jkimmel
/
firmware
forked from freifunk-franken/firmware
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

This is an new Branch for 0.3 stable firmware based on OpenWRT 10.03.1 with new 

build_script system
This commit is contained in:
reddog 2011-12-27 21:01:43 +00:00
commit 8dab2bce6a
65 changed files with 23602 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1384
build_configuration/.config_default Normal file
View File

File diff suppressed because it is too large Load Diff

3123
build_configuration/Atheros_AR231x_AR5312/.config Normal file
View File

File diff suppressed because it is too large Load Diff

3244
build_configuration/Atheros_AR71xx_AR7240_AR913x/.config_wr1043nd Normal file
View File

File diff suppressed because it is too large Load Diff

3213
build_configuration/Atheros_AR71xx_AR7240_AR913x/.config_wr741nd Normal file
View File

File diff suppressed because it is too large Load Diff

3211
build_configuration/Broadcom_BCM947xx_953xx_adhoc/.config Normal file
View File

File diff suppressed because it is too large Load Diff

3255
build_configuration/Broadcom_BCM947xx_953xx_ap/.config Normal file
View File

File diff suppressed because it is too large Load Diff

3438
build_configuration/ramips_rt3050/.config Normal file
View File

File diff suppressed because it is too large Load Diff

8
build_patches/feeds.conf Normal file
View File

@ -0,0 +1,8 @@
src-svn packages svn://svn.openwrt.org/openwrt/packages@29597
#src-svn xwrt http://x-wrt.googlecode.com/svn/branches/backfire_10.03/package
#src-svn luci http://svn.luci.subsignal.org/luci/branches/luci-0.10/contrib/package
#src-svn phone svn://svn.openwrt.org/openwrt/feeds/phone
#src-svn efl svn://svn.openwrt.org/openwrt/feeds/efl
#src-svn desktop svn://svn.openwrt.org/openwrt/feeds/desktop
#src-svn xfce svn://svn.openwrt.org/openwrt/feeds/xfce
#src-link custom /usr/src/openwrt/custom-feed

264
build_script.sh Executable file
View File

@ -0,0 +1,264 @@
#!/bin/bash
prepare() {
#Get the OpenWrt Core Source for Firmware
svn checkout svn://svn.openwrt.org/openwrt/tags/backfire_10.03.1/ ./build_dir
#apply own feeds.conf
svn export ./build_patches/feeds.conf ./build_dir/feeds.conf
./build_dir/scripts/feeds update
./build_dir/scripts/feeds install -a
}
configure_build() {
#create filesdir for our config
mkdir ./build_dir/files
case "$1" in
"dir300")
svn export ./build_configuration/Atheros_AR231x_AR5312/.config ./build_dir/.config
svn export ./root_file_system/default ./build_dir/files/ --force
svn export ./root_file_system/dir300 ./build_dir/files/ --force
;;
"fonera")
svn export ./build_configuration/Atheros_AR231x_AR5312/.config ./build_dir/.config
svn export ./root_file_system/default ./build_dir/files/ --force
svn export ./root_file_system/fonera ./build_dir/files/ --force
;;
"wrt54g_ap")
svn export ./build_configuration/Broadcom_BCM947xx_953xx_ap/.config ./build_dir/.config
svn export ./root_file_system/default ./build_dir/files/ --force
svn export ./root_file_system/wrt54g_ap ./build_dir/files/ --force
;;
"wrt54g_adhoc")
svn export ./build_configuration/Broadcom_BCM947xx_953xx_adhoc/.config ./build_dir/.config
svn export ./root_file_system/default ./build_dir/files/ --force
svn export ./root_file_system/wrt54g_adhoc ./build_dir/files/ --force
;;
"dir300b_ap")
svn export ./build_configuration/ramips_rt3050/.config ./build_dir/.config
svn export ./root_file_system/default ./build_dir/files/ --force
svn export ./root_file_system/dir300b_ap ./build_dir/files/ --force
;;
"dir300b_adhoc")
svn export ./build_configuration/ramips_rt3050/.config ./build_dir/.config
svn export ./root_file_system/default ./build_dir/files/ --force
svn export ./root_file_system/dir300b_adhoc ./build_dir/files/ --force
;;
"wr1043nd")
svn export ./build_configuration/Atheros_AR71xx_AR7240_AR913x/.config_wr1043nd ./build_dir/.config
svn export ./root_file_system/default ./build_dir/files/ --force
svn export ./root_file_system/wr1043nd ./build_dir/files/ --force
;;
"wr741nd")
svn export ./build_configuration/Atheros_AR71xx_AR7240_AR913x/.config_wr741nd ./build_dir/.config
svn export ./root_file_system/default ./build_dir/files/ --force
svn export ./root_file_system/wr741nd ./build_dir/files/ --force
;;
*)
echo "ERROR";
;;
esac
#insert actual firware version informations into release file
echo "FIRMWARE_REVISION=\""`svn info ./ |grep Revision: |cut -c11-`"\"" >> ./build_dir/files/etc/firmware_release
echo "OPENWRT_CORE_REVISION=\""`svn info ./build_dir |grep Revision: |cut -c11-`"\"" >> ./build_dir/files/etc/firmware_release
echo "OPENWRT_FEEDS_PACKAGES_REVISION=\""`svn info ./build_dir/feeds/packages |grep Revision: |cut -c11-`"\"" >> ./build_dir/files/etc/firmware_release
}
build() {
cd ./build_dir
case "$2" in
"fast")
make -j8
;;
*)
ionice -c 3 -- nice -n 10 -- make -j8
;;
esac
# actually this does northing!
# rm -rf ./build_dir/files/
cd ../
case "$1" in
"dir300")
cp ./build_dir/bin/atheros/openwrt-atheros-root.squashfs ./bin/openwrt-$2-root.squashfs
cp ./build_dir/bin/atheros/openwrt-atheros-vmlinux.lzma ./bin/openwrt-$2-vmlinux.lzma
cp ./build_dir/bin/atheros/openwrt-atheros-combined.squashfs.img ./bin/openwrt-$2-combined.squashfs.img
;;
"fonera")
cp ./build_dir/bin/atheros/openwrt-atheros-root.squashfs ./bin/openwrt-$2-root.squashfs
cp ./build_dir/bin/atheros/openwrt-atheros-vmlinux.lzma ./bin/openwrt-$2-vmlinux.lzma
cp ./build_dir/bin/atheros/openwrt-atheros-combined.squashfs.img ./bin/openwrt-$2-combined.squashfs.img
;;
"dir300b_adhoc" | "dir300b_ap")
#build webflash image
rm -rf ./bin/openwrt-dir300b1-squashfs-webflash.bin
./flash_tools/dir300b-flash/v2image -v \
-i ./build_dir/bin/ramips/openwrt-ramips-rt305x-dir-300-b1-squashfs-sysupgrade.bin \
-o bin/openwrt-dir300b1-squashfs-webflash.bin \
-d /dev/mtdblock/2 -s wrgn23_dlwbr_dir300b
;;
"wr1043nd")
cp ./build_dir/bin/ar71xx/openwrt-ar71xx-tl-wr1043nd-v1-squashfs-factory.bin ./bin/
cp ./build_dir/bin/ar71xx/openwrt-ar71xx-tl-wr1043nd-v1-squashfs-sysupgrade.bin ./bin/
;;
"wr741nd")
cp ./build_dir/bin/ar71xx/openwrt-ar71xx-tl-wr741nd-v1-squashfs-factory.bin ./bin/
cp ./build_dir/bin/ar71xx/openwrt-ar71xx-tl-wr741nd-v1-squashfs-sysupgrade.bin ./bin/
;;
"wrt54g_ap" | "wrt54g_adhoc")
cp ./build_dir/bin/brcm47xx/openwrt-wrt54g-squashfs.bin ./bin/
;;
*)
echo "Nothing implemented here yet -> missing knowledge!!"
;;
esac
}
flash() {
#Get flash tools
svn export http://svn.freifunk-ol.de/build_environment/flash_tools
if [ ! "`whoami`" = "root" ]
then
echo "You need to be root to flash!"
exit 1
fi
echo "Do not plugin your router now, you will be asked to do this later!"
echo "Stopping Network manager and starting normal network and tftp server..."
if [ -f /etc/rc.d/networkmanager ];then
/etc/rc.d/networkmanager stop&&/etc/rc.d/network start
/etc/rc.d/tftpd start
elif [ -f /etc/init.d/networkmanager ];then
/etc/init.d/networkmanager stop&&/etc/init.d/network start
/etc/init.d/tftpd start
elif [ -f /usr/sbin/invoke-rc.d ];then
invoke-rc.d network-manager stop
invoke-rc.d tftpd-hpa start
fi
echo "Clearing Firewall!"
iptables -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
echo "Flashing now! Please plugin your router into the powerline now"
case "$1" in
"dir300")
if [ -f /usr/sbin/dir300-flash ]; then
/usr/sbin/dir300-flash $2 ./bin/openwrt-$1-vmlinux.lzma ./bin/openwrt-$1-root.squashfs
else
./flash_tools/dir300-flash/dir300-flash.sh $2 ./bin/openwrt-$1-vmlinux.lzma ./bin/openwrt-$1-root.squashfs
;;
"fonera")
echo "In some cases you have to set a symlink to libpcap to make flashing work (Tim told me that it is evil if I do that for you):"
echo "ln -s /usr/lib/libpcap.so.1.1.1 /usr/lib/libpcap.so.0.8"
./flash_tools/fonera-flash/ap51-flash-1.0-42 $2 ./bin/openwrt-$1-root.squashfs ./bin/openwrt-$1-vmlinux.lzma freifunc
;;
"dir300b_adhoc" | "dir300b_ap")
echo "* Press RESET on your router and power it on."
echo "* Now connect it to your Computer using the WAN interface"
echo "* Configure your Computer to use 192.168.0.2 as IP-Adress"
echo "* Go to http://192.168.0.1 and flash your router."
echo "* Happy Freifunk'ing! :-)"
;;
*)
echo "Nothing implemented here yet"
;;
esac
echo "Starting Networkmanager again"
if [ -f /etc/rc.d/networkmanager ];then
/etc/rc.d/networkmanager start
elif [ -f /etc/init.d/networkmanager ];then
/etc/init.d/networkmanager start
elif [ -f /usr/sbin/invoke-rc.d ];then
invoke-rc.d tftpd-hpa stop
invoke-rc.d network-manager start
fi
}
clean() {
/bin/rm -rf flash_tools build_dir bin
}
routers() {
echo "router-types: "
echo " dir300"
echo " dir300b_adhoc"
echo " dir300b_ap"
echo " fonera"
echo " wrt54g_ap"
echo " wrt54g_adhoc"
echo " wr1043nd"
}
case "$1" in
"prepare")
if [ "$2" = "help" ] || [ "$2" = "" ]; then
echo "This option fetches the sources for the images and configurates the build so that it can be compiled"
echo "Usage: $0 $1 router-type"
routers
else
prepare "$2"
configure_build "$2"
fi
;;
"build")
if [ "$2" = "help" ] || [ "$2" = "" ]; then
echo "This option compiles the firmware"
echo "Normaly the build uses lower IO and System priorities, "
echo "you can append \"fast\" option, to use normal user priorities"
echo "Usage: $0 $1 router-type [fast]"
routers
echo "Parallel build may fail with revisions before 24969 see https://dev.openwrt.org/ticket/8596"
else
build "$2" "$3"
fi
;;
"download")
if [ "$2" = "help" ] || [ "$2" = "" ]; then
echo "This option downloads the ready configured images from an external location if needet."
echo "Usage: $0 $1 http://downloadfolder router-type"
routers
else
wget "$2/openwrt-$3-root.squashfs"
wget "$2/openwrt-$3-vmlinux.lzma"
fi
;;
"flash")
if [ "$2" = "help" ] || [ "$2" = "" ]; then
echo "This option flashes the router."
echo "$0 $1 router-type net-dev"
routers
echo "net-dev:"
echo " ethX"
else
flash "$2" "$3" "$4"
fi
;;
"clean")
if [ "$2" = "help" ] || [ "$2" = "" ]; then
echo "This option cleans all build files."
echo "$0 $1"
else
clean
fi
;;
*)
echo "This is the Build Environment Script of the Freifunk Community Oldenburg."
echo "Usage: $0 command"
echo "command:"
echo " prepare"
echo " build"
echo " flash"
echo " download"
echo ""
echo "If you need help to one of these options just type $0 command help"
;;
esac

