forked from freifunk-franken/firmware
This is an new Branch for 0.3 stable firmware based on OpenWRT 10.03.1 with new
build_script system
This commit is contained in:
commit
8dab2bce6a
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,8 @@
|
|||
src-svn packages svn://svn.openwrt.org/openwrt/packages@29597
|
||||
#src-svn xwrt http://x-wrt.googlecode.com/svn/branches/backfire_10.03/package
|
||||
#src-svn luci http://svn.luci.subsignal.org/luci/branches/luci-0.10/contrib/package
|
||||
#src-svn phone svn://svn.openwrt.org/openwrt/feeds/phone
|
||||
#src-svn efl svn://svn.openwrt.org/openwrt/feeds/efl
|
||||
#src-svn desktop svn://svn.openwrt.org/openwrt/feeds/desktop
|
||||
#src-svn xfce svn://svn.openwrt.org/openwrt/feeds/xfce
|
||||
#src-link custom /usr/src/openwrt/custom-feed
|
|
@ -0,0 +1,264 @@
|
|||
#!/bin/bash
|
||||
|
||||
prepare() {
|
||||
#Get the OpenWrt Core Source for Firmware
|
||||
svn checkout svn://svn.openwrt.org/openwrt/tags/backfire_10.03.1/ ./build_dir
|
||||
#apply own feeds.conf
|
||||
svn export ./build_patches/feeds.conf ./build_dir/feeds.conf
|
||||
|
||||
./build_dir/scripts/feeds update
|
||||
|
||||
./build_dir/scripts/feeds install -a
|
||||
}
|
||||
|
||||
configure_build() {
|
||||
#create filesdir for our config
|
||||
mkdir ./build_dir/files
|
||||
|
||||
case "$1" in
|
||||
"dir300")
|
||||
svn export ./build_configuration/Atheros_AR231x_AR5312/.config ./build_dir/.config
|
||||
svn export ./root_file_system/default ./build_dir/files/ --force
|
||||
svn export ./root_file_system/dir300 ./build_dir/files/ --force
|
||||
;;
|
||||
"fonera")
|
||||
svn export ./build_configuration/Atheros_AR231x_AR5312/.config ./build_dir/.config
|
||||
svn export ./root_file_system/default ./build_dir/files/ --force
|
||||
svn export ./root_file_system/fonera ./build_dir/files/ --force
|
||||
;;
|
||||
"wrt54g_ap")
|
||||
svn export ./build_configuration/Broadcom_BCM947xx_953xx_ap/.config ./build_dir/.config
|
||||
svn export ./root_file_system/default ./build_dir/files/ --force
|
||||
svn export ./root_file_system/wrt54g_ap ./build_dir/files/ --force
|
||||
;;
|
||||
"wrt54g_adhoc")
|
||||
svn export ./build_configuration/Broadcom_BCM947xx_953xx_adhoc/.config ./build_dir/.config
|
||||
svn export ./root_file_system/default ./build_dir/files/ --force
|
||||
svn export ./root_file_system/wrt54g_adhoc ./build_dir/files/ --force
|
||||
;;
|
||||
"dir300b_ap")
|
||||
svn export ./build_configuration/ramips_rt3050/.config ./build_dir/.config
|
||||
svn export ./root_file_system/default ./build_dir/files/ --force
|
||||
svn export ./root_file_system/dir300b_ap ./build_dir/files/ --force
|
||||
;;
|
||||
"dir300b_adhoc")
|
||||
svn export ./build_configuration/ramips_rt3050/.config ./build_dir/.config
|
||||
svn export ./root_file_system/default ./build_dir/files/ --force
|
||||
svn export ./root_file_system/dir300b_adhoc ./build_dir/files/ --force
|
||||
;;
|
||||
"wr1043nd")
|
||||
svn export ./build_configuration/Atheros_AR71xx_AR7240_AR913x/.config_wr1043nd ./build_dir/.config
|
||||
svn export ./root_file_system/default ./build_dir/files/ --force
|
||||
svn export ./root_file_system/wr1043nd ./build_dir/files/ --force
|
||||
;;
|
||||
"wr741nd")
|
||||
svn export ./build_configuration/Atheros_AR71xx_AR7240_AR913x/.config_wr741nd ./build_dir/.config
|
||||
svn export ./root_file_system/default ./build_dir/files/ --force
|
||||
svn export ./root_file_system/wr741nd ./build_dir/files/ --force
|
||||
;;
|
||||
*)
|
||||
echo "ERROR";
|
||||
;;
|
||||
esac
|
||||
|
||||
#insert actual firware version informations into release file
|
||||
echo "FIRMWARE_REVISION=\""`svn info ./ |grep Revision: |cut -c11-`"\"" >> ./build_dir/files/etc/firmware_release
|
||||
echo "OPENWRT_CORE_REVISION=\""`svn info ./build_dir |grep Revision: |cut -c11-`"\"" >> ./build_dir/files/etc/firmware_release
|
||||
echo "OPENWRT_FEEDS_PACKAGES_REVISION=\""`svn info ./build_dir/feeds/packages |grep Revision: |cut -c11-`"\"" >> ./build_dir/files/etc/firmware_release
|
||||
}
|
||||
|
||||
build() {
|
||||
cd ./build_dir
|
||||
case "$2" in
|
||||
"fast")
|
||||
make -j8
|
||||
;;
|
||||
*)
|
||||
ionice -c 3 -- nice -n 10 -- make -j8
|
||||
;;
|
||||
esac
|
||||
# actually this does northing!
|
||||
# rm -rf ./build_dir/files/
|
||||
cd ../
|
||||
|
||||
case "$1" in
|
||||
"dir300")
|
||||
cp ./build_dir/bin/atheros/openwrt-atheros-root.squashfs ./bin/openwrt-$2-root.squashfs
|
||||
cp ./build_dir/bin/atheros/openwrt-atheros-vmlinux.lzma ./bin/openwrt-$2-vmlinux.lzma
|
||||
cp ./build_dir/bin/atheros/openwrt-atheros-combined.squashfs.img ./bin/openwrt-$2-combined.squashfs.img
|
||||
;;
|
||||
"fonera")
|
||||
cp ./build_dir/bin/atheros/openwrt-atheros-root.squashfs ./bin/openwrt-$2-root.squashfs
|
||||
cp ./build_dir/bin/atheros/openwrt-atheros-vmlinux.lzma ./bin/openwrt-$2-vmlinux.lzma
|
||||
cp ./build_dir/bin/atheros/openwrt-atheros-combined.squashfs.img ./bin/openwrt-$2-combined.squashfs.img
|
||||
;;
|
||||
"dir300b_adhoc" | "dir300b_ap")
|
||||
|
||||
#build webflash image
|
||||
rm -rf ./bin/openwrt-dir300b1-squashfs-webflash.bin
|
||||
./flash_tools/dir300b-flash/v2image -v \
|
||||
-i ./build_dir/bin/ramips/openwrt-ramips-rt305x-dir-300-b1-squashfs-sysupgrade.bin \
|
||||
-o bin/openwrt-dir300b1-squashfs-webflash.bin \
|
||||
-d /dev/mtdblock/2 -s wrgn23_dlwbr_dir300b
|
||||
;;
|
||||
"wr1043nd")
|
||||
cp ./build_dir/bin/ar71xx/openwrt-ar71xx-tl-wr1043nd-v1-squashfs-factory.bin ./bin/
|
||||
cp ./build_dir/bin/ar71xx/openwrt-ar71xx-tl-wr1043nd-v1-squashfs-sysupgrade.bin ./bin/
|
||||
;;
|
||||
"wr741nd")
|
||||
cp ./build_dir/bin/ar71xx/openwrt-ar71xx-tl-wr741nd-v1-squashfs-factory.bin ./bin/
|
||||
cp ./build_dir/bin/ar71xx/openwrt-ar71xx-tl-wr741nd-v1-squashfs-sysupgrade.bin ./bin/
|
||||
;;
|
||||
"wrt54g_ap" | "wrt54g_adhoc")
|
||||
cp ./build_dir/bin/brcm47xx/openwrt-wrt54g-squashfs.bin ./bin/
|
||||
;;
|
||||
*)
|
||||
echo "Nothing implemented here yet -> missing knowledge!!"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
flash() {
|
||||
#Get flash tools
|
||||
svn export http://svn.freifunk-ol.de/build_environment/flash_tools
|
||||
|
||||
if [ ! "`whoami`" = "root" ]
|
||||
then
|
||||
echo "You need to be root to flash!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Do not plugin your router now, you will be asked to do this later!"
|
||||
echo "Stopping Network manager and starting normal network and tftp server..."
|
||||
if [ -f /etc/rc.d/networkmanager ];then
|
||||
/etc/rc.d/networkmanager stop&&/etc/rc.d/network start
|
||||
/etc/rc.d/tftpd start
|
||||
elif [ -f /etc/init.d/networkmanager ];then
|
||||
/etc/init.d/networkmanager stop&&/etc/init.d/network start
|
||||
/etc/init.d/tftpd start
|
||||
elif [ -f /usr/sbin/invoke-rc.d ];then
|
||||
invoke-rc.d network-manager stop
|
||||
invoke-rc.d tftpd-hpa start
|
||||
fi
|
||||
|
||||
echo "Clearing Firewall!"
|
||||
iptables -F
|
||||
iptables -P INPUT ACCEPT
|
||||
iptables -P OUTPUT ACCEPT
|
||||
|
||||
echo "Flashing now! Please plugin your router into the powerline now"
|
||||
case "$1" in
|
||||
"dir300")
|
||||
if [ -f /usr/sbin/dir300-flash ]; then
|
||||
/usr/sbin/dir300-flash $2 ./bin/openwrt-$1-vmlinux.lzma ./bin/openwrt-$1-root.squashfs
|
||||
else
|
||||
./flash_tools/dir300-flash/dir300-flash.sh $2 ./bin/openwrt-$1-vmlinux.lzma ./bin/openwrt-$1-root.squashfs
|
||||
;;
|
||||
"fonera")
|
||||
echo "In some cases you have to set a symlink to libpcap to make flashing work (Tim told me that it is evil if I do that for you):"
|
||||
echo "ln -s /usr/lib/libpcap.so.1.1.1 /usr/lib/libpcap.so.0.8"
|
||||
|
||||
./flash_tools/fonera-flash/ap51-flash-1.0-42 $2 ./bin/openwrt-$1-root.squashfs ./bin/openwrt-$1-vmlinux.lzma freifunc
|
||||
;;
|
||||
"dir300b_adhoc" | "dir300b_ap")
|
||||
echo "* Press RESET on your router and power it on."
|
||||
echo "* Now connect it to your Computer using the WAN interface"
|
||||
echo "* Configure your Computer to use 192.168.0.2 as IP-Adress"
|
||||
echo "* Go to http://192.168.0.1 and flash your router."
|
||||
echo "* Happy Freifunk'ing! :-)"
|
||||
;;
|
||||
*)
|
||||
echo "Nothing implemented here yet"
|
||||
;;
|
||||
esac
|
||||
|
||||
echo "Starting Networkmanager again"
|
||||
if [ -f /etc/rc.d/networkmanager ];then
|
||||
/etc/rc.d/networkmanager start
|
||||
elif [ -f /etc/init.d/networkmanager ];then
|
||||
/etc/init.d/networkmanager start
|
||||
elif [ -f /usr/sbin/invoke-rc.d ];then
|
||||
invoke-rc.d tftpd-hpa stop
|
||||
invoke-rc.d network-manager start
|
||||
fi
|
||||
}
|
||||
|
||||
clean() {
|
||||
/bin/rm -rf flash_tools build_dir bin
|
||||
}
|
||||
|
||||
routers() {
|
||||
echo "router-types: "
|
||||
echo " dir300"
|
||||
echo " dir300b_adhoc"
|
||||
echo " dir300b_ap"
|
||||
echo " fonera"
|
||||
echo " wrt54g_ap"
|
||||
echo " wrt54g_adhoc"
|
||||
echo " wr1043nd"
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
"prepare")
|
||||
if [ "$2" = "help" ] || [ "$2" = "" ]; then
|
||||
echo "This option fetches the sources for the images and configurates the build so that it can be compiled"
|
||||
echo "Usage: $0 $1 router-type"
|
||||
routers
|
||||
else
|
||||
prepare "$2"
|
||||
configure_build "$2"
|
||||
fi
|
||||
;;
|
||||
"build")
|
||||
if [ "$2" = "help" ] || [ "$2" = "" ]; then
|
||||
echo "This option compiles the firmware"
|
||||
echo "Normaly the build uses lower IO and System priorities, "
|
||||
echo "you can append \"fast\" option, to use normal user priorities"
|
||||
echo "Usage: $0 $1 router-type [fast]"
|
||||
routers
|
||||
echo "Parallel build may fail with revisions before 24969 see https://dev.openwrt.org/ticket/8596"
|
||||
else
|
||||
build "$2" "$3"
|
||||
fi
|
||||
;;
|
||||
"download")
|
||||
if [ "$2" = "help" ] || [ "$2" = "" ]; then
|
||||
echo "This option downloads the ready configured images from an external location if needet."
|
||||
echo "Usage: $0 $1 http://downloadfolder router-type"
|
||||
routers
|
||||
else
|
||||
wget "$2/openwrt-$3-root.squashfs"
|
||||
wget "$2/openwrt-$3-vmlinux.lzma"
|
||||
fi
|
||||
;;
|
||||
"flash")
|
||||
if [ "$2" = "help" ] || [ "$2" = "" ]; then
|
||||
echo "This option flashes the router."
|
||||
echo "$0 $1 router-type net-dev"
|
||||
routers
|
||||
echo "net-dev:"
|
||||
echo " ethX"
|
||||
else
|
||||
flash "$2" "$3" "$4"
|
||||
fi
|
||||
;;
|
||||
"clean")
|
||||
if [ "$2" = "help" ] || [ "$2" = "" ]; then
|
||||
echo "This option cleans all build files."
|
||||
echo "$0 $1"
|
||||
else
|
||||
clean
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo "This is the Build Environment Script of the Freifunk Community Oldenburg."
