jkimmel
/
firmware
forked from freifunk-franken/firmware
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: jkimmel:master
Branches Tags
jkimmel:master
jkimmel:dont-check-root
jkimmel:stateful-firewall
jkimmel:blobless
jkimmel:openwrt22-nftables
jkimmel:pr-template
jkimmel:bird-filters-direct
jkimmel:dnsmasq-cache
jkimmel:30-network-client-entry-not-found
jkimmel:fff-firewall
jkimmel:router_ip_rule
jkimmel:dns-anycast
jkimmel:fdff
jkimmel:vxmesh
jkimmel:babelpeermtu
jkimmel:babel_peer_ip
jkimmel:vxlan-backport
jkimmel:nproc
jkimmel:vxlan-upstream
freifunk-franken:master
freifunk-franken:0.5.x
freifunk-franken:20240401
freifunk-franken:20240119-beta
freifunk-franken:20230330
freifunk-franken:20230321-beta
freifunk-franken:20221201
freifunk-franken:20221019
freifunk-franken:20220814
freifunk-franken:20220413
freifunk-franken:20220405-beta
freifunk-franken:20211224
freifunk-franken:20211220
freifunk-franken:20211201-beta
freifunk-franken:20210226
freifunk-franken:20210218
freifunk-franken:20210211-beta
freifunk-franken:20200501
freifunk-franken:20200423-beta
freifunk-franken:20200118
freifunk-franken:20191224
freifunk-franken:20191214-beta
freifunk-franken:20191130-alpha
freifunk-franken:20191123-alpha
freifunk-franken:20181202
freifunk-franken:20181128-beta
freifunk-franken:20180802
freifunk-franken:20180802-beta
freifunk-franken:20180726-beta
freifunk-franken:20180304-alpha
freifunk-franken:20180303-alpha
freifunk-franken:20170918
freifunk-franken:20170918-beta
freifunk-franken:20170218-alpha
freifunk-franken:20170110
freifunk-franken:20170110-beta
freifunk-franken:20161105-beta
freifunk-franken:20161008-beta
freifunk-franken:20160506
freifunk-franken:20160506-beta
freifunk-franken:20160310
freifunk-franken:20160213-beta
freifunk-franken:0.5.2
freifunk-franken:0.5.2-b2
freifunk-franken:0.5.2-b1
freifunk-franken:0.5.1
freifunk-franken:0.5.1-b2
freifunk-franken:0.5.1-b1
freifunk-franken:0.5.0
freifunk-franken:0.5.0-b1
freifunk-franken:0.4.3
freifunk-franken:0.4.2
freifunk-franken:0.4.1
freifunk-franken:0.4.0ol
freifunk-franken:0.4.0f
freifunk-franken:0.4.0rc5f
freifunk-franken:0.4.0rc4ol
freifunk-franken:0.4.0rc4f
freifunk-franken:0.4.0rc3f
freifunk-franken:0.4.0rc2f
freifunk-franken:0.3.999f
freifunk-franken:0.3.999
freifunk-franken:0.3.99
freifunk-franken:0.3
freifunk-franken:0.2.1
freifunk-franken:0.2
freifunk-franken:0.1
freifunk-franken:0.3.998
freifunk-franken:20240401-beta
..
compare: jkimmel:router_ip_rule
Branches Tags
jkimmel:dont-check-root
jkimmel:stateful-firewall
jkimmel:blobless
jkimmel:openwrt22-nftables
jkimmel:pr-template
jkimmel:master
jkimmel:bird-filters-direct
jkimmel:dnsmasq-cache
jkimmel:30-network-client-entry-not-found
jkimmel:fff-firewall
jkimmel:router_ip_rule
jkimmel:dns-anycast
jkimmel:fdff
jkimmel:vxmesh
jkimmel:babelpeermtu
jkimmel:babel_peer_ip
jkimmel:vxlan-backport
jkimmel:nproc
jkimmel:vxlan-upstream
freifunk-franken:master
freifunk-franken:0.5.x
freifunk-franken:20240401
freifunk-franken:20240119-beta
freifunk-franken:20230330
freifunk-franken:20230321-beta
freifunk-franken:20221201
freifunk-franken:20221019
freifunk-franken:20220814
freifunk-franken:20220413
freifunk-franken:20220405-beta
freifunk-franken:20211224
freifunk-franken:20211220
freifunk-franken:20211201-beta
freifunk-franken:20210226
freifunk-franken:20210218
freifunk-franken:20210211-beta
freifunk-franken:20200501
freifunk-franken:20200423-beta
freifunk-franken:20200118
freifunk-franken:20191224
freifunk-franken:20191214-beta
freifunk-franken:20191130-alpha
freifunk-franken:20191123-alpha
freifunk-franken:20181202
freifunk-franken:20181128-beta
freifunk-franken:20180802
freifunk-franken:20180802-beta
freifunk-franken:20180726-beta
freifunk-franken:20180304-alpha
freifunk-franken:20180303-alpha
freifunk-franken:20170918
freifunk-franken:20170918-beta
freifunk-franken:20170218-alpha
freifunk-franken:20170110
freifunk-franken:20170110-beta
freifunk-franken:20161105-beta
freifunk-franken:20161008-beta
freifunk-franken:20160506
freifunk-franken:20160506-beta
freifunk-franken:20160310
freifunk-franken:20160213-beta
freifunk-franken:0.5.2
freifunk-franken:0.5.2-b2
freifunk-franken:0.5.2-b1
freifunk-franken:0.5.1
freifunk-franken:0.5.1-b2
freifunk-franken:0.5.1-b1
freifunk-franken:0.5.0
freifunk-franken:0.5.0-b1
freifunk-franken:0.4.3
freifunk-franken:0.4.2
freifunk-franken:0.4.1
freifunk-franken:0.4.0ol
freifunk-franken:0.4.0f
freifunk-franken:0.4.0rc5f
freifunk-franken:0.4.0rc4ol
freifunk-franken:0.4.0rc4f
freifunk-franken:0.4.0rc3f
freifunk-franken:0.4.0rc2f
freifunk-franken:0.3.999f
freifunk-franken:0.3.999
freifunk-franken:0.3.99
freifunk-franken:0.3
freifunk-franken:0.2.1
freifunk-franken:0.2
freifunk-franken:0.1
freifunk-franken:0.3.998
freifunk-franken:20240401-beta

1 Commits
master ... router_ip_

Author SHA1 Message Date
Johannes Kimmel 0104373444 fff-layer3-config: add rules for router_ip 
This forces routes for packets originating from a router_ip to be looked
up in the fff table.  If the router_ips don't happen to be included in
the client network's subnet, the decision defaults to a main table
lookup.  This causes packets to choose the wrong interface.

This patch forces packets from a router_ip to be routed via the fff table.

Fixes #175

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
 2021-11-29 20:30:05 +01:00
104 changed files with 663 additions and 1478 deletions
Show Stats Expand all files Collapse all files

45
.woodpecker.yml
View File

@ -1,45 +0,0 @@
clone:
git:
image: woodpeckerci/plugin-git
settings:
tags: true
pipeline:
buildall-layer3:
image: openwrtorg/imagebuilder
commands:
- export HOME=/home/build/openwrt
- sudo chown -R build:build .
- git config --global user.email "ci@fff.community"
- git config --global user.name "FFF CI"
- ./buildscript selectvariant layer3
- ./buildscript selectbsp bsp/ath79-generic.bsp
- ./buildscript prepare
- ./buildscript buildall
buildall-node:
image: openwrtorg/imagebuilder
commands:
- export HOME=/home/build/openwrt
- sudo chown -R build:build .
- git config --global user.email "ci@fff.community"
- git config --global user.name "FFF CI"
- ./buildscript selectvariant node
- ./buildscript selectbsp bsp/ath79-generic.bsp
- ./buildscript prepare
- ./buildscript buildall
distribute:
image: alpine/git
volumes:
- /var/lib/woodpecker/artifacts:/var/run/artifacts
commands:
- rm -rf /var/run/artifacts/$(git describe --tags)
- mkdir -p /var/run/artifacts/$(git describe --tags)
- cp -r bin/* /var/run/artifacts/$(git describe --tags)/
- echo
- echo
- echo "You can download the built firmware images here:"
- echo "https://ci.fff.community/artifacts/$(git describe --tags)"
branches: [ master ]

7
bsp/ath79-generic/.config
View File

@ -7,11 +7,11 @@ CONFIG_TARGET_MULTI_PROFILE=y
CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_glinet_gl-ar150=y
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_glinet_gl-ar150=""
CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c25-v1=y
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c25-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9887-ct ath10k-firmware-qca9887"
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c25-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9887-ct ath10k-firmware-qca9887"
CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c60-v1=y
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c60-v2=y
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v2="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v2="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c7-v2=y
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c7-v2="-kmod-ath10k-ct kmod-ath10k -ath10k-firmware-qca988x-ct ath10k-firmware-qca988x"
CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c7-v5=y
@ -88,7 +88,6 @@ CONFIG_PACKAGE_wpad-mini=m
CONFIG_PACKAGE_ath10k-firmware-qca9887=m
CONFIG_PACKAGE_ath10k-firmware-qca9888=m
CONFIG_PACKAGE_ath10k-firmware-qca988x=m
CONFIG_PACKAGE_kmod-ath10k-smallbuffers=m
CONFIG_PACKAGE_kmod-ath10k=m
CONFIG_PACKAGE_ath10k-firmware-qca9887-ct=m
CONFIG_PACKAGE_ath10k-firmware-qca9888-ct=m

1
bsp/octeon.bsp
View File

@ -1,5 +1,4 @@
chipset=octeon
subtarget=generic
images=(
"openwrt-${chipset}-ubnt_edgerouter-4-*"

4
bsp/x86-64.bsp
View File

@ -1,4 +0,0 @@
chipset=x86
subtarget=64
images=("openwrt-${chipset}-${subtarget}-generic-squashfs-combined-*"
)

19
bsp/x86-64/.config
View File

@ -1,19 +0,0 @@
# Generated using "./buildscript config openwrt".
# Do no edit manually
#
CONFIG_TARGET_x86=y
CONFIG_TARGET_x86_64=y
CONFIG_TARGET_x86_64_DEVICE_generic=y
# CONFIG_TARGET_ROOTFS_EXT4FS is not set
CONFIG_BUSYBOX_CUSTOM=y
CONFIG_TARGET_PER_DEVICE_ROOTFS=y
# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
# CONFIG_BUSYBOX_CONFIG_CROND is not set
# CONFIG_BUSYBOX_CONFIG_CRONTAB is not set
# CONFIG_BUSYBOX_CONFIG_FEATURE_FAST_TOP is not set
# CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
CONFIG_CLEAN_IPKG=y
# CONFIG_PACKAGE_ALFRED_VIS is not set
CONFIG_PACKAGE_kmod-vmxnet3=y
CONFIG_PACKAGE_opkg=m
CONFIG_STRIP_KERNEL_EXPORTS=y

72
build_patches/openwrt/0005-mac80211-add-back-ath10k_pci-memory-hacks.patch Normal file
View File

