Because of to the switch from swconfig to DSA, the switchport names
have to be migrated for a few devices. Due to past migrations, we
already have developed a migration script for that.
Duplicate and adjust the script for the newly migrated devices. While at
it, rename the old script to reflect the configuration version bump.
Fixes: #301
Signed-off-by: Fabian Bläse <fabian@blaese.de>
the TL-WDR4900 was migrated to a DSA driver with OpenWrt 23.05. Adjust
our network configuration accordingly.
Fixes: #302
Signed-off-by: Fabian Bläse <fabian@blaese.de>
When adjusting our configuration for the DSA migration of the FritzBox
4040, the cpuport was forgotten. The cpuport has to be removed for DSA
devices.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
With OpenWrt 23.05 a few more devices have been migrated to DSA. Bump
the config_version of layer3-config to reflect the necessary migration.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Device support is based on the patch set linked in the OpenWrt Wiki. [1][2]
The aux-loader blob is not included, as it is only required for initial
installation.
Two additional kernel patches for mvpp2 are added to allow receive
hashing to work properly in the DSA setup of the device.
[1] https://openwrt.org/toh/mikrotik/rb5009ug_s_in#installation
[2] https://paste.myconan.net/482114
Signed-off-by: Fabian Bläse <fabian@blaese.de>
- enable persistent history, save it to tmpfs (ram)
- increase history size to 1024
- enable reverse-i search
- enable watch command
- enable top SMP command
Signed-off-by: Fabian Bläse <fabian@blaese.de>
fff-extra: feature_top_smp (apply for all targets or move to dependency!)
Devices with large flash can hold more packages and tools to improve
user experience. Create an additional package which can be used to
select packages only on targets with large flash (currently >= 16 MiB).
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Babeld has been replaced with bird by default for quite some time now.
Remove babeld and all configurations scripts (fff-babeld) to reduce
image size.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Add the following option to the client config section in
`/etc/config/gateway` to enable a basic stateful firewall:
```
config client
option stateful_firewall '1'
```
The firewall will forward icmp mesages and allow any outbound client
traffic and related inbound traffic.
Acked-by: Fabian Bläse <fabian@blaese.de>
Include nftables and appropriate modules. Translate ip- and ebtables
rules to their nftables counterparts. Remove ip/ebtables and modules.
This change intentionally tries to keep structural changes at a minimum
to keep the rule translation comprehensible.
kmod-nft-bridge is not required for fff-node, because it was merged into
a single kernel module since Linux 4.17:
[1] 02c7b25e5f
[2] fbaf48387eFixes: #252
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Co-authored-by: Johannes Kimmel <fff@bareminimum.eu>
It might be desired by the user to change the channel width of the
wireless radios. Implement a layer3 option to make channel width
configurable by the user.
Fixes: #276
Signed-off-by: Fabian Bläse <fabian@blaese.de>
When reverting configured settings, it is not an error if no temporary
directory for bird babel peers has been created.
Use rm -rf to prevent an error message and early exit of
configure-layer3 scripts.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
By default OpenWRT generates A and AAAA records for the routers
hostname. This might interferes with upstream records and breaks when
DNSSEC is utilized.
Therefore, disable this features.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
The bird2 babel implementation has proven to be the more reliable option
over babeld, especially on low-end hardware. It has been working
flawlessly on many test installations.
Use bird2 instead of babeld, if no implementation is specified via uci.
While at it, use the automatically incrementing $(COMMITCOUNT) for
PKG_RELEASE.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Many functions of configure-layer3 terminate the program after
successful execution, as they were originally only intended for
execution of configure-layer3 commands.
However, some functions are used both for command exection, but also as
helper functions. For example, revert_changes() is used as a helper
function in test_changes(). Terminating the program at the end of the
function therefore ends the exection of test_changes() prematurely. As a
result, the test mode of configure-layer3 never reloads services after
a successful configuration revert.
Replace exit commands with appropriate function return values, which can
then be evaluated by the caller where appropriate.