|
||||
echo "Usage: $0 command"
|
||||
echo "command:"
|
||||
echo " prepare"
|
||||
echo " build"
|
||||
echo " flash"
|
||||
echo " download"
|
||||
echo ""
|
||||
echo "If you need help to one of these options just type $0 command help"
|
||||
;;
|
||||
esac
|
|
@ -0,0 +1,9 @@
|
|||
____ ____ _______
|
||||
| | | | | Freifunk
|
||||
|____ |____ | _ | | Oldenburg
|
||||
| | | | | Firmware
|
||||
| | |_______| |_____________
|
||||
|
||||
Welcome to the free wireless experience
|
||||
For more information take a look at http://freifunk-ol.de
|
||||
---------------------------------------------------------
|
|
@ -0,0 +1,20 @@
|
|||
06:21:91:2c:f3:09 Batman_TimWZ
|
||||
00:21:91:2c:f3:09 Node_TimWZ
|
||||
06:1e:58:c7:07:e5 Batman_TimKU
|
||||
00:1e:58:c7:07:e5 Node_TimKU
|
||||
06:22:b0:98:70:df Batman_FreWZ
|
||||
00:22:b0:98:70:df Node_FreWZ
|
||||
06:1e:58:b9:d4:39 Batman_FreKU
|
||||
00:1e:58:b9:d4:39 Node_FreKU
|
||||
06:18:84:80:83:8d Batman_BjoFON
|
||||
00:18:84:80:83:8d Node_BjoFON
|
||||
06:22:B0:96:7C:D7 Batman_BjoDIR
|
||||
00:22:B0:96:7C:D7 Node_BjoDIR
|
||||
06:18:84:81:73:21 Batman_BjoBalk
|
||||
00:18:84:81:73:21 Node_BjoBalk
|
||||
0A:24:01:17:B7:55 Batman_floh1111_dir300
|
||||
00:24:01:17:B7:55 Node_floh1111_dir300
|
||||
00:13:e8:ab:47:49 Client_RedLap
|
||||
1c:4b:d6:b8:17:dc Client_Freddy
|
||||
00:16:6F:47:51:AA Client_floh1111
|
||||
00:80:48:3b:ab:0e Client_Bjo
|
|
@ -0,0 +1,8 @@
|
|||
config 'mesh' 'bat0'
|
||||
option 'interfaces' 'ath1'
|
||||
option 'orig_interval'
|
||||
option 'log_level'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'vis_mode'
|
|
@ -0,0 +1,26 @@
|
|||
config 'script'
|
||||
option 'error_level' '0'
|
||||
option 'logfile' '/var/log/configurator.log'
|
||||
option 'version' '1'
|
||||
option 'sync_hostname' '1'
|
||||
|
||||
config 'api'
|
||||
option 'ipv4_address' '1'
|
||||
option 'ipv6_interface' 'br-mesh'
|
||||
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||
option 'timeout' '5'
|
||||
option 'retry' '5'
|
||||
|
||||
config 'update'
|
||||
option 'autoupdate' '1'
|
||||
|
||||
config 'crawl'
|
||||
option 'method' 'hash'
|
||||
option 'nickname' '1'
|
||||
option 'password' '1'
|
||||
option 'login_string' '1'
|
||||
option 'router_id' '1'
|
||||
option 'update_hash' '1'
|
||||
|
||||
config 'netmon'
|
||||
option 'autoadd_ipv6_address' '1'
|
|
@ -0,0 +1,33 @@
|
|||
config dnsmasq
|
||||
option domainneeded 1
|
||||
option boguspriv 1
|
||||
option filterwin2k '0' #enable for dial on demand
|
||||
option localise_queries 1
|
||||
option local '/lan/'
|
||||
option domain 'lan'
|
||||
option expandhosts 1
|
||||
option nonegcache 0
|
||||
option authoritative 0
|
||||
option readethers 1
|
||||
option leasefile '/tmp/dhcp.leases'
|
||||
option resolvfile '/tmp/resolv.conf.auto'
|
||||
#list server '/mycompany.local/1.2.3.4'
|
||||
#option nonwildcard 1
|
||||
#list interface br-lan
|
||||
#list notinterface lo
|
||||
|
||||
#config dhcp mesh
|
||||
# option interface mesh
|
||||
# option start X.10
|
||||
# option limit 100
|
||||
# option leasetime 6h
|
||||
|
||||
config dhcp lan
|
||||
option interface lan
|
||||
option start 100
|
||||
option limit 150
|
||||
option leasetime 12h
|
||||
|
||||
config dhcp wan
|
||||
option interface wan
|
||||
option ignore 1
|
|
@ -0,0 +1,4 @@
|
|||
config dropbear
|
||||
option PasswordAuth 'on'
|
||||
option Port '22'
|
||||
# option BannerFile '/etc/banner'
|
|
@ -0,0 +1,103 @@
|
|||
config defaults
|
||||
option syn_flood 1
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name lan
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name wan
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
option masq 1
|
||||
option mtu_fix 1
|
||||
|
||||
config forwarding
|
||||
option src lan
|
||||
option dest wan
|
||||
|
||||
# We need to accept udp packets on port 68,
|
||||
# see https://dev.openwrt.org/ticket/4108
|
||||
config rule
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 68
|
||||
option target ACCEPT
|
||||
|
||||
#Allow ping
|
||||
config rule
|
||||
option src wan
|
||||
option proto icmp
|
||||
option icmp_type echo-request
|
||||
option target ACCEPT
|
||||
|
||||
#Allow SSH on WAN
|
||||
config rule
|
||||
option src wan
|
||||
option dest_port 22
|
||||
option target ACCEPT
|
||||
option proto tcp
|
||||
|
||||
# include a file with users custom iptables rules
|
||||
config include
|
||||
option path /etc/firewall.user
|
||||
|
||||
|
||||
### EXAMPLE CONFIG SECTIONS
|
||||
# do not allow a specific ip to access wan
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option dest wan
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
# block a specific mac on wan
|
||||
#config rule
|
||||
# option dest wan
|
||||
# option src_mac 00:11:22:33:44:66
|
||||
# option target REJECT
|
||||
|
||||
# block incoming ICMP traffic on a zone
|
||||
#config rule
|
||||
# option src lan
|
||||
# option proto ICMP
|
||||
# option target DROP
|
||||
|
||||
# port redirect port coming in on wan to lan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 80
|
||||
# option dest lan
|
||||
# option dest_ip 192.168.16.235
|
||||
# option dest_port 80
|
||||
# option proto tcp
|
||||
|
||||
|
||||
### FULL CONFIG SECTIONS
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 80
|
||||
# option dest wan
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
#config redirect
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 1024
|
||||
# option src_dport 80
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
|
@ -0,0 +1,37 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
#config 'interface' 'lan'
|
||||
# option 'proto' 'dhcp'
|
||||
# option 'ifname' 'eth0.1'
|
||||
|
||||
config 'interface' 'wlanmesh'
|
||||
option 'ifname' 'ath1'
|
||||
option 'mtu' '1528'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'eth0.1 ath0 bat0 tap0'
|
||||
option 'auto' '1'
|
||||
|
||||
config 'switch' 'eth0'
|
||||
option 'name' 'eth0'
|
||||
option 'reset' '1'
|
||||
option 'enable_vlan' '1'
|
||||
|
||||
config 'switch_vlan' 'eth0_1'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '1'
|
||||
option 'ports' '0 1 2 3 5t'
|
||||
|
||||
config 'switch_vlan' 'eth0_2'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '2'
|
||||
option 'ports' '4 5t'
|
||||
|
||||
config 'interface' 'wan'
|
||||
option 'ifname' 'eth0.2'
|
||||
option 'proto' 'dhcp'
|
|
@ -0,0 +1,18 @@
|
|||
config 'script'
|
||||
option 'version' '25'
|
||||
option 'error_level' '0'
|
||||
option 'logfile' '/var/log/nodewatcher.log'
|
||||
|
||||
config 'api'
|
||||
option 'ipv4_address' '1'
|
||||
option 'ipv6_interface' 'br-mesh'
|
||||
option 'ipv6_address' 'fe80::201:2ff:fe03:405'
|
||||
option 'timeout' '5'
|
||||
option 'retry' '5'
|
||||
|
||||
config 'update'
|
||||
option 'autoupdate' '1'
|
||||
|
||||
config 'network'
|
||||
option 'mesh_interface' 'br-mesh'
|
||||
option 'client_interfaces' 'ath0 wlan0'
|
|
@ -0,0 +1,86 @@
|
|||
# QoS configuration for OpenWrt
|
||||
|
||||
# INTERFACES:
|
||||
config interface wan
|
||||
option classgroup "Default"
|
||||
option enabled 1
|
||||
option overhead 1
|
||||
option upload 128
|
||||
option download 1024
|
||||
|
||||
# RULES:
|
||||
config classify
|
||||
option target "Bulk"
|
||||
option layer7 "edonkey"
|
||||
config classify
|
||||
option target "Bulk"
|
||||
option layer7 "bittorrent"
|
||||
config classify
|
||||
option target "Priority"
|
||||
option ports "22,53"
|
||||
config classify
|
||||
option target "Normal"
|
||||
option proto "tcp"
|
||||
option ports "20,21,25,80,110,443,993,995"
|
||||
config classify
|
||||
option target "Express"
|
||||
option ports "5190"
|
||||
config default
|
||||
option target "Express"
|
||||
option proto "udp"
|
||||
option pktsize "-500"
|
||||
config reclassify
|
||||
option target "Priority"
|
||||
option proto "icmp"
|
||||
config default
|
||||
option target "Bulk"
|
||||
option portrange "1024-65535"
|
||||
config reclassify
|
||||
option target "Priority"
|
||||
option proto "tcp"
|
||||
option pktsize "-128"
|
||||
option mark "!Bulk"
|
||||
option tcpflags "SYN"
|
||||
config reclassify
|
||||
option target "Priority"
|
||||
option proto "tcp"
|
||||
option pktsize "-128"
|
||||
option mark "!Bulk"
|
||||
option tcpflags "ACK"
|
||||
|
||||
|
||||
# Don't change the stuff below unless you
|
||||
# really know what it means :)
|
||||
|
||||
config classgroup "Default"
|
||||
option classes "Priority Express Normal Bulk"
|
||||
option default "Normal"
|
||||
|
||||
|
||||
config class "Priority"
|
||||
option packetsize 400
|
||||
option maxsize 400
|
||||
option avgrate 10
|
||||
option priority 20
|
||||
config class "Priority_down"
|
||||
option packetsize 1000
|
||||
option avgrate 10
|
||||
|
||||
|
||||
config class "Express"
|
||||
option packetsize 1000
|
||||
option maxsize 800
|
||||
option avgrate 50
|
||||
option priority 10
|
||||
|
||||
config class "Normal"
|
||||
option packetsize 1500
|
||||
option packetdelay 100
|
||||
option avgrate 10
|
||||
option priority 5
|
||||
config class "Normal_down"
|
||||
option avgrate 20
|
||||
|
||||
config class "Bulk"
|
||||
option avgrate 1
|
||||
option packetdelay 200
|
|
@ -0,0 +1,3 @@
|
|||
config system
|
||||
option hostname OpenWrt
|
||||
option timezone "CET-1CEST,M3.5.0,M10.5.0/3"
|
|
@ -0,0 +1,2 @@
|
|||
config timeserver
|
||||
option hostname time.fu-berlin.de
|
|
@ -0,0 +1,20 @@
|
|||
config 'wifi-device' 'wifi0'
|
||||
option 'type' 'atheros'
|
||||
option 'disabled' '0'
|
||||
option 'channel' '6'
|
||||
option 'bgscan' '0'
|
||||
option 'diversity' '1'
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'wifi0'
|
||||
option 'mode' 'adhoc'
|
||||
option 'ssid' 'batman.oldenburg.freifunk.net'
|
||||
option 'bssid' '02:CA:FF:EE:BA:BE'
|
||||
option 'encryption' 'none'
|
||||
option 'hidden' '1'
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'wifi0'
|
||||
option 'mode' 'ap'
|
||||
option 'ssid' 'oldenburg.freifunk.net'
|
||||
option 'encryption' 'none'
|
|
@ -0,0 +1,183 @@
|
|||
#!/bin/sh
|
||||
# Netmon Configurator (C) 2010-2011 Freifunk Oldenburg
|
||||
# Lizenz: GPL
|
||||
|
||||
SCRIPT_DIR=`dirname $0`
|
||||
|
||||
if [ -f /etc/config/configurator ];then
|
||||
API_IPV4_ADRESS=`uci get configurator.@api[0].ipv4_address`
|
||||
API_IPV6_ADRESS=`uci get configurator.@api[0].ipv6_address`
|
||||
API_IPV6_INTERFACE=`uci get configurator.@api[0].ipv6_interface`
|
||||
API_TIMEOUT=`uci get configurator.@api[0].timeout`
|
||||
API_RETRY=`uci get configurator.@api[0].retry`
|
||||
SCRIPT_VERSION=`uci get configurator.@script[0].version`
|
||||
SCRIPT_ERROR_LEVEL=`uci get configurator.@script[0].error_level`
|
||||
SCRIPT_LOGFILE=`uci get configurator.@script[0].logfile`
|
||||
SCRIPT_SYNC_HOSTNAME=`uci get configurator.@script[0].sync_hostname`
|
||||
CRAWL_METHOD=`uci get configurator.@crawl[0].method`
|
||||
CRAWL_ROUTER_ID=`uci get configurator.@crawl[0].router_id`
|
||||
CRAWL_UPDATE_HASH=`uci get configurator.@crawl[0].update_hash`
|
||||
CRAWL_NICKNAME=`uci get configurator.@crawl[0].nickname`
|
||||
CRAWL_PASSWORD=`uci get configurator.@crawl[0].password`
|
||||
UPDATE_AUTOUPDATE=`uci get configurator.@update[0].autoupdate`
|
||||
AUTOADD_IPV6_ADDRESS=`uci get configurator.@netmon[0].autoadd_ipv6_address`
|
||||
else
|
||||
. $SCRIPT_DIR/configurator_config
|
||||
fi
|
||||
|
||||
API_RETRY=$(($API_RETRY - 1))
|
||||
|
||||
get_url() {
|
||||
if [[ $API_IPV4_ADRESS != "1" ]]; then
|
||||
url=$API_IPV4_ADRESS
|
||||
else
|
||||
url="[$API_IPV6_ADRESS"%"$API_IPV6_INTERFACE]"
|
||||
fi
|
||||
echo $url
|
||||
}
|
||||
|
||||
sync_hostname() {
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Syncing hostname" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
netmon_api=`get_url`
|
||||
command="wget -q -O - http://$netmon_api/api_csv_configurator.php?section=get_hostname&authentificationmethod=$CRAWL_METHOD&nickname=$CRAWL_NICKNAME&password=$CRAWL_PASSWORD&router_auto_update_hash=$CRAWL_UPDATE_HASH&router_id=$CRAWL_ROUTER_ID"
|
||||
api_return=`$command&sleep $API_TIMEOUT; kill $!`
|
||||
netmon_hostname=`echo $api_return| cut '-d,' -f2`
|
||||
if [ "$netmon_hostname" != "" ]; then
|
||||
if [ "$netmon_hostname" != "`cat /proc/sys/kernel/hostname`" ]; then
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Setze neuen Hostname: $netmon_hostname" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
uci set system.@system[0].hostname=$netmon_hostname
|
||||
uci commit
|
||||
echo $netmon_hostname > /proc/sys/kernel/hostname
|
||||
else
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Hostname ist aktuell" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
assign_router() {
|
||||
netmon_api=`get_url`
|
||||
hostname=`cat /proc/sys/kernel/hostname`
|
||||
|
||||
#Choose right login String
|
||||
login_strings="$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')"
|
||||
command="wget -q -O - http://$netmon_api/api_csv_configurator.php?section=test_login_strings&login_strings=$login_strings"
|
||||
ergebnis=`$command&sleep $API_TIMEOUT; kill $!`
|
||||
if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
|
||||
router_auto_assign_login_string=`echo $ergebnis| cut '-d;' -f2`
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Es existiert ein Router mit dem Login String $router_auto_assign_login_string" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f1` = "error" ]; then
|
||||
router_auto_assign_login_string=`echo $login_strings| cut '-d;' -f1`
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Es existiert kein Router mit einem der Login Strings: $login_strings" >> $SCRIPT_LOGFILE