@ -0,0 +1,72 @@
From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Date: Wed, 10 Feb 2021 22:53:00 +0100
Subject: mac80211: add back ath10k_pci memory hacks
These hacks have been removed in commit 1e27befe63ff ("mac80211: remove
ath10k_pci memory hacks").
However, since we still use mainline ath10k, we will need them.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
diff --git a/package/kernel/mac80211/patches/ath/960-ath10k-limit-htt-rx-ring-size.patch b/package/kernel/mac80211/patches/ath/960-ath10k-limit-htt-rx-ring-size.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e907c7ab73677a3db928ef3620d77bf22a4d752a
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath/960-ath10k-limit-htt-rx-ring-size.patch
@@ -0,0 +1,11 @@
+--- a/drivers/net/wireless/ath/ath10k/htt.h
++++ b/drivers/net/wireless/ath/ath10k/htt.h
+@@ -236,7 +236,7 @@ enum htt_rx_ring_flags {
+ };
+
+ #define HTT_RX_RING_SIZE_MIN 128
+-#define HTT_RX_RING_SIZE_MAX 2048
++#define HTT_RX_RING_SIZE_MAX 512
+ #define HTT_RX_RING_SIZE HTT_RX_RING_SIZE_MAX
+ #define HTT_RX_RING_FILL_LEVEL (((HTT_RX_RING_SIZE) / 2) - 1)
+ #define HTT_RX_RING_FILL_LEVEL_DUAL_MAC (HTT_RX_RING_SIZE - 1)
diff --git a/package/kernel/mac80211/patches/ath/961-ath10k-limit-pci-buffer-size.patch b/package/kernel/mac80211/patches/ath/961-ath10k-limit-pci-buffer-size.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b5e5c3a9bb00a407096936ece1916e331e0164f5
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath/961-ath10k-limit-pci-buffer-size.patch
@@ -0,0 +1,38 @@
+--- a/drivers/net/wireless/ath/ath10k/pci.c
++++ b/drivers/net/wireless/ath/ath10k/pci.c
+@@ -131,7 +131,7 @@ static const struct ce_attr pci_host_ce_
+ .flags = CE_ATTR_FLAGS,
+ .src_nentries = 0,
+ .src_sz_max = 2048,
+- .dest_nentries = 512,
++ .dest_nentries = 128,
+ .recv_cb = ath10k_pci_htt_htc_rx_cb,
+ },
+
+@@ -140,7 +140,7 @@ static const struct ce_attr pci_host_ce_
+ .flags = CE_ATTR_FLAGS,
+ .src_nentries = 0,
+ .src_sz_max = 2048,
+- .dest_nentries = 128,
++ .dest_nentries = 64,
+ .recv_cb = ath10k_pci_htc_rx_cb,
+ },
+
+@@ -167,7 +167,7 @@ static const struct ce_attr pci_host_ce_
+ .flags = CE_ATTR_FLAGS,
+ .src_nentries = 0,
+ .src_sz_max = 512,
+- .dest_nentries = 512,
++ .dest_nentries = 128,
+ .recv_cb = ath10k_pci_htt_rx_cb,
+ },
+
+@@ -192,7 +192,7 @@ static const struct ce_attr pci_host_ce_
+ .flags = CE_ATTR_FLAGS,
+ .src_nentries = 0,
+ .src_sz_max = 2048,
+- .dest_nentries = 128,
++ .dest_nentries = 96,
+ .recv_cb = ath10k_pci_pktlog_rx_cb,
+ },
+

106
build_patches/openwrt/0011-generic-add-support-for-EON-EN25QX128A-spi-nor-flash.patch
View File

@ -1,106 +0,0 @@
From 3b63209f03007e755c4a076d0a81a60fdf15dcd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
Date: Wed, 16 Nov 2022 11:41:32 +0100
Subject: [PATCH] generic: add support for EON EN25QX128A spi nor flash
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add support for EON EN25QX128A spi nor flash with no flags as it does
support SFDP parsing.
Fixes: #9442
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit]
[fabian@blaese.de: Backport to Kernel 5.4]
Signed-off-by: Fabian Bläse <fabian@blaese.de>
---
.../477-mtd-spi-nor-add-eon-en25qx128a.patch | 21 +++++++++++++++++++
.../477-mtd-spi-nor-add-eon-en25qx128a.patch | 21 +++++++++++++++++++
.../477-mtd-spi-nor-add-eon-en25qx128a.patch | 21 +++++++++++++++++++
3 files changed, 63 insertions(+)
create mode 100644 target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
create mode 100644 target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
create mode 100644 target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
diff --git a/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
new file mode 100644
index 0000000000..0a681d6753
--- /dev/null
+++ b/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
@@ -0,0 +1,21 @@
+From: Christian Marangi <ansuelsmth@gmail.com>
+Subject: kernel/mtd: add support for EON EN25QX128A
+
+Add support for EON EN25QX128A with no flags as it does
+support SFDP parsing.
+
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+---
+ drivers/mtd/spi-nor/spi-nor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/mtd/spi-nor/eon.c
++++ b/drivers/mtd/spi-nor/eon.c
+@@ -15,6 +15,7 @@ static const struct flash_info eon_parts
+ { "en25q64", INFO(0x1c3017, 0, 64 * 1024, 128, SECT_4K) },
+ { "en25q128", INFO(0x1c3018, 0, 64 * 1024, 256,
+ SECT_4K | SPI_NOR_DUAL_READ) },
++ { "en25qx128a", INFO(0x1c7118, 0, 64 * 1024, 256, 0) },
+ { "en25q80a", INFO(0x1c3014, 0, 64 * 1024, 16,
+ SECT_4K | SPI_NOR_DUAL_READ) },
+ { "en25qh16", INFO(0x1c7015, 0, 64 * 1024, 32,
diff --git a/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
new file mode 100644
index 0000000000..0a681d6753
--- /dev/null
+++ b/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
@@ -0,0 +1,21 @@
+From: Christian Marangi <ansuelsmth@gmail.com>
+Subject: kernel/mtd: add support for EON EN25QX128A
+
+Add support for EON EN25QX128A with no flags as it does
+support SFDP parsing.
+
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+---
+ drivers/mtd/spi-nor/spi-nor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/mtd/spi-nor/eon.c
++++ b/drivers/mtd/spi-nor/eon.c
+@@ -15,6 +15,7 @@ static const struct flash_info eon_parts
+ { "en25q64", INFO(0x1c3017, 0, 64 * 1024, 128, SECT_4K) },
+ { "en25q128", INFO(0x1c3018, 0, 64 * 1024, 256,
+ SECT_4K | SPI_NOR_DUAL_READ) },
++ { "en25qx128a", INFO(0x1c7118, 0, 64 * 1024, 256, 0) },
+ { "en25q80a", INFO(0x1c3014, 0, 64 * 1024, 16,
+ SECT_4K | SPI_NOR_DUAL_READ) },
+ { "en25qh16", INFO(0x1c7015, 0, 64 * 1024, 32,
diff --git a/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
new file mode 100644
index 0000000000..0a681d6753
--- /dev/null
+++ b/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
@@ -0,0 +1,18 @@
+From: Fabian Bläse <fabian@blaese.de>
+Subject: kernel/mtd: add support for EON EN25QX128A
+
+Signed-off-by: Fabian Bläse <fabian@blaese.de>
+---
+ drivers/mtd/spi-nor/spi-nor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/mtd/spi-nor/spi-nor.c
++++ b/drivers/mtd/spi-nor/spi-nor.c
+@@ -2240,8 +2240,9 @@ static const struct flash_info spi_nor_i
+ { "en25p64", INFO(0x1c2017, 0, 64 * 1024, 128, 0) },
+ { "en25q64", INFO(0x1c3017, 0, 64 * 1024, 128, SECT_4K) },
+ { "en25q128", INFO(0x1c3018, 0, 64 * 1024, 256, SECT_4K) },
++ { "en25qx128a", INFO(0x1c7118, 0, 64 * 1024, 256, 0) },
+ { "en25q80a", INFO(0x1c3014, 0, 64 * 1024, 16,
+ SECT_4K | SPI_NOR_DUAL_READ) },
+ { "en25qh32", INFO(0x1c7016, 0, 64 * 1024, 64, 0) },
--
2.38.1

101
build_patches/openwrt/0020-kernel-5.4-backport-fix-to-allow-bridge-in-bridge-co.patch Normal file
View File

@ -0,0 +1,101 @@
From c50ece58c41647880cc74c927d98b465cdfbdad8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
Date: Sun, 29 Aug 2021 21:21:35 +0200
Subject: [PATCH] kernel: backport switchdev fix for bridge in bridge
configurations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch fixes the forwarding behavior of bridge in bridge
configurations with DSA.
Without it, the configuration of the upper bridge might overwrite
settings of the lower bridge. For example, a vlan-aware bridge
with DSA interfaces in it might be offloaded to the DSA hardware. If the
bridge interface itself gets slave of a different bridge without vlan
filtering, the vlan filtering setting of the lower bridge is overwritten
by the upper bridge, which results in an incorrect hardware
configuration.
This was backported from kernel 5.7.
Ref: https://lore.kernel.org/netdev/20191222192235.GK25745@shell.armlinux.org.uk/
Fixes: FS#3996
Signed-off-by: Fabian Bläse <fabian@blaese.de>
---
...-not-propagate-bridge-updates-across.patch | 60 +++++++++++++++++++
1 file changed, 60 insertions(+)
create mode 100644 target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
diff --git a/target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch b/target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
new file mode 100644
index 000000000000..bc8014b772f8
--- /dev/null
+++ b/target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
@@ -0,0 +1,60 @@
+From 07c6f9805f12f1bb538ef165a092b300350384aa Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@armlinux.org.uk>
+Date: Wed, 26 Feb 2020 17:14:21 +0000
+Subject: [PATCH] net: switchdev: do not propagate bridge updates across
+ bridges
+
+When configuring a tree of independent bridges, propagating changes
+from the upper bridge across a bridge master to the lower bridge
+ports brings surprises.
+
+For example, a lower bridge may have vlan filtering enabled. It
+may have a vlan interface attached to the bridge master, which may
+then be incorporated into another bridge. As soon as the lower
+bridge vlan interface is attached to the upper bridge, the lower
+bridge has vlan filtering disabled.
+
+This occurs because switchdev recursively applies its changes to
+all lower devices no matter what.
+
+Reviewed-by: Ido Schimmel <idosch@mellanox.com>
+Tested-by: Ido Schimmel <idosch@mellanox.com>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/switchdev/switchdev.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c
+index 60630762a748b7..f25604d68337cf 100644
+--- a/net/switchdev/switchdev.c
++++ b/net/switchdev/switchdev.c
+@@ -476,6 +476,9 @@ static int __switchdev_handle_port_obj_a
+ * necessary to go through this helper.
+ */
+ netdev_for_each_lower_dev(dev, lower_dev, iter) {
++ if (netif_is_bridge_master(lower_dev))
++ continue;
++
+ err = __switchdev_handle_port_obj_add(lower_dev, port_obj_info,
+ check_cb, add_cb);
+ if (err && err != -EOPNOTSUPP)
+@@ -528,6 +531,9 @@ static int __switchdev_handle_port_obj_d
+ * necessary to go through this helper.
+ */
+ netdev_for_each_lower_dev(dev, lower_dev, iter) {
++ if (netif_is_bridge_master(lower_dev))
++ continue;
++
+ err = __switchdev_handle_port_obj_del(lower_dev, port_obj_info,
+ check_cb, del_cb);
+ if (err && err != -EOPNOTSUPP)
+@@ -579,6 +585,9 @@ static int __switchdev_handle_port_attr_
+ * necessary to go through this helper.
+ */
+ netdev_for_each_lower_dev(dev, lower_dev, iter) {
++ if (netif_is_bridge_master(lower_dev))
++ continue;
++
+ err = __switchdev_handle_port_attr_set(lower_dev, port_attr_info,
+ check_cb, set_cb);
+ if (err && err != -EOPNOTSUPP)
--
2.33.0

19
build_patches/openwrt/0020-mt7621-retain-old-compat_version.patch Normal file
View File

@ -0,0 +1,19 @@
From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
Date: Sat, 23 Oct 2021 23:34:07 +0200
Subject: [PATCH] mt7621: retain old compat_version
diff --git a/target/linux/ramips/image/mt7621.mk b/target/linux/ramips/image/mt7621.mk
index a3bc14d59d..99887e8192 100644
--- a/target/linux/ramips/image/mt7621.mk
+++ b/target/linux/ramips/image/mt7621.mk
@@ -91,8 +91,7 @@ define Build/zytrx-header
endef
define Device/dsa-migration
- DEVICE_COMPAT_VERSION := 1.1
- DEVICE_COMPAT_MESSAGE := Config cannot be migrated from swconfig to DSA
+ DEVICE_COMPAT_VERSION := 1.0
endef
define Device/adslr_g7