While at it, add a missing return to the parameter validation in
execute_subshell().
Fixes: #256
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Support for devices with two ports was originally intended for built-in
swconfig switches with only two externally exposed ethernet ports.
With the switch from ath71xx to ath79, the only device which ever made
use of this uncommon configuration (CPE210-v1) now has to dedicated
interfaces exposed to Linux. Therefore, two-port support was modified to
support two distinct interfaces instead of swconfig switch
configuration, which also simplified support for a few other devices.
However, the Web UI has not been taken into account. Due to the way the
Web UI detected a two-port device, the already implemented port selector
is not shown.
Use the TWO_PORT variable introduced with the change mentioned above to
detect two-port devices instead.
Fixes: #257
Fixes: c22032e254 ("fff-network: support native two-port devices")
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Currently router ipv6 addresses imported via the direct protocol from
the lo interface are all filtered. This should fix it.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
The stderr of batctl should be redirected.
In a row of pipes a redirection at the end will only redirect the output of the last command! Put it on the right place.
It's just shell grammar.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
The update notification has been botched into the web ui a long time
ago. It has not been overhauled ever since.
Make it at least a little bit less ugly.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
None of our current settings require a reboot to be applied. Only a
hood change is not done immediately. Therefore, the user is not required
to reboot the router after changing settings, so remove the reboot
request.
Fixes: #107
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
A full reboot is not required for changing the port mode. The port mode
is configured dynamically using configurenetwork, which can be launched
after the port mode has been changed.
Fixes: #107
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
A recent change (b26399283a) introduced an upper limit for the preferred
and valid lifetimes, so the statically configured addresses on the client
interface do not result in infinite lifetimes.
This upper bound is derived from the dhcp lease time. However, the
preferred lifetime is unexpectedly bound by an explicit configuration
option in recent versions of odhcpd. Due to our short dhcp leasetime,
the default value of this option is higher than the lease time, which
results preferred lifetimes longer than the valid lifetime.
As this behavior is rather unintuitive, a proper fix for it should be
done upstream (see #238). Until then, lower the preferred lifetime
option to the same value as our leasetime.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Insert the lost "&"
Fixes: #239
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Do not hide uci errors when checking if gateway config exists, so an
appropriate uci error message is displayed. This can be helpful to find
syntax errors.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
When advertising network prefixes gathered from the interface, odhcpd
sets the preferred and valid lifetime of those prefixes in the router
advertisement to the values set for those addresses on the interface.
When prefixes are configured statically (as done in our firmware), this
means that odhcp announces these prefixes for SLAAC with infinite
preferred and valid lifetimes.
While this does not seem like a problem at first, it hurts significantly
when configuration errors are made or cables are plugged into the wrong
ports, because those addresses never vanish from devices anymore, as long
as they are powered up. Also, it makes it impossible to change prefixes
without gracefully shutting down the RA server, so it can announce zero
lifetimes for previously announced prefixes.
Sadly, odhcp does not have an option to configure these lifetimes
explicitly, but it is possible to limit these lifetimes to the lease
time configured and used for the DHCP functionality of odhcpd.
Enable the appropriate 'ra_useleasetime' option to reduce impact of the
before mentioned problems.
Fixes: #142
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
*-ssl variants of mosquitto require libopenssl, which increases the
storage requirement by almost 1 MB, even when compressed with squashfs.
Because we currently do not need TLS support for fff-mqtt, switch to the
nossl variant to save space and allow building for devices with 8 MiB
flash.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Disabling vxlan via uci solves all problemes.
A reload_config does now everything we need. Bringing up vxlan if peers available and shuting down the Interface if not.
This will also remove old fdb entries and clear the batman tables immediately.
No ifup and no extra cleaning of the fdb is required.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Reset vid if no peers are available.
