diff --git a/bsp/ath79-generic.bsp b/bsp/ath79-generic.bsp index b530d160..0402ee23 100644 --- a/bsp/ath79-generic.bsp +++ b/bsp/ath79-generic.bsp @@ -6,10 +6,10 @@ images=("openwrt-${chipset}-${subtarget}-glinet_gl-ar150-squashfs-*" "openwrt-${chipset}-${subtarget}-tplink_archer-c60-v2-squashfs-*" "openwrt-${chipset}-${subtarget}-tplink_archer-c7-v2-squashfs-*" "openwrt-${chipset}-${subtarget}-tplink_archer-c7-v5-squashfs-*" -# "openwrt-${chipset}-${subtarget}-tplink_cpe210-v1-squashfs-*" + "openwrt-${chipset}-${subtarget}-tplink_cpe210-v1-squashfs-*" "openwrt-${chipset}-${subtarget}-tplink_cpe210-v2-squashfs-*" "openwrt-${chipset}-${subtarget}-tplink_cpe210-v3-squashfs-*" -# "openwrt-${chipset}-${subtarget}-tplink_cpe510-v1-squashfs-*" + "openwrt-${chipset}-${subtarget}-tplink_cpe510-v1-squashfs-*" "openwrt-${chipset}-${subtarget}-tplink_tl-wdr3500-v1-squashfs-*" "openwrt-${chipset}-${subtarget}-tplink_tl-wdr3600-v1-squashfs-*" "openwrt-${chipset}-${subtarget}-tplink_tl-wdr4300-v1-squashfs-*" diff --git a/bsp/default/root_file_system/etc/profile b/bsp/default/root_file_system/etc/profile index 8de20517..63105744 100644 --- a/bsp/default/root_file_system/etc/profile +++ b/bsp/default/root_file_system/etc/profile @@ -23,6 +23,7 @@ alias l='ls -CF' alias la='ls -A' alias ll='ls -alF' alias ls='ls --color=auto' +alias ip='ip --color=auto' # and color my prompt export PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' diff --git a/buildscript b/buildscript index 47b29c13..da096193 100755 --- a/buildscript +++ b/buildscript @@ -1,12 +1,15 @@ #!/bin/bash # SPDX-License-Identifier: GPL-3.0-or-later +set -e +set -o pipefail + builddir=./build # OpenWrt: package hashes correspond to core repo version -OPENWRTREV="v21.02.0-rc1" -PACKAGEREV="4ceeb8fc90ed2c2e650ddddc855e7ed1df071c22" -ROUTINGREV="5b4d4c7fb6a97cac68c7d8b156fd0ab27bab4dcc" +OPENWRTREV="v21.02.0-rc3" +PACKAGEREV="e738d2faf1c4ed68094f1d5da075d2d92fb35049" +ROUTINGREV="2baff33918c089fd3744c7192f8ae7a29c47a8d7" # Gluon packages: master from 2020-02-04 GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c" @@ -17,13 +20,13 @@ GLUON_PKGS="simple-tc uradvd" FFF_VARIANTS="node layer3" -OPENWRTURL="https://git.openwrt.org/openwrt/openwrt.git" +OPENWRTURL="https://git.freifunk-franken.de/mirror/openwrt.git" ## Feed definition [0]: name aka directory, [1]: url, [2]: revision #official openwrt packages OPENWRT=(openwrt - https://git.openwrt.org/feed/packages.git + https://git.freifunk-franken.de/mirror/openwrt-packages.git $PACKAGEREV) #gluon packages @@ -33,7 +36,7 @@ GLUON=(gluon #official openwrt routing packages ROUTING=(routing - https://git.openwrt.org/feed/routing.git + https://git.freifunk-franken.de/mirror/openwrt-routing.git $ROUTINGREV) FFF=(fff) diff --git a/feed_patches/openwrt/0020-fastd_generate_key_from_urandom.patch b/feed_patches/openwrt/0020-fastd_generate_key_from_urandom.patch index 4b7beb18..55ed7090 100644 --- a/feed_patches/openwrt/0020-fastd_generate_key_from_urandom.patch +++ b/feed_patches/openwrt/0020-fastd_generate_key_from_urandom.patch @@ -1,16 +1,10 @@ -From 8e7de199282ba76a94a1b4370ac7712325b81fc2 Mon Sep 17 00:00:00 2001 From: Robert Langhammer Date: Mon, 13 Nov 2017 21:04:55 +0100 -Subject: [PATCH] fastd_generate_key_from_urandom - ---- - net/fastd/patches/001-generate_key_from_urandom.patch | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - create mode 100644 net/fastd/patches/001-generate_key_from_urandom.patch +Subject: fastd_generate_key_from_urandom diff --git a/net/fastd/patches/001-generate_key_from_urandom.patch b/net/fastd/patches/001-generate_key_from_urandom.patch new file mode 100644 -index 000000000..e06739a1e +index 0000000000000000000000000000000000000000..e06739a1e715ab310d9b30ae704f615572d6b4b9 --- /dev/null +++ b/net/fastd/patches/001-generate_key_from_urandom.patch @@ -0,0 +1,14 @@ @@ -28,6 +22,3 @@ index 000000000..e06739a1e + ecc_25519_gf_sanitize_secret(&secret_key, &secret_key); + + ecc_25519_work_t work; --- -2.25.1 - diff --git a/feed_patches/routing/0001-babeld-Include-PKG_RELEASE-in-babeld-version.patch b/feed_patches/routing/0001-babeld-Include-PKG_RELEASE-in-babeld-version.patch index e85bd91b..db594e58 100644 --- a/feed_patches/routing/0001-babeld-Include-PKG_RELEASE-in-babeld-version.patch +++ b/feed_patches/routing/0001-babeld-Include-PKG_RELEASE-in-babeld-version.patch @@ -10,10 +10,10 @@ Signed-off-by: Adrian Schmutzler Signed-off-by: Fabian Bläse diff --git a/babeld/Makefile b/babeld/Makefile -index 0b611286092464528135c15e100b3d6928f5a677..b0ed749e98714bf146b4e4be34d71484447b8ecb 100644 +index 056ce43d5ddb461ba94e51a5b18ffac0ef971468..16cc86fe5c2ae8731b0d7d2f64517e9b92d029f9 100644 --- a/babeld/Makefile +++ b/babeld/Makefile -@@ -49,6 +49,11 @@ MAKE_FLAGS+= \ +@@ -50,6 +50,11 @@ MAKE_FLAGS+= \ LDLIBS="" \ LDLIBS+="-lubus -lubox" diff --git a/src/packages/fff/fff-network/Makefile b/src/packages/fff/fff-network/Makefile index 057e3ccb..25cef9ee 100644 --- a/src/packages/fff/fff-network/Makefile +++ b/src/packages/fff/fff-network/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fff-network -PKG_RELEASE:=40 +PKG_RELEASE:=45 include $(INCLUDE_DIR)/package.mk diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf index ab536b4b..d6b89df3 100644 --- a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf @@ -1,46 +1,24 @@ -net.ipv4.conf.default.arp_ignore=1 -net.ipv4.conf.all.arp_ignore=1 -net.ipv4.conf.all.forwarding=0 -net.ipv4.conf.all.send_redirects=0 -net.ipv4.tcp_ecn=0 -net.ipv4.tcp_fin_timeout=30 -net.ipv4.tcp_keepalive_time=120 -net.ipv4.tcp_syncookies=1 -net.core.netdev_max_backlog=30 -net.netfilter.nf_conntrack_checksum=0 - -#Do not accept source routing -net.ipv4.conf.all.accept_source_route=0 -net.ipv4.conf.all.accept_redirects=0 -net.ipv4.conf.default.accept_source_route=0 -net.ipv4.conf.default.accept_redirects=0 -net.ipv4.icmp_echo_ignore_broadcasts=1 -net.ipv4.icmp_ignore_bogus_error_responses=1 +# Disable IPv4 forwarding. +# This has to be set first, because it resets some of the +# net.ipv4.conf.