9
root_file_system/default/etc/banner Normal file
View File

@ -0,0 +1,9 @@
____ ____ _______
| | | | | Freifunk
|____ |____ | _ | | Oldenburg
| | | | | Firmware
| | |_______| |_____________
Welcome to the free wireless experience
For more information take a look at http://freifunk-ol.de
---------------------------------------------------------

20
root_file_system/default/etc/bat-hosts Normal file
View File

@ -0,0 +1,20 @@
06:21:91:2c:f3:09 Batman_TimWZ
00:21:91:2c:f3:09 Node_TimWZ
06:1e:58:c7:07:e5 Batman_TimKU
00:1e:58:c7:07:e5 Node_TimKU
06:22:b0:98:70:df Batman_FreWZ
00:22:b0:98:70:df Node_FreWZ
06:1e:58:b9:d4:39 Batman_FreKU
00:1e:58:b9:d4:39 Node_FreKU
06:18:84:80:83:8d Batman_BjoFON
00:18:84:80:83:8d Node_BjoFON
06:22:B0:96:7C:D7 Batman_BjoDIR
00:22:B0:96:7C:D7 Node_BjoDIR
06:18:84:81:73:21 Batman_BjoBalk
00:18:84:81:73:21 Node_BjoBalk
0A:24:01:17:B7:55 Batman_floh1111_dir300
00:24:01:17:B7:55 Node_floh1111_dir300
00:13:e8:ab:47:49 Client_RedLap
1c:4b:d6:b8:17:dc Client_Freddy
00:16:6F:47:51:AA Client_floh1111
00:80:48:3b:ab:0e Client_Bjo

8
root_file_system/default/etc/config/batman-adv Normal file
View File

@ -0,0 +1,8 @@
config 'mesh' 'bat0'
option 'interfaces' 'ath1'
option 'orig_interval'
option 'log_level'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'vis_mode'

26
root_file_system/default/etc/config/configurator Normal file
View File

@ -0,0 +1,26 @@
config 'script'
option 'error_level' '0'
option 'logfile' '/var/log/configurator.log'
option 'version' '1'
option 'sync_hostname' '1'
config 'api'
option 'ipv4_address' '1'
option 'ipv6_interface' 'br-mesh'
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
option 'timeout' '5'
option 'retry' '5'
config 'update'
option 'autoupdate' '1'
config 'crawl'
option 'method' 'hash'
option 'nickname' '1'
option 'password' '1'
option 'login_string' '1'
option 'router_id' '1'
option 'update_hash' '1'
config 'netmon'
option 'autoadd_ipv6_address' '1'

33
root_file_system/default/etc/config/dhcp Normal file
View File

@ -0,0 +1,33 @@
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k '0' #enable for dial on demand
option localise_queries 1
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 0
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
#config dhcp mesh
# option interface mesh
# option start X.10
# option limit 100
# option leasetime 6h
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
config dhcp wan
option interface wan
option ignore 1

4
root_file_system/default/etc/config/dropbear Normal file
View File

@ -0,0 +1,4 @@
config dropbear
option PasswordAuth 'on'
option Port '22'
# option BannerFile '/etc/banner'

103
root_file_system/default/etc/config/firewall Normal file
View File

@ -0,0 +1,103 @@
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name lan
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option src wan
option proto udp
option dest_port 68
option target ACCEPT
#Allow ping
config rule
option src wan
option proto icmp
option icmp_type echo-request
option target ACCEPT
#Allow SSH on WAN
config rule
option src wan
option dest_port 22
option target ACCEPT
option proto tcp
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp

37
root_file_system/default/etc/config/network Normal file
View File

@ -0,0 +1,37 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
#config 'interface' 'lan'
# option 'proto' 'dhcp'
# option 'ifname' 'eth0.1'
config 'interface' 'wlanmesh'
option 'ifname' 'ath1'
option 'mtu' '1528'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'eth0.1 ath0 bat0 tap0'
option 'auto' '1'
config 'switch' 'eth0'
option 'name' 'eth0'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 1 2 3 5t'
config 'switch_vlan' 'eth0_2'
option 'device' 'eth0'
option 'vlan' '2'
option 'ports' '4 5t'
config 'interface' 'wan'
option 'ifname' 'eth0.2'
option 'proto' 'dhcp'

18
root_file_system/default/etc/config/nodewatcher Normal file
View File

@ -0,0 +1,18 @@
config 'script'
option 'version' '25'
option 'error_level' '0'
option 'logfile' '/var/log/nodewatcher.log'
config 'api'
option 'ipv4_address' '1'
option 'ipv6_interface' 'br-mesh'
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
option 'timeout' '5'
option 'retry' '5'
config 'update'
option 'autoupdate' '1'
config 'network'
option 'mesh_interface' 'br-mesh'
option 'client_interfaces' 'ath0 wlan0'

86
root_file_system/default/etc/config/qos Normal file
View File

@ -0,0 +1,86 @@
# QoS configuration for OpenWrt
# INTERFACES:
config interface wan
option classgroup "Default"
option enabled 1
option overhead 1
option upload 128
option download 1024
# RULES:
config classify
option target "Bulk"
option layer7 "edonkey"
config classify
option target "Bulk"
option layer7 "bittorrent"
config classify
option target "Priority"
option ports "22,53"
config classify
option target "Normal"
option proto "tcp"
option ports "20,21,25,80,110,443,993,995"
config classify
option target "Express"
option ports "5190"
config default
option target "Express"
option proto "udp"
option pktsize "-500"
config reclassify
option target "Priority"
option proto "icmp"
config default
option target "Bulk"
option portrange "1024-65535"
config reclassify
option target "Priority"
option proto "tcp"
option pktsize "-128"
option mark "!Bulk"
option tcpflags "SYN"
config reclassify
option target "Priority"
option proto "tcp"
option pktsize "-128"
option mark "!Bulk"
option tcpflags "ACK"
# Don't change the stuff below unless you
# really know what it means :)
config classgroup "Default"
option classes "Priority Express Normal Bulk"
option default "Normal"
config class "Priority"
option packetsize 400
option maxsize 400
option avgrate 10
option priority 20
config class "Priority_down"
option packetsize 1000
option avgrate 10
config class "Express"
option packetsize 1000
option maxsize 800
option avgrate 50
option priority 10
config class "Normal"
option packetsize 1500
option packetdelay 100
option avgrate 10
option priority 5
config class "Normal_down"
option avgrate 20
config class "Bulk"
option avgrate 1
option packetdelay 200

3
root_file_system/default/etc/config/system Normal file
View File

@ -0,0 +1,3 @@
config system
option hostname OpenWrt
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"

2
root_file_system/default/etc/config/timeserver Normal file
View File

@ -0,0 +1,2 @@
config timeserver
option hostname time.fu-berlin.de

20
root_file_system/default/etc/config/wireless Normal file
View File

@ -0,0 +1,20 @@
config 'wifi-device' 'wifi0'
option 'type' 'atheros'
option 'disabled' '0'
option 'channel' '6'
option 'bgscan' '0'
option 'diversity' '1'
config 'wifi-iface'
option 'device' 'wifi0'
option 'mode' 'adhoc'
option 'ssid' 'batman.oldenburg.freifunk.net'
option 'bssid' '02:CA:FF:EE:BA:BE'
option 'encryption' 'none'
option 'hidden' '1'
config 'wifi-iface'
option 'device' 'wifi0'
option 'mode' 'ap'
option 'ssid' 'oldenburg.freifunk.net'
option 'encryption' 'none'

