From 998cb86d48c0ee8b61d35b0f94937732cf245da7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20L=C3=BCssing?= Date: Sat, 31 Mar 2018 19:12:43 +0200 Subject: [PATCH 01/36] gluon-ebtables-limit-arp: do not add multicast addresses to filter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With the batman-adv multicast support compiled back in again we end up with multicast addresses in the batman-adv translation table. Currently we wrongly interpret multicast addresses returned by TT as a unique host, too, which adds them with a source address filter to ebtables as well. However, the source address of an ethernet frames is never supposed to be a multicat one. This leads to unnecessary entries in ebtables. Fixing this by ignoring those MAC addreses returned by TT which have the multicast bit set. Signed-off-by: Linus Lüssing --- package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c | 3 +++ package/gluon-ebtables-limit-arp/src/mac.h | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c index af4acf48..cbb6faf2 100644 --- a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c +++ b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c @@ -248,6 +248,9 @@ static void ebt_tl_update(void) break; } + if (mac_is_multicast(&mac)) + continue; + ebt_add_mac(&mac); } diff --git a/package/gluon-ebtables-limit-arp/src/mac.h b/package/gluon-ebtables-limit-arp/src/mac.h index e6191736..11567ade 100644 --- a/package/gluon-ebtables-limit-arp/src/mac.h +++ b/package/gluon-ebtables-limit-arp/src/mac.h @@ -16,4 +16,9 @@ struct mac_addr { int mac_aton(const char *cp, struct mac_addr *mac); char *mac_ntoa(struct mac_addr *mac); +static inline int mac_is_multicast(struct mac_addr *addr) +{ + return addr->storage[0] & 0x01; +} + #endif /* _MAC_H_ */ From 7a1c70737858605a2811375aef64ffa7702b603c Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 1 Apr 2018 23:18:22 +0200 Subject: [PATCH 02/36] scripts/check_site.lua: print proper error message for non-string keys in need_alphanumeric_key() --- scripts/check_site.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/check_site.lua b/scripts/check_site.lua index b5bcd5f2..b268e0b3 100644 --- a/scripts/check_site.lua +++ b/scripts/check_site.lua @@ -217,8 +217,8 @@ end function need_alphanumeric_key(path) local val = path[#path] -- We don't use character classes like %w here to be independent of the locale - if not val:match('^[0-9a-zA-Z_]+$') then - var_error(path, val, 'have a key using only alphanumeric characters and underscores') + if type(val) ~= 'string' or not val:match('^[0-9a-zA-Z_]+$') then + var_error(path, val, 'have a string key using only alphanumeric characters and underscores') end end From f226bb8d06e67a599a2141bc1565594d6cf6bcac Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 1 Apr 2018 23:21:18 +0200 Subject: [PATCH 03/36] scripts/check_site.lua: show type of incorrect values in error messages --- scripts/check_site.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/check_site.lua b/scripts/check_site.lua index b268e0b3..3fca6a8c 100644 --- a/scripts/check_site.lua +++ b/scripts/check_site.lua @@ -108,7 +108,7 @@ local function var_error(path, val, msg) src = site_src() end - config_error(src, 'expected %s to %s, but it is %s', path_to_string(path), msg, tostring(val)) + config_error(src, 'expected %s to %s, but it is %s (a %s value)', path_to_string(path), msg, tostring(val), type(val)) end From 7581e007547db103ab5838446a3a668dfc80b7c6 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 7 Apr 2018 21:55:13 +0200 Subject: [PATCH 04/36] modules: update Gluon packages 878f83eb741f batman-adv-legacy: update to latest git Fixes #1358 --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 83fa1cb2..5a7404c3 100644 --- a/modules +++ b/modules @@ -9,7 +9,7 @@ PACKAGES_OPENWRT_BRANCH=lede-17.01 PACKAGES_OPENWRT_COMMIT=82ef2fd773987a72678a32b862f50085c3f57d56 PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git -PACKAGES_GLUON_COMMIT=9bf34bebc5459565735c1d1f1b5f4925ab674f4d +PACKAGES_GLUON_COMMIT=878f83eb741fd64d33b0c522258b8dda88d0209a PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git PACKAGES_ROUTING_COMMIT=3aaa772ef520e5e02ddd6a3eecf67a81fad726f5 From 2327ea4802876283f37190af83dbba1b0d265a59 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 7 Apr 2018 22:01:13 +0200 Subject: [PATCH 05/36] modules: update Gluon packages e1d11c9393d2 batman-adv-legacy: update source date --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 5a7404c3..11f8f1da 100644 --- a/modules +++ b/modules @@ -9,7 +9,7 @@ PACKAGES_OPENWRT_BRANCH=lede-17.01 PACKAGES_OPENWRT_COMMIT=82ef2fd773987a72678a32b862f50085c3f57d56 PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git -PACKAGES_GLUON_COMMIT=878f83eb741fd64d33b0c522258b8dda88d0209a +PACKAGES_GLUON_COMMIT=e1d11c9393d270593b8dc20d979f8c72bde38bb5 PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git PACKAGES_ROUTING_COMMIT=3aaa772ef520e5e02ddd6a3eecf67a81fad726f5 From 1d5f7976c6e5fc151ca2c58113a0662b4bf45cc8 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 10 Apr 2018 13:09:25 +0200 Subject: [PATCH 06/36] modules: update Gluon packages 61c7aac8ef87 simple-tc: conditionalize kmod dependencies 73d9ff871b90 ebtables-tiny: introduce stripped-down ebtables variant --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 11f8f1da..53636e3b 100644 --- a/modules +++ b/modules @@ -9,7 +9,7 @@ PACKAGES_OPENWRT_BRANCH=lede-17.01 PACKAGES_OPENWRT_COMMIT=82ef2fd773987a72678a32b862f50085c3f57d56 PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git -PACKAGES_GLUON_COMMIT=e1d11c9393d270593b8dc20d979f8c72bde38bb5 +PACKAGES_GLUON_COMMIT=61c7aac8ef87300a30198778496226ff3d021701 PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git PACKAGES_ROUTING_COMMIT=3aaa772ef520e5e02ddd6a3eecf67a81fad726f5 From 33be24c809eb5959c15d883635358320506e843d Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 10 Apr 2018 19:12:14 +0200 Subject: [PATCH 07/36] modules: update LEDE 6577fe2198f5 ar71xx: sysupgrade: improve CPE/WBS 210/510 validation, add new metadata offset afca23558a2f kernel: backport commit reverting genirq patch causing regressions ba502a49a7e4 intel-microcode: update to 20180312 5a9b101543ed brcm47xx: add Luxul XAP-1500 and XWR-1750 WiFi LEDs fe3db683f943 mac80211: brcmfmac: add support for BCM4366E chipset 3ca1438ae0f7 mbedtls: update to version 2.7.2 c4b382934836 openssl: update to 1.0.2o bed0ee7cbfaa Kernel: bump 4.4 to 4.4.124 for 17.01 fad29d2c3dea mac80211: brcmfmac: backport commit dropping IAPP packets by default --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 53636e3b..227fb1e7 100644 --- a/modules +++ b/modules @@ -2,7 +2,7 @@ GLUON_FEEDS='openwrt gluon routing luci' LEDE_REPO=https://git.lede-project.org/openwrt/openwrt.git LEDE_BRANCH=lede-17.01 -LEDE_COMMIT=60f8d388c69e0faddbf1c3033cdcb74b38fe3694 +LEDE_COMMIT=6577fe2198f5c75acb1dba789941d96a036f4dae PACKAGES_OPENWRT_REPO=https://github.com/openwrt/packages.git PACKAGES_OPENWRT_BRANCH=lede-17.01 From bdd0174242453da863c7ae4434b3c9dd2f3356d1 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 10 Apr 2018 19:15:49 +0200 Subject: [PATCH 08/36] Update LEDE patches --- .../0038-ar71xx-add-support-for-TP-Link-Archer-C25-v1.patch | 4 ++-- .../0044-ar71xx-add-support-for-TP-Link-TL-WR1043N-v5.patch | 4 ++-- .../0045-ar71xx-add-support-for-TP-LINK-Archer-C7-v4.patch | 4 ++-- ...ar71xx-add-support-to-TP-Link-Archer-C59v1-and-C60v1.patch | 4 ++-- .../0051-ar71xx-add-support-for-TP-Link-Archer-C58-v1.patch | 4 ++-- .../0060-ar71xx-add-unaligned-access-hacks-for-VXLAN.patch | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/patches/lede/0038-ar71xx-add-support-for-TP-Link-Archer-C25-v1.patch b/patches/lede/0038-ar71xx-add-support-for-TP-Link-Archer-C25-v1.patch index 005d8df4..0aea6cf6 100644 --- a/patches/lede/0038-ar71xx-add-support-for-TP-Link-Archer-C25-v1.patch +++ b/patches/lede/0038-ar71xx-add-support-for-TP-Link-Archer-C25-v1.patch @@ -90,10 +90,10 @@ index 170c6f01b4310c4d6c261e9ba97af8786b21c93b..fc7d862c2911e96f76622cbed23e9986 name="archer-c5" ;; diff --git a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -index 21ad2a617db2fe4ff5801aba3a7fae5ba103570a..e65f6e2f7594ba373fbc9a26620859b9005c8532 100755 +index d2dc88127c02746cdecc4ced28f33548f35d037c..6258713dd0e3325ab109689f0ed3b51e27c41f89 100755 --- a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh +++ b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -@@ -206,6 +206,7 @@ platform_check_image() { +@@ -214,6 +214,7 @@ platform_check_image() { ap121f|\ ap132|\ ap90q|\ diff --git a/patches/lede/0044-ar71xx-add-support-for-TP-Link-TL-WR1043N-v5.patch b/patches/lede/0044-ar71xx-add-support-for-TP-Link-TL-WR1043N-v5.patch index 3a925362..af983e74 100644 --- a/patches/lede/0044-ar71xx-add-support-for-TP-Link-TL-WR1043N-v5.patch +++ b/patches/lede/0044-ar71xx-add-support-for-TP-Link-TL-WR1043N-v5.patch @@ -96,10 +96,10 @@ index fc7d862c2911e96f76622cbed23e99863814da63..8f8158bac8a28db4f4f15ce5c37f48a2 name="tl-wr2543n" ;; diff --git a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -index e65f6e2f7594ba373fbc9a26620859b9005c8532..e748a2559cdb3a0ca6618429b0f613a656e39388 100755 +index 6258713dd0e3325ab109689f0ed3b51e27c41f89..774e3c8964ef724d1efbae56434aeaa9f1c298a4 100755 --- a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh +++ b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -@@ -261,6 +261,7 @@ platform_check_image() { +@@ -269,6 +269,7 @@ platform_check_image() { tew-712br|\ tew-732br|\ tew-823dru|\ diff --git a/patches/lede/0045-ar71xx-add-support-for-TP-LINK-Archer-C7-v4.patch b/patches/lede/0045-ar71xx-add-support-for-TP-LINK-Archer-C7-v4.patch index 3d7a8ac0..85b54728 100644 --- a/patches/lede/0045-ar71xx-add-support-for-TP-LINK-Archer-C7-v4.patch +++ b/patches/lede/0045-ar71xx-add-support-for-TP-LINK-Archer-C7-v4.patch @@ -118,10 +118,10 @@ index 8f8158bac8a28db4f4f15ce5c37f48a21084dc03..c32894d95b6b09b4b8b59ba64057c23e name="archer-c7" ;; diff --git a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -index e748a2559cdb3a0ca6618429b0f613a656e39388..d414af969912894574e73e286ed5a3998532d34e 100755 +index 774e3c8964ef724d1efbae56434aeaa9f1c298a4..d6650e7719d268e1a500638b7eda2e15b9251aea 100755 --- a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh +++ b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -@@ -207,6 +207,7 @@ platform_check_image() { +@@ -215,6 +215,7 @@ platform_check_image() { ap132|\ ap90q|\ archer-c25-v1|\ diff --git a/patches/lede/0049-ar71xx-add-support-to-TP-Link-Archer-C59v1-and-C60v1.patch b/patches/lede/0049-ar71xx-add-support-to-TP-Link-Archer-C59v1-and-C60v1.patch index 84a89add..4e9db3a5 100644 --- a/patches/lede/0049-ar71xx-add-support-to-TP-Link-Archer-C59v1-and-C60v1.patch +++ b/patches/lede/0049-ar71xx-add-support-to-TP-Link-Archer-C59v1-and-C60v1.patch @@ -143,10 +143,10 @@ index c32894d95b6b09b4b8b59ba64057c23e71b9f656..d8e23d97e2cc20f8ba7b3b2fc516ce39 name="archer-c7" ;; diff --git a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -index d414af969912894574e73e286ed5a3998532d34e..31b293ca3c07d2f26ff96037fab5a51bbe9e834c 100755 +index d6650e7719d268e1a500638b7eda2e15b9251aea..f4ac73e40e1acb800433a0b1348c8264a4639c30 100755 --- a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh +++ b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -@@ -208,6 +208,8 @@ platform_check_image() { +@@ -216,6 +216,8 @@ platform_check_image() { ap90q|\ archer-c25-v1|\ archer-c7-v4|\ diff --git a/patches/lede/0051-ar71xx-add-support-for-TP-Link-Archer-C58-v1.patch b/patches/lede/0051-ar71xx-add-support-for-TP-Link-Archer-C58-v1.patch index 9953b0e8..222e0050 100644 --- a/patches/lede/0051-ar71xx-add-support-for-TP-Link-Archer-C58-v1.patch +++ b/patches/lede/0051-ar71xx-add-support-for-TP-Link-Archer-C58-v1.patch @@ -144,10 +144,10 @@ index d8e23d97e2cc20f8ba7b3b2fc516ce398c43a19b..59ede17653bbb1994ce9fa734c86c877 name="archer-c59-v1" ;; diff --git a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -index 31b293ca3c07d2f26ff96037fab5a51bbe9e834c..4a586ca523dcd65d0abbbab14e979f6f1bfee34e 100755 +index f4ac73e40e1acb800433a0b1348c8264a4639c30..5e8a06a7ae70ec349693c09deedbfce41a52cfc2 100755 --- a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh +++ b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh -@@ -208,6 +208,7 @@ platform_check_image() { +@@ -216,6 +216,7 @@ platform_check_image() { ap90q|\ archer-c25-v1|\ archer-c7-v4|\ diff --git a/patches/lede/0060-ar71xx-add-unaligned-access-hacks-for-VXLAN.patch b/patches/lede/0060-ar71xx-add-unaligned-access-hacks-for-VXLAN.patch index 0c2e6c13..0300e553 100644 --- a/patches/lede/0060-ar71xx-add-unaligned-access-hacks-for-VXLAN.patch +++ b/patches/lede/0060-ar71xx-add-unaligned-access-hacks-for-VXLAN.patch @@ -5,7 +5,7 @@ Subject: ar71xx: add unaligned access hacks for VXLAN Signed-off-by: Matthias Schiffer diff --git a/target/linux/ar71xx/patches-4.4/910-unaligned_access_hacks.patch b/target/linux/ar71xx/patches-4.4/910-unaligned_access_hacks.patch -index 72d964df639ba2a91071fbdc893bf500ece51a48..19b1d6fc7fc8af37515fe4b5f188e856441a2436 100644 +index 7858abc64b46c8ba8aaa4174616ab7dc2974e2e8..1b24ae01c62b6ff2a079e9a884952e1a9736a049 100644 --- a/target/linux/ar71xx/patches-4.4/910-unaligned_access_hacks.patch +++ b/target/linux/ar71xx/patches-4.4/910-unaligned_access_hacks.patch @@ -929,3 +929,119 @@ From 0bae1e231cc270063ee0ffbf8d3e4b864fec3e54 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 10 Apr 2018 20:25:38 +0200 Subject: [PATCH 09/36] generic: do not attempt to build kmod-usbip kmod-usbip is broken since the last kernel update. --- targets/generic | 2 ++ 1 file changed, 2 insertions(+) diff --git a/targets/generic b/targets/generic index 31569a25..37c16be0 100644 --- a/targets/generic +++ b/targets/generic @@ -16,6 +16,8 @@ config '# CONFIG_TARGET_ROOTFS_INITRAMFS is not set' config 'CONFIG_ALL_NONSHARED=y' +config '# CONFIG_PACKAGE_usbip is not set' # fails to build + config 'CONFIG_BUSYBOX_CUSTOM=y' config '# CONFIG_BUSYBOX_CONFIG_FEATURE_PREFER_IPV4_ADDRESS is not set' From 7f12529ba71b7bc9ee7ebc5326ab4aae4e44c47f Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 11 Apr 2018 07:33:20 +0200 Subject: [PATCH 10/36] gluon-core: reduce mac80211 fq_codel memory limit to 256KB on devices with 32MB RAM --- .../etc/hotplug.d/ieee80211/01-gluon-core-codel-memusage | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/gluon-core/files/etc/hotplug.d/ieee80211/01-gluon-core-codel-memusage b/package/gluon-core/files/etc/hotplug.d/ieee80211/01-gluon-core-codel-memusage index cf0f1740..07da10c9 100755 --- a/package/gluon-core/files/etc/hotplug.d/ieee80211/01-gluon-core-codel-memusage +++ b/package/gluon-core/files/etc/hotplug.d/ieee80211/01-gluon-core-codel-memusage @@ -1,8 +1,8 @@ #!/bin/sh -if [ "${ACTION}" = "add" ]; then +if [ "${ACTION}" = 'add' ]; then RAM=$(awk '/MemTotal/ {print $2}' /proc/meminfo) - if [ "$RAM" -lt $((48*1024)) ]; then - echo "fq_memory_limit 1048576" > "/sys/kernel/debug/ieee80211/$DEVICENAME/aqm" + if [ "$RAM" -le $((32*1024)) ]; then + echo 'fq_memory_limit 262144' > "/sys/kernel/debug/ieee80211/$DEVICENAME/aqm" fi fi From e3bc881614d6034162faa788710b0d88932207cc Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 13 Apr 2018 12:09:40 +0200 Subject: [PATCH 11/36] Backport patches for improved sysctl handling --- ...e-etc-uci-defaults-11_migrate-sysctl.patch | 31 ++++ ...-etc-sysctl.d-before-etc-sysctl.conf.patch | 35 ++++ ...ults-to-etc-sysctl.d-10-default.conf.patch | 89 +++++++++ ...l-defaults-to-specific-kmod-packages.patch | 98 ++++++++++ ...s-remove-etc-sysctl.d-from-conffiles.patch | 32 ++++ ...-kernel-disable-accept_ra-by-default.patch | 170 ++++++++++++++++++ 6 files changed, 455 insertions(+) create mode 100644 patches/lede/0068-base-files-remove-etc-uci-defaults-11_migrate-sysctl.patch create mode 100644 patches/lede/0069-base-files-evaluate-etc-sysctl.d-before-etc-sysctl.conf.patch create mode 100644 patches/lede/0070-base-files-move-sysctl-defaults-to-etc-sysctl.d-10-default.conf.patch create mode 100644 patches/lede/0071-base-files-move-netfilter-sysctl-defaults-to-specific-kmod-packages.patch create mode 100644 patches/lede/0072-base-files-remove-etc-sysctl.d-from-conffiles.patch create mode 100644 patches/lede/0073-kernel-disable-accept_ra-by-default.patch diff --git a/patches/lede/0068-base-files-remove-etc-uci-defaults-11_migrate-sysctl.patch b/patches/lede/0068-base-files-remove-etc-uci-defaults-11_migrate-sysctl.patch new file mode 100644 index 00000000..404f24ee --- /dev/null +++ b/patches/lede/0068-base-files-remove-etc-uci-defaults-11_migrate-sysctl.patch @@ -0,0 +1,31 @@ +From: Matthias Schiffer +Date: Thu, 12 Apr 2018 17:30:16 +0200 +Subject: base-files: remove /etc/uci-defaults/11_migrate-sysctl + +11_migrate-sysctl has not been updated with new file hashes since 2012. +Let's get rid of it. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/base-files/files/etc/uci-defaults/11_migrate-sysctl b/package/base-files/files/etc/uci-defaults/11_migrate-sysctl +deleted file mode 100644 +index 464e275779ceec1d99a7323b6cbf7901aaa9fbb4..0000000000000000000000000000000000000000 +--- a/package/base-files/files/etc/uci-defaults/11_migrate-sysctl ++++ /dev/null +@@ -1,16 +0,0 @@ +-#!/bin/sh +- +-if [ ! -f "/rom/etc/sysctl.conf" ] || cmp -s "/rom/etc/sysctl.conf" "/etc/sysctl.conf"; then +- exit 0 +-fi +- +-fingerprint="$(md5sum /etc/sysctl.conf)" +-fingerprint="${fingerprint%% *}" +- +-if [ "$fingerprint" = "1b05ebb41f72cb84e5510573cd4aca26" ] || \ +- [ "$fingerprint" = "62deb895be1a7f496040187b7c930e4e" ]; then +- logger -t migrate-sysctl "Updating sysctl.conf to use current defaults" +- cp "/rom/etc/sysctl.conf" "/etc/sysctl.conf" +-fi +- +-exit 0 diff --git a/patches/lede/0069-base-files-evaluate-etc-sysctl.d-before-etc-sysctl.conf.patch b/patches/lede/0069-base-files-evaluate-etc-sysctl.d-before-etc-sysctl.conf.patch new file mode 100644 index 00000000..54fd291f --- /dev/null +++ b/patches/lede/0069-base-files-evaluate-etc-sysctl.d-before-etc-sysctl.conf.patch @@ -0,0 +1,35 @@ +From: Matthias Schiffer +Date: Thu, 12 Apr 2018 17:33:51 +0200 +Subject: base-files: evaluate /etc/sysctl.d/* before /etc/sysctl.conf + +We can use /etc/sysctl.d/* for package-supplied sysctl snippets, giving +admins the option to use /etc/sysctl.conf to override settings. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/base-files/files/etc/hotplug.d/net/00-sysctl b/package/base-files/files/etc/hotplug.d/net/00-sysctl +index 7a71652c44f8bd1fb9f2e5643e7baa5d5d76c369..8abe7f8bbd698dc58716b770fe8bc7f8bd475b58 100644 +--- a/package/base-files/files/etc/hotplug.d/net/00-sysctl ++++ b/package/base-files/files/etc/hotplug.d/net/00-sysctl +@@ -1,7 +1,7 @@ + #!/bin/sh + + if [ "$ACTION" = add ]; then +- for CONF in /etc/sysctl.conf /etc/sysctl.d/*.conf; do ++ for CONF in /etc/sysctl.d/*.conf /etc/sysctl.conf; do + [ ! -f "$CONF" ] && continue; + sed -ne "/^[[:space:]]*net\..*\.