20
build_patches/openwrt/0050-Disable-ipq40xx-lan-wan-separation.patch
View File

@ -38,20 +38,20 @@ index ac11655904..147e159ea1 100755
;;
avm,fritzbox-7530 |\
diff --git a/target/linux/ipq40xx/base-files/etc/board.d/02_network b/target/linux/ipq40xx/base-files/etc/board.d/02_network
index 87c79db5e1..666be0d145 100755
index 1d4c78833a..ea2cc60186 100755
--- a/target/linux/ipq40xx/base-files/etc/board.d/02_network
+++ b/target/linux/ipq40xx/base-files/etc/board.d/02_network
@@ -58,9 +58,8 @@ ipq40xx_setup_interfaces()
avm,fritzbox-4040|\
@@ -59,9 +59,8 @@ ipq40xx_setup_interfaces()
linksys,ea6350v3|\
linksys,ea8300)
linksys,ea8300|\
linksys,mr8300)
- ucidef_set_interfaces_lan_wan "eth0" "eth1"
ucidef_add_switch "switch0" \
- "0u@eth0" "1:lan" "2:lan" "3:lan" "4:lan"
+ "0@eth0" "1:lan" "2:lan" "3:lan" "4:lan" "5:wan"
;;
linksys,mr8300)
ucidef_set_interfaces_lan_wan "eth0" "eth1"
avm,fritzbox-7530)
ucidef_add_switch "switch0" \
diff --git a/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h b/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h
index 015e5f5026..daa60639d1 100644
--- a/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h
@ -80,10 +80,10 @@ index 015e5f5026..daa60639d1 100644
/* Queues exposed to linux kernel */
#define EDMA_NETDEV_TX_QUEUE 4
diff --git a/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c b/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
index 545e3985ae..28453c2363 100644
index c35ba2799f..0517e4f29e 100644
--- a/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
+++ b/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
@@ -1483,6 +1483,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
@@ -1481,6 +1481,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
unsigned long bmp;
/* By default Enable VLAN */
@ -91,7 +91,7 @@ index 545e3985ae..28453c2363 100644
priv->vlan = 1;
priv->vlan_table[AR40XX_LAN_VLAN] = priv->cpu_bmp | priv->lan_bmp;
priv->vlan_table[AR40XX_WAN_VLAN] = priv->cpu_bmp | priv->wan_bmp;
@@ -1494,6 +1495,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
@@ -1492,6 +1493,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
bmp = priv->wan_bmp;
for_each_set_bit(port, &bmp, AR40XX_NUM_PORTS)
priv->pvid[port] = AR40XX_WAN_VLAN;
@ -100,7 +100,7 @@ index 545e3985ae..28453c2363 100644
return 0;
}
diff --git a/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch b/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
index 3567eb7810..b13b312a91 100644
index 7b2ddfe00d..1a01b08e41 100644
--- a/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
+++ b/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
@@ -36,7 +36,7 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

32
build_patches/openwrt/0100-Add-hack-which-fixes-forwarding-on-a-stacked-bridge-.patch
View File

@ -1,32 +0,0 @@
From f53b71d2907eeb0d80e79d99fa7b756b5e5bf32b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
Date: Thu, 24 Feb 2022 00:04:47 +0100
Subject: [PATCH] Add hack which fixes forwarding on a stacked bridge
configuration using DSA
---
.../hack-5.4/999-fix-stacked-bridge-forwarding.patch | 12 ++++++++++++
1 file changed, 12 insertions(+)
create mode 100644 target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
diff --git a/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch b/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
new file mode 100644
index 0000000000..e1d4cb9cd5
--- /dev/null
+++ b/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
@@ -0,0 +1,12 @@
+--- a/net/bridge/br_input.c
++++ b/net/bridge/br_input.c
+@@ -52,6 +52,9 @@ static int br_pass_frame_up(struct sk_bu
+ return NET_RX_DROP;
+ }
+
++ /* remove offload flag, so upper bridges do not drop the packet */
++ br_switchdev_frame_unmark(skb);
++
+ indev = skb->dev;
+ skb->dev = brdev;
+ skb = br_handle_vlan(br, NULL, vg, skb);
--
2.35.1

158
build_patches/openwrt/0200-mpc85xx-Drop-pci-aliases-to-avoid-domain-changes.patch
View File

@ -1,158 +0,0 @@
From 7f4b4c29f3489697dca7495216460d0ed5023e02 Mon Sep 17 00:00:00 2001
From: Martin Kennedy <hurricos@gmail.com>
Date: Mon, 29 Aug 2022 20:47:24 -0400
Subject: [PATCH] mpc85xx: Drop pci aliases to avoid domain changes
As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
domain address is no longer numbered by the lowest 16 bits of the PCI
register address after a fallthrough. Instead of the fallthrough, the
enumeration process accepts the alias ID (as determined by
`of_alias_scan()`). This causes e.g.:
9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
to become
0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
... which then causes the sysfs path of the netdev to change,
invalidating the `wifi_device.path`s enumerated in
`/etc/config/wireless`.
One other solution might be to migrate the uci configuration, as was
done for mvebu in commit 0bd5aa89fcf2 ("mvebu: Migrate uci config to
new PCIe path"). However, there are concerns that the sysfs path will
change once again once some upstream patches[^2][^3] are merged and
backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).
Instead, remove the aliases and allow the fallthrough to continue for
now. We will provide a migration in a later release.
This was first reported as a Github issue[^1].
[^1]: https://github.com/openwrt/openwrt/issues/10530
[^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u
[^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/
Fixes: #10530
Tested-by: Martin Kennedy <hurricos@gmail.com>
[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
---
.../files/arch/powerpc/boot/dts/hiveap-330.dts | 13 +++++++++++++
.../mpc85xx/files/arch/powerpc/boot/dts/panda.dts | 14 ++++++++++++++
.../files/arch/powerpc/boot/dts/red-15w-rev1.dts | 14 ++++++++++++++
.../files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts | 13 +++++++++++++
.../files/arch/powerpc/boot/dts/ws-ap3710i.dts | 13 +++++++++++++
6 files changed, 80 insertions(+)
diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
index ccf60eaeed0e1..d6a8da84ef66d 100644
--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
+++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
@@ -300,3 +300,16 @@
};
};
/include/ "fsl/p1020si-post.dtsi"
+
+/*
+ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
+ * aliases to determine PCI domain numbers, drop aliases so as not to
+ * change the sysfs path of our wireless netdevs.
+ */
+
+/ {
+ aliases {
+ /delete-property/ pci0;
+ /delete-property/ pci1;
+ };
+};
diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
index baaa4a43fd559..9be822f7bb8ac 100644
--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
+++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
@@ -265,3 +265,17 @@
};
};
/include/ "fsl/p1020si-post.dtsi"
+
+/*
+ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
+ * aliases to determine PCI domain numbers, drop aliases so as not to
+ * change the sysfs path of our wireless netdevs.
+ */
+
+/ {
+ aliases {
+ /delete-property/ pci0;
+ /delete-property/ pci1;
+ };
+};
+
diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
index 1fd6a4aa49713..db35602b94b5b 100644
--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
+++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
@@ -214,3 +214,17 @@
};
/include/ "fsl/p1010si-post.dtsi"
+
+/*
+ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
+ * aliases to determine PCI domain numbers, drop aliases so as not to
+ * change the sysfs path of our wireless netdevs.
+ */
+
+/ {
+ aliases {
+ /delete-property/ pci0;
+ /delete-property/ pci1;
+ };
+};
+
diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
index fbe1c0ee705d2..12281808aa5b6 100644
--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
+++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
@@ -302,3 +302,16 @@
/delete-node/ crypto@30000; /* Pulled in by p1010si-post */
};
};
+
+/*
+ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
+ * aliases to determine PCI domain numbers, drop aliases so as not to
+ * change the sysfs path of our wireless netdevs.
+ */
+
+/ {
+ aliases {
+ /delete-property/ pci0;
+ /delete-property/ pci1;
+ };
+};
diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
index c5588d80275e2..5d81da4686413 100644
--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
+++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
@@ -173,3 +173,16 @@
};
/include/ "fsl/p1020si-post.dtsi"
+
+/*
+ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
+ * aliases to determine PCI domain numbers, drop aliases so as not to
+ * change the sysfs path of our wireless netdevs.
+ */
+
+/ {
+ aliases {
+ /delete-property/ pci0;
+ /delete-property/ pci1;
+ };
+};

53
buildscript
View File

@ -7,15 +7,15 @@ set -o pipefail
builddir=./build
# OpenWrt: package hashes correspond to core repo version
OPENWRTREV="v21.02.5"
PACKAGEREV="0b16e3f359fe9d015861596d63c5bde4c56daa2e"
ROUTINGREV="25e76489c83cfcee61e36a491896e1e9bfc3ec13"
OPENWRTREV="v21.02.0"
PACKAGEREV="65057dcbb5de371503c9159de3d45824bec482e0"
ROUTINGREV="c30c9ffc93702365439a7647244a052531f2e957"
# Gluon packages: master from 2020-02-04
GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c"
OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl micrond mtr bmon"
ROUTING_PKGS="kmod-batman-adv batctl alfred babeld bird2"
ROUTING_PKGS="kmod-batman-adv batctl alfred babeld"
GLUON_PKGS="simple-tc uradvd"
FFF_VARIANTS="node layer3"
@ -126,9 +126,20 @@ prepare() {
patch_target
# apply variant to ensure the included file "variant.mk"
# exists in builddir.
apply_variant
update_feeds
}
apply_variant() {
# set the variant for this build
export FFF_VARIANT=$(cat selected_variant)
# force the reevaluation of this Makefile to make note of the new variant
touch ./src/packages/fff/fff/Makefile
}
update_feeds() {
## generate own feeds.conf
#this local variable should be globally configure variable used in get_source and here
@ -163,6 +174,8 @@ update_feeds() {
}
prebuild() {
apply_variant
#create filesdir for our config
/bin/rm -rf "$builddir"/files
mkdir "$builddir"/files
@ -180,9 +193,6 @@ prebuild() {
version="$variant-$version"
fi
# select variant packages
echo "CONFIG_PACKAGE_fff-${variant}=y" >> "$builddir"/.config
{
echo "FIRMWARE_VERSION=\"$version\""
echo "VARIANT=\"$variant\""
@ -208,19 +218,13 @@ build() {
case "$1" in
"debug")
if [ -n "$2" ]; then
make V=99 -j $2
else
make V=99
fi
make V=99
;;
"fast")
[ -n "$2" ] && threads=$2 || threads=$((cpus*2))
ionice -c 2 -- nice -n 1 -- make -j $threads
ionice -c 2 -- nice -n 1 -- make -j $((cpus*2))
;;
*)
[ -n "$2" ] && threads=$2 || threads=$((cpus+1))
ionice -c 3 -- nice -n 10 -- make -j $threads
ionice -c 3 -- nice -n 10 -- make -j $((cpus+1))
;;
esac
@ -286,13 +290,7 @@ cp_firmware() {
filename_build=${f##*/}
filename_build=${filename_build//openwrt/fff-${version}}
filename_build=${filename_build//squashfs-/}
# The x86 OpenWrt target does not have a device name,
# so keep the target and subtarget for identification.
if [ "$chipset" != "x86" ]; then
filename_build=${filename_build//${chipset}-/}
filename_build=${filename_build//${subtarget}-/}
fi
filename_build=${filename_build//${chipset}-${subtarget}-/}
cp "$f" "$imagedestpath/$filename_build"
done
done
@ -318,7 +316,8 @@ buildrelease() {
fi
cd bin/$variant
for binary in *.bin *.img *.img.gz *.tar; do
for binary in *.bin; do
md5sum "$binary" > ./"$binary".md5
sha256sum "$binary" > ./"$binary".sha256
done
echo -e "VERSION:$version" > release.nfo
@ -450,13 +449,13 @@ case "$1" in
"build")
if [ "$2" = "help" ] || [ "$2" = "x" ]; then
echo "This option compiles the firmware"
echo "Normally the build uses lower IO and System priorities, "
echo "Normaly the build uses lower IO and System priorities, "
echo "you can append \"fast\" option, to use normal user priorities"
echo
echo "Usage: $0 $1 [fast|debug] [numthreads]"
echo "Usage: $0 $1 [fast|debug]"
echo
else
build "$2" "$3"
build "$2"
fi
;;
"config")

2
src/packages/fff/fff-alfred-monitoring-proxy/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-alfred-monitoring-proxy
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=5
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-alfred/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-alfred
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=2
include $(INCLUDE_DIR)/package.mk

