fff-layer3: add ethtool

Signed-off-by: Fabian Bläse <fabian@blaese.de>
OpenWrt: bump to v23.05.3
2024-04-01 23:54:21 +02:00 · 2024-04-01 23:54:21 +02:00 · 2024-04-01 23:54:16 +02:00 · 2024-03-21 21:55:43 +01:00 · 2024-03-21 21:53:32 +01:00 · 2024-03-21 21:53:32 +01:00
19 changed files with 73 additions and 39 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -4,7 +4,7 @@ clone:
    settings:
      tags: true

-pipeline:
+steps:
  buildall-layer3:
    image: openwrtorg/imagebuilder
    commands:
@ -42,4 +42,5 @@ pipeline:
      - echo "You can download the built firmware images here:"
      - echo "https://ci.fff.community/artifacts/$(git describe --tags)"

-branches: [ master ]
+when:
+  branch: [ master ]
--- a/bsp/ramips-mt76x8.bsp
+++ b/bsp/ramips-mt76x8.bsp
@ -4,4 +4,5 @@ images=("openwrt-${chipset}-${subtarget}-tplink_archer-c50-v3-squashfs-*"
        "openwrt-${chipset}-${subtarget}-tplink_archer-c50-v4-squashfs-*"
        "openwrt-${chipset}-${subtarget}-tplink_tl-wr841n-v13-squashfs-*"
        "openwrt-${chipset}-${subtarget}-xiaomi_mi-router-4a-100m-squashfs-*"
+        "openwrt-${chipset}-${subtarget}-xiaomi_mi-router-4a-100m-intl-squashfs-*"
        )
--- a/bsp/ramips-mt76x8/.config
+++ b/bsp/ramips-mt76x8/.config
@ -12,6 +12,8 @@ CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_tplink_tl-wr841n-v13=y
 CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tplink_tl-wr841n-v13=""
 CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=y
 CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=""
+CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m-intl=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m-intl=""
 CONFIG_BUSYBOX_CUSTOM=y
 CONFIG_TARGET_PER_DEVICE_ROOTFS=y
 # CONFIG_BUSYBOX_CONFIG_BRCTL is not set
--- a/6
+++ b/6
@ -7,9 +7,9 @@ set -o pipefail
 builddir=./build

 # OpenWrt: package hashes correspond to core repo version
-OPENWRTREV="v23.05.2"
-PACKAGEREV="8e3a1824645f5e73ec44c897ac0755c53fb4a1f8"
-ROUTINGREV="83ef3784a9092cfd0a900cc28e2ed4e13671d667"
+OPENWRTREV="v23.05.3"
+PACKAGEREV="063b2393cbc3e5aab9d2b40b2911cab1c3967c59"
+ROUTINGREV="648753932d5a7deff7f2bdb33c000018a709ad84"

 # Gluon packages: master from 2020-02-04
 GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c"
--- a/src/packages/fff/fff-babel/files/lib/functions/fff/babel
+++ b/src/packages/fff/fff-babel/files/lib/functions/fff/babel
@ -82,12 +82,12 @@ babel_reload() {
 	# switch implementation temporarily
 	case $implementation in
 		bird2)
-			/etc/init.d/babeld stop 2>/dev/null
-			/etc/init.d/fff-bird start
+			[ -f /etc/init.d/babeld ] && /etc/init.d/babeld stop 2>/dev/null
+			[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird start
 			;;
 		babeld)
-			/etc/init.d/fff-bird stop 2>/dev/null
-			/etc/init.d/babeld start
+			[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird stop 2>/dev/null
+			[ -f /etc/init.d/babeld ] && /etc/init.d/babeld start
 			;;
 	esac

@ -101,12 +101,12 @@ babel_apply() {
 	# switch implementation persistently
 	case $implementation in
 		bird2)
-			/etc/init.d/babeld disable
-			/etc/init.d/fff-bird enable
+			[ -f /etc/init.d/babeld ] && /etc/init.d/babeld disable
+			[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird enable
 			;;
 		babeld)
-			/etc/init.d/fff-bird disable
-			/etc/init.d/babeld enable
+			[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird disable
+			[ -f /etc/init.d/babeld ] && /etc/init.d/babeld enable
 			;;
 	esac