* sysctls. net.ipv4.ip_forward=0 -net.ipv6.conf.default.accept_dad=0 -net.ipv6.conf.default.accept_ra=0 -net.ipv6.conf.default.accept_redirects=0 -net.ipv6.conf.all.accept_dad=0 -net.ipv6.conf.all.accept_ra=0 -net.ipv6.conf.all.accept_redirects=0 - -# Learn Prefix Information in Router Advertisement -net.ipv6.conf.default.accept_ra_pinfo = 0 -net.ipv6.conf.all.accept_ra_pinfo = 0 - -# Setting controls whether the system will accept Hop Limit settings from a router advertisement -net.ipv6.conf.default.accept_ra_defrtr = 0 -net.ipv6.conf.all.accept_ra_defrtr = 0 - -#router advertisements can cause the system to assign a global unicast address to an interface -net.ipv6.conf.default.autoconf = 0 -net.ipv6.conf.all.autoconf = 0 - -#how many neighbor solicitations to send out per address? -net.ipv6.conf.default.dad_transmits = 3 -net.ipv6.conf.all.dad_transmits = 3 - -# Enable forwarding, otherwise not all local route are examined +# Enable IPv6 forwarding, otherwise the fc00::/7 route sometimes is +# not used if a default route is available, which breaks fc00::/7 +# inside Freifunk. +# To ensure no packets are routed to different interfaces, fff-firewall +# sets appropriate iptables rules net.ipv6.conf.all.forwarding=1 net.ipv6.conf.default.forwarding=0 + +# Do not accept Router Advertisements, so no public +# addresses are assigned to interfaces, where we don't +# want them. OpenWrts netifd overwrites this option for the WAN +# interface, so IPv6 WAN connectivity is still possible. +net.ipv6.conf.default.accept_ra=0 +net.ipv6.conf.all.accept_ra=0 + +# Disable DAD, so fdff::1 on br-client does not get erroneously disabled. +# This should be done on a per-interface basis in the future. +net.ipv6.conf.default.accept_dad=0 +net.ipv6.conf.all.accept_dad=0 diff --git a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork index 42dee1e2..75edf03c 100755 --- a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork +++ b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork @@ -4,23 +4,6 @@ . /lib/functions/system.sh . /lib/functions/fff/network -setupPorts() { - # Add a single port to the *_PORTS config - # Usage: setupPorts - - local port=$1 - local mode=$2 - - #default: BATMAN - if [ "$mode" = "WAN" ] ; then - WAN_PORTS="${WAN_PORTS} $port" - elif [ "$mode" = "CLIENT" ] ; then - CLIENT_PORTS="${CLIENT_PORTS} $port" - else - BATMAN_PORTS="${BATMAN_PORTS} $port" - fi -} - BOARD="$(uci get board.model.name)" . /etc/network.$BOARD [ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label) @@ -37,10 +20,8 @@ else if [ "$ONE_PORT" = "YES" ] || [ -n "$ETHPORT" ] ; then echo "ETHMODE='$ETHMODE' # use BATMAN, CLIENT or WAN" >> /etc/network.config fi - if [ -n "$LAN0PORT" ] ; then + if [ -n "$TWO_PORT" ] ; then echo "LAN0MODE='$LAN0MODE' # use BATMAN, CLIENT or WAN" >> /etc/network.config - fi - if [ -n "$LAN1PORT" ] ; then echo "LAN1MODE='$LAN1MODE' # use BATMAN, CLIENT or WAN" >> /etc/network.config