|
||||
echo "`date`: Nutze $router_auto_assign_login_string als login string" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
fi
|
||||
|
||||
#Try to assign Router with choosen login string
|
||||
command="wget -q -O - http://$netmon_api/api_csv_configurator.php?section=router_auto_assign&router_auto_assign_login_string=$router_auto_assign_login_string&hostname=$hostname"
|
||||
ergebnis=`$command&sleep $API_TIMEOUT; kill $!`
|
||||
if [ `echo $ergebnis| cut '-d;' -f1` != "success" ]; then
|
||||
if [ `echo $ergebnis| cut '-d;' -f2` = "already_assigned" ]; then
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
|
||||
echo "`date`: Der Login String `echo $ergebnis| cut '-d;' -f3` ist bereits mit einem Router verknüpft, beende" >> $SCRIPT_LOGFILE
|
||||
exit 0
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f2` = "autoassign_not_allowed" ]; then
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
|
||||
echo "`date`: Der dem Login String `echo $ergebnis| cut '-d;' -f3` zugewiesene Router erlaubt autoassign nicht, beende" >> $SCRIPT_LOGFILE
|
||||
exit 0
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f2` = "new_not_assigned" ]; then
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
|
||||
echo "`date`: Router wurde der Liste der nicht zugewiesenen Router hinzugefügt, beende" >> $SCRIPT_LOGFILE
|
||||
exit 0
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f2` = "updated_not_assigned" ]; then
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
|
||||
echo "`date`: Router auf der Liste der nicht zugewiesenen Router wurde geupdated, beende" >> $SCRIPT_LOGFILE
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "0" ]; then
|
||||
echo "`date`: Der Router wurde nicht mit Netmon verknüpft" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
elif [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then
|
||||
#write new config
|
||||
uci set configurator.@crawl[0].router_id=`echo $ergebnis| cut '-d;' -f2`
|
||||
uci set configurator.@crawl[0].update_hash=`echo $ergebnis| cut '-d;' -f3`
|
||||
|
||||
#set also new router id for nodewatcher
|
||||
uci set nodewatcher.@crawl[0].router_id=`echo $ergebnis| cut '-d;' -f2`
|
||||
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Der Router `echo $ergebnis| cut '-d;' -f2` wurde mit Netmon verknüpft" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
uci commit
|
||||
|
||||
CRAWL_METHOD=`uci get configurator.@crawl[0].method`
|
||||
CRAWL_ROUTER_ID=`uci get configurator.@crawl[0].router_id`
|
||||
CRAWL_UPDATE_HASH=`uci get configurator.@crawl[0].update_hash`
|
||||
CRAWL_NICKNAME=`uci get configurator.@crawl[0].nickname`
|
||||
CRAWL_PASSWORD=`uci get configurator.@crawl[0].password`
|
||||
fi
|
||||
}
|
||||
|
||||
autoadd_ipv6_address() {
|
||||
netmon_api=`get_url`
|
||||
echo "`date`: Führe IPv6 Address autoadd durch" >> $SCRIPT_LOGFILE
|
||||
ipv6_link_local_addr="`ifconfig br-mesh | grep 'inet6 addr:' | grep 'Scope:Link' | awk '{ print $3}'`"
|
||||
command="wget -q -O - http://$netmon_api/api_csv_configurator.php?section=autoadd_ipv6_address&authentificationmethod=$CRAWL_METHOD&nickname=$CRAWL_NICKNAME&password=$CRAWL_PASSWORD&router_auto_update_hash=$CRAWL_UPDATE_HASH&router_id=$CRAWL_ROUTER_ID&ip=$ipv6_link_local_addr"
|
||||
ergebnis=`$command&sleep $API_TIMEOUT; kill $!`
|
||||
if [ `echo $ergebnis| cut '-d,' -f1` = "success" ]; then
|
||||
uci set configurator.@netmon[0].autoadd_ipv6_address='0'
|
||||
uci commit
|
||||
echo "`date`: Die IPv6-Adresse fÃr Router $CRAWL_ROUTER_ID wurde Netmon hinzugefügt" >> $SCRIPT_LOGFILE
|
||||
echo "`date`: IPv6 Autoadd wurde abgestellt um zu starke Belastung der Netmon API zu vermeiden" >> $SCRIPT_LOGFILE
|
||||
else
|
||||
echo "`date`: Die IPv6-Adresse existiert bereits in Netmon (auf Router-ID `echo $ergebnis| cut '-d,' -f3`)" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
}
|
||||
|
||||
if [ $CRAWL_METHOD == "login" ]; then
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Authentifizierungsmethode ist: Username und Passwort" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
elif [ $CRAWL_METHOD == "hash" ]; then
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Authentifizierungsmethode ist: Autoassign und Hash" >> $SCRIPT_LOGFILE
|
||||
echo "`date`: Prüfe ob Roter schon mit Netmon verknüpft ist" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
if [ $CRAWL_UPDATE_HASH == "1" ]; then
|
||||
can_crawl=0
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Der Router ist noch NICHT mit Netmon verknüpft" >> $SCRIPT_LOGFILE
|
||||
echo "`date`: Versuche verknüpfung herzustellen" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
assign_router
|
||||
sync_hostname
|
||||
else
|
||||
if [ $SCRIPT_ERROR_LEVEL -gt "1" ]; then
|
||||
echo "`date`: Der Router ist bereits mit Netmon verknüpt" >> $SCRIPT_LOGFILE
|
||||
fi
|
||||
if [[ $AUTOADD_IPV6_ADDRESS = "1" ]]; then
|
||||
autoadd_ipv6_address
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
tmp=${1-text}
|
||||
if [[ $tmp = "sync_hostname" ]]; then
|
||||
#Sync Hostname
|
||||
if [[ $SCRIPT_SYNC_HOSTNAME = "1" ]]; then
|
||||
sync_hostname
|
||||
fi
|
||||
fi
|
|
@ -0,0 +1,19 @@
|
|||
*/5 * * * * killall klogd
|
||||
*/5 * * * * killall syslogd
|
||||
*/5 * * * * killall logger
|
||||
|
||||
*/5 * * * * sh /etc/tincstart.sh
|
||||
*/5 * * * * sh /etc/nodewatcher.sh
|
||||
*/5 * * * * sh /etc/configurator.sh
|
||||
0 * * * * sh /etc/configurator.sh sync_hostname
|
||||
|
||||
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
|
||||
|
||||
#Enable zapp script if you are running a gateway
|
||||
#*/1 * * * * /etc/init.d/zapp
|
||||
|
||||
*/5 * * * * killall -HUP dnsmasq
|
||||
#* * * * * /usr/sbin/ff_olsr_test_gw
|
||||
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
|
||||
#0 */4 * * * /usr/sbin/ff_rdate
|
||||
#17 * * * * /usr/sbin/ff_mapupdate
|
|
@ -0,0 +1,45 @@
|
|||
#!/bin/sh
|
||||
#iptables -F
|
||||
#
|
||||
#iptables -P INPUT DROP
|
||||
#iptables -P OUTPUT DROP
|
||||
#iptables -P FORWARD DROP
|
||||
#
|
||||
#for proto in tcp udp
|
||||
#do
|
||||
# for port in 53 666 655
|
||||
# do
|
||||
# iptables -A OUTPUT -p $proto --dport $port -j ACCEPT
|
||||
# iptables -A OUTPUT -p $proto --sport $port -j ACCEPT
|
||||
# iptables -A INPUT -p $proto --dport $port -j ACCEPT
|
||||
# iptables -A INPUT -p $proto --sport $port -j ACCEPT
|
||||
# done
|
||||
#done
|
||||
#
|
||||
#iptables -A OUTPUT -p icmp -j ACCEPT
|
||||
#iptables -A INPUT -p icmp -j ACCEPT
|
||||
#
|
||||
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
|
||||
#
|
||||
#
|
||||
#iptables -A OUTPUT -p tcp --sport 1024: -j ACCEPT
|
||||
#iptables -A OUTPUT -p udp --sport 1024: -j ACCEPT
|
||||
|
||||
# mastersword.de
|
||||
#iptables -A OUTPUT -p tcp -d 78.46.215.78 -j ACCEPT
|
||||
#iptables -A INPUT -p tcp -s 78.46.215.78 -j ACCEPT
|
||||
|
||||
# gw1.freifunk-ol.de
|
||||
#iptables -A OUTPUT -p tcp -d 178.33.33.102 -j ACCEPT
|
||||
#iptables -A INPUT -p tcp -s 178.33.33.102 -j ACCEPT
|
||||
|
||||
# freifunk-ol.de
|
||||
#iptables -A OUTPUT -p tcp -d 178.33.33.208 -j ACCEPT
|
||||
#iptables -A INPUT -p tcp -s 178.33.33.208 -j ACCEPT
|
||||
|
||||
#Masquerade interface for gateway
|
||||
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
#solves MTU problem with bad ISP´s
|
||||
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
|
@ -0,0 +1,2 @@
|
|||
FIRMWARE_VERSION="trunk"
|
||||
RELEASE_DATE=""
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
|
||||
wget -T15 http://$(cat /etc/config/nodewatcher | grep url | awk '{ print $3 }' | sed -e "s/\]'//g" -e "s/'\[//g")/api_nodewatcher.php?section=get_hostnames_and_mac -O - | grep -v -e "^..-..-" | sort -u > /etc/bat-hosts
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
|
||||
sh /etc/tincstart.sh
|
||||
sleep 30
|
||||
sh /etc/tincstart.sh
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
|
||||
sh /etc/configurator.sh
|
||||
}
|
|
@ -0,0 +1,622 @@
|
|||
#!/bin/sh
|
||||
|
||||
# If you got false positives, try a higher value
|
||||
BOGOTHRESH=200
|
||||
|
||||
# Note: for mail alarm, you need "ssmtp" installed and configured.
|
||||
# Example /etc/ssmtp/ssmtp.conf (debian/ubuntu) for GMX needs:
|
||||
# mailhub=mail.gmx.net:25 FromLineOverride=YES
|
||||
# AuthUser=$MAILFROM AuthPass=x UseSTARTTLS=YES
|
||||
MAILFROM=sender-address@domain.de
|
||||
MAILADDR=receiver-address@domain.de
|
||||
|
||||
# Insert IPs you trust
|
||||
#TRUSTEDIP="$TRUSTEDIP 1.2.3.4"
|
||||
#TRUSTEDIP="$TRUSTEDIP 2.3.4.5"
|
||||
|
||||
# 0: Do not save, 1: save conntrack if zapp
|
||||
DEBUGSAVE=0
|
||||
# Empty: No log in /var/log/zapp/, otherwise string to prepend to saved bogothresh files
|
||||
DEBUGLOGS= #$(date "+%b%d %H:%M")
|
||||
|
||||
# 0: Manual clear, or minutes until auto-clear blockade (5-1439)
|
||||
CLEARTIME=360
|
||||
|
||||
WEBSERVER=/www
|
||||
|
||||
# --- END OF CONFIGURATION SETTINGS ---
|
||||
|
||||
# This script uses case-esac for speed with busybox-ash. Current version under:
|
||||
# http://ff-firmware.cvs.sourceforge.net/viewvc/*checkout*/ff-firmware/ff-devel/freifunk-zapp/etc/init.d/S92zapp
|
||||
|
||||
# When running via cron, the PATH is unset
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
# We start a netcat-based webserver on this port if someone is blocked
|
||||
BLOCKPORT=8090
|
||||
|
||||
CRONUSR=root
|
||||
CRONDIR=/var/spool/cron/crontabs
|
||||
|
||||
# First argument may be an input file
|
||||
CONN=${1:-/proc/net/ip_conntrack}
|
||||
|
||||
# This script calls itself with the IP to analyze why its blocking
|
||||
DEBIP=$2
|
||||
case $1 in '')DEBUG=false;;*)DEBUG=true;;esac
|
||||
|
||||
case $DEBUGLOGS in "");;*)test -d /var/log/zapp || mkdir -p /var/log/zapp;;esac
|
||||
|
||||
# Find out our IP that is used to connect to the Internet
|
||||
DEV=$(ip route get 1.1.1.1/1|sed -n '1{s/.* dev \([^ ]\+\).*/\1/;p}')
|
||||
ADR=$(ip -f inet addr list dev $DEV scope global|sed -n '2s/^.*inet \([0-9\.]\+\).*/\1/p')
|
||||
PAT=$(sed 's/\./_/g'<<Q
|
||||
$ADR
|
||||
Q
|
||||
)
|
||||
UNK=0
|
||||
|
||||
which () {
|
||||
# Note: do not unset IFS (busybox ash and bash are different here)
|
||||
for p in $(sed 's/:/ /g'<<Q
|
||||
$PATH
|
||||
Q
|
||||
);do
|
||||
test -x $p/$1 && return 0
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
# Freifunk Firmware Configs
|
||||
which nvram && {
|
||||
ff_zapp_thresh=$(nvram get ff_zapp_thresh)
|
||||
BOGOTHRESH=${ff_zapp_thresh:-$BOGOTHRESH}
|
||||
}
|
||||
|
||||
case $BOGOTHRESH in ""|0)exit 0;;esac
|
||||
|
||||
NC_CMD=
|
||||
which nc && NC_CMD=nc
|
||||
which nc-hobbit && NC_CMD=nc-hobbit
|
||||
which netcat && NC_CMD=netcat
|
||||
which nc6 && NC_CMD=nc6
|
||||
# Note: busybox nc unusable, "-q" only Debian, GNU netcat "-c" unusable
|
||||
$NC_CMD -h 2>&1 | egrep -q '\-l\b' || NC_CMD=
|
||||
|
||||
# 1=-I/-D 2=proto 3=srcip, 4=dport, 5=to
|
||||
portfw () {
|
||||
local to
|
||||
case $1 in "-D")
|
||||
to=$(iptables -t nat -nL PREROUTING|sed -n "s/^DNAT[[:space:]]\\+$2[[:space:]]\\+[^[:space:]]\\+[[:space:]]\\+$3[[:space:]]\\+![[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+\\.[[:digit:]]\\+[[:space:]]\\+$2[[:space:]]\\+dpt:$4[[:space:]]\\+to://;tp;b;:p p;q")
|
||||
;;esac
|
||||
to=${to:-$5}
|
||||
iptables -t nat $1 PREROUTING --proto $2 -s $3 ! -d ${to%:*} --dport $4 -j DNAT --to $to
|
||||
}
|
||||
|
||||
netcatruns () {
|
||||
for pid in $(pidof $NC_CMD);do
|
||||
ppid=$(sed -n 's/^PPid: //p' /proc/$pid/status)
|
||||
case $(sed -n 's/^Name: //p' /proc/$ppid/status) in ${0##*/})
|
||||
# Check netstat: release the IP currently grabbing our blocking page
|
||||
case "$1" in "GET /let-me-browse-again"*)
|
||||
le=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\4 \3 \2 \1/'))
|
||||
be=$(printf "%02X%02X%02X%02X" $(echo ${ifip:-$ADR}|sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/\1 \2 \3 \4/'))
|
||||
eval $(sed -n '/^ *[0-9]\+: \+'$le':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\4 )).$(( 0x\3 )).$(( 0x\2 )).$(( 0x\1 ))/;p;q};/^ *[0-9]\+: \+'$be':'$(printf '%04X' $BLOCKPORT)' \+[^ ]\+ \+01 \+/{s/^[^:]\+: \+[^ ]\+ \+\([^:][^:]\)\([^:][^:]\)\([^:][^:]\)\([^:][^:]\).*/ip=$(( 0x\1 )).$(( 0x\2 )).$(( 0x\3 )).$(( 0x\4 ))/;p;q}' /proc/net/tcp)
|
||||
portfw -D tcp $ip 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
|
||||
;;esac
|
||||
return 0
|
||||
;;esac
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
# Add (-I) or remove (-D) iptables rules
|
||||
block () {
|
||||
# Freifunk Firmware Configs
|
||||
which nvram && {
|
||||
ff_adm_mail=$(nvram get ff_adm_mail)
|
||||
ff_zapp_time=$(nvram get ff_zapp_time)
|
||||
ff_zapp_debug=$(nvram get ff_zapp_debug)
|
||||
ff_zapp_server=$(nvram get ff_zapp_server)
|
||||
ff_zapp_strict=$(nvram get ff_zapp_strict)
|
||||
MAILFROM=${ff_adm_mail:-$MAILFROM}
|
||||
MAILADDR=${ff_adm_mail:-$MAILADDR}
|
||||
CLEARTIME=${ff_zapp_time:-$CLEARTIME}
|
||||
DEBUGSAVE=${ff_zapp_debug:-$DEBUGSAVE}
|
||||
WEBSERVER=${ff_zapp_server:-$WEBSERVER}
|
||||
IFS=\;
|
||||
for i in $(nvram get ff_zapp_trusted); do
|
||||
TRUSTEDIP="$TRUSTEDIP $i"
|
||||
done
|
||||
unset IFS
|
||||
}
|
||||
|
||||
for i in $TRUSTEDIP;do
|
||||
case $2 in $i)
|
||||
# Prevents re-blocking next run
|
||||
iptables $1 FORWARD -s $2
|
||||
iptables $1 FORWARD -d $2
|
||||
return
|
||||
;;esac
|
||||
done
|
||||
|
||||
# Note: FreifunkFW does not have REJECT out-of-the-box
|
||||
jump=DROP
|
||||
iptables -I OUTPUT -d 127.0.0.1 -j REJECT 2>&- && iptables -D OUTPUT -d 127.0.0.1 -j REJECT 2>&- && jump=REJECT