--- a/src/packages/fff/fff-extra/Makefile
+++ b/src/packages/fff/fff-extra/Makefile
@ -11,6 +11,7 @@ define Package/fff-extra
 	TITLE:=Freifunk-Franken gateway configuration
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+bmon \
+	         +ethtool \
 	         +htop \
 	         +procps-ng \
 	         +procps-ng-vmstat \
--- a/src/packages/fff/fff-firewall/Makefile
+++ b/src/packages/fff/fff-firewall/Makefile
@ -10,7 +10,8 @@ define Package/$(PKG_NAME)
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken firewall
 	URL:=https://www.freifunk-franken.de
-	DEPENDS:=+nftables
+	DEPENDS:=+kmod-nft-bridge \
+	         +nftables
 endef

 define Package/$(PKG_NAME)/description
--- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/90-user
+++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/90-user
@ -0,0 +1 @@
+nft -f /etc/nftables-fff.conf
--- a/src/packages/fff/fff-layer3-config/files/etc/uci-defaults/20-l3config-migrate-1-to-2
+++ b/src/packages/fff/fff-layer3-config/files/etc/uci-defaults/20-l3config-migrate-1-to-2
@ -7,7 +7,7 @@
 BOARD="$(uci get board.model.name)"

 # only migrate appropriate config versions
-[ "$(uci -q get gateway.meta.config_version)" = "1" ] || exit 1
+[ "$(uci -q get gateway.meta.config_version)" = "1" ] || exit 0

 translate_ports() {
 	local vlan="$1"
@ -77,3 +77,5 @@ esac

 uci set gateway.meta.config_version='2'
 uci commit gateway
+
+exit 0
--- a/src/packages/fff/fff-layer3-config/files/etc/uci-defaults/21-l3config-migrate-2-to-3
+++ b/src/packages/fff/fff-layer3-config/files/etc/uci-defaults/21-l3config-migrate-2-to-3
@ -7,7 +7,7 @@
 BOARD="$(uci get board.model.name)"

 # only migrate appropriate config versions
-[ "$(uci -q get gateway.meta.config_version)" = "2" ] || exit 1
+[ "$(uci -q get gateway.meta.config_version)" = "2" ] || exit 0

 translate_ports() {
 	local vlan="$1"
@ -74,3 +74,5 @@ esac

 uci set gateway.meta.config_version='3'
 uci commit gateway
+
+exit 0
--- a/src/packages/fff/fff-network/files/lib/functions/fff/cpuport
+++ b/src/packages/fff/fff-network/files/lib/functions/fff/cpuport
@ -12,7 +12,8 @@ get_cpu_port() {
 		tplink,tl-wr1043nd-v2|\
 		tplink,tl-wr1043nd-v3|\
 		tplink,tl-wr841n-v13|\
-		xiaomi,mi-router-4a-100m)
+		xiaomi,mi-router-4a-100m|\
+		xiaomi,mi-router-4a-100m-intl)
 			CPUPORT="6t"
 			;;
 		avm,fritzbox-4040|\
--- a/src/packages/fff/fff-network/files/lib/functions/fff/portorder
+++ b/src/packages/fff/fff-network/files/lib/functions/fff/portorder
@ -36,7 +36,8 @@ get_port_order() {
 		tplink,cpe510-v1)
 			PORTORDER="5 4"
 			;;
-		xiaomi,mi-router-4a-100m)
+		xiaomi,mi-router-4a-100m|\
+		xiaomi,mi-router-4a-100m-intl)
 			PORTORDER="0 2 4"
 			;;
 	esac
--- a/src/packages/fff/fff-network/files/usr/lib/nodewatcher.d/20-interfaces.sh
+++ b/src/packages/fff/fff-network/files/usr/lib/nodewatcher.d/20-interfaces.sh
@ -48,19 +48,12 @@ for filename in $(grep 'up\|unknown' /sys/class/net/*/operstate); do

 	interface_data=$interface_data"<$iface><name>$iface</name>$addrs<traffic_rx>$traffic_rx</traffic_rx><traffic_tx>$traffic_tx</traffic_tx>"

