`urlencode "$luciname"`
|
||||
lucversion=`lua -l luci.version -e 'print(luci.version.luciversion)'`
|
||||
lucversion=`urlencode "$lucversion"`
|
||||
fi
|
||||
|
||||
#Get system data from other locations
|
||||
hostname="`cat /proc/sys/kernel/hostname`"
|
||||
uptime=`cat /proc/uptime | awk '{ print $1 }'`
|
||||
idletime=`cat /proc/uptime | awk '{ print $2 }'`
|
||||
|
||||
memory_total=`cat /proc/meminfo | grep 'MemTotal' | awk '{ print $2 }'`
|
||||
memory_caching=`cat /proc/meminfo | grep -m 1 'Cached:' | awk '{ print $2 }'`
|
||||
memory_buffering=`cat /proc/meminfo | grep 'Buffers' | awk '{ print $2 }'`
|
||||
memory_free=`cat /proc/meminfo | grep 'MemFree' | awk '{ print $2 }'`
|
||||
cpu=`grep -m 1 "cpu model" /proc/cpuinfo | cut -d ":" -f 2`
|
||||
if [ -n $cpu ]; then
|
||||
cpu=`grep -m 1 "model name" /proc/cpuinfo | cut -d ":" -f 2`
|
||||
fi
|
||||
cpu=`urlencode "$cpu"`
|
||||
|
||||
chipset=`grep -m 1 "system type" /proc/cpuinfo | cut -d ":" -f 2`
|
||||
chipset=`urlencode "$chipset"`
|
||||
local_time="`date +%s`"
|
||||
processes=`cat /proc/loadavg | awk '{ print $4 }'`
|
||||
loadavg=`cat /proc/loadavg | awk '{ print $1 }'`
|
||||
|
||||
if which batctl >/dev/null; then
|
||||
batman_adv_version=`batctl -v | awk '{ print $2 }'`
|
||||
fi
|
||||
kernel_version=`uname -r`
|
||||
nodewatcher_version=$SCRIPT_VERSION
|
||||
|
||||
openwrt_version_file="/etc/openwrt_release"
|
||||
if [ -f $openwrt_version_file ]; then
|
||||
. $openwrt_version_file
|
||||
|
||||
distname=$DISTRIB_ID
|
||||
distversion=$DISTRIB_RELEASE
|
||||
fi
|
||||
|
||||
firmware_version_file="/etc/firmware_release"
|
||||
if [ -f $firmware_version_file ]; then
|
||||
. $firmware_version_file
|
||||
|
||||
firmware_version=$FIRMWARE_VERSION
|
||||
fi
|
||||
|
||||
#Send system data
|
||||
command="http://$netmon_api/api_nodewatcher.php?section=insert_crawl_system_data&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&status=online&hostname=$hostname&description=$description&location=$location&latitude=$latitude&longitude=$longitude&luciname=$luciname&luciversion=$luciversion&distname=$distname&distversion=$distversion&chipset=$chipset&cpu=$cpu&memory_total=$memory_total&memory_caching=$memory_caching&memory_buffering=$memory_buffering&memory_free=$memory_free&loadavg=$loadavg&processes=$processes&uptime=$uptime&idletime=$idletime&local_time=$local_time&community_essid=$community_essid&community_nickname=$community_nickname&community_email=$community_email&community_prefix=$community_prefix&batman_advanced_version=$batman_adv_version&kernel_version=$kernel_version&nodewatcher_version=$nodewatcher_version&firmware_version=$firmware_version"
|
||||
command="wget -q -O - "$command
|
||||
if [ "$1" = "debug" ]; then
|
||||
echo $command
|
||||
else
|
||||
i=0
|
||||
while [ $i -le 5 ]
|
||||
do
|
||||
return_interface=`$command`
|
||||
|
||||
if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Das Senden der System und Batman Statusdaten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||
fi
|
||||
break;
|
||||
else
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Error! Das Senden der System und Batman Statusdaten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||
fi
|
||||
fi
|
||||
|
||||
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||
done
|
||||
fi
|
||||
|
||||
#Get interfaces
|
||||
IFACES=`cat /proc/net/dev | awk -F: '!/\|/ { gsub(/[[:space:]]*/, "", $1); split($2, a, " "); printf("%s=%s=%s ", $1, a[1], a[9]) }'`
|
||||
|
||||
#Loop interfaces
|