183
root_file_system/default/etc/configurator.sh Normal file
View File

@ -0,0 +1,183 @@
#!/bin/sh
# Netmon Configurator (C) 2010-2011 Freifunk Oldenburg
# Lizenz: GPL
SCRIPT_DIR=`dirname $0`
if [ -f /etc/config/configurator ];then
API_IPV4_ADRESS=`uci get configurator.@api[0].ipv4_address`
API_IPV6_ADRESS=`uci get configurator.@api[0].ipv6_address`
API_IPV6_INTERFACE=`uci get configurator.@api[0].ipv6_interface`
API_TIMEOUT=`uci get configurator.@api[0].timeout`
API_RETRY=`uci get configurator.@api[0].retry`
SCRIPT_VERSION=`uci get configurator.@script[0].version`
SCRIPT_ERROR_LEVEL=`uci get configurator.@script[0].error_level`
SCRIPT_LOGFILE=`uci get configurator.@script[0].logfile`
SCRIPT_SYNC_HOSTNAME=`uci get configurator.@script[0].sync_hostname`
CRAWL_METHOD=`uci get configurator.@crawl[0].method`
CRAWL_ROUTER_ID=`uci get configurator.@crawl[0].router_id`
CRAWL_UPDATE_HASH=`uci get configurator.@crawl[0].update_hash`
CRAWL_NICKNAME=`uci get configurator.@crawl[0].nickname`
CRAWL_PASSWORD=`uci get configurator.@crawl[0].password`
UPDATE_AUTOUPDATE=`uci get configurator.@update[0].autoupdate`
AUTOADD_IPV6_ADDRESS=`uci get configurator.@netmon[0].autoadd_ipv6_address`
else
. $SCRIPT_DIR/configurator_config
fi
API_RETRY=$(($API_RETRY - 1))
get_url() {
if [[ $API_IPV4_ADRESS != "1" ]]; then
url=$API_IPV4_ADRESS
else
url="[$API_IPV6_ADRESS"%"$API_IPV6_INTERFACE]"
fi
echo $url
}
sync_hostname() {
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Syncing hostname" >> $SCRIPT_LOGFILE
fi
netmon_api=`get_url`
command="wget -q -O - http://$netmon_api/api_csv_configurator.php?section=get_hostname&authentificationmethod=$CRAWL_METHOD&nickname=$CRAWL_NICKNAME&password=$CRAWL_PASSWORD&router_auto_update_hash=$CRAWL_UPDATE_HASH&router_id=$CRAWL_ROUTER_ID"
api_return=`$command&sleep $API_TIMEOUT; kill $!`
netmon_hostname=`echo $api_return| cut '-d,' -f2`
if [ "$netmon_hostname" != "" ]; then
if [ "$netmon_hostname" != "`cat /proc/sys/kernel/hostname`" ]; then
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Setze neuen Hostname: $netmon_hostname" >> $SCRIPT_LOGFILE
fi
uci set system.@system[0].hostname=$netmon_hostname
uci commit
echo $netmon_hostname > /proc/sys/kernel/hostname
else
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Hostname ist aktuell" >> $SCRIPT_LOGFILE
fi
fi
fi
}
assign_router() {
netmon_api=`get_url`
hostname=`cat /proc/sys/kernel/hostname`
#Choose right login String
login_strings="$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')"
command="wget -q -O - http://$netmon_api/api_csv_configurator.php?section=test_login_strings&login_strings=$login_strings"
ergebnis=`$command&sleep $API_TIMEOUT; kill $!`
if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
router_auto_assign_login_string=`echo $ergebnis| cut '-d;' -f2`
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Es existiert ein Router mit dem Login String $router_auto_assign_login_string" >> $SCRIPT_LOGFILE
fi
elif [ `echo $ergebnis| cut '-d;' -f1` = "error" ]; then
router_auto_assign_login_string=`echo $login_strings| cut '-d;' -f1`
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Es existiert kein Router mit einem der Login Strings: $login_strings" >> $SCRIPT_LOGFILE
echo "`date`: Nutze $router_auto_assign_login_string als login string" >> $SCRIPT_LOGFILE
fi
fi
#Try to assign Router with choosen login string
command="wget -q -O - http://$netmon_api/api_csv_configurator.php?section=router_auto_assign&router_auto_assign_login_string=$router_auto_assign_login_string&hostname=$hostname"
ergebnis=`$command&sleep $API_TIMEOUT; kill $!`
if [ `echo $ergebnis| cut '-d;' -f1` != "success" ]; then
if [ `echo $ergebnis| cut '-d;' -f2` = "already_assigned" ]; then
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
echo "`date`: Der Login String `echo $ergebnis| cut '-d;' -f3` ist bereits mit einem Router verknüpft, beende" >> $SCRIPT_LOGFILE
exit 0
fi
elif [ `echo $ergebnis| cut '-d;' -f2` = "autoassign_not_allowed" ]; then
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
echo "`date`: Der dem Login String `echo $ergebnis| cut '-d;' -f3` zugewiesene Router erlaubt autoassign nicht, beende" >> $SCRIPT_LOGFILE
exit 0
fi
elif [ `echo $ergebnis| cut '-d;' -f2` = "new_not_assigned" ]; then
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
echo "`date`: Router wurde der Liste der nicht zugewiesenen Router hinzugefügt, beende" >> $SCRIPT_LOGFILE
exit 0
fi
elif [ `echo $ergebnis| cut '-d;' -f2` = "updated_not_assigned" ]; then
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
echo "`date`: Router auf der Liste der nicht zugewiesenen Router wurde geupdated, beende" >> $SCRIPT_LOGFILE
exit 0
fi
fi
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
echo "`date`: Der Router wurde nicht mit Netmon verknüpft" >> $SCRIPT_LOGFILE
fi
elif [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
#write new config
uci set configurator.@crawl[0].router_id=`echo $ergebnis| cut '-d;' -f2`
uci set configurator.@crawl[0].update_hash=`echo $ergebnis| cut '-d;' -f3`
#set also new router id for nodewatcher
uci set nodewatcher.@crawl[0].router_id=`echo $ergebnis| cut '-d;' -f2`
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Der Router `echo $ergebnis| cut '-d;' -f2` wurde mit Netmon verknüpft" >> $SCRIPT_LOGFILE
fi
uci commit
CRAWL_METHOD=`uci get configurator.@crawl[0].method`
CRAWL_ROUTER_ID=`uci get configurator.@crawl[0].router_id`
CRAWL_UPDATE_HASH=`uci get configurator.@crawl[0].update_hash`
CRAWL_NICKNAME=`uci get configurator.@crawl[0].nickname`
CRAWL_PASSWORD=`uci get configurator.@crawl[0].password`
fi
}
autoadd_ipv6_address() {
netmon_api=`get_url`
echo "`date`: Führe IPv6 Address autoadd durch" >> $SCRIPT_LOGFILE
ipv6_link_local_addr="`ifconfig br-mesh | grep 'inet6 addr:' | grep 'Scope:Link' | awk '{ print $3}'`"
command="wget -q -O - http://$netmon_api/api_csv_configurator.php?section=autoadd_ipv6_address&authentificationmethod=$CRAWL_METHOD&nickname=$CRAWL_NICKNAME&password=$CRAWL_PASSWORD&router_auto_update_hash=$CRAWL_UPDATE_HASH&router_id=$CRAWL_ROUTER_ID&ip=$ipv6_link_local_addr"
ergebnis=`$command&sleep $API_TIMEOUT; kill $!`
if [ `echo $ergebnis| cut '-d,' -f1` = "success" ]; then
uci set configurator.@netmon[0].autoadd_ipv6_address='0'
uci commit
echo "`date`: Die IPv6-Adresse fÃr Router $CRAWL_ROUTER_ID wurde Netmon hinzugefügt" >> $SCRIPT_LOGFILE
echo "`date`: IPv6 Autoadd wurde abgestellt um zu starke Belastung der Netmon API zu vermeiden" >> $SCRIPT_LOGFILE
else
echo "`date`: Die IPv6-Adresse existiert bereits in Netmon (auf Router-ID `echo $ergebnis| cut '-d,' -f3`)" >> $SCRIPT_LOGFILE
fi
}
if [ $CRAWL_METHOD == "login" ]; then
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Authentifizierungsmethode ist: Username und Passwort" >> $SCRIPT_LOGFILE
fi
elif [ $CRAWL_METHOD == "hash" ]; then
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Authentifizierungsmethode ist: Autoassign und Hash" >> $SCRIPT_LOGFILE
echo "`date`: Prüfe ob Roter schon mit Netmon verknüpft ist" >> $SCRIPT_LOGFILE
fi
if [ $CRAWL_UPDATE_HASH == "1" ]; then
can_crawl=0
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Der Router ist noch NICHT mit Netmon verknüpft" >> $SCRIPT_LOGFILE
echo "`date`: Versuche verknüpfung herzustellen" >> $SCRIPT_LOGFILE
fi
assign_router
sync_hostname
else
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
echo "`date`: Der Router ist bereits mit Netmon verknüpt" >> $SCRIPT_LOGFILE
fi
if [[ $AUTOADD_IPV6_ADDRESS = "1" ]]; then
autoadd_ipv6_address
fi
fi
fi
tmp=${1-text}
if [[ $tmp = "sync_hostname" ]]; then
#Sync Hostname
if [[ $SCRIPT_SYNC_HOSTNAME = "1" ]]; then
sync_hostname
fi
fi

19
root_file_system/default/etc/crontabs/root Normal file
View File

@ -0,0 +1,19 @@
*/5 * * * * killall klogd
*/5 * * * * killall syslogd
*/5 * * * * killall logger
*/5 * * * * sh /etc/tincstart.sh
*/5 * * * * sh /etc/nodewatcher.sh
*/5 * * * * sh /etc/configurator.sh
0 * * * * sh /etc/configurator.sh sync_hostname
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
#Enable zapp script if you are running a gateway
#*/1 * * * * /etc/init.d/zapp
*/5 * * * * killall -HUP dnsmasq
#* * * * * /usr/sbin/ff_olsr_test_gw
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
#0 */4 * * * /usr/sbin/ff_rdate
#17 * * * * /usr/sbin/ff_mapupdate

45
root_file_system/default/etc/firewall.user Executable file
View File

@ -0,0 +1,45 @@
#!/bin/sh
#iptables -F
#
#iptables -P INPUT DROP
#iptables -P OUTPUT DROP
#iptables -P FORWARD DROP
#
#for proto in tcp udp
#do
# for port in 53 666 655
# do
# iptables -A OUTPUT -p $proto --dport $port -j ACCEPT
# iptables -A OUTPUT -p $proto --sport $port -j ACCEPT
# iptables -A INPUT -p $proto --dport $port -j ACCEPT
# iptables -A INPUT -p $proto --sport $port -j ACCEPT
# done
#done
#
#iptables -A OUTPUT -p icmp -j ACCEPT
#iptables -A INPUT -p icmp -j ACCEPT
#
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
#
#
#iptables -A OUTPUT -p tcp --sport 1024: -j ACCEPT
#iptables -A OUTPUT -p udp --sport 1024: -j ACCEPT
# mastersword.de
#iptables -A OUTPUT -p tcp -d 78.46.215.78 -j ACCEPT
#iptables -A INPUT -p tcp -s 78.46.215.78 -j ACCEPT
# gw1.freifunk-ol.de
#iptables -A OUTPUT -p tcp -d 178.33.33.102 -j ACCEPT
#iptables -A INPUT -p tcp -s 178.33.33.102 -j ACCEPT
# freifunk-ol.de
#iptables -A OUTPUT -p tcp -d 178.33.33.208 -j ACCEPT
#iptables -A INPUT -p tcp -s 178.33.33.208 -j ACCEPT
#Masquerade interface for gateway
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#solves MTU problem with bad ISP´s
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

2
root_file_system/default/etc/firmware_release Normal file
View File

@ -0,0 +1,2 @@
FIRMWARE_VERSION="trunk"
RELEASE_DATE=""

3
root_file_system/default/etc/hostsupdate.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
wget -T15 http://$(cat /etc/config/nodewatcher | grep url | awk '{ print $3 }' | sed -e "s/\]'//g" -e "s/'\[//g")/api_nodewatcher.php?section=get_hostnames_and_mac -O - | grep -v -e "^..-..-" | sort -u > /etc/bat-hosts

6
root_file_system/default/etc/hotplug.d/iface/50-tincstart Executable file
View File

@ -0,0 +1,6 @@
#!/bin/sh
[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
sh /etc/tincstart.sh
sleep 30
sh /etc/tincstart.sh
}

4
root_file_system/default/etc/hotplug.d/iface/51-configurator Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
sh /etc/configurator.sh
}