-	interface_data=$interface_data$(iwconfig "${iface}" 2>/dev/null | awk -F':' '
-		/Mode/{ split($2, m, " "); printf "<wlan_mode>"m[1]"</wlan_mode>" }
-		/Cell/{ split($0, c, " "); printf "<wlan_bssid>"c[5]"</wlan_bssid>" }
-		/ESSID/ { split($0, e, "\""); printf "<wlan_essid>"e[2]"</wlan_essid>" }
-		/Freq/{ split($3, f, " "); printf "<wlan_frequency>"f[1]f[2]"</wlan_frequency>" }
-		/Tx-Power/{ split($0, p, "="); sub(/[[:space:]]*$/, "", p[2]); printf "<wlan_tx_power>"p[2]"</wlan_tx_power>" }
-	')
-
 	interface_data=$interface_data$(iw dev "${iface}" info 2>/dev/null | awk '
 		/ssid/{ split($0, s, " "); printf "<wlan_ssid>"s[2]"</wlan_ssid>" }
 		/type/ { split($0, t, " "); printf "<wlan_type>"t[2]"</wlan_type>" }
 		/channel/{ split($0, c, " "); printf "<wlan_channel>"c[2]"</wlan_channel>" }
 		/width/{ split($0, w, ": "); sub(/ .*/, "", w[2]); printf "<wlan_width>"w[2]"</wlan_width>" }
+		/txpower/{ sub(/\.../, "", $2); print "<wlan_tx_power>"$2" dBm</wlan_tx_power>" }
 	')

 	interface_data=$interface_data"</$iface>"
--- a/src/packages/fff/fff-network/mipsel/network.xiaomi,mi-router-4a-100m-intl
+++ b/src/packages/fff/fff-network/mipsel/network.xiaomi,mi-router-4a-100m-intl
@ -0,0 +1,7 @@
+. /lib/functions/fff/network
+
+WANDEV=eth0
+SWITCHDEV=eth0
+CLIENT_PORTS="6t 4"
+WAN_PORTS="6t 0"
+BATMAN_PORTS="6t 2"
--- a/src/packages/fff/fff-node/files/usr/lib/firewall.d/05-setup-batman-chains
+++ b/src/packages/fff/fff-node/files/usr/lib/firewall.d/05-setup-batman-chains
@ -4,7 +4,7 @@ table bridge filter {
 	# vom Gateway (also vom BATMAN) kommen darf.
 	chain IN_ONLY {
 		# -i ! bat0 --logical-in br-client -j DROP
-		iifname != "bat0" counter drop
+		iifname != "bat0" ibrname "br-client" counter drop
 		counter
 	}

@ -12,7 +12,7 @@ table bridge filter {
 	# in Richtung Gateway (also ins BATMAN) gesendet werden darf.
 	chain OUT_ONLY {
 		# --logical-out br-client -o ! bat0 -j DROP
-		oifname != "bat0" counter drop
+		oifname != "bat0" obrname "br-client" counter drop
 		counter
 	}

@ -24,21 +24,21 @@ table bridge filter {
 		type filter hook input priority filter; policy accept;

 		# -d Multicast -i ! bat0 --logical-in br-client -j ACCEPT
-		iifname != "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter packets 0 bytes 0 accept
+		iifname != "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 ibrname "br-client" counter packets 0 bytes 0 accept
 	}

 	chain FORWARD {
 		type filter hook forward priority filter; policy accept;

 		# -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
-		oifname "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter packets 0 bytes 0 jump MULTICAST_OUT
+		oifname "bat0" obrname "br-client" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter packets 0 bytes 0 jump MULTICAST_OUT
 	}

 	chain OUTPUT {
 		type filter hook output priority filter; policy accept;

 		# -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
-		oifname "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter jump MULTICAST_OUT
+		oifname "bat0" obrname "br-client" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter jump MULTICAST_OUT
 	}
 }
 __EOF
--- a/src/packages/fff/fff-node/files/usr/lib/firewall.d/40-local-node
+++ b/src/packages/fff/fff-node/files/usr/lib/firewall.d/40-local-node
@ -4,27 +4,27 @@ table bridge filter {
 		# No input from/to local node ip from batman