||||
for entry in $IFACES; do
|
||||
int=""
|
||||
iface=`echo $entry | cut -d '=' -f 1`
|
||||
rcv=`echo $entry | cut -d '=' -f 2`
|
||||
xmt=`echo $entry | cut -d '=' -f 3`
|
||||
|
||||
wlan_mode=""
|
||||
wlan_bssid=""
|
||||
wlan_essid=""
|
||||
wlan_frequency=""
|
||||
wlan_tx_power=""
|
||||
|
||||
if [ "$iface" != "lo" ]; then
|
||||
if [ "`ifconfig ${iface} | grep UP`" != "" ]; then
|
||||
#Get interface data
|
||||
name="${iface}"
|
||||
mac_addr="`ifconfig ${iface} | grep 'HWaddr' | awk '{ print $5}'`"
|
||||
ipv4_addr="`ifconfig ${iface} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`"
|
||||
ipv6_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Global' | awk '{ print $3}'`"
|
||||
ipv6_link_local_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Link' | awk '{ print $3}'`"
|
||||
mtu="`ifconfig ${iface} | grep 'MTU' | cut -d: -f2 | awk '{ print $1}'`"
|
||||
traffic_rx="$rcv"
|
||||
traffic_tx="$xmt"
|
||||
|
||||
int=$int"int[$name][name]=$name&int[$name][mac_addr]=$mac_addr&int[$name][ipv4_addr]=$ipv4_addr&int[$name][ipv6_addr]=$ipv6_addr&int[$name][ipv6_link_local_addr]=$ipv6_link_local_addr&int[$name][traffic_rx]=$traffic_rx&int[$name][traffic_tx]=$traffic_tx&int[$name][mtu]=$mtu&"
|
||||
|
||||
if [ "`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`" != "" ]; then
|
||||
wlan_mode="`iwconfig ${iface} 2>/dev/null | grep 'Mode' | awk '{ print $1 }' | cut -d ':' -f 2`"
|
||||
|
||||
if [ $wlan_mode = "Master" ]; then
|
||||
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep 'Access Point' | awk '{ print $6 }'`"
|
||||
elif [ $wlan_mode = "Ad-Hoc" ]; then
|
||||
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep Cell | awk '{ print $5 }'`"
|
||||
fi
|
||||
|
||||
wlan_essid="`iwconfig ${iface} 2>/dev/null | grep ESSID | awk '{ split($4, a, \"\\"\"); printf(\"%s\", a[2]); }'`"
|
||||
wlan_frequency="`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`"
|
||||
wlan_tx_power="`iwconfig ${iface} 2>/dev/null | grep 'Tx-Power' | awk '{ print $4 }' | cut -d '=' -f 2`"
|
||||
int=$int"int[$name][wlan_mode]=$wlan_mode&int[$name][wlan_frequency]=$wlan_frequency&int[$name][wlan_essid]=$wlan_essid&int[$name][wlan_bssid]=$wlan_bssid&int[$name][wlan_tx_power]=$wlan_tx_power&"
|
||||
fi
|
||||
|
||||
#Send interface status data
|
||||
command="http://$netmon_api/api_nodewatcher.php?section=insert_crawl_interfaces_data&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&$int"
|
||||
command="wget -q -O - "$command
|
||||
if [ "$1" = "debug" ]; then
|
||||
echo $command
|
||||
else
|
||||
i=0
|
||||
while [ $i -le 5 ]
|
||||
do
|
||||
return_interface=`$command`
|
||||
if [ `echo $return_interface | cut '-d;' -f1`="success" ]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Das Senden der Interface Statusdaten ($name) war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||
fi
|
||||
break;
|
||||
else
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Error! Das Senden der Interface Statusdaten ($name) war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||
echo "`date`: $command" >> $logfile
|
||||
fi
|
||||
fi
|
||||
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||
done
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
#B.A.T.M.A.N. advanced
|
||||
mv /etc/bat-hosts /etc/bat-hosts.tmp
|
||||
if which batctl >/dev/null; then
|
||||
batman_check_running=`batctl if | grep 'Error'`
|
||||
if [ "$batman_check_running" == "" ]; then
|
||||
has_active_interface="0"
|
||||
BAT_ADV_IFACES=`batctl if | awk '{ print $1 }' | cut -d ':' -f 1`
