diff --git a/root_file_system/dir300b/etc/banner b/root_file_system/dir300b/etc/banner new file mode 100644 index 00000000..f0114d44 --- /dev/null +++ b/root_file_system/dir300b/etc/banner @@ -0,0 +1,9 @@ + ____ ____ _______ + | | | | | Freifunk + |____ |____ | _ | | Oldenburg + | | | | | Firmware + | | |_______| |_____________ + + Welcome to the free wireless experience + For more information take a look at http://freifunk-ol.de + --------------------------------------------------------- diff --git a/root_file_system/dir300b/etc/bat-hosts b/root_file_system/dir300b/etc/bat-hosts new file mode 100644 index 00000000..cdd3e37c --- /dev/null +++ b/root_file_system/dir300b/etc/bat-hosts @@ -0,0 +1,20 @@ +06:21:91:2c:f3:09 Batman_TimWZ +00:21:91:2c:f3:09 Node_TimWZ +06:1e:58:c7:07:e5 Batman_TimKU +00:1e:58:c7:07:e5 Node_TimKU +06:22:b0:98:70:df Batman_FreWZ +00:22:b0:98:70:df Node_FreWZ +06:1e:58:b9:d4:39 Batman_FreKU +00:1e:58:b9:d4:39 Node_FreKU +06:18:84:80:83:8d Batman_BjoFON +00:18:84:80:83:8d Node_BjoFON +06:22:B0:96:7C:D7 Batman_BjoDIR +00:22:B0:96:7C:D7 Node_BjoDIR +06:18:84:81:73:21 Batman_BjoBalk +00:18:84:81:73:21 Node_BjoBalk +0A:24:01:17:B7:55 Batman_floh1111_dir300 +00:24:01:17:B7:55 Node_floh1111_dir300 +00:13:e8:ab:47:49 Client_RedLap +1c:4b:d6:b8:17:dc Client_Freddy +00:16:6F:47:51:AA Client_floh1111 +00:80:48:3b:ab:0e Client_Bjo diff --git a/root_file_system/dir300b/etc/config/batman-adv b/root_file_system/dir300b/etc/config/batman-adv new file mode 100644 index 00000000..7e1c13a9 --- /dev/null +++ b/root_file_system/dir300b/etc/config/batman-adv @@ -0,0 +1,8 @@ +config 'mesh' 'bat0' + option 'interfaces' 'ath1' + option 'orig_interval' + option 'log_level' + option 'aggregated_ogms' + option 'bonding' + option 'fragmentation' + option 'vis_mode' diff --git a/root_file_system/dir300b/etc/config/dhcp b/root_file_system/dir300b/etc/config/dhcp new file mode 100644 index 00000000..c79458fb --- /dev/null +++ b/root_file_system/dir300b/etc/config/dhcp @@ -0,0 +1,30 @@ +config dnsmasq + option domainneeded 1 + option boguspriv 1 + option filterwin2k 0 # enable for dial on demand + option localise_queries 1 + option rebind_protection 1 # disable if upstream must serve RFC1918 addresses + option rebind_localhost 0 # enable for RBL checking and similar services + #list rebind_domain example.lan # whitelist RFC1918 responses for domains + option local '/lan/' + option domain 'lan' + option expandhosts 1 + option nonegcache 0 + option authoritative 1 + option readethers 1 + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + #list server '/mycompany.local/1.2.3.4' + #option nonwildcard 1 + #list interface br-lan + #list notinterface lo + +config dhcp lan + option interface lan + option start 100 + option limit 150 + option leasetime 12h + +config dhcp wan + option interface wan + option ignore 1 diff --git a/root_file_system/dir300b/etc/config/dropbear b/root_file_system/dir300b/etc/config/dropbear new file mode 100644 index 00000000..279a45a9 --- /dev/null +++ b/root_file_system/dir300b/etc/config/dropbear @@ -0,0 +1,4 @@ +config dropbear + option PasswordAuth 'on' + option Port '22' +# option BannerFile '/etc/banner' diff --git a/root_file_system/dir300b/etc/config/firewall b/root_file_system/dir300b/etc/config/firewall new file mode 100644 index 00000000..b4aa4595 --- /dev/null +++ b/root_file_system/dir300b/etc/config/firewall @@ -0,0 +1,96 @@ +config defaults + option syn_flood 1 + option input ACCEPT + option output ACCEPT + option forward REJECT + +config zone + option name lan + option input ACCEPT + option output ACCEPT + option forward REJECT + +config zone + option name wan + option input REJECT + option output ACCEPT + option forward REJECT + option masq 1 + option mtu_fix 1 + +config forwarding + option src lan + option dest wan + +# We need to accept udp packets on port 68, +# see https://dev.openwrt.org/ticket/4108 +config rule + option src wan + option proto udp + option dest_port 68 + option target ACCEPT + +#Allow ping +config rule + option src wan + option proto icmp + option icmp_type echo-request + option target ACCEPT + +# include a file with users custom iptables rules +config include + option path /etc/firewall.user + + +### EXAMPLE CONFIG SECTIONS +# do not allow a specific ip to access wan +#config rule +# option src lan +# option src_ip 192.168.45.2 +# option dest wan +# option proto tcp +# option target REJECT + +# block a specific mac on wan +#config