 		# -p IPv6 -i bat0 --logical-in br-client --ip6-src fdff::1 -j DROP
-		iifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
+		iifname "bat0" ibrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
 		# -p IPv6 -i bat0 --logical-in br-client --ip6-dst fdff::1 -j DROP
-		iifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
+		iifname "bat0" ibrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
 	}

 	chain FORWARD {
 		# Do not forward local node ip

 		# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
-		oifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
+		oifname "bat0" obrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
 		# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
-		oifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
+		oifname "bat0" obrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
 	}

 	chain OUTPUT {
 		# Do not output local node ip to batman

 		# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
-		oifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
+		oifname "bat0" obrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
 		# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
-		oifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
+		oifname "bat0" obrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
 	}
 }
 __EOF
--- a/src/packages/fff/fff-support/files/etc/init.d/fff-userconfig
+++ b/src/packages/fff/fff-support/files/etc/init.d/fff-userconfig
@ -4,8 +4,6 @@
 START=96
 boot() {
  LOCALCONFIGSCRIPT="/etc/rc.local.fff_userconfig"
-  #add LOCALCONFIGSCRIPT to sysupgrade regardless if it already exists or not to prevent data loss
-  grep -q ^"${LOCALCONFIGSCRIPT}"$ /etc/sysupgrade.conf || echo "$LOCALCONFIGSCRIPT" >> /etc/sysupgrade.conf

  # process user commands
  [ -f "${LOCALCONFIGSCRIPT}" ] && {
--- a/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade
+++ b/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade
@ -12,6 +12,8 @@ cat > /etc/sysupgrade.conf <<-__EOF__
 /etc/config/fff
 /etc/config/gateway
 /etc/hoodfile
+/etc/nftables-fff.conf
+/etc/rc.local.fff_userconfig
 __EOF__