|
||||
for device_name in $BAT_ADV_IFACES; do
|
||||
if [ "`batctl if | grep $device_name | grep active`" != "" ]; then
|
||||
status='active'
|
||||
has_active_interface="1"
|
||||
else
|
||||
status='inactive'
|
||||
fi
|
||||
|
||||
command="http://$netmon_api/api_nodewatcher.php?section=insert_batman_adv_interfaces&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&bat_adv_int[$device_name][name]=$device_name&bat_adv_int[$device_name][status]=$status"
|
||||
command="wget -q -O - "$command
|
||||
if [ "$1" = "debug" ]; then
|
||||
echo $command
|
||||
else
|
||||
i=0
|
||||
while [ $i -le 5 ]
|
||||
do
|
||||
return_interface="`$command`"
|
||||
|
||||
if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Das Senden des Batman Advanced Interfaces ($device_name) war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||
fi
|
||||
break;
|
||||
else
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Error! Das Senden des Batman Advanced Interfaces ($device_name) war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||
fi
|
||||
fi
|
||||
|
||||
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $has_active_interface = "1" ]; then
|
||||
BAT_ADV_ORIGINATORS=`batctl o | grep 'No batman nodes in range'`
|
||||
if [ "$BAT_ADV_ORIGINATORS" == "" ]; then
|
||||
OLDIFS=$IFS
|
||||
IFS="
|
||||
"
|
||||
BAT_ADV_ORIGINATORS=`batctl o | awk '/O/ {next} /B/ {next} {print}'`
|
||||
for row in $BAT_ADV_ORIGINATORS; do
|
||||
originator=`echo $row | awk '{print $1}'`
|
||||
last_seen=`echo $row | awk '{print $2}'`
|
||||
last_seen="${last_seen//s/}"
|
||||
link_quality=`echo $row | awk '{print $3}'`
|
||||
link_quality="${link_quality//(/}"
|
||||
link_quality="${link_quality//)/}"
|
||||
|
||||
batman_adv_originators=$batman_adv_originators"bat_adv_orig[$originator][originator]=$originator&bat_adv_orig[$originator][link_quality]=$link_quality&bat_adv_orig[$originator][last_seen]=$last_seen&"
|
||||
done
|
||||
IFS=$OLDIFS
|
||||
|
||||
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=insert_batman_adv_originators&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&$batman_adv_originators"
|
||||
if [ "$1" = "debug" ]; then
|
||||
echo $command
|
||||
else
|
||||
i=0
|
||||
while [ $i -le 5 ]
|
||||
do
|
||||
return_interface="`$command`"
|
||||
|
||||
if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Das Senden der Batman Advaned Originator Daten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||
fi
|
||||
break;
|
||||
else
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Error! Das Senden der Batman Advaned Originator Daten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||
fi
|
||||
fi
|
||||
|
||||
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||
done
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
mv /etc/bat-hosts.tmp /etc/bat-hosts
|
||||
|
||||
#CLIENTS
|
||||
MESHDEVICE='br-mesh'
|
||||
CLIENTDEVICE='ath0'
|
||||
SEDDEV=`brctl showstp $MESHDEVICE | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
|
||||
CLIENT_MACS=`brctl showmacs $MESHDEVICE | sed -e "$SEDDEV" | awk '{if ($3 != "yes" && $1 == "ath0") print $2}'`
|
||||
i=0
|
||||
for client in $CLIENT_MACS; do
|
||||
# clients=$clients"clients[$i][mac_addr]=$client&"
|
||||
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||
done
|
||||
client_count=$i
|
||||
|
||||
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=insert_clients&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&client_count=$client_count"
|
||||
