forked from freifunk-franken/firmware
Compare commits
12 Commits
Author | SHA1 | Date |
---|---|---|
Fabian Bläse | d593b1aa5e | |
Fabian Bläse | 3dc5905241 | |
Robert Langhammer | 4762825411 | |
Fabian Bläse | 1d2c835b53 | |
Fabian Bläse | 797c3ddca0 | |
Fabian Bläse | daa25fded8 | |
Fabian Bläse | 6acdc6efa1 | |
Fabian Bläse | cef7bc3c88 | |
Fabian Bläse | 86c893161f | |
Fabian Bläse | 7391ac8312 | |
Fabian Bläse | 23a3af46d2 | |
Fabian Bläse | 94c5340700 |
|
@ -4,7 +4,7 @@ clone:
|
||||||
settings:
|
settings:
|
||||||
tags: true
|
tags: true
|
||||||
|
|
||||||
pipeline:
|
steps:
|
||||||
buildall-layer3:
|
buildall-layer3:
|
||||||
image: openwrtorg/imagebuilder
|
image: openwrtorg/imagebuilder
|
||||||
commands:
|
commands:
|
||||||
|
@ -42,4 +42,5 @@ pipeline:
|
||||||
- echo "You can download the built firmware images here:"
|
- echo "You can download the built firmware images here:"
|
||||||
- echo "https://ci.fff.community/artifacts/$(git describe --tags)"
|
- echo "https://ci.fff.community/artifacts/$(git describe --tags)"
|
||||||
|
|
||||||
branches: [ master ]
|
when:
|
||||||
|
branch: [ master ]
|
||||||
|
|
|
@ -4,4 +4,5 @@ images=("openwrt-${chipset}-${subtarget}-tplink_archer-c50-v3-squashfs-*"
|
||||||
"openwrt-${chipset}-${subtarget}-tplink_archer-c50-v4-squashfs-*"
|
"openwrt-${chipset}-${subtarget}-tplink_archer-c50-v4-squashfs-*"
|
||||||
"openwrt-${chipset}-${subtarget}-tplink_tl-wr841n-v13-squashfs-*"
|
"openwrt-${chipset}-${subtarget}-tplink_tl-wr841n-v13-squashfs-*"
|
||||||
"openwrt-${chipset}-${subtarget}-xiaomi_mi-router-4a-100m-squashfs-*"
|
"openwrt-${chipset}-${subtarget}-xiaomi_mi-router-4a-100m-squashfs-*"
|
||||||
|
"openwrt-${chipset}-${subtarget}-xiaomi_mi-router-4a-100m-intl-squashfs-*"
|
||||||
)
|
)
|
||||||
|
|
|
@ -12,6 +12,8 @@ CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_tplink_tl-wr841n-v13=y
|
||||||
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tplink_tl-wr841n-v13=""
|
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tplink_tl-wr841n-v13=""
|
||||||
CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=y
|
CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=y
|
||||||
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=""
|
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=""
|
||||||
|
CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m-intl=y
|
||||||
|
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m-intl=""
|
||||||
CONFIG_BUSYBOX_CUSTOM=y
|
CONFIG_BUSYBOX_CUSTOM=y
|
||||||
CONFIG_TARGET_PER_DEVICE_ROOTFS=y
|
CONFIG_TARGET_PER_DEVICE_ROOTFS=y
|
||||||
# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
|
# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
|
||||||
|
|
|
@ -7,9 +7,9 @@ set -o pipefail
|
||||||
builddir=./build
|
builddir=./build
|
||||||
|
|
||||||
# OpenWrt: package hashes correspond to core repo version
|
# OpenWrt: package hashes correspond to core repo version
|
||||||
OPENWRTREV="v23.05.2"
|
OPENWRTREV="v23.05.3"
|
||||||
PACKAGEREV="8e3a1824645f5e73ec44c897ac0755c53fb4a1f8"
|
PACKAGEREV="063b2393cbc3e5aab9d2b40b2911cab1c3967c59"
|
||||||
ROUTINGREV="83ef3784a9092cfd0a900cc28e2ed4e13671d667"
|
ROUTINGREV="648753932d5a7deff7f2bdb33c000018a709ad84"
|
||||||
|
|
||||||
# Gluon packages: master from 2020-02-04
|
# Gluon packages: master from 2020-02-04
|
||||||
GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c"
|
GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c"
|
||||||
|
|
|
@ -82,12 +82,12 @@ babel_reload() {
|
||||||
# switch implementation temporarily
|
# switch implementation temporarily
|
||||||
case $implementation in
|
case $implementation in
|
||||||
bird2)
|
bird2)
|
||||||
/etc/init.d/babeld stop 2>/dev/null
|
[ -f /etc/init.d/babeld ] && /etc/init.d/babeld stop 2>/dev/null
|
||||||
/etc/init.d/fff-bird start
|
[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird start
|
||||||
;;
|
;;
|
||||||
babeld)
|
babeld)
|
||||||
/etc/init.d/fff-bird stop 2>/dev/null
|
[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird stop 2>/dev/null
|
||||||
/etc/init.d/babeld start
|
[ -f /etc/init.d/babeld ] && /etc/init.d/babeld start
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
@ -101,12 +101,12 @@ babel_apply() {
|
||||||
# switch implementation persistently
|
# switch implementation persistently
|
||||||
case $implementation in
|
case $implementation in
|
||||||
bird2)
|
bird2)
|
||||||
/etc/init.d/babeld disable
|
[ -f /etc/init.d/babeld ] && /etc/init.d/babeld disable
|
||||||
/etc/init.d/fff-bird enable
|
[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird enable
|
||||||
;;
|
;;
|
||||||
babeld)
|
babeld)
|
||||||
/etc/init.d/fff-bird disable
|
[ -f /etc/init.d/fff-bird ] && /etc/init.d/fff-bird disable
|
||||||
/etc/init.d/babeld enable
|
[ -f /etc/init.d/babeld ] && /etc/init.d/babeld enable
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@ define Package/fff-extra
|
||||||
TITLE:=Freifunk-Franken gateway configuration
|
TITLE:=Freifunk-Franken gateway configuration
|
||||||
URL:=https://www.freifunk-franken.de
|
URL:=https://www.freifunk-franken.de
|
||||||
DEPENDS:=+bmon \
|
DEPENDS:=+bmon \
|
||||||
|
+ethtool \
|
||||||
+htop \
|
+htop \
|
||||||
+procps-ng \
|
+procps-ng \
|
||||||
+procps-ng-vmstat \
|
+procps-ng-vmstat \
|
||||||
|
|
|
@ -10,7 +10,8 @@ define Package/$(PKG_NAME)
|
||||||
CATEGORY:=Freifunk
|
CATEGORY:=Freifunk
|
||||||
TITLE:=Freifunk-Franken firewall
|
TITLE:=Freifunk-Franken firewall
|
||||||
URL:=https://www.freifunk-franken.de
|
URL:=https://www.freifunk-franken.de
|
||||||
DEPENDS:=+nftables
|
DEPENDS:=+kmod-nft-bridge \
|
||||||
|
+nftables
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/$(PKG_NAME)/description
|
define Package/$(PKG_NAME)/description
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
nft -f /etc/nftables-fff.conf
|
|
@ -7,7 +7,7 @@
|
||||||
BOARD="$(uci get board.model.name)"
|
BOARD="$(uci get board.model.name)"
|
||||||
|
|
||||||
# only migrate appropriate config versions
|
# only migrate appropriate config versions
|
||||||
[ "$(uci -q get gateway.meta.config_version)" = "1" ] || exit 1
|
[ "$(uci -q get gateway.meta.config_version)" = "1" ] || exit 0
|
||||||
|
|
||||||
translate_ports() {
|
translate_ports() {
|
||||||
local vlan="$1"
|
local vlan="$1"
|
||||||
|
@ -77,3 +77,5 @@ esac
|
||||||
|
|
||||||
uci set gateway.meta.config_version='2'
|
uci set gateway.meta.config_version='2'
|
||||||
uci commit gateway
|
uci commit gateway
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
BOARD="$(uci get board.model.name)"
|
BOARD="$(uci get board.model.name)"
|
||||||
|
|
||||||
# only migrate appropriate config versions
|
# only migrate appropriate config versions
|