|
||||
|
||||
iptables $1 FORWARD -s $2 -j $jump
|
||||
iptables $1 FORWARD -d $2 -j $jump
|
||||
|
||||
# Allowing ping is always a good idea
|
||||
iptables $1 FORWARD -s $2 --proto icmp -j ACCEPT
|
||||
iptables $1 FORWARD -d $2 --proto icmp -j ACCEPT
|
||||
|
||||
# Allow TCP up to port 1023
|
||||
iptables $1 FORWARD -s $2 --proto tcp --dport :1023 -j ACCEPT
|
||||
iptables $1 FORWARD -d $2 --proto tcp --sport :1023 -j ACCEPT
|
||||
|
||||
# Note: Freifunk FW does not have REDIRECT, use DNAT instead,
|
||||
# which needs the correct outgoing interface IP for redirection.
|
||||
ifip=$(ip route get $2|sed -n 's/^.* src \([^ ]\+\).*/\1/p')
|
||||
|
||||
# Allow DNS, redirect to our local dnsmasq if applicable
|
||||
if pidof dnsmasq >&-; then
|
||||
portfw $1 udp $2 53 ${ifip:-$ADR}:53
|
||||
portfw $1 tcp $2 53 ${ifip:-$ADR}:53
|
||||
else
|
||||
iptables $1 FORWARD -s $2 --proto udp --dport 53 -j ACCEPT
|
||||
iptables $1 FORWARD -d $2 --proto udp --sport 53 -j ACCEPT
|
||||
fi
|
||||
|
||||
# It's polite to tell a blocked user what's going on
|
||||
case $NC_CMD in "");;*)
|
||||
portfw $1 tcp $2 80 ${ifip:-$ADR}:$BLOCKPORT 2>&-
|
||||
case $1 in "-D")
|
||||
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
|
||||
sed -i -e "/\/${0##*/} unblock $2\$/d" $CRONDIR/$CRONUSR
|
||||
echo $CRONUSR > $CRONDIR/cron.update
|
||||
};;esac
|
||||
if ! iptables -t nat -nL PREROUTING|egrep -q "\\bto:[^:]+:$BLOCKPORT\\b"; then
|
||||
netcatruns && (echo "Stopping netcat server" >&2;kill $ppid $pid)
|
||||
fi
|
||||
;;*)
|
||||
case $CLEARTIME in ""|0);;*)test -f $CRONDIR/$CRONUSR && {
|
||||
min=$(date +%M)
|
||||
min=$(( $(date +%k ) * 60 + ${min#0} + $CLEARTIME ))
|
||||
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
|
||||
sed -i -e "\$a$(( $min % 60 )) $(( $min / 60 % 24 )) * * * $me unblock $2" $CRONDIR/$CRONUSR
|
||||
echo $CRONUSR > $CRONDIR/cron.update
|
||||
};;esac
|
||||
if ! netcatruns; then
|
||||
echo "Starting netcat server for $2" >&2
|
||||
while true;do ($NC_CMD -l -p $BLOCKPORT <<EOF
|
||||
HTTP/1.0 200 OK
|
||||
Expires: -1
|
||||
Pragma: no-cache
|
||||
Cache-Control: no-cache
|
||||
Content-Type: text/html; charset=utf-8
|
||||
|
||||
<HTML>
|
||||
<HEAD><TITLE>Sorry...</TITLE>
|
||||
<META HTTP-EQUIV="Expires" CONTENT="-1">
|
||||
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
|
||||
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
|
||||
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8">
|
||||
<STYLE TYPE="text/css"></STYLE>
|
||||
</HEAD>
|
||||
<BODY ONLOAD="if ('/let-me-browse-again' == window.location.pathname)location.href=document.referrer">
|
||||
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"><!--
|
||||
function addrule(selector, rule)
|
||||
{
|
||||
if (null!=document.styleSheets && 0<document.styleSheets.length)
|
||||
{
|
||||
if (null!=document.styleSheets[0].cssRules)
|
||||
{
|
||||
document.styleSheets[0].insertRule(selector+"{"+rule+"}", 0);
|
||||
}
|
||||
else if (null!=document.styleSheets[0].rules)
|
||||
{
|
||||
document.styleSheets[0].addRule(selector, rule);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (null != navigator.language && "de" == navigator.language ||
|
||||
null != navigator.browserLanguage && "de" == navigator.browserLanguage)
|
||||
{
|
||||
addrule(".de", "display:block");
|
||||
addrule(".fr", "display:none");
|
||||
addrule(".en", "display:none");
|
||||
}
|
||||
else if (null != navigator.language && "fr" == navigator.language ||
|
||||
null != navigator.browserLanguage && "fr" == navigator.browserLanguage)
|
||||
{
|
||||
addrule(".de", "display:none");
|
||||
addrule(".fr", "display:block");
|
||||
addrule(".en", "display:none");
|
||||
}
|
||||
else
|
||||
{
|
||||
addrule(".de", "display:none");
|
||||
addrule(".fr", "display:none");
|
||||
addrule(".en", "display:block");
|
||||
}
|
||||
//--></SCRIPT>
|
||||
<H1>Zapped on $(uname -n) (${ifip:-$ADR})</H1>
|
||||
|
||||
<DIV CLASS="en">
|
||||
<P><SMALL CLASS="de">Deutsch: siehe unten</SMALL><SMALL CLASS="fr">français : voir ci-dessous</SMALL></P>
|
||||
<HR>
|
||||
<P>Hello! You are a victim of a filesharing blockade. Your PC opens too
|
||||
much connections to different Internet hosts. This may be caused by the
|
||||
VoIP program Skype, by a filesharing program or by another program with
|
||||
this unusual communication pattern. $(test -f $WEBSERVER/cgi-bin-skype.html &&
|
||||
echo "For operating the Skype VoIP program please read this
|
||||
<A HREF='http://$ifip/cgi-bin-skype.html'>Information Page</A>.")
|
||||
</P>
|
||||
<P>TCP based services still work (ports up to 1023), but UDP based services are blocked now.</P>
|
||||
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
||||
VALUE='I have read this page and stopped the respective program. Please restore access to the Web.'
|
||||
TYPE='submit'></FORM>
|
||||
<P>The blockade $(case $CLEARTIME in ""|0) echo "needs to be removed manually.";;*)echo "will be
|
||||
removed after $CLEARTIME minutes. Alternatively, the blockade can be removed manually.";;esac)
|
||||
For this, send an email to <A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
||||
</P>
|
||||
</DIV>
|
||||
|
||||
<DIV CLASS="de">
|
||||
<HR>
|
||||
<P>Hallo! Du bist das Opfer einer Filesharing-Sperre geworden. Dein Rechner
|
||||
öffnet zuviele Verbindungen zu verschiedenen Internet-Rechnern. Dies
|
||||
kann ausgelöst werden durch das VoIP-Programm Skype, durch ein
|
||||
Filesharing-Programm oder durch ein anderes Programm welches dieses ungewöhnliche
|
||||
Kommunikationsmuster aufweist. $(test -f $WEBSERVER/cgi-bin-skype.html &&
|
||||
echo "Zum Betrieb des VoIP-Programms Skype lies bitte diese
|
||||
<A HREF='http://$ifip/cgi-bin-skype.html'>Informationsseite</A>.")
|
||||
</P>
|
||||
<P><B>Hinweis:</B> TCP-basierte Dienste (Ports bis 1023) funktionieren, aber UDP-basierte Dienste sind nun gesperrt.</P>
|
||||
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
||||
VALUE='Ich habe verstanden und das entsprechende Programm beendet. Bitte Web-Zugang freigeben.'
|
||||
TYPE='submit'></FORM>
|
||||
<P>Die Sperre $(case $CLEARTIME in ""|0)echo "muss manuell entfernt werden.";;*)
|
||||
echo "wird nach $CLEARTIME Minuten entfernt. Wahlweise kann die Sperre
|
||||
auch manuell entfernt werden.";;esac) Sende dazu eine Mail an
|
||||
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
||||
</P>
|
||||
</DIV>
|
||||
|
||||
<DIV CLASS="fr">
|
||||
<HR>
|
||||
<P>Bonjour! Vous êtes victime du mécanisme de blocage de partage de fichiers. Votre
|
||||
ordinateur ouvre trop de connexions simultanées vers trop d'hôtes Internet différents.
|
||||
Ceci peut venir du logiciel de communications Skype, d'un logiciel de partage de fichiers,
|
||||
ou d'un autre programme qui aurait ce même comportement inhabituel, comme certains virus.
|
||||
$(test -f $WEBSERVER/cgi-bin-skype.html &&
|
||||
echo "Pour l'utilisation de Skype en voix sur IP (VoIP) merci de lire cette
|
||||
<A HREF='http://$ifip/cgi-bin-skype.html'>page d'informations</A>.")
|
||||
</P>
|
||||
<P><B>Précisions:</B> Les services TCP restent fonctionnels (Ports jusqu'au n° 1023) mais les
|
||||
services UDP sont bloqués.
|
||||
<FORM ACTION='/let-me-browse-again' METHOD='GET'><INPUT
|
||||
VALUE='J‘ai lu cette page et j‘ai arrêté les programmes suspectés. Lever le blocage!'
|
||||
TYPE='submit'></FORM>
|
||||
<P>Le blocage $(case $CLEARTIME in ""|0)echo "doit être désactivé manuellement.";;*)
|
||||
echo "sera levé automatiquement dans $CLEARTIME minutes. Il est aussi possible de
|
||||
le faire manuellement.";;esac) en envoyant un mail à
|
||||
<A HREF="mailto:$MAILADDR">$MAILADDR</A>.
|
||||
</P>
|
||||
</DIV>
|
||||
</BODY>
|
||||
<HEAD>
|
||||
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
|
||||
<META HTTP-EQUIV="Expires" CONTENT="-1">
|
||||
</HEAD>
|
||||
</HTML>
|
||||
EOF
|
||||
)|(read -r GET && netcatruns "$GET" && kill $pid)
|
||||
done >&- 2>&- &
|
||||
fi
|
||||
;;esac
|
||||
;;esac
|
||||
}
|
||||
|
||||
zapp () {
|
||||
# Block an IP and send a mail to the admin
|
||||
ip=$(echo $1|sed -e 's/^[A-Z]\+_//;s/=.*//;s/_/./g')
|
||||
if $DEBUG; then
|
||||
# Prevent script recursion
|
||||
case $DEBIP in "")
|
||||
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)"
|
||||
echo
|
||||
$0 "$CONN" ${1%=*}
|
||||
;;esac
|
||||
elif ! iptables -nL FORWARD | egrep -q "\\b$(echo $ip|sed 's/\./\\&/g')\\b";then
|
||||
echo "Zapping $(ip route get $ip|sed -n 's/ dev .*//p') with $2 bogopoints at $(date)" >> /var/log/zappfile.txt
|
||||
mac=$(sed -n 's/^'$(echo $ip|sed 's/\./\\./g')' \+\([^ ]\+ \+\)\{2\}\([^ ]\+\).*/\2/p' /proc/net/arp)
|
||||
|
||||
# Disabled, because we cannot unblock this currently
|
||||
case 0 in 1)case $mac in '');;*)
|
||||
echo "Also zapping $mac at $(date)" >> /var/log/zappfile.txt
|
||||
iptables -I FORWARD -m mac --mac-source $mac -j $jump
|
||||
;;esac;;esac
|
||||
|
||||
block -I $ip
|
||||
|
||||
case $DEBUGSAVE in 1)
|
||||
# Save current conntrack for later analysis
|
||||
cat "$CONN"|gzip -c>/var/log/zappfile-$ip-$(date).txt.gz
|
||||
;;esac
|
||||
|
||||
which ssmtp && cat|ssmtp $MAILADDR<<EOF
|
||||
To: $MAILADDR
|
||||
From: $MAILFROM
|
||||
Subject: Zappfile extended on $(uname -n)
|
||||
|
||||
The following IP exeeded the conntrack limit and was added to the zappfile:
|
||||
|
||||
IP: $ip
|
||||
MAC: $mac
|
||||
Date: $(date)
|
||||
Bogopoints: $2
|
||||
Threshold: $BOGOTHRESH
|
||||
|
||||
The forwarding firewall now has the following rules:
|
||||
|
||||
$(iptables -nL FORWARD)
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
# TCP rules:
|
||||
# * Bittorrent opens and uses lots of TCP connections
|
||||
# * BT also uses a higher bandwidth, especially on port 688x
|
||||
# * General: lots of TCP traffic from/to different peers (!port 80)
|
||||
tcp () {
|
||||
# We only count traffic generated by others
|
||||
case $3 in $PAT);;*)
|
||||
case "${10}" in
|
||||
# We count unreplied connection attempts because
|
||||
# lots of P2P peers may not have correct portfw
|
||||
# as well as currently active transfers
|
||||
SYN_SENT|SYN_RECV|ESTABLISHED)
|
||||
case $4 in
|
||||
# HTTP, HTTPS: browsers tend to open multiple connections
|
||||
80|443)
|
||||
case $9 in
|
||||
?????)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac"
|
||||
;;
|
||||
*)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac"
|
||||
;;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "tcp ham $1:$2 $3:$4";;esac
|
||||
;;
|
||||
# Punish traffic on ports 6880-6889
|
||||
688*)
|
||||
case $9 in
|
||||
?????)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac"
|
||||
;;
|
||||
*)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac"
|
||||
;;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "tcp p2p $1:$2 $3:$4";;esac
|
||||
;;
|
||||
# Everything else is normal tcp
|
||||
*)
|
||||
case $9 in
|
||||
?????)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac"
|
||||
;;
|
||||
*)
|
||||
eval "case \$TCP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac"
|
||||
;;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "tcp std $1:$2 $3:$4";;esac
|
||||
;;
|
||||
esac
|
||||
eval "TCP_$1_$3=\$(( \$TCP_$1_$3 + 1 ))"
|
||||
;;
|
||||
esac
|
||||
;;esac
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# UDP rules:
|
||||
# * Bittorrent DHT feature got us unreplied incoming UDP from diverse IPs (sport likely 688x)
|
||||
# * P2P-user with DHT: incoming UDP dport(unreplied) is port the P2P-user configured for DHT
|
||||
# * P2P-user none DHT: Peers seeking DHT, we have a P2P-user currently, lower tolerance
|
||||
# * General: lots of UDP traffic from/to different peers(!port 53)
|
||||
|
||||
udp () {
|
||||
case ${10} in "[UNREPLIED]") case $3 in $PAT)