If a router switches to a hood without vxlan, or the peers in the hoodfile disappear, the vid should be reset.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Without "uci commit" peers do not appear in /etc/config network. Use uci show instead.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
In a previous change all static configuration has been moved from
configurenetwork to a static uci-defaults script. As the configuration
of the switch is completely static, while port assignment for ONE and
TWO_PORT devices is dynamic, this patch slightly changed the condition
for the creation of the switch config.
Instead of only configuring the switch, if ONE_PORT and TWO_PORT is not
set, the switch is now always configured if a swconfig device is
present. However, some ONE and TWO_PORT devices have a swconfig device,
even though only a single physical port is connected to it. Those
devices require an unconfigured switch to function properly.
Therefore, introduce additional conditions, so the switch configuration
is not generated if ONE_PORT or TWO_PORT is set.
Fixes: 1c3328e64a ("Remove static configuration from dynamic script")
Signed-off-by: Fabian Bläse <fabian@blaese.de>
ETHPORT was used to configure devices with two physical ethernet ports,
one of them being connected directly to the CPU, while the other one is
connected to the internal switch of the platform.
As the GL-AR150 has been converted to the TWO_PORT codepath and no other
devices utilizes ETHPORT, remove all leftovers.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Sebastian Beck <freifunk@beibecks.de>
The GL-AR150 has two ethernet ports. One of them is connected directly
to the CPU (labeled "WAN"), while the other one (labeled "LAN") is
connected to the internal switch of the AR9330 platform.
Previously, this device had its own codepath in configurenetwork,
utilizing the ETHPORT variable, so the single physical port of the
switch could be connected to either the CLIENT or BATMAN vlan of the
SWITCHPORT.
When adding support for TWO_PORT devices, this codepath was accidentally
removed, so the LAN-Port was not configured anymore.
Configuring the internal switch is not necessary when only a single
physical port ist connected to it. Instead, leave the switch
unconfigured, so it behaves like an unmanaged vlan-transparent switch.
As we support TWO_PORT devices now, utilize the TWO_PORT codepath
(instead of the ONE_PORT codepath, which would be equivalent to the old
behaviour) to make both ports configureable. To retain the previously
configured mode of the LAN-Port, migrate ETHPORT to LAN1MODE before
executing configurenetwork.
Fixes: #222
Fixes: c22032e254 ("fff-network: support native two-port devices")
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Sebastian Beck <freifunk@beibecks.de>
Instead of tampering with the 'DEFAULT' property of meta packages on
every build in a non-portable way, use the build system as intended and
select packages using an approriate build config ('.config').
This is achived by adding the approriate variant package to the build
config before expanding it using defconfig.
By that, the fff-variant-* packages and FFF_VARIANT environment variable
can be removed. Base packages required in both variants are now included
via fff-base (formerly fff-variant/default).
Besides cleaning up the build process, this change also fixes a recent
issue with build dependencies, as they are evaluated on a per-package
basis instead of per-variant. Due to that, dependencies of all
variants are compiled, regardless of the selected variant. Combined with
a recent build issue of mosquitto (see [1]), the node variant could not
be built from a clean state.
[1] https://github.com/eclipse/mosquitto/issues/2432
Signed-off-by: Fabian Bläse <fabian@blaese.de>
fastd startup changed to procd. That's why it's broken.
Now a fastd reload can be used for all conditions.
An extra fastd stop is implemented to bring down the Interface.
fastd reload doesn't do that.
Fixes: #215
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
There are two reasons why there should be no peers.
Meshrouter without wan or no peers in hoodfile for a protocol.
With this patch there is only one condition left for vpn-start-stop.
Peers present or not. And it is less complicated to implement start/stop.
Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
This patch add the latency to the nodewatcher data.
The target of the ping can configure in /etc/config/fff
Example:
config latency 'latency'
option ipv4 'ff1.zbau.f3netze.de'
option ipv6 'ff1.zbau.f3netze.de'
if no target is set, no latency is send.
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Acked-by: Fabian Bläse <fabian@blaese.de>
Fabian Bläse
Robert Langhammer
Johannes Kimmel
Wolfgang Hüttenhofer
Christian Dresel