||||||
[ "$(uci -q get gateway.meta.config_version)" = "2" ] || exit 1
|
[ "$(uci -q get gateway.meta.config_version)" = "2" ] || exit 0
|
||||||
|
|
||||||
translate_ports() {
|
translate_ports() {
|
||||||
local vlan="$1"
|
local vlan="$1"
|
||||||
|
@ -74,3 +74,5 @@ esac
|
||||||
|
|
||||||
uci set gateway.meta.config_version='3'
|
uci set gateway.meta.config_version='3'
|
||||||
uci commit gateway
|
uci commit gateway
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
|
@ -12,7 +12,8 @@ get_cpu_port() {
|
||||||
tplink,tl-wr1043nd-v2|\
|
tplink,tl-wr1043nd-v2|\
|
||||||
tplink,tl-wr1043nd-v3|\
|
tplink,tl-wr1043nd-v3|\
|
||||||
tplink,tl-wr841n-v13|\
|
tplink,tl-wr841n-v13|\
|
||||||
xiaomi,mi-router-4a-100m)
|
xiaomi,mi-router-4a-100m|\
|
||||||
|
xiaomi,mi-router-4a-100m-intl)
|
||||||
CPUPORT="6t"
|
CPUPORT="6t"
|
||||||
;;
|
;;
|
||||||
avm,fritzbox-4040|\
|
avm,fritzbox-4040|\
|
||||||
|
|
|
@ -36,7 +36,8 @@ get_port_order() {
|
||||||
tplink,cpe510-v1)
|
tplink,cpe510-v1)
|
||||||
PORTORDER="5 4"
|
PORTORDER="5 4"
|
||||||
;;
|
;;
|
||||||
xiaomi,mi-router-4a-100m)
|
xiaomi,mi-router-4a-100m|\
|
||||||
|
xiaomi,mi-router-4a-100m-intl)
|
||||||
PORTORDER="0 2 4"
|
PORTORDER="0 2 4"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -48,19 +48,12 @@ for filename in $(grep 'up\|unknown' /sys/class/net/*/operstate); do
|
||||||
|
|
||||||
interface_data=$interface_data"<$iface><name>$iface</name>$addrs<traffic_rx>$traffic_rx</traffic_rx><traffic_tx>$traffic_tx</traffic_tx>"
|
interface_data=$interface_data"<$iface><name>$iface</name>$addrs<traffic_rx>$traffic_rx</traffic_rx><traffic_tx>$traffic_tx</traffic_tx>"
|
||||||
|
|
||||||
interface_data=$interface_data$(iwconfig "${iface}" 2>/dev/null | awk -F':' '
|
|
||||||
/Mode/{ split($2, m, " "); printf "<wlan_mode>"m[1]"</wlan_mode>" }
|
|
||||||
/Cell/{ split($0, c, " "); printf "<wlan_bssid>"c[5]"</wlan_bssid>" }
|
|
||||||
/ESSID/ { split($0, e, "\""); printf "<wlan_essid>"e[2]"</wlan_essid>" }
|
|
||||||
/Freq/{ split($3, f, " "); printf "<wlan_frequency>"f[1]f[2]"</wlan_frequency>" }
|
|
||||||
/Tx-Power/{ split($0, p, "="); sub(/[[:space:]]*$/, "", p[2]); printf "<wlan_tx_power>"p[2]"</wlan_tx_power>" }
|
|
||||||
')
|
|
||||||
|
|
||||||
interface_data=$interface_data$(iw dev "${iface}" info 2>/dev/null | awk '
|
interface_data=$interface_data$(iw dev "${iface}" info 2>/dev/null | awk '
|
||||||
/ssid/{ split($0, s, " "); printf "<wlan_ssid>"s[2]"</wlan_ssid>" }
|
/ssid/{ split($0, s, " "); printf "<wlan_ssid>"s[2]"</wlan_ssid>" }
|
||||||
/type/ { split($0, t, " "); printf "<wlan_type>"t[2]"</wlan_type>" }
|
/type/ { split($0, t, " "); printf "<wlan_type>"t[2]"</wlan_type>" }
|
||||||
/channel/{ split($0, c, " "); printf "<wlan_channel>"c[2]"</wlan_channel>" }
|
/channel/{ split($0, c, " "); printf "<wlan_channel>"c[2]"</wlan_channel>" }
|
||||||
/width/{ split($0, w, ": "); sub(/ .*/, "", w[2]); printf "<wlan_width>"w[2]"</wlan_width>" }
|
/width/{ split($0, w, ": "); sub(/ .*/, "", w[2]); printf "<wlan_width>"w[2]"</wlan_width>" }
|
||||||
|
/txpower/{ sub(/\.../, "", $2); print "<wlan_tx_power>"$2" dBm</wlan_tx_power>" }
|
||||||
')
|
')
|
||||||
|
|
||||||
interface_data=$interface_data"</$iface>"
|
interface_data=$interface_data"</$iface>"
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
. /lib/functions/fff/network