fi echo "FORCEPARSE='0' # Parse at: 0=first boot only, 1=every reboot, 2=next reboot (once)" >> /etc/network.config @@ -52,79 +33,123 @@ if [ "$FORCEPARSE" = '2' ] ; then FORCEPARSE='1' fi -if [ -n "$ETHPORT" ] ; then - #LAN@AR150: default: BATMAN - setupPorts "$ETHPORT" "${ETHMODE}" -fi -if [ -n "$LAN0PORT" ] ; then - #LAN0@two-port: default: BATMAN - setupPorts "$LAN0PORT" "${LAN0MODE}" -fi -if [ -n "$LAN1PORT" ] ; then - #LAN1@two-port: default: BATMAN - setupPorts "$LAN1PORT" "${LAN1MODE}" -fi - -if ! uci -q get network.$SWITCHDEV > /dev/null || [ "$FORCEPARSE" = '1' ] ; then - - SWITCHHW=$(swconfig list | awk '{ print $4 }') - - uci set network.$SWITCHDEV=switch - uci set network.$SWITCHDEV.name=$SWITCHHW - uci set network.$SWITCHDEV.enable=1 - uci set network.$SWITCHDEV.reset=1 - uci set network.$SWITCHDEV.enable_vlan=1 - - uci set network.${SWITCHDEV}_1=switch_vlan - uci set network.${SWITCHDEV}_1.device=$SWITCHHW - uci set network.${SWITCHDEV}_1.vlan=1 - uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS" - - if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then - uci set network.${SWITCHDEV}_2=switch_vlan - uci set network.${SWITCHDEV}_2.device=$SWITCHHW - uci set network.${SWITCHDEV}_2.vlan=2 - uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS" +if [ "$ONE_PORT" = "YES" ]; then + if ! uci -q get network.$SWITCHDEV.ifname || [ "$FORCEPARSE" = '1' ] ; then + uci set network.$SWITCHDEV=interface + uci set network.$SWITCHDEV.ifname=$SWITCHDEV + if [ "$ETHMODE" = "WAN" ]; then + uci set network.client.ifname="bat0" + uci set network.wan.ifname="$WANDEV" + uci del network.ethmesh.ifname + uci del network.${SWITCHDEV}.macaddr + elif [ "$ETHMODE" = "CLIENT" ] ; then + uci set network.client.ifname="bat0 $SWITCHDEV" + uci set network.wan.ifname="eth2" #eth2 because it is default in config file + uci del network.ethmesh.ifname + uci del network.${SWITCHDEV}.macaddr + elif [ "$ETHMODE" = "BATMAN" ] ; then + uci set network.client.ifname="bat0" + uci set network.wan.ifname="eth2" #eth2 because it is default in config file + uci set network.ethmesh.ifname="$SWITCHDEV" + ETH0DEV="$SWITCHDEV" + ETH0MAC="w2ap" + fi + uci commit network fi +elif [ "$TWO_PORT" = "YES" ]; then + if ! uci -q get network.$WANDEV.ifname || [ "$FORCEPARSE" = '1' ] ; then + uci set network.$WANDEV=interface + uci set network.$WANDEV.ifname="$WANDEV" + uci set network.$SWITCHDEV=interface + uci set network.$SWITCHDEV.ifname="$SWITCHDEV" + # Only one WAN possible, second port will be unset if both are WAN + if [ "$LAN0MODE" = "WAN" ]; then + if [ "$LAN1MODE" = "CLIENT" ]; then + uci set network.client.ifname="bat0 $SWITCHDEV"; else + uci set network.client.ifname=bat0; fi + # WAN + uci set network.wan.ifname="$WANDEV" + if [ "$LAN1MODE" = "BATMAN" ]; then + uci set network.ethmesh.ifname="$SWITCHDEV"; else + uci del network.ethmesh.ifname; fi + # Two client ports are possible + elif [ "$LAN0MODE" = "CLIENT" ]; then + if [ "$LAN1MODE" = "CLIENT" ]; then + uci