622
root_file_system/default/etc/init.d/zapp Executable file
View File

@ -0,0 +1,622 @@
#!/bin/sh
# If you got false positives, try a higher value
BOGOTHRESH=200
# Note: for mail alarm, you need "ssmtp" installed and configured.
# Example /etc/ssmtp/ssmtp.conf (debian/ubuntu) for GMX needs:
# mailhub=mail.gmx.net:25 FromLineOverride=YES
# AuthUser=$MAILFROM AuthPass=x UseSTARTTLS=YES
MAILFROM=sender-address@domain.de
MAILADDR=receiver-address@domain.de
# Insert IPs you trust
#TRUSTEDIP="$TRUSTEDIP 1.2.3.4"
#TRUSTEDIP="$TRUSTEDIP 2.3.4.5"
# 0: Do not save, 1: save conntrack if zapp
DEBUGSAVE=0
# Empty: No log in /var/log/zapp/, otherwise string to prepend to saved bogothresh files
DEBUGLOGS= #$(date "+%b%d %H:%M")
# 0: Manual clear, or minutes until auto-clear blockade (5-1439)
CLEARTIME=360
WEBSERVER=/www
# --- END OF CONFIGURATION SETTINGS ---
# This script uses case-esac for speed with busybox-ash. Current version under:
# http://ff-firmware.cvs.sourceforge.net/viewvc/*checkout*/ff-firmware/ff-devel/freifunk-zapp/etc/init.d/S92zapp
# When running via cron, the PATH is unset
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# We start a netcat-based webserver on this port if someone is blocked
BLOCKPORT=8090
CRONUSR=root
CRONDIR=/var/spool/cron/crontabs
# First argument may be an input file
CONN=${1:-/proc/net/ip_conntrack}
# This script calls itself with the IP to analyze why its blocking
DEBIP=$2
case $1 in '')DEBUG=false;;*)DEBUG=true;;esac
case $DEBUGLOGS in "");;*)test -d /var/log/zapp || mkdir -p /var/log/zapp;;esac
# Find out our IP that is used to connect to the Internet
DEV=$(ip route get 1.1.1.1/1|sed -n '1{s/.* dev \([^ ]\+\).*/\1/;p}')
ADR=$(ip -f inet addr list dev $DEV scope global|sed -n '2s/^.*inet \([0-9\.]\+\).*/\1/p')
PAT=$(sed 's/\./_/g'<<Q
$ADR
Q
)
UNK=0
which () {
# Note: do not unset IFS (busybox ash and bash are different here)
for p in $(sed 's/:/ /g'<<Q
$PATH
Q
);do
test -x $p/$1 && return 0
done
return 1
}
# Freifunk Firmware Configs
which nvram && {
ff_zapp_thresh=$(nvram get ff_zapp_thresh)
BOGOTHRESH=${ff_zapp_thresh:-$BOGOTHRESH}
}
case $BOGOTHRESH in ""|0)exit 0;;esac
NC_CMD=
which nc && NC_CMD=nc
which nc-hobbit && NC_CMD=nc-hobbit
which netcat && NC_CMD=netcat
which nc6 && NC_CMD=nc6
# Note: busybox nc unusable, "-q" only Debian, GNU netcat "-c" unusable
$NC_CMD -h 2>&1 | egrep -q '\-l\b' || NC_CMD=
# 1=-I/-D 2=proto 3=srcip, 4=dport, 5=to
portfw () {
local to
case $1 in "-D")
to=$(iptables -t nat -nL PREROUTING|sed -n "s/^DNAT[[:space:]]\\+$2[[:space:]]\\+[^[:space:]]\\+[[:space:]]\\+$3[[:space:]]\\+![[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+[[:space:]]\\+$2[[:space:]]\\+dpt:$4[[:space:]]\\+to://;tp;b;:p p;q")
;;esac
to=${to:-$5}
iptables -t nat $1 PREROUTING --proto $2 -s $3 ! -d ${to%:*} --dport $4 -j DNAT --to $to
}
netcatruns () {
for pid in $(pidof $NC_CMD);do
ppid=$(sed -n 's/^PPid: //p' /proc/$pid/status)
case $(sed -n 's/^Name: //p' /proc/$ppid/status) in ${0##*/})
# Check netstat: release the IP currently grabbing our blocking page
case "$1" in "GET /let-me-browse-again"*)
le=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\4 \3 \2 \1/'))
be=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\1 \2 \3 \4/'))
eval $(sed -n '/^ *[0-9]\+: \+'$le':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\4 )).$(( 0x\3 )).$(( 0x\2 )).$(( 0x\1 ))/;p;q};/^ *[0-9]\+: \+'$be':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\1 )).$(( 0x\2 )).$(( 0x\3 )).$(( 0x\4 ))/;p;q}' /proc/net/tcp)
portfw -D tcp $ip 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
;;esac
return 0
;;esac
done
return 1
}
# Add (-I) or remove (-D) iptables rules
block () {
# Freifunk Firmware Configs
which nvram && {
ff_adm_mail=$(nvram get ff_adm_mail)
ff_zapp_time=$(nvram get ff_zapp_time)
ff_zapp_debug=$(nvram get ff_zapp_debug)
ff_zapp_server=$(nvram get ff_zapp_server)
ff_zapp_strict=$(nvram get ff_zapp_strict)
MAILFROM=${ff_adm_mail:-$MAILFROM}
MAILADDR=${ff_adm_mail:-$MAILADDR}
CLEARTIME=${ff_zapp_time:-$CLEARTIME}
DEBUGSAVE=${ff_zapp_debug:-$DEBUGSAVE}
WEBSERVER=${ff_zapp_server:-$WEBSERVER}
IFS=\;
for i in $(nvram get ff_zapp_trusted); do
TRUSTEDIP="$TRUSTEDIP $i"
done
unset IFS
}
for i in $TRUSTEDIP;do
case $2 in $i)
# Prevents re-blocking next run
iptables $1 FORWARD -s $2
iptables $1 FORWARD -d $2
return
;;esac
done
# Note: FreifunkFW does not have REJECT out-of-the-box
jump=DROP
iptables -I OUTPUT -d 127.0.0.1 -j REJECT 2>&- && iptables -D OUTPUT -d 127.0.0.1 -j REJECT 2>&- && jump=REJECT
iptables $1 FORWARD -s $2 -j $jump
iptables $1 FORWARD -d $2 -j $jump
# Allowing ping is always a good idea
iptables $1 FORWARD -s $2 --proto icmp -j ACCEPT
iptables $1 FORWARD -d $2 --proto icmp -j ACCEPT
# Allow TCP up to port 1023
iptables $1 FORWARD -s $2 --proto tcp --dport :1023 -j ACCEPT
iptables $1 FORWARD -d $2 --proto tcp --sport :1023 -j ACCEPT
# Note: Freifunk FW does not have REDIRECT, use DNAT instead,
# which needs the correct outgoing interface IP for redirection.
ifip=$(ip route get $2|sed -n 's/^.* src \([^ ]\+\).*/\1/p')
# Allow DNS, redirect to our local dnsmasq if applicable
if pidof dnsmasq >&-; then
portfw $1 udp $2 53 ${ifip:-$ADR}:53
portfw $1 tcp $2 53 ${ifip:-$ADR}:53
else
iptables $1 FORWARD -s $2 --proto udp --dport 53 -j ACCEPT
iptables $1 FORWARD -d $2 --proto udp --sport 53 -j ACCEPT
fi
# It's polite to tell a blocked user what's going on
case $NC_CMD in "");;*)
portfw $1 tcp $2 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
case $1 in "-D")
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
sed -i -e "/\/${0##*/} unblock $2\$/d" $CRONDIR/$CRONUSR
echo $CRONUSR > $CRONDIR/cron.update
};;esac
if ! iptables -t nat -nL PREROUTING|egrep -q "\\bto:[^:]+:$BLOCKPORT\\b"; then
netcatruns && (echo "Stopping netcat server" >&2;kill $ppid $pid)
fi
;;*)
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
min=$(date +%M)
min=$(( $(date +%k ) * 60 + ${min#0} + $CLEARTIME ))
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
sed -i -e "\$a$(( $min % 60 )) $(( $min / 60 % 24 )) * * * $me unblock $2" $CRONDIR/$CRONUSR
echo $CRONUSR > $CRONDIR/cron.update
};;esac
if ! netcatruns; then
echo "Starting netcat server for $2" >&2
while true;do ($NC_CMD -l -p $BLOCKPORT <<EOF
HTTP/1.0 200 OK
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
<HTML>
<HEAD><TITLE>Sorry...</TITLE>
<META HTTP-EQUIV="Expires" CONTENT="-1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8">
<STYLE TYPE="text/css"></STYLE>
</HEAD>
<BODY ONLOAD="if ('/let-me-browse-again' == window.location.pathname)location.href=document.referrer">
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"><!--
function addrule(selector, rule)
{
if (null!=document.styleSheets && 0<document.styleSheets.length)
{
if (null!=document.styleSheets[0].cssRules)
{
document.styleSheets[0].insertRule(selector+"{"+rule+"}", 0);
}
else if (null!=document.styleSheets[0].rules)
{
document.styleSheets[0].addRule(selector, rule);
}
}
}
if (null != navigator.language && "de" == navigator.language ||
null != navigator.browserLanguage && "de" == navigator.browserLanguage)
{
addrule(".de", "display:block");
addrule(".fr", "display:none");
addrule(".en", "display:none");
}
else if (null != navigator.language && "fr" == navigator.language ||
null != navigator.browserLanguage && "fr" == navigator.browserLanguage)
{
addrule(".de", "display:none");
addrule(".fr", "display:block");
addrule(".en", "display:none");
}
else
{
addrule(".de", "display:none");
addrule(".fr", "display:none");
addrule(".en", "display:block");
}
//--></SCRIPT>
<H1>Zapped on $(uname -n) (${ifip:-$ADR})</H1>
<DIV CLASS="en">
<P><SMALL CLASS="de">Deutsch: siehe unten</SMALL><SMALL CLASS="fr">français&nbsp;: voir ci-dessous</SMALL></P>
<HR>
<P>Hello! You are a victim of a filesharing blockade. Your PC opens too
much connections to different Internet hosts. This may be caused by the
VoIP program Skype, by a filesharing program or by another program with
this unusual communication pattern. $(test -f $WEBSERVER/cgi-bin-skype.html &&
echo "For operating the Skype VoIP program please read this
<A HREF='http://$ifip/cgi-bin-skype.html'>Information Page</A>.")
</P>
<P>TCP based services still work (ports up to 1023), but UDP based services are blocked now.</P>
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
VALUE='I have read this page and stopped the respective program. Please restore access to the Web.'
TYPE='submit'></FORM>
<P>The blockade $(case $CLEARTIME in ""|0) echo "needs to be removed manually.";;*)echo "will be
removed after $CLEARTIME minutes. Alternatively, the blockade can be removed manually.";;esac)
For this, send an email to <A HREF="mailto:$MAILADDR">$MAILADDR</A>.
</P>
</DIV>
<DIV CLASS="de">
<HR>
<P>Hallo! Du bist das Opfer einer Filesharing-Sperre geworden. Dein Rechner
&ouml;ffnet zuviele Verbindungen zu verschiedenen Internet-Rechnern. Dies
kann ausgel&ouml;st werden durch das VoIP-Programm Skype, durch ein
Filesharing-Programm oder durch ein anderes Programm welches dieses ungew&ouml;hnliche
Kommunikationsmuster aufweist. $(test -f $WEBSERVER/cgi-bin-skype.html &&
echo "Zum Betrieb des VoIP-Programms Skype lies bitte diese
<A HREF='http://$ifip/cgi-bin-skype.html'>Informationsseite</A>.")
</P>
<P><B>Hinweis:</B> TCP-basierte Dienste (Ports bis 1023) funktionieren, aber UDP-basierte Dienste sind nun gesperrt.</P>
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
VALUE='Ich habe verstanden und das entsprechende Programm beendet. Bitte Web-Zugang freigeben.'
TYPE='submit'></FORM>
<P>Die Sperre $(case $CLEARTIME in ""|0)echo "muss manuell entfernt werden.";;*)