rule +# option dest wan +# option src_mac 00:11:22:33:44:66 +# option target REJECT + +# block incoming ICMP traffic on a zone +#config rule +# option src lan +# option proto ICMP +# option target DROP + +# port redirect port coming in on wan to lan +#config redirect +# option src wan +# option src_dport 80 +# option dest lan +# option dest_ip 192.168.16.235 +# option dest_port 80 +# option proto tcp + + +### FULL CONFIG SECTIONS +#config rule +# option src lan +# option src_ip 192.168.45.2 +# option src_mac 00:11:22:33:44:55 +# option src_port 80 +# option dest wan +# option dest_ip 194.25.2.129 +# option dest_port 120 +# option proto tcp +# option target REJECT + +#config redirect +# option src lan +# option src_ip 192.168.45.2 +# option src_mac 00:11:22:33:44:55 +# option src_port 1024 +# option src_dport 80 +# option dest_ip 194.25.2.129 +# option dest_port 120 +# option proto tcp diff --git a/root_file_system/dir300b/etc/config/network b/root_file_system/dir300b/etc/config/network new file mode 100644 index 00000000..0e45e758 --- /dev/null +++ b/root_file_system/dir300b/etc/config/network @@ -0,0 +1,15 @@ +# Copyright (C) 2006 OpenWrt.org + +config interface loopback + option ifname lo + option proto static + option ipaddr 127.0.0.1 + option netmask 255.0.0.0 + +config interface lan + option ifname eth0 + option type bridge + option proto static + option ipaddr 192.168.1.1 + option netmask 255.255.255.0 + diff --git a/root_file_system/dir300b/etc/config/nodewatcher b/root_file_system/dir300b/etc/config/nodewatcher new file mode 100644 index 00000000..34c78b4b --- /dev/null +++ b/root_file_system/dir300b/etc/config/nodewatcher @@ -0,0 +1,20 @@ +config 'script' + option 'version' '15' + option 'error_level' '0' + option 'logfile' '/var/log/nodewatcher.log' + +config 'api' + option 'ipv4_address' '1' + option 'ipv6_interface' 'br-mesh' + option 'ipv6_address' 'fe80::201:2ff:fe03:405' + +config 'update' + option 'autoupdate' '1' + +config 'crawl' + option 'method' 'hash' + option 'nickname' '1' + option 'password' '1' + option 'router_id' '1' + option 'update_hash' '1' + option 'login_string' '1' \ No newline at end of file diff --git a/root_file_system/dir300b/etc/config/system b/root_file_system/dir300b/etc/config/system new file mode 100644 index 00000000..43ee7a5c --- /dev/null +++ b/root_file_system/dir300b/etc/config/system @@ -0,0 +1,3 @@ +config system + option hostname OpenWrt + option timezone "CET-1CEST,M3.5.0,M10.5.0/3" diff --git a/root_file_system/dir300b/etc/config/timeserver b/root_file_system/dir300b/etc/config/timeserver new file mode 100644 index 00000000..8a5d476e --- /dev/null +++ b/root_file_system/dir300b/etc/config/timeserver @@ -0,0 +1,2 @@ +config timeserver + option hostname time.fu-berlin.de diff --git a/root_file_system/dir300b/etc/crontabs/root b/root_file_system/dir300b/etc/crontabs/root new file mode 100644 index 00000000..db3f9f67 --- /dev/null +++ b/root_file_system/dir300b/etc/crontabs/root @@ -0,0 +1,14 @@ +*/5 * * * * killall klogd +*/5 * * * * killall syslogd +*/5 * * * * killall logger + +*/5 * * * * sh /etc/nodewatcher.sh +*/5 * * * * sh /etc/tincstart.sh + +15 01 * * * rdate -s time.fu-berlin.de > /dev/null + +*/5 * * * * killall -HUP dnsmasq +#* * * * * /usr/sbin/ff_olsr_test_gw +#*/5 * * * * /usr/sbin/ff_olsr_watchdog +#0 */4 * * * /usr/sbin/ff_rdate +#17 * * * * /usr/sbin/ff_mapupdate diff --git a/root_file_system/dir300b/etc/firewall.user b/root_file_system/dir300b/etc/firewall.user new file mode 100755 index 00000000..b1caa9b3 --- /dev/null +++ b/root_file_system/dir300b/etc/firewall.user @@ -0,0 +1,42 @@ +#!/bin/sh +#iptables -F +# +#iptables -P INPUT DROP +#iptables -P OUTPUT DROP +#iptables -P FORWARD DROP +# +#for proto in tcp udp +#do +# for port in 53 666 655 +# do +# iptables -A OUTPUT -p $proto --dport $port -j ACCEPT +# iptables -A OUTPUT -p $proto --sport $port -j ACCEPT +# iptables -A INPUT -p $proto --dport $port -j ACCEPT +# iptables -A INPUT -p $proto --sport $port -j ACCEPT +# done +#done +# +#iptables -A OUTPUT -p icmp -j ACCEPT +#iptables -A INPUT -p icmp -j ACCEPT +# +#iptables -A INPUT -p tcp --dport 22 -j ACCEPT +#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT +# +# +#iptables -A OUTPUT -p tcp --sport 1024: -j ACCEPT +#iptables -A OUTPUT -p udp --sport 1024: -j ACCEPT + +# mastersword.de +#iptables -A OUTPUT -p tcp -d 78.46.215.78 -j ACCEPT +#iptables -A INPUT -p tcp -s 78.46.215.78 -j ACCEPT + +# gw1.freifunk-ol.de +#iptables -A OUTPUT -p tcp -d 178.33.33.102 -j ACCEPT +#iptables -A INPUT -p tcp -s 178.33.33.102 -j ACCEPT + +# freifunk-ol.de +#iptables -A OUTPUT -p tcp -d 178.33.33.208 -j ACCEPT +#iptables -A INPUT -p tcp -s 178.33.33.208 -j ACCEPT + +#solves MTU problem with bad ISP´s +iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu \ No newline at end of file diff --git a/root_file_system/dir300b/etc/firmware_release b/root_file_system/dir300b/etc/firmware_release new file mode 100644 index 00000000..d172bd31 --- /dev/null +++ b/root_file_system/dir300b/etc/firmware_release @@ -0,0 +1,2 @@ +FIRMWARE_VERSION="0.1" +RELEASE_DATE="15.02.2010" \ No newline at end of file diff --git a/root_file_system/dir300b/etc/hostsupdate.sh b/root_file_system/dir300b/etc/hostsupdate.sh new file mode 100644 index 00000000..b146a1bb --- /dev/null +++ b/root_file_system/dir300b/etc/hostsupdate.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +wget -T15 http://$(cat /etc/config/nodewatcher | grep url | awk '{ print $3 }' | sed -e "s/\]'//g" -e "s/'\[//g")/api_nodewatcher.php?section=get_hostnames_and_mac -O - | grep -v -e "^..-..-" | sort -u > /etc/bat-hosts diff --git a/root_file_system/dir300b/etc/nodewatcher.sh b/root_file_system/dir300b/etc/nodewatcher.sh new file mode 100755 index 00000000..23fb549d --- /dev/null +++ b/root_file_system/dir300b/etc/nodewatcher.sh @@ -0,0 +1,556 @@ +#!/bin/sh +# +# NodeWatcher wrapper +# + +delete_log() { + if [ -f $logfile ]; then + if [ `ls -la $logfile | awk '{ print $5 }'` -gt "6000" ]; then + sed -i '1,60d' $logfile + if [ $error_level -gt "1" ]; then + echo "`date`: Logfile wurde verkleinert" >> $logfile + fi + fi + fi +} + +urlencode() { + arg="$1" + i=0 + while [ $i -lt ${#arg} ]; do + c=${arg:$i:1} + + if echo "$c" | grep -q '[a-zA-Z/:_\.\-]'; then + echo -n "$c" + else + echo -n "%" + printf "%X" "'$c'" + fi + i=$((i+1)) + done +} + +convert_space() { + arg="$1" + echo $1 | sed "s/ /%20/g" +} + +get_url() { + if [[ `uci get nodewatcher.@api[0].ipv4_address` != "1" ]]; then + url=`uci get nodewatcher.@api[0].ipv4_address` + else + url="[`uci get nodewatcher.@api[0].ipv6_address`"%"`uci get nodewatcher.@api[0].ipv6_interface`]" + fi + echo $url +} + +do_ping() { + if [[ `uci get nodewatcher.@api[0].ipv4_address` != "1" ]]; then + command="ping -c 2 "`uci get nodewatcher.@api[0].ipv4_address` + else + command="ping -c 2 -I "`uci get nodewatcher.@api[0].ipv6_interface`" "`uci get nodewatcher.@api[0].ipv6_address` + fi + + if [ $error_level -gt "1" ]; then + echo "`date`: Pinging..." >> $logfile + fi + + ping_return=`$command` + + if [ $error_level -gt "2" ]; then + echo $ping_return + fi +} + +update() { + if [ $error_level -gt "1" ]; then + echo "`date`: Suche neue Version" >> $logfile + fi + netmon_api=`get_url` + command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=version" + ergebnis=`$command` + return=`echo $ergebnis| cut '-d;' -f1` + version=`echo $ergebnis| cut '-d;' -f2` + + if [[ $return = "success" ]]; then + if [[ $version -gt `uci get nodewatcher.@script[0].version` ]]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Eine neue Version ist Verfügbar, script wird geupdated" >> $logfile + fi + wget -q -O $SCRIPT_DIR/nodewatcher.sh http://$netmon_api/api_nodewatcher.php?section=update + uci set nodewatcher.@script[0].version=$version + uci commit + else + if [ $error_level -gt "1" ]; then + echo "`date`: Das Script ist aktuell" >> $logfile + fi + fi + else + if [ $error_level -gt "0" ]; then + echo "`date`: Beim Update ist ein Fehler aufgetreten: $ergebnis" >> $logfile + fi + fi +} + +assign() { + netmon_api=`get_url` + hostname=`cat /proc/sys/kernel/hostname` + + #Choose right login String + login_strings="$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g');$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g')" + command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=test_login_strings&login_strings=$login_strings" + ergebnis=`$command` + if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then + router_auto_assign_login_string=`echo $ergebnis| cut '-d;' -f2` + if [ $error_level -gt "1" ]; then + echo "`date`: Es existiert ein Router mit dem Login String $router_auto_assign_login_string" >> $logfile + fi + elif [ `echo $ergebnis| cut '-d;' -f1` = "error" ]; then + router_auto_assign_login_string=`echo $login_strings| cut '-d;' -f1` + if [ $error_level -gt "1" ]; then + echo "`date`: Es existiert kein Router