29
src/packages/fff/fff-babel-bird2/Makefile
View File

@ -1,29 +0,0 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-babel-bird2
PKG_RELEASE:=$(COMMITCOUNT)
include $(INCLUDE_DIR)/package.mk
define Package/fff-babel-bird2
SECTION:=base
CATEGORY:=Freifunk
TITLE:=Freifunk-Franken babel-bird2
URL:=https://www.freifunk-franken.de
DEPENDS:=+bird2 +bird2c +owipcalc
PROVIDES:=fff-babel-implementation
endef
define Package/fff-babel-bird2/description
This is the Freifunk Franken Firmware babel-bird2 package.
endef
define Build/Compile
# nothing
endef
define Package/fff-babel-bird2/install
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,fff-babel-bird2))

123
src/packages/fff/fff-babel-bird2/files/etc/bird-fff.conf
View File

@ -1,123 +0,0 @@
# router id is not required for babeld, but necessary for bird startup
router id 192.0.2.0;
ipv4 table fff4;
ipv6 sadr table fff6;
protocol device {
scan time 15;
}
# device routes for ipv4 peering address
protocol direct {
ipv4 {
table fff4;
import filter {
include "/tmp/bird/include/nat-filter.conf";
if (net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16) && net.len = 32 then {
accept;
}
reject;
};
};
}
# device routes on loopback interface
protocol direct {
ipv4 {
table fff4;
import filter {
include "/tmp/bird/include/nat-filter.conf";
if net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16 then {
accept;
}
reject;
};
};
ipv6 sadr {
table fff6;
import filter {
if net ~ fdff::/64 from ::/0 then {
reject;
}
# only import GUA + ULA addresses
if net !~ 2000::/3 from ::/0 && net !~ fc00::/7 from ::/0 then {
reject;
}
accept;
};
import keep filtered;
};
interface "lo";
}
# ipv6 kernel route interface
protocol kernel {
ipv6 sadr {
table fff6;
import filter {
# only import routes from kernel with proto static
if krt_source != 4 then {
reject;
}
if net ~ fdff::/64 from ::/0 then {
reject;
}
accept;
};
export all;
preference 200;
};
kernel table 10;
scan time 15;
learn yes;
}
# ipv4 kernel route interface
protocol kernel {
ipv4 {
table fff4;
import filter {
include "/tmp/bird/include/nat-filter.conf";
# only import routes from kernel with proto static
if krt_source = 4 then {
accept;
}
reject;
};
export all;
preference 200;
};
kernel table 10;
scan time 15;
learn yes;
}
protocol babel {
# required due to static configuration of global router id.
# also improves reconnect speed after restart.
randomize router id yes;
ipv4 {
table fff4;
import all;
export all;
};
ipv6 sadr {
table fff6;
import all;
export all;
};
include "/tmp/bird/include/babelpeers.conf";
};

0
src/packages/fff/fff-babel-bird2/files/etc/bird/fff/nat-filter.conf
View File

45
src/packages/fff/fff-babel-bird2/files/etc/init.d/fff-bird
View File

@ -1,45 +0,0 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2010-2017 OpenWrt.org
USE_PROCD=1
START=70
BIRD_BIN="/usr/sbin/bird"
BIRD_CONF="/etc/bird.conf"
BIRD_PID_FILE="/var/run/bird.pid"
start_service() {
mkdir -p /var/run
set_include_path
procd_open_instance
procd_set_param command $BIRD_BIN -f -c $BIRD_CONF -P $BIRD_PID_FILE
procd_set_param file "$BIRD_CONF"
procd_set_param stdout 1
procd_set_param stderr 1
procd_set_param respawn
procd_close_instance
}
reload_service() {
set_include_path
procd_send_signal fff-bird
}
set_include_path() {
# Change include file path, so bird uses the correct configuration, depending on the configuration state:
# - If test mode is active (and /tmp/bird/fff exists), switch to the temporary configuration to be tested.
# - If new settings are applied or the old settings are restored after an unsuccessful test (and /tmp/bird/fff does not exist),
# switch back to the permanent configuration (/etc/bird/fff).
mkdir -p /tmp/bird/include
if [ -d /tmp/bird/fff ]; then
echo 'include "/tmp/bird/fff/babelpeers/*.conf";' > /tmp/bird/include/babelpeers.conf
echo 'include "/tmp/bird/fff/nat-filter.conf";' > /tmp/bird/include/nat-filter.conf
else
echo 'include "/etc/bird/fff/babelpeers/*.conf";' > /tmp/bird/include/babelpeers.conf
echo 'include "/etc/bird/fff/nat-filter.conf";' > /tmp/bird/include/nat-filter.conf
fi
}

4
src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/30-disable-bird2
View File

@ -1,4 +0,0 @@
/etc/init.d/bird disable
rm -f /etc/init.d/bird
exit 0

5
src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/60-fff-bird-config
View File

@ -1,5 +0,0 @@
# SPDX-License-Identifier: GPL-3.0-only
mv /etc/bird-fff.conf /etc/bird.conf
exit 0

72
src/packages/fff/fff-babel-bird2/files/lib/functions/fff/babeldaemon/bird2
View File

@ -1,72 +0,0 @@
# SPDX-License-Identifier: GPL-3.0-only
babel_get_version() {
/usr/sbin/bird --version 2>&1 | sed "s/BIRD version /bird-/"
}
babel_add_interface() {
[ "$#" -ne "4" ] && return 1
local name="$1"
local interface="$2"
local type="$3"
local rxcost="$4"
mkdir -p /tmp/bird/fff/babelpeers
echo "interface \"$interface\" { type $type; rxcost $rxcost; };" > /tmp/bird/fff/babelpeers/$name.conf
return 0
}
babel_delete_interface() {
[ "$#" -ne "1" ] && return 1
local name="$1"
# Removing peers from /etc is not necessary, as all peers are generated into /tmp on every configuration run,
# which completely overwrites existing peers in /etc in the apply step.
rm -f /tmp/bird/fff/babelpeers/$name.conf
return 0
}
babel_add_redistribute_filter() {
return 0
}
babel_add_private_prefix_filter() {
[ "$#" -ne "1" ] && return 1
local prefix="$1"
prefix=$(owipcalc "$prefix" network prefix "$prefix")
mkdir -p /tmp/bird/fff
echo "if net ~ $prefix then reject;" > /tmp/bird/fff/nat-filter.conf
return 0
}
babel_remove_custom_redistribute_filters() {
mkdir -p /tmp/bird/fff
> /tmp/bird/fff/nat-filter.conf
return 0
}
babel_apply_implementation() {
# error output hidden because apply might be executed without a preceding configure step.
if [ -d /tmp/bird/fff ]; then
rm -rf /etc/bird/fff
mv /tmp/bird/fff /etc/bird/fff
fi
return 0
}
babel_reload_implementation() {
/etc/init.d/fff-bird reload
}
babel_revert() {
rm -r /tmp/bird/fff
}

20
src/packages/fff/fff-babel-bird2/files/usr/lib/nodewatcher.d/80-bird2.sh
View File

@ -1,20 +0,0 @@
#!/bin/sh
# SPDX-License-Identifier: GPL-3.0-only
set -e
set -o pipefail
if ! birdc show status >/dev/null 2>&1; then
# bird daemon not running or unavailable. exit.
exit 0
fi
neighbours="$(birdc -r show babel neighbors |
tail -n +5 |
awk '{ printf "<neighbour><ip>%s</ip><outgoing_interface>%s</outgoing_interface><link_cost>%s</link_cost></neighbour>", $1, $2, $3 }'
)"
echo -n "<babel_neighbours>$neighbours</babel_neighbours>"
exit 0

28
src/packages/fff/fff-babel/Makefile
View File

@ -1,28 +0,0 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-babel
PKG_RELEASE:=$(COMMITCOUNT)
include $(INCLUDE_DIR)/package.mk
define Package/fff-babel
SECTION:=base
CATEGORY:=Freifunk
TITLE:=Freifunk-Franken babel
URL:=https://www.freifunk-franken.de
DEPENDS:=+fff-babel-implementation
endef
define Package/fff-babel/description
This is the Freifunk Franken Firmware babel package.
endef
define Build/Compile
# nothing
endef
define Package/fff-babel/install
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,fff-babel))

3
src/packages/fff/fff-babeld/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-babeld
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=8
include $(INCLUDE_DIR)/package.mk
@ -11,7 +11,6 @@ define Package/fff-babeld
TITLE:=Freifunk-Franken babeld configuration example
URL:=https://www.freifunk-franken.de
DEPENDS:=+babeld
PROVIDES:=fff-babel-implementation
endef
define Package/fff-babeld/description

21
src/packages/fff/fff-babel/files/etc/layer3.d/40-babel → src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
View File

@ -26,7 +26,7 @@ configure() {
fi
}
config_load network
config_load babeld
config_foreach remove_babelpeer interface
#add new peers
@ -75,14 +75,14 @@ configure() {
babel_add_peer6addr "network.$prefixname.ip6addr"
# add babel interface
babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babel interface for babelpeer $name"; exit 1; }
babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babeld interface for babelpeer $name"; exit 1; }
}
config_load gateway
config_foreach add_babelpeer babelpeer
# configure babel filters for custom ipv6 addresses
# configure babeld filters for custom ipv6 addresses
## remove old filters
babel_remove_custom_redistribute_filters
@ -90,25 +90,14 @@ configure() {
for prefix in $(uci -q get gateway.@client[0].ip6addr); do
babel_add_redistribute_filter "$prefix"
done
## add deny filters for client prefixes used with snat
if [ "$(uci -q get gateway.@client[0].snat)" = "1" ]; then
for prefix in $(uci -q get gateway.@client[0].ipaddr); do
babel_add_private_prefix_filter "$prefix"
done
fi
}
apply() {
uci commit network
babel_apply
}
reload() {
babel_reload
uci commit babeld
}
revert() {
uci revert network
babel_revert
uci revert babeld
}

0
src/packages/fff/fff-babel/files/etc/uci-defaults/26-babel-iproute → src/packages/fff/fff-babeld/files/etc/uci-defaults/01-iproute
View File

0
src/packages/fff/fff-babel/files/etc/uci-defaults/27-babel-network-rules → src/packages/fff/fff-babeld/files/etc/uci-defaults/02-network-rules
View File

3
src/packages/fff/fff-babeld/files/etc/uci-defaults/30-disable-babeld
View File

@ -1,3 +0,0 @@
/etc/init.d/babeld disable
exit 0

94
src/packages/fff/fff-babel/files/lib/functions/fff/babel → src/packages/fff/fff-babeld/files/lib/functions/fff/babel
View File

@ -1,9 +1,3 @@
implementation=$(uci -q get babelimpl.impl.impl)
[ -z "$implementation" ] && implementation=bird2
. /lib/functions/fff/babeldaemon/$implementation
babel_add_iifrules() {
[ "$#" -ne "1" ] && return 1
@ -44,18 +38,10 @@ babel_add_peeraddr() {
uci add_list "$option"="$peer_ip"
elif router_ip=$(uci -q get gateway.meta.router_ip); then
# use router_ip if no peer_ip is set
ip=$router_ip
# use only first ip
ip=${ip%% *}
# remove CIDR mask
ip=${ip%%/*}
uci add_list "$option"="$ip"
uci add_list "$option"="$router_ip"
elif ipaddr=$(uci -q get gateway.@client[0].ipaddr); then
# use client interface address (without subnet) if no router_ip is set
uci add_list "$option"=${ipaddr%%/*}
uci add_list "$option"=$(echo $ipaddr | cut -d / -f1)
else
echo "WARNING: No peer_ip, router_ip or client interface ipaddr set! IPv4 routing is not possible."
return 1
@ -78,39 +64,61 @@ babel_add_peer6addr() {
return 0
}
babel_reload() {
# switch implementation temporarily
case $implementation in
bird2)
/etc/init.d/babeld stop 2>/dev/null
/etc/init.d/fff-bird start
;;
babeld)
/etc/init.d/fff-bird stop 2>/dev/null
/etc/init.d/babeld start
;;
esac
babel_add_interface() {
[ "$#" -ne "4" ] && return 1
# call implementation-specific reload commands
babel_reload_implementation
local name="$1"
local interface="$2"
local type="$3"
local rxcost="$4"
uci set babeld.$name=interface
uci set babeld.$name.ifname="$interface"
uci set babeld.$name.type="$type"
uci set babeld.$name.rxcost="$rxcost"
return 0
}
babel_apply() {
# switch implementation persistently
case $implementation in
bird2)
/etc/init.d/babeld disable
/etc/init.d/fff-bird enable
;;
babeld)
/etc/init.d/fff-bird disable
/etc/init.d/babeld enable
;;
esac
babel_delete_interface() {
[ "$#" -ne "1" ] && return 1
babel_apply_implementation
local name="$1"
uci -q del babeld.$name
return 0
}
babel_add_redistribute_filter() {
[ "$#" -ne "1" ] && return 1
local prefix="$1"
config=$(uci add babeld filter)
uci set babeld.$config.type='redistribute'
uci set babeld.$config.ip="$prefix"
uci set babeld.$config.addedbyautoconfig='true'
return 0
}
babel_remove_custom_redistribute_filters() {
[ "$#" -ne "0" ] && return 1
remove_filters() {
local name="$1"
# check if filter was added by configuregateway
if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
return
fi
uci -q del babeld.$name
}
config_load babeld
config_foreach remove_filters filter
return 0
}