echo "wird nach $CLEARTIME Minuten entfernt. Wahlweise kann die Sperre
auch manuell entfernt werden.";;esac) Sende dazu eine Mail an
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
</P>
</DIV>
<DIV CLASS="fr">
<HR>
<P>Bonjour! Vous &ecirc;tes victime du m&eacute;canisme de blocage de partage de fichiers. Votre
ordinateur ouvre trop de connexions simultan&eacute;es vers trop d'h&ocirc;tes Internet diff&eacute;rents.
Ceci peut venir du logiciel de communications Skype, d'un logiciel de partage de fichiers,
ou d'un autre programme qui aurait ce m&ecirc;me comportement inhabituel, comme certains virus.
$(test -f $WEBSERVER/cgi-bin-skype.html &&
echo "Pour l'utilisation de Skype en voix sur IP (VoIP) merci de lire cette
<A HREF='http://$ifip/cgi-bin-skype.html'>page d'informations</A>.")
</P>
<P><B>Pr&eacute;cisions:</B> Les services TCP restent fonctionnels (Ports jusqu'au n&deg; 1023) mais les
services UDP sont bloqu&eacute;s.
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
VALUE='J&lsquo;ai lu cette page et j&lsquo;ai arr&ecirc;t&eacute; les programmes suspect&eacute;s. Lever le blocage!'
TYPE='submit'></FORM>
<P>Le blocage $(case $CLEARTIME in ""|0)echo "doit &ecirc;tre d&eacute;sactiv&eacute; manuellement.";;*)
echo "sera lev&eacute; automatiquement dans $CLEARTIME minutes. Il est aussi possible de
le faire manuellement.";;esac) en envoyant un mail &agrave;
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
</P>
</DIV>
</BODY>
<HEAD>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</HEAD>
</HTML>
EOF
)|(read -r GET && netcatruns "$GET" && kill $pid)
done >&- 2>&- &
fi
;;esac
;;esac
}
zapp () {
# Block an IP and send a mail to the admin
ip=$(echo $1|sed -e 's/^[A-Z]\+_//;s/=.*//;s/_/./g')
if $DEBUG; then
# Prevent script recursion
case $DEBIP in "")
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)"
echo
$0 "$CONN" ${1%=*}
;;esac
elif ! iptables -nL FORWARD | egrep -q "\\b$(echo $ip|sed 's/\./\\&/g')\\b";then
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)" >> /var/log/zappfile.txt
mac=$(sed -n 's/^'$(echo $ip|sed 's/\./\\./g')' \+\([^ ]\+ \+\)\{2\}\([^ ]\+\).*/\2/p' /proc/net/arp)
# Disabled, because we cannot unblock this currently
case 0 in 1)case $mac in '');;*)
echo "Also zapping $mac at $(date)" >> /var/log/zappfile.txt
iptables -I FORWARD -m mac --mac-source $mac -j $jump
;;esac;;esac
block -I $ip
case $DEBUGSAVE in 1)
# Save current conntrack for later analysis
cat "$CONN"|gzip -c>/var/log/zappfile-$ip-$(date).txt.gz
;;esac
which ssmtp && cat|ssmtp $MAILADDR<<EOF
To: $MAILADDR
From: $MAILFROM
Subject: Zappfile extended on $(uname -n)
The following IP exeeded the conntrack limit and was added to the zappfile:
IP: $ip
MAC: $mac
Date: $(date)
Bogopoints: $2
Threshold: $BOGOTHRESH
The forwarding firewall now has the following rules:
$(iptables -nL FORWARD)
EOF
fi
}
# TCP rules:
# * Bittorrent opens and uses lots of TCP connections
# * BT also uses a higher bandwidth, especially on port 688x
# * General: lots of TCP traffic from/to different peers (!port 80)
tcp () {
# We only count traffic generated by others
case $3 in $PAT);;*)
case "${10}" in
# We count unreplied connection attempts because
# lots of P2P peers may not have correct portfw
# as well as currently active transfers
SYN_SENT|SYN_RECV|ESTABLISHED)
case $4 in
# HTTP, HTTPS: browsers tend to open multiple connections
80|443)
case $9 in
?????)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac"
;;
*)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac"
;;
esac
case ${DEBIP#IP_} in $1)echo "tcp ham $1:$2 $3:$4";;esac
;;
# Punish traffic on ports 6880-6889
688*)
case $9 in
?????)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac"
;;
*)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac"
;;
esac
case ${DEBIP#IP_} in $1)echo "tcp p2p $1:$2 $3:$4";;esac
;;
# Everything else is normal tcp
*)
case $9 in
?????)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac"
;;
*)
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac"
;;
esac
case ${DEBIP#IP_} in $1)echo "tcp std $1:$2 $3:$4";;esac
;;
esac
eval "TCP_$1_$3=\$(( \$TCP_$1_$3 + 1 ))"
;;
esac
;;esac
return 0
}
# UDP rules:
# * Bittorrent DHT feature got us unreplied incoming UDP from diverse IPs (sport likely 688x)
# * P2P-user with DHT: incoming UDP dport(unreplied) is port the P2P-user configured for DHT
# * P2P-user none DHT: Peers seeking DHT, we have a P2P-user currently, lower tolerance
# * General: lots of UDP traffic from/to different peers(!port 53)
udp () {
case ${10} in "[UNREPLIED]") case $3 in $PAT)
# We are contacted by incoming UDP (without reason). If that is the case
# it is likely that we have at least one P2P user now. Especially if that
# peer sends us from his port 688x which is the default for Bittorrent.
case $2 in
668*)
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
;;
*)
case $4 in
688*)
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
;;
*)
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 1 ));;esac"
case $DEBIP in '');;*)echo "nak udp $1:$2 -> $3:$4 (UNK=$UNK)";;esac
;;
esac
;;
esac
eval "UNK_$1=\$(( \$UNK_$1 + 1 ))"
;;esac;;esac
# We only count traffic generated by others
case $3 in $PAT);;*)
case $4 in
# DNS: resolvers tend to open multiple connections
53)
case ${10} in
"[UNREPLIED]")
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac";;
*)
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac";;
esac
case ${DEBIP#IP_} in $1)echo "udp ham $1:$2 $3:$4";;esac
;;
# Punish traffic on ports 6880-6889
688*)
case ${10} in
"[UNREPLIED]")
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac";;
*)
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac";;
esac
case ${DEBIP#IP_} in $1)echo "udp p2p $1:$2 $3:$4";;esac
;;
# Everything else is normal udp
*)
case ${10} in
"[UNREPLIED]")
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac";;
*)
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac";;
esac
case ${DEBIP#IP_} in $1)echo "udp std $1:$2 $3:$4";;esac
;;
esac
eval "UDP_$1_$3=\$(( \$UDP_$1_$3 + 1 ))"
;;esac
return 0
}
case $1 in
block)
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
block "-I" $2
exit 0
;;
unblock|clear)
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
block "-D" $2
exit 0
;;
start|stop)
test ! -f $CRONDIR/$CRONUSR && (echo "No $CRONDIR/$CRONUSR" 2>&-;exit 1)
if egrep -q "/${0##*/}" $CRONDIR/$CRONUSR; then
case $1 in stop)
echo "Removing ${0##*/} from cron"
sed -i -e "/\/${0##*/}/d" $CRONDIR/$CRONUSR
;;esac
else
case $1 in start)
case $BOGOTHRESH in 0);;*)
echo "Adding ${0##*/} to cron"
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
sed -i -e "\$a*/1 * * * * $me" $CRONDIR/$CRONUSR
;;esac
;;esac
fi
echo $CRONUSR > $CRONDIR/cron.update
exit 0
;;
status)
echo "Firewall status:"
iptables -nL FORWARD|egrep '^(DROP|REJECT)? +all +-- +[1-9][0-9\.]+ +0.0.0.0/0\b' || echo " No IPs blocked"
egrep -q "/${0##*/}" $CRONDIR/$CRONUSR && echo "Running via cron" || echo "Not running via cron"
exit 0
;;
-h|--help|help)
cat<<EOF
This script examines the kernel conntrack table and blocks a source IP if
it detects a filesharing application. Read the script file for details.
Usage: $0 {start|stop|block [IP]|unblock [IP]|help|[file]}
start add this scipt as cron job
stop remove this script from cron
status show a list of blocked IPs
block manually block an IP
unblock manually unblock an IP
[file] parse [file] instead /proc/net/ip_conntrack (for testing)
No args normal function, e.g. called by cron without arguments
Note1: if netcat is installed, this script tries to inform a blocked user
by starting a simple web server. If also ssmtp is installed, this script
informs you by e-mail about the filesharing and blocking incidents. If
someone is blocked, this is recorded in /var/log/zapp* files for later
analysis. To analyze, unpack the gzipped conntrack file of the incident
and start this script by supplying the filename.
Note2: to install on Freifunk-FW copy this script to /etc/init.d/S92zapp
and restart the router. On other systems it shoud be sufficient to start
this script with "$0 start".
EOF
exit 0
;;
esac
if ! $DEBUG; then
if [ -f /proc/sys/net/netfilter/nf_conntrack_acct ] &&
[ 0 = $(cat /proc/sys/net/netfilter/nf_conntrack_acct) ]
then
# Kernel-2.6 needs accounting=on for correct ip_conntrack format
echo "Kernel accounting not enabled, which is required." >&2
echo "Use 'sysctl -w net.netfilter.nf_conntrack_acct=1'" >&2
exit 1
fi
fi
# Different kernels have differnt formats, script lines doubled to prevent too much compare operations
REL=$(uname -r)
case ${REL#2.4} in $REL)
# Kernel 2.6 output has [STATUS] in different positions, shift to end
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
set $l
case $1 in
tcp)
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${11#src=} ${13#sport=} ${12#dst=} ${14#dport=} $(( ${10#bytes=} + ${16#bytes=} )) $4
;;
udp)
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${10#src=} ${12#sport=} ${11#dst=} ${13#dport=} $(( ${9#bytes=}+${15#bytes=} )) ${19}
;;
eof)
# If probably no P2P client active double threshold
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
done
;;
esac
done
;;*)
# Kernel 2.4 output has [STATUS] in different positions, shift to end
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
set $l
case $1 in
tcp)
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${9#src=} ${11#sport=} ${10#dst=} ${12#dport=} ${15#bytes=} $4
;;
udp)
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${8#src=} ${10#sport=} ${9#dst=} ${11#dport=} ${14#bytes=} ${15}
;;
eof)
# If probably no P2P client active double threshold
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
done
;;
esac
done
;;esac
exit 0