if [ "$1" = "debug" ]; then
|
||||
echo $command
|
||||
else
|
||||
i=0
|
||||
while [ $i -le 5 ]
|
||||
do
|
||||
return_interface="`$command`"
|
||||
if [ `echo $return_interface | cut '-d;' -f1`="success" ]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Das Senden der Client Daten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile
|
||||
fi
|
||||
break;
|
||||
else
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Error! Das Senden der Client Daten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile
|
||||
fi
|
||||
fi
|
||||
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
|
||||
LANG=C
|
||||
|
||||
SCRIPT_DIR=`dirname $0`
|
||||
error_level=$SCRIPT_ERROR_LEVEL
|
||||
logfile=$SCRIPT_LOGFILE
|
||||
|
||||
if [[ $UPDATE_AUTOUPDATE == '1' ]]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Autoupdate ist an" >> $logfile
|
||||
fi
|
||||
update
|
||||
else
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Autoupdate ist aus" >> $logfile
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$1" == "update" ]]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Führe manuelles update aus" >> $logfile
|
||||
fi
|
||||
update
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Prüfe Authentifizierungsmethode" >> $logfile
|
||||
fi
|
||||
|
||||
can_crawl=1
|
||||
if [ $CRAWL_METHOD == "login" ]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Authentifizierungsmethode ist: Username und Passwort" >> $logfile
|
||||
fi
|
||||
elif [ $CRAWL_METHOD == "hash" ]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Authentifizierungsmethode ist: Autoassign und Hash" >> $logfile
|
||||
echo "`date`: Prüfe ob Roter schon mit Netmon verknüpft ist" >> $logfile
|
||||
fi
|
||||
if [ $CRAWL_UPDATE_HASH == "1" ]; then
|
||||
can_crawl=0
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Der Router ist noch NICHT mit Netmon verknüpft" >> $logfile
|
||||
echo "`date`: Versuche verknüpfung herzustellen" >> $logfile
|
||||
fi
|
||||
assign
|
||||
else
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Der Router ist bereits mit Netmon verknüpft" >> $logfile
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $can_crawl == 1 ]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Prüfe Logfile" >> $logfile
|
||||
fi
|
||||
delete_log
|
||||
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Sende aktuelle Statusdaten" >> $logfile
|
||||
fi
|
||||
crawl
|
||||
fi
|
||||
|
||||
exit 0
|
3
root_file_system/default/etc/passwd
Normal file
3
root_file_system/default/etc/passwd
Normal file
|
@ -0,0 +1,3 @@
|
|||
root:$1$OmvoKpjK$e.lPVnBxsrAbNV4EoH3xb1:0:0:root:/root:/bin/ash
|
||||
nobody:*:65534:65534:nobody:/var:/bin/false
|
||||
daemon:*:65534:65534:daemon:/var:/bin/false
|
18
root_file_system/default/etc/rc.local
Executable file
18
root_file_system/default/etc/rc.local
Executable file
|
@ -0,0 +1,18 @@
|
|||
# Put your custom commands here that should be executed once
|
||||
# the system init finished. By default this file does nothing.
|
||||
|
||||
ifconfig br-mesh down
|
||||
ifconfig br-mesh up
|
||||
|
||||
ifdown lan
|
||||
ifup lan
|
||||
|
||||
rdate -s time.fu-berlin.de
|
||||
|
||||
chown root.root /etc/crontabs/root
|
||||
/etc/init.d/cron stop
|
||||
/etc/init.d/cron start
|
||||
|
||||
sh /etc/firewall.user
|
||||
|
||||
exit 0
|
15
root_file_system/default/etc/showmacs.sh
Executable file
15
root_file_system/default/etc/showmacs.sh
Executable file
|
@ -0,0 +1,15 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# SHOWMACS need br-ctl! NO BUSYBOX!