103
src/packages/fff/fff-babeld/files/lib/functions/fff/babeldaemon/babeld
View File

@ -1,103 +0,0 @@
# SPDX-License-Identifier: GPL-3.0-only
babel_get_version() {
/usr/sbin/babeld -V 2>&1
}
babel_add_interface() {
[ "$#" -ne "4" ] && return 1
local name="$1"
local interface="$2"
local type="$3"
local rxcost="$4"
uci set babeld.$name=interface
uci set babeld.$name.ifname="$interface"
uci set babeld.$name.type="$type"
uci set babeld.$name.rxcost="$rxcost"
return 0
}
babel_delete_interface() {
[ "$#" -ne "1" ] && return 1
local name="$1"
uci -q del babeld.$name
return 0
}
babel_add_redistribute_filter() {
[ "$#" -ne "1" ] && return 1
local prefix="$1"
config=$(uci add babeld filter)
uci set babeld.$config.type='redistribute'
uci set babeld.$config.ip="$prefix"
uci set babeld.$config.addedbyautoconfig='true'
return 0
}
babel_add_private_prefix_filter() {
[ "$#" -ne "1" ] && return 1
local prefix="$1"
config=$(uci add babeld filter)
uci set babeld.$config.type='redistribute'
uci set babeld.$config.ip="$prefix"
uci set babeld.$config.addedbyautoconfig='true'
uci set babeld.$config.action='deny'
# move to top, so filter rule has precedence over all other rules
uci reorder babeld.$config=0
config=$(uci add babeld filter)
uci set babeld.$config.type='redistribute'
uci set babeld.$config.ip="$prefix"
uci set babeld.$config.addedbyautoconfig='true'
uci set babeld.$config.local='true'
uci set babeld.$config.action='deny'
# move to top, so filter rule has precedence over all other rules
uci reorder babeld.$config=0
return 0
}
babel_remove_custom_redistribute_filters() {
[ "$#" -ne "0" ] && return 1
remove_filters() {
local name="$1"
# check if filter was added by configuregateway
if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
return
fi
uci -q del babeld.$name
}
config_load babeld
config_foreach remove_filters filter
return 0
}
babel_apply_implementation() {
uci commit babeld
}
babel_reload_implementation() {
return 0
}
babel_revert() {
uci revert babeld
}

34
src/packages/fff/fff-base/Makefile
View File

@ -1,34 +0,0 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-base
PKG_RELEASE:=$(COMMITCOUNT)
include $(INCLUDE_DIR)/package.mk
define Package/fff-base
SECTION:=base
CATEGORY:=Freifunk
TITLE:=Freifunk-Franken base dependencies
URL:=https://www.freifunk-franken.de
DEFAULT:=y
DEPENDS:= \
+iptables \
+ip6tables \
+micrond \
+odhcp6c \
+fff-config \
+fff-network \
+fff-nodewatcher \
+fff-simple-tc \
+fff-support \
+fff-sysupgrade \
+fff-timeserver \
+fff-web-ui \
+fff-wireless
endef
define Package/fff-variant/description
This package includes base packages used in the Freifunk-Franken firmware
endef
$(eval $(call BuildPackage,fff-base))

2
src/packages/fff/fff-batman-adv/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-batman-adv
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=4
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-boardname/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-boardname
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=8
include $(INCLUDE_DIR)/package.mk

4
src/packages/fff/fff-boardname/files/etc/uci-defaults/15-fff-boardname
View File

@ -1,9 +1,5 @@
BOARD=$(cat /var/sysinfo/board_name)
if uname -a | grep x86_64 > /dev/null; then
BOARD="x86_64"
fi
uci set board.model.name=$BOARD
uci commit board

2
src/packages/fff/fff-config/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-config
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=2
include $(INCLUDE_DIR)/package.mk

1
src/packages/fff/fff-config/files/etc/sysctl.d/20-oom-panic.conf
View File

@ -1 +0,0 @@
vm.panic_on_oom=1

2
src/packages/fff/fff-dhcp/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-dhcp
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=6
include $(INCLUDE_DIR)/package.mk

14
src/packages/fff/fff-dhcp/files/etc/uci-defaults/90-fff-dhcp
View File

@ -1,10 +1,3 @@
# Use a larger cachesize by default
cachesize=1024
# Increase cachesize for systems with enough memory
mem="$(awk '/^MemTotal:/ {print $2}' /proc/meminfo)"
[ "$mem" -gt 65536 ] && cachesize=8192
uci batch >/dev/null <<EOF
delete dhcp.@dnsmasq[0]
delete dhcp.lan
@ -19,19 +12,12 @@ uci batch >/dev/null <<EOF
set dhcp.@dnsmasq[-1].domain='fff.community'
set dhcp.@dnsmasq[-1].expandhosts='0'
set dhcp.@dnsmasq[-1].nonegcache='0'
set dhcp.@dnsmasq[-1].cachesize="$cachesize"
set dhcp.@dnsmasq[-1].authoritative='1'
set dhcp.@dnsmasq[-1].readethers='1'
set dhcp.@dnsmasq[-1].leasefile='/tmp/dhcp.leases'
set dhcp.@dnsmasq[-1].noresolv='1'
set dhcp.@dnsmasq[-1].localservice='1'
# do not generate A or AAAA records for the routers hostname,
# because this might interfere with upstream records.
#
# e.g. hostname: 'router.fff.community'
set dhcp.@dnsmasq[-1].add_local_fqdn='0'
set dhcp.client=dhcp
set dhcp.client.interface='client'
set dhcp.client.leasetime='1h'

2
src/packages/fff/fff-fastd/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-fastd
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=3
include $(INCLUDE_DIR)/package.mk

1
src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
View File

@ -29,7 +29,6 @@ ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers
echo "#!/bin/sh" > /etc/fastd/fff/up.sh
echo "ip link set up dev fffVPN" >> /etc/fastd/fff/up.sh
echo "batctl if add fffVPN" >> /etc/fastd/fff/up.sh
echo "batctl hardif fffVPN hop_penalty 30" >> /etc/fastd/fff/up.sh
chmod +x /etc/fastd/fff/up.sh
exit 0

29
src/packages/fff/fff-fastd/files/usr/lib/vpn-select.d/fastd
View File

@ -1,29 +0,0 @@
protocol=fastd
fastd_clear() {
rm /tmp/fastd_fff_peers/* 2>/dev/null
}
fastd_addpeer() {
[ -d /tmp/fastd_fff_peers ] || mkdir /tmp/fastd_fff_peers
# write fastd-config
json_get_var servername name
filename="/etc/fastd/fff/peers/$servername"
echo "#name \"${servername}\";" > "$filename"
json_get_var key key
echo "key \"${key}\";" >> "$filename"
json_get_var address address
json_get_var port port
echo "remote \"${address}\" port ${port};" >> "$filename"
echo "" >> "$filename"
echo "float yes;" >> "$filename"
}
fastd_start_stop() {
if ls /etc/fastd/fff/peers/* &>/dev/null; then
/etc/init.d/fastd reload
else
/etc/init.d/fastd stop
fi
}

2
src/packages/fff/fff-firewall/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-firewall
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=8
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-clamp-mss Normal file
View File

@ -0,0 +1,2 @@
#solves MTU problem with bad ISPs
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

5
src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh Normal file
View File

@ -0,0 +1,5 @@
# Limit ssh to 6 new connections per 60 seconds
/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP
/usr/sbin/iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
/usr/sbin/iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP

2
src/packages/fff/fff-hoods/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-hoods
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=19
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-hoodutils/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-hoodutils
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=2
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-layer3-config/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-layer3-config
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=9
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-layer3-config/files/etc/layer3.d/01-version
View File

@ -1,6 +1,6 @@
configure() {
# check if gateway config exists
if ! uci show gateway > /dev/null; then
if ! uci -q show gateway > /dev/null; then
echo "ERROR: Gateway config could not be parsed or does not exist."
return 1

7
src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-client
View File

@ -20,7 +20,7 @@ configure() {
# ip6addr
#remove old ip6addr
for ip in $(uci -q get network.client.ip6addr); do
for ip in $(uci get network.client.ip6addr); do
if echo "$ip" | grep -v -e "fdff:" -e "fe80::1/64" > /dev/null; then
uci del_list network.client.ip6addr="$ip"
fi
@ -50,10 +50,11 @@ configure() {
# set interface
#remove all eth interfaces
ifaces=$(uci get network.client.ifname | sed 's/\beth[^ ]* *//g' | sed 's/\bswitch[^ ]* *//g')
if vlan=$(uci -q get gateway.@client[0].vlan); then
uci set network.client.ifname="${SWITCHDEV}.$vlan"
uci set network.client.ifname="${SWITCHDEV}.$vlan $ifaces"
elif iface=$(uci -q get gateway.@client[0].iface); then
uci set network.client.ifname="$iface"
uci set network.client.ifname="$iface $ifaces"
else
echo "WARNING: No Interface for client specified"
fi

20
src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip
View File

@ -32,16 +32,6 @@ configure() {
for ip in $router_ip; do
uci -q add_list network.loopback.ipaddr="$ip"
# CIDR notation required
case $ip in
*/*)
# do nothing; ip is already in CIDR notation
;;
*)
ip="$ip/32"
;;
esac
config=$(uci add network rule)
uci -q set network.$config.src="$ip"
uci -q set network.$config.lookup='fff'
@ -55,16 +45,6 @@ configure() {
for ip in $router_ip6; do
uci -q add_list network.loopback.ip6addr="$ip"
# CIDR notation required
case $ip in
*/*)
# do nothing; ip is already in CIDR notation
;;
*)
ip="$ip/128"
;;
esac
config=$(uci add network rule6)
uci -q set network.$config.src="$ip"
uci -q set network.$config.lookup='fff'

17
src/packages/fff/fff-layer3-config/files/usr/sbin/configure-layer3
View File

@ -7,7 +7,6 @@
execute_subshell() {
if [ $# -ne 1 ]; then
echo "Usage:" "$0" "<function>"
return 1
fi
for script in /etc/layer3.d/*; do
@ -24,7 +23,7 @@ execute_subshell() {
if [ $? -ne 0 ]; then
echo
echo "Error when executing" "$1" "from" "$(basename "$script")"
return 1
exit 1
fi
done
}
@ -33,33 +32,29 @@ configure() {
echo "This script might remove existing vlans, interfaces, addresses, etc."
read -r -p "Do you really want to continue? (y/n) " response
if ! ( [ "$response" == "y" ] || [ "$response" == "Y" ] ); then
return 1
exit 1
fi
echo
execute_subshell configure || return $?
execute_subshell configure
return 0
exit 0
}
reload_services() {
execute_subshell reload
reload_config
return 0
}
apply_changes() {
execute_subshell apply
reload_services
return 0
exit 0
}
revert_changes() {
execute_subshell revert
return 0
exit 0
}
keep_changes() {