|
||||
# We are contacted by incoming UDP (without reason). If that is the case
|
||||
# it is likely that we have at least one P2P user now. Especially if that
|
||||
# peer sends us from his port 688x which is the default for Bittorrent.
|
||||
case $2 in
|
||||
668*)
|
||||
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
|
||||
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
||||
;;
|
||||
*)
|
||||
case $4 in
|
||||
688*)
|
||||
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 5 ));;esac"
|
||||
case $DEBIP in '');;*)echo "nak p2p $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
||||
;;
|
||||
*)
|
||||
eval "case \$UNK_$1 in \"\")UNK=\$(( \$UNK + 1 ));;esac"
|
||||
case $DEBIP in '');;*)echo "nak udp $1:$2 -> $3:$4 (UNK=$UNK)";;esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
eval "UNK_$1=\$(( \$UNK_$1 + 1 ))"
|
||||
;;esac;;esac
|
||||
# We only count traffic generated by others
|
||||
case $3 in $PAT);;*)
|
||||
case $4 in
|
||||
# DNS: resolvers tend to open multiple connections
|
||||
53)
|
||||
case ${10} in
|
||||
"[UNREPLIED]")
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 1 ));;esac";;
|
||||
*)
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 2 ));;esac";;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "udp ham $1:$2 $3:$4";;esac
|
||||
;;
|
||||
# Punish traffic on ports 6880-6889
|
||||
688*)
|
||||
case ${10} in
|
||||
"[UNREPLIED]")
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 10 ));;esac";;
|
||||
*)
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 20 ));;esac";;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "udp p2p $1:$2 $3:$4";;esac
|
||||
;;
|
||||
# Everything else is normal udp
|
||||
*)
|
||||
case ${10} in
|
||||
"[UNREPLIED]")
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 3 ));;esac";;
|
||||
*)
|
||||
eval "case \$UDP_$1_$3 in \"\")IP_$1=\$(( \$IP_$1 + 4 ));;esac";;
|
||||
esac
|
||||
case ${DEBIP#IP_} in $1)echo "udp std $1:$2 $3:$4";;esac
|
||||
;;
|
||||
esac
|
||||
eval "UDP_$1_$3=\$(( \$UDP_$1_$3 + 1 ))"
|
||||
;;esac
|
||||
return 0
|
||||
}
|
||||
|
||||
case $1 in
|
||||
block)
|
||||
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
|
||||
block "-I" $2
|
||||
exit 0
|
||||
;;
|
||||
unblock|clear)
|
||||
case $2 in "")echo "Add IP as second arg" 2>&-;exit 1;;esac
|
||||
block "-D" $2
|
||||
exit 0
|
||||
;;
|
||||
start|stop)
|
||||
test ! -f $CRONDIR/$CRONUSR && (echo "No $CRONDIR/$CRONUSR" 2>&-;exit 1)
|
||||
if egrep -q "/${0##*/}" $CRONDIR/$CRONUSR; then
|
||||
case $1 in stop)
|
||||
echo "Removing ${0##*/} from cron"
|
||||
sed -i -e "/\/${0##*/}/d" $CRONDIR/$CRONUSR
|
||||
;;esac
|
||||
else
|
||||
case $1 in start)
|
||||
case $BOGOTHRESH in 0);;*)
|
||||
echo "Adding ${0##*/} to cron"
|
||||
me=$(echo $0|sed "s,^\\.\\.,$PWD/&,;s,^\\.,$PWD,")
|
||||
sed -i -e "\$a*/1 * * * * $me" $CRONDIR/$CRONUSR
|
||||
;;esac
|
||||
;;esac
|
||||
fi
|
||||
echo $CRONUSR > $CRONDIR/cron.update
|
||||
exit 0
|
||||
;;
|
||||
status)
|
||||
echo "Firewall status:"
|
||||
iptables -nL FORWARD|egrep '^(DROP|REJECT)? +all +-- +[1-9][0-9\.]+ +0.0.0.0/0\b' || echo " No IPs blocked"
|
||||
egrep -q "/${0##*/}" $CRONDIR/$CRONUSR && echo "Running via cron" || echo "Not running via cron"
|
||||
exit 0
|
||||
;;
|
||||
-h|--help|help)
|
||||
cat<<EOF
|
||||
This script examines the kernel conntrack table and blocks a source IP if
|
||||
it detects a filesharing application. Read the script file for details.
|
||||
|
||||
Usage: $0 {start|stop|block [IP]|unblock [IP]|help|[file]}
|
||||
|
||||
start add this scipt as cron job
|
||||
stop remove this script from cron
|
||||
status show a list of blocked IPs
|
||||
block manually block an IP
|
||||
unblock manually unblock an IP
|
||||
[file] parse [file] instead /proc/net/ip_conntrack (for testing)
|
||||
No args normal function, e.g. called by cron without arguments
|
||||
|
||||
Note1: if netcat is installed, this script tries to inform a blocked user
|
||||
by starting a simple web server. If also ssmtp is installed, this script
|
||||
informs you by e-mail about the filesharing and blocking incidents. If
|
||||
someone is blocked, this is recorded in /var/log/zapp* files for later
|
||||
analysis. To analyze, unpack the gzipped conntrack file of the incident
|
||||
and start this script by supplying the filename.
|
||||
|
||||
Note2: to install on Freifunk-FW copy this script to /etc/init.d/S92zapp
|
||||
and restart the router. On other systems it shoud be sufficient to start
|
||||
this script with "$0 start".
|
||||
EOF
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
if ! $DEBUG; then
|
||||
if [ -f /proc/sys/net/netfilter/nf_conntrack_acct ] &&
|
||||
[ 0 = $(cat /proc/sys/net/netfilter/nf_conntrack_acct) ]
|
||||
then
|
||||
# Kernel-2.6 needs accounting=on for correct ip_conntrack format
|
||||
echo "Kernel accounting not enabled, which is required." >&2
|
||||
echo "Use 'sysctl -w net.netfilter.nf_conntrack_acct=1'" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Different kernels have differnt formats, script lines doubled to prevent too much compare operations
|
||||
REL=$(uname -r)
|
||||
case ${REL#2.4} in $REL)
|
||||
# Kernel 2.6 output has [STATUS] in different positions, shift to end
|
||||
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
|
||||
set $l
|
||||
case $1 in
|
||||
tcp)
|
||||
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${11#src=} ${13#sport=} ${12#dst=} ${14#dport=} $(( ${10#bytes=} + ${16#bytes=} )) $4
|
||||
;;
|
||||
udp)
|
||||
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${10#src=} ${12#sport=} ${11#dst=} ${13#dport=} $(( ${9#bytes=}+${15#bytes=} )) ${19}
|
||||
;;
|
||||
eof)
|
||||
# If probably no P2P client active double threshold
|
||||
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
|
||||
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
|
||||
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
|
||||
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
|
||||
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
|
||||
done
|
||||
;;
|
||||
esac
|
||||
done
|
||||
;;*)
|
||||
# Kernel 2.4 output has [STATUS] in different positions, shift to end
|
||||
sed 's/\./_/g;s/\( \[[^]]\+\]\)\(.*\)/\2\1/;$aeof' "$CONN"|while read l;do
|
||||
set $l
|
||||
case $1 in
|
||||
tcp)
|
||||
tcp ${5#src=} ${7#sport=} ${6#dst=} ${8#dport=} ${9#src=} ${11#sport=} ${10#dst=} ${12#dport=} ${15#bytes=} $4
|
||||
;;
|
||||
udp)
|
||||
udp ${4#src=} ${6#sport=} ${5#dst=} ${7#dport=} ${8#src=} ${10#sport=} ${9#dst=} ${11#dport=} ${14#bytes=} ${15}
|
||||
;;
|
||||
eof)
|
||||
# If probably no P2P client active double threshold
|
||||
test $UNK -lt 10 && BOGOTHRESH=$(( $BOGOTHRESH + $BOGOTHRESH ))
|
||||
set|sed -n "s/^\\(IP_[^=]\\+=\\)'*\\([^']\\+\\).*/\\1\\2/p"|while read i;do
|
||||
case $DEBIP in ${i%=*})echo "$i -gt $BOGOTHRESH";;esac
|
||||
case $DEBUGLOGS in "");;*)echo $DEBUGLOGS ${i#*=} >> /var/log/zapp/${i%=*};;esac
|
||||
test ${i#*=} -gt $BOGOTHRESH && zapp $i ${i#*=}
|
||||
done
|
||||
;;
|
||||
esac
|
||||
done
|
||||
;;esac
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,327 @@
|
|||
#!/bin/sh
|
||||
# Netmon Nodewatcher (C) 2010-2011 Freifunk Oldenburg
|
||||
# Lizenz: GPL
|
||||
|
||||
SCRIPT_DIR=`dirname $0`
|
||||
|
||||
if [ -f /etc/config/nodewatcher ];then
|
||||
API_IPV4_ADRESS=`uci get nodewatcher.@api[0].ipv4_address`
|
||||
API_IPV6_ADRESS=`uci get nodewatcher.@api[0].ipv6_address`
|
||||
API_IPV6_INTERFACE=`uci get nodewatcher.@api[0].ipv6_interface`
|
||||
API_TIMEOUT=`uci get nodewatcher.@api[0].timeout`
|
||||
API_RETRY=`uci get nodewatcher.@api[0].retry`
|
||||
SCRIPT_VERSION=`uci get nodewatcher.@script[0].version`
|
||||
SCRIPT_ERROR_LEVEL=`uci get nodewatcher.@script[0].error_level`
|
||||
SCRIPT_LOGFILE=`uci get nodewatcher.@script[0].logfile`
|
||||
UPDATE_AUTOUPDATE=`uci get nodewatcher.@update[0].autoupdate`
|
||||
MESH_INTERFACE=`uci get nodewatcher.@network[0].mesh_interface`
|
||||
CLIENT_INTERFACES=`uci get nodewatcher.@network[0].client_interfaces`
|
||||
else
|
||||
. $SCRIPT_DIR/nodewatcher_config
|
||||
fi
|
||||
|
||||
API_RETRY=$(($API_RETRY - 1))
|
||||
|
||||
delete_log() {
|
||||
if [ -f $logfile ]; then
|
||||
if [ `ls -la $logfile | awk '{ print $5 }'` -gt "6000" ]; then
|
||||
sed -i '1,60d' $logfile
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Logfile wurde verkleinert" >> $logfile
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
get_url() {
|
||||
if [[ $API_IPV4_ADRESS != "1" ]]; then
|
||||
url=$API_IPV4_ADRESS
|
||||
else
|
||||
url="[$API_IPV6_ADRESS"%"$API_IPV6_INTERFACE]"
|
||||
fi
|
||||
echo $url
|
||||
}
|
||||
|
||||
get_curl() {
|
||||
if [[ $API_IPV4_ADRESS != "1" ]]; then
|
||||
curl="http://$API_IPV4_ADRESS"
|
||||
else
|
||||
numeric_scope_id=`ip addr | grep $API_IPV6_INTERFACE | awk '{ print $1 }' | sed 's/://'`
|
||||
curl="-g http://$API_IPV6_ADRESS%$numeric_scope_id"
|
||||
fi
|
||||
echo $curl
|
||||
}
|
||||
|
||||
do_ping() {
|
||||
if [[ $API_IPV4_ADRESS != "1" ]]; then
|
||||
command="ping -c 2 "$API_IPV4_ADRESS
|
||||
else
|
||||
command="ping -c 2 -I "$API_IPV6_INTERFACE" "$API_IPV6_ADRESS
|
||||
fi
|
||||
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Pinging..." >> $logfile
|
||||
fi
|
||||
|
||||
ping_return=`$command`
|
||||
|
||||
if [ $error_level -gt "2" ]; then
|
||||
echo $ping_return
|
||||
fi
|
||||
}
|
||||
|
||||
update() {
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Suche neue Version" >> $logfile
|
||||
fi
|
||||
netmon_api=`get_url`
|
||||
command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=version&nodewatcher_version=$SCRIPT_VERSION"
|
||||
ergebnis=`$command&sleep $API_TIMEOUT; kill $!`
|
||||
return=`echo $ergebnis| cut '-d;' -f1`
|
||||
version=`echo $ergebnis| cut '-d;' -f2`
|
||||
|
||||
if [[ "$return" = "success" ]]; then
|
||||
if [[ $version -gt $SCRIPT_VERSION ]]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Eine neue Version ist Verfügbar, script wird geupdated" >> $logfile
|
||||
fi
|
||||
wget -q -O $SCRIPT_DIR/nodewatcher.sh "http://$netmon_api/api_nodewatcher.php?section=update&nodewatcher_version=$SCRIPT_VERSION"
|
||||
uci set nodewatcher.@script[0].version=$version
|
||||
uci commit
|
||||
else
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Das Script ist aktuell" >> $logfile
|
||||
fi
|
||||
fi
|
||||
else
|
||||
if [ $error_level -gt "0" ]; then
|
||||
echo "`date`: Beim Update ist ein Fehler aufgetreten: $ergebnis" >> $logfile
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
crawl() {
|
||||
#Get system data from UCI
|
||||
if which uci >/dev/null; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: UCI is installed, trying to collect extra data UCI" >> $logfile
|
||||
fi
|
||||
location="`uci get freifunk.contact.location`"
|
||||
latitude="`uci get system.@system[0].latitude`"
|
||||
longitude="`uci get system.@system[0].longitude`"
|
||||
|
||||