|
||||||
|
|
||||||
|
WANDEV=eth0
|
||||||
|
SWITCHDEV=eth0
|
||||||
|
CLIENT_PORTS="6t 4"
|
||||||
|
WAN_PORTS="6t 0"
|
||||||
|
BATMAN_PORTS="6t 2"
|
|
@ -4,7 +4,7 @@ table bridge filter {
|
||||||
# vom Gateway (also vom BATMAN) kommen darf.
|
# vom Gateway (also vom BATMAN) kommen darf.
|
||||||
chain IN_ONLY {
|
chain IN_ONLY {
|
||||||
# -i ! bat0 --logical-in br-client -j DROP
|
# -i ! bat0 --logical-in br-client -j DROP
|
||||||
iifname != "bat0" counter drop
|
iifname != "bat0" ibrname "br-client" counter drop
|
||||||
counter
|
counter
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@ table bridge filter {
|
||||||
# in Richtung Gateway (also ins BATMAN) gesendet werden darf.
|
# in Richtung Gateway (also ins BATMAN) gesendet werden darf.
|
||||||
chain OUT_ONLY {
|
chain OUT_ONLY {
|
||||||
# --logical-out br-client -o ! bat0 -j DROP
|
# --logical-out br-client -o ! bat0 -j DROP
|
||||||
oifname != "bat0" counter drop
|
oifname != "bat0" obrname "br-client" counter drop
|
||||||
counter
|
counter
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -24,21 +24,21 @@ table bridge filter {
|
||||||
type filter hook input priority filter; policy accept;
|
type filter hook input priority filter; policy accept;
|
||||||
|
|
||||||
# -d Multicast -i ! bat0 --logical-in br-client -j ACCEPT
|
# -d Multicast -i ! bat0 --logical-in br-client -j ACCEPT
|
||||||
iifname != "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter packets 0 bytes 0 accept
|
iifname != "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 ibrname "br-client" counter packets 0 bytes 0 accept
|
||||||
}
|
}
|
||||||
|
|
||||||
chain FORWARD {
|
chain FORWARD {
|
||||||
type filter hook forward priority filter; policy accept;
|
type filter hook forward priority filter; policy accept;
|
||||||
|
|
||||||
# -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
|
# -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
|
||||||
oifname "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter packets 0 bytes 0 jump MULTICAST_OUT
|
oifname "bat0" obrname "br-client" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter packets 0 bytes 0 jump MULTICAST_OUT
|
||||||
}
|
}
|
||||||
|
|
||||||
chain OUTPUT {
|
chain OUTPUT {
|
||||||
type filter hook output priority filter; policy accept;
|
type filter hook output priority filter; policy accept;
|
||||||
|
|
||||||
# -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
|
# -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
|
||||||
oifname "bat0" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter jump MULTICAST_OUT
|
oifname "bat0" obrname "br-client" ether daddr & 01:00:00:00:00:00 == 01:00:00:00:00:00 counter jump MULTICAST_OUT
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
__EOF
|
__EOF
|
||||||
|
|
|
@ -4,27 +4,27 @@ table bridge filter {
|
||||||
# No input from/to local node ip from batman
|
# No input from/to local node ip from batman
|
||||||
|
|
||||||
# -p IPv6 -i bat0 --logical-in br-client --ip6-src fdff::1 -j DROP
|
# -p IPv6 -i bat0 --logical-in br-client --ip6-src fdff::1 -j DROP
|
||||||
iifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
|
iifname "bat0" ibrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
|
||||||
# -p IPv6 -i bat0 --logical-in br-client --ip6-dst fdff::1 -j DROP
|