 exit 0
--- a/src/packages/fff/fff-wireless/files/etc/init.d/fff-wireless-update
+++ b/src/packages/fff/fff-wireless/files/etc/init.d/fff-wireless-update
@ -0,0 +1,21 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+
+boot() {
+	# first we disable the init.d
+	/etc/init.d/fff-wireless-update disable
+	# we must delete the symlink manually
+	rm -f /etc/rc.d/S99fff-wireless-update
+
+	# Starting with OpenWrt 23.05, reload_config does not
+	# properly start the wifi access point on some devices.
+	# This seems to be an issue with the reloading of hostapd,
+	# which throws errors, but does not restart hostapd.
+	# see https://git.freifunk-franken.de/freifunk-franken/firmware/issues/319
+	#
+	# workaround: manually restart wifi completely
+	# after any automatic post-update configuration (fff-layer3-config, ...)
+	sleep 20
+	wifi
+}
Author	SHA1	Message	Date
Fabian Bläse	d593b1aa5e	fff-layer3: add ethtool ci/woodpecker/push/woodpecker Pipeline was successful Details ci/woodpecker/tag/woodpecker Pipeline was successful Details Signed-off-by: Fabian Bläse <fabian@blaese.de>	2024-04-01 23:54:21 +02:00
Fabian Bläse	3dc5905241	OpenWrt: bump to v23.05.3 Bump core, packages and routing. Signed-off-by: Fabian Bläse <fabian@blaese.de>	2024-04-01 23:54:21 +02:00
Robert Langhammer	4762825411	fff-network: remove iwconfig iwconfig is upstream scheduled for removal and no longer working. It is only used once to get the txpower for the nodewatcher. Fixes: #327 Signed-off-by: Robert Langhammer <rlanghammer@web.de> Reviewed-by: Fabian Bläse <fabian@blaese.de>	2024-04-01 23:54:16 +02:00
Fabian Bläse	1d2c835b53	fff-layer3-config: fix exit status of uci-default scripts ci/woodpecker/push/woodpecker Pipeline was successful Details OpenWrt only removes uci-defaults scripts if the exit status of the executed script is 0. Fix the exit code of the layer3-config migration scripts so they are removed as intended. Fixes: #313 Signed-off-by: Fabian Bläse <fabian@blaese.de>	2024-03-21 21:55:43 +01:00
Fabian Bläse	797c3ddca0	Add support for Xiaomi Mi Router 4A (100m-intl) The international variant of the Xiaomi Mi Router 4A (100m) has a different partition layout as the chinese version and was added to OpenWrt at a later time. Using the OpenWrt image for the international variant saves the extra step of flashing the chinese firmware variant via TFTP before OpenWrt itself. Signed-off-by: Fabian Bläse <fabian@blaese.de>	2024-03-21 21:53:32 +01:00
Fabian Bläse	daa25fded8	Consolidate sysupgrade.conf entries Most of the entries in /etc/sysupgrade.conf are generated by a uci-defaults script in the fff-sysupgrade package. The only entry added in a different place is rc.local.fff_userconfig. Consolidate all entries to be added by the uci-defaults script in fff-sysupgrade. Signed-off-by: Fabian Bläse <fabian@blaese.de>	2024-03-21 21:53:32 +01:00
Fabian Bläse	6acdc6efa1	fff-firewall: add user-customizable nftables hook Currently there is no way to persistently configure firewall rules on a router. This might be desirable as home-use of the Freifunk network is quite common these days. To allow for the most flexibility while keeping maintenance efforts low, add a persistent, user-customizable nftables hook. It is evaluated after all firewall rules have already been configured, so it is possible to override them. Users of this hook are responsible for keeping up with changes to the firmware and modify it appropriately, before updating the system. Fixes: #314 Signed-off-by: Fabian Bläse <fabian@blaese.de>	2024-03-21 21:53:32 +01:00
Fabian Bläse	cef7bc3c88	fff-wireless: add workaround for wifi configuration after update Introduce a workaround for an OpenWrt bug on the Xiaomi Mi 4A (Gigabit Edition). After an update of the firmware, the wireless interfaces are not properly created as configured. When configuring the WiFi interfaces via uci and applying the settings using reload_config, hostapd reports errors and no WiFi interfaces are created. It seems like OpenWrt tries to dynamically reload the settings instead of restarting hostapd, but hostapd fails to properly apply them. To work around this regression until the root cause is found, restart the wifi interfaces manually after a firmware upgrade. Fixes: #319 Signed-off-by: Fabian Bläse <fabian@blaese.de> Tested-by: ArchTux <alex@tux-hausen.de>	2024-03-21 21:53:32 +01:00
Fabian Bläse	86c893161f	fff-node: apply firewall rules to br-client only When switching from ebtables to nftables, the --logical-in and --logical-out selectors of some rules were missed. This might have been caused by kmod-nft-bridge not being installed, which is required for the ibrname and obrname selectors, so it is possible that the migration (using ebtables-nft) did not apply these selectors. Add the ibrname and obrname selectors and add the required kernel module. Fixes: #315 Fixes: `157fa4eac5` ("fff-firewall: Switch from ip/ebtables to nftables") Reported-by: Robert Langhammer <rlanghammer@web.de> Signed-off-by: Fabian Bläse <fabian@blaese.de> Tested-by: Robert Langhammer <rlanghammer@web.de>	2024-03-21 21:47:10 +01:00
Fabian Bläse	7391ac8312	OpenWrt: bump to v23.05 from 2024-03-08 OpenWrt v23.05 releases up to and including v23.05.2 contain a bug which causes some SPI flashes to be partially or fully unwriteable [1]. A workaround for this bug has already been added to the v23.05 branch, but no new version has been released since. Bump OpenWrt and corresponding feeds to the most recent commit on the v23.05 branch. [1] https://github.com/openwrt/openwrt/pull/14361 Signed-off-by: Fabian Bläse <fabian@blaese.de>	2024-03-21 21:47:10 +01:00
Fabian Bläse	23a3af46d2	fff-babel: remove erroneous error messages for absent babel implementation Fixes: #306 Signed-off-by: Fabian Bläse <fabian@blaese.de>	2024-03-21 14:20:30 +01:00
Fabian Bläse	94c5340700	woodpecker: replace syntax deprecated with 1.0.0 Signed-off-by: Fabian Bläse <fabian@blaese.de>	2024-02-28 10:49:29 +01:00