community_essid="`uci get freifunk.community.ssid`"
|
||||
community_nickname="`uci get freifunk.contact.nickname`"
|
||||
community_email="`uci get freifunk.contact.mail`"
|
||||
community_prefix="`uci get freifunk.community.prefix`"
|
||||
description="`uci get freifunk.contact.note`"
|
||||
fi
|
||||
|
||||
#Get system data from LUA
|
||||
if which lua >/dev/null; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: LUA is installed, trying to collect extra data LUA" >> $logfile
|
||||
fi
|
||||
luciname=`lua -l luci.version -e 'print(luci.version.luciname)'`
|
||||
lucversion=`lua -l luci.version -e 'print(luci.version.luciversion)'`
|
||||
fi
|
||||
|
||||
#Get system data from other locations
|
||||
hostname="`cat /proc/sys/kernel/hostname`"
|
||||
uptime=`cat /proc/uptime | awk '{ print $1 }'`
|
||||
idletime=`cat /proc/uptime | awk '{ print $2 }'`
|
||||
|
||||
memory_total=`cat /proc/meminfo | grep 'MemTotal' | awk '{ print $2 }'`
|
||||
memory_caching=`cat /proc/meminfo | grep -m 1 'Cached:' | awk '{ print $2 }'`
|
||||
memory_buffering=`cat /proc/meminfo | grep 'Buffers' | awk '{ print $2 }'`
|
||||
memory_free=`cat /proc/meminfo | grep 'MemFree' | awk '{ print $2 }'`
|
||||
cpu=`grep -m 1 "cpu model" /proc/cpuinfo | cut -d ":" -f 2`
|
||||
if [ -n $cpu ]; then
|
||||
cpu=`grep -m 1 "model name" /proc/cpuinfo | cut -d ":" -f 2`
|
||||
fi
|
||||
|
||||
chipset=`grep -m 1 "system type" /proc/cpuinfo | cut -d ":" -f 2`
|
||||
local_time="`date +%s`"
|
||||
processes=`cat /proc/loadavg | awk '{ print $4 }'`
|
||||
loadavg=`cat /proc/loadavg | awk '{ print $1 }'`
|
||||
|
||||
if which batctl >/dev/null; then
|
||||
batctl_adv_version=`batctl -v | awk '{ print $2 }'`
|
||||
batman_adv_version=`batctl o|head -n1|awk '{ print $3 }'|sed 's/,//'`
|
||||
fi
|
||||
kernel_version=`uname -r`
|
||||
nodewatcher_version=$SCRIPT_VERSION
|
||||
|
||||
openwrt_version_file="/etc/openwrt_release"
|
||||
if [ -f $openwrt_version_file ]; then
|
||||
. $openwrt_version_file
|
||||
|
||||
distname=$DISTRIB_ID
|
||||
distversion=$DISTRIB_RELEASE
|
||||
fi
|
||||
|
||||
firmware_version_file="/etc/firmware_release"
|
||||
if [ -f $firmware_version_file ]; then
|
||||
. $firmware_version_file
|
||||
|
||||
firmware_version=$FIRMWARE_VERSION
|
||||
fi
|
||||
|
||||
#Get interfaces
|
||||
IFACES=`cat /proc/net/dev | awk -F: '!/\|/ { gsub(/[[:space:]]*/, "", $1); split($2, a, " "); printf("%s=%s=%s ", $1, a[1], a[9]) }'`
|
||||
|
||||
int=""
|
||||
#Loop interfaces
|
||||
for entry in $IFACES; do
|
||||
iface=`echo $entry | cut -d '=' -f 1`
|
||||
rcv=`echo $entry | cut -d '=' -f 2`
|
||||
xmt=`echo $entry | cut -d '=' -f 3`
|
||||
|
||||
wlan_mode=""
|
||||
wlan_bssid=""
|
||||
wlan_essid=""
|
||||
wlan_frequency=""
|
||||
wlan_tx_power=""
|
||||
|
||||
if [ "$iface" != "lo" ]; then
|
||||
if [ "`ifconfig ${iface} | grep UP`" != "" ]; then
|
||||
#Get interface data
|
||||
name="${iface}"
|
||||
mac_addr="`ifconfig ${iface} | grep 'HWaddr' | awk '{ print $5}'`"
|
||||
ipv4_addr="`ifconfig ${iface} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`"
|
||||
ipv6_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Global' | awk '{ print $3}'`"
|
||||
ipv6_link_local_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Link' | awk '{ print $3}'`"
|
||||
mtu="`ifconfig ${iface} | grep 'MTU' | cut -d: -f2 | awk '{ print $1}'`"
|
||||
traffic_rx="$rcv"
|
||||
traffic_tx="$xmt"
|
||||
|
||||
int=$int"<$name><name>$name</name><mac_addr>$mac_addr</mac_addr><ipv4_addr>$ipv4_addr</ipv4_addr><ipv6_addr>$ipv6_addr</ipv6_addr><ipv6_link_local_addr>$ipv6_link_local_addr</ipv6_link_local_addr><traffic_rx>$traffic_rx</traffic_rx><traffic_tx>$traffic_tx</traffic_tx><mtu>$mtu</mtu>"
|
||||
|
||||
if [ "`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`" != "" ]; then
|
||||
wlan_mode="`iwconfig ${iface} 2>/dev/null | grep 'Mode' | awk '{ print $1 }' | cut -d ':' -f 2`"
|
||||
|
||||
if [ $wlan_mode = "Master" ]; then
|
||||
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep 'Access Point' | awk '{ print $6 }'`"
|
||||
elif [ $wlan_mode = "Ad-Hoc" ]; then
|
||||
wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep Cell | awk '{ print $5 }'`"
|
||||
fi
|
||||
|
||||
wlan_essid="`iwconfig ${iface} 2>/dev/null | grep ESSID | awk '{ split($4, a, \"\\"\"); printf(\"%s\", a[2]); }'`"
|
||||
wlan_frequency="`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`"
|
||||
wlan_tx_power="`iwconfig ${iface} 2>/dev/null | grep 'Tx-Power' | awk '{ print $4 }' | cut -d ':' -f 2`"
|
||||
int=$int"<wlan_mode>$wlan_mode</wlan_mode><wlan_frequency>$wlan_frequency</wlan_frequency><wlan_essid>$wlan_essid</wlan_essid><wlan_bssid>$wlan_bssid</wlan_bssid><wlan_tx_power>$wlan_tx_power</wlan_tx_power>"
|
||||
fi
|
||||
int=$int"</$name>"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
#B.A.T.M.A.N. advanced
|
||||
mv /etc/bat-hosts /etc/bat-hosts.tmp
|
||||
if which batctl >/dev/null; then
|
||||
batman_check_running=`batctl if | grep 'Error'`
|
||||
if [ "$batman_check_running" == "" ]; then
|
||||
has_active_interface="0"
|
||||
BAT_ADV_IFACES=`batctl if | awk '{ print $1 }' | cut -d ':' -f 1`
|
||||
for device_name in $BAT_ADV_IFACES; do
|
||||
if [ "`batctl if | grep $device_name | grep active`" != "" ]; then
|
||||
status='active'
|
||||
has_active_interface="1"
|
||||
else
|
||||
status='inactive'
|
||||
fi
|
||||
|
||||
BATMAN_ADV_INTERFACES=$BATMAN_ADV_INTERFACES"<$device_name><name>$device_name</name><status>$status</status></$device_name>"
|
||||
done
|
||||
|
||||
if [ $has_active_interface = "1" ]; then
|
||||
BAT_ADV_ORIGINATORS=`batctl o | grep 'No batman nodes in range'`
|
||||
if [ "$BAT_ADV_ORIGINATORS" == "" ]; then
|
||||
OLDIFS=$IFS
|
||||
IFS="
|
||||
"
|
||||
BAT_ADV_ORIGINATORS=`batctl o | awk '/O/ {next} /B/ {next} {print}'`
|
||||
count=0;
|
||||
for row in $BAT_ADV_ORIGINATORS; do
|
||||
originator=`echo $row | awk '{print $1}'`
|
||||
last_seen=`echo $row | awk '{print $2}'`
|
||||
last_seen="${last_seen//s/}"
|
||||
link_quality=`echo $row | awk '{print $3}'`
|
||||
link_quality="${link_quality//(/}"
|
||||
link_quality="${link_quality//)/}"
|
||||
outgoing_interface=`echo $row | awk '{print $6}'`
|
||||
outgoing_interface="${outgoing_interface//]:/}"
|
||||
|
||||
batman_adv_originators=$batman_adv_originators"<originator_$count><originator>$originator</originator><link_quality>$link_quality</link_quality><last_seen>$last_seen</last_seen><outgoing_interface>$outgoing_interface</outgoing_interface></originator_$count>"
|
||||
count=`expr $count + 1`
|
||||
done
|
||||
IFS=$OLDIFS
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
mv /etc/bat-hosts.tmp /etc/bat-hosts
|
||||
|
||||
#CLIENTS
|
||||
SEDDEV=`brctl showstp $MESH_INTERFACE | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
|
||||
|
||||
for entry in $CLIENT_INTERFACES; do
|
||||
CLIENT_MACS=$CLIENT_MACS`brctl showmacs $MESH_INTERFACE | sed -e "$SEDDEV" | awk '{if ($3 != "yes" && $1 == "'"$entry"'") print $2}'`" "
|
||||
done
|
||||
|
||||
i=0
|
||||
for client in $CLIENT_MACS; do
|
||||
i=`expr $i + 1` #Zähler um eins erhöhen
|
||||
done
|
||||
client_count=$i
|
||||
|
||||
SYSTEM_DATA="<status>online</status><hostname>$hostname</hostname><description>$description</description><location>$location</location><latitude>$latitude</latitude><longitude>$longitude</longitude><luciname>$luciname</luciname><luciversion>$luciversion</luciversion><distname>$distname</distname><distversion>$distversion</distversion><chipset>$chipset</chipset><cpu>$cpu</cpu><memory_total>$memory_total</memory_total><memory_caching>$memory_caching</memory_caching><memory_buffering>$memory_buffering</memory_buffering><memory_free>$memory_free</memory_free><loadavg>$loadavg</loadavg><processes>$processes</processes><uptime>$uptime</uptime><idletime>$idletime</idletime><local_time>$local_time</local_time><community_essid>$community_essid</community_essid><community_nickname>$community_nickname</community_nickname><community_email>$community_email</community_email><community_prefix>$community_prefix</community_prefix><batman_advanced_version>$batman_adv_version</batman_advanced_version><kernel_version>$kernel_version</kernel_version><nodewatcher_version>$nodewatcher_version</nodewatcher_version><firmware_version>$firmware_version</firmware_version><firmware_revision>$FIRMWARE_REVISION</firmware_revision><openwrt_core_revision>$OPENWRT_CORE_REVISION</openwrt_core_revision><openwrt_feeds_packages_revision>$OPENWRT_FEEDS_PACKAGES_REVISION</openwrt_feeds_packages_revision>"
|
||||
INTERFACE_DATA="$int"
|
||||
BATMAN_ADV_ORIGINATORS="$batman_adv_originators"
|
||||
CLIENT_DATA="$client_count"
|
||||
|
||||
DATA="<?xml version='1.0' standalone='yes'?><data><system_data>$SYSTEM_DATA</system_data><interface_data>$INTERFACE_DATA</interface_data><batman_adv_interfaces>$BATMAN_ADV_INTERFACES</batman_adv_interfaces><batman_adv_originators>$BATMAN_ADV_ORIGINATORS</batman_adv_originators><client_count>$CLIENT_DATA</client_count></data>"
|
||||
|
||||
#write data to hxml file that provides the data on httpd
|
||||
echo $DATA > /tmp/node.data
|
||||
}
|
||||
|
||||
LANG=C
|
||||
|
||||
SCRIPT_DIR=`dirname $0`
|
||||
error_level=$SCRIPT_ERROR_LEVEL
|
||||
logfile=$SCRIPT_LOGFILE
|
||||
|
||||
if [[ $UPDATE_AUTOUPDATE == '1' ]]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Autoupdate ist an" >> $logfile
|
||||
fi
|
||||
update
|
||||
else
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Autoupdate ist aus" >> $logfile
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$1" == "update" ]]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Führe manuelles update aus" >> $logfile
|
||||
fi
|
||||
update
|
||||
exit 1
|
||||
fi
|
||||
|
||||
can_crawl=1
|
||||
|
||||
if [ $can_crawl == 1 ]; then
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Prüfe Logfile" >> $logfile
|
||||
fi
|
||||
delete_log
|
||||
|
||||
if [ $error_level -gt "1" ]; then
|
||||
echo "`date`: Sende aktuelle Statusdaten" >> $logfile
|
||||
fi
|
||||
crawl
|
||||
fi
|
||||
exit 0
|
|
@ -0,0 +1,3 @@
|
|||
root:$1$OmvoKpjK$e.lPVnBxsrAbNV4EoH3xb1:0:0:root:/root:/bin/ash
|
||||
nobody:*:65534:65534:nobody:/var:/bin/false
|
||||
daemon:*:65534:65534:daemon:/var:/bin/false
|
|
@ -0,0 +1,26 @@
|
|||
# Put your custom commands here that should be executed once
|
||||
# the system init finished. By default this file does nothing.
|
||||
|
||||
ifconfig br-mesh down
|
||||
ifconfig br-mesh up
|
||||
|
||||
ifdown lan
|
||||
ifup lan
|
||||
|
||||
rdate -s time.fu-berlin.de
|
||||
|
||||
chown root.root /etc/crontabs/root
|
||||
/etc/init.d/cron stop
|
||||
/etc/init.d/cron start
|
||||
|
||||
sh /etc/firewall.user
|
||||
|
||||
/etc/init.d/qos disable
|
||||
/etc/init.d/qos stop
|
||||
|
||||
#busybox-httpd for crawldata
|
||||
httpd -h /tmp/
|
||||
|
||||
sh /etc/configurator.sh
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# SHOWMACS need br-ctl! NO BUSYBOX!
|
||||
#
|
||||
# Version 0.2
|
||||
#
|
||||
# by Tim Niemeyer (reddog@mastersword.de)
|
||||
#
|
||||
|
||||
DEV=$1
|
||||
|
||||
SEDDEV=`brctl showstp $DEV | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'`
|
||||
SEDMAC=`cat /etc/bat-hosts | sed -e "s/^/s\//;s/$/\/;/;s/ /\//"`
|
||||
|
||||
brctl showmacs $DEV | sed -e "$SEDMAC" | sed -e "$SEDDEV"
|
|
@ -0,0 +1,24 @@
|
|||
kernel.panic=3
|
||||
net.ipv4.conf.default.arp_ignore=1
|
||||
net.ipv4.conf.all.arp_ignore=1
|
||||
net.ipv4.ip_forward=1
|
||||
net.ipv4.icmp_echo_ignore_broadcasts=1
|
||||
net.ipv4.icmp_ignore_bogus_error_responses=1
|
||||
net.ipv4.tcp_ecn=0
|
||||
net.ipv4.tcp_fin_timeout=30
|
||||
net.ipv4.tcp_keepalive_time=120
|
||||
net.ipv4.tcp_syncookies=1
|
||||
net.ipv4.tcp_timestamps=0
|
||||
net.core.netdev_max_backlog=30
|
||||
net.netfilter.nf_conntrack_checksum=0
|
||||
net.ipv4.netfilter.ip_conntrack_checksum=0
|
||||
net.ipv4.netfilter.ip_conntrack_max=16384
|
||||
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
|
||||
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
|
||||
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
|
||||
# net.ipv6.conf.all.forwarding=1
|
||||
|
||||
# disable bridge firewalling by default
|
||||
net.bridge.bridge-nf-call-arptables=0
|
||||
net.bridge.bridge-nf-call-ip6tables=0
|
||||
net.bridge.bridge-nf-call-iptables=0
|
|
@ -0,0 +1,135 @@
|
|||
#!/bin/sh
|
||||
|
||||
#DEBUG="--debug=2"
|
||||
DEBUG=""
|
||||
SERVER="no"
|
||||
SERVERNAME="batgw"
|
||||
|
||||
project="batvpn"
|
||||
|
||||
test_internet_host1="mastersword.de"
|
||||
test_internet_host2="78.46.215.78"
|
||||
|
||||
#Only do something with tinc when the router has internet connection
|
||||
if ping -w5 -c3 "$test_internet_host1" &>/dev/null || ping -w5 -c3 "$test_internet_host2" &>/dev/null
|
||||
then
|
||||
|
||||
if [ "$SERVER" == "no" ]
|
||||
then
|
||||
hostname=$(cat /proc/sys/kernel/hostname)
|
||||
|
||||
if [ "$hostname" == "OpenWrt" ]
|
||||
then
|
||||
hostname=""
|
||||
fi
|
||||
|
||||
if [ "$hostname" == "" ]
|
||||
then
|
||||
hostname=$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
|
||||
fi
|
||||
|
||||
if [ "$hostname" == "" ]
|
||||
then
|
||||
hostname=$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
|
||||
fi
|
||||
|
||||
if [ "$hostname" == "" ]
|
||||
then
|
||||
hostname=$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')
|
||||
fi
|
||||
else
|
||||
hostname=$SERVERNAME
|
||||
fi
|
||||
|
||||
if [ ! -d /etc/tinc ]
|
||||
then
|
||||
mkdir /etc/tinc
|
||||
fi
|
||||
|
||||
if [ ! -d /etc/tinc/$project ]
|
||||
then
|
||||
mkdir /etc/tinc/$project
|
||||
ln -s /tmp/tinc_$project.conf /etc/tinc/$project/tinc.conf
|
||||
|
||||
echo -n -e "\n\n" | tincd --pidfile=/var/run/tinc_$project.pid -n $project -K
|
||||
kill -HUP $(cat /var/run/tinc_$project.pid)
|
||||
sleep 3
|
||||
mkdir /tmp/tinc_${project}_hosts
|
||||
ln -s /tmp/tinc_${project}_hosts /etc/tinc/$project/hosts
|
||||
echo "ifconfig \$INTERFACE up" > /etc/tinc/$project/tinc-up
|
||||
if [ "$SERVER" == "no" ]
|
||||
then
|
||||
echo "brctl addif br-mesh \$INTERFACE" >> /etc/tinc/$project/tinc-up
|
||||
fi
|
||||
chmod +x /etc/tinc/$project/tinc-up
|
||||
fi
|
||||
|
||||
if [ ! -d /tmp/tinc_${project}_hosts ]
|
||||
then
|
||||
mkdir /tmp/tinc_${project}_hosts
|
||||
fi
|
||||
|
||||
pubkey=$(for line in $(cat /etc/tinc/$project/rsa_key.pub | sed -e 's/$/%0a/g' | sed -e 's/+/%2b/g' | sed -e 's/ /%20/g'); do echo -n $line; done)
|
||||
port=666
|
||||
|
||||
cat <<EOF > /etc/tinc/$project/tinc.conf
|
||||
Name = $hostname
|
||||
Mode = Switch
|
||||
#PingTimeout = 30
|
||||
Hostnames = yes
|
||||
#GraphDumpFile = /tmp/vpn-graph.dot
|
||||
#TCPOnly = yes
|
||||
EOF
|
||||
|
||||
# we need this only for first startup
|
||||
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
|
||||
then
|
||||
cat <<EOF > /etc/tinc/$project/hosts/$hostname
|
||||
Address = 0.0.0.0
|
||||
Port = $port
|
||||
EOF
|
||||
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
|
||||
fi
|
||||
|
||||
# fire up
|
||||
if [ "$(ps aux | grep tincd | grep -v grep)" == "" ]
|
||||
then
|
||||
tincd -c /etc/tinc/$project --pidfile=/var/run/tinc_$project.pid --logfile=/var/log/tinc_$project.log $DEBUG
|
||||
# sleep 1
|
||||
# brctl addif br-mesh tap0
|
||||
fi
|
||||
|
||||
# register
|
||||
wget -T15 "http://mastersword.de/~reddog/tinc/?name=$hostname&port=$port&key=$pubkey" -O /tmp/tinc_${project}_output
|
||||
|
||||
filenames=$(cat /tmp/tinc_${project}_output| grep ^#### | sed -e 's/^####//' | sed -e 's/.conf//g')
|
||||
for file in $filenames
|
||||
do
|
||||
grep -A100 $file /tmp/tinc_${project}_output | grep -v $file | grep -m1 ^### -B100 | grep -v ^### > /etc/tinc/$project/hosts/$file.new
|
||||
if [ "$(diff /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file 2>&1)" == "" ]
|
||||
then
|
||||
/bin/rm /etc/tinc/$project/hosts/$file.new
|
||||
else
|
||||
/bin/mv /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file
|
||||
fi
|
||||
echo "ConnectTo=$file" >> /etc/tinc/$project/tinc.conf
|
||||
done
|
||||
|
||||
if [ ! -f /etc/tinc/$project/hosts/$hostname ]
|
||||
then
|
||||
cat <<EOF > /etc/tinc/$project/hosts/$hostname
|
||||
Address = 0.0.0.0
|
||||
Port = $port
|
||||
EOF
|
||||
cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname
|
||||
fi
|
||||
|
||||
#reload
|
||||
kill -HUP $(cat /var/run/tinc_$project.pid)
|
||||
|
||||
else
|
||||
echo "Der Router kann keine Verbindung zum Tincserver aufbauen"
|
||||
echo "Tincstart macht nichts!"
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,37 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
#config 'interface' 'lan'
|
||||
# option 'proto' 'dhcp'
|
||||
# option 'ifname' 'eth0.1'
|
||||
|
||||
config 'interface' 'wlanmesh'
|
||||
option 'ifname' 'ath1'
|
||||
option 'mtu' '1528'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'eth0.1 ath0 bat0 tap0'
|
||||
option 'auto' '1'
|
||||
|
||||
config 'switch' 'eth0'
|
||||
option 'name' 'eth0'
|
||||
option 'reset' '1'
|
||||
option 'enable_vlan' '1'
|
||||
|
||||
config 'switch_vlan' 'eth0_1'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '1'
|
||||
option 'ports' '0 1 2 3 5t'
|
||||
|
||||
config 'switch_vlan' 'eth0_2'
|
||||
option 'device' 'eth0'
|
||||
option 'vlan' '2'
|
||||
option 'ports' '4 5t'
|
||||
|
||||
config 'interface' 'wan'
|
||||
option 'ifname' 'eth0.2'
|
||||
option 'proto' 'dhcp'
|
|
@ -0,0 +1,22 @@
|
|||
config 'wifi-device' 'wifi0'
|
||||
option 'type' 'atheros'
|
||||
option 'disabled' '0'
|
||||
option 'channel' '6'
|
||||
option 'bgscan' '0'
|
||||
option 'diversity' '1'
|
||||
#enable correct wifi led on dir300 https://forum.openwrt.org/viewtopic.php?id=29714
|
||||
option 'softled' '0'
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'wifi0'
|
||||
option 'mode' 'adhoc'
|
||||
option 'ssid' 'batman.oldenburg.freifunk.net'
|
||||
option 'bssid' '02:CA:FF:EE:BA:BE'
|
||||
option 'encryption' 'none'
|
||||
option 'hidden' '1'
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'wifi0'
|
||||
option 'mode' 'ap'
|
||||
option 'ssid' 'oldenburg.freifunk.net'
|
||||
option 'encryption' 'none'
|
|
@ -0,0 +1,22 @@
|
|||
*/5 * * * * killall klogd
|
||||
*/5 * * * * killall syslogd
|
||||
*/5 * * * * killall logger
|
||||
|
||||
*/5 * * * * sh /etc/tincstart.sh
|
||||
*/5 * * * * sh /etc/nodewatcher.sh
|
||||
*/5 * * * * sh /etc/configurator.sh
|
||||
0 * * * * sh /etc/configurator.sh sync_hostname
|
||||
|
||||
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
|
||||
|
||||
#Enable zapp script if you are running a gateway
|
||||
#*/1 * * * * /etc/init.d/zapp
|
||||
|
||||
*/5 * * * * killall -HUP dnsmasq
|
||||
#* * * * * /usr/sbin/ff_olsr_test_gw
|
||||
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
|
||||
#0 */4 * * * /usr/sbin/ff_rdate
|
||||
#17 * * * * /usr/sbin/ff_mapupdate
|
||||
|
||||
#Reboot dir300 every 3 days at 04:05
|
||||
5 4 */3 * * reboot
|
|
@ -0,0 +1,29 @@
|
|||
kernel.panic=3
|
||||
net.ipv4.conf.default.arp_ignore=1
|
||||
net.ipv4.conf.all.arp_ignore=1
|
||||
net.ipv4.ip_forward=1
|
||||
net.ipv4.icmp_echo_ignore_broadcasts=1
|
||||
net.ipv4.icmp_ignore_bogus_error_responses=1
|
||||
net.ipv4.tcp_ecn=0
|
||||
net.ipv4.tcp_fin_timeout=30
|
||||
net.ipv4.tcp_keepalive_time=120
|
||||
net.ipv4.tcp_syncookies=1
|
||||
net.ipv4.tcp_timestamps=0
|
||||
net.core.netdev_max_backlog=30
|
||||
net.netfilter.nf_conntrack_checksum=0
|
||||
net.ipv4.netfilter.ip_conntrack_checksum=0
|
||||
net.ipv4.netfilter.ip_conntrack_max=16384
|
||||
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
|
||||
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
|
||||
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
|
||||
# net.ipv6.conf.all.forwarding=1
|
||||
|
||||
# disable bridge firewalling by default
|
||||
net.bridge.bridge-nf-call-arptables=0
|
||||
net.bridge.bridge-nf-call-ip6tables=0
|
||||
net.bridge.bridge-nf-call-iptables=0
|
||||
|
||||
#Enable the correct wifi led on dir300 (only apply this to dir300!) https://forum.openwrt.org/viewtopic.php?id=29714
|
||||
dev.wifi0.ledpin=2
|
||||
dev.wifi0.softled=1
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
config 'mesh' 'bat0'
|
||||
option 'interfaces' 'wlan0'
|
||||
option 'orig_interval'
|
||||
option 'log_level'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'vis_mode'
|
|
@ -0,0 +1,21 @@
|
|||
|
||||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
config 'interface' 'wlanmesh'
|
||||
option 'ifname' 'wlan0'
|
||||
option 'mtu' '1527'
|
||||
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'eth0.1 bat0 tap0'
|
||||
option 'stp' '1'
|
||||
|
||||
config 'interface' 'wan'
|
||||
option 'ifname' 'eth0.2'
|
||||
option 'proto' 'dhcp'
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
config wifi-device radio0
|
||||
option type mac80211
|
||||
option channel 6
|
||||
option macaddr 10:00:00:00:71:07
|
||||
option hwmode 11ng
|
||||
option htmode HT20
|
||||
list ht_capab GF
|
||||
list ht_capab SHORT-GI-20
|
||||
list ht_capab SHORT-GI-40
|
||||
list ht_capab TX-STBC
|
||||
list ht_capab RX-STBC1
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'radio0'
|
||||
option 'mode' 'adhoc'
|
||||
option 'ssid' 'batman.oldenburg.freifunk.net'
|
||||
option 'bssid' '02:CA:FF:EE:BA:BE'
|
||||
option 'encryption' 'none'
|
||||
option 'hidden' '1'
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
# Put your custom commands here that should be executed once
|
||||
# the system init finished. By default this file does nothing.
|
||||
|
||||
#Set Mac-Addr of wifi interface if not right
|
||||
HARDWARE_MACADDR=`cat /sys/class/ieee80211/phy0/macaddress`
|
||||
SOFTWARE_MACADDR=`uci get wireless.@wifi-device[0].macaddr`
|
||||
|
||||
if [[ "$HARDWARE_MACADDR" != "$SOFTWARE_MACADDR" ]]; then
|
||||
uci set wireless.@wifi-device[0].macaddr=$HARDWARE_MACADDR
|
||||
uci commit
|
||||
reboot
|
||||
fi
|
||||
|
||||
ifconfig br-mesh down
|
||||
ifconfig br-mesh up
|
||||
|
||||
ifdown lan
|
||||
ifup lan
|
||||
|
||||
rdate -s time.fu-berlin.de
|
||||
|
||||
chown root.root /etc/crontabs/root
|
||||
/etc/init.d/cron stop
|
||||
/etc/init.d/cron start
|
||||
|
||||
sh /etc/firewall.user
|
||||
|
||||
/etc/init.d/qos disable
|
||||
/etc/init.d/qos stop
|
||||
|
||||
#busybox-httpd for crawldata
|
||||
httpd -h /tmp/
|
||||
|
||||
sh /etc/configurator.sh
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,8 @@
|
|||
config 'mesh' 'bat0'
|
||||
option 'interfaces'
|
||||
option 'orig_interval'
|
||||
option 'log_level'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'vis_mode'
|
|
@ -0,0 +1,18 @@
|
|||
|
||||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'wlan0 tap0'
|
||||
option 'stp' '1'
|
||||
|
||||
config 'interface' 'wan'
|
||||
option 'ifname' 'eth0.2'
|
||||
option 'proto' 'dhcp'
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
config wifi-device radio0
|
||||
option type mac80211
|
||||
option channel 6
|
||||
option macaddr 10:00:00:00:71:07
|
||||
option hwmode 11ng
|
||||
option htmode HT20
|
||||
list ht_capab GF
|
||||
list ht_capab SHORT-GI-20
|
||||
list ht_capab SHORT-GI-40
|
||||
list ht_capab TX-STBC
|
||||
list ht_capab RX-STBC1
|
||||
|
||||
|
||||
config 'wifi-iface'
|
||||
option 'device' 'radio0'
|
||||
option 'mode' 'ap'
|
||||
option 'ssid' 'oldenburg.freifunk.net'
|
||||
option 'encryption' 'none'
|
|
@ -0,0 +1,36 @@
|
|||
# Put your custom commands here that should be executed once
|
||||
# the system init finished. By default this file does nothing.
|
||||
|
||||
#Set Mac-Addr of wifi interface if not right
|
||||
HARDWARE_MACADDR=`cat /sys/class/ieee80211/phy0/macaddress`
|
||||
SOFTWARE_MACADDR=`uci get wireless.@wifi-device[0].macaddr`
|
||||
|
||||
if [[ "$HARDWARE_MACADDR" != "$SOFTWARE_MACADDR" ]]; then
|
||||
uci set wireless.@wifi-device[0].macaddr=$HARDWARE_MACADDR
|
||||
uci commit
|
||||
reboot
|
||||
fi
|
||||
|
||||
ifconfig br-mesh down
|
||||
ifconfig br-mesh up
|
||||
|
||||
ifdown lan
|
||||
ifup lan
|
||||
|
||||
rdate -s time.fu-berlin.de
|
||||
|
||||
chown root.root /etc/crontabs/root
|
||||
/etc/init.d/cron stop
|
||||
/etc/init.d/cron start
|
||||
|
||||
sh /etc/firewall.user
|
||||
|
||||
/etc/init.d/qos disable
|
||||
/etc/init.d/qos stop
|
||||
|
||||
#busybox-httpd for crawldata
|
||||
httpd -h /tmp/
|
||||
|
||||
sh /etc/configurator.sh
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,22 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
config 'interface' 'lan'
|
||||
option 'proto' 'dhcp'
|
||||
option 'ifname' 'eth0'
|
||||
|
||||
config 'interface' 'wlanmesh'
|
||||
option 'ifname' 'ath1'
|
||||
option 'mtu' '1528'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'ath0 bat0 tap0'
|
||||
option 'auto' '1'