mit einem der Login Strings: $login_strings" >> $logfile + echo "`date`: Nutze $router_auto_assign_login_string als login string" >> $logfile + fi + fi + + #Try to assign Router with choosen login string + command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=router_auto_assign&router_auto_assign_login_string=$router_auto_assign_login_string&hostname=$hostname" + ergebnis=`$command` + if [ `echo $ergebnis| cut '-d;' -f1` != "success" ]; then + if [ `echo $ergebnis| cut '-d;' -f2` = "already_assigned" ]; then + if [ $error_level -gt "0" ]; then + echo "`date`: Der Login String `echo $ergebnis| cut '-d;' -f3` ist bereits mit einem Router verknüpft" >> $logfile + fi + elif [ `echo $ergebnis| cut '-d;' -f2` = "autoassign_not_allowed" ]; then + if [ $error_level -gt "0" ]; then + echo "`date`: Der dem Login String `echo $ergebnis| cut '-d;' -f3` zugewiesene Router erlaubt autoassign nicht" >> $logfile + fi + elif [ `echo $ergebnis| cut '-d;' -f2` = "new_not_assigned" ]; then + if [ $error_level -gt "0" ]; then + echo "`date`: Router wurde der Liste der nicht zugewiesenen Router hinzugefügt" >> $logfile + fi + elif [ `echo $ergebnis| cut '-d;' -f2` = "updated_not_assigned" ]; then + if [ $error_level -gt "0" ]; then + echo "`date`: Router auf der Liste der nicht zugewiesenen Router wurde geupdated" >> $logfile + fi + fi + if [ $error_level -gt "0" ]; then + echo "`date`: Der Router wurde nicht mit Netmon verknüpft" >> $logfile + fi + elif [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then + #write new config + uci set nodewatcher.@crawl[0].router_id=`echo $ergebnis| cut '-d;' -f2` + uci set nodewatcher.@crawl[0].update_hash=`echo $ergebnis| cut '-d;' -f3` + if [ $error_level -gt "1" ]; then + echo "`date`: Der Router wurde mit Netmon verknüpft" >> $logfile + fi + uci commit + + configure + + can_crawl=1 + fi +} + +configure() { + netmon_api=`get_url` + authentificationmethod=`uci get nodewatcher.@crawl[0].method` + router_id=`uci get nodewatcher.@crawl[0].router_id` + router_auto_update_hash=`uci get nodewatcher.@crawl[0].update_hash` + + command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=get_standart_data&authentificationmethod=$authentificationmethod&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id" + ergebnis=`$command` + + if [ `echo $ergebnis| cut '-d;' -f1` = "success" ]; then + #uci set freifunk.contact.location=`echo $ergebnis| cut '-d;' -f3` + + uci set system.@system[0].hostname=`echo $ergebnis| cut '-d;' -f4` + echo `echo $ergebnis| cut '-d;' -f4` > /proc/sys/kernel/hostname + +# uci get system.@system[0].latitude= +# uci get system.@system[0].longitude= +# uci get freifunk.community.ssid= +# uci get freifunk.contact.nickname= +# uci get freifunk.contact.mail= +# uci get freifunk.community.prefix= +# uci get freifunk.contact.note= + + uci commit + if [ $error_level -gt "1" ]; then + echo "`date`: Der Router wurde konfiguriert" >> $logfile + fi + else + if [ $error_level -gt "0" ]; then + echo "`date`: Fehler bei der Konfiguration: $ergebnis" >> $logfile + fi + fi +} + +crawl() { + #Get API and authentication configuration + netmon_api=`get_url` + authentificationmethod=`uci get nodewatcher.@crawl[0].method` + nickname=`uci get nodewatcher.@crawl[0].nickname` + password=`uci get nodewatcher.@crawl[0].password` + router_id=`uci get nodewatcher.@crawl[0].router_id` + router_auto_update_hash=`uci get nodewatcher.@crawl[0].update_hash` + + #Get system data from UCI + if which uci >/dev/null; then + if [ $error_level -gt "1" ]; then + echo "`date`: UCI is installed, trying to collect extra data UCI" >> $logfile + fi + location="`uci get freifunk.contact.location`" + location=`urlencode "$location"` + latitude="`uci get system.@system[0].latitude`" + longitude="`uci get system.@system[0].longitude`" + + community_essid="`uci get freifunk.community.ssid`" + community_nickname="`uci get freifunk.contact.nickname`" + community_email="`uci get freifunk.contact.mail`" + community_prefix="`uci get freifunk.community.prefix`" + description="`uci get freifunk.contact.note`" + description=`urlencode "$description"` + fi + + #Get system data from LUA + if which lua >/dev/null; then + if [ $error_level -gt "1" ]; then + echo "`date`: LUA is installed, trying to collect extra data LUA" >> $logfile + fi + luciname=`lua -l luci.version -e 'print(luci.version.luciname)'` + luciname=`urlencode "$luciname"` + lucversion=`lua -l luci.version -e 