327
root_file_system/default/etc/nodewatcher.sh Executable file
View File

@ -0,0 +1,327 @@
#!/bin/sh
# Netmon Nodewatcher (C) 2010-2011 Freifunk Oldenburg
# Lizenz: GPL
SCRIPT_DIR=`dirname $0`
if [ -f /etc/config/nodewatcher ];then
API_IPV4_ADRESS=`uci get nodewatcher.@api[0].ipv4_address`
API_IPV6_ADRESS=`uci get nodewatcher.@api[0].ipv6_address`
API_IPV6_INTERFACE=`uci get nodewatcher.@api[0].ipv6_interface`
API_TIMEOUT=`uci get nodewatcher.@api[0].timeout`
API_RETRY=`uci get nodewatcher.@api[0].retry`
SCRIPT_VERSION=`uci get nodewatcher.@script[0].version`
SCRIPT_ERROR_LEVEL=`uci get nodewatcher.@script[0].error_level`
SCRIPT_LOGFILE=`uci get nodewatcher.@script[0].logfile`
UPDATE_AUTOUPDATE=`uci get nodewatcher.@update[0].autoupdate`
MESH_INTERFACE=`uci get nodewatcher.@network[0].mesh_interface`
CLIENT_INTERFACES=`uci get nodewatcher.@network[0].client_interfaces`
else
. $SCRIPT_DIR/nodewatcher_config
fi
API_RETRY=$(($API_RETRY - 1))
delete_log() {
if [ -f $logfile ]; then
if [ `ls -la $logfile | awk '{ print $5 }'` -gt "6000" ]; then
sed -i '1,60d' $logfile
if [ $error_level -gt "1" ]; then
echo "`date`: Logfile wurde verkleinert" >> $logfile
fi
fi
fi
}
get_url() {
if [[ $API_IPV4_ADRESS != "1" ]]; then
url=$API_IPV4_ADRESS
else
url="[$API_IPV6_ADRESS"%"$API_IPV6_INTERFACE]"
fi
echo $url
}
get_curl() {
if [[ $API_IPV4_ADRESS != "1" ]]; then
curl="http://$API_IPV4_ADRESS"
else
numeric_scope_id=`ip addr | grep $API_IPV6_INTERFACE | awk '{ print $1 }' | sed 's/://'`
curl="-g http://$API_IPV6_ADRESS%$numeric_scope_id"
fi
echo $curl
}
do_ping() {
if [[ $API_IPV4_ADRESS != "1" ]]; then
command="ping -c 2 "$API_IPV4_ADRESS
else
command="ping -c 2 -I "$API_IPV6_INTERFACE" "$API_IPV6_ADRESS
fi
if [ $error_level -gt "1" ]; then
echo "`date`: Pinging..." >> $logfile
fi
ping_return=`$command`
if [ $error_level -gt "2" ]; then
echo $ping_return
fi
}
update() {
if [ $error_level -gt "1" ]; then
echo "`date`: Suche neue Version" >> $logfile
fi
netmon_api=`get_url`
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=version&nodewatcher_version=$SCRIPT_VERSION"
ergebnis=`$command&sleep $API_TIMEOUT; kill $!`
return=`echo $ergebnis| cut '-d;' -f1`
version=`echo $ergebnis| cut '-d;' -f2`
if [[ "$return" = "success" ]]; then
if [[ $version -gt $SCRIPT_VERSION ]]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Eine neue Version ist Verfügbar, script wird geupdated" >> $logfile
fi
wget -q -O $SCRIPT_DIR/nodewatcher.sh "http://$netmon_api/api_nodewatcher.php?section=update&nodewatcher_version=$SCRIPT_VERSION"
uci set nodewatcher.@script[0].version=$version
uci commit
else
if [ $error_level -gt "1" ]; then
echo "`date`: Das Script ist aktuell" >> $logfile
fi
fi
else
if [ $error_level -gt "0" ]; then
echo "`date`: Beim Update ist ein Fehler aufgetreten: $ergebnis" >> $logfile
fi
fi
}
crawl() {
#Get system data from UCI
if which uci >/dev/null; then
if [ $error_level -gt "1" ]; then
echo "`date`: UCI is installed, trying to collect extra data UCI" >> $logfile
fi
location="`uci get freifunk.contact.location`"
latitude="`uci get system.@system[0].latitude`"
longitude="`uci get system.@system[0].longitude`"
community_essid="`uci get freifunk.community.ssid`"
community_nickname="`uci get freifunk.contact.nickname`"
community_email="`uci get freifunk.contact.mail`"
community_prefix="`uci get freifunk.community.prefix`"
description="`uci get freifunk.contact.note`"
fi
#Get system data from LUA
if which lua >/dev/null; then
if [ $error_level -gt "1" ]; then
echo "`date`: LUA is installed, trying to collect extra data LUA" >> $logfile
fi
luciname=`lua -l luci.version -e 'print(luci.version.luciname)'`
lucversion=`lua -l luci.version -e 'print(luci.version.luciversion)'`
fi
#Get system data from other locations
hostname="`cat /proc/sys/kernel/hostname`"
uptime=`cat /proc/uptime | awk '{ print $1 }'`
idletime=`cat /proc/uptime | awk '{ print $2 }'`
memory_total=`cat /proc/meminfo | grep 'MemTotal' | awk '{ print $2 }'`
memory_caching=`cat /proc/meminfo | grep -m 1 'Cached:' | awk '{ print $2 }'`
memory_buffering=`cat /proc/meminfo | grep 'Buffers' | awk '{ print $2 }'`
memory_free=`cat /proc/meminfo | grep 'MemFree' | awk '{ print $2 }'`
cpu=`grep -m 1 "cpu model" /proc/cpuinfo | cut -d ":" -f 2`
if [ -n $cpu ]; then
cpu=`grep -m 1 "model name" /proc/cpuinfo | cut -d ":" -f 2`
fi
chipset=`grep -m 1 "system type" /proc/cpuinfo | cut -d ":" -f 2`
local_time="`date +%s`"
processes=`cat /proc/loadavg | awk '{ print $4 }'`
loadavg=`cat /proc/loadavg | awk '{ print $1 }'`
if which batctl >/dev/null; then
batctl_adv_version=`batctl -v | awk '{ print $2 }'`
batman_adv_version=`batctl o|head -n1|awk '{ print $3 }'|sed 's/,//'`
fi
kernel_version=`uname -r`
nodewatcher_version=$SCRIPT_VERSION
openwrt_version_file="/etc/openwrt_release"
if [ -f $openwrt_version_file ]; then
. $openwrt_version_file
distname=$DISTRIB_ID
distversion=$DISTRIB_RELEASE
fi
firmware_version_file="/etc/firmware_release"
if [ -f $firmware_version_file ]; then
. $firmware_version_file
firmware_version=$FIRMWARE_VERSION
fi
#Get interfaces
IFACES=`cat /proc/net/dev | awk -F: '!/\|/ { gsub(/[[:space:]]*/, "", $1); split($2, a, " "); printf("%s=%s=%s ", $1, a[1], a[9]) }'`
int=""
#Loop interfaces
for entry in $IFACES; do
iface=`echo $entry | cut -d '=' -f 1`
rcv=`echo $entry | cut -d '=' -f 2`
xmt=`echo $entry | cut -d '=' -f 3`
wlan_mode=""
wlan_bssid=""
wlan_essid=""
wlan_frequency=""
wlan_tx_power=""
if [ "$iface" != "lo" ]; then
if [ "`ifconfig ${iface} | grep UP`" != "" ]; then
#Get interface data
name="${iface}"
mac_addr="`ifconfig ${iface} | grep 'HWaddr' | awk '{ print $5}'`"
ipv4_addr="`ifconfig ${iface} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`"
ipv6_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Global' | awk '{ print $3}'`"
ipv6_link_local_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Link' | awk '{ print $3}'`"
mtu="`ifconfig ${iface} | grep 'MTU' | cut -d: -f2 | awk '{ print $1}'`"
traffic_rx="$rcv"
traffic_tx="$xmt"
int=$int"<$name><name>$name</name><mac_addr>$mac_addr</mac_addr><ipv4_addr>$ipv4_addr</ipv4_addr><ipv6_addr>$ipv6_addr</ipv6_addr><ipv6_link_local_addr>$ipv6_link_local_addr</ipv6_link_local_addr><traffic_rx>$traffic_rx</traffic_rx><traffic_tx>$traffic_tx</traffic_tx><mtu>$mtu</mtu>"
if [ "`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`" != "" ]; then
wlan_mode="`iwconfig ${iface} 2>/dev/null | grep 'Mode' | awk '{ print $1 }' | cut -d ':' -f 2`"
if [ $wlan_mode = "Master" ]; then
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep 'Access Point' | awk '{ print $6 }'`"
elif [ $wlan_mode = "Ad-Hoc" ]; then
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep Cell | awk '{ print $5 }'`"
fi
wlan_essid="`iwconfig ${iface} 2>/dev/null | grep ESSID | awk '{ split($4, a, \"\\"\"); printf(\"%s\", a[2]); }'`"
wlan_frequency="`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`"
wlan_tx_power="`iwconfig ${iface} 2>/dev/null | grep 'Tx-Power' | awk '{ print $4 }' | cut -d ':' -f 2`"
int=$int"<wlan_mode>$wlan_mode</wlan_mode><wlan_frequency>$wlan_frequency</wlan_frequency><wlan_essid>$wlan_essid</wlan_essid><wlan_bssid>$wlan_bssid</wlan_bssid><wlan_tx_power>$wlan_tx_power</wlan_tx_power>"
fi
int=$int"</$name>"
fi
fi
done
#B.A.T.M.A.N. advanced
mv /etc/bat-hosts /etc/bat-hosts.tmp
if which batctl >/dev/null; then
batman_check_running=`batctl if | grep 'Error'`
if [ "$batman_check_running" == "" ]; then
has_active_interface="0"
BAT_ADV_IFACES=`batctl if | awk '{ print $1 }' | cut -d ':' -f 1`
for device_name in $BAT_ADV_IFACES; do
if [ "`batctl if | grep $device_name | grep active`" != "" ]; then
status='active'
has_active_interface="1"
else
status='inactive'
fi
BATMAN_ADV_INTERFACES=$BATMAN_ADV_INTERFACES"<$device_name><name>$device_name</name><status>$status</status></$device_name>"
done
if [ $has_active_interface = "1" ]; then
BAT_ADV_ORIGINATORS=`batctl o | grep 'No batman nodes in range'`
if [ "$BAT_ADV_ORIGINATORS" == "" ]; then
OLDIFS=$IFS
IFS="
"
BAT_ADV_ORIGINATORS=`batctl o | awk '/O/ {next} /B/ {next} {print}'`
count=0;
for row in $BAT_ADV_ORIGINATORS; do
originator=`echo $row | awk '{print $1}'`
last_seen=`echo $row | awk '{print $2}'`
last_seen="${last_seen//s/}"
link_quality=`echo $row | awk '{print $3}'`
link_quality="${link_quality//(/}"
link_quality="${link_quality//)/}"
outgoing_interface=`echo $row | awk '{print $6}'`
outgoing_interface="${outgoing_interface//]:/}"
batman_adv_originators=$batman_adv_originators"<originator_$count><originator>$originator</originator><link_quality>$link_quality</link_quality><last_seen>$last_seen</last_seen><outgoing_interface>$outgoing_interface</outgoing_interface></originator_$count>"
count=`expr $count + 1`
done
IFS=$OLDIFS
fi
fi
fi
fi
mv /etc/bat-hosts.tmp /etc/bat-hosts
#CLIENTS
SEDDEV=`brctl showstp $MESH_INTERFACE | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
for entry in $CLIENT_INTERFACES; do
CLIENT_MACS=$CLIENT_MACS`brctl showmacs $MESH_INTERFACE | sed -e "$SEDDEV" | awk '{if ($3 != "yes" && $1 == "'"$entry"'") print $2}'`" "
done
i=0
for client in $CLIENT_MACS; do
i=`expr $i + 1` #Zähler um eins erhöhen
done
client_count=$i
SYSTEM_DATA="<status>online</status><hostname>$hostname</hostname><description>$description</description><location>$location</location><latitude>$latitude</latitude><longitude>$longitude</longitude><luciname>$luciname</luciname><luciversion>$luciversion</luciversion><distname>$distname</distname><distversion>$distversion</distversion><chipset>$chipset</chipset><cpu>$cpu</cpu><memory_total>$memory_total</memory_total><memory_caching>$memory_caching</memory_caching><memory_buffering>$memory_buffering</memory_buffering><memory_free>$memory_free</memory_free><loadavg>$loadavg</loadavg><processes>$processes</processes><uptime>$uptime</uptime><idletime>$idletime</idletime><local_time>$local_time</local_time><community_essid>$community_essid</community_essid><community_nickname>$community_nickname</community_nickname><community_email>$community_email</community_email><community_prefix>$community_prefix</community_prefix><batman_advanced_version>$batman_adv_version</batman_advanced_version><kernel_version>$kernel_version</kernel_version><nodewatcher_version>$nodewatcher_version</nodewatcher_version><firmware_version>$firmware_version</firmware_version><firmware_revision>$FIRMWARE_REVISION</firmware_revision><openwrt_core_revision>$OPENWRT_CORE_REVISION</openwrt_core_revision><openwrt_feeds_packages_revision>$OPENWRT_FEEDS_PACKAGES_REVISION</openwrt_feeds_packages_revision>"
INTERFACE_DATA="$int"
BATMAN_ADV_ORIGINATORS="$batman_adv_originators"
CLIENT_DATA="$client_count"
DATA="<?xml version='1.0' standalone='yes'?><data><system_data>$SYSTEM_DATA</system_data><interface_data>$INTERFACE_DATA</interface_data><batman_adv_interfaces>$BATMAN_ADV_INTERFACES</batman_adv_interfaces><batman_adv_originators>$BATMAN_ADV_ORIGINATORS</batman_adv_originators><client_count>$CLIENT_DATA</client_count></data>"
#write data to hxml file that provides the data on httpd
echo $DATA > /tmp/node.data
}
LANG=C
SCRIPT_DIR=`dirname $0`
error_level=$SCRIPT_ERROR_LEVEL
logfile=$SCRIPT_LOGFILE
if [[ $UPDATE_AUTOUPDATE == '1' ]]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Autoupdate ist an" >> $logfile
fi
update
else
if [ $error_level -gt "1" ]; then
echo "`date`: Autoupdate ist aus" >> $logfile
fi
fi
if [[ "$1" == "update" ]]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Führe manuelles update aus" >> $logfile
fi
update
exit 1
fi
can_crawl=1
if [ $can_crawl == 1 ]; then
if [ $error_level -gt "1" ]; then
echo "`date`: Prüfe Logfile" >> $logfile
fi
delete_log
if [ $error_level -gt "1" ]; then
echo "`date`: Sende aktuelle Statusdaten" >> $logfile
fi
crawl
fi
exit 0

3
root_file_system/default/etc/passwd Normal file
View File

@ -0,0 +1,3 @@
root:$1$OmvoKpjK$e.lPVnBxsrAbNV4EoH3xb1:0:0:root:/root:/bin/ash
nobody:*:65534:65534:nobody:/var:/bin/false
daemon:*:65534:65534:daemon:/var:/bin/false

26
root_file_system/default/etc/rc.local Executable file
View File

@ -0,0 +1,26 @@
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
ifconfig br-mesh down
ifconfig br-mesh up
ifdown lan
ifup lan
rdate -s time.fu-berlin.de
chown root.root /etc/crontabs/root
/etc/init.d/cron stop
/etc/init.d/cron start
sh /etc/firewall.user
/etc/init.d/qos disable
/etc/init.d/qos stop
#busybox-httpd for crawldata
httpd -h /tmp/
sh /etc/configurator.sh
exit 0

15
root_file_system/default/etc/showmacs.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/sh
#
# SHOWMACS need br-ctl! NO BUSYBOX!
#
# Version 0.2
#
# by Tim Niemeyer (reddog@mastersword.de)
#
DEV=$1
SEDDEV=`brctl showstp $DEV | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
SEDMAC=`cat /etc/bat-hosts | sed -e "s/^/s\//;s/$/\/;/;s/ /\//"`
brctl showmacs $DEV | sed -e "$SEDMAC" | sed -e "$SEDDEV"