set network.client.ifname="bat0 $WANDEV $SWITCHDEV"; else + uci set network.client.ifname="bat0 $WANDEV"; fi + if [ "$LAN1MODE" = "WAN" ]; then + uci set network.wan.ifname="$SWITCHDEV"; else + uci set network.wan.ifname=eth2; fi #eth2 because it is default in config file + if [ "$LAN1MODE" = "BATMAN" ]; then + uci set network.ethmesh.ifname="$SWITCHDEV"; else + uci del network.ethmesh.ifname; fi + # Only one BATMAN port possible, second port will be unset if both are BATMAN + elif [ "$LAN0MODE" = "BATMAN" ] ; then + if [ "$LAN1MODE" = "CLIENT" ]; then + uci set network.client.ifname="bat0 $SWITCHDEV"; else + uci set network.client.ifname=bat0; fi + if [ "$LAN1MODE" = "WAN" ]; then + uci set network.wan.ifname="$SWITCHDEV"; else + uci set network.wan.ifname=eth2; fi #eth2 because it is default in config file + # BATMAN + uci set network.ethmesh.ifname="$WANDEV" + fi + if [ "$LAN0MODE" = "BATMAN" ]; then + ETH0DEV="$WANDEV" # only needed for setting macaddr + ETH0MAC=w2ap + uci del network.$SWITCHDEV.macaddr + elif [ "$LAN1MODE" = "BATMAN" ]; then + # $WANDEV will win if both are set to BATMAN, as above + ETH0DEV="$SWITCHDEV" # only needed for setting macaddr + ETH0MAC=w2ap + uci del network.$WANDEV.macaddr + else + uci del network.$WANDEV.macaddr + uci del network.$SWITCHDEV.macaddr + fi - uci set network.${SWITCHDEV}_3=switch_vlan - uci set network.${SWITCHDEV}_3.device=$SWITCHHW - uci set network.${SWITCHDEV}_3.vlan=3 - uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS" - - uci set network.client.ifname="$SWITCHDEV.1 bat0" - - uci set network.ethmesh.ifname="$SWITCHDEV.3" - - if [ "$WANDEV" = "$SWITCHDEV" ]; then - uci set network.wan.ifname=$WANDEV.2 - else - uci set network.wan.ifname=$WANDEV + uci commit network fi +else + if ! uci -q get network.$SWITCHDEV > /dev/null || [ "$FORCEPARSE" = '1' ] ; then - uci commit network -fi + SWITCHHW=$(swconfig list | awk '{ print $4 }') -if [ "$ONE_PORT" = "YES" ] && ( ! uci -q get network.$SWITCHDEV.ifname || [ "$FORCEPARSE" = '1' ] ) ; then - uci set network.$SWITCHDEV=interface - uci set network.$SWITCHDEV.ifname=$SWITCHDEV - if [ "$ETHMODE" = "WAN" ]; then - uci set network.client.ifname="bat0" - uci set network.wan.ifname="$WANDEV" - uci del network.ethmesh.ifname - uci del network.${SWITCHDEV}.macaddr - elif [ "$ETHMODE" = "CLIENT" ] ; then - uci set network.client.ifname="bat0 $SWITCHDEV" - uci set network.wan.ifname="eth2" #eth2 because it is default in config file - uci del network.ethmesh.ifname - uci del network.${SWITCHDEV}.macaddr - elif [ "$ETHMODE" = "BATMAN" ] ; then - uci set network.client.ifname="bat0" - uci set network.wan.ifname="eth2" #eth2 because it is default in config file - uci set network.ethmesh.ifname="$SWITCHDEV" - ETH0MAC="w2ap" + uci set network.$SWITCHDEV=switch + uci set network.$SWITCHDEV.name=$SWITCHHW + uci set network.$SWITCHDEV.enable=1 + uci set network.$SWITCHDEV.reset=1 + uci set network.$SWITCHDEV.enable_vlan=1 + + uci set network.