'print(luci.version.luciversion)'` + lucversion=`urlencode "$lucversion"` + fi + + #Get system data from other locations + hostname="`cat /proc/sys/kernel/hostname`" + uptime=`cat /proc/uptime | awk '{ print $1 }'` + idletime=`cat /proc/uptime | awk '{ print $2 }'` + + memory_total=`cat /proc/meminfo | grep 'MemTotal' | awk '{ print $2 }'` + memory_caching=`cat /proc/meminfo | grep -m 1 'Cached:' | awk '{ print $2 }'` + memory_buffering=`cat /proc/meminfo | grep 'Buffers' | awk '{ print $2 }'` + memory_free=`cat /proc/meminfo | grep 'MemFree' | awk '{ print $2 }'` + cpu=`grep -m 1 "cpu model" /proc/cpuinfo | cut -d ":" -f 2` + cpu=`urlencode "$cpu"` + chipset=`grep -m 1 "system type" /proc/cpuinfo | cut -d ":" -f 2` + chipset=`urlencode "$chipset"` + local_time="`date +%s`" + processes=`cat /proc/loadavg | awk '{ print $4 }'` + loadavg=`cat /proc/loadavg | awk '{ print $1 }'` + + batman_adv_version=`batctl -v | awk '{ print $2 }'` + kernel_version=`uname -r` + nodewatcher_version=`uci get nodewatcher.@script[0].version` + + openwrt_version_file="/etc/openwrt_release" + if [ -f $openwrt_version_file ]; then + . $openwrt_version_file + + distname=$DISTRIB_ID + distversion=$DISTRIB_RELEASE + fi + + firmware_version_file="/etc/firmware_release" + if [ -f $firmware_version_file ]; then + . $firmware_version_file + + firmware_version=$FIRMWARE_VERSION + fi + + #Send system data + command="http://$netmon_api/api_nodewatcher.php?section=insert_crawl_system_data&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&status=online&hostname=$hostname&description=$description&location=$location&latitude=$latitude&longitude=$longitude&luciname=$luciname&luciversion=$luciversion&distname=$distname&distversion=$distversion&chipset=$chipset&cpu=$cpu&memory_total=$memory_total&memory_caching=$memory_caching&memory_buffering=$memory_buffering&memory_free=$memory_free&loadavg=$loadavg&processes=$processes&uptime=$uptime&idletime=$idletime&local_time=$local_time&community_essid=$community_essid&community_nickname=$community_nickname&community_email=$community_email&community_prefix=$community_prefix&batman_advanced_version=$batman_adv_version&kernel_version=$kernel_version&nodewatcher_version=$nodewatcher_version&firmware_version=$firmware_version" + command="wget -q -O - "$command + if [ "$1" = "debug" ]; then + echo $command + else + i=0 + while [ $i -le 5 ] + do + return_interface=`$command` + + if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Das Senden der System und Batman Statusdaten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile + fi + break; + else + if [ $error_level -gt "0" ]; then + echo "`date`: Error! Das Senden der System und Batman Statusdaten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile + fi + fi + + i=`expr $i + 1` #Zähler um eins erhöhen + done + fi + + #Get interfaces + IFACES=`cat /proc/net/dev | awk -F: '!/\|/ { gsub(/[[:space:]]*/, "", $1); split($2, a, " "); printf("%s=%s=%s ", $1, a[1], a[9]) }'` + + #Loop interfaces + for entry in $IFACES; do + int="" + iface=`echo $entry | cut -d '=' -f 1` + rcv=`echo $entry | cut -d '=' -f 2` + xmt=`echo $entry | cut -d '=' -f 3` + + wlan_mode="" + wlan_bssid="" + wlan_essid="" + wlan_frequency="" + wlan_tx_power="" + + if [ "$iface" != "lo" ]; then + if [ "`ifconfig ${iface} | grep UP`" != "" ]; then + #Get interface data + name="${iface}" + mac_addr="`ifconfig ${iface} | grep 'HWaddr' | awk '{ print $5}'`" + ipv4_addr="`ifconfig ${iface} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`" + ipv6_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Global' | awk '{ print $3}'`" + ipv6_link_local_addr="`ifconfig ${iface} | grep 'inet6 addr:' | grep 'Scope:Link' | awk '{ print $3}'`" + mtu="`ifconfig ${iface} | grep 'MTU' | cut -d: -f2 | awk '{ print $1}'`" + traffic_rx="$rcv" + traffic_tx="$xmt" + + int=$int"int[$name][name]=$name&int[$name][mac_addr]=$mac_addr&int[$name][ipv4_addr]=$ipv4_addr&int[$name][ipv6_addr]=$ipv6_addr&int[$name][ipv6_link_local_addr]=$ipv6_link_local_addr&int[$name][traffic_rx]=$traffic_rx&int[$name][traffic_tx]=$traffic_tx&int[$name][mtu]=$mtu&" + + if [ "`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`" != "" ]; then + wlan_mode="`iwconfig ${iface} 2>/dev/null | grep 'Mode' | awk '{ print $1 }' | cut -d ':' -f 2`" + + if [ $wlan_mode = "Master" ]; then + wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep 'Access Point' | awk '{ print $6 }'`" + elif [ $wlan_mode = "Ad-Hoc" ]; then + wlan_bssid="`iwconfig ${iface} 2>/dev/null | grep Cell | awk '{ print $5 }'`" + fi + + wlan_essid="`iwconfig ${iface} 2>/dev/null | grep ESSID | awk '{ split($4, a, \"\\"\"); printf(\"%s\", a[2]); }'`" + wlan_frequency="`iwconfig ${iface} 2>/dev/null | grep Frequency | awk '{ print $2 }' | cut -d ':' -f 2`" + wlan_tx_power="`iwconfig ${iface} 2>/dev/null | grep 'Tx-Power' | awk '{ print $4 }' | cut -d '=' -f 2`" + int=$int"int[$name][wlan_mode]=$wlan_mode&int[$name][wlan_frequency]=$wlan_frequency&int[$name][wlan_essid]=$wlan_essid&int[$name][wlan_bssid]=$wlan_bssid&int[$name][wlan_tx_power]=$wlan_tx_power&" + fi + + #Send interface status data + command="http://$netmon_api/api_nodewatcher.php?section=insert_crawl_interfaces_data&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&$int" + command="wget -q -O - "$command + if [ "$1" = "debug" ]; then + echo $command + else + i=0 + while [ $i -le 5 ] + do + return_interface=`$command` + if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Das Senden der Interface Statusdaten ($name) war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile + fi + break; + else + if [ $error_level -gt "0" ]; then + echo "`date`: Error! Das Senden der Interface Statusdaten ($name) war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile + echo "`date`: $command" >> $logfile + fi + fi + i=`expr $i + 1` #Zähler um eins erhöhen + done + fi + fi + fi + done + + #B.A.T.M.A.N. advanced + mv /etc/bat-hosts /etc/bat-hosts.tmp + if which batctl >/dev/null; then + batman_check_running=`batctl if | grep 'Error'` + if [ "$batman_check_running" == "" ]; then + has_active_interface="0" + BAT_ADV_IFACES=`batctl if | awk '{ print $1 }' | cut -d ':' -f 1` + for device_name in $BAT_ADV_IFACES; do + if [ "`batctl if | grep $device_name | grep active`" != "" ]; then + status='active' + has_active_interface="1" + else + status='inactive' + fi + + command="http://$netmon_api/api_nodewatcher.php?section=insert_batman_adv_interfaces&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&bat_adv_int[$device_name][name]=$device_name&bat_adv_int[$device_name][status]=$status" + command="wget -q -O - "$command + if [ "$1" = "debug" ]; then + echo $command + else + i=0 + while [ $i -le 5 ] + do + return_interface="`$command`" + + if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Das Senden des Batman Advanced Interfaces ($device_name) war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile + fi + break; + else + if [ $error_level -gt "0" ]; then + echo "`date`: Error! Das Senden des Batman Advanced Interfaces ($device_name) war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile + fi + fi + + i=`expr $i + 1` #Zähler um eins erhöhen + done + fi + done + + if [ $has_active_interface = "1" ]; then + BAT_ADV_ORIGINATORS=`batctl o | grep 'No batman nodes in range'` + if [ "$BAT_ADV_ORIGINATORS" == "" ]; then + OLDIFS=$IFS + IFS=" +" + BAT_ADV_ORIGINATORS=`batctl o | awk '/O/ {next} /B/ {next} {print}'` + for row in $BAT_ADV_ORIGINATORS; do + originator=`echo $row | awk '{print $1}'` + last_seen=`echo $row | awk '{print $2}'` + last_seen="${last_seen//s/}" + link_quality=`echo $row | awk '{print $3}'` + link_quality="${link_quality//(/}" + link_quality="${link_quality//)/}" + + batman_adv_originators=$batman_adv_originators"bat_adv_orig[$originator][originator]=$originator&bat_adv_orig[$originator][link_quality]=$link_quality&bat_adv_orig[$originator][last_seen]=$last_seen&" + done + IFS=$OLDIFS + + command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=insert_batman_adv_originators&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&$batman_adv_originators" + if [ "$1" = "debug" ]; then + echo $command + else + i=0 + while [ $i -le 5 ] + do + return_interface="`$command`" + + if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Das Senden der Batman Advaned Originator Daten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile + fi + break; + else + if [ $error_level -gt "0" ]; then + echo "`date`: Error! Das Senden der Batman Advaned Originator Daten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile + fi + fi + + i=`expr $i + 1` #Zähler um eins erhöhen + done + fi + fi + fi + fi + fi + mv /etc/bat-hosts.tmp /etc/bat-hosts + + #CLIENTS + MESHDEVICE='br-mesh' + CLIENTDEVICE='ath0' + SEDDEV=`brctl showstp $MESHDEVICE | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'` + CLIENT_MACS=`brctl showmacs $MESHDEVICE | sed -e "$SEDDEV" | awk '{if ($3 != "yes" && $1 == "ath0") print $2}'` + i=0 + for client in $CLIENT_MACS; do +# clients=$clients"clients[$i][mac_addr]=$client&" + i=`expr $i + 1` #Zähler um eins erhöhen + done + client_count=$i + + command="wget -q -O - http://$netmon_api/api_nodewatcher.php?section=insert_clients&authentificationmethod=$authentificationmethod&nickname=$nickname&password=$password&router_auto_update_hash=$router_auto_update_hash&router_id=$router_id&client_count=$client_count" + if [ "$1" = "debug" ]; then + echo $command + else + i=0 + while [ $i -le 5 ] + do + return_interface="`$command`" + if [ `echo $return_interface | cut '-d;' -f1` = "success" ]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Das Senden der Client Daten war nach dem `expr $i + 1`. Mal erfolgreich" >> $logfile + fi + break; + else + if [ $error_level -gt "0" ]; then + echo "`date`: Error! Das Senden der Client Daten war nach dem `expr $i + 1`. Mal nicht erfolgreich: $return_interface" >> $logfile + fi + fi + i=`expr $i + 1` #Zähler um eins erhöhen + done + fi +} + + + +LANG=C + +SCRIPT_DIR=`dirname $0` +error_level=`uci get nodewatcher.@script[0].error_level` +logfile=`uci get nodewatcher.@script[0].logfile` + +if [[ `uci get nodewatcher.@update[0].autoupdate` == '1' ]]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Autoupdate ist an" >> $logfile + fi + update +else + if [ $error_level -gt "1" ]; then + echo "`date`: Autoupdate ist aus" >> $logfile + fi +fi + +if [[ "$1" == "update" ]]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Führe manuelles update aus" >> $logfile + fi + update + exit 1 +fi + + +if [ $error_level -gt "1" ]; then + echo "`date`: Prüfe Authentifizierungsmethode" >> $logfile +fi + +can_crawl=1 +if [ `uci get nodewatcher.@crawl[0].method` == "login" ]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Authentifizierungsmethode ist: Username und Passwort" >> $logfile + fi + authentificationmethod="user" +elif [ `uci get nodewatcher.@crawl[0].method` == "hash" ]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Authentifizierungsmethode ist: Autoassign und Hash" >> $logfile + echo "`date`: Prüfe ob Roter schon mit Netmon verknüpft ist" >> $logfile + fi + authentificationmethod="hash" + if [ `uci get nodewatcher.@crawl[0].update_hash` == "1" ]; then + can_crawl=0 + if [ $error_level -gt "1" ]; then + echo "`date`: Der Router ist noch NICHT mit Netmon verknüpft" >> $logfile + echo "`date`: Versuche verknüpfung herzustellen" >> $logfile + fi + assign + else + if [ $error_level -gt "1" ]; then + echo "`date`: Der Router ist bereits mit Netmon verknüpft" >> $logfile + fi + fi +fi + +if [ $can_crawl == 1 ]; then + if [ $error_level -gt "1" ]; then + echo "`date`: Prüfe Logfile" >> $logfile + fi + delete_log + + if [ $error_level -gt "1" ]; then + echo "`date`: Sende aktuelle Statusdaten" >> $logfile + fi + crawl +fi + +exit 0 \ No newline at end of file diff --git a/root_file_system/dir300b/etc/passwd b/root_file_system/dir300b/etc/passwd new file mode 100644 index 00000000..6b3e1fdc --- /dev/null +++ b/root_file_system/dir300b/etc/passwd @@ -0,0 +1,3 @@ +root:$1$OmvoKpjK$e.lPVnBxsrAbNV4EoH3xb1:0:0:root:/root:/bin/ash +nobody:*:65534:65534:nobody:/var:/bin/false +daemon:*:65534:65534:daemon:/var:/bin/false diff --git a/root_file_system/dir300b/etc/rc.local b/root_file_system/dir300b/etc/rc.local new file mode 100755 index 00000000..6edd0179 --- /dev/null +++ b/root_file_system/dir300b/etc/rc.local @@ -0,0 +1,18 @@ +# Put your custom commands here that should be executed once +# the system init finished. By default this file does nothing. + +ifconfig br-mesh down +ifconfig br-mesh up + +ifdown lan +ifup lan + +rdate -s time.fu-berlin.de + +chown root.root /etc/crontabs/root +/etc/init.d/cron stop +/etc/init.d/cron start + +sh /etc/firewall.user + +exit 0 diff --git a/root_file_system/dir300b/etc/showmacs.sh b/root_file_system/dir300b/etc/showmacs.sh new file mode 100755 index 00000000..36dc2305 --- /dev/null +++ b/root_file_system/dir300b/etc/showmacs.