|
||||
|
||||
# To get Freifunk on the ethernet port (for a desktop pc for example), comment out
|
||||
# the lan interface section and add eth0 to the ifnames of the mesh interface.
|
||||
# Then restart the router and plug in your ethernet cable
|
|
@ -0,0 +1,22 @@
|
|||
*/5 * * * * killall klogd
|
||||
*/5 * * * * killall syslogd
|
||||
*/5 * * * * killall logger
|
||||
|
||||
*/5 * * * * sh /etc/tincstart.sh
|
||||
*/5 * * * * sh /etc/nodewatcher.sh
|
||||
*/5 * * * * sh /etc/configurator.sh
|
||||
0 * * * * sh /etc/configurator.sh sync_hostname
|
||||
|
||||
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
|
||||
|
||||
#Enable zapp script if you are running a gateway
|
||||
#*/1 * * * * /etc/init.d/zapp
|
||||
|
||||
*/5 * * * * killall -HUP dnsmasq
|
||||
#* * * * * /usr/sbin/ff_olsr_test_gw
|
||||
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
|
||||
#0 */4 * * * /usr/sbin/ff_rdate
|
||||
#17 * * * * /usr/sbin/ff_mapupdate
|
||||
|
||||
#Reboot fonera every 2 days at 04:05
|
||||
5 4 */2 * * reboot
|
|
@ -0,0 +1,11 @@
|
|||
config 'mesh' 'bat0'
|
||||
option 'interfaces' 'wlan1'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'gw_bandwidth'
|
||||
option 'gw_mode'
|
||||
option 'gw_sel_class'
|
||||
option 'log_level'
|
||||
option 'orig_interval'
|
||||
option 'vis_mode'
|
|
@ -0,0 +1,33 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
config 'interface' 'wlanmesh'
|
||||
option 'ifname' 'wlan1'
|
||||
option 'mtu' '1528'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'eth0.1 wlan0 bat0 tap0'
|
||||
option 'auto' '1'
|
||||
|
||||
config 'interface' 'wan'
|
||||
option 'ifname' 'eth0.2'
|
||||
option 'proto' 'dhcp'
|
||||
|
||||
config 'switch'
|
||||
option 'name' 'rtl8366rb'
|
||||
option 'reset' '1'
|
||||
option 'enable_vlan' '1'
|
||||
|
||||
config 'switch_vlan'
|
||||
option 'device' 'rtl8366rb'
|
||||
option 'vlan' '1'
|
||||
option 'ports' '1 2 3 4 5t'
|
||||
|
||||
config 'switch_vlan'
|
||||
option 'device' 'rtl8366rb'
|
||||
option 'vlan' '2'
|
||||
option 'ports' '0 5t'
|
|
@ -0,0 +1,11 @@
|
|||
config 'system'
|
||||
option 'hostname' 'OpenWrt'
|
||||
option 'timezone' 'CET-1CEST,M3.5.0,M10.5.0/3'
|
||||
|
||||
config 'rdate'
|
||||
option 'interface' 'wan'
|
||||
|
||||
config 'led' 'wlan_led'
|
||||
option 'name' 'WLAN'
|
||||
option 'sysfs' 'tl-wr1043nd:green:wlan'
|
||||
option 'trigger' 'phy0rx'
|
|
@ -0,0 +1,25 @@
|
|||
config wifi-device radio0
|
||||
option type mac80211
|
||||
option channel 6
|
||||
option macaddr d8:5d:4c:9c:2d:a6
|
||||
option hwmode 11ng
|
||||
option htmode HT20
|
||||
list ht_capab SHORT-GI-40
|
||||
list ht_capab DSSS_CCK-40
|
||||
# REMOVE THIS LINE TO ENABLE WIFI:
|
||||
option disabled 0
|
||||
|
||||
config wifi-iface
|
||||
option device radio0
|
||||
option network wlanmesh
|
||||
option mode adhoc
|
||||
option bssid '02:CA:FF:EE:BA:BE'
|
||||
option ssid 'batman.oldenburg.freifunk.net'
|
||||
option mcast_rate 6000
|
||||
# option bintval 1000
|
||||
|
||||
config wifi-iface
|
||||
option device radio0
|
||||
option network mesh
|
||||
option mode ap
|
||||
option ssid 'oldenburg.freifunk.net'
|
|
@ -0,0 +1,39 @@
|
|||
# Put your custom commands here that should be executed once
|
||||
# the system init finished. By default this file does nothing.
|
||||
|
||||
#Set Mac-Addr of wr1043nd wifi interface if not right
|
||||
HARDWARE_MACADDR=`ifconfig -a wlan0 | grep 'HWaddr' | awk '{ print $5}'`
|
||||
SOFTWARE_MACADDR=`uci get wireless.@wifi-device[0].macaddr`
|
||||
|
||||
if [[ "$HARDWARE_MACADDR" != "$SOFTWARE_MACADDR" ]]; then
|
||||
uci set wireless.@wifi-device[0].macaddr=$HARDWARE_MACADDR
|
||||
uci commit
|
||||
#wait before reboot to generate tinc certificates and to be able
|
||||
#to login over ssh bevore reboot in case of errors
|
||||
sleep 30
|
||||
reboot
|
||||
fi
|
||||
|
||||
ifconfig br-mesh down
|
||||
ifconfig br-mesh up
|
||||
|
||||
ifdown lan
|
||||
ifup lan
|
||||
|
||||
rdate -s time.fu-berlin.de
|
||||
|
||||
chown root.root /etc/crontabs/root
|
||||
/etc/init.d/cron stop
|
||||
/etc/init.d/cron start
|
||||
|
||||
sh /etc/firewall.user
|
||||
|
||||
/etc/init.d/qos disable
|
||||
/etc/init.d/qos stop
|
||||
|
||||
#busybox-httpd for crawldata
|
||||
httpd -h /tmp/
|
||||
|
||||
sh /etc/configurator.sh
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,11 @@
|
|||
config 'mesh' 'bat0'
|
||||
option 'interfaces' 'wlan1'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'gw_bandwidth'
|
||||
option 'gw_mode'
|
||||
option 'gw_sel_class'
|
||||
option 'log_level'
|
||||
option 'orig_interval'
|
||||
option 'vis_mode'
|
|
@ -0,0 +1,26 @@
|
|||
config 'interface' 'loopback'
|
||||
option 'ifname' 'lo'
|
||||
option 'proto' 'static'
|
||||
option 'ipaddr' '127.0.0.1'
|
||||
option 'netmask' '255.0.0.0'
|
||||
|
||||
config 'interface' 'wlanmesh'
|
||||
option 'ifname' 'wlan1'
|
||||
option 'mtu' '1528'
|
||||
|
||||
config 'interface' 'mesh'
|
||||
option 'type' 'bridge'
|
||||
option 'ifname' 'eth0 wlan0 bat0 tap0'
|
||||
option 'auto' '1'
|
||||
|
||||
config 'interface' 'wan'
|
||||
option 'ifname' 'eth1'
|
||||
option 'proto' 'dhcp'
|
||||
|
||||
config switch eth0
|
||||
option enable_vlan 1
|
||||
|
||||
config switch_vlan
|
||||
option device eth0
|
||||
option vlan 1
|
||||
option ports "0 1 2 3 4"
|
|
@ -0,0 +1,11 @@
|
|||
config 'system'
|
||||
option 'hostname' 'OpenWrt'
|
||||
option 'timezone' 'CET-1CEST,M3.5.0,M10.5.0/3'
|
||||
|
||||
config 'rdate'
|
||||
option 'interface' 'wan'
|
||||
|
||||
config 'led' 'wlan_led'
|
||||
option 'name' 'WLAN'
|
||||
option 'sysfs' 'tl-wr1043nd:green:wlan'
|
||||
option 'trigger' 'phy0rx'
|
|
@ -0,0 +1,30 @@
|
|||
config wifi-device radio0
|
||||
option type mac80211
|
||||
option channel 6
|
||||
option macaddr b0:48:7a:cb:2f:c0
|
||||
option hwmode 11ng
|
||||
option htmode HT20
|
||||
list ht_capab SHORT-GI-40
|
||||
list ht_capab TX-STBC
|
||||
list ht_capab RX-STBC1
|
||||
list ht_capab DSSS_CCK-40
|
||||
# REMOVE THIS LINE TO ENABLE WIFI:
|
||||
option disabled 0
|
||||
|
||||
config wifi-iface
|
||||
option device radio0
|
||||
option network wlanmesh
|
||||
option mode adhoc
|
||||
option bssid '02:CA:FF:EE:BA:BE'
|
||||
option ssid 'batman.oldenburg.freifunk.net'
|
||||
option mcast_rate 6000
|
||||
# option bintval 1000
|
||||
option 'encryption' 'none'
|
||||
option 'hidden' '1'
|
||||
|
||||
config wifi-iface
|
||||
option device radio0
|
||||
option network mesh
|
||||
option mode ap
|
||||
option ssid 'oldenburg.freifunk.net'
|
||||
option 'encryption' 'none'
|
|
@ -0,0 +1,39 @@
|
|||
# Put your custom commands here that should be executed once
|
||||
# the system init finished. By default this file does nothing.
|
||||
|
||||
#Set Mac-Addr of wr1043nd wifi interface if not right
|
||||
HARDWARE_MACADDR=`ifconfig -a wlan0 | grep 'HWaddr' | awk '{ print $5}'`
|
||||
SOFTWARE_MACADDR=`uci get wireless.@wifi-device[0].macaddr`
|
||||
|
||||
if [[ "$HARDWARE_MACADDR" != "$SOFTWARE_MACADDR" ]]; then
|
||||
uci set wireless.@wifi-device[0].macaddr=$HARDWARE_MACADDR
|
||||
uci commit
|
||||
#wait before reboot to generate tinc certificates and to be able
|
||||
#to login over ssh bevore reboot in case of errors
|
||||
sleep 30
|
||||
reboot
|
||||
fi
|
||||
|
||||
ifconfig br-mesh down
|
||||
ifconfig br-mesh up
|
||||
|
||||
ifdown lan
|
||||
ifup lan
|
||||
|
||||
rdate -s time.fu-berlin.de
|
||||
|
||||
chown root.root /etc/crontabs/root
|
||||
/etc/init.d/cron stop
|
||||
/etc/init.d/cron start
|
||||
|
||||
sh /etc/firewall.user
|
||||
|
||||
/etc/init.d/qos disable
|
||||
/etc/init.d/qos stop
|
||||
|
||||
#busybox-httpd for crawldata
|
||||
httpd -h /tmp/
|
||||
|
||||
sh /etc/configurator.sh
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,9 @@
|
|||
|
||||
config 'mesh' 'bat0'
|
||||
option 'interfaces' 'wlan0'
|
||||
option 'orig_interval'
|
||||
option 'log_level'
|
||||
option 'aggregated_ogms'
|
||||
option 'bonding'
|
||||
option 'fragmentation'
|
||||
option 'vis_mode'
|
|
@ -0,0 +1,41 @@
|
|||
#### VLAN configuration
|
||||
config switch eth0
|
||||
option enable 1
|
||||
|
||||
config switch_vlan eth0_0
|
||||
option device "eth0"
|
||||
option vlan 0
|
||||
option ports "1 2 3 4 5"
|
||||
|
||||
config switch_vlan eth0_1
|
||||
option device "eth0"
|
||||
option vlan 1
|
||||
option ports "0 5"
|
||||
|
||||
#### Loopback configuration
|
||||
config interface loopback
|
||||
option ifname "lo"
|
||||
option proto static
|
||||
option ipaddr 127.0.0.1
|
||||
option netmask 255.0.0.0
|
||||
|
||||
#### LAN configuration
|
||||
config interface lan
|
||||
option type bridge
|
||||
option ifname "eth0.0"
|
||||
option proto static
|
||||
option ipaddr 192.168.1.1
|
||||
option netmask 255.255.255.0
|
||||
|
||||
|
||||
#### WAN configuration
|
||||
config interface wan
|
||||
option ifname "eth0.1"
|
||||
option proto dhcp
|
||||
|
||||
config interface wlan0
|
||||
option mtu 1528
|
||||
|
||||
config interface mesh
|
||||
option type bridge
|
||||
option ifname "bat0 tap0"
|
|
@ -0,0 +1,16 @@
|
|||
config wifi-device radio0
|
||||
option type mac80211
|
||||
option channel 6
|
||||
option macaddr 00:12:17:cc:ef:0d
|
||||
option hwmode 11g
|
||||
|
||||
# REMOVE THIS LINE TO ENABLE WIFI:
|
||||
option disabled 0
|
||||
|
||||
config wifi-iface
|
||||
option device radio0
|
||||
option network wlan0
|
||||
option mode adhoc
|
||||
option ssid batman.oldenburg.freifunk.net
|
||||
option encryption none
|
||||
option bssid 02:CA:FF:EE:BA:BE
|
|
@ -0,0 +1,22 @@
|
|||
*/5 * * * * killall klogd
|
||||
*/5 * * * * killall syslogd
|
||||
*/5 * * * * killall logger
|
||||
|
||||
*/5 * * * * sh /etc/tincstart.sh
|
||||
*/5 * * * * sh /etc/nodewatcher.sh
|
||||
*/5 * * * * sh /etc/configurator.sh
|
||||
0 * * * * sh /etc/configurator.sh sync_hostname
|
||||
|
||||
15 01 * * * rdate -s time.fu-berlin.de > /dev/null
|
||||
|
||||
#Enable zapp script if you are running a gateway
|
||||
#*/1 * * * * /etc/init.d/zapp
|
||||
|
||||
*/5 * * * * killall -HUP dnsmasq
|
||||
#* * * * * /usr/sbin/ff_olsr_test_gw
|
||||
#*/5 * * * * /usr/sbin/ff_olsr_watchdog
|
||||
#0 */4 * * * /usr/sbin/ff_rdate
|
||||
#17 * * * * /usr/sbin/ff_mapupdate
|
||||
|
||||
#Reboot wrt54g_adhoc every 5 days at 04:05
|
||||
5 4 */5 * * reboot
|
|
@ -0,0 +1,36 @@
|
|||
# Put your custom commands here that should be executed once
|
||||
# the system init finished. By default this file does nothing.
|
||||
|
||||
#set fixed mac address that is 1 lower than eth0 mac on br-mesh so that the ipv6 addres does not change after every reboot
|
||||
#This idea is stolen from freifunk lübeck set_hostname.sh
|
||||
MAC="`ip link show eth0 | grep "link/ether" | \
|
||||
sed "s/^[ ]*//" | cut -d' ' -f2 | sed "s/://g" | \
|
||||
tr 'a-z' 'A-Z'`"
|
||||
MAC="`printf "%012X\n" $((0x$MAC - 0x01))`"
|
||||
|
||||
uci set network.mesh.macaddr=$MAC
|
||||
uci commit
|
||||
|
||||
ifconfig br-mesh down
|
||||
ifconfig br-mesh up
|
||||
|
||||
ifdown lan
|
||||
ifup lan
|
||||
|
||||
rdate -s time.fu-berlin.de
|
||||
|
||||
chown root.root /etc/crontabs/root
|
||||
/etc/init.d/cron stop
|
||||
/etc/init.d/cron start
|
||||
|
||||
sh /etc/firewall.user
|
||||
|
||||
/etc/init.d/qos disable
|
||||
/etc/init.d/qos stop
|
||||
|
||||
#busybox-httpd for crawldata
|
||||
httpd -h /tmp/
|
||||
|
||||
sh /etc/configurator.sh
|
||||
|
||||
exit 0
|
Loading…
Reference in New Issue