24
root_file_system/default/etc/sysctl.conf Normal file
View File

@ -0,0 +1,24 @@
kernel.panic=3
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=0
net.core.netdev_max_backlog=30
net.netfilter.nf_conntrack_checksum=0
net.ipv4.netfilter.ip_conntrack_checksum=0
net.ipv4.netfilter.ip_conntrack_max=16384
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
# net.ipv6.conf.all.forwarding=1
# disable bridge firewalling by default
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0

135
root_file_system/default/etc/tincstart.sh Executable file
View File

@ -0,0 +1,135 @@
#!/bin/sh
#DEBUG="--debug=2"
DEBUG=""
SERVER="no"
SERVERNAME="batgw"
project="batvpn"
test_internet_host1="mastersword.de"
test_internet_host2="78.46.215.78"
#Only do something with tinc when the router has internet connection
if ping -w5 -c3 "$test_internet_host1" &>/dev/null || ping -w5 -c3 "$test_internet_host2" &>/dev/null
then
if [ "$SERVER" == "no" ]
then
hostname=$(cat /proc/sys/kernel/hostname)
if [ "$hostname" == "OpenWrt" ]
then
hostname=""
fi
if [ "$hostname" == "" ]
then
hostname=$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
fi
if [ "$hostname" == "" ]
then
hostname=$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
fi
if [ "$hostname" == "" ]
then
hostname=$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
fi
else
hostname=$SERVERNAME
fi
if [ ! -d /etc/tinc ]
then
mkdir /etc/tinc
fi
if [ ! -d /etc/tinc/$project ]
then
mkdir /etc/tinc/$project
ln -s /tmp/tinc_$project.conf /etc/tinc/$project/tinc.conf
echo -n -e "\n\n" | tincd --pidfile=/var/run/tinc_$project.pid -n $project -K
kill -HUP $(cat /var/run/tinc_$project.pid)
sleep 3
mkdir /tmp/tinc_${project}_hosts
ln -s /tmp/tinc_${project}_hosts /etc/tinc/$project/hosts
echo "ifconfig \$INTERFACE up" > /etc/tinc/$project/tinc-up
if [ "$SERVER" == "no" ]
then
echo "brctl addif br-mesh \$INTERFACE" >> /etc/tinc/$project/tinc-up
fi
chmod +x /etc/tinc/$project/tinc-up
fi
if [ ! -d /tmp/tinc_${project}_hosts ]
then
mkdir /tmp/tinc_${project}_hosts
fi
pubkey=$(for line in $(cat /etc/tinc/$project/rsa_key.pub | sed -e 's/$/%0a/g' | sed -e 's/+/%2b/g' | sed -e 's/ /%20/g'); do echo -n $line; done)
port=666
cat <<EOF > /etc/tinc/$project/tinc.conf
Name = $hostname
Mode = Switch
#PingTimeout = 30
Hostnames = yes
#GraphDumpFile = /tmp/vpn-graph.dot
#TCPOnly = yes
EOF
# we need this only for first startup
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
then
cat <<EOF > /etc/tinc/$project/hosts/$hostname
Address = 0.0.0.0
Port = $port
EOF
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
fi
# fire up
if [ "$(ps aux | grep tincd | grep -v grep)" == "" ]
then
tincd -c /etc/tinc/$project --pidfile=/var/run/tinc_$project.pid --logfile=/var/log/tinc_$project.log $DEBUG
# sleep 1
# brctl addif br-mesh tap0
fi
# register
wget -T15 "http://mastersword.de/~reddog/tinc/?name=$hostname&port=$port&key=$pubkey" -O /tmp/tinc_${project}_output
filenames=$(cat /tmp/tinc_${project}_output| grep ^#### | sed -e 's/^####//' | sed -e 's/.conf//g')
for file in $filenames
do
grep -A100 $file /tmp/tinc_${project}_output | grep -v $file | grep -m1 ^### -B100 | grep -v ^### > /etc/tinc/$project/hosts/$file.new
if [ "$(diff /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file 2>&1)" == "" ]
then
/bin/rm /etc/tinc/$project/hosts/$file.new
else
/bin/mv /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file
fi
echo "ConnectTo=$file" >> /etc/tinc/$project/tinc.conf
done
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
then
cat <<EOF > /etc/tinc/$project/hosts/$hostname
Address = 0.0.0.0
Port = $port
EOF
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
fi
#reload
kill -HUP $(cat /var/run/tinc_$project.pid)
else
echo "Der Router kann keine Verbindung zum Tincserver aufbauen"
echo "Tincstart macht nichts!"
fi
exit 0

37
root_file_system/dir300/etc/config/network Normal file
View File

@ -0,0 +1,37 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
#config 'interface' 'lan'
# option 'proto' 'dhcp'
# option 'ifname' 'eth0.1'
config 'interface' 'wlanmesh'
option 'ifname' 'ath1'
option 'mtu' '1528'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'eth0.1 ath0 bat0 tap0'
option 'auto' '1'
config 'switch' 'eth0'
option 'name' 'eth0'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 1 2 3 5t'
config 'switch_vlan' 'eth0_2'
option 'device' 'eth0'
option 'vlan' '2'
option 'ports' '4 5t'
config 'interface' 'wan'
option 'ifname' 'eth0.2'
option 'proto' 'dhcp'

22
root_file_system/dir300/etc/config/wireless Normal file
View File

@ -0,0 +1,22 @@
config 'wifi-device' 'wifi0'
option 'type' 'atheros'
option 'disabled' '0'
option 'channel' '6'
option 'bgscan' '0'
option 'diversity' '1'
#enable correct wifi led on dir300 https://forum.openwrt.org/viewtopic.php?id=29714
option 'softled' '0'
config 'wifi-iface'
option 'device' 'wifi0'
option 'mode' 'adhoc'
option 'ssid' 'batman.oldenburg.freifunk.net'
option 'bssid' '02:CA:FF:EE:BA:BE'
option 'encryption' 'none'
option 'hidden' '1'
config 'wifi-iface'
option 'device' 'wifi0'
option 'mode' 'ap'
option 'ssid' 'oldenburg.freifunk.net'
option 'encryption' 'none'

22
root_file_system/dir300/etc/crontabs/root Normal file
View File

@ -0,0 +1,22 @@
*/5 * * * * killall klogd
*/5 * * * * killall syslogd
*/5 * * * * killall logger
*/5 * * * * sh /etc/tincstart.sh
*/5 * * * * sh /etc/nodewatcher.sh
*/5 * * * * sh /etc/configurator.sh
0 * * * * sh /etc/configurator.sh sync_hostname
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
#Enable zapp script if you are running a gateway
#*/1 * * * * /etc/init.d/zapp
*/5 * * * * killall -HUP dnsmasq
#* * * * * /usr/sbin/ff_olsr_test_gw
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
#0 */4 * * * /usr/sbin/ff_rdate
#17 * * * * /usr/sbin/ff_mapupdate
#Reboot dir300 every 3 days at 04:05
5 4 */3 * * reboot

29
root_file_system/dir300/etc/sysctl.conf Normal file
View File

@ -0,0 +1,29 @@
kernel.panic=3
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=0
net.core.netdev_max_backlog=30
net.netfilter.nf_conntrack_checksum=0
net.ipv4.netfilter.ip_conntrack_checksum=0
net.ipv4.netfilter.ip_conntrack_max=16384
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
# net.ipv6.conf.all.forwarding=1
# disable bridge firewalling by default
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0
#Enable the correct wifi led on dir300 (only apply this to dir300!) https://forum.openwrt.org/viewtopic.php?id=29714
dev.wifi0.ledpin=2
dev.wifi0.softled=1

8
root_file_system/dir300b_adhoc/etc/config/batman-adv Normal file
View File

@ -0,0 +1,8 @@
config 'mesh' 'bat0'
option 'interfaces' 'wlan0'
option 'orig_interval'
option 'log_level'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'vis_mode'

21
root_file_system/dir300b_adhoc/etc/config/network Normal file
View File

@ -0,0 +1,21 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'wlanmesh'
option 'ifname' 'wlan0'
option 'mtu' '1527'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'eth0.1 bat0 tap0'
option 'stp' '1'
config 'interface' 'wan'
option 'ifname' 'eth0.2'
option 'proto' 'dhcp'

20
root_file_system/dir300b_adhoc/etc/config/wireless Normal file
View File

@ -0,0 +1,20 @@
config wifi-device radio0
option type mac80211
option channel 6
option macaddr 10:00:00:00:71:07
option hwmode 11ng
option htmode HT20
list ht_capab GF
list ht_capab SHORT-GI-20
list ht_capab SHORT-GI-40
list ht_capab TX-STBC
list ht_capab RX-STBC1
config 'wifi-iface'
option 'device' 'radio0'
option 'mode' 'adhoc'
option 'ssid' 'batman.oldenburg.freifunk.net'
option 'bssid' '02:CA:FF:EE:BA:BE'
option 'encryption' 'none'
option 'hidden' '1'

36
root_file_system/dir300b_adhoc/etc/rc.local Executable file
View File

@ -0,0 +1,36 @@
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
#Set Mac-Addr of wifi interface if not right
HARDWARE_MACADDR=`cat /sys/class/ieee80211/phy0/macaddress`
SOFTWARE_MACADDR=`uci get wireless.@wifi-device[0].macaddr`
if [[ "$HARDWARE_MACADDR" != "$SOFTWARE_MACADDR" ]]; then
uci set wireless.@wifi-device[0].macaddr=$HARDWARE_MACADDR
uci commit
reboot
fi
ifconfig br-mesh down
ifconfig br-mesh up
ifdown lan
ifup lan
rdate -s time.fu-berlin.de
chown root.root /etc/crontabs/root
/etc/init.d/cron stop
/etc/init.d/cron start
sh /etc/firewall.user
/etc/init.d/qos disable
/etc/init.d/qos stop
#busybox-httpd for crawldata
httpd -h /tmp/
sh /etc/configurator.sh
exit 0

8
root_file_system/dir300b_ap/etc/config/batman-adv Normal file
View File

@ -0,0 +1,8 @@
config 'mesh' 'bat0'
option 'interfaces'
option 'orig_interval'
option 'log_level'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'vis_mode'

18
root_file_system/dir300b_ap/etc/config/network Normal file
View File

@ -0,0 +1,18 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'wlan0 tap0'
option 'stp' '1'
config 'interface' 'wan'
option 'ifname' 'eth0.2'
option 'proto' 'dhcp'

18
root_file_system/dir300b_ap/etc/config/wireless Normal file
View File

@ -0,0 +1,18 @@
config wifi-device radio0
option type mac80211
option channel 6
option macaddr 10:00:00:00:71:07
option hwmode 11ng
option htmode HT20
list ht_capab GF
list ht_capab SHORT-GI-20
list ht_capab SHORT-GI-40
list ht_capab TX-STBC
list ht_capab RX-STBC1
config 'wifi-iface'
option 'device' 'radio0'
option 'mode' 'ap'
option 'ssid' 'oldenburg.freifunk.net'
option 'encryption' 'none'

36
root_file_system/dir300b_ap/etc/rc.local Executable file
View File

@ -0,0 +1,36 @@
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
#Set Mac-Addr of wifi interface if not right
HARDWARE_MACADDR=`cat /sys/class/ieee80211/phy0/macaddress`
SOFTWARE_MACADDR=`uci get wireless.@wifi-device[0].macaddr`
if [[ "$HARDWARE_MACADDR" != "$SOFTWARE_MACADDR" ]]; then
uci set wireless.@wifi-device[0].macaddr=$HARDWARE_MACADDR
uci commit
reboot
fi
ifconfig br-mesh down
ifconfig br-mesh up
ifdown lan
ifup lan
rdate -s time.fu-berlin.de
chown root.root /etc/crontabs/root
/etc/init.d/cron stop
/etc/init.d/cron start
sh /etc/firewall.user
/etc/init.d/qos disable
/etc/init.d/qos stop
#busybox-httpd for crawldata
httpd -h /tmp/
sh /etc/configurator.sh
exit 0