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# +# SHOWMACS need br-ctl! NO BUSYBOX! +# +# Version 0.2 +# +# by Tim Niemeyer (reddog@mastersword.de) +# + +DEV=$1 + +SEDDEV=`brctl showstp $DEV | egrep '\([0-9]\)' | sed -e "s/(//;s/)//" | awk '{ print "s/^ "$2"/"$1"/;" }'` +SEDMAC=`cat /etc/bat-hosts | sed -e "s/^/s\//;s/$/\/;/;s/ /\//"` + +brctl showmacs $DEV | sed -e "$SEDMAC" | sed -e "$SEDDEV" diff --git a/root_file_system/dir300b/etc/sysctl.conf b/root_file_system/dir300b/etc/sysctl.conf new file mode 100644 index 00000000..3d82b9fe --- /dev/null +++ b/root_file_system/dir300b/etc/sysctl.conf @@ -0,0 +1,24 @@ +kernel.panic=3 +net.ipv4.conf.default.arp_ignore=1 +net.ipv4.conf.all.arp_ignore=1 +net.ipv4.ip_forward=1 +net.ipv4.icmp_echo_ignore_broadcasts=1 +net.ipv4.icmp_ignore_bogus_error_responses=1 +net.ipv4.tcp_ecn=0 +net.ipv4.tcp_fin_timeout=30 +net.ipv4.tcp_keepalive_time=120 +net.ipv4.tcp_syncookies=1 +net.ipv4.tcp_timestamps=0 +net.core.netdev_max_backlog=30 +net.netfilter.nf_conntrack_checksum=0 +net.ipv4.netfilter.ip_conntrack_checksum=0 +net.ipv4.netfilter.ip_conntrack_max=16384 +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 +net.ipv4.netfilter.ip_conntrack_udp_timeout=60 +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 +# net.ipv6.conf.all.forwarding=1 + +# disable bridge firewalling by default +net.bridge.bridge-nf-call-arptables=0 +net.bridge.bridge-nf-call-ip6tables=0 +net.bridge.bridge-nf-call-iptables=0 \ No newline at end of file diff --git a/root_file_system/dir300b/etc/tincstart.sh b/root_file_system/dir300b/etc/tincstart.sh new file mode 100755 index 00000000..ff0965b7 --- /dev/null +++ b/root_file_system/dir300b/etc/tincstart.sh @@ -0,0 +1,119 @@ +#!/bin/sh + +#DEBUG="--debug=2" +DEBUG="" +SERVER="no" +SERVERNAME="batgw" + +project="batvpn" + +test_internet_host1="mastersword.de" +test_internet_host2="78.46.215.78" + +#Only do something with tinc when the router has internet connection +if ping -w5 -c3 "$test_internet_host1" &>/dev/null || ping -w5 -c3 "$test_internet_host2" &>/dev/null +then + +if [ "$SERVER" == "no" ] +then + hostname=$(ifconfig br-mesh | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g') + + if [ "$hostname" == "" ] + then + hostname=$(ifconfig eth0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g') + fi + + if [ "$hostname" == "" ] + then + hostname=$(ifconfig ath0 | grep HWaddr | awk '{ print $5 }'|sed -e 's/://g') + fi +else + hostname=$SERVERNAME +fi + +if [ ! -d /etc/tinc ] +then + mkdir /etc/tinc +fi + +if [ ! -d /etc/tinc/$project ] +then + mkdir /etc/tinc/$project + + echo -n -e "\n\n" | tincd --pidfile=/etc/tinc/$project/tinc.pid -n $project -K + kill -HUP $(cat /etc/tinc/$project/tinc.pid) + sleep 3 + mkdir /etc/tinc/$project/hosts + echo "ifconfig \$INTERFACE up" > /etc/tinc/$project/tinc-up + echo "ifconfig \$INTERFACE mtu 1280" >> /etc/tinc/$project/tinc-up + if [ "$SERVER" == "no" ] + then + echo "brctl addif br-mesh \$INTERFACE" >> /etc/tinc/$project/tinc-up + fi + chmod +x /etc/tinc/$project/tinc-up +fi + +pubkey=$(for line in $(cat /etc/tinc/$project/rsa_key.pub | sed -e 's/$/%0a/g' | sed -e 's/+/%2b/g' | sed -e 's/ /%20/g'); do echo -n $line; done) +port=666 + +cat < /etc/tinc/$project/tinc.conf +Name = $hostname +Mode = Switch +#PingTimeout = 30 +Hostnames = yes +#GraphDumpFile = /tmp/vpn-graph.dot +TCPOnly = yes +EOF + +# we need this only for first startup +if [ ! -f /etc/tinc/$project/hosts/$hostname ] +then +cat < /etc/tinc/$project/hosts/$hostname +Address = 0.0.0.0 +Port = $port +EOF +cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname +fi + +# fire up +if [ "$(ps aux | grep tincd | grep -v grep)" == "" ] +then + tincd -c /etc/tinc/$project --pidfile=/etc/tinc/$project/tinc.pid --logfile=/var/log/tinc.log $DEBUG +# sleep 1 +# brctl addif br-mesh tap0 +fi + +# register +wget -T15 "http://mastersword.de/~reddog/tinc/?name=$hostname&port=$port&key=$pubkey" -O /etc/tinc/$project/output + +filenames=$(cat /etc/tinc/$project/output| grep ^#### | sed -e 's/^####//' | sed -e 's/.conf//g') +for file in $filenames +do +grep -A100 $file /etc/tinc/$project/output | grep -v $file | grep -m1 ^### -B100 | grep -v ^### > /etc/tinc/$project/hosts/$file.new +if [ "$(diff /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file 2>&1)" == "" ] +then +/bin/rm /etc/tinc/$project/hosts/$file.new +else +/bin/mv /etc/tinc/$project/hosts/$file.new /etc/tinc/$project/hosts/$file +fi +echo "ConnectTo=$file" >> /etc/tinc/$project/tinc.conf +done + +if [ ! -f /etc/tinc/$project/hosts/$hostname ] +then +cat < /etc/tinc/$project/hosts/$hostname +Address = 0.0.0.0 +Port = $port +EOF +cat /etc/tinc/$project/rsa_key.pub >> /etc/tinc/$project/hosts/$hostname +fi + +#reload +kill -HUP $(cat /etc/tinc/$project/tinc.pid) + +else + echo "Der Router kann keine Verbindung zum Tincserver aufbauen" + echo "Tincstart macht nichts!" +fi + +exit 0 \ No newline at end of file