31
src/packages/fff/fff-layer3-snat/Makefile
View File

@ -1,31 +0,0 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-layer3-snat
PKG_RELEASE:=$(COMMITCOUNT)
include $(INCLUDE_DIR)/package.mk
define Package/fff-layer3-snat
SECTION:=base
CATEGORY:=Freifunk
TITLE:=Freifunk-Franken layer3 configuration with SNAT
URL:=https://www.freifunk-franken.de
DEPENDS:= \
+fff-firewall \
+fff-layer3-config \
+kmod-ipt-nat
endef
define Package/fff-layer3-snat/description
With this package it is possible to make SNAT with IPv4 on the router
endef
define Build/Compile
# nothing
endef
define Package/fff-layer3-snat/install
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,fff-layer3-snat))

34
src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf
View File

@ -1,34 +0,0 @@
configure() {
# first we delete the snat config
uci -q del network.client.fff_snat
uci -q del network.client.fff_snat_sourceip
if [ "$(uci -q get gateway.@client[0].snat)" = '1' ]; then
# first check the config is plausible
if ! routerip=$(uci -q get gateway.meta.router_ip); then
echo "ERROR: No router_ip set, which is required for SNAT!"
return 1
fi
if ! uci -q get gateway.@client[0].ipaddr >/dev/null; then
echo "ERROR: No ipaddr set, which is required for SNAT!"
return 1
fi
# keep only the first IP
routerip=${routerip%% *}
# keep only the IP without the CIDR
routerip=${routerip%%/*}
# We set the snat config
uci set network.client.fff_snat=1
uci set network.client.fff_snat_sourceip=$routerip
fi
}
apply() {
uci commit network
}
revert() {
uci revert network
}

4
src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat
View File

@ -1,4 +0,0 @@
if [ "$(uci -q get network.client.fff_snat)" = '1' ]; then
iptables -t mangle -A PREROUTING -i br-client -j MARK --set-mark 0x736e6174
iptables -t nat -A POSTROUTING -m mark --mark 0x736e6174 -j SNAT --to-source $(uci -q get network.client.fff_snat_sourceip)
fi

6
src/packages/fff/fff-layer3/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-layer3
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=8
include $(INCLUDE_DIR)/package.mk
@ -11,13 +11,10 @@ define Package/fff-layer3
TITLE:=Freifunk-Franken gateway configuration
URL:=https://www.freifunk-franken.de
DEPENDS:=+fff-alfred-monitoring-proxy \
+fff-babel \
+fff-babeld \
+fff-babel-bird2 \
+fff-boardname \
+fff-dhcp \
+fff-layer3-config \
+fff-layer3-snat \
+fff-mqtt-monitoring \
+fff-network \
+fff-ra \
@ -39,7 +36,6 @@ define Package/fff-layer3
+iptables-mod-ipopt \
+iptables-mod-conntrack-extra \
+mtr \
+snmp-utils \
+tc \
+tcpdump \
+vxlan

19
src/packages/fff/fff-layer3/files/usr/lib/nodewatcher.d/90-latency.sh
View File

@ -1,19 +0,0 @@
#!/bin/sh
ipv4dest=$(uci -q get fff.latency.ipv4)
ipv6dest=$(uci -q get fff.latency.ipv6)
if [ -n "$ipv4dest" ] || [ -n "$ipv6dest" ] ; then
printf "<latency>"
if [ -n "$ipv4dest" ] ; then
ipv4latency=$(ping -qc3 -4 $ipv4dest 2>&1 | awk -F'/' 'END{ print (/^round-trip/? $4:"0") }')
printf "<ipv4latency>$ipv4latency</ipv4latency><ipv4dest>$ipv4dest</ipv4dest>"
fi
if [ -n "$ipv6dest" ] ; then
ipv6latency=$(ping -qc3 -6 $ipv6dest 2>&1 | awk -F'/' 'END{ print (/^round-trip/? $4:"0") }')
printf "<ipv6latency>$ipv6latency</ipv6latency><ipv6dest>$ipv6dest</ipv6dest>"
fi
printf "</latency>"
fi
exit 0

2
src/packages/fff/fff-mqtt-monitoring/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-mqtt-monitoring
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/fff-mqtt-monitoring

7
src/packages/fff/fff-mqtt/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-mqtt
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/fff-mqtt
@ -14,8 +14,9 @@ define Package/fff-mqtt
URL:=https://www.freifunk-franken.de
DEPENDS:= \
+fff-config \
+libmosquitto-nossl \
+mosquitto-client-nossl
+libmosquitto-ssl \
+mosquitto-client-ssl \
+mosquitto-ssl
endef
define Package/fff-mqtt/description

2
src/packages/fff/fff-network/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-network
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=50
include $(INCLUDE_DIR)/package.mk

30
src/packages/fff/fff-network/files/etc/config/network Normal file
View File

@ -0,0 +1,30 @@
config globals 'globals'
option packet_steering '1'
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'client'
option type 'bridge'
option auto '1'
config interface 'wan'
option proto 'none'
option ifname 'eth2'
config interface 'wan4'
option proto 'dhcp'
option ifname '@wan'
config interface 'wan6'
option proto 'dhcpv6'
option reqprefix 'no'
option sourcefilter '0'
option ifname '@wan'
config interface 'ethmesh'
option proto 'batadv_hardif'
option master 'bat0'

12
src/packages/fff/fff-network/files/etc/uci-defaults/20-migrate-gl-ar150
View File

@ -1,12 +0,0 @@
# The GL-AR150 was converted from ONEPORT to TWOPORT.
# Copy ETHMODE to LAN1MODE ("LAN"-Port) and set LAN0MODE ("WAN"-Port) to WAN to retain the configured behaviour for upgraded devices.
if [ -s /etc/network.config ] ; then
. /etc/network.config
# Ensure ETHMODE contains a sensible value. Use default behaviour (CLIENT) otherwise.
[ "$ETHMODE" != "BATMAN" ] && [ "$ETHMODE" != "CLIENT" ] && [ "$ETHMODE" != "WAN" ] && ETHMODE="CLIENT"
echo "LAN0MODE='WAN' # use BATMAN, CLIENT or WAN" > /etc/network.config
echo "LAN1MODE='$ETHMODE' # use BATMAN, CLIENT or WAN" >> /etc/network.config
echo "FORCEPARSE='2' # Parse at: 0=first boot only, 1=every reboot, 2=next reboot (once)" >> /etc/network.config
fi

141
src/packages/fff/fff-network/files/etc/uci-defaults/22-network-base
View File

@ -1,141 +0,0 @@
#!/bin/sh
# SPDX-License-Identifier: GPL-3.0-or-later
. /lib/functions/system.sh
. /lib/functions/fff/network
BOARD="$(uci get board.model.name)"
. /etc/network.$BOARD
[ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label)
# Clear possibly existing network configuration
> /etc/config/network
# Add basic network configuration
uci batch <<-__EOF__
set network.loopback='interface'
set network.loopback.ifname='lo'
set network.loopback.proto='static'
set network.loopback.ipaddr='127.0.0.1'
set network.loopback.netmask='255.0.0.0'
set network.client='interface'
set network.client.type='bridge'
set network.client.auto='1'
set network.wan='interface'
set network.wan.proto='none'
set network.wan.ifname="$WANDEV"
set network.wan4='interface'
set network.wan4.proto='dhcp'
set network.wan4.ifname='@wan'
set network.wan6='interface'
set network.wan6.proto='dhcpv6'
set network.wan6.reqprefix='no'
set network.wan6.sourcefilter='0'
set network.wan6.ifname='@wan'
set network.ethmesh='interface'
set network.ethmesh.proto='batadv_hardif'
set network.ethmesh.master='bat0'
__EOF__
SWITCHHW=$(swconfig list | awk '{ print $4 }')
if [ "$DSA" = "1" ]; then
uci batch <<-__EOF__
set network.$SWITCHDEV=device
set network.$SWITCHDEV.name=$SWITCHDEV
set network.$SWITCHDEV.type=bridge
# temporary workaround for netifd bug present in OpenWrt 21.02.0 (FS#4104)
set network.$SWITCHDEV.bridge_empty='1'
set network.${SWITCHDEV}_1=bridge-vlan
set network.${SWITCHDEV}_1.device=$SWITCHDEV
set network.${SWITCHDEV}_1.vlan=1
set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
set network.${SWITCHDEV}_3=bridge-vlan
set network.${SWITCHDEV}_3.device=$SWITCHDEV
set network.${SWITCHDEV}_3.vlan=3
set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
__EOF__
if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then
uci batch <<-__EOF__
set network.${SWITCHDEV}_2=bridge-vlan
set network.${SWITCHDEV}_2.device=$SWITCHDEV
set network.${SWITCHDEV}_2.vlan=2
set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
__EOF__
fi
elif [ -n "$SWITCHHW" ] && [ -z "$ONE_PORT" ] && [ -z "$TWO_PORT" ]; then
uci batch <<-__EOF__
set network.$SWITCHDEV=switch
set network.$SWITCHDEV.name=$SWITCHHW
set network.$SWITCHDEV.enable=1
set network.$SWITCHDEV.reset=1
set network.$SWITCHDEV.enable_vlan=1
set network.${SWITCHDEV}_1=switch_vlan
set network.${SWITCHDEV}_1.device=$SWITCHHW
set network.${SWITCHDEV}_1.vlan=1
set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
set network.${SWITCHDEV}_3=switch_vlan
set network.${SWITCHDEV}_3.device=$SWITCHHW
set network.${SWITCHDEV}_3.vlan=3
set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
__EOF__
if [ "$WANDEV" = "$SWITCHDEV" ] || [ -n "$WAN_PORTS" ]; then
uci batch <<-__EOF__
set network.${SWITCHDEV}_2=switch_vlan
set network.${SWITCHDEV}_2.device=$SWITCHHW
set network.${SWITCHDEV}_2.vlan=2
set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
__EOF__
fi
fi
if [ -n "$SWITCHHW" ] || [ "$DSA" = "1" ]; then
uci set network.client.ifname="$SWITCHDEV.1 bat0"
uci set network.ethmesh.ifname="$SWITCHDEV.3"
if [ "$WANDEV" = "$SWITCHDEV" ]; then
uci set network.wan.ifname=$WANDEV.2
fi
fi
if [ -n "$ETHMESHMAC" ]; then
uci set network.ethmesh.macaddr=$ETHMESHMAC
fi
if [ -n "$ROUTERMAC" ]; then
uci set network.client.macaddr=$ROUTERMAC
fi
prefix="fdff::/64"
# Set $prefix::1 as IP
addr1=$(owipcalc "$prefix" add ::1)
# Set $prefix::MAC as IP
addr2=$(owipcalc "$prefix" add "::$(ipMacSuffix "$ROUTERMAC")")
# Set $prefix::EUI64 as IP
addr3=$(owipcalc "$prefix" add "::$(ipEUISuffix "$ROUTERMAC")")
uci batch <<-__EOF__
del network.globals
set network.globals=globals
set network.globals.ula_prefix=$prefix
add_list network.client.ip6addr=$addr1
add_list network.client.ip6addr=$addr2
add_list network.client.ip6addr=$addr3
set network.client.proto=static
__EOF__
uci -q commit network

10
src/packages/fff/fff-network/files/etc/uci-defaults/50-packet-steering
View File

@ -1,10 +0,0 @@
#!/bin/sh
# SPDX-License-Identifier: GPL-3.0-or-later
# Enable RPS
uci batch <<-__EOF__
set network.globals=globals
set network.globals.packet_steering='1'
__EOF__
uci -q commit network

1
src/packages/fff/fff-network/files/lib/functions/fff/cpuport
View File

@ -24,7 +24,6 @@ get_cpu_port() {
ubnt,nanostation-loco-m-xw|\
ubnt,unifi|\
ubnt,unifiac-mesh|\
x86_64|\
xiaomi,mi-router-4a-gigabit)
CPUPORT=""
;;