$DEVICENAME\./p" "$CONF" | \ + sysctl -e -p - | logger -t sysctl +diff --git a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl +index 65e6aa99250d09a3ccd9d023cb8f8205be86eee8..8722126a6612d67a3f615166a7fbec146207e97f 100755 +--- a/package/base-files/files/etc/init.d/sysctl ++++ b/package/base-files/files/etc/init.d/sysctl +@@ -30,7 +30,7 @@ apply_defaults() { + + start() { + apply_defaults +- for CONF in /etc/sysctl.conf /etc/sysctl.d/*.conf; do ++ for CONF in /etc/sysctl.d/*.conf /etc/sysctl.conf; do + [ -f "$CONF" ] && sysctl -p "$CONF" -e >&- + done + } diff --git a/patches/lede/0070-base-files-move-sysctl-defaults-to-etc-sysctl.d-10-default.conf.patch b/patches/lede/0070-base-files-move-sysctl-defaults-to-etc-sysctl.d-10-default.conf.patch new file mode 100644 index 00000000..545528cb --- /dev/null +++ b/patches/lede/0070-base-files-move-sysctl-defaults-to-etc-sysctl.d-10-default.conf.patch @@ -0,0 +1,89 @@ +From: Matthias Schiffer +Date: Thu, 12 Apr 2018 17:37:29 +0200 +Subject: base-files: move sysctl defaults to /etc/sysctl.d/10-default.conf + +Signed-off-by: Matthias Schiffer + +diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf +index 91a3ac9a02d4344cf8c4c8f93a36193120fc4b95..ae04212f420b185ce525dae444b563128ddf0e11 100644 +--- a/package/base-files/files/etc/sysctl.conf ++++ b/package/base-files/files/etc/sysctl.conf +@@ -1,30 +1 @@ +-kernel.panic=3 +-kernel.core_pattern=/tmp/%e.%t.%p.%s.core +- +-net.ipv4.conf.default.arp_ignore=1 +-net.ipv4.conf.all.arp_ignore=1 +-net.ipv4.ip_forward=1 +-net.ipv4.icmp_echo_ignore_broadcasts=1 +-net.ipv4.icmp_ignore_bogus_error_responses=1 +-net.ipv4.igmp_max_memberships=100 +-net.ipv4.tcp_fin_timeout=30 +-net.ipv4.tcp_keepalive_time=120 +-net.ipv4.tcp_syncookies=1 +-net.ipv4.tcp_timestamps=1 +-net.ipv4.tcp_sack=1 +-net.ipv4.tcp_dsack=1 +- +-net.ipv6.conf.default.forwarding=1 +-net.ipv6.conf.all.forwarding=1 +- +-net.netfilter.nf_conntrack_acct=1 +-net.netfilter.nf_conntrack_checksum=0 +-net.netfilter.nf_conntrack_max=16384 +-net.netfilter.nf_conntrack_tcp_timeout_established=7440 +-net.netfilter.nf_conntrack_udp_timeout=60 +-net.netfilter.nf_conntrack_udp_timeout_stream=180 +- +-# disable bridge firewalling by default +-net.bridge.bridge-nf-call-arptables=0 +-net.bridge.bridge-nf-call-ip6tables=0 +-net.bridge.bridge-nf-call-iptables=0 ++# Defaults are configured in /etc/sysctl.d/* and can be customized in this file +diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf +new file mode 100644 +index 0000000000000000000000000000000000000000..7c3344dba339514c023c3b13c592e9ce9ca1ff55 +--- /dev/null ++++ b/package/base-files/files/etc/sysctl.d/10-default.conf +@@ -0,0 +1,34 @@ ++# Do not edit, changes to this file will be lost on upgrades ++# /etc/sysctl.conf can be used to customize sysctl settings ++ ++kernel.panic=3 ++kernel.core_pattern=/tmp/%e.%t.%p.%s.core ++fs.suid_dumpable=2 ++ ++net.ipv4.conf.default.arp_ignore=1 ++net.ipv4.conf.all.arp_ignore=1 ++net.ipv4.ip_forward=1 ++net.ipv4.icmp_echo_ignore_broadcasts=1 ++net.ipv4.icmp_ignore_bogus_error_responses=1 ++net.ipv4.igmp_max_memberships=100 ++net.ipv4.tcp_fin_timeout=30 ++net.ipv4.tcp_keepalive_time=120 ++net.ipv4.tcp_syncookies=1 ++net.ipv4.tcp_timestamps=1 ++net.ipv4.tcp_sack=1 ++net.ipv4.tcp_dsack=1 ++ ++net.ipv6.conf.default.forwarding=1 ++net.ipv6.conf.all.forwarding=1 ++ ++net.netfilter.nf_conntrack_acct=1 ++net.netfilter.nf_conntrack_checksum=0 ++net.netfilter.nf_conntrack_max=16384 ++net.netfilter.nf_conntrack_tcp_timeout_established=7440 ++net.netfilter.nf_conntrack_udp_timeout=60 ++net.netfilter.nf_conntrack_udp_timeout_stream=180 ++ ++# disable bridge firewalling by default ++net.bridge.bridge-nf-call-arptables=0 ++net.bridge.bridge-nf-call-ip6tables=0 ++net.bridge.bridge-nf-call-iptables=0 +diff --git a/package/base-files/files/etc/sysctl.d/local.conf b/package/base-files/files/etc/sysctl.d/local.conf +deleted file mode 100644 +index 891da73df8d61e0c47069d4c6c8cc090f693c0b2..0000000000000000000000000000000000000000 +--- a/package/base-files/files/etc/sysctl.d/local.conf ++++ /dev/null +@@ -1 +0,0 @@ +-# local sysctl settings can be stored in this directory diff --git a/patches/lede/0071-base-files-move-netfilter-sysctl-defaults-to-specific-kmod-packages.patch b/patches/lede/0071-base-files-move-netfilter-sysctl-defaults-to-specific-kmod-packages.patch new file mode 100644 index 00000000..d75be503 --- /dev/null +++ b/patches/lede/0071-base-files-move-netfilter-sysctl-defaults-to-specific-kmod-packages.patch @@ -0,0 +1,98 @@ +From: Matthias Schiffer +Date: Thu, 12 Apr 2018 17:57:44 +0200 +Subject: base-files: move netfilter sysctl defaults to specific kmod packages + +Avoid warnings when applying settings for uninstalled kmods. See also +FS#1073. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/base-files/Makefile b/package/base-files/Makefile +index 685e3c4061528e2b28054cce53258889b48c05b2..6ae4b9262e369f5e93f59133d1c0b61a0d6c2224 100644 +--- a/package/base-files/Makefile ++++ b/package/base-files/Makefile +@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk + include $(INCLUDE_DIR)/version.mk + + PKG_NAME:=base-files +-PKG_RELEASE:=173.5 ++PKG_RELEASE:=173.5.1 + PKG_FLAGS:=nonshared + + PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ +diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf +index 7c3344dba339514c023c3b13c592e9ce9ca1ff55..98867b7c7ba1d1ce181f721cdfd17517069fcdf2 100644 +--- a/package/base-files/files/etc/sysctl.d/10-default.conf ++++ b/package/base-files/files/etc/sysctl.d/10-default.conf +@@ -20,15 +20,3 @@ net.ipv4.tcp_dsack=1 + + net.ipv6.conf.default.forwarding=1 + net.ipv6.conf.all.forwarding=1 +- +-net.netfilter.nf_conntrack_acct=1 +-net.netfilter.nf_conntrack_checksum=0 +-net.netfilter.nf_conntrack_max=16384 +-net.netfilter.nf_conntrack_tcp_timeout_established=7440 +-net.netfilter.nf_conntrack_udp_timeout=60 +-net.netfilter.nf_conntrack_udp_timeout_stream=180 +- +-# disable bridge firewalling by default +-net.bridge.bridge-nf-call-arptables=0 +-net.bridge.bridge-nf-call-ip6tables=0 +-net.bridge.bridge-nf-call-iptables=0 +diff --git a/package/kernel/linux/files/sysctl-br-netfilter.conf b/package/kernel/linux/files/sysctl-br-netfilter.conf +new file mode 100644 +index 0000000000000000000000000000000000000000..b10ddc0874b6d393458e646e396716bd67b6b381 +--- /dev/null ++++ b/package/kernel/linux/files/sysctl-br-netfilter.conf +@@ -0,0 +1,7 @@ ++# Do not edit, changes to this file will be lost on upgrades ++# /etc/sysctl.conf can be used to customize sysctl settings ++ ++# disable bridge firewalling by default ++net.bridge.bridge-nf-call-arptables=0 ++net.bridge.bridge-nf-call-ip6tables=0 ++net.bridge.bridge-nf-call-iptables=0 +diff --git a/package/kernel/linux/files/sysctl-nf-conntrack.conf b/package/kernel/linux/files/sysctl-nf-conntrack.conf +new file mode 100644 +index 0000000000000000000000000000000000000000..37baf5fd6ff9d99d37554f5e38bf1d749a7f21e2 +--- /dev/null ++++ b/package/kernel/linux/files/sysctl-nf-conntrack.conf +@@ -0,0 +1,9 @@ ++# Do not edit, changes to this file will be lost on upgrades ++# /etc/sysctl.conf can be used to customize sysctl settings ++ ++net.netfilter.nf_conntrack_acct=1 ++net.netfilter.nf_conntrack_checksum=0 ++net.netfilter.nf_conntrack_max=16384 ++net.netfilter.nf_conntrack_tcp_timeout_established=7440 ++net.netfilter.nf_conntrack_udp_timeout=60 ++net.netfilter.nf_conntrack_udp_timeout_stream=180 +diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk +index 3b26ad1fbf3e261d84ae18216c51c87c53579c06..bb882363f3df4df733424ca6bba72badc96f06f8 100644 +--- a/package/kernel/linux/modules/netfilter.mk ++++ b/package/kernel/linux/modules/netfilter.mk +@@ -74,6 +74,11 @@ define KernelPackage/nf-conntrack + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m))) + endef + ++define KernelPackage/nf-conntrack/install ++ $(INSTALL_DIR) $(1)/etc/sysctl.d ++ $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf ++endef ++ + $(eval $(call KernelPackage,nf-conntrack)) + + +@@ -674,6 +679,11 @@ define KernelPackage/br-netfilter + AUTOLOAD:=$(call AutoProbe,br_netfilter) + endef + ++define KernelPackage/br-netfilter/install ++ $(INSTALL_DIR) $(1)/etc/sysctl.d ++ $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf ++endef ++ + $(eval $(call KernelPackage,br-netfilter)) + + diff --git a/patches/lede/0072-base-files-remove-etc-sysctl.d-from-conffiles.patch b/patches/lede/0072-base-files-remove-etc-sysctl.d-from-conffiles.patch new file mode 100644 index 00000000..c88ce368 --- /dev/null +++ b/patches/lede/0072-base-files-remove-etc-sysctl.d-from-conffiles.patch @@ -0,0 +1,32 @@ +From: Matthias Schiffer +Date: Fri, 13 Apr 2018 14:36:43 +0200 +Subject: base-files: remove /etc/sysctl.d/ from conffiles + +Let's use /etc/sysctl.d for package-provided snippets and leave +/etc/sysctl.conf to the admin. Don't backup /etc/sysctl.d on upgrades, so +old defaults get replaced properly. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/base-files/Makefile b/package/base-files/Makefile +index 6ae4b9262e369f5e93f59133d1c0b61a0d6c2224..339528d3ba8a5ab40c2d8fa246c937d61fb4856d 100644 +--- a/package/base-files/Makefile ++++ b/package/base-files/Makefile +@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk + include $(INCLUDE_DIR)/version.mk + + PKG_NAME:=base-files +-PKG_RELEASE:=173.5.1 ++PKG_RELEASE:=173.5.2 + PKG_FLAGS:=nonshared + + PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ +@@ -59,8 +59,6 @@ define Package/base-files/conffiles + /etc/shadow + /etc/shells + /etc/sysctl.conf +-/etc/sysctl.d/ +-/etc/sysctl.d/local.conf + /etc/sysupgrade.conf + $(call $(TARGET)/conffiles) + endef diff --git a/patches/lede/0073-kernel-disable-accept_ra-by-default.patch b/patches/lede/0073-kernel-disable-accept_ra-by-default.patch new file mode 100644 index 00000000..fd0c3090 --- /dev/null +++ b/patches/lede/0073-kernel-disable-accept_ra-by-default.patch @@ -0,0 +1,170 @@ +From: Matthias Schiffer +Date: Thu, 12 Apr 2018 22:14:56 +0200 +Subject: kernel: disable accept_ra by default + +Our script setting accept_ra to 0 on all interfaces got lost in the +transition to procd. This remained unnoticed for a long time, as was also +enable forwarding on all interfaces, which prevents RA handling by default. + +Providing a way to ensure net.ipv6.conf.default.accept_ra is set early +enough is a nicer solution than fixing up interfaces in a script (given the +patch is accepted upstream). + +Signed-off-by: Matthias Schiffer + +diff --git a/target/linux/generic/config-3.18 b/target/linux/generic/config-3.18 +index 4c3215b594cea9f3d001f8a9f73bbdf78e30ceff..bf13cefde0c5dc45788da9dea57aca5def9b152b 100644 +--- a/target/linux/generic/config-3.18 ++++ b/target/linux/generic/config-3.18 +@@ -1604,6 +1604,7 @@ CONFIG_IOSCHED_NOOP=y + # CONFIG_IPC_NS is not set + # CONFIG_IPMI_HANDLER is not set + # CONFIG_IPV6 is not set ++# CONFIG_IPV6_ACCEPT_RA_DEFAULT is not set + # CONFIG_IPV6_MIP6 is not set + # CONFIG_IPV6_MROUTE is not set + # CONFIG_IPV6_MROUTE_MULTIPLE_TABLES is not set +diff --git a/target/linux/generic/config-4.4 b/target/linux/generic/config-4.4 +index a8fd15d1a4a40681d80da06ad7a826966287d8d8..e2d69426370a3e50703c48fb60c5b1b3aa601ef3 100644 +--- a/target/linux/generic/config-4.4 ++++ b/target/linux/generic/config-4.4 +@@ -1671,6 +1671,7 @@ CONFIG_IOSCHED_NOOP=y + # CONFIG_IPC_NS is not set + # CONFIG_IPMI_HANDLER is not set + # CONFIG_IPV6 is not set ++# CONFIG_IPV6_ACCEPT_RA_DEFAULT is not set + # CONFIG_IPV6_ILA is not set + # CONFIG_IPV6_MIP6 is not set + # CONFIG_IPV6_MROUTE is not set +diff --git a/target/linux/generic/patches-3.18/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch b/target/linux/generic/patches-3.18/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch +new file mode 100644 +index 0000000000000000000000000000000000000000..6067be31830f6cc788708632dba36f338eb67d39 +--- /dev/null ++++ b/target/linux/generic/patches-3.18/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch +@@ -0,0 +1,60 @@ ++From 782710d7f18a2c9999410cb7cfc92955463897d8 Mon Sep 17 00:00:00 2001 ++Message-Id: <782710d7f18a2c9999410cb7cfc92955463897d8.1523559442.git.mschiffer@universe-factory.net> ++From: Matthias Schiffer ++Date: Thu, 12 Apr 2018 20:08:05 +0200 ++Subject: [PATCH net-next] ipv6: provide Kconfig switch to disable accept_ra by ++ default ++ ++Many distributions and users prefer to handle router advertisements in ++userspace; one example is OpenWrt, which includes a combined RA and DHCPv6 ++client. For such configurations, accept_ra should not be enabled by ++default. ++ ++As setting net.ipv6.conf.default.accept_ra via sysctl.conf or similar ++facilities may be too late to catch all interfaces and common sysctl.conf ++tools do not allow setting an option for all existing interfaces, this ++patch provides a Kconfig option to control the default value of ++default.accept_ra. ++ ++Using default.accept_ra is preferable to all.accept_ra for our usecase, ++as disabling all.accept_ra would preclude users from explicitly enabling ++accept_ra on individual interfaces. ++ ++Signed-off-by: Matthias Schiffer ++--- ++ net/ipv6/Kconfig | 12 ++++++++++++ ++ net/ipv6/addrconf.c | 2 +- ++ 2 files changed, 13 insertions(+), 1 deletion(-) ++ ++--- a/net/ipv6/Kconfig +++++ b/net/ipv6/Kconfig ++@@ -21,6 +21,18 @@ menuconfig IPV6 ++ ++ if IPV6 ++ +++config IPV6_ACCEPT_RA_DEFAULT +++ bool "IPv6: Accept router advertisements by default" +++ default y +++ help +++ The kernel can internally handle IPv6 router advertisements for +++ stateless address autoconfiguration (SLAAC) and route configuration, +++ which can be configured in detail and per-interface using a number of +++ sysctl options. This option controls the default value of +++ net.ipv6.conf.default.accept_ra. +++ +++ If unsure, say Y. +++ ++ config IPV6_ROUTER_PREF ++ bool "IPv6: Router Preference (RFC 4191) support" ++ ---help--- ++--- a/net/ipv6/addrconf.c +++++ b/net/ipv6/addrconf.c ++@@ -207,7 +207,7 @@ static struct ipv6_devconf ipv6_devconf_ ++ .forwarding = 0, ++ .hop_limit = IPV6_DEFAULT_HOPLIMIT, ++ .mtu6 = IPV6_MIN_MTU, ++- .accept_ra = 1, +++ .accept_ra = IS_ENABLED(CONFIG_IPV6_ACCEPT_RA_DEFAULT), ++ .accept_redirects = 1, ++ .autoconf = 1, ++ .force_mld_version = 0, +diff --git a/target/linux/generic/patches-4.4/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch b/target/linux/generic/patches-4.4/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch +new file mode 100644 +index 0000000000000000000000000000000000000000..8184a27705348c609d09c39a6d90b810d28fdead +--- /dev/null ++++ b/target/linux/generic/patches-4.4/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch +@@ -0,0 +1,60 @@ ++From 782710d7f18a2c9999410cb7cfc92955463897d8 Mon Sep 17 00:00:00 2001 ++Message-Id: <782710d7f18a2c9999410cb7cfc92955463897d8.1523559442.git.mschiffer@universe-factory.net> ++From: Matthias Schiffer ++Date: Thu, 12 Apr 2018 20:08:05 +0200 ++Subject: [PATCH net-next] ipv6: provide Kconfig switch to disable accept_ra by ++ default ++ ++Many distributions and users prefer to handle router advertisements in ++userspace; one example is OpenWrt, which includes a combined RA and DHCPv6 ++client. For such configurations, accept_ra should not be enabled by ++default. ++ ++As setting net.ipv6.conf.default.accept_ra via sysctl.conf or similar ++facilities may be too late to catch all interfaces and common sysctl.conf ++tools do not allow setting an option for all existing interfaces, this ++patch provides a Kconfig option to control the default value of ++default.accept_ra. ++ ++Using default.accept_ra is preferable to all.accept_ra for our usecase, ++as disabling all.accept_ra would preclude users from explicitly enabling ++accept_ra on individual interfaces. ++ ++Signed-off-by: Matthias Schiffer ++--- ++ net/ipv6/Kconfig | 12 ++++++++++++ ++ net/ipv6/addrconf.c | 2 +- ++ 2 files changed, 13 insertions(+), 1 deletion(-) ++ ++--- a/net/ipv6/Kconfig +++++ b/net/ipv6/Kconfig ++@@ -20,6 +20,18 @@ menuconfig IPV6 ++ ++ if IPV6 ++ +++config IPV6_ACCEPT_RA_DEFAULT +++ bool "IPv6: Accept router advertisements by default" +++ default y +++ help +++ The kernel can internally handle IPv6 router advertisements for +++ stateless address autoconfiguration (SLAAC) and route configuration, +++ which can be configured in detail and per-interface using a number of +++ sysctl options. This option controls the default value of +++ net.ipv6.conf.default.accept_ra. +++ +++ If unsure, say Y. +++ ++ config IPV6_ROUTER_PREF ++ bool "IPv6: Router Preference (RFC 4191) support" ++ ---help--- ++--- a/net/ipv6/addrconf.c +++++ b/net/ipv6/addrconf.c ++@@ -222,7 +222,7 @@ static struct ipv6_devconf ipv6_devconf_ ++ .forwarding = 0, ++ .hop_limit = IPV6_DEFAULT_HOPLIMIT, ++ .mtu6 = IPV6_MIN_MTU, ++- .accept_ra = 1, +++ .accept_ra = IS_ENABLED(CONFIG_IPV6_ACCEPT_RA_DEFAULT), ++ .accept_redirects = 1, ++ .autoconf = 1, ++ .force_mld_version = 0, From 12c324917b2a0ac61e5a5b4d7207f8332190a22a Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 13 Apr 2018 12:45:18 +0200 Subject: [PATCH 12/36] treewide: move sysctl settings to /etc/sysctl.d net.ipv6.conf.br-client.forwarding is moved from gluon-client-bridge to gluon-mesh-batman-adv, as the setting is not useful with non-bridged protocols. --- .../luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network | 4 ---- package/gluon-core/files/etc/sysctl.d/30-gluon-core.conf | 1 + package/gluon-core/luasrc/lib/gluon/upgrade/110-network | 5 ----- .../gluon-core/luasrc/lib/gluon/upgrade/130-reboot-on-oom | 5 ----- .../files/etc/sysctl.d/31-gluon-mesh-batman-adv.conf | 2 ++ .../gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge | 4 ---- 6 files changed, 3 insertions(+), 18 deletions(-) create mode 100644 package/gluon-core/files/etc/sysctl.d/30-gluon-core.conf delete mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/130-reboot-on-oom create mode 100644 package/gluon-mesh-batman-adv/files/etc/sysctl.d/31-gluon-mesh-batman-adv.conf diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network index 5ed4524f..c79bc3c7 100755 --- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network +++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network @@ -1,7 +1,6 @@ #!/usr/bin/lua local sysconfig = require 'gluon.sysconfig' -local sysctl = require 'gluon.sysctl' local util = require 'gluon.util' local uci = require('simple-uci').cursor() @@ -72,6 +71,3 @@ uci:section('dhcp', 'dhcp', 'local_client', { uci:save('dhcp') uci:save('firewall') - - -sysctl.set('net.ipv6.conf.br-client.forwarding', 0) diff --git a/package/gluon-core/files/etc/sysctl.d/30-gluon-core.conf b/package/gluon-core/files/etc/sysctl.d/30-gluon-core.conf new file mode 100644 index 00000000..12d569a0 --- /dev/null +++ b/package/gluon-core/files/etc/sysctl.d/30-gluon-core.conf @@ -0,0 +1 @@ +vm.panic_on_oom=1 diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network index 76197517..79c50d27 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network @@ -1,7 +1,6 @@ #!