|
||||
#
|
||||
# Version 0.2
|
||||
#
|
||||
# by Tim Niemeyer (reddog@mastersword.de)
|
||||
#
|
||||
|
||||
DEV=$1
|
||||
|
||||
SEDDEV=`brctl showstp $DEV | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
|
||||
SEDMAC=`cat /etc/bat-hosts | sed -e "s/^/s\//;s/$/\/;/;s/ /\//"`
|
||||
|
||||
brctl showmacs $DEV | sed -e "$SEDMAC" | sed -e "$SEDDEV"
|
24
root_file_system/default/etc/sysctl.conf
Normal file
24
root_file_system/default/etc/sysctl.conf
Normal file
|
@ -0,0 +1,24 @@
|
|||
kernel.panic=3
|
||||
net.ipv4.conf.default.arp_ignore=1
|
||||
net.ipv4.conf.all.arp_ignore=1
|
||||
net.ipv4.ip_forward=1
|
||||
net.ipv4.icmp_echo_ignore_broadcasts=1
|
||||
net.ipv4.icmp_ignore_bogus_error_responses=1
|
||||
net.ipv4.tcp_ecn=0
|
||||
net.ipv4.tcp_fin_timeout=30
|
||||
net.ipv4.tcp_keepalive_time=120
|
||||
net.ipv4.tcp_syncookies=1
|
||||
net.ipv4.tcp_timestamps=0
|
||||
net.core.netdev_max_backlog=30
|
||||
net.netfilter.nf_conntrack_checksum=0
|
||||
net.ipv4.netfilter.ip_conntrack_checksum=0
|
||||
net.ipv4.netfilter.ip_conntrack_max=16384
|
||||
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
|
||||
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
|
||||
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
|
||||
# net.ipv6.conf.all.forwarding=1
|
||||
|
||||
# disable bridge firewalling by default
|
||||
net.bridge.bridge-nf-call-arptables=0
|
||||
net.bridge.bridge-nf-call-ip6tables=0
|
||||
net.bridge.bridge-nf-call-iptables=0
|
118
root_file_system/default/etc/tincstart.sh
Executable file
118
root_file_system/default/etc/tincstart.sh
Executable file
|
@ -0,0 +1,118 @@
|
|||
#!/bin/sh
|
||||
|
||||
#DEBUG="--debug=2"
|
||||
DEBUG=""
|
||||
SERVER="no"
|
||||
SERVERNAME="batgw"
|
||||
|
||||
project="batvpn"
|
||||
|
||||
test_internet_host1="mastersword.de"
|
||||
test_internet_host2="78.46.215.78"
|
||||
|
||||
#Only do something with tinc when the router has internet connection
|
||||
if ping -w5 -c3 "$test_internet_host1" &>/dev/null || ping -w5 -c3 "$test_internet_host2" &>/dev/null
|
||||
then
|
||||
|
||||
if [ "$SERVER" == "no" ]
|
||||
then
|
||||
hostname=$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
|
||||
|
||||
if [ "$hostname" == "" ]
|
||||
then
|
||||
hostname=$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
|
||||
fi
|
||||
|
||||
if [ "$hostname" == "" ]
|
||||
then
|
||||
hostname=$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
|
||||
fi
|
||||
else
|
||||
hostname=$SERVERNAME
|
||||
fi
|
||||
|
||||
if [ ! -d /etc/tinc ]
|
||||
then
|
||||
mkdir /etc/tinc
|
||||
fi
|
||||
|
||||
if [ ! -d /etc/tinc/$project ]
|
||||
then
|
||||
mkdir /etc/tinc/$project
|
||||
|
||||
echo -n -e "\n\n" | tincd --pidfile=/etc/tinc/$project/tinc.pid -n $project -K
|
||||
kill -HUP $(cat /etc/tinc/$project/tinc.pid)
|
||||
sleep 3
|
||||
mkdir /etc/tinc/$project/hosts
|
||||
echo "ifconfig \$INTERFACE up" > /etc/tinc/$project/tinc-up
|
||||
if [ "$SERVER" == "no" ]
|
||||
then
|
||||
echo "brctl addif br-mesh \$INTERFACE" >> /etc/tinc/$project/tinc-up
|
||||
fi
|
||||
chmod +x /etc/tinc/$project/tinc-up
|
||||
fi
|
||||
|
||||
pubkey=$(for line in $(cat /etc/tinc/$project/rsa_key.pub | sed -e 's/$/%0a/g' | sed -e 's/+/%2b/g' | sed -e 's/ /%20/g'); do echo -n $line; done)
|
||||
port=666
|
||||
|
||||
cat <<EOF > /etc/tinc/$project/tinc.conf
|
||||
Name = $hostname
|
||||
Mode = Switch
|
||||
#PingTimeout = 30
