To make it clear why the set sysctls are necessary, add appropriate
comments to them. Also reorder them for improved readability.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Many of the set sysctls are either unnecessary, are already default in
the kernel or in OpenWrts defaults, or the reason for them being
explicitly set is unknown.
Remove all those sysctls from fff-network, as unfounded deviations from
default values will cause hard-to-debug problems in the future.
The original motivation for this patch is the netdev_max_backlog sysctl,
which was set to a very low value without any reason or comment.
This hurt forwarding performance on mt7621 with DSA significantly and
took quite a while to discover.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
The uci-defaults scripts are meant to provide defaults for a
specific package. Distributing them across several packages makes
no sense and just makes maintainance worse.
Thus, move the network part of the initialization back to the
proper package. While at it, suppress output from add commands.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Source address filtering (RFC3704) can be used to mitigate source
address spoofing. However, strict mode only works when routes are
strictly symmetric. If routes are asymmetric, it can happen that
the best route to the source address of a packet is via a different
interface.
Because there is no guarantee that routes have to be symmetric in the
Freifunk Franken backbone network, we cannot use strict mode. Because
default routes are used in the Freifunk Franken backone, loose mode
could be used, but does not make any sense. Instead, revert back to the
kernel default setting, which currently is 0 (disabled).
While this change affects both layer3 and node variant, nothing changes
for the node firmware, because it does not forward packets.
Fixes: #123
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Previously, an additional wan6 interface for SLAAC has been added, which
references the wan interface for its interface.
However, OpenWrt waits until the wan interface is completely up, until
it tries to start up interfaces that depend on it.
This not only can delay the configuration of IPv6 addresses
significantly, but also makes configuration of the wan6 interface
impossible in WAN networks with out a DHCP server.
To solve this issue, a separate interface wan4 for dhcp, which also
reference the wan interface, is created and the proto of wan is set to
none.
Fixes: #114
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
With 8d66bdf the port configuration of TP-Link Archer C7 has been
changed to a single-interface configuration.
This had unforseen side effects on upgraded devices. Because WANDEV
is evaluated from the updated network.* file, the port configuration
of the switch is evaluated from the update-safe network.config, which
is now incompatible with the updated interface configuration.
Therefore, a migration script has to be added, which updates the port
configuration in network.config to the new single-interface network
configuration.
Fixes: #60 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Some sysctls currently are completely useless, as they only exist if
specific kernel configurations are enabled, which we have not.
To hide the error message and prevent them from interfering
unintentionally, if new kernel configurations are activated in the
future, they are removed.
Fixes: #42 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
The net.ipv4.netfilter.ip* sysctls have been moved to
net.netfilter.nf* a long time ago, so they have been useless in our
firmware for quite a while.
It probably originally has been added because it was included in the
OpenWrt defaults and in earlier versions of our firmware the OpenWrt
defaults file got overwritten by our own one.
Because there does not seem to be any obvious reason to keep them (they
have been added without a comment in the commit or file) and they have
been inactive ever since they were moved in the kernel, they are removed
completely instead of using the correct path.
Fixes: #42 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
The name br-mesh is actually quite misleading, since the bridge
actually includes the "client" interfaces. In order to make this
obvious, and to prevent confusion with the properly named wXmesh
interfaces, rename them to br-client.
Note that br-mesh is also particularly disturbing for the layer 3
firmware without batman-adv.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
For historic reasons, the wan interface is set to eth1 as default
value. When updating the config for one-port devices in
configurenetwork, the same value is put there again if the mode
is switched to something != WAN, instead of just removing the
value.
While ifname actually is a mandatory value, this has been handled
inconsistently in the past, where ethmesh ifname was deleted, and
wan ifname was just changed back to eth1, when assigning the
actually relevant eth0 to a different task.
This concept was set up with a one-port device in mind, i.e. a
device where there is no eth1. However, this very setup routine
got applied to the Nanostation M as well (which is treated as
as one-port), where we suddenly have two interfaces and the eth1
exists.
So, while the user assumes it's unconfigured, the second port
actually becomes set up as WAN if the first one is != WAN.
If connected to a second device with CLIENT (=default) to provide
PoE there, this will create a loop.
So, finally, in order to somehow fix this mess, this patch just
changes the hardcoded "eth1" to "eth2". While this is no proper
fix, it perpetuates the original idea of keeping wan set to
something, but nothing which actually exists. However, there are
no sideeffects and we keep this minimal-invasive.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Until now, IPv6 connectivity was only ensured by some custom sysctls.
OpenWrt has a proper way of enabling IPv6 client (SLAAC, as well as DHCPv6)
for an interface. Switching to OpenWrt's way of configuring client addresses
for an interface might also make configuration more reliable, as the appropriate
sysctls are now set by netifd. Especially OnePort and TwoPort devices will
benefit from this change, as IPv6 auto configuration does not have to be manually
enabled and disabled for a physical interface, but rather is set as an option for
our logical wan interface.
At the same time this change enables DHCPv6 client support for WAN.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This splits up the data extraction/assembly of the nodewatcher
script into several parts and distributes them across packages, so
that each nodewatcher.d subscript is located in the package providing
the relevant functionality. This allows to extend the nodewatcher data
by enabling/disabling packages.
This scheme is not perfectly fulfilled for fff-network vs. fff-wireless,
as data cannot uniquely assigned there and the XML syntax does not allow
separation anyway.
In general, this moves code without applying code improvements, yielding
at an easy comparison of moved fragments. However, the following changes
were done to improve experience:
- The function writing debug output has been renamed from "err" to "debug"
- Since we catch the stdout of the nodewatcher.d functions anyway,
those scripts were adjusted to echo output directly instead of first
writing it into a variable and then outputting it at the end.
- The uci config has been kept, but initialization for the network part
has been moved to the fff-network package.
- Space indent has been changed to tab, which is more common in the
firmware and requires less space.
- Remove support for nodewatcher run without uci config. Script-based
nodewatcher on other platforms will have altered code anyway, and
splitting it up will prevent effective use as a blueprint for those
cases. After this change, nodewatcher in firmware is supposed to be
used only for this firmware.
Note that since the nodewatcher.d scripts are evaluated by using their
echo output, having a function created uncaught output to stdout there
will corrupt the XML.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
[rebase and adjustments for current master, use simpler mechanism to
call nodewatcher.d scripts, use tab indent, remove debug() definition
where not needed, do not remove uci config, add commit message, use
echo -n]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
[remove 'local' modifier for variable not inside a function, fix typo]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
This migrates to the new configuration architecture introduced
and required in
54af5a209e
This is a side-effect of the switch to openwrt-19.07.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[fabian@blaese.de: Rebase onto fff firmware master]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
This interface was using 1500 anyway and setting ethernet to
MTU > 1500 might not be a good idea.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langammer <rlanghammer@web.de>
tcp timestamps can improve tcp performance a lot, especially
with unstable networks like wifi.
Linux default behaviour is enabled so the tcp timestamps setting
is removed from sysctl configuration.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
When setting up a node, router solicitations can be used to speed
up receiving router advertisements a lot. This mechanism has been
previously disabled by our custom sysctl config.
However because linux does not send router solicitations, if it
doesn't accept router advertisements, which is disabled for every
link except WAN, this option can safely be set to it's default value
for all interfaces.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Fixes#83
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Just disable autoconf.
Some sysctl's are currently not available due some missing kernel
features. Maybe some day they reappear.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
- mv /etc/network.* files to package
- mv /etc/config/network to package
- also removes the bsp specific root_file_system
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Fabian Bläse
Adrian Schmutzler
Tim Niemeyer