/usr/bin/lua local uci = require('simple-uci').cursor() -local sysctl = require 'gluon.sysctl' local sysconfig = require 'gluon.sysconfig' @@ -68,7 +67,3 @@ uci:section('firewall', 'rule', 'wan_mld', { }) uci:save('firewall') - - -sysctl.set('net.ipv6.conf.all.accept_ra', 0) -sysctl.set('net.ipv6.conf.default.accept_ra', 0) diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/130-reboot-on-oom b/package/gluon-core/luasrc/lib/gluon/upgrade/130-reboot-on-oom deleted file mode 100755 index 48cfc5a8..00000000 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/130-reboot-on-oom +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/lua - -local sysctl = require 'gluon.sysctl' - -sysctl.set('vm.panic_on_oom', 1) diff --git a/package/gluon-mesh-batman-adv/files/etc/sysctl.d/31-gluon-mesh-batman-adv.conf b/package/gluon-mesh-batman-adv/files/etc/sysctl.d/31-gluon-mesh-batman-adv.conf new file mode 100644 index 00000000..c93fa0da --- /dev/null +++ b/package/gluon-mesh-batman-adv/files/etc/sysctl.d/31-gluon-mesh-batman-adv.conf @@ -0,0 +1,2 @@ +net.ipv6.conf.br-client.forwarding=0 +net.ipv6.conf.local-node.forwarding=0 diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge index 231fe961..a03ea658 100755 --- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge +++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge @@ -6,7 +6,6 @@ local site = require 'gluon.site' local sysconfig = require 'gluon.sysconfig' -local sysctl = require 'gluon.sysctl' local util = require 'gluon.util' local uci = require('simple-uci').cursor() @@ -51,6 +50,3 @@ uci:set_list('firewall', 'drop', 'network', networks) uci:delete('firewall', 'local_node_dns') uci:save('firewall') - - -sysctl.set('net.ipv6.conf.local-node.forwarding', 0) From 32893f879ba9e1e265716ddc42d3ec829f2c4612 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 13 Apr 2018 12:47:10 +0200 Subject: [PATCH 13/36] gluon-core: remove unused gluon.sysctl Lua module --- .../gluon-core/luasrc/usr/lib/lua/gluon/sysctl.lua | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 package/gluon-core/luasrc/usr/lib/lua/gluon/sysctl.lua diff --git a/package/gluon-core/luasrc/usr/lib/lua/gluon/sysctl.lua b/package/gluon-core/luasrc/usr/lib/lua/gluon/sysctl.lua deleted file mode 100644 index ee429437..00000000 --- a/package/gluon-core/luasrc/usr/lib/lua/gluon/sysctl.lua +++ /dev/null @@ -1,12 +0,0 @@ -local util = require 'gluon.util' - - -module 'gluon.sysctl' - -function set(name, value) - local new - if value then - new = name .. '=' .. value .. '\n' - end - util.replace_prefix('/etc/sysctl.conf', name .. '=', new) -end From 50893246351e0a01ce0a1e1a002c23630b76efd2 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 13 Apr 2018 14:08:04 +0200 Subject: [PATCH 14/36] gluon-core: get rid of old sysctl settings --- .../files/lib/gluon/upgrade/100-core-reset-sysctl | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100755 package/gluon-core/files/lib/gluon/upgrade/100-core-reset-sysctl diff --git a/package/gluon-core/files/lib/gluon/upgrade/100-core-reset-sysctl b/package/gluon-core/files/lib/gluon/upgrade/100-core-reset-sysctl new file mode 100755 index 00000000..6f6f4316 --- /dev/null +++ b/package/gluon-core/files/lib/gluon/upgrade/100-core-reset-sysctl @@ -0,0 +1,8 @@ +#!/bin/sh + +# This script can be removed after Gluon v2018.2 + +# Check for a random line that always was in /etc/sysctl.conf +if grep -qxF 'net.ipv4.ip_forward=1' /etc/sysctl.conf; then + echo '# Defaults are configured in /etc/sysctl.d/* and can be customized in this file' >/etc/sysctl.conf +fi From 4111dc4383f96b847e2ad7c76e29926c0763ca5f Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 13 Apr 2018 15:01:43 +0200 Subject: [PATCH 15/36] gluon-core: remove obsolete dnsmasq upgrade script The script cleaned up an old setting that was removed in 2014. --- package/gluon-core/files/lib/gluon/upgrade/100-dnsmasq | 5 ----- 1 file changed, 5 deletions(-) delete mode 100755 package/gluon-core/files/lib/gluon/upgrade/100-dnsmasq diff --git a/package/gluon-core/files/lib/gluon/upgrade/100-dnsmasq b/package/gluon-core/files/lib/gluon/upgrade/100-dnsmasq deleted file mode 100755 index 3636fbf6..00000000 --- a/package/gluon-core/files/lib/gluon/upgrade/100-dnsmasq +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -if [ -e /etc/dnsmasq.conf ]; then - sed -i -e '/^conf-dir=\/lib\/gluon\/dnsmasq\.d$/d' -e '/^conf-dir=\/var\/gluon\/dnsmasq\.d$/d' /etc/dnsmasq.conf -fi From fc76f5bf3a5a43ef666767f670231bf7cb4b7d47 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 13 Apr 2018 15:15:40 +0200 Subject: [PATCH 16/36] gluon-core: remove DNS cache feature dnsmasq's caching is severly broken and does not handle all answer records equally. In particular, its cached answers are missing DNSKEY and DS records, breaking DNSSEC validation on clients. Remove the cache for now. It may return if dnsmasq is fixed or we switch to a different resolver. --- docs/features/dns-cache.rst | 52 ------------------- docs/features/dns-forwarder.rst | 26 ++++++++++ docs/index.rst | 2 +- docs/releases/v2017.1.rst | 2 - package/gluon-core/check_site.lua | 1 - .../luasrc/lib/gluon/upgrade/820-dns-config | 2 +- 6 files changed, 28 insertions(+), 57 deletions(-) delete mode 100644 docs/features/dns-cache.rst create mode 100644 docs/features/dns-forwarder.rst diff --git a/docs/features/dns-cache.rst b/docs/features/dns-cache.rst deleted file mode 100644 index 0a42e110..00000000 --- a/docs/features/dns-cache.rst +++ /dev/null @@ -1,52 +0,0 @@ -DNS caching -=========== - -User experience may be greatly improved when dns is accelerated. Also, it -seems like a good idea to keep the number of packages being exchanged -between node and gateway as small as possible. In order to do this, a -DNS cache may be used on a node. The dnsmasq instance listening on port -53 on the node will be reconfigured to answer requests, use a list of -upstream servers and a specific cache size if the options listed below are -added to site.conf. Upstream servers are the DNS servers which are normally -used by the nodes to resolve hostnames (e.g. gateways/supernodes). - -There are the following settings: - servers - cacheentries - -To use the node's DNS server, both options should be set. The node will cache at -most 'cacheentries' many DNS records in RAM. The 'servers' list will be used to -resolve the received DNS queries if the request cannot be answered from -cache. Gateways should announce the "next node" address via DHCP and RDNSS (if -any). Note that not setting 'servers' here will lead to DNS not working: Once -the gateways all announce the "next node" address for DNS, there is no way for -nodes to automatically determine DNS servers. They have to be baked into the -firmware. - -If these settings do not exist, the cache is not initialized and RAM usage will -not increase. - -When next_node.name is set, an A record and an AAAA record for the -next-node IP address are placed in the dnsmasq configuration. This means that -the content of next_node.name may be resolved even without upstream connectivity. -It is suggested to use the same name as the DNS server provides: -e.g. nextnode.location.community.example.org (This way the name also works if a -client uses static DNS Servers). Hint: If next_node.name does not contain a dot -some browsers would open the searchpage instead. - -:: - - dns = { - cacheentries = 5000, - servers = { '2001:db8::1', }, - }, - - next_node = { - name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' }, - ip6 = '2001:db8:8::1', - ip4 = '198.51.100.1', - } - - -The cache will be initialized during startup. -Each cache entry will occupy about 90 bytes of RAM. diff --git a/docs/features/dns-forwarder.rst b/docs/features/dns-forwarder.rst new file mode 100644 index 00000000..d74f9618 --- /dev/null +++ b/docs/features/dns-forwarder.rst @@ -0,0 +1,26 @@ +DNS forwarder +============= + +A Gluon node can be configured to act as a DNS forwarder. Requests for the +next-node hostname(s) can be answered locally, without querying the upstream +resolver. + +**Note:** While this reduces answer time and allows to use the next-node +hostname without upstream connectivity, this feature should not be used for +next-node hostnames that are FQDN when the zone uses DNSSEC. + +One or more upstream resolvers can be configured in the *dns.servers* setting. +When *next_node.name* is set, A and/or AAAA records for the next-node IP +addresses are placed in the dnsmasq configuration. + +:: + + dns = { + servers = { '2001:db8::1', }, + }, + + next_node = { + name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' }, + ip6 = '2001:db8:8::1', + ip4 = '198.51.100.1', + } diff --git a/docs/index.rst b/docs/index.rst index 5bc7229a..3f4d78a8 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -23,7 +23,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre features/wlan-configuration features/private-wlan features/wired-mesh - features/dns-cache + features/dns-forwarder features/monitoring features/authorized-keys features/roles diff --git a/docs/releases/v2017.1.rst b/docs/releases/v2017.1.rst index 5c5b48bb..cc445933 100644 --- a/docs/releases/v2017.1.rst +++ b/docs/releases/v2017.1.rst @@ -88,8 +88,6 @@ New features * Add support for making nodes a DNS cache for clients (`#1000 `_) - See also: :doc:`../features/dns-cache` - * Add L2TP via tunneldigger as an alternative VPN system (`#978 `_) diff --git a/package/gluon-core/check_site.lua b/package/gluon-core/check_site.lua index e2f2e69b..06840eb0 100644 --- a/package/gluon-core/check_site.lua +++ b/package/gluon-core/check_site.lua @@ -67,7 +67,6 @@ need_boolean(in_site({'poe_passthrough'}), false) if need_table({'dns'}, nil, false) then need_string_array_match({'dns', 'servers'}, '^[%x:]+$') - need_number({'dns', 'cacheentries'}, false) end need_string_array(in_domain({'next_node', 'name'}), false) diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config b/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config index ea0bf4ac..18b44d3f 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config @@ -12,7 +12,7 @@ uci:set('dhcp', dnsmasq, 'localise_queries', true) uci:set('dhcp', dnsmasq, 'localservice', false) uci:set('dhcp', dnsmasq, 'server', dns.servers) -uci:set('dhcp', dnsmasq, 'cachesize', dns.cacheentries) +uci:delete('dhcp', dnsmasq, 'cachesize') uci:delete('firewall', 'client_dns') if dns.servers then From 41932471630b32bc91fb5d644acc7b162a93d3d1 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 13 Apr 2018 16:00:33 +0200 Subject: [PATCH 17/36] modules: update Gluon packages 6c38a5dd639e simple-tc: add PKG_CONFIG_DEPENDS to trigger rebuild on dependency changes --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 227fb1e7..0f548b0a 100644 --- a/modules +++ b/modules @@ -9,7 +9,7 @@ PACKAGES_OPENWRT_BRANCH=lede-17.01 PACKAGES_OPENWRT_COMMIT=82ef2fd773987a72678a32b862f50085c3f57d56 PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git -PACKAGES_GLUON_COMMIT=61c7aac8ef87300a30198778496226ff3d021701 +PACKAGES_GLUON_COMMIT=6c38a5dd639ee4649bc98401c5b3bb27ff99de4d PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git PACKAGES_ROUTING_COMMIT=3aaa772ef520e5e02ddd6a3eecf67a81fad726f5 From baf0be31f23dcae0956ca6e0a2640f12f0a99749 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 11 Apr 2018 13:13:59 +0200 Subject: [PATCH 18/36] treewide: switch to ebtables-tiny --- .../src/gluon-arp-limiter.c | 2 +- package/gluon-ebtables/Makefile | 2 +- .../files/etc/init.d/gluon-ebtables | 16 ++++++++-------- .../gluon-radv-filterd/src/gluon-radv-filterd.c | 8 ++++---- package/gluon-radv-filterd/src/respondd.c | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c index cbb6faf2..9c764006 100644 --- a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c +++ b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c @@ -18,7 +18,7 @@ #define BATCTL_DC "/usr/sbin/batctl dc -H -n" #define BATCTL_TL "/usr/sbin/batctl tl -H -n" -#define EBTABLES "/usr/sbin/ebtables --concurrent" +#define EBTABLES "/usr/sbin/ebtables-tiny" #define BUILD_BUG_ON(check) ((void)sizeof(int[1-2*!!(check)])) diff --git a/package/gluon-ebtables/Makefile b/package/gluon-ebtables/Makefile index f5ee0e38..3ecf9b88 100644 --- a/package/gluon-ebtables/Makefile +++ b/package/gluon-ebtables/Makefile @@ -10,7 +10,7 @@ define Package/gluon-ebtables SECTION:=gluon CATEGORY:=Gluon TITLE:=Ebtables support - DEPENDS:=+gluon-core +ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6 +kmod-ipt-core + DEPENDS:=+gluon-core +ebtables-tiny +kmod-ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6 endef define Package/gluon-ebtables/description diff --git a/package/gluon-ebtables/files/etc/init.d/gluon-ebtables b/package/gluon-ebtables/files/etc/init.d/gluon-ebtables index 40c9e061..60add180 100755 --- a/package/gluon-ebtables/files/etc/init.d/gluon-ebtables +++ b/package/gluon-ebtables/files/etc/init.d/gluon-ebtables @@ -7,13 +7,13 @@ # rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP # # Removing all rules: -# $ ./firewall-ebtables stop +# $ /etc/init.d/gluon-ebtables stop # Inserting all rules: -# $ ./firewall-ebtables start +# $ /etc/init.d/gluon-ebtables start # Inserting a specific rule file: -# $ ./firewall-ebtables start /lib/gluon/ebtables/100-mcast-chain +# $ /etc/init.d/gluon-ebtables start /lib/gluon/ebtables/100-mcast-chain # Removing a specific rule file: -# $ ./firewall-ebtables stop /lib/gluon/ebtables/100-mcast-chain +# $ /etc/init.d/gluon-ebtables stop /lib/gluon/ebtables/100-mcast-chain START=19 @@ -51,8 +51,8 @@ exec_all() { start() { ( - export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -A " .. command' - export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -N " .. name .. " -P " .. policy' + export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -A " .. command' + export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -N " .. name .. " -P " .. policy' # Contains /var/lib/ebtables/lock for '--concurrent' [ ! -d "/var/lib/ebtables" ] && \ @@ -68,8 +68,8 @@ start() { stop() { ( - export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -D " .. command' - export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -X " .. name' + export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -D " .. command' + export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -X " .. name' if [ -z "$1" ]; then exec_all '-r' diff --git a/package/gluon-radv-filterd/src/gluon-radv-filterd.c b/package/gluon-radv-filterd/src/gluon-radv-filterd.c index 990885ea..5fcab439 100644 --- a/package/gluon-radv-filterd/src/gluon-radv-filterd.c +++ b/package/gluon-radv-filterd/src/gluon-radv-filterd.c @@ -168,11 +168,11 @@ static void cleanup(void) { if (G.chain) { /* Reset chain to accept everything again */ if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) - { "ebtables", "--concurrent", "-F", G.chain, NULL })) + { "ebtables-tiny", "-F", G.chain, NULL })) DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain); if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) - { "ebtables", "--concurrent", "-A", G.chain, "-j", "ACCEPT", NULL })) + { "ebtables-tiny", "-A", G.chain, "-j", "ACCEPT", NULL })) DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain); } } @@ -720,10 +720,10 @@ static void update_ebtables(void) { G.best_router = router; if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) - { "ebtables", "--concurrent", "-F", G.chain, NULL })) + { "ebtables-tiny", "-F", G.chain, NULL })) error_message(0, 0, "warning: flushing ebtables chain %s failed, not adding a new rule", G.chain); else if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) - { "ebtables", "--concurrent", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL })) + { "ebtables-tiny", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL })) error_message(0, 0, "warning: adding new rule to ebtables chain %s failed", G.chain); } diff --git a/package/gluon-radv-filterd/src/respondd.c b/package/gluon-radv-filterd/src/respondd.c index 7e65a3d9..8c2c7eb4 100644 --- a/package/gluon-radv-filterd/src/respondd.c +++ b/package/gluon-radv-filterd/src/respondd.c @@ -8,7 +8,7 @@ #include "mac.h" static struct json_object * get_radv_filter() { - FILE *f = popen("exec ebtables --concurrent -L RADV_FILTER", "r"); + FILE *f = popen("exec ebtables-tiny -L RADV_FILTER", "r"); char *line = NULL; size_t len = 0; struct ether_addr mac = {}; From f5e29476c30b80421a9226d1d1b46789a88561d8 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 11 Apr 2018 13:14:00 +0200 Subject: [PATCH 19/36] Add patches to reduce iptables module dependencies --- ...tables-on-kmod-ebtables-to-selecting.patch | 23 ++++ ...0075-kernel-unhide-kmod-br-netfilter.patch | 21 ++++ ...s-do-not-depend-on-kmod-br-netfilter.patch | 22 ++++ ...sdev-match-out-as-a-separate-package.patch | 114 ++++++++++++++++++ 4 files changed, 180 insertions(+) create mode 100644 patches/lede/0074-kernel-change-dependency-of-kmod-ebtables-on-kmod-ebtables-to-selecting.patch create mode 100644 patches/lede/0075-kernel-unhide-kmod-br-netfilter.patch create mode 100644 patches/lede/0076-kernel-kmod-ebtables-do-not-depend-on-kmod-br-netfilter.patch create mode 100644 patches/lede/0077-iptables-split-physdev-match-out-as-a-separate-package.patch diff --git a/patches/lede/0074-kernel-change-dependency-of-kmod-ebtables-on-kmod-ebtables-to-selecting.patch b/patches/lede/0074-kernel-change-dependency-of-kmod-ebtables-on-kmod-ebtables-to-selecting.patch new file mode 100644 index 00000000..6f9d915f --- /dev/null +++ b/patches/lede/0074-kernel-change-dependency-of-kmod-ebtables-on-kmod-ebtables-to-selecting.patch @@ -0,0 +1,23 @@ +From: Matthias Schiffer +Date: Mon, 9 Apr 2018 18:51:57 +0200 +Subject: kernel: change dependency of kmod-ebtables-* on kmod-ebtables to selecting + +Non-selecting dependencies easily lead to Kconfig failures due to recursive +dependencies. We hit such an issue in Gluon; the easiest fix is to make +the dependency selecting. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk +index bb882363f3df4df733424ca6bba72badc96f06f8..c1d08a54037e6b33834566dac58308f64a427ecd 100644 +--- a/package/kernel/linux/modules/netfilter.mk ++++ b/package/kernel/linux/modules/netfilter.mk +@@ -707,7 +707,7 @@ $(eval $(call KernelPackage,ebtables)) + + define AddDepends/ebtables + SUBMENU:=$(NF_MENU) +- DEPENDS+=kmod-ebtables $(1) ++ DEPENDS+= +kmod-ebtables $(1) + endef + + diff --git a/patches/lede/0075-kernel-unhide-kmod-br-netfilter.patch b/patches/lede/0075-kernel-unhide-kmod-br-netfilter.patch new file mode 100644 index 00000000..c08c7819 --- /dev/null +++ b/patches/lede/0075-kernel-unhide-kmod-br-netfilter.patch @@ -0,0 +1,21 @@ +From: Matthias Schiffer +Date: Mon, 9 Apr 2018 18:56:53 +0200 +Subject: kernel: unhide kmod-br-netfilter + +kmod-br-netfilter is not only a support module, but can be useful on its +own, using the net.bridge.bridge-nf-call-* sysctls. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk +index c1d08a54037e6b33834566dac58308f64a427ecd..275147b8757a42c00de14502a072c8384a0526ab 100644 +--- a/package/kernel/linux/modules/netfilter.mk ++++ b/package/kernel/linux/modules/netfilter.mk +@@ -672,7 +672,6 @@ $(eval $(call KernelPackage,arptables)) + define KernelPackage/br-netfilter + SUBMENU:=$(NF_MENU) + TITLE:=Bridge netfilter support modules +- HIDDEN:=1 + DEPENDS:=+kmod-ipt-core +kmod-bridge + FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko + KCONFIG:=CONFIG_BRIDGE_NETFILTER diff --git a/patches/lede/0076-kernel-kmod-ebtables-do-not-depend-on-kmod-br-netfilter.patch b/patches/lede/0076-kernel-kmod-ebtables-do-not-depend-on-kmod-br-netfilter.patch new file mode 100644 index 00000000..472fe77c --- /dev/null +++ b/patches/lede/0076-kernel-kmod-ebtables-do-not-depend-on-kmod-br-netfilter.patch @@ -0,0 +1,22 @@ +From: Matthias Schiffer +Date: Mon, 9 Apr 2018 19:01:56 +0200 +Subject: kernel: kmod-ebtables: do not depend on kmod-br-netfilter + +While ebtables can be combined with br-netfilter, there is no good reason +to make it a dependency. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk +index 275147b8757a42c00de14502a072c8384a0526ab..34eefcd892b9e8b3157603fa47578d0afc65dc4b 100644 +--- a/package/kernel/linux/modules/netfilter.mk ++++ b/package/kernel/linux/modules/netfilter.mk +@@ -689,7 +689,7 @@ $(eval $(call KernelPackage,br-netfilter)) + define KernelPackage/ebtables + SUBMENU:=$(NF_MENU) + TITLE:=Bridge firewalling modules +- DEPENDS:=+kmod-ipt-core +kmod-bridge +kmod-br-netfilter ++ DEPENDS:=+kmod-ipt-core +kmod-bridge + FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_EBTABLES) + AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m))) diff --git a/patches/lede/0077-iptables-split-physdev-match-out-as-a-separate-package.patch b/patches/lede/0077-iptables-split-physdev-match-out-as-a-separate-package.patch new file mode 100644 index 00000000..8d6c61d7 --- /dev/null +++ b/patches/lede/0077-iptables-split-physdev-match-out-as-a-separate-package.patch @@ -0,0 +1,114 @@ +From: Matthias Schiffer +Date: Mon, 9 Apr 2018 19:41:26 +0200 +Subject: iptables: split physdev match out as a separate package + +Split physdev match out of ipt-extra to allow installing ipt-extra without +pulling in br-netfilter. + +Signed-off-by: Matthias Schiffer + +diff --git a/include/netfilter.mk b/include/netfilter.mk +index 39c8e7c90fab2ba14cd75c80d1e357dd23ae6a1b..79ae3d5343ed77b559f50f40bb8a73a33dd13314 100644 +--- a/include/netfilter.mk ++++ b/include/netfilter.mk +@@ -89,12 +89,14 @@ $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_CO + + $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, $(if $(NF_KMOD),$(P_XT)xt_addrtype,$(P_XT)ipt_addrtype))) + $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_OWNER, $(P_XT)xt_owner)) +-$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_physdev)) + $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PKTTYPE, $(P_XT)xt_pkttype)) + $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_QUOTA, $(P_XT)xt_quota)) + + #$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE)) + ++# physdev ++ ++$(eval $(call nf_add,IPT_PHYSDEV,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_physdev)) + + # filter + +@@ -347,6 +349,7 @@ IPT_BUILTIN += $(NF_CONNTRACK6-y) + IPT_BUILTIN += $(IPT_CONNTRACK-y) + IPT_BUILTIN += $(IPT_CONNTRACK_EXTRA-y) + IPT_BUILTIN += $(IPT_EXTRA-y) ++IPT_BUILTIN += $(IPT_PHYSDEV-y) + IPT_BUILTIN += $(IPT_FILTER-y) + IPT_BUILTIN += $(IPT_IPOPT-y) + IPT_BUILTIN += $(IPT_IPRANGE-y) +diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk +index 34eefcd892b9e8b3157603fa47578d0afc65dc4b..a71904673ae53bffcc9fd88291520aacb4a4f8d7 100644 +--- a/package/kernel/linux/modules/netfilter.mk ++++ b/package/kernel/linux/modules/netfilter.mk +@@ -604,7 +604,7 @@ define KernelPackage/ipt-extra + KCONFIG:=$(KCONFIG_IPT_EXTRA) + FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m))) +- $(call AddDepends/ipt,+kmod-br-netfilter) ++ $(call AddDepends/ipt) + endef + + define KernelPackage/ipt-extra/description +@@ -612,7 +612,6 @@ define KernelPackage/ipt-extra/description + Includes: + - addrtype + - owner +- - physdev (if bridge support was enabled in kernel) + - pkttype + - quota + endef +@@ -620,6 +619,21 @@ endef + $(eval $(call KernelPackage,ipt-extra)) + + ++define KernelPackage/ipt-physdev ++ TITLE:=physdev module ++ KCONFIG:=$(KCONFIG_IPT_PHYSDEV) ++ FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko) ++ AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m))) ++ $(call AddDepends/ipt,+kmod-br-netfilter) ++endef ++ ++define KernelPackage/ipt-physdev/description ++ The iptables physdev kernel module ++endef ++ ++$(eval $(call KernelPackage,ipt-physdev)) ++ ++ + define KernelPackage/ip6tables + SUBMENU:=$(NF_MENU) + TITLE:=IPv6 modules +diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile +index 9761ed1820b5c092292d25aef28f8f9a8ffa91a6..af5ed8c6245a9d52f5aea695e71b08ac6f3e6eca 100644 +--- a/package/network/utils/iptables/Makefile ++++ b/package/network/utils/iptables/Makefile +@@ -321,12 +321,20 @@ Other extra iptables extensions. + - addrtype + - condition + - owner +- - physdev (if ebtables is enabled) + - pkttype + - quota + + endef + ++define Package/iptables-mod-physdev ++$(call Package/iptables/Module, +kmod-ipt-physdev) ++ TITLE:=physdev iptables extension ++endef ++ ++define Package/iptables-mod-physdev/description ++The iptables physdev match. ++endef ++ + define Package/iptables-mod-led + $(call Package/iptables/Module, +kmod-ipt-led) + TITLE:=LED trigger iptables extension +@@ -561,6 +569,7 @@ endef + $(eval $(call BuildPackage,iptables)) + $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m))) + $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m))) ++$(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m))) + $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m))) + $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m))) + $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m))) From 419417f82500ee14f566bc256f50613d57e6b272 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 11 Apr 2018 13:14:00 +0200 Subject: [PATCH 20/36] Add various patches to deal with bigger kernels --- ...on-size-for-UniFi-AP-Pro-and-Outdoor.patch | 24 ++++ ...-210-510-version-metainfo-to-the-end.patch | 109 ++++++++++++++++++ ...l-partition-size-for-CPE-WBS-210-510.patch | 67 +++++++++++ ...-partition-size-for-TP-Link-RE450-v1.patch | 41 +++++++ 4 files changed, 241 insertions(+) create mode 100644 patches/lede/0078-ar71xx-increase-kernel-partition-size-for-UniFi-AP-Pro-and-Outdoor.patch create mode 100644 patches/lede/0079-firmware-utils-tplink-safeloader-move-CPE-WBS-210-510-version-metainfo-to-the-end.patch create mode 100644 patches/lede/0080-ar71xx-increase-kernel-partition-size-for-CPE-WBS-210-510.patch create mode 100644 patches/lede/0081-ar71xx-increase-kernel-partition-size-for-TP-Link-RE450-v1.patch diff --git a/patches/lede/0078-ar71xx-increase-kernel-partition-size-for-UniFi-AP-Pro-and-Outdoor.patch b/patches/lede/0078-ar71xx-increase-kernel-partition-size-for-UniFi-AP-Pro-and-Outdoor.patch new file mode 100644 index 00000000..57d72f8a --- /dev/null +++ b/patches/lede/0078-ar71xx-increase-kernel-partition-size-for-UniFi-AP-Pro-and-Outdoor.patch @@ -0,0 +1,24 @@ +From: Matthias Schiffer +Date: Tue, 10 Apr 2018 15:19:52 +0200 +Subject: ar71xx: increase kernel partition size for UniFi AP Pro and Outdoor+ + +Tested on UAP Outdoor+. + +Signed-off-by: Matthias Schiffer + +diff --git a/target/linux/ar71xx/image/ubnt.mk b/target/linux/ar71xx/image/ubnt.mk +index 65ed708459e7e6026713437430fc248c692cd070..ef50aa99541b8220eac71b2f1b1a33419fdab987 100644 +--- a/target/linux/ar71xx/image/ubnt.mk ++++ b/target/linux/ar71xx/image/ubnt.mk +@@ -253,9 +253,9 @@ TARGET_DEVICES += ubnt-rs ubnt-rspro ubnt-ls-sr71 + + define Device/ubnt-uap-pro + DEVICE_TITLE := Ubiquiti UAP Pro +- KERNEL_SIZE := 1536k ++ KERNEL_SIZE := 1792k + IMAGE_SIZE := 15744k +- MTDPARTS := spi0.0:256k(u-boot)ro,64k(u-boot-env)ro,1536k(kernel),14208k(rootfs),256k(cfg)ro,64k(EEPROM)ro,15744k@0x50000(firmware) ++ MTDPARTS := spi0.0:256k(u-boot)ro,64k(u-boot-env)ro,1792k(kernel),13952k(rootfs),256k(cfg)ro,64k(EEPROM)ro,15744k@0x50000(firmware) + UBNT_TYPE := BZ + UBNT_CHIP := ar934x + BOARDNAME := UAP-PRO diff --git a/patches/lede/0079-firmware-utils-tplink-safeloader-move-CPE-WBS-210-510-version-metainfo-to-the-end.patch b/patches/lede/0079-firmware-utils-tplink-safeloader-move-CPE-WBS-210-510-version-metainfo-to-the-end.patch new file mode 100644 index 00000000..dbe58d7b --- /dev/null +++ b/patches/lede/0079-firmware-utils-tplink-safeloader-move-CPE-WBS-210-510-version-metainfo-to-the-end.patch @@ -0,0 +1,109 @@ +From: Matthias Schiffer +Date: Tue, 10 Apr 2018 17:26:34 +0200 +Subject: firmware-utils: tplink-safeloader: move CPE/WBS 210/510 version metainfo to the end + +Having the metainfo between kernel and rootfs prevents us from resizing +the kernel partition as necessary. + +Signed-off-by: Matthias Schiffer + +diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c +index 11ff2e56e19ec3780f988baf7257810530165b23..2a2329d1f188ea8520b6a4aeef25937e05d48a06 100644 +--- a/tools/firmware-utils/src/tplink-safeloader.c ++++ b/tools/firmware-utils/src/tplink-safeloader.c +@@ -139,10 +139,10 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x170000}, +- {"soft-version", 0x1b0000, 0x00100}, +- {"support-list", 0x1b1000, 0x00400}, +- {"file-system", 0x1c0000, 0x600000}, ++ {"os-image", 0x40000, 0x180000}, ++ {"file-system", 0x1c0000, 0x5f0000}, ++ {"soft-version", 0x7b0000, 0x00100}, ++ {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, + {"default-config", 0x7d0000, 0x10000}, + {"log", 0x7e0000, 0x10000}, +@@ -151,7 +151,7 @@ static struct device_info boards[] = { + }, + + .first_sysupgrade_partition = "os-image", +- .last_sysupgrade_partition = "file-system", ++ .last_sysupgrade_partition = "support-list", + }, + + /** Firmware layout for the CPE510/520 */ +@@ -177,10 +177,10 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x170000}, +- {"soft-version", 0x1b0000, 0x00100}, +- {"support-list", 0x1b1000, 0x00400}, +- {"file-system", 0x1c0000, 0x600000}, ++ {"os-image", 0x40000, 0x180000}, ++ {"file-system", 0x1c0000, 0x5f0000}, ++ {"soft-version", 0x7b0000, 0x00100}, ++ {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, + {"default-config", 0x7d0000, 0x10000}, + {"log", 0x7e0000, 0x10000}, +@@ -189,7 +189,7 @@ static struct device_info boards[] = { + }, + + .first_sysupgrade_partition = "os-image", +- .last_sysupgrade_partition = "file-system", ++ .last_sysupgrade_partition = "support-list", + }, + + { +@@ -209,10 +209,10 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x170000}, +- {"soft-version", 0x1b0000, 0x00100}, +- {"support-list", 0x1b1000, 0x00400}, +- {"file-system", 0x1c0000, 0x600000}, ++ {"os-image", 0x40000, 0x180000}, ++ {"file-system", 0x1c0000, 0x5f0000}, ++ {"soft-version", 0x7b0000, 0x00100}, ++ {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, + {"default-config", 0x7d0000, 0x10000}, + {"log", 0x7e0000, 0x10000}, +@@ -221,7 +221,7 @@ static struct device_info boards[] = { + }, + + .first_sysupgrade_partition = "os-image", +- .last_sysupgrade_partition = "file-system", ++ .last_sysupgrade_partition = "support-list", + }, + + { +@@ -241,10 +241,10 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x170000}, +- {"soft-version", 0x1b0000, 0x00100}, +- {"support-list", 0x1b1000, 0x00400}, +- {"file-system", 0x1c0000, 0x600000}, ++ {"os-image", 0x40000, 0x180000}, ++ {"file-system", 0x1c0000, 0x5f0000}, ++ {"soft-version", 0x7b0000, 0x00100}, ++ {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, + {"default-config", 0x7d0000, 0x10000}, + {"log", 0x7e0000, 0x10000}, +@@ -253,7 +253,7 @@ static struct device_info boards[] = { + }, + + .first_sysupgrade_partition = "os-image", +- .last_sysupgrade_partition = "file-system", ++ .last_sysupgrade_partition = "support-list", + }, + + /** Firmware layout for the C2600 */ diff --git a/patches/lede/0080-ar71xx-increase-kernel-partition-size-for-CPE-WBS-210-510.patch b/patches/lede/0080-ar71xx-increase-kernel-partition-size-for-CPE-WBS-210-510.patch new file mode 100644 index 00000000..839e6753 --- /dev/null +++ b/patches/lede/0080-ar71xx-increase-kernel-partition-size-for-CPE-WBS-210-510.patch @@ -0,0 +1,67 @@ +From: Matthias Schiffer +Date: Tue, 10 Apr 2018 18:14:41 +0200 +Subject: ar71xx: increase kernel partition size for CPE/WBS 210/510 + +Signed-off-by: Matthias Schiffer + +diff --git a/target/linux/ar71xx/image/tp-link.mk b/target/linux/ar71xx/image/tp-link.mk +index be7e846c88f9ebbb8a4e4840e690d7864386bf64..1a6e58fca882fc9d122c184ee8167537751acf25 100644 +--- a/target/linux/ar71xx/image/tp-link.mk ++++ b/target/linux/ar71xx/image/tp-link.mk +@@ -167,7 +167,7 @@ TARGET_DEVICES += archer-c60-v1 + define Device/cpe510-520 + DEVICE_TITLE := TP-LINK CPE510/520 + DEVICE_PACKAGES := rssileds +- MTDPARTS := spi0.0:128k(u-boot)ro,64k(pation-table)ro,64k(product-info)ro,1536k(kernel),6144k(rootfs),192k(config)ro,64k(ART)ro,7680k@0x40000(firmware) ++ MTDPARTS := spi0.0:128k(u-boot)ro,64k(partition-table)ro,64k(product-info)ro,1792k(kernel),5888k(rootfs),192k(config)ro,64k(ART)ro,7680k@0x40000(firmware) + IMAGE_SIZE := 7680k + BOARDNAME := CPE510 + TPLINK_BOARD_NAME := CPE510 +diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c +index 2a2329d1f188ea8520b6a4aeef25937e05d48a06..ba86c71d870c8f38abb92c657c3656086a7782be 100644 +--- a/tools/firmware-utils/src/tplink-safeloader.c ++++ b/tools/firmware-utils/src/tplink-safeloader.c +@@ -139,8 +139,8 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x180000}, +- {"file-system", 0x1c0000, 0x5f0000}, ++ {"os-image", 0x40000, 0x1c0000}, ++ {"file-system", 0x200000, 0x5b0000}, + {"soft-version", 0x7b0000, 0x00100}, + {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, +@@ -177,8 +177,8 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x180000}, +- {"file-system", 0x1c0000, 0x5f0000}, ++ {"os-image", 0x40000, 0x1c0000}, ++ {"file-system", 0x200000, 0x5b0000}, + {"soft-version", 0x7b0000, 0x00100}, + {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, +@@ -209,8 +209,8 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x180000}, +- {"file-system", 0x1c0000, 0x5f0000}, ++ {"os-image", 0x40000, 0x1c0000}, ++ {"file-system", 0x200000, 0x5b0000}, + {"soft-version", 0x7b0000, 0x00100}, + {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, +@@ -241,8 +241,8 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x180000}, +- {"file-system", 0x1c0000, 0x5f0000}, ++ {"os-image", 0x40000, 0x1c0000}, ++ {"file-system", 0x200000, 0x5b0000}, + {"soft-version", 0x7b0000, 0x00100}, + {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, diff --git a/patches/lede/0081-ar71xx-increase-kernel-partition-size-for-TP-Link-RE450-v1.patch b/patches/lede/0081-ar71xx-increase-kernel-partition-size-for-TP-Link-RE450-v1.patch new file mode 100644 index 00000000..e03db780 --- /dev/null +++ b/patches/lede/0081-ar71xx-increase-kernel-partition-size-for-TP-Link-RE450-v1.patch @@ -0,0 +1,41 @@ +From: Piotr Dymacz +Date: Mon, 6 Nov 2017 23:17:24 +0100 +Subject: ar71xx: increase kernel partition size for TP-Link RE450 v1 + +This increases kernel partition size and fixes rootfs (file-system) +partition size on TP-Link RE450 v1. Also, while we are at it, switch +from statically defined kernel and rootfs partitions in kernel cmdline +to "tplink-fw" mtd splitter. + +Fixes: FS#1072. + +Signed-off-by: Piotr Dymacz + +diff --git a/target/linux/ar71xx/image/tp-link.mk b/target/linux/ar71xx/image/tp-link.mk +index 1a6e58fca882fc9d122c184ee8167537751acf25..60dfe0e3edafcadad4ddc08be7645b49f269907c 100644 +--- a/target/linux/ar71xx/image/tp-link.mk ++++ b/target/linux/ar71xx/image/tp-link.mk +@@ -207,7 +207,7 @@ TARGET_DEVICES += cpe210-220 cpe510-520 wbs210 wbs510 + define Device/re450 + DEVICE_TITLE := TP-LINK RE450 + DEVICE_PACKAGES := kmod-ath10k ath10k-firmware-qca988x +- MTDPARTS := spi0.0:128k(u-boot)ro,1344k(kernel),4672k(rootfs),64k(pation-table)ro,64k(product-info)ro,1856k(config)ro,64k(art)ro,6016k@0x20000(firmware) ++ MTDPARTS := spi0.0:128k(u-boot)ro,6016k(firmware),64k(partition-table)ro,64k(product-info)ro,1856k(config)ro,64k(art)ro + IMAGE_SIZE := 7936k + BOARDNAME := RE450 + TPLINK_BOARD_NAME := RE450 +diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c +index ba86c71d870c8f38abb92c657c3656086a7782be..23b69f3bd0eb66aca650eb2ffd7d5cd2a7cb5194 100644 +--- a/tools/firmware-utils/src/tplink-safeloader.c ++++ b/tools/firmware-utils/src/tplink-safeloader.c +@@ -689,8 +689,8 @@ static struct device_info boards[] = { + */ + .partitions = { + {"fs-uboot", 0x00000, 0x20000}, +- {"os-image", 0x20000, 0x150000}, +- {"file-system", 0x170000, 0x4a0000}, ++ {"os-image", 0x20000, 0x180000}, ++ {"file-system", 0x1a0000, 0x460000}, + {"partition-table", 0x600000, 0x02000}, + {"default-mac", 0x610000, 0x00020}, + {"pin", 0x610100, 0x00020}, From f18541d3a55a960ab59fa201bdac819b329aee0c Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 11 Apr 2018 13:14:00 +0200 Subject: [PATCH 21/36] treewide: add support for building kernel modules used by Gluon into the kernel --- package/gluon-client-bridge/Makefile | 2 +- package/gluon-core/Config.in | 338 ++++++++++++++++++ package/gluon-core/Makefile | 4 + package/gluon-ebtables-limit-arp/Makefile | 5 +- package/gluon-ebtables/Makefile | 12 +- package/gluon-mesh-batman-adv/Makefile | 2 +- package/gluon-mesh-vpn-core/Makefile | 9 +- package/gluon-mesh-vpn-fastd/Makefile | 2 +- package/gluon-mesh-vpn-tunneldigger/Makefile | 2 +- ...build-kmod-packages-with-empty-FILES.patch | 37 ++ 10 files changed, 406 insertions(+), 7 deletions(-) create mode 100644 package/gluon-core/Config.in create mode 100644 patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch diff --git a/package/gluon-client-bridge/Makefile b/package/gluon-client-bridge/Makefile index ccf1bcd8..19a0e3a4 100644 --- a/package/gluon-client-bridge/Makefile +++ b/package/gluon-client-bridge/Makefile @@ -9,7 +9,7 @@ define Package/gluon-client-bridge SECTION:=gluon CATEGORY:=Gluon TITLE:=Provides a bridge and a wireless interface for clients to connect to - DEPENDS:=+gluon-core +kmod-veth + DEPENDS:=+gluon-core +kmod-veth +@GLUON_SPECIALIZE_KERNEL:KERNEL_VETH endef $(eval $(call BuildPackageGluon,gluon-client-bridge)) diff --git a/package/gluon-core/Config.in b/package/gluon-core/Config.in new file mode 100644 index 00000000..9def3c29 --- /dev/null +++ b/package/gluon-core/Config.in @@ -0,0 +1,338 @@ +config KERNEL_NET_IP_TUNNEL + bool + +config KERNEL_NET_UDP_TUNNEL + bool + +config KERNEL_VXLAN + bool + select KERNEL_NET_IP_TUNNEL + select KERNEL_NET_UDP_TUNNEL + +config KERNEL_VETH + bool + + +# for fastd + +config KERNEL_TUN + bool + + +# for tunneldigger + +config KERNEL_L2TP_V3 + bool + +config KERNEL_L2TP_IP + bool + +config KERNEL_L2TP_ETH + bool + +config KERNEL_L2TP + bool + select KERNEL_L2TP_V3 + select KERNEL_L2TP_IP + select KERNEL_L2TP_ETH + + +# for simple-tc + +config KERNEL_NET_SCHED + bool + +config KERNEL_NET_CLS + bool + select KERNEL_NET_SCHED + +config KERNEL_NET_CLS_ACT + bool + select KERNEL_NET_CLS + +config KERNEL_NET_CLS_BASIC + bool + select KERNEL_NET_CLS + +config KERNEL_NET_SCH_TBF + bool + select KERNEL_NET_SCHED + +config KERNEL_NET_SCH_INGRESS + bool + select KERNEL_NET_CLS_ACT + + +# for batman-adv + +config KERNEL_DUMMY + bool + +config KERNEL_CRC16 + bool + +config KERNEL_LIBCRC32C + bool + + +# Netfilter modules used by ebtables and fw3 + +config KERNEL_NETFILTER + bool + +config KERNEL_NETFILTER_ADVANCED + bool + select KERNEL_NETFILTER + +config KERNEL_NETFILTER_XTABLES + bool + select KERNEL_NETFILTER_ADVANCED + +config KERNEL_BRIDGE_NF_EBTABLES + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_BRIDGE_EBT_T_FILTER + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_T_NAT + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_ARP + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_IP + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_IP6 + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_LIMIT + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_MARK + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_MARK_T + bool + select KERNEL_BRIDGE_NF_EBTABLES + + +# Not all of the following modules are really required for Gluon, but fw3 pulls +# them in, so we add them to the kernel config to reduce