146
src/packages/fff/fff-network/files/usr/sbin/configurenetwork
View File

@ -6,12 +6,13 @@
BOARD="$(uci get board.model.name)"
. /etc/network.$BOARD
[ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label)
if [ -s /etc/network.config ] ; then
. /etc/network.config
else
# Write network.config
if [ "$ONE_PORT" = "YES" ] ; then
if [ "$ONE_PORT" = "YES" ] || [ -n "$ETHPORT" ] ; then
echo "ETHMODE='$ETHMODE' # use BATMAN, CLIENT or WAN" >> /etc/network.config
fi
if [ -n "$TWO_PORT" ] ; then
@ -104,6 +105,109 @@ elif [ "$TWO_PORT" = "YES" ]; then
uci commit network
fi
else
if ! uci -q get network.$SWITCHDEV > /dev/null ; then
if [ "$DSA" = "1" ]; then
uci set network.$SWITCHDEV=device
uci set network.$SWITCHDEV.name=$SWITCHDEV
uci set network.$SWITCHDEV.type=bridge
# temporary workaround for netifd bug present in OpenWrt 21.02.0 (FS#4104)
uci set network.$SWITCHDEV.bridge_empty='1'
uci set network.${SWITCHDEV}_1=bridge-vlan
uci set network.${SWITCHDEV}_1.device=$SWITCHDEV
uci set network.${SWITCHDEV}_1.vlan=1
uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then
uci set network.${SWITCHDEV}_2=bridge-vlan
uci set network.${SWITCHDEV}_2.device=$SWITCHDEV
uci set network.${SWITCHDEV}_2.vlan=2
uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
fi
uci set network.${SWITCHDEV}_3=bridge-vlan
uci set network.${SWITCHDEV}_3.device=$SWITCHDEV
uci set network.${SWITCHDEV}_3.vlan=3
uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
else
SWITCHHW=$(swconfig list | awk '{ print $4 }')
uci set network.$SWITCHDEV=switch
uci set network.$SWITCHDEV.name=$SWITCHHW
uci set network.$SWITCHDEV.enable=1
uci set network.$SWITCHDEV.reset=1
uci set network.$SWITCHDEV.enable_vlan=1
uci set network.${SWITCHDEV}_1=switch_vlan
uci set network.${SWITCHDEV}_1.device=$SWITCHHW
uci set network.${SWITCHDEV}_1.vlan=1
uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
if [ "$WANDEV" = "$SWITCHDEV" ] || [ -n "$WAN_PORTS" ]; then
uci set network.${SWITCHDEV}_2=switch_vlan
uci set network.${SWITCHDEV}_2.device=$SWITCHHW
uci set network.${SWITCHDEV}_2.vlan=2
uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
fi
uci set network.${SWITCHDEV}_3=switch_vlan
uci set network.${SWITCHDEV}_3.device=$SWITCHHW
uci set network.${SWITCHDEV}_3.vlan=3
uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
fi
uci set network.client.ifname="$SWITCHDEV.1 bat0"
uci set network.ethmesh.ifname="$SWITCHDEV.3"
if [ "$WANDEV" = "$SWITCHDEV" ]; then
uci set network.wan.ifname=$WANDEV.2
else
uci set network.wan.ifname=$WANDEV
fi
uci commit network
fi
fi
/etc/init.d/network restart
if [ -n "$ETHMESHMAC" ]; then
if uci get network.ethmesh.macaddr
then
echo "MAC for ethmesh is set already"
else
echo "Fixing MAC on $SWITCHDEV.3 (ethmesh)"
sleep 10
uci set network.ethmesh.macaddr=$ETHMESHMAC
uci commit network
ifconfig $SWITCHDEV.3 down
ifconfig $SWITCHDEV.3 hw ether $ETHMESHMAC
ifconfig $SWITCHDEV.3 up
/etc/init.d/network restart
fi
fi
if [ -n "$ROUTERMAC" ]; then
if uci get network.client.macaddr
then
echo "MAC for client is set already"
else
echo "Fixing MAC on br-client"
sleep 10
uci set network.client.macaddr=$ROUTERMAC
uci commit network
ifconfig br-client down
ifconfig br-client hw ether $ROUTERMAC
ifconfig br-client up
/etc/init.d/network restart
fi
fi
if [ -n "$ETH0MAC" ]; then
@ -112,6 +216,44 @@ if [ -n "$ETH0MAC" ]; then
NEW_MACADDR=$(cat "/sys/class/net/${ETH0MAC}/address")
uci set network.$ETH0DEV.macaddr=$NEW_MACADDR
uci commit network
ifconfig $ETH0DEV down
ifconfig $ETH0DEV hw ether $NEW_MACADDR
ifconfig $ETH0DEV up
/etc/init.d/network restart
fi
reload_config
if uci -q get "network.client.ip6addr" > /dev/null
then
echo "IPv6 for client is set already"
else
echo "Setting IPv6 addresses"
# Some time needed :(
sleep 5
for ip in $(ip -6 addr show br-client | awk '/fdff/{ print $2 }'); do
ip -6 addr del $ip dev br-client
done
prefix="fdff::/64"
# Set $prefix::MAC as IP
addr=$(owipcalc "$prefix" add "::$(ipMacSuffix "$ROUTERMAC")")
ip -6 addr add $addr dev br-client
uci -q set network.globals.ula_prefix=$prefix
uci -q add_list network.client.ip6addr=$addr
uci -q set network.client.proto=static
# Set $prefix::1 as IP
addr=$(owipcalc "$prefix" add ::1)
ip -6 addr add $addr dev br-client
uci -q add_list network.client.ip6addr=$addr
# Set $prefix::link-local as IP
addr=$(owipcalc "$prefix" add "::$(ipEUISuffix "$ROUTERMAC")")
ip -6 addr add $addr dev br-client
uci -q add_list network.client.ip6addr=$addr
uci -q commit network
[ -s /etc/init.d/fff-uradvd ] && /etc/init.d/fff-uradvd restart
fi

6
src/packages/fff/fff-network/mips/network.glinet,gl-ar150
View File

@ -2,8 +2,12 @@
WANDEV=eth1
SWITCHDEV=eth0
TWO_PORT=YES
WAN_PORTS=
BATMAN_PORTS="0t"
CLIENT_PORTS="0t"
ETHMESHMAC="$(macFlipLocalBit $(cat /sys/class/net/eth0/address))"
. /etc/network.mode
ETHPORT=1

1
src/packages/fff/fff-network/x86_64/network.mode
View File

@ -1 +0,0 @@
ETHMODE="CLIENT"

7
src/packages/fff/fff-network/x86_64/network.x86_64
View File

@ -1,7 +0,0 @@
WANDEV=eth0
SWITCHDEV=eth0
ONE_PORT="YES"
. /etc/network.mode
ROUTERMAC=$(cat /sys/class/net/eth0/address)

3
src/packages/fff/fff-node/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-node
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=3
include $(INCLUDE_DIR)/package.mk
@ -12,7 +12,6 @@ define Package/fff-node
URL:=https://www.freifunk-franken.de
DEPENDS:=+fff-batman-adv \
+fff-fastd \
+fff-vxlan-node-vpn \
+fff-firewall \
+fff-hoods \
+fff-uradvd

9
src/packages/fff/fff-nodewatcher/files/usr/lib/nodewatcher.d/10-systemdata.sh
View File

@ -74,12 +74,8 @@ if [ -x /usr/bin/fastd ]; then
SYSTEM_DATA="$SYSTEM_DATA<fastd_version>$(/usr/bin/fastd -v | awk '{ print $2 }')</fastd_version>"
fi
if [ -e /lib/functions/fff/babel ]; then
. /lib/functions/fff/babel
babel_version=$(babel_get_version)
if [ $? -eq 0 ]; then
SYSTEM_DATA="$SYSTEM_DATA<babel_version>$babel_version</babel_version>"
fi
if [ -x /usr/sbin/babeld ]; then
SYSTEM_DATA="$SYSTEM_DATA<babel_version>$(/usr/sbin/babeld -V 2>&1)</babel_version>"
fi
# example for /etc/openwrt_release:
@ -116,7 +112,6 @@ fi
# Checks if fastd is running
vpn_active=0
pidof fastd >/dev/null && vpn_active=1
bridge fdb show brport vxlan0 state permanent &>/dev/null && vpn_active=1
SYSTEM_DATA="$SYSTEM_DATA<vpn_active>$vpn_active</vpn_active>"
echo -n "<system_data>$SYSTEM_DATA</system_data>"

2
src/packages/fff/fff-ra/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-ra
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=3
include $(INCLUDE_DIR)/package.mk

7
src/packages/fff/fff-ra/files/etc/uci-defaults/90-fff-ra
View File

@ -4,13 +4,6 @@ uci batch <<EOF
set dhcp.client.ra='server'
set dhcp.client.ra_default='2'
set dhcp.client.ra_management='0'
set dhcp.client.ra_useleasetime='1'
# Work around unexpected behavior of odhcpd (see #238).
#
# This value has to be less then or equal to
# dhcp.client.leasetime (set in fff-dhcp).
set dhcp.client.preferred_lifetime='1h'
EOF
exit 0

2
src/packages/fff/fff-random/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-random
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=3
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-simple-tc/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-simple-tc
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=2
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-support/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-support
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=9
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-support/files/usr/sbin/show_info
View File

@ -221,7 +221,7 @@ if swconfig list | grep -q switch0 ; then
done
else
echo "-> PORT ASSIGNMENT"
if grep -q "ONE_PORT" "/etc/network.$board_name" ; then
if grep -q "ONE_PORT" "/etc/network.$board_name" || grep -q "ETHPORT" "/etc/network.$board_name" ; then
# Device has a port set by $ETHMODE
. /etc/network.mode
. /etc/network.config

2
src/packages/fff/fff-sysupgrade/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-sysupgrade
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=13
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-timeserver/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-timeserver
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=3
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-uradvd/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-uradvd
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=2
include $(INCLUDE_DIR)/package.mk

8
src/packages/fff/fff-uradvd/files/etc/init.d/fff-uradvd
View File

@ -11,16 +11,10 @@ URADVD_BIN=/usr/sbin/uradvd
service_triggers()
{
procd_add_reload_trigger "fff-uradvd" "network"
procd_add_reload_trigger "fff-uradvd"
}
start_service() {
procd_open_instance
procd_set_param command "$URADVD_BIN" -i br-client -p $(uci get network.globals.ula_prefix)
}
reload_service()
{
stop
start
}

2
src/packages/fff/fff-vpn-select/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-vpn-select
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=5
include $(INCLUDE_DIR)/package.mk

86
src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
View File

@ -1,47 +1,65 @@
#!/bin/sh
# Usage: vpn-select <path-to-hood-file>
# To add a new protocol, put a file with three functions to /usr/lib/vpn-select.d/ .
# The file must start with protocol=name. It is most important to use the same name here and in hoodfile.
# The old config can be cleared in function ${protocol}_clear(). It is called first once per installed protocol.
# The function ${protocol}_addpeer() is called for every selected peer in hoodfile.
# The function ${protocol}_start_stop() is called at the end once per installed protocol.
. /usr/share/libubox/jshn.sh
hoodfile="$1"
# source functions
for file in /usr/lib/vpn-select.d/*; do
[ -f $file ] && . "$file"
supported_protocols="$supported_protocols $protocol"
done
make_config() {
# remove old config
rm /tmp/fastd_fff_peers/*
# clear old config
for protocol in $supported_protocols; do
"${protocol}_clear"
done
# prepare
Index=1
json_load "$(cat "$hoodfile")"
json_select vpn
# configure vpn
# get fastd peers
while json_select "$Index" > /dev/null
do
json_get_var protocol protocol
if [ "$protocol" = "fastd" ]; then
# set up fastd
json_get_var servername name
filename="/etc/fastd/fff/peers/$servername"
echo "#name \"${servername}\";" > "$filename"
json_get_var key key
echo "key \"${key}\";" >> "$filename"
json_get_var address address
json_get_var port port
echo "remote \"${address}\" port ${port};" >> "$filename"
echo "" >> "$filename"
echo "float yes;" >> "$filename"
fi
json_select ".." # back to vpn
Index=$(( Index + 1 ))
done
json_select ".." # back to root
}
if [ "$0" != "/usr/sbin/vpn-stop" ] ; then
if [ -n "$hoodfile" ] && [ -s "$hoodfile" ] ; then
json_load "$(cat "$hoodfile")"
json_select hood
json_get_var id id
json_select ".."
json_select vpn
json_get_keys vpn_keys
for key in $vpn_keys; do
json_select $key
json_get_var protocol protocol
"${protocol}_addpeer"
json_select ".." # back to vpn
done
# Only do something if file is there and not empty; otherwise exit 1
if [ -s "$hoodfile" ]; then
if [ ! -d /tmp/fastd_fff_peers ]; then
# first run after reboot
mkdir /tmp/fastd_fff_peers
make_config
# start fastd only if there are some peers
[ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
else
make_config
/etc/init.d/fastd reload
# fastd start/stop for various situations
pidfile="/tmp/run/fastd.fff.pid"
if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
else
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
fi
fi
exit 0
else
echo "vpn-select: Hood file not found or empty!"
exit 1
fi
# start/restart/stop vpnservices
for protocol in $supported_protocols; do
"${protocol}_start_stop"
done