# -p IPv6 -i bat0 --logical-in br-client --ip6-dst fdff::1 -j DROP
|
||||||
iifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
|
iifname "bat0" ibrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
|
||||||
}
|
}
|
||||||
|
|
||||||
chain FORWARD {
|
chain FORWARD {
|
||||||
# Do not forward local node ip
|
# Do not forward local node ip
|
||||||
|
|
||||||
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
|
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
|
||||||
oifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
|
oifname "bat0" obrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
|
||||||
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
|
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
|
||||||
oifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
|
oifname "bat0" obrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
|
||||||
}
|
}
|
||||||
|
|
||||||
chain OUTPUT {
|
chain OUTPUT {
|
||||||
# Do not output local node ip to batman
|
# Do not output local node ip to batman
|
||||||
|
|
||||||
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
|
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
|
||||||
oifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
|
oifname "bat0" obrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
|
||||||
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
|
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
|
||||||
oifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
|
oifname "bat0" obrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
__EOF
|
__EOF
|
||||||
|
|
|
@ -4,8 +4,6 @@
|
||||||
START=96
|
START=96
|
||||||
boot() {
|
boot() {
|
||||||
LOCALCONFIGSCRIPT="/etc/rc.local.fff_userconfig"
|
LOCALCONFIGSCRIPT="/etc/rc.local.fff_userconfig"
|
||||||
#add LOCALCONFIGSCRIPT to sysupgrade regardless if it already exists or not to prevent data loss
|
|
||||||
grep -q ^"${LOCALCONFIGSCRIPT}"$ /etc/sysupgrade.conf || echo "$LOCALCONFIGSCRIPT" >> /etc/sysupgrade.conf
|
|
||||||
|
|
||||||
# process user commands
|
# process user commands
|
||||||
[ -f "${LOCALCONFIGSCRIPT}" ] && {
|
[ -f "${LOCALCONFIGSCRIPT}" ] && {
|
||||||
|
|
|
@ -12,6 +12,8 @@ cat > /etc/sysupgrade.conf <<-__EOF__
|
||||||
/etc/config/fff
|
/etc/config/fff
|
||||||
/etc/config/gateway
|
/etc/config/gateway
|
||||||
/etc/hoodfile
|
/etc/hoodfile
|
||||||
|
/etc/nftables-fff.conf
|
||||||
|
/etc/rc.local.fff_userconfig
|
||||||
__EOF__
|
__EOF__
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/sh /etc/rc.common
|
||||||
|
|
||||||
|
START=99
|
||||||
|
|
||||||
|
boot() {
|
||||||
|
# first we disable the init.d
|
||||||
|
/etc/init.d/fff-wireless-update disable
|
||||||
|
# we must delete the symlink manually
|
||||||
|
rm -f /etc/rc.d/S99fff-wireless-update
|
||||||
|
|
||||||
|
# Starting with OpenWrt 23.05, reload_config does not
|
||||||
|
# properly start the wifi access point on some devices.
|
||||||
|
# This seems to be an issue with the reloading of hostapd,
|
||||||
|
# which throws errors, but does not restart hostapd.
|
||||||
|
# see https://git.freifunk-franken.de/freifunk-franken/firmware/issues/319
|
||||||
|
#
|
||||||
|
# workaround: manually restart wifi completely
|
||||||
|
# after any automatic post-update configuration (fff-layer3-config, ...)
|
||||||
|
sleep 20
|
||||||
|
wifi
|
||||||
|
}
|
Loading…
Reference in New Issue