the number of loaded +# modules + +# kmod-nf-conntrack + +config KERNEL_NF_CONNTRACK + bool + select KERNEL_NETFILTER_ADVANCED + +config KERNEL_NF_CONNTRACK_RTCACHE + bool + select KERNEL_NF_CONNTRACK + +config KERNEL_NF_CONNTRACK_IPV4 + bool + select KERNEL_NF_CONNTRACK + + +# kmod-nf-conntrack6 + +config KERNEL_NF_CONNTRACK_IPV6 + bool + select KERNEL_NF_CONNTRACK + + +# kmod-nf-ipt + +config KERNEL_NF_REJECT_IPV4 + bool + select KERNEL_NETFILTER_ADVANCED + +config KERNEL_IP_NF_IPTABLES + bool + select KERNEL_NETFILTER_XTABLES + select KERNEL_NF_REJECT_IPV4 + + +# kmod-nf-ipt6 + +config KERNEL_NF_REJECT_IPV6 + bool + select KERNEL_NETFILTER_ADVANCED + +config KERNEL_IP6_NF_IPTABLES + bool + select KERNEL_NETFILTER_XTABLES + select KERNEL_NF_REJECT_IPV6 + + +# kmod-nf-nat + +config KERNEL_NF_NAT + bool + select KERNEL_NF_CONNTRACK + +config KERNEL_NF_NAT_REDIRECT + bool + select KERNEL_NF_NAT + +config KERNEL_NF_NAT_IPV4 + bool + select KERNEL_NETFILTER_ADVANCED + select KERNEL_NF_NAT + +config KERNEL_NF_NAT_MASQUERADE_IPV4 + bool + select KERNEL_NF_NAT_IPV4 + + +# kmod-ipt-core + +config KERNEL_IP_NF_FILTER + bool + select KERNEL_IP_NF_IPTABLES + +config KERNEL_IP_NF_MANGLE + bool + select KERNEL_IP_NF_IPTABLES + +config KERNEL_IP_NF_TARGET_REJECT + bool + select KERNEL_IP_NF_FILTER + +config KERNEL_NETFILTER_XT_MATCH_LIMIT + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_MAC + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_MULTIPORT + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_COMMENT + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_TIME + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MARK + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_TARGET_LOG + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_TARGET_TCPMSS + bool + select KERNEL_NETFILTER_XTABLES + +# kmod-ip6tables + +config KERNEL_IP6_NF_FILTER + bool + select KERNEL_IP6_NF_IPTABLES + +config KERNEL_IP6_NF_MANGLE + bool + select KERNEL_IP6_NF_IPTABLES + +config KERNEL_IP6_NF_TARGET_REJECT + bool + select KERNEL_IP6_NF_IPTABLES + + +# kmod-ipt-conntrack + +config KERNEL_NETFILTER_XT_MATCH_STATE + bool + select KERNEL_NETFILTER_XTABLES + select KERNEL_NF_CONNTRACK + +config KERNEL_NETFILTER_XT_MATCH_CONNTRACK + bool + select KERNEL_NETFILTER_XTABLES + select KERNEL_NF_CONNTRACK + + +# kmod-ipt-nat + +config KERNEL_IP_NF_NAT + bool + select KERNEL_NF_NAT + select KERNEL_IP_NF_IPTABLES + +config KERNEL_IP_NF_TARGET_MASQUERADE + bool + select KERNEL_NF_NAT_MASQUERADE_IPV4 + select KERNEL_IP_NF_NAT + +config KERNEL_IP_NF_TARGET_REDIRECT + bool + select KERNEL_NF_NAT + select KERNEL_IP_NF_NAT + + +# kmod-ipt-extra + +config KERNEL_NETFILTER_XT_MATCH_ADDRTYPE + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_OWNER + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_PKTTYPE + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_QUOTA + bool + select KERNEL_NETFILTER_XTABLES + + +config GLUON_SPECIALIZE_KERNEL + bool "Specialize kernel for Gluon" + select KERNEL_VXLAN + select KERNEL_NF_CONNTRACK_RTCACHE + select KERNEL_NF_CONNTRACK_IPV4 + select KERNEL_NF_CONNTRACK_IPV6 + select KERNEL_IP_NF_IPTABLES + select KERNEL_IP6_NF_IPTABLES + select KERNEL_NF_NAT_REDIRECT + select KERNEL_NF_NAT_IPV4 + select KERNEL_NF_NAT_MASQUERADE_IPV4 + select KERNEL_IP_NF_FILTER + select KERNEL_IP_NF_MANGLE + select KERNEL_IP_NF_TARGET_REJECT + select KERNEL_IP6_NF_FILTER + select KERNEL_IP6_NF_MANGLE + select KERNEL_IP6_NF_TARGET_REJECT + select KERNEL_NETFILTER_XT_MATCH_LIMIT + select KERNEL_NETFILTER_XT_MATCH_MAC + select KERNEL_NETFILTER_XT_MATCH_MULTIPORT + select KERNEL_NETFILTER_XT_MATCH_COMMENT + select KERNEL_NETFILTER_XT_MATCH_TIME + select KERNEL_NETFILTER_XT_MARK + select KERNEL_NETFILTER_XT_TARGET_LOG + select KERNEL_NETFILTER_XT_TARGET_TCPMSS + select KERNEL_NETFILTER_XT_MATCH_STATE + select KERNEL_NETFILTER_XT_MATCH_CONNTRACK + select KERNEL_IP_NF_NAT + select KERNEL_IP_NF_TARGET_MASQUERADE + select KERNEL_IP_NF_TARGET_REDIRECT diff --git a/package/gluon-core/Makefile b/package/gluon-core/Makefile index 39218d66..f220b9f4 100644 --- a/package/gluon-core/Makefile +++ b/package/gluon-core/Makefile @@ -23,6 +23,10 @@ define Package/gluon-core/description Gluon community wifi mesh firmware framework: core endef +define Package/gluon-core/config + source "$(SOURCE)/Config.in" +endef + define Package/gluon-core/install $(Gluon/Build/Install) diff --git a/package/gluon-ebtables-limit-arp/Makefile b/package/gluon-ebtables-limit-arp/Makefile index 4562c627..a356b832 100644 --- a/package/gluon-ebtables-limit-arp/Makefile +++ b/package/gluon-ebtables-limit-arp/Makefile @@ -10,7 +10,10 @@ define Package/gluon-ebtables-limit-arp SECTION:=gluon CATEGORY:=Gluon TITLE:=Ebtables limiter for ARP packets - DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv + DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_LIMIT \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_MARK \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_MARK_T endef define Package/gluon-ebtables-limit-arp/description diff --git a/package/gluon-ebtables/Makefile b/package/gluon-ebtables/Makefile index 3ecf9b88..3a2fffdc 100644 --- a/package/gluon-ebtables/Makefile +++ b/package/gluon-ebtables/Makefile @@ -4,13 +4,23 @@ PKG_NAME:=gluon-ebtables PKG_VERSION:=1 PKG_RELEASE:=1 +PKG_CONFIG_DEPENDS := CONFIG_GLUON_SPECIALIZE_KERNEL + include ../gluon.mk define Package/gluon-ebtables SECTION:=gluon CATEGORY:=Gluon TITLE:=Ebtables support - DEPENDS:=+gluon-core +ebtables-tiny +kmod-ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6 + DEPENDS:=+gluon-core +ebtables-tiny \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_T_FILTER \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_T_NAT \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_ARP \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_IP \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_IP6 \ + +!GLUON_SPECIALIZE_KERNEL:kmod-ebtables \ + +!GLUON_SPECIALIZE_KERNEL:kmod-ebtables-ipv4 \ + +!GLUON_SPECIALIZE_KERNEL:kmod-ebtables-ipv6 endef define Package/gluon-ebtables/description diff --git a/package/gluon-mesh-batman-adv/Makefile b/package/gluon-mesh-batman-adv/Makefile index 22355798..a8c4801d 100644 --- a/package/gluon-mesh-batman-adv/Makefile +++ b/package/gluon-mesh-batman-adv/Makefile @@ -9,7 +9,7 @@ define Package/gluon-mesh-batman-adv/common SECTION:=gluon CATEGORY:=Gluon PROVIDES:=gluon-mesh-batman-adv - DEPENDS:=+gluon-core +libgluonutil +gluon-client-bridge +gluon-ebtables +firewall +libiwinfo +kmod-dummy +libnl-tiny +libbatadv + DEPENDS:=+gluon-core +libgluonutil +gluon-client-bridge +gluon-ebtables +firewall +libiwinfo +kmod-dummy +libnl-tiny +libbatadv +@GLUON_SPECIALIZE_KERNEL:KERNEL_DUMMY +@GLUON_SPECIALIZE_KERNEL:KERNEL_CRC16 +@GLUON_SPECIALIZE_KERNEL:KERNEL_LIBCRC32C endef define Package/gluon-mesh-batman-adv-14 diff --git a/package/gluon-mesh-vpn-core/Makefile b/package/gluon-mesh-vpn-core/Makefile index 263ec217..88590573 100644 --- a/package/gluon-mesh-vpn-core/Makefile +++ b/package/gluon-mesh-vpn-core/Makefile @@ -9,7 +9,14 @@ define Package/gluon-mesh-vpn-core SECTION:=gluon CATEGORY:=Gluon TITLE:=Basic support for connecting meshes via VPN tunnels - DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables +iptables-mod-extra +simple-tc + DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables +iptables-mod-extra +simple-tc \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_ADDRTYPE \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_OWNER \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_PKTTYPE \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_QUOTA \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_CLS_BASIC \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_SCH_TBF \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_SCH_INGRESS USERID:=:gluon-mesh-vpn=800 endef diff --git a/package/gluon-mesh-vpn-fastd/Makefile b/package/gluon-mesh-vpn-fastd/Makefile index 50b35e5a..477cd48e 100644 --- a/package/gluon-mesh-vpn-fastd/Makefile +++ b/package/gluon-mesh-vpn-fastd/Makefile @@ -9,7 +9,7 @@ define Package/gluon-mesh-vpn-fastd SECTION:=gluon CATEGORY:=Gluon TITLE:=Support for connecting meshes via fastd - DEPENDS:=+gluon-core +libgluonutil +gluon-mesh-vpn-core +fastd + DEPENDS:=+gluon-core +libgluonutil +gluon-mesh-vpn-core +fastd +@GLUON_SPECIALIZE_KERNEL:KERNEL_TUN endef $(eval $(call BuildPackageGluon,gluon-mesh-vpn-fastd)) diff --git a/package/gluon-mesh-vpn-tunneldigger/Makefile b/package/gluon-mesh-vpn-tunneldigger/Makefile index 8b8099b1..d463db41 100644 --- a/package/gluon-mesh-vpn-tunneldigger/Makefile +++ b/package/gluon-mesh-vpn-tunneldigger/Makefile @@ -9,7 +9,7 @@ define Package/gluon-mesh-vpn-tunneldigger SECTION:=gluon CATEGORY:=Gluon TITLE:=Support for connecting meshes via tunneltigger/L2TPv3 pseudowire - DEPENDS:=+gluon-core +gluon-mesh-vpn-core +tunneldigger + DEPENDS:=+gluon-core +gluon-mesh-vpn-core +tunneldigger +@GLUON_SPECIALIZE_KERNEL:KERNEL_L2TP endef $(eval $(call BuildPackageGluon,gluon-mesh-vpn-tunneldigger)) diff --git a/patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch b/patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch new file mode 100644 index 00000000..c8c4fcc9 --- /dev/null +++ b/patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch @@ -0,0 +1,37 @@ +From: Matthias Schiffer +Date: Tue, 10 Apr 2018 09:03:52 +0200 +Subject: include/kernel.mk: build kmod packages with empty FILES + +kmod packages without FILES did not have an install step defined, leading +to no package being built. This affected netfilter/iptables packages, which +filter out builtin modules from FILES. + +Not building a package that it is selected in .config is problematic, as +the generated empty package may be necessary to satisfy dependencies. + +Signed-off-by: Matthias Schiffer + +diff --git a/include/kernel.mk b/include/kernel.mk +index b1d0e8d927cb462b486cfd645d68963f1b6ab8ff..d8d457fe7a5d3584d8aa4e27430da84533c85ed0 100644 +--- a/include/kernel.mk ++++ b/include/kernel.mk +@@ -194,8 +194,7 @@ $(call KernelPackage/$(1)/config) + $(call KernelPackage/depends) + + ifneq ($(if $(filter-out %=y %=n %=m,$(KCONFIG)),$(filter m y,$(foreach c,$(filter-out %=y %=n %=m,$(KCONFIG)),$($(c)))),.),) +- ifneq ($(strip $(FILES)),) +- define Package/kmod-$(1)/install ++ define Package/kmod-$(1)/install + @for mod in $$(call version_filter,$$(FILES)); do \ + if grep -q "$$$$$$$${mod##$(LINUX_DIR)/}" "$(LINUX_DIR)/modules.builtin"; then \ + echo "NOTICE: module '$$$$$$$$mod' is built-in."; \ +@@ -209,8 +208,7 @@ $(call KernelPackage/$(1)/config) + done; + $(call ModuleAutoLoad,$(1),$$(1),$(AUTOLOAD)) + $(call KernelPackage/$(1)/install,$$(1)) +- endef +- endif ++ endef + $(if $(CONFIG_PACKAGE_kmod-$(1)), + else + compile: $(1)-disabled From 078048091eda749d96c1e12573e43dc179aa0b8a Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Thu, 12 Apr 2018 06:11:26 +0200 Subject: [PATCH 22/36] ar71xx: build kernel modules used by Gluon into the kernel ar71xx-generic and -tiny benefit most from the optimized kernel, as they contain all devices with 32MB RAM. We enable CONFIG_GLUON_SPECIALIZE_KERNEL for all targets using the mips24_kc architecture so packages shared between targets don't need to be rebuild all the time. --- targets/ar71xx-generic | 2 ++ targets/ar71xx-mikrotik | 2 ++ targets/ar71xx-nand | 2 ++ targets/ar71xx-tiny | 2 ++ 4 files changed, 8 insertions(+) diff --git a/targets/ar71xx-generic b/targets/ar71xx-generic index f9906f7a..525e441a 100644 --- a/targets/ar71xx-generic +++ b/targets/ar71xx-generic @@ -1,3 +1,5 @@ +config 'CONFIG_GLUON_SPECIALIZE_KERNEL=y' + ATH10K_PACKAGES='-kmod-ath10k kmod-ath10k-ct' ATH10K_PACKAGES_QCA9887= if [ "$GLUON_WLAN_MESH" = 'ibss' ]; then diff --git a/targets/ar71xx-mikrotik b/targets/ar71xx-mikrotik index 9d0f5442..56ac8159 100644 --- a/targets/ar71xx-mikrotik +++ b/targets/ar71xx-mikrotik @@ -1,3 +1,5 @@ +config 'CONFIG_GLUON_SPECIALIZE_KERNEL=y' + # Enable ath5k in addition to ath9k # ath5k cards are commonly used with Mikrotik hardware packages 'kmod-ath5k' diff --git a/targets/ar71xx-nand b/targets/ar71xx-nand index 02961b3a..019ca786 100644 --- a/targets/ar71xx-nand +++ b/targets/ar71xx-nand @@ -1,3 +1,5 @@ +config 'CONFIG_GLUON_SPECIALIZE_KERNEL=y' + factory -ubi-factory .img sysupgrade -squashfs-sysupgrade .tar diff --git a/targets/ar71xx-tiny b/targets/ar71xx-tiny index 79d2a9fe..fd779d77 100644 --- a/targets/ar71xx-tiny +++ b/targets/ar71xx-tiny @@ -1,3 +1,5 @@ +config 'CONFIG_GLUON_SPECIALIZE_KERNEL=y' + no_opkg packages '-uboot-envtools' '-kmod-usb-core' '-kmod-usb-ohci' '-kmod-usb2' '-kmod-usb-ledtrig-usbport' From d742caf641b085bf5a9a2ada9c7e4d5790bd268a Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 13 Apr 2018 22:50:37 +0200 Subject: [PATCH 23/36] gluon-status-page: fix typo in comment --- .../luasrc/lib/gluon/status-page/controller/status-page.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua b/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua index a997ff5f..bdd46979 100644 --- a/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua +++ b/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua @@ -69,8 +69,7 @@ entry({}, call(function(http, renderer) match(node_ip, parse_ip(site.next_node.ip6()), 8) ) then -- The user has visited the status page via a next-node address - -- Redirect the user the a unique address to avoid switching - -- nodes + -- Redirect the user to a unique address to avoid switching nodes local prefix = parse_ip(site.prefix6():match('^[^/]+')) for _, addr in ipairs(nodeinfo.network.addresses) do if match(prefix, parse_ip(addr), 4) then From bcebbdfaddcdde9268187c5bd06608aedaea4bfc Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 14 Apr 2018 00:01:04 +0200 Subject: [PATCH 24/36] treewide: automatically set SECTION and CATEGORY for Gluon packages --- package/gluon-alfred/Makefile | 2 -- package/gluon-authorized-keys/Makefile | 2 -- package/gluon-autoupdater/Makefile | 2 -- package/gluon-client-bridge/Makefile | 2 -- package/gluon-config-mode-autoupdater/Makefile | 2 -- package/gluon-config-mode-contact-info/Makefile | 2 -- package/gluon-config-mode-core/Makefile | 2 -- package/gluon-config-mode-domain-select/Makefile | 2 -- package/gluon-config-mode-geo-location/Makefile | 2 -- package/gluon-config-mode-hostname/Makefile | 2 -- package/gluon-config-mode-mesh-vpn/Makefile | 2 -- package/gluon-config-mode-theme/Makefile | 2 -- package/gluon-core/Makefile | 2 -- package/gluon-ebtables-filter-multicast/Makefile | 2 -- package/gluon-ebtables-filter-ra-dhcp/Makefile | 2 -- package/gluon-ebtables-limit-arp/Makefile | 2 -- package/gluon-ebtables-source-filter/Makefile | 2 -- package/gluon-ebtables/Makefile | 2 -- package/gluon-l3roamd/Makefile | 2 -- package/gluon-lock-password/Makefile | 2 -- package/gluon-mesh-batman-adv/Makefile | 2 -- package/gluon-mesh-vpn-core/Makefile | 2 -- package/gluon-mesh-vpn-fastd/Makefile | 2 -- package/gluon-mesh-vpn-tunneldigger/Makefile | 2 -- package/gluon-neighbour-info/Makefile | 2 -- package/gluon-node-info/Makefile | 2 -- package/gluon-radv-filterd/Makefile | 2 -- package/gluon-radvd/Makefile | 2 -- package/gluon-respondd/Makefile | 2 -- package/gluon-setup-mode/Makefile | 2 -- package/gluon-site/Makefile | 4 +--- package/gluon-status-page/Makefile | 2 -- package/gluon-wan-dnsmasq/Makefile | 2 -- package/gluon-web-admin/Makefile | 2 -- package/gluon-web-autoupdater/Makefile | 2 -- package/gluon-web-logging/Makefile | 2 -- package/gluon-web-mesh-vpn-fastd/Makefile | 2 -- package/gluon-web-model/Makefile | 2 -- package/gluon-web-network/Makefile | 2 -- package/gluon-web-node-role/Makefile | 2 -- package/gluon-web-private-wifi/Makefile | 2 -- package/gluon-web-wifi-config/Makefile | 2 -- package/gluon-web/Makefile | 2 -- package/gluon.mk | 6 ++++++ 44 files changed, 7 insertions(+), 87 deletions(-) diff --git a/package/gluon-alfred/Makefile b/package/gluon-alfred/Makefile index 23a8f242..7c173a77 100644 --- a/package/gluon-alfred/Makefile +++ b/package/gluon-alfred/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-alfred - SECTION:=gluon - CATEGORY:=Gluon DEPENDS:=+gluon-core +gluon-respondd +gluon-neighbour-info gluon-mesh-batman-adv +micrond +alfred TITLE:=Configure alfred endef diff --git a/package/gluon-authorized-keys/Makefile b/package/gluon-authorized-keys/Makefile index d6fcb0e4..2995107a 100644 --- a/package/gluon-authorized-keys/Makefile +++ b/package/gluon-authorized-keys/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=2 include ../gluon.mk define Package/gluon-authorized-keys - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Fill /etc/dropbear/authorized_keys from site.conf DEPENDS:=+gluon-core endef diff --git a/package/gluon-autoupdater/Makefile b/package/gluon-autoupdater/Makefile index b0314afe..d6e87499 100644 --- a/package/gluon-autoupdater/Makefile +++ b/package/gluon-autoupdater/Makefile @@ -8,8 +8,6 @@ PKG_CONFIG_DEPENDS := CONFIG_GLUON_BRANCH include ../gluon.mk define Package/gluon-autoupdater - SECTION:=gluon - CATEGORY:=Gluon DEPENDS:=+gluon-core +libgluonutil +micrond +autoupdater TITLE:=Automatically update firmware endef diff --git a/package/gluon-client-bridge/Makefile b/package/gluon-client-bridge/Makefile index 19a0e3a4..a2daf34b 100644 --- a/package/gluon-client-bridge/Makefile +++ b/package/gluon-client-bridge/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-client-bridge - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Provides a bridge and a wireless interface for clients to connect to DEPENDS:=+gluon-core +kmod-veth +@GLUON_SPECIALIZE_KERNEL:KERNEL_VETH endef diff --git a/package/gluon-config-mode-autoupdater/Makefile b/package/gluon-config-mode-autoupdater/Makefile index d6a97f27..b94d3b45 100644 --- a/package/gluon-config-mode-autoupdater/Makefile +++ b/package/gluon-config-mode-autoupdater/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-config-mode-autoupdater - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Config Mode: Let the user know whether the autoupdater is enabled or not DEPENDS:=+gluon-config-mode-core +gluon-autoupdater endef diff --git a/package/gluon-config-mode-contact-info/Makefile b/package/gluon-config-mode-contact-info/Makefile index 5b84b1a5..fba53c4d 100644 --- a/package/gluon-config-mode-contact-info/Makefile +++ b/package/gluon-config-mode-contact-info/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-config-mode-contact-info - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Allows the user to provide contact information to be distributed in the mesh DEPENDS:=+gluon-config-mode-core +gluon-node-info endef diff --git a/package/gluon-config-mode-core/Makefile b/package/gluon-config-mode-core/Makefile index 21976dc6..b9c39487 100644 --- a/package/gluon-config-mode-core/Makefile +++ b/package/gluon-config-mode-core/Makefile @@ -9,8 +9,6 @@ PKG_VERSION:=2 include ../gluon.mk define Package/gluon-config-mode-core - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Configuration wizard for user friendly setup of new mesh nodes DEPENDS:=+gluon-setup-mode +gluon-web-model +gluon-config-mode-theme +uhttpd endef diff --git a/package/gluon-config-mode-domain-select/Makefile b/package/gluon-config-mode-domain-select/Makefile index 410ac964..b1ded939 100644 --- a/package/gluon-config-mode-domain-select/Makefile +++ b/package/gluon-config-mode-domain-select/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-config-mode-domain-select - SECTION:=gluon - CATEGORY:=Gluon TITLE:=UI for changing the node-config DEPENDS:=+gluon-config-mode-core @GLUON_MULTIDOMAIN endef diff --git a/package/gluon-config-mode-geo-location/Makefile b/package/gluon-config-mode-geo-location/Makefile index e1482de9..a020feb9 100644 --- a/package/gluon-config-mode-geo-location/Makefile +++ b/package/gluon-config-mode-geo-location/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-config-mode-geo-location - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Set geographic location of a node DEPENDS:=+gluon-config-mode-core +gluon-node-info endef diff --git a/package/gluon-config-mode-hostname/Makefile b/package/gluon-config-mode-hostname/Makefile index f4dfd7e8..fdf3acd9 100644 --- a/package/gluon-config-mode-hostname/Makefile +++ b/package/gluon-config-mode-hostname/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-config-mode-hostname - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Set the hostname DEPENDS:=+gluon-config-mode-core endef diff --git a/package/gluon-config-mode-mesh-vpn/Makefile b/package/gluon-config-mode-mesh-vpn/Makefile index 549dbdbd..0c3a752d 100644 --- a/package/gluon-config-mode-mesh-vpn/Makefile +++ b/package/gluon-config-mode-mesh-vpn/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=2 include ../gluon.mk define Package/gluon-config-mode-mesh-vpn - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Toggle mesh-vpn and bandwidth limit DEPENDS:=+gluon-config-mode-core +gluon-mesh-vpn-core endef diff --git a/package/gluon-config-mode-theme/Makefile b/package/gluon-config-mode-theme/Makefile index 34e2a0d4..38858f0c 100644 --- a/package/gluon-config-mode-theme/Makefile +++ b/package/gluon-config-mode-theme/Makefile @@ -9,8 +9,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-config-mode-theme - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Gluon config mode theme for gluon-web DEPENDS:=+gluon-core +gluon-web endef diff --git a/package/gluon-core/Makefile b/package/gluon-core/Makefile index f220b9f4..c0600c1f 100644 --- a/package/gluon-core/Makefile +++ b/package/gluon-core/Makefile @@ -11,8 +11,6 @@ include ../gluon.mk include $(INCLUDE_DIR)/cmake.mk define Package/gluon-core - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Base files of Gluon DEPENDS:= \ +gluon-site +libgluonutil +libiwinfo-lua +lua-platform-info +lua-simple-uci +lua-hash +lua-jsonc \ diff --git a/package/gluon-ebtables-filter-multicast/Makefile b/package/gluon-ebtables-filter-multicast/Makefile index 1b500fd5..dc579a2a 100644 --- a/package/gluon-ebtables-filter-multicast/Makefile +++ b/package/gluon-ebtables-filter-multicast/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-ebtables-filter-multicast - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Ebtables filters for multicast packets DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv endef diff --git a/package/gluon-ebtables-filter-ra-dhcp/Makefile b/package/gluon-ebtables-filter-ra-dhcp/Makefile index 30f5238a..c650bb89 100644 --- a/package/gluon-ebtables-filter-ra-dhcp/Makefile +++ b/package/gluon-ebtables-filter-ra-dhcp/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-ebtables-filter-ra-dhcp - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Ebtables filters for Router Advertisement and DHCP packets DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv endef diff --git a/package/gluon-ebtables-limit-arp/Makefile b/package/gluon-ebtables-limit-arp/Makefile index a356b832..f7bdc48d 100644 --- a/package/gluon-ebtables-limit-arp/Makefile +++ b/package/gluon-ebtables-limit-arp/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-ebtables-limit-arp - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Ebtables limiter for ARP packets DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv \ +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_LIMIT \ diff --git a/package/gluon-ebtables-source-filter/Makefile b/package/gluon-ebtables-source-filter/Makefile index d19b047b..2c14a793 100644 --- a/package/gluon-ebtables-source-filter/Makefile +++ b/package/gluon-ebtables-source-filter/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-ebtables-source-filter - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Ebtables rules to filter unreasonable L2 traffic. DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv endef diff --git a/package/gluon-ebtables/Makefile b/package/gluon-ebtables/Makefile index 3a2fffdc..ca83fcf4 100644 --- a/package/gluon-ebtables/Makefile +++ b/package/gluon-ebtables/Makefile @@ -9,8 +9,6 @@ PKG_CONFIG_DEPENDS := CONFIG_GLUON_SPECIALIZE_KERNEL include ../gluon.mk define Package/gluon-ebtables - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Ebtables support DEPENDS:=+gluon-core +ebtables-tiny \ +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_T_FILTER \ diff --git a/package/gluon-l3roamd/Makefile b/package/gluon-l3roamd/Makefile index 04883387..9cae9bb1 100644 --- a/package/gluon-l3roamd/Makefile +++ b/package/gluon-l3roamd/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-l3roamd - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Configure l3roamd for babel DEPENDS:=+gluon-core +l3roamd endef diff --git a/package/gluon-lock-password/Makefile b/package/gluon-lock-password/Makefile index f6282006..366fd7b8 100644 --- a/package/gluon-lock-password/Makefile +++ b/package/gluon-lock-password/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-lock-password - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Locks the root account by default DEPENDS:=+gluon-core endef diff --git a/package/gluon-mesh-batman-adv/Makefile b/package/gluon-mesh-batman-adv/Makefile index a8c4801d..4b158f5a 100644 --- a/package/gluon-mesh-batman-adv/Makefile +++ b/package/gluon-mesh-batman-adv/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-mesh-batman-adv/common - SECTION:=gluon - CATEGORY:=Gluon PROVIDES:=gluon-mesh-batman-adv DEPENDS:=+gluon-core +libgluonutil +gluon-client-bridge +gluon-ebtables +firewall +libiwinfo +kmod-dummy +libnl-tiny +libbatadv +@GLUON_SPECIALIZE_KERNEL:KERNEL_DUMMY +@GLUON_SPECIALIZE_KERNEL:KERNEL_CRC16 +@GLUON_SPECIALIZE_KERNEL:KERNEL_LIBCRC32C endef diff --git a/package/gluon-mesh-vpn-core/Makefile b/package/gluon-mesh-vpn-core/Makefile index 88590573..f161333f 100644 --- a/package/gluon-mesh-vpn-core/Makefile +++ b/package/gluon-mesh-vpn-core/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-mesh-vpn-core - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Basic support for connecting meshes via VPN tunnels DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables +iptables-mod-extra +simple-tc \ +@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_ADDRTYPE \ diff --git a/package/gluon-mesh-vpn-fastd/Makefile b/package/gluon-mesh-vpn-fastd/Makefile index 477cd48e..087aff5f 100644 --- a/package/gluon-mesh-vpn-fastd/Makefile +++ b/package/gluon-mesh-vpn-fastd/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=3 include ../gluon.mk define Package/gluon-mesh-vpn-fastd - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Support for connecting meshes via fastd DEPENDS:=+gluon-core +libgluonutil +gluon-mesh-vpn-core +fastd +@GLUON_SPECIALIZE_KERNEL:KERNEL_TUN endef diff --git a/package/gluon-mesh-vpn-tunneldigger/Makefile b/package/gluon-mesh-vpn-tunneldigger/Makefile index d463db41..a5c23c25 100644 --- a/package/gluon-mesh-vpn-tunneldigger/Makefile +++ b/package/gluon-mesh-vpn-tunneldigger/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=3 include ../gluon.mk define Package/gluon-mesh-vpn-tunneldigger - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Support for connecting meshes via tunneltigger/L2TPv3 pseudowire DEPENDS:=+gluon-core +gluon-mesh-vpn-core +tunneldigger +@GLUON_SPECIALIZE_KERNEL:KERNEL_L2TP endef diff --git a/package/gluon-neighbour-info/Makefile b/package/gluon-neighbour-info/Makefile index 37bd4a49..af58036c 100644 --- a/package/gluon-neighbour-info/Makefile +++ b/package/gluon-neighbour-info/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-neighbour-info - SECTION:=gluon - CATEGORY:=Gluon TITLE:=neighbour-info DEPENDS:= endef diff --git a/package/gluon-node-info/Makefile b/package/gluon-node-info/Makefile index 037c2e66..7718fa2b 100644 --- a/package/gluon-node-info/Makefile +++ b/package/gluon-node-info/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-node-info - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Add /etc/config/gluon-node-info to uci DEPENDS:=+gluon-core +libgluonutil endef diff --git a/package/gluon-radv-filterd/Makefile b/package/gluon-radv-filterd/Makefile index 23485130..28d778c1 100644 --- a/package/gluon-radv-filterd/Makefile +++ b/package/gluon-radv-filterd/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-radv-filterd - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Filter IPv6 router advertisements DEPENDS:=+gluon-ebtables +libgluonutil +libbatadv +libnl-tiny endef diff --git a/package/gluon-radvd/Makefile b/package/gluon-radvd/Makefile index 7bcdaafd..a3957530 100644 --- a/package/gluon-radvd/Makefile +++ b/package/gluon-radvd/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=3 include ../gluon.mk define Package/gluon-radvd - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Advertise an IPv6 prefix from the node DEPENDS:=+gluon-core +uradvd endef diff --git a/package/gluon-respondd/Makefile b/package/gluon-respondd/Makefile index 9dc3f0f3..52839a86 100644 --- a/package/gluon-respondd/Makefile +++ b/package/gluon-respondd/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-respondd - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Provides node information to the network DEPENDS:=+gluon-core +libplatforminfo +libgluonutil +libuci +ubus +respondd endef diff --git a/package/gluon-setup-mode/Makefile b/package/gluon-setup-mode/Makefile index 6e11f420..ff1c730b 100644 --- a/package/gluon-setup-mode/Makefile +++ b/package/gluon-setup-mode/Makefile @@ -9,8 +9,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-setup-mode - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Setup mode DEPENDS:=+gluon-core +gluon-lock-password +ubus +dnsmasq endef diff --git a/package/gluon-site/Makefile b/package/gluon-site/Makefile index 5b7a6968..91452264 100644 --- a/package/gluon-site/Makefile +++ b/package/gluon-site/Makefile @@ -17,8 +17,6 @@ include ../gluon.mk PKG_CONFIG_DEPENDS += $(GLUON_I18N_CONFIG) define Package/gluon-site - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Site-specific files of Gluon endef @@ -75,4 +73,4 @@ define Package/gluon-site/install $(GluonInstallI18N) endef -$(eval $(call BuildPackage,gluon-site)) +$(eval $(call BuildPackageGluon,gluon-site)) diff --git a/package/gluon-status-page/Makefile b/package/gluon-status-page/Makefile index 7401f099..d17ce2da 100644 --- a/package/gluon-status-page/Makefile +++ b/package/gluon-status-page/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=3 include ../gluon.mk define Package/gluon-status-page - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Status page showing information about the node DEPENDS:=+gluon-web +gluon-neighbour-info +gluon-respondd +uhttpd +sse-multiplex +libiwinfo +libjson-c +libnl-tiny +libubus-lua +libbatadv endef diff --git a/package/gluon-wan-dnsmasq/Makefile b/package/gluon-wan-dnsmasq/Makefile index 75be1b53..adbe0f78 100644 --- a/package/gluon-wan-dnsmasq/Makefile +++ b/package/gluon-wan-dnsmasq/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-wan-dnsmasq - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Support for a secondary DNS server using the WAN interface DEPENDS:=+gluon-core +libubus-lua +dnsmasq +libpacketmark endef diff --git a/package/gluon-web-admin/Makefile b/package/gluon-web-admin/Makefile index 881db831..d555be61 100644 --- a/package/gluon-web-admin/Makefile +++ b/package/gluon-web-admin/Makefile @@ -10,8 +10,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-web-admin - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Web-based simple administration interface for mesh nodes DEPENDS:=+gluon-config-mode-core +pretty-hostname endef diff --git a/package/gluon-web-autoupdater/Makefile b/package/gluon-web-autoupdater/Makefile index daa7508f..c50e731a 100644 --- a/package/gluon-web-autoupdater/Makefile +++ b/package/gluon-web-autoupdater/Makefile @@ -10,8 +10,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-web-autoupdater - SECTION:=gluon - CATEGORY:=Gluon TITLE:=gluon-web module for gluon-autoupdater DEPENDS:=+gluon-web-admin +gluon-autoupdater endef diff --git a/package/gluon-web-logging/Makefile b/package/gluon-web-logging/Makefile index 4cd1076c..10d83740 100644 --- a/package/gluon-web-logging/Makefile +++ b/package/gluon-web-logging/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-web-logging - SECTION:=gluon - CATEGORY:=Gluon DEPENDS:=+gluon-web-admin TITLE:=UI for remote syslog configuration endef diff --git a/package/gluon-web-mesh-vpn-fastd/Makefile b/package/gluon-web-mesh-vpn-fastd/Makefile index da13d43d..46dfd181 100644 --- a/package/gluon-web-mesh-vpn-fastd/Makefile +++ b/package/gluon-web-mesh-vpn-fastd/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-web-mesh-vpn-fastd - SECTION:=gluon - CATEGORY:=Gluon TITLE:=gluon-web module to enable and disable encryption for the mesh VPN DEPENDS:=+gluon-web-admin +gluon-mesh-vpn-fastd endef diff --git a/package/gluon-web-model/Makefile b/package/gluon-web-model/Makefile index e2badbd4..d767f562 100644 --- a/package/gluon-web-model/Makefile +++ b/package/gluon-web-model/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-web-model - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Minimal Lua web framework derived from LuCI (model support) DEPENDS:=+gluon-web endef diff --git a/package/gluon-web-network/Makefile b/package/gluon-web-network/Makefile index a7c14254..42620fe5 100644 --- a/package/gluon-web-network/Makefile +++ b/package/gluon-web-network/Makefile @@ -10,8 +10,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-web-network - SECTION:=gluon - CATEGORY:=Gluon TITLE:=gluon-web module for network port configuration DEPENDS:=+gluon-web-admin +gluon-client-bridge endef diff --git a/package/gluon-web-node-role/Makefile b/package/gluon-web-node-role/Makefile index 099b9c41..81283761 100644 --- a/package/gluon-web-node-role/Makefile +++ b/package/gluon-web-node-role/Makefile @@ -6,8 +6,6 @@ PKG_VERSION:=1 include ../gluon.mk define Package/gluon-web-node-role - SECTION:=gluon - CATEGORY:=Gluon DEPENDS:=+gluon-web-admin +gluon-node-info TITLE:=UI for specifying node role endef diff --git a/package/gluon-web-private-wifi/Makefile b/package/gluon-web-private-wifi/Makefile index 313c0ce4..cff13fcb 100644 --- a/package/gluon-web-private-wifi/Makefile +++ b/package/gluon-web-private-wifi/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-web-private-wifi - SECTION:=gluon - CATEGORY:=Gluon DEPENDS:=+gluon-web-admin TITLE:=UI for activating a private WLAN endef diff --git a/package/gluon-web-wifi-config/Makefile b/package/gluon-web-wifi-config/Makefile index 398bf42e..7827491e 100644 --- a/package/gluon-web-wifi-config/Makefile +++ b/package/gluon-web-wifi-config/Makefile @@ -7,8 +7,6 @@ PKG_RELEASE:=1 include ../gluon.mk define Package/gluon-web-wifi-config - SECTION:=gluon - CATEGORY:=Gluon DEPENDS:=+gluon-web-admin +libiwinfo-lua TITLE:=UI for Wifi Settings endef diff --git a/package/gluon-web/Makefile b/package/gluon-web/Makefile index 796ed361..1ecca59e 100644 --- a/package/gluon-web/Makefile +++ b/package/gluon-web/Makefile @@ -8,8 +8,6 @@ PKG_INSTALL:=1 include ../gluon.mk define Package/gluon-web - SECTION:=gluon - CATEGORY:=Gluon TITLE:=Minimal Lua web framework derived from LuCI DEPENDS:=+lua-jsonc +luci-lib-nixio endef diff --git a/package/gluon.mk b/package/gluon.mk index ea9658ad..0b9787fc 100644 --- a/package/gluon.mk +++ b/package/gluon.mk @@ -100,6 +100,12 @@ endef Build/Compile=$(call Gluon/Build/Compile) define BuildPackageGluon + define Package/$(1) := + SECTION:=gluon + CATEGORY:=Gluon + $$(Package/$(1)) + endef + Package/$(1)/install ?= $$(Gluon/Build/Install) ifneq ($(wildcard check_site.lua),) From b9766087e022ccfb4552f5c4c3a3226799bb2a3e Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 15 Apr 2018 10:00:40 +0200 Subject: [PATCH 25/36] gluon-status-page: fix code indentation --- package/gluon-status-page/javascript/status-page.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/gluon-status-page/javascript/status-page.js b/package/gluon-status-page/javascript/status-page.js index 7a890bdc..d7afd5eb 100644 --- a/package/gluon-status-page/javascript/status-page.js +++ b/package/gluon-status-page/javascript/status-page.js @@ -9,7 +9,7 @@ (function() { var _ = JSON.parse(document.body.getAttribute('data-translations')); - String.prototype.sprintf = function() { + String.prototype.sprintf = function() { var i = 0; var args = arguments; From 27ca3e673c80fc401b683921f3566e4cd9906adf Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 15 Apr 2018 10:08:58 +0200 Subject: [PATCH 26/36] gluon-status-page: remove "lastseen" field from neighbours-batadv output The field is unused. --- package/gluon-status-page/src/neighbours-batadv.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/package/gluon-status-page/src/neighbours-batadv.c b/package/gluon-status-page/src/neighbours-batadv.c index ef7db329..3b0363cc 100644 --- a/package/gluon-status-page/src/neighbours-batadv.c +++ b/package/gluon-status-page/src/neighbours-batadv.c @@ -32,7 +32,6 @@ static int parse_orig_list_netlink_cb(struct nl_msg *msg, void *arg) uint8_t *dest; uint8_t tq; uint32_t hardif; - uint32_t lastseen; char ifname_buf[IF_NAMESIZE], *ifname; struct neigh_netlink_opts *opts; char mac1[18]; @@ -62,7 +61,6 @@ static int parse_orig_list_netlink_cb(struct nl_msg *msg, void *arg) dest = nla_data(attrs[BATADV_ATTR_NEIGH_ADDRESS]); tq = nla_get_u8(attrs[BATADV_ATTR_TQ]); hardif = nla_get_u32(attrs[BATADV_ATTR_HARD_IFINDEX]); - lastseen = nla_get_u32(attrs[BATADV_ATTR_LAST_SEEN_MSECS]); if (memcmp(orig, dest, 6) != 0) return NL_OK; @@ -79,7 +77,6 @@ static int parse_orig_list_netlink_cb(struct nl_msg *msg, void *arg) return NL_OK; json_object_object_add(neigh, "tq", json_object_new_int(tq)); - json_object_object_add(neigh, "lastseen", json_object_new_double(lastseen / 1000.)); json_object_object_add(neigh, "ifname", json_object_new_string(ifname)); json_object_object_add(opts->obj, mac1, neigh); From c730110b36ae6eae415d18fad90e75311788e7e2 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 15 Apr 2018 11:36:37 +0200 Subject: [PATCH 27/36] gluon-status-page: move mesh protocol specific definitions into a separate file --- .../gluon/status-page/view/status-page.html | 20 +++++++- .../status-page/www/static/status-page.js | 2 +- .../javascript/status-page.js | 47 ++++++++++++++----- .../luasrc/lib/gluon/status-page/mesh.lua | 10 ++++ .../gluon-status-page/src/neighbours-batadv.c | 2 +- 5 files changed, 66 insertions(+), 15 deletions(-) create mode 100644 package/gluon-status-page/luasrc/lib/gluon/status-page/mesh.lua diff --git a/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html b/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html index a3766632..17e2a8de 100644 --- a/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html +++ b/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html @@ -18,6 +18,16 @@ _('%s used') _('%s packets/s') + local function get_mesh() + local f = loadfile('/lib/gluon/status-page/mesh.lua') + if f then + return f() + end + return {} + end + + local mesh = get_mesh() + local function get_interfaces() local uconn = ubus.connect() if not uconn then @@ -77,7 +87,11 @@ - > + >