22
root_file_system/fonera/etc/config/network Normal file
View File

@ -0,0 +1,22 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'proto' 'dhcp'
option 'ifname' 'eth0'
config 'interface' 'wlanmesh'
option 'ifname' 'ath1'
option 'mtu' '1528'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'ath0 bat0 tap0'
option 'auto' '1'
# To get Freifunk on the ethernet port (for a desktop pc for example), comment out
# the lan interface section and add eth0 to the ifnames of the mesh interface.
# Then restart the router and plug in your ethernet cable

22
root_file_system/fonera/etc/crontabs/root Normal file
View File

@ -0,0 +1,22 @@
*/5 * * * * killall klogd
*/5 * * * * killall syslogd
*/5 * * * * killall logger
*/5 * * * * sh /etc/tincstart.sh
*/5 * * * * sh /etc/nodewatcher.sh
*/5 * * * * sh /etc/configurator.sh
0 * * * * sh /etc/configurator.sh sync_hostname
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
#Enable zapp script if you are running a gateway
#*/1 * * * * /etc/init.d/zapp
*/5 * * * * killall -HUP dnsmasq
#* * * * * /usr/sbin/ff_olsr_test_gw
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
#0 */4 * * * /usr/sbin/ff_rdate
#17 * * * * /usr/sbin/ff_mapupdate
#Reboot fonera every 2 days at 04:05
5 4 */2 * * reboot

11
root_file_system/wr1043nd/etc/config/batman-adv Normal file
View File

@ -0,0 +1,11 @@
config 'mesh' 'bat0'
option 'interfaces' 'wlan1'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'gw_bandwidth'
option 'gw_mode'
option 'gw_sel_class'
option 'log_level'
option 'orig_interval'
option 'vis_mode'

33
root_file_system/wr1043nd/etc/config/network Normal file
View File

@ -0,0 +1,33 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'wlanmesh'
option 'ifname' 'wlan1'
option 'mtu' '1528'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'eth0.1 wlan0 bat0 tap0'
option 'auto' '1'
config 'interface' 'wan'
option 'ifname' 'eth0.2'
option 'proto' 'dhcp'
config 'switch'
option 'name' 'rtl8366rb'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan'
option 'device' 'rtl8366rb'
option 'vlan' '1'
option 'ports' '1 2 3 4 5t'
config 'switch_vlan'
option 'device' 'rtl8366rb'
option 'vlan' '2'
option 'ports' '0 5t'

11
root_file_system/wr1043nd/etc/config/system Normal file
View File

@ -0,0 +1,11 @@
config 'system'
option 'hostname' 'OpenWrt'
option 'timezone' 'CET-1CEST,M3.5.0,M10.5.0/3'
config 'rdate'
option 'interface' 'wan'
config 'led' 'wlan_led'
option 'name' 'WLAN'
option 'sysfs' 'tl-wr1043nd:green:wlan'
option 'trigger' 'phy0rx'

25
root_file_system/wr1043nd/etc/config/wireless Normal file
View File

@ -0,0 +1,25 @@
config wifi-device radio0
option type mac80211
option channel 6
option macaddr d8:5d:4c:9c:2d:a6
option hwmode 11ng
option htmode HT20
list ht_capab SHORT-GI-40
list ht_capab DSSS_CCK-40
# REMOVE THIS LINE TO ENABLE WIFI:
option disabled 0
config wifi-iface
option device radio0
option network wlanmesh
option mode adhoc
option bssid '02:CA:FF:EE:BA:BE'
option ssid 'batman.oldenburg.freifunk.net'
option mcast_rate 6000
# option bintval 1000
config wifi-iface
option device radio0
option network mesh
option mode ap
option ssid 'oldenburg.freifunk.net'

39
root_file_system/wr1043nd/etc/rc.local Executable file
View File

@ -0,0 +1,39 @@
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
#Set Mac-Addr of wr1043nd wifi interface if not right
HARDWARE_MACADDR=`ifconfig -a wlan0 | grep 'HWaddr' | awk '{ print $5}'`
SOFTWARE_MACADDR=`uci get wireless.@wifi-device[0].macaddr`
if [[ "$HARDWARE_MACADDR" != "$SOFTWARE_MACADDR" ]]; then
uci set wireless.@wifi-device[0].macaddr=$HARDWARE_MACADDR
uci commit
#wait before reboot to generate tinc certificates and to be able
#to login over ssh bevore reboot in case of errors
sleep 30
reboot
fi
ifconfig br-mesh down
ifconfig br-mesh up
ifdown lan
ifup lan
rdate -s time.fu-berlin.de
chown root.root /etc/crontabs/root
/etc/init.d/cron stop
/etc/init.d/cron start
sh /etc/firewall.user
/etc/init.d/qos disable
/etc/init.d/qos stop
#busybox-httpd for crawldata
httpd -h /tmp/
sh /etc/configurator.sh
exit 0

11
root_file_system/wr741nd/etc/config/batman-adv Normal file
View File

@ -0,0 +1,11 @@
config 'mesh' 'bat0'
option 'interfaces' 'wlan1'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'gw_bandwidth'
option 'gw_mode'
option 'gw_sel_class'
option 'log_level'
option 'orig_interval'
option 'vis_mode'

26
root_file_system/wr741nd/etc/config/network Normal file
View File

@ -0,0 +1,26 @@
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'wlanmesh'
option 'ifname' 'wlan1'
option 'mtu' '1528'
config 'interface' 'mesh'
option 'type' 'bridge'
option 'ifname' 'eth0 wlan0 bat0 tap0'
option 'auto' '1'
config 'interface' 'wan'
option 'ifname' 'eth1'
option 'proto' 'dhcp'
config switch eth0
option enable_vlan 1
config switch_vlan
option device eth0
option vlan 1
option ports "0 1 2 3 4"

11
root_file_system/wr741nd/etc/config/system Normal file
View File

@ -0,0 +1,11 @@
config 'system'
option 'hostname' 'OpenWrt'
option 'timezone' 'CET-1CEST,M3.5.0,M10.5.0/3'
config 'rdate'
option 'interface' 'wan'
config 'led' 'wlan_led'
option 'name' 'WLAN'
option 'sysfs' 'tl-wr1043nd:green:wlan'
option 'trigger' 'phy0rx'

30
root_file_system/wr741nd/etc/config/wireless Normal file
View File

@ -0,0 +1,30 @@
config wifi-device radio0
option type mac80211
option channel 6
option macaddr b0:48:7a:cb:2f:c0
option hwmode 11ng
option htmode HT20
list ht_capab SHORT-GI-40
list ht_capab TX-STBC
list ht_capab RX-STBC1
list ht_capab DSSS_CCK-40
# REMOVE THIS LINE TO ENABLE WIFI:
option disabled 0
config wifi-iface
option device radio0
option network wlanmesh
option mode adhoc
option bssid '02:CA:FF:EE:BA:BE'
option ssid 'batman.oldenburg.freifunk.net'
option mcast_rate 6000
# option bintval 1000
option 'encryption' 'none'
option 'hidden' '1'
config wifi-iface
option device radio0
option network mesh
option mode ap
option ssid 'oldenburg.freifunk.net'
option 'encryption' 'none'

39
root_file_system/wr741nd/etc/rc.local Executable file
View File

@ -0,0 +1,39 @@
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
#Set Mac-Addr of wr1043nd wifi interface if not right
HARDWARE_MACADDR=`ifconfig -a wlan0 | grep 'HWaddr' | awk '{ print $5}'`
SOFTWARE_MACADDR=`uci get wireless.@wifi-device[0].macaddr`
if [[ "$HARDWARE_MACADDR" != "$SOFTWARE_MACADDR" ]]; then
uci set wireless.@wifi-device[0].macaddr=$HARDWARE_MACADDR
uci commit
#wait before reboot to generate tinc certificates and to be able
#to login over ssh bevore reboot in case of errors
sleep 30
reboot
fi
ifconfig br-mesh down
ifconfig br-mesh up
ifdown lan
ifup lan
rdate -s time.fu-berlin.de
chown root.root /etc/crontabs/root
/etc/init.d/cron stop
/etc/init.d/cron start
sh /etc/firewall.user
/etc/init.d/qos disable
/etc/init.d/qos stop
#busybox-httpd for crawldata
httpd -h /tmp/
sh /etc/configurator.sh
exit 0

9
root_file_system/wrt54g_adhoc/etc/config/batman-adv Normal file
View File

@ -0,0 +1,9 @@
config 'mesh' 'bat0'
option 'interfaces' 'wlan0'
option 'orig_interval'
option 'log_level'
option 'aggregated_ogms'
option 'bonding'
option 'fragmentation'
option 'vis_mode'

41
root_file_system/wrt54g_adhoc/etc/config/network Normal file
View File

@ -0,0 +1,41 @@
#### VLAN configuration
config switch eth0
option enable 1
config switch_vlan eth0_0
option device "eth0"
option vlan 0
option ports "1 2 3 4 5"
config switch_vlan eth0_1
option device "eth0"
option vlan 1
option ports "0 5"
#### Loopback configuration
config interface loopback
option ifname "lo"
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
#### LAN configuration
config interface lan
option type bridge
option ifname "eth0.0"
option proto static
option ipaddr 192.168.1.1
option netmask 255.255.255.0
#### WAN configuration
config interface wan
option ifname "eth0.1"
option proto dhcp
config interface wlan0
option mtu 1528
config interface mesh
option type bridge
option ifname "bat0 tap0"

16
root_file_system/wrt54g_adhoc/etc/config/wireless Normal file
View File

@ -0,0 +1,16 @@
config wifi-device radio0
option type mac80211
option channel 6
option macaddr 00:12:17:cc:ef:0d
option hwmode 11g
# REMOVE THIS LINE TO ENABLE WIFI:
option disabled 0
config wifi-iface
option device radio0
option network wlan0
option mode adhoc
option ssid batman.oldenburg.freifunk.net
option encryption none
option bssid 02:CA:FF:EE:BA:BE

22
root_file_system/wrt54g_adhoc/etc/crontabs/root Normal file
View File

@ -0,0 +1,22 @@
*/5 * * * * killall klogd
*/5 * * * * killall syslogd
*/5 * * * * killall logger
*/5 * * * * sh /etc/tincstart.sh
*/5 * * * * sh /etc/nodewatcher.sh
*/5 * * * * sh /etc/configurator.sh
0 * * * * sh /etc/configurator.sh sync_hostname
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
#Enable zapp script if you are running a gateway
#*/1 * * * * /etc/init.d/zapp
*/5 * * * * killall -HUP dnsmasq
#* * * * * /usr/sbin/ff_olsr_test_gw
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
#0 */4 * * * /usr/sbin/ff_rdate
#17 * * * * /usr/sbin/ff_mapupdate
#Reboot wrt54g_adhoc every 5 days at 04:05
5 4 */5 * * reboot

36
root_file_system/wrt54g_adhoc/etc/rc.local Executable file
View File

@ -0,0 +1,36 @@
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
#set fixed mac address that is 1 lower than eth0 mac on br-mesh so that the ipv6 addres does not change after every reboot
#This idea is stolen from freifunk lübeck set_hostname.sh
MAC="`ip link show eth0 | grep "link/ether" | \
sed "s/^[ ]*//" | cut -d' ' -f2 | sed "s/://g" | \
tr 'a-z' 'A-Z'`"
MAC="`printf "%012X\n" $((0x$MAC - 0x01))`"
uci set network.mesh.macaddr=$MAC
uci commit
ifconfig br-mesh down
ifconfig br-mesh up
ifdown lan
ifup lan
rdate -s time.fu-berlin.de
chown root.root /etc/crontabs/root
/etc/init.d/cron stop
/etc/init.d/cron start
sh /etc/firewall.user
/etc/init.d/qos disable
/etc/init.d/qos stop
#busybox-httpd for crawldata
httpd -h /tmp/
sh /etc/configurator.sh
exit 0