|
||||
Hostnames = yes
|
||||
#GraphDumpFile = /tmp/vpn-graph.dot
|
||||
TCPOnly = yes
|
||||
EOF
|
||||
|
||||
# we need this only for first startup
|
||||
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
|
||||
then
|
||||
cat <<EOF > /etc/tinc/$project/hosts/$hostname
|
||||
Address = 0.0.0.0
|
||||
Port = $port
|
||||
EOF
|
||||
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
|
||||
fi
|
||||
|
||||
# fire up
|
||||
if [ "$(ps aux | grep tincd | grep -v grep)" == "" ]
|
||||
then
|
||||
tincd -c /etc/tinc/$project --pidfile=/etc/tinc/$project/tinc.pid --logfile=/var/log/tinc.log $DEBUG
|
||||
# sleep 1
|
||||
# brctl addif br-mesh tap0
|
||||
fi
|
||||
|
||||
# register
|
||||
wget -T15 "http://mastersword.de/~reddog/tinc/?name=$hostname&port=$port&key=$pubkey" -O /etc/tinc/$project/output
|
||||
|
||||
filenames=$(cat /etc/tinc/$project/output| grep ^#### | sed -e 's/^####//' | sed -e 's/.conf//g')
|
||||
for file in $filenames
|
||||
do
|
||||
grep -A100 $file /etc/tinc/$project/output | grep -v $file | grep -m1 ^### -B100 | grep -v ^### > /etc/tinc/$project/hosts/$file.new
|
||||
if [ "$(diff /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file 2>&1)" == "" ]
|
||||
then
|
||||
/bin/rm /etc/tinc/$project/hosts/$file.new
|
||||
else
|
||||
/bin/mv /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file
|
||||
fi
|
||||
echo "ConnectTo=$file" >> /etc/tinc/$project/tinc.conf
|
||||
done
|
||||
|
||||
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
|
||||
then
|
||||
cat <<EOF > /etc/tinc/$project/hosts/$hostname
|
||||
Address = 0.0.0.0
|
||||
Port = $port
|
||||
EOF
|
||||
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
|
||||
fi
|
||||
|
||||
#reload
|
||||
kill -HUP $(cat /etc/tinc/$project/tinc.pid)
|
||||
|
||||
else
|
||||
echo "Der Router kann keine Verbindung zum Tincserver aufbauen"
|
||||
echo "Tincstart macht nichts!"
|
||||
fi
|
||||
|
||||
exit 0
|
37
root_file_system/dir300/etc/config/network
Normal file
37
root_file_system/dir300/etc/config/network
Normal file
|
@ -0,0 +1,37 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
#config 'interface' 'lan'
|
||||
# option 'proto' 'dhcp'
|
||||
# option 'ifname' 'eth0.1'
|
||||
|
||||
config 'interface' 'wlanmesch'
|
||||
option 'ifname' 'ath1'
|
||||
option 'mtu' '1527'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'eth0.1 ath0 bat0 tap0'
|
||||
option 'stp' '1'
|
||||
|
||||
config 'switch' 'eth0'
|
||||
option 'name' 'eth0'
|
||||
option 'reset' '1'
|
||||
option 'enable_vlan' '1'
|
||||
|
||||
config 'switch_vlan' 'eth0_1'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '1'
|
||||
option 'ports' '0 1 2 3 5t'
|
||||
|
||||
config 'switch_vlan' 'eth0_2'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '2'
|
||||
option 'ports' '4 5t'
|
||||
|
||||
config 'interface' 'wan'
|
||||
option 'ifname' 'eth0.2'
|
||||
option 'proto' 'dhcp'
|
18
root_file_system/fonera/etc/config/network
Normal file
18
root_file_system/fonera/etc/config/network
Normal file
|
@ -0,0 +1,18 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
config 'interface' 'lan'
|
||||
option 'proto' 'dhcp'
|
||||
option 'ifname' 'eth0'
|
||||
|
||||
config 'interface' 'wlanmesch'
|
||||
option 'ifname' 'ath1'
|
||||
option 'mtu' '1527'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'ath0 bat0 tap0'
|
||||
option 'stp' '1'
|
Loading…
Reference in New Issue
Block a user