<%| nodeinfo.hostname %>

@@ -139,7 +153,9 @@ - + <% for i, v in ipairs(mesh.attrs or {}) do %> + ><%| v[2] %> + <% end %> <% if wireless then %> diff --git a/package/gluon-status-page/files/lib/gluon/status-page/www/static/status-page.js b/package/gluon-status-page/files/lib/gluon/status-page/www/static/status-page.js index 55ee27a6..242ef0b3 100644 --- a/package/gluon-status-page/files/lib/gluon/status-page/www/static/status-page.js +++ b/package/gluon-status-page/files/lib/gluon/status-page/www/static/status-page.js @@ -1 +1 @@ -"use strict";!function(){var t=JSON.parse(document.body.getAttribute("data-translations"));function e(e,n){return e.toFixed(n).replace(/\./,t["."])}function n(t,n){n--;for(var i=t;i>=10&&n>0;i/=10)n--;return e(t,n)}function i(t){return function(t,e,i){for(var r=0;i>e&&r1&&(a+=t["%s days"].sprintf(i)+", "),a+=r+":",n<10&&(a+="0"),a+=n},packetsDiff:function(n,i,r){if(r>0)return a=(n-i)/r,t["%s packets/s"].sprintf(e(a,0));var a},bytesDiff:function(t,e,n){if(n>0)return i(8*((t-e)/n))+"bps"},bytes:function(t){return i(t)+"B"}};function a(t,e){return e.split("/").forEach(function(e){t&&(t=t[e])}),t}function o(t,e){var n=new EventSource(t),i={};n.onmessage=function(t){var n=JSON.parse(t.data);e(n,i),i=n},n.onerror=function(){n.close(),window.setTimeout(function(){o(t,e)},3e3)}}var c,s=document.body.getAttribute("data-node-address");try{c=JSON.parse(document.body.getAttribute("data-node-location"))}catch(t){}var u=document.querySelectorAll("[data-statistics]");o("/cgi-bin/dyn/statistics",function(e,n){var i=e.uptime-n.uptime;u.forEach(function(t){var o=t.getAttribute("data-statistics"),c=t.getAttribute("data-format"),s=a(n,o),u=a(e,o);try{var l=r[c](u,s,i);void 0!==l&&(t.textContent=l)}catch(t){console.error(t)}});try{!function(e){var n=document.getElementById("mesh-vpn");if(e){n.style.display="";for(var i=document.getElementById("mesh-vpn-peers");i.lastChild;)i.removeChild(i.lastChild);var a=function t(e,n){return Object.keys(n.peers||{}).forEach(function(t){e.push([t,n.peers[t]])}),Object.keys(n.groups||{}).forEach(function(i){t(e,n.groups[i])}),e}([],e);a.sort(),a.forEach(function(e){var n=document.createElement("tr"),a=document.createElement("th");a.textContent=e[0],n.appendChild(a);var o=document.createElement("td");e[1]?o.textContent=t.connected+" ("+r.time(e[1].established)+")":o.textContent=t["not connected"],n.appendChild(o),i.appendChild(n)})}else n.style.display="none"}(e.mesh_vpn)}catch(t){console.error(t)}});var l={};function h(t){var e=document.createElement("canvas"),n=e.getContext("2d"),i=null,r=1.2;return{canvas:e,highlight:!1,resize:function(t,i){try{n.getImageData(0,0,t,i)}catch(t){}e.width=t,e.height=i},draw:function(a,o){var c,s,u=o(i);n.clearRect(a,0,5,e.height),u&&(c=a,s=u,n.beginPath(),n.fillStyle=t,n.arc(c,s,r,0,2*Math.PI,!1),n.closePath(),n.fill())},set:function(t){i=t}}}function f(){var t=-100,e=0,n=0,i=[],r=document.createElement("canvas");r.className="signalgraph",r.height=200;var a=r.getContext("2d");function o(){r.width=r.clientWidth,i.forEach(function(t){t.resize(r.width,r.height)})}function c(){if(0!==r.clientWidth){r.width!==r.clientWidth&&o(),a.clearRect(0,0,r.width,r.height);var c=!1;i.forEach(function(t){t.highlight&&(c=!0)}),a.save(),i.forEach(function(i){c&&(a.globalAlpha=.2),i.highlight&&(a.globalAlpha=1),i.draw(n,function(n){return i=n,a=t,o=e,c=r.height,(1-(i-a)/(o-a))*c;var i,a,o,c}),a.drawImage(i.canvas,0,0)}),a.restore(),a.save(),a.beginPath(),a.strokeStyle="rgba(255, 180, 0, 0.15)",a.lineWidth=5,a.moveTo(n+2.5,0),a.lineTo(n+2.5,r.height),a.stroke(),function(){var n,i,o,c,s=Math.floor(r.height/40);a.save(),a.lineWidth=.5,a.strokeStyle="rgba(0, 0, 0, 0.25)",a.fillStyle="rgba(0, 0, 0, 0.5)",a.textAlign="end",a.textBaseline="bottom",a.beginPath();for(var u=0;u40&&(c(),n=(n+1)%r.width,s=e),window.requestAnimationFrame(t)}),{el:r,addSignal:function(t){i.push(t),t.resize(r.width,r.height)},removeSignal:function(t){i.splice(i.indexOf(t),1)}}}function d(t,e,n,i){var r=t.table.insertRow(),a=r.insertCell();if(t.wireless){var o=document.createElement("span");o.textContent="⬤ ",o.style.color=n,a.appendChild(o)}var u=document.createElement("span");u.textContent=e,a.appendChild(u);var l,f,d,g,v,m=r.insertCell();function p(){v&&window.clearTimeout(v),v=window.setTimeout(function(){g&&t.signalgraph.removeSignal(g),r.parentNode.removeChild(r),i()},6e4)}function b(t){var e=function(t){"::"==t.slice(0,2)&&(t="0"+t),"::"==t.slice(-2)&&(t+="0");var e=t.split(":"),n=e.length,i=[];return e.forEach(function(t,e){if(""===t)for(;n++<=8;)i.push(0);else{if(!/^[a-f0-9]{1,4}$/i.test(t))return;i.push(parseInt(t,16))}}),i}(t);if(e){var n="";return e.forEach(function(t){n+=("0000000000000000"+t.toString(2)).slice(-16)}),n}}return m.textContent="-",t.wireless&&((l=r.insertCell()).textContent="-",(f=r.insertCell()).textContent="-",(d=r.insertCell()).textContent="-",g=h(n),t.signalgraph.addSignal(g)),r.onmouseenter=function(){r.classList.add("highlight"),g&&(g.highlight=!0)},r.onmouseleave=function(){r.classList.remove("highlight"),g&&(g.highlight=!1)},p(),{update_nodeinfo:function(t){var e,n,i,r,a,o,l,h,d=function(t){var e=b(s);if(t&&t[0]){(t=t.map(function(t){var n=b(t);if(!n)return[-1];var i=0;return e&&(i=function(t,e){var n;for(n=0;ne[0]?-1:t[1]e[1]?1:0});var n=t[0][2];return n&&!/^fe80:/i.test(n)?n:void 0}}(t.network.addresses);if(d){if("span"===u.nodeName.toLowerCase()){var g=u;u=document.createElement("a"),g.parentNode.replaceChild(u,g)}u.href="http://["+d+"]/"}if(u.textContent=t.hostname,c&&t.location){var v=(e=c.latitude,n=c.longitude,i=t.location.latitude,r=t.location.longitude,a=Math.PI/180,o=(i*=a)-(e*=a),l=(r*=a)-(n*=a),h=Math.sin(o/2)*Math.sin(o/2)+Math.sin(l/2)*Math.sin(l/2)*Math.cos(e)*Math.cos(i),2*Math.asin(Math.sqrt(h))*6372.8);f.textContent=Math.round(1e3*v)+" m"}p()},update_mesh:function(t){m.textContent=Math.round(t.tq/2.55)+" %",p()},update_wifi:function(t){l.textContent=t.signal,d.textContent=Math.round(t.inactive/1e3)+" s",r.classList.toggle("inactive",t.inactive>200),g.set(t.inactive>200?null:t.signal),p()}}}function g(t,e,n){var i,r={};n&&(i=f(),t.appendChild(i.el));var a={table:t.firstElementChild,signalgraph:i,ifname:e,wireless:n},c=!1,s={},u=[];function l(){if(!c){c=!0;var t=new EventSource("/cgi-bin/dyn/neighbours-nodeinfo?"+encodeURIComponent(e));t.addEventListener("neighbour",function(t){try{var e=JSON.parse(t.data);(n=e,i=[],a=n.network.mesh,Object.keys(a).forEach(function(t){var e=a[t].interfaces;Object.keys(e).forEach(function(t){e[t].forEach(function(t){i.push(t)})})}),i).forEach(function(t){var n=r[t];if(n){delete s[t];try{n.update_nodeinfo(e)}catch(t){console.error(t)}}})}catch(t){console.error(t)}var n,i,a},!1),t.onerror=function(){t.close(),c=!1,Object.keys(s).forEach(function(t){s[t]>0&&(s[t]--,l())})}}}function h(t){var e=r[t];return e||(s[t]=3,e=r[t]=d(a,t,(u[0]||(u=["#396AB1","#DA7C30","#3E9651","#CC2529","#535154","#6B4C9A","#922428","#948B3D"]),u.shift()),function(){delete s[t],delete r[t]}),l()),e}return n&&o("/cgi-bin/dyn/stations?"+encodeURIComponent(e),function(t){Object.keys(t).forEach(function(e){var n=t[e];h(e).update_wifi(n)})}),{get_neigh:h}}document.querySelectorAll("[data-interface]").forEach(function(t){var e=t.getAttribute("data-interface"),n=(t.getAttribute("data-interface-address"),!!t.getAttribute("data-interface-wireless"));l[e]=g(t,e,n)}),o("/cgi-bin/dyn/neighbours-batadv",function(t){Object.keys(t).forEach(function(e){var n=t[e],i=l[n.ifname];i&&i.get_neigh(e).update_mesh(n)})})}(); \ No newline at end of file +"use strict";!function(){var a=JSON.parse(document.body.getAttribute("data-translations"));function i(t,e){return t.toFixed(e).replace(/\./,a["."])}function o(t,e){e--;for(var n=t;10<=n&&0e[0]?-1:t[1]e[1]?1:0});var e=t[0][2];return e&&!/^fe80:/i.test(e)?e:void 0}}(t.network.addresses);if(u){if("span"===h.nodeName.toLowerCase()){var f=h;h=document.createElement("a"),f.parentNode.replaceChild(h,f)}h.href="http://["+u+"]/"}if(h.textContent=t.hostname,y&&t.location){var l=(e=y.latitude,n=y.longitude,r=t.location.latitude,i=t.location.longitude,a=Math.PI/180,o=(r*=a)-(e*=a),c=(i*=a)-(n*=a),s=Math.sin(o/2)*Math.sin(o/2)+Math.sin(c/2)*Math.sin(c/2)*Math.cos(e)*Math.cos(r),2*Math.asin(Math.sqrt(s))*6372.8);d.textContent=Math.round(1e3*l)+" m"}p()},update_mesh:function(n){Object.keys(v).forEach(function(t){var e=v[t];e.td.textContent=n[t]+e.suffix}),p()},update_wifi:function(t){s.textContent=t.signal,u.textContent=Math.round(t.inactive/1e3)+" s",a.classList.toggle("inactive",200obj, mac1, neigh); From 27c8d3907ade95847d9aace963da973aa3c63697 Mon Sep 17 00:00:00 2001 From: Christof Schulze Date: Sun, 15 Apr 2018 12:32:22 +0200 Subject: [PATCH 28/36] gluon-status-page: reduce usage of absolute paths in cgi-bin scripts neighbours-nodeinfo and stations --- .../lib/gluon/status-page/www/cgi-bin/dyn/neighbours-nodeinfo | 2 +- .../files/lib/gluon/status-page/www/cgi-bin/dyn/stations | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/neighbours-nodeinfo b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/neighbours-nodeinfo index 55c46fa6..71b3ecff 100755 --- a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/neighbours-nodeinfo +++ b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/neighbours-nodeinfo @@ -8,4 +8,4 @@ badrequest() { ( batctl if | cut -d: -f1 | grep -qxF "$QUERY_STRING" ) 2>/dev/null || badrequest -exec /usr/bin/gluon-neighbour-info -s neighbour -i "$QUERY_STRING" -d ff02::2:1001 -p 1001 -r nodeinfo +exec gluon-neighbour-info -s neighbour -i "$QUERY_STRING" -d ff02::2:1001 -p 1001 -r nodeinfo diff --git a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/stations b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/stations index 32669b4a..a3005f7e 100755 --- a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/stations +++ b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/stations @@ -10,4 +10,4 @@ badrequest() { CMD="exec /lib/gluon/status-page/providers/stations '$QUERY_STRING'" -exec /usr/sbin/sse-multiplex "$CMD" +exec sse-multiplex "$CMD" From 5a6e0e9249147fb1cd2a086b1937a9177d1efce7 Mon Sep 17 00:00:00 2001 From: Christof Schulze Date: Sat, 14 Apr 2018 23:44:39 +0200 Subject: [PATCH 29/36] gluon-core, gluon-l3roamd: introduce script gluon-list-mesh-interfaces that lists all currently active mesh interfaces --- package/gluon-core/files/usr/bin/gluon-list-mesh-interfaces | 2 ++ package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100755 package/gluon-core/files/usr/bin/gluon-list-mesh-interfaces diff --git a/package/gluon-core/files/usr/bin/gluon-list-mesh-interfaces b/package/gluon-core/files/usr/bin/gluon-list-mesh-interfaces new file mode 100755 index 00000000..9b450f90 --- /dev/null +++ b/package/gluon-core/files/usr/bin/gluon-list-mesh-interfaces @@ -0,0 +1,2 @@ +#!/bin/sh +ubus call network.interface dump | jsonfilter -e "@.interface[@.proto='gluon_mesh' && @.up=true].device" diff --git a/package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd b/package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd index 0a51bde9..9fe597b9 100755 --- a/package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd +++ b/package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd @@ -10,7 +10,7 @@ start_service () { procd_set_param stdout 1 procd_set_param stderr 1 procd_set_param respawn ${respawn_threshold:-3660} ${respawn_timeout:-5} ${respawn_retry:-0} - interfaces=$(for dev in $( ubus call network.interface dump | jsonfilter -e "@.interface[@.proto='gluon_mesh' && @.up=true].device");do echo " -m $dev"; done; + interfaces=$(for dev in $(gluon-list-mesh-interfaces);do echo " -m $dev"; done; [ "$(ifstatus client | jsonfilter -e "@.up")" = "true" ] && echo " -i local-node") procd_set_param command "$PROG" -s /var/run/l3roamd.sock -p $(lua -e 'print(require("gluon.site").prefix6())') $interfaces -t 254 -a $(uci get network.loopback.ip6addr | cut -d/ -f1) -4 0:0:0:0:0:ffff::/96 -b br-client procd_close_instance From f30fa51d3bbdf0dd90b14409dd48deb223790410 Mon Sep 17 00:00:00 2001 From: Christof Schulze Date: Fri, 13 Apr 2018 20:44:52 +0200 Subject: [PATCH 30/36] gluon-status-page: make status page mesh protocol agnostic batman-adv-specific parts are moved to a new package gluon-status-page-mesh-batman-adv. --- package/features | 3 ++ .../Makefile | 20 ++++++++++ .../luasrc/lib/gluon/status-page/mesh.lua | 0 .../src/Makefile | 40 +++++++++++++++++++ .../src/neighbours-batadv.c | 0 package/gluon-status-page/Makefile | 4 +- .../www/cgi-bin/dyn/neighbours-nodeinfo | 2 +- .../status-page/www/cgi-bin/dyn/stations | 2 +- package/gluon-status-page/src/Makefile | 14 +------ 9 files changed, 68 insertions(+), 17 deletions(-) create mode 100644 package/gluon-status-page-mesh-batman-adv/Makefile rename package/{gluon-status-page => gluon-status-page-mesh-batman-adv}/luasrc/lib/gluon/status-page/mesh.lua (100%) create mode 100644 package/gluon-status-page-mesh-batman-adv/src/Makefile rename package/{gluon-status-page => gluon-status-page-mesh-batman-adv}/src/neighbours-batadv.c (100%) diff --git a/package/features b/package/features index 52c9211d..210581d5 100644 --- a/package/features +++ b/package/features @@ -21,3 +21,6 @@ packages 'web-advanced' \ packages 'web-advanced & autoupdater' \ 'gluon-web-autoupdater' + +packages 'status-page & (mesh-batman-adv-14 | mesh-batman-adv-15)' \ + 'gluon-status-page-mesh-batman-adv' diff --git a/package/gluon-status-page-mesh-batman-adv/Makefile b/package/gluon-status-page-mesh-batman-adv/Makefile new file mode 100644 index 00000000..4d2ed8f0 --- /dev/null +++ b/package/gluon-status-page-mesh-batman-adv/Makefile @@ -0,0 +1,20 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=gluon-status-page-mesh-batman-adv +PKG_VERSION:=1 + +include ../gluon.mk + +define Package/gluon-status-page-mesh-batman-adv + TITLE:=Batman-data provider for gluon-status-page + DEPENDS:=+gluon-status-page gluon-mesh-batman-adv +libnl-tiny +libbatadv +libjson-c +endef + +define Package/gluon-status-page-mesh-batman-adv/install + $(Gluon/Build/Install) + + $(INSTALL_DIR) $(1)/lib/gluon/status-page/providers + $(INSTALL_BIN) $(PKG_BUILD_DIR)/neighbours-batadv $(1)/lib/gluon/status-page/providers/ +endef + +$(eval $(call BuildPackageGluon,gluon-status-page-mesh-batman-adv)) diff --git a/package/gluon-status-page/luasrc/lib/gluon/status-page/mesh.lua b/package/gluon-status-page-mesh-batman-adv/luasrc/lib/gluon/status-page/mesh.lua similarity index 100% rename from package/gluon-status-page/luasrc/lib/gluon/status-page/mesh.lua rename to package/gluon-status-page-mesh-batman-adv/luasrc/lib/gluon/status-page/mesh.lua diff --git a/package/gluon-status-page-mesh-batman-adv/src/Makefile b/package/gluon-status-page-mesh-batman-adv/src/Makefile new file mode 100644 index 00000000..5fb4ef4f --- /dev/null +++ b/package/gluon-status-page-mesh-batman-adv/src/Makefile @@ -0,0 +1,40 @@ +all: neighbours-batadv + +CFLAGS += -Wall -D_GNU_SOURCE + +ifeq ($(origin PKG_CONFIG), undefined) + PKG_CONFIG = pkg-config + ifeq ($(shell which $(PKG_CONFIG) 2>/dev/null),) + $(error $(PKG_CONFIG) not found) + endif +endif + +ifeq ($(origin LIBNL_CFLAGS) $(origin LIBNL_LDLIBS), undefined undefined) + LIBNL_NAME ?= libnl-tiny + ifeq ($(shell $(PKG_CONFIG) --modversion $(LIBNL_NAME) 2>/dev/null),) + $(error No $(LIBNL_NAME) development libraries found!) + endif + LIBNL_CFLAGS += $(shell $(PKG_CONFIG) --cflags $(LIBNL_NAME)) + LIBNL_LDLIBS += $(shell $(PKG_CONFIG) --libs $(LIBNL_NAME)) +endif +CFLAGS += $(LIBNL_CFLAGS) +LDLIBS += $(LIBNL_LDLIBS) + +CFLAGS_JSONC = $(shell pkg-config --cflags json-c) +LDFLAGS_JSONC = $(shell pkg-config --libs json-c) + + +ifeq ($(origin LIBBATADV_CFLAGS) $(origin LIBBATADV_LDLIBS), undefined undefined) + LIBBATADV_NAME ?= libbatadv + ifeq ($(shell $(PKG_CONFIG) --modversion $(LIBBATADV_NAME) 2>/dev/null),) + $(error No $(LIBBATADV_NAME) development libraries found!) + endif + LIBBATADV_CFLAGS += $(shell $(PKG_CONFIG) --cflags $(LIBBATADV_NAME)) + LIBBATADV_LDLIBS += $(shell $(PKG_CONFIG) --libs $(LIBBATADV_NAME)) +endif +CFLAGS += $(LIBBATADV_CFLAGS) +LDLIBS += $(LIBBATADV_LDLIBS) + +neighbours-batadv: neighbours-batadv.c + $(CC) $(CFLAGS) $(CFLAGS_JSONC) $(LDFLAGS) $(LDFLAGS_JSONC) -o $@ $^ $(LDLIBS) + diff --git a/package/gluon-status-page/src/neighbours-batadv.c b/package/gluon-status-page-mesh-batman-adv/src/neighbours-batadv.c similarity index 100% rename from package/gluon-status-page/src/neighbours-batadv.c rename to package/gluon-status-page-mesh-batman-adv/src/neighbours-batadv.c diff --git a/package/gluon-status-page/Makefile b/package/gluon-status-page/Makefile index d17ce2da..923f68c7 100644 --- a/package/gluon-status-page/Makefile +++ b/package/gluon-status-page/Makefile @@ -7,14 +7,14 @@ include ../gluon.mk define Package/gluon-status-page TITLE:=Status page showing information about the node - DEPENDS:=+gluon-web +gluon-neighbour-info +gluon-respondd +uhttpd +sse-multiplex +libiwinfo +libjson-c +libnl-tiny +libubus-lua +libbatadv + DEPENDS:=+gluon-web +gluon-neighbour-info +gluon-respondd +uhttpd +sse-multiplex +libiwinfo +libjson-c +libnl-tiny +libubus-lua endef define Package/gluon-status-page/install $(Gluon/Build/Install) $(INSTALL_DIR) $(1)/lib/gluon/status-page/providers - $(INSTALL_BIN) $(PKG_BUILD_DIR)/{neighbours-batadv,stations} $(1)/lib/gluon/status-page/providers/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/stations $(1)/lib/gluon/status-page/providers/ $(INSTALL_DIR) $(1)/lib/gluon/status-page/view/ $(LN) /lib/gluon/web/i18n $(1)/lib/gluon/status-page/ diff --git a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/neighbours-nodeinfo b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/neighbours-nodeinfo index 71b3ecff..3f149100 100755 --- a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/neighbours-nodeinfo +++ b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/neighbours-nodeinfo @@ -6,6 +6,6 @@ badrequest() { exit 1 } -( batctl if | cut -d: -f1 | grep -qxF "$QUERY_STRING" ) 2>/dev/null || badrequest +( gluon-list-mesh-interfaces | grep -qxF "$QUERY_STRING" ) 2>/dev/null || badrequest exec gluon-neighbour-info -s neighbour -i "$QUERY_STRING" -d ff02::2:1001 -p 1001 -r nodeinfo diff --git a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/stations b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/stations index a3005f7e..5ff1f125 100755 --- a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/stations +++ b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/dyn/stations @@ -6,7 +6,7 @@ badrequest() { exit 1 } -( batctl if | cut -d: -f1 | grep -qxF "$QUERY_STRING" ) 2>/dev/null || badrequest +( gluon-list-mesh-interfaces | grep -qxF "$QUERY_STRING" ) 2>/dev/null || badrequest CMD="exec /lib/gluon/status-page/providers/stations '$QUERY_STRING'" diff --git a/package/gluon-status-page/src/Makefile b/package/gluon-status-page/src/Makefile index bf5141a7..a0a14e16 100644 --- a/package/gluon-status-page/src/Makefile +++ b/package/gluon-status-page/src/Makefile @@ -20,19 +20,7 @@ endif CFLAGS_JSONC = $(shell pkg-config --cflags json-c) LDFLAGS_JSONC = $(shell pkg-config --libs json-c) -ifeq ($(origin LIBBATADV_CFLAGS) $(origin LIBBATADV_LDLIBS), undefined undefined) - LIBBATADV_NAME ?