1
src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop
View File

@ -1 +0,0 @@
vpn-select

5
src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop Executable file
View File

@ -0,0 +1,5 @@
#!/bin/sh
rm /tmp/fastd_fff_peers/*
/etc/init.d/fastd stop

29
src/packages/fff/fff-vxlan-node-vpn/Makefile
View File

@ -1,29 +0,0 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-vxlan-node-vpn
PKG_RELEASE:=$(COMMITCOUNT)
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=base
CATEGORY:=Freifunk
TITLE:=Freifunk-Franken vxlan-node
URL:=http://www.freifunk-franken.de
DEPENDS:=+vxlan
endef
define Package/$(PKG_NAME)/description
This is the vxlan-node-vpn package for the Freifunk Franken Firmware
This will configure and set up the VPN via vxlan
endef
define Build/Compile
# nothing
endef
define Package/$(PKG_NAME)/install
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

18
src/packages/fff/fff-vxlan-node-vpn/files/etc/uci-defaults/53-vxlan-node
View File

@ -1,18 +0,0 @@
uci batch <<EOF
set network.vxlan0=interface
set network.vxlan0.proto=vxlan6
set network.vxlan0.port=8472
set network.vxlan0.ip6addr=auto
set network.vxlan0.srcportmin=8472
set network.vxlan0.srcportmax=8473
set network.vxlan0.ageing=30
set network.vxlan0.mtu=1422
set network.vxlan0.vid=0
set network.vxlan0.disabled=1
set network.vxbat=interface
set network.vxbat.proto=batadv_hardif
set network.vxbat.master=bat0
set network.vxbat.ifname=vxlan0
set network.vxbat.disabled=1
EOF

24
src/packages/fff/fff-vxlan-node-vpn/files/usr/lib/vpn-select.d/vxlan
View File

@ -1,24 +0,0 @@
protocol=vxlan
vxlan_clear() {
while uci -q delete network.@vxlan_peer[0]; do :; done
uci set network.vxlan0.vid="0"
uci set network.vxlan0.disabled="1"
uci set network.vxbat.disabled="1"
}
vxlan_addpeer() {
json_get_var address address
address=$(ping6 -w1 -c1 "$address" | awk '/from/ {print substr($4, 1, length($4)-1); exit}')
[ -z $address ] && return ## address not reachable
uci set network.vxlan0.vid="$id"
uci set network.vxlan0.disabled="0"
uci set network.vxbat.disabled="0"
uci add network vxlan_peer
uci set network.@vxlan_peer[-1].vxlan="vxlan0"
uci set network.@vxlan_peer[-1].dst="$address"
}
vxlan_start_stop() {
reload_config
}

2
src/packages/fff/fff-web-hood/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-web-hood
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=2
include $(INCLUDE_DIR)/package.mk

2
src/packages/fff/fff-web-mqtt/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-web-mqtt
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)

2
src/packages/fff/fff-web-ui/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-web-ui
PKG_RELEASE:=$(shell echo -n $$(( $(COMMITCOUNT) + 20 )))
PKG_RELEASE:=18
include $(INCLUDE_DIR)/package.mk

13
src/packages/fff/fff-web-ui/files/www/include/header
View File

@ -65,12 +65,9 @@ fi
if [ -s /tmp/isupdate ] ; then
VERSION=$(cat /tmp/isupdate)
%>
<div id="updatenotification" style="padding: 15px; margin: 4px; background-color: #cfcfcf; margin-bottom: 15px;">
<h3 style="font-size: 14pt; font-weight: bold; margin-bottom: 10px;">Es ist eine neue Firmware für deinen Freifunkrouter verfügbar!</h3>
<table style="margin-bottom: 10px;">
<tr><td>Installierte Version: </td><td><b><%= ${FIRMWARE_VERSION} %></b></td></tr>
<tr><td>Neue Version: </td><td><b><%= ${VERSION} %></b></td></tr>
</table>
<a href="https://dev.freifunk-franken.de" target="_blank">Zum Download</a> | <a href="upgrade.html">Zur Upgradeseite</a>
</div>
<table style="width: 100%;">
<tr>
<td><span style="font-size: 16pt; color:#FF0000">Es ist eine neue Firmware für deinen Freifunkrouter verfügbar.<br />Alte Version: <%= ${FIRMWARE_VERSION} %> - Neue Version: <%= ${VERSION} %> <br /><a href="upgrade.html">Firmware jetzt updaten</a></span></td>
</tr>
</table>
<% fi %>

4
src/packages/fff/fff-web-ui/files/www/public/cgi-bin/status.html
View File

@ -61,8 +61,8 @@ contact="$(uci -q get "fff.system.contact")"
<legend>Status</legend>
<table>
<tr><th>Hood:</th><td><% echo "$hood" %></td></tr>
<tr><th>Bekannte Knoten:</th><td><% echo -n $(($(batctl tg -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l)+1)) %></td></tr>
<tr><th>Nachbarknoten:</th><td><% echo -n $(batctl o -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l) %></td></tr>
<tr><th>Bekannte Knoten:</th><td><% echo -n $(($(batctl tg -H | cut -b 40-56 | sort | uniq | wc -l 2> /dev/null)+1)) %></td></tr>
<tr><th>Nachbarknoten:</th><td><% echo -n $(batctl o -H | cut -b 40-56 | sort | uniq | wc -l 2> /dev/null) %></td></tr>
<tr><th>Lokale Clients:</th><td><% echo -n $(batctl tl -H 2> /dev/null | grep -c 'W') %></td></tr>
</table>
</fieldset>

4
src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/home.html
View File

@ -59,8 +59,8 @@ fi
<tr><th>Name:</th><td><%= ${HOSTNAME} %></td></tr>
<tr><th>Modell:</th><td><% cat /tmp/sysinfo/model 2>/dev/null %></td></tr>
<tr><th>MAC-Adresse:</th><td><%= $(cat /sys/class/net/br-client/address) %></td></tr>
<tr><th>Bekannte Knoten:</th><td><%= $(($(batctl tg -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l)+1)) %></td></tr>
<tr><th>Nachbarknoten:</th><td><%= $(batctl o -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l) %></td></tr>
<tr><th>Bekannte Knoten:</th><td><%= $(($(batctl tg -H | cut -b 40-56 | sort | uniq | wc -l 2>/dev/null)+1)) %></td></tr>
<tr><th>Nachbarknoten:</th><td><%= $(batctl o -H | cut -b 40-56 | sort | uniq | wc -l 2>/dev/null) %></td></tr>
<tr><th>VPN via fastd:</th><td><%= ${vpn_active} %></td></tr>
<tr><th>fastd public key:</th><td><%= ${fastd_pub} %></td></tr>
<tr><th>Laufzeit:</th><td><%= ${uptime} %></td></tr>

18
src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/ports.html
View File

@ -9,8 +9,8 @@ if [ "$REQUEST_METHOD" = "POST" ] ; then
echo "ETHMODE=\"${POST_mode}\" # set via WebUI" >> /etc/network.config
sed -i '/^FORCEPARSE/d' /etc/network.config
echo "FORCEPARSE='2'" >> /etc/network.config
do_reconfigure=1
MSG='<span class="green">Port Modus wird ge&auml;ndert!</span>'
do_reboot=1
MSG='<span class="green">Port Modus ge&auml;ndert! Router startet neu...</span>'
fi
if [ "$POST_change_twoport" != "" ] ; then
sed -i '/^.*# set via WebUI/d' /etc/network.config
@ -18,8 +18,8 @@ if [ "$REQUEST_METHOD" = "POST" ] ; then
echo "LAN1MODE=\"${POST_mode1}\" # set via WebUI" >> /etc/network.config
sed -i '/^FORCEPARSE/d' /etc/network.config
echo "FORCEPARSE='2'" >> /etc/network.config
do_reconfigure=1
MSG='<span class="green">Port Modus wird ge&auml;ndert!</span>'
do_reboot=1
MSG='<span class="green">Port Modus ge&auml;ndert! Router startet neu...</span>'
fi
fi
@ -151,7 +151,7 @@ format_port() {
</fieldset>
</td></tr>
<% fi %>
<% if grep -q "ONE_PORT" "/etc/network.$board_name" ; then %>
<% if grep -q "ONE_PORT" "/etc/network.$board_name" || grep -q "ETHPORT" "/etc/network.$board_name" ; then %>
<%
# Device has a port set by $ETHMODE
. /etc/network.mode
@ -182,12 +182,13 @@ format_port() {
Wenn diese Einstellung ver&auml;ndert wird, wird eine evtl. vorhandene manuelle Netzwerkkonfiguration in der
<tt>/etc/config/network</tt> &uuml;berschrieben.<br />
Anschlie&szlig;end wird der Router neugestartet.
</td></tr>
</table>
</fieldset>
</td></tr>
<% fi %>
<% if grep -q "TWO_PORT" "/etc/network.$board_name" ; then %>
<% if grep -q "LAN0PORT" "/etc/network.$board_name" || grep -q "LAN1PORT" "/etc/network.$board_name" ; then %>
<%
# Device has two ports
. /etc/network.mode
@ -227,6 +228,7 @@ format_port() {
Wenn diese Einstellung ver&auml;ndert wird, wird eine evtl. vorhandene manuelle Netzwerkkonfiguration in der
<tt>/etc/config/network</tt> &uuml;berschrieben.<br />
Anschlie&szlig;end wird der Router neugestartet.
</td></tr>
</table>
</fieldset>
@ -237,7 +239,7 @@ format_port() {
<%in /www/include/footer %>
<%
# write
if [ "$do_reconfigure" = "1" ] ; then
configurenetwork
if [ "$do_reboot" = "1" ] ; then
reboot
fi
%>

2
src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/settings.html
View File

@ -61,7 +61,7 @@ if [ "$REQUEST_METHOD" = "POST" ] ; then
uci -q commit
MSG='<span class="green">Daten gespeichert!</span>'
MSG='<span class="green">Daten gespeichert! - Bitte Router neustarten.</span>'
fi
fi
%>

BIN
src/packages/fff/fff-web-ui/files/www/ssl/leaflet.css.gz
View File

Binary file not shown.

BIN
src/packages/fff/fff-web-ui/files/www/ssl/leaflet.js.gz
View File

Binary file not shown.

4
src/packages/fff/fff-wireguard/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-wireguard
PKG_RELEASE:=$(COMMITCOUNT)
PKG_RELEASE:=8
include $(INCLUDE_DIR)/package.mk
@ -14,7 +14,7 @@ define Package/fff-wireguard
+kmod-wireguard \
+owipcalc \
+wireguard-tools \
+fff-babel \
+fff-babeld \
+fff-network
endef

12
src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard
View File

@ -31,7 +31,7 @@ configure() {
fi
}
config_load network
config_load babeld
config_foreach remove_wgpeer interface
@ -128,7 +128,7 @@ configure() {
babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }
# add babel interface
babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babel interface for wgpeer $name"; exit 1; }
babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babeld interface for wgpeer $name"; exit 1; }
}
config_load gateway
@ -137,16 +137,12 @@ configure() {
apply() {
uci commit network
uci commit babeld
uci commit gateway
babel_apply
}
reload() {
babel_reload
}
revert() {
uci revert network
uci revert babeld
uci revert gateway
babel_revert
}

Some files were not shown because too many files have changed in this diff Show More