${SWITCHDEV}_1=switch_vlan + uci set network.${SWITCHDEV}_1.device=$SWITCHHW + uci set network.${SWITCHDEV}_1.vlan=1 + uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS" + + if [ "$WANDEV" = "$SWITCHDEV" ] || [ -n "$WAN_PORTS" ]; then + uci set network.${SWITCHDEV}_2=switch_vlan + uci set network.${SWITCHDEV}_2.device=$SWITCHHW + uci set network.${SWITCHDEV}_2.vlan=2 + uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS" + fi + + uci set network.${SWITCHDEV}_3=switch_vlan + uci set network.${SWITCHDEV}_3.device=$SWITCHHW + uci set network.${SWITCHDEV}_3.vlan=3 + uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS" + + uci set network.client.ifname="$SWITCHDEV.1 bat0" + + uci set network.ethmesh.ifname="$SWITCHDEV.3" + + if [ "$WANDEV" = "$SWITCHDEV" ]; then + uci set network.wan.ifname=$WANDEV.2 + else + uci set network.wan.ifname=$WANDEV + fi + + uci commit network fi - uci commit network fi /etc/init.d/network restart @@ -166,14 +191,14 @@ if [ -n "$ROUTERMAC" ]; then fi if [ -n "$ETH0MAC" ]; then - echo "Fixing MAC on $SWITCHDEV" + echo "Fixing MAC on $ETH0DEV" sleep 10 NEW_MACADDR=$(cat "/sys/class/net/${ETH0MAC}/address") - uci set network.${SWITCHDEV}.macaddr=$NEW_MACADDR + uci set network.$ETH0DEV.macaddr=$NEW_MACADDR uci commit network - ifconfig $SWITCHDEV down - ifconfig $SWITCHDEV hw ether $NEW_MACADDR - ifconfig $SWITCHDEV up + ifconfig $ETH0DEV down + ifconfig $ETH0DEV hw ether $NEW_MACADDR + ifconfig $ETH0DEV up /etc/init.d/network restart fi diff --git a/src/packages/fff/fff-network/mips/network.tplink,cpe210-v1 b/src/packages/fff/fff-network/mips/network.tplink,cpe210-v1 index 3c0a422b..0f2898fd 100644 --- a/src/packages/fff/fff-network/mips/network.tplink,cpe210-v1 +++ b/src/packages/fff/fff-network/mips/network.tplink,cpe210-v1 @@ -1,17 +1,5 @@ -. /lib/functions/fff/network - -WANDEV=eth0 +WANDEV=eth1 SWITCHDEV=eth0 -CLIENT_PORTS="0t" -WAN_PORTS="0t" -BATMAN_PORTS="0t" - -# use mac address from phy0 with 'locally administered' bit set to '1' -# only possible, because wXmesh is created first and therefore gets the 'universally administered address' - -ETHMESHMAC=$(macFlipLocalBit "$(cat /sys/class/ieee80211/phy0/macaddress)") +TWO_PORT=YES . /etc/network.mode - -LAN0PORT=5 -LAN1PORT=4 diff --git a/src/packages/fff/fff-network/mips/network.tplink,cpe510-v1 b/src/packages/fff/fff-network/mips/network.tplink,cpe510-v1 index 3c0a422b..0f2898fd 100644 --- a/src/packages/fff/fff-network/mips/network.tplink,cpe510-v1 +++ b/src/packages/fff/fff-network/mips/network.tplink,cpe510-v1 @@ -1,17 +1,5 @@ -. /lib/functions/fff/network - -WANDEV=eth0 +WANDEV=eth1 SWITCHDEV=eth0 -CLIENT_PORTS="0t" -WAN_PORTS="0t" -BATMAN_PORTS="0t" - -# use mac address from phy0 with 'locally administered' bit set to '1' -# only possible, because wXmesh is created first and therefore gets the 'universally administered address' - -ETHMESHMAC=$(macFlipLocalBit "$(cat /sys/class/ieee80211/phy0/macaddress)") +TWO_PORT=YES . /etc/network.mode - -LAN0PORT=5 -LAN1PORT=4