= libbatadv - ifeq ($(shell $(PKG_CONFIG) --modversion $(LIBBATADV_NAME) 2>/dev/null),) - $(error No $(LIBBATADV_NAME) development libraries found!) - endif - LIBBATADV_CFLAGS += $(shell $(PKG_CONFIG) --cflags $(LIBBATADV_NAME)) - LIBBATADV_LDLIBS += $(shell $(PKG_CONFIG) --libs $(LIBBATADV_NAME)) -endif - -all: neighbours-batadv stations - -neighbours-batadv: neighbours-batadv.c - $(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_JSONC) $(LIBNL_CFLAGS) $(LIBBATADV_CFLAGS) $(LDFLAGS) $(LDFLAGS_JSONC) $(LIBNL_LDLIBS) $(LIBBATADV_LDLIBS) -Wall -o $@ $^ $(LDLIBS) +all: stations stations: stations.c $(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_JSONC) $(LDFLAGS) $(LDFLAGS_JSONC) -Wall -o $@ $^ $(LDLIBS) -liwinfo From 08aad631a86e34b444a28cc883ac72a60d07df2a Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 15 Apr 2018 12:49:52 +0200 Subject: [PATCH 31/36] gluon-l3roamd: fix interface checks in initscript The local_node ifstatus must be checked for local-node, not client. While we're at it, also clean up the syntax a bit. --- package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd b/package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd index 9fe597b9..d40e1a18 100755 --- a/package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd +++ b/package/gluon-l3roamd/files/etc/init.d/gluon-l3roamd @@ -6,12 +6,15 @@ USE_PROCD=1 PROG=/usr/sbin/l3roamd start_service () { + local interfaces=$( + for dev in $(gluon-list-mesh-interfaces); do echo " -m $dev"; done + [ "$(ifstatus local_node | jsonfilter -e '@.up')" = 'true' ] && echo ' -i local-node' + ) + procd_open_instance procd_set_param stdout 1 procd_set_param stderr 1 procd_set_param respawn ${respawn_threshold:-3660} ${respawn_timeout:-5} ${respawn_retry:-0} - interfaces=$(for dev in $(gluon-list-mesh-interfaces);do echo " -m $dev"; done; - [ "$(ifstatus client | jsonfilter -e "@.up")" = "true" ] && echo " -i local-node") procd_set_param command "$PROG" -s /var/run/l3roamd.sock -p $(lua -e 'print(require("gluon.site").prefix6())') $interfaces -t 254 -a $(uci get network.loopback.ip6addr | cut -d/ -f1) -4 0:0:0:0:0:ffff::/96 -b br-client procd_close_instance } @@ -21,6 +24,6 @@ service_triggers() { local name=$(basename "${script:-$initscript}") procd_open_trigger - procd_add_raw_trigger "interface.*" 0 "/etc/init.d/$name" reload + procd_add_raw_trigger 'interface.*' 0 "/etc/init.d/$name" reload procd_close_trigger } From 917e613951651a5ebddfad9e50c7a00e3085e928 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 15 Apr 2018 22:48:23 +0200 Subject: [PATCH 32/36] gluon-mesh-vpn-tunneldigger: fix typo in description --- package/gluon-mesh-vpn-tunneldigger/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/gluon-mesh-vpn-tunneldigger/Makefile b/package/gluon-mesh-vpn-tunneldigger/Makefile index a5c23c25..b7a5f18d 100644 --- a/package/gluon-mesh-vpn-tunneldigger/Makefile +++ b/package/gluon-mesh-vpn-tunneldigger/Makefile @@ -6,7 +6,7 @@ PKG_VERSION:=3 include ../gluon.mk define Package/gluon-mesh-vpn-tunneldigger - TITLE:=Support for connecting meshes via tunneltigger/L2TPv3 pseudowire + TITLE:=Support for connecting meshes via tunneldigger/L2TPv3 pseudowire DEPENDS:=+gluon-core +gluon-mesh-vpn-core +tunneldigger +@GLUON_SPECIALIZE_KERNEL:KERNEL_L2TP endef From 399a10b81e22a1a214b99f14fe5f57e33a39cd4b Mon Sep 17 00:00:00 2001 From: Christof Schulze Date: Mon, 16 Apr 2018 08:48:06 +0200 Subject: [PATCH 33/36] gluon-status-page: when prettifying undefined numbers, show - instead of NaN --- .../files/lib/gluon/status-page/www/static/status-page.js | 2 +- package/gluon-status-page/javascript/status-page.js | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/package/gluon-status-page/files/lib/gluon/status-page/www/static/status-page.js b/package/gluon-status-page/files/lib/gluon/status-page/www/static/status-page.js index 242ef0b3..61d5f016 100644 --- a/package/gluon-status-page/files/lib/gluon/status-page/www/static/status-page.js +++ b/package/gluon-status-page/files/lib/gluon/status-page/www/static/status-page.js @@ -1 +1 @@ -"use strict";!function(){var a=JSON.parse(document.body.getAttribute("data-translations"));function i(t,e){return t.toFixed(e).replace(/\./,a["."])}function o(t,e){e--;for(var n=t;10<=n&&0e[0]?-1:t[1]e[1]?1:0});var e=t[0][2];return e&&!/^fe80:/i.test(e)?e:void 0}}(t.network.addresses);if(u){if("span"===h.nodeName.toLowerCase()){var f=h;h=document.createElement("a"),f.parentNode.replaceChild(h,f)}h.href="http://["+u+"]/"}if(h.textContent=t.hostname,y&&t.location){var l=(e=y.latitude,n=y.longitude,r=t.location.latitude,i=t.location.longitude,a=Math.PI/180,o=(r*=a)-(e*=a),c=(i*=a)-(n*=a),s=Math.sin(o/2)*Math.sin(o/2)+Math.sin(c/2)*Math.sin(c/2)*Math.cos(e)*Math.cos(r),2*Math.asin(Math.sqrt(s))*6372.8);d.textContent=Math.round(1e3*l)+" m"}p()},update_mesh:function(n){Object.keys(v).forEach(function(t){var e=v[t];e.td.textContent=n[t]+e.suffix}),p()},update_wifi:function(t){s.textContent=t.signal,u.textContent=Math.round(t.inactive/1e3)+" s",a.classList.toggle("inactive",200e[0]?-1:t[1]e[1]?1:0});var e=t[0][2];return e&&!/^fe80:/i.test(e)?e:void 0}}(t.network.addresses);if(u){if("span"===h.nodeName.toLowerCase()){var f=h;h=document.createElement("a"),f.parentNode.replaceChild(h,f)}h.href="http://["+u+"]/"}if(h.textContent=t.hostname,y&&t.location){var l=(e=y.latitude,n=y.longitude,r=t.location.latitude,i=t.location.longitude,a=Math.PI/180,o=(r*=a)-(e*=a),c=(i*=a)-(n*=a),s=Math.sin(o/2)*Math.sin(o/2)+Math.sin(c/2)*Math.sin(c/2)*Math.cos(e)*Math.cos(r),2*Math.asin(Math.sqrt(s))*6372.8);d.textContent=Math.round(1e3*l)+" m"}p()},update_mesh:function(n){Object.keys(v).forEach(function(t){var e=v[t];e.td.textContent=n[t]+e.suffix}),p()},update_wifi:function(t){s.textContent=t.signal,u.textContent=Math.round(t.inactive/1e3)+" s",a.classList.toggle("inactive",200 step && prefix < prefixes.length - 1) { d /= step; prefix++; From c84d298e50cd47b278b1fee56e3778d6fea01a7b Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 16 Apr 2018 18:09:37 +0200 Subject: [PATCH 34/36] docs, README: Gluon v2017.1.6 --- README.md | 2 +- docs/index.rst | 1 + docs/releases/v2017.1.6.rst | 91 +++++++++++++++++++++++++++++++++++ docs/user/getting_started.rst | 4 +- 4 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 docs/releases/v2017.1.6.rst diff --git a/README.md b/README.md index 3488b842..00d3f2e0 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ the future development of Gluon. Please refrain from using the `master` branch for anything else but development purposes! Use the most recent release instead. You can list all releases by running `git tag` -and switch to one by running `git checkout v2017.1.5 && make update`. +and switch to one by running `git checkout v2017.1.6 && make update`. If you're using the autoupdater, do not autoupdate nodes with anything but releases. If you upgrade using random master commits the nodes *will break* eventually. diff --git a/docs/index.rst b/docs/index.rst index 3f4d78a8..d864279a 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -67,6 +67,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre :caption: Releases :maxdepth: 1 + releases/v2017.1.6 releases/v2017.1.5 releases/v2017.1.4 releases/v2017.1.3 diff --git a/docs/releases/v2017.1.6.rst b/docs/releases/v2017.1.6.rst new file mode 100644 index 00000000..2a05ebb8 --- /dev/null +++ b/docs/releases/v2017.1.6.rst @@ -0,0 +1,91 @@ +Gluon 2017.1.6 +============== + +Bugfixes +~~~~~~~~ + +* Remove broken DNS cache feature + (`#1362 `_) + + It was found that dnsmasq does not handle all answer records + equally. In particular, its cached answers are missing DNSKEY and DS + records, breaking DNSSEC validation on clients. + + Nodes can still resolve the next-node hostname locally and will continue to + work as DNS forwarders. The DNS cache feature may return if dnsmasq is fixed + or if we switch to a different resolver. + +* Ensure that corefiles are stored in /tmp rather than cluttering the root + filesystem + (`00df8b76e54c `_) + + Nodes upgrades from Gluon v2016.2.x or earlier did not set kernel.core_pattern + correctly, leading to corefiles being stored in the current directory (usually + / for system services) in the case of crashes. + + This is a regression introduced in Gluon v2017.1. + +* Only request a single IPv6 address instead of a prefix on the WAN interface + (`5db54ba78c3 `_) + +* Fix signal graph on status page when there are many neighbours + (packages/`d1e0b6e0bdae `_) + +* Fix config files managed by opkg not being saved on sysupgrades on ar71xx-tiny + (LEDE/`17c0362178ca `_, + LEDE/`75be005e8bdc `_) + +* Fix kernel crash in batman-adv-14 + (`#1358 `_) + + Starting with Gluon v2017.1, respondd could trigger a kernel crash caused by + a use-after-free in batman-adv-14, in particular after a gateway disappeared. + + batman-adv-15 is not affected. + +* Increase bridge multicast querier timeout ("robustness") to avoid + "querier appeared/disappeared" log spam by batman-adv in the presence of + an external querier + (`e305a8c01917 `_) + +* Fix "broken pipe" log spam caused by the status page + (`883c32f2f1dc `_) + +* Reduce memory limit of WLAN packet queues to 256KB on devices with small RAM + (`e63c6ca01f50 `_) + + Will hopefully make out-of-memory crashes in busy meshes less likely. + +* Improve image validation for TP-Link CPE/WBS 210/510 and make it ready for + future images + (LEDE/`6577fe2198f5 `_) + + Future OpenWrt/Gluon images will move the image metadata ("support-list") of + the CPE/WBS 210/510 images to a different offset. Make sysupgrade ready + to allow installing such images. + + This change was also backported to Gluon v2016.2.x to allow direct updates + to future Gluon master versions without installing v2017.1.x first. + +* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx + have disappeared with the latest updates + (`#1157 `_) + + +Known issues +~~~~~~~~~~~~ + +* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) + + Reducing the TX power in the Advanced Settings is recommended. + +* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 `_) + + This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed). + +* Inconsistent respondd API (`#522 `_) + + The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while. + +* Frequent reboots due to out-of-memory on weak hardware in larger meshes + (`#1243 `_) diff --git a/docs/user/getting_started.rst b/docs/user/getting_started.rst index 0ca98091..ab252106 100644 --- a/docs/user/getting_started.rst +++ b/docs/user/getting_started.rst @@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting started with Gluon we recommend to use the latest stable release of Gluon. Take a look at the `list of gluon releases`_ and notice the latest release, -e.g. *v2017.1.5*. Always get Gluon using git and don't try to download it +e.g. *v2017.1.6*. Always get Gluon using git and don't try to download it as a Zip archive as the archive will be missing version information. Please keep in mind that there is no "default Gluon" build; a site configuration @@ -43,7 +43,7 @@ Building the images ------------------- To build Gluon, first check out the repository. Replace *RELEASE* with the -version you'd like to checkout, e.g. *v2017.1.5*. +version you'd like to checkout, e.g. *v2017.1.6*. :: From 5bf160040ec3a366673f3f5061f711cdb39f43cb Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 17 Apr 2018 22:23:26 +0200 Subject: [PATCH 35/36] modules: update LEDE efb6ca189641 base-files: /lib/functions.sh: ignore errors in insert_modules b5ba01a0d3f6 fstools: update to latest lede-17.01 branch a9b607740273 kernel: bump kernel 4.4 to 4.4.126 for 17.01 09d95e44fc3d mbedtls: change libmbedcrypto.so soversion back to 0 4673a0bffc89 kernel: mtd: bcm47xxpart: improve handling TRX partition size Also switch to the upstreamed version of "kernel: disable accept_ra by default". --- modules | 2 +- ...0014-procd-remove-procd-nand-package.patch | 2 +- ...ndle-jffs2-conversion-using-upgraded.patch | 2 +- ...l-defaults-to-specific-kmod-packages.patch | 13 -- ...s-remove-etc-sysctl.d-from-conffiles.patch | 11 +- ...-kernel-disable-accept_ra-by-default.patch | 182 +++--------------- 6 files changed, 26 insertions(+), 186 deletions(-) diff --git a/modules b/modules index 0f548b0a..2ee9c00f 100644 --- a/modules +++ b/modules @@ -2,7 +2,7 @@ GLUON_FEEDS='openwrt gluon routing luci' LEDE_REPO=https://git.lede-project.org/openwrt/openwrt.git LEDE_BRANCH=lede-17.01 -LEDE_COMMIT=6577fe2198f5c75acb1dba789941d96a036f4dae +LEDE_COMMIT=efb6ca189641aec64ba94f0d6d4e008fb2c1668b PACKAGES_OPENWRT_REPO=https://github.com/openwrt/packages.git PACKAGES_OPENWRT_BRANCH=lede-17.01 diff --git a/patches/lede/0014-procd-remove-procd-nand-package.patch b/patches/lede/0014-procd-remove-procd-nand-package.patch index a8923e92..0a8ffb89 100644 --- a/patches/lede/0014-procd-remove-procd-nand-package.patch +++ b/patches/lede/0014-procd-remove-procd-nand-package.patch @@ -12,7 +12,7 @@ as a separate package. Signed-off-by: Matthias Schiffer diff --git a/package/base-files/Makefile b/package/base-files/Makefile -index 40963d5bd4a7fce5834c4cd6aa6d5454662c063e..685e3c4061528e2b28054cce53258889b48c05b2 100644 +index 1d034fdede7598f15b1f802c47e834990e5852d9..f473ef732106eb8fa05e7c5b59df176fef33e42d 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -19,7 +19,9 @@ PKG_BUILD_DEPENDS:=usign/host diff --git a/patches/lede/0017-fstools-snapshot-handle-jffs2-conversion-using-upgraded.patch b/patches/lede/0017-fstools-snapshot-handle-jffs2-conversion-using-upgraded.patch index 3b571b83..2b1d4ff3 100644 --- a/patches/lede/0017-fstools-snapshot-handle-jffs2-conversion-using-upgraded.patch +++ b/patches/lede/0017-fstools-snapshot-handle-jffs2-conversion-using-upgraded.patch @@ -8,7 +8,7 @@ by upgraded. Signed-off-by: Matthias Schiffer diff --git a/package/system/fstools/Makefile b/package/system/fstools/Makefile -index 16f2f7e77062b528a4e3b9d0b5b4f4072e3b5756..f0f6c3d7eec3e90ab1403ae766c95d03104a0d29 100644 +index 6f1f511d387e900426832f40966012bc11d53075..f2e0580912ab7d475fab576bea4fd84f0dfe6a3d 100644 --- a/package/system/fstools/Makefile +++ b/package/system/fstools/Makefile @@ -8,7 +8,7 @@ diff --git a/patches/lede/0071-base-files-move-netfilter-sysctl-defaults-to-specific-kmod-packages.patch b/patches/lede/0071-base-files-move-netfilter-sysctl-defaults-to-specific-kmod-packages.patch index d75be503..5aaef7b3 100644 --- a/patches/lede/0071-base-files-move-netfilter-sysctl-defaults-to-specific-kmod-packages.patch +++ b/patches/lede/0071-base-files-move-netfilter-sysctl-defaults-to-specific-kmod-packages.patch @@ -7,19 +7,6 @@ FS#1073. Signed-off-by: Matthias Schiffer -diff --git a/package/base-files/Makefile b/package/base-files/Makefile -index 685e3c4061528e2b28054cce53258889b48c05b2..6ae4b9262e369f5e93f59133d1c0b61a0d6c2224 100644 ---- a/package/base-files/Makefile -+++ b/package/base-files/Makefile -@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk - include $(INCLUDE_DIR)/version.mk - - PKG_NAME:=base-files --PKG_RELEASE:=173.5 -+PKG_RELEASE:=173.5.1 - PKG_FLAGS:=nonshared - - PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf index 7c3344dba339514c023c3b13c592e9ce9ca1ff55..98867b7c7ba1d1ce181f721cdfd17517069fcdf2 100644 --- a/package/base-files/files/etc/sysctl.d/10-default.conf diff --git a/patches/lede/0072-base-files-remove-etc-sysctl.d-from-conffiles.patch b/patches/lede/0072-base-files-remove-etc-sysctl.d-from-conffiles.patch index c88ce368..c1445fe2 100644 --- a/patches/lede/0072-base-files-remove-etc-sysctl.d-from-conffiles.patch +++ b/patches/lede/0072-base-files-remove-etc-sysctl.d-from-conffiles.patch @@ -9,18 +9,9 @@ old defaults get replaced properly. Signed-off-by: Matthias Schiffer diff --git a/package/base-files/Makefile b/package/base-files/Makefile -index 6ae4b9262e369f5e93f59133d1c0b61a0d6c2224..339528d3ba8a5ab40c2d8fa246c937d61fb4856d 100644 +index f473ef732106eb8fa05e7c5b59df176fef33e42d..32b1ce0923cb984ff32e4444a18eccdad7572d70 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile -@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk - include $(INCLUDE_DIR)/version.mk - - PKG_NAME:=base-files --PKG_RELEASE:=173.5.1 -+PKG_RELEASE:=173.5.2 - PKG_FLAGS:=nonshared - - PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ @@ -59,8 +59,6 @@ define Package/base-files/conffiles /etc/shadow /etc/shells diff --git a/patches/lede/0073-kernel-disable-accept_ra-by-default.patch b/patches/lede/0073-kernel-disable-accept_ra-by-default.patch index fd0c3090..f39acca3 100644 --- a/patches/lede/0073-kernel-disable-accept_ra-by-default.patch +++ b/patches/lede/0073-kernel-disable-accept_ra-by-default.patch @@ -2,169 +2,31 @@ From: Matthias Schiffer Date: Thu, 12 Apr 2018 22:14:56 +0200 Subject: kernel: disable accept_ra by default -Our script setting accept_ra to 0 on all interfaces got lost in the -transition to procd. This remained unnoticed for a long time, as was also +Our commands setting accept_ra to 0 on all interfaces got lost in the +transition to procd. This remained unnoticed for a long time, as we also enable forwarding on all interfaces, which prevents RA handling by default. -Providing a way to ensure net.ipv6.conf.default.accept_ra is set early -enough is a nicer solution than fixing up interfaces in a script (given the -patch is accepted upstream). +Restore the commands, while also fixing a possible race condition in the +old version. Signed-off-by: Matthias Schiffer -diff --git a/target/linux/generic/config-3.18 b/target/linux/generic/config-3.18 -index 4c3215b594cea9f3d001f8a9f73bbdf78e30ceff..bf13cefde0c5dc45788da9dea57aca5def9b152b 100644 ---- a/target/linux/generic/config-3.18 -+++ b/target/linux/generic/config-3.18 -@@ -1604,6 +1604,7 @@ CONFIG_IOSCHED_NOOP=y - # CONFIG_IPC_NS is not set - # CONFIG_IPMI_HANDLER is not set - # CONFIG_IPV6 is not set -+# CONFIG_IPV6_ACCEPT_RA_DEFAULT is not set - # CONFIG_IPV6_MIP6 is not set - # CONFIG_IPV6_MROUTE is not set - # CONFIG_IPV6_MROUTE_MULTIPLE_TABLES is not set -diff --git a/target/linux/generic/config-4.4 b/target/linux/generic/config-4.4 -index a8fd15d1a4a40681d80da06ad7a826966287d8d8..e2d69426370a3e50703c48fb60c5b1b3aa601ef3 100644 ---- a/target/linux/generic/config-4.4 -+++ b/target/linux/generic/config-4.4 -@@ -1671,6 +1671,7 @@ CONFIG_IOSCHED_NOOP=y - # CONFIG_IPC_NS is not set - # CONFIG_IPMI_HANDLER is not set - # CONFIG_IPV6 is not set -+# CONFIG_IPV6_ACCEPT_RA_DEFAULT is not set - # CONFIG_IPV6_ILA is not set - # CONFIG_IPV6_MIP6 is not set - # CONFIG_IPV6_MROUTE is not set -diff --git a/target/linux/generic/patches-3.18/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch b/target/linux/generic/patches-3.18/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch -new file mode 100644 -index 0000000000000000000000000000000000000000..6067be31830f6cc788708632dba36f338eb67d39 ---- /dev/null -+++ b/target/linux/generic/patches-3.18/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch -@@ -0,0 +1,60 @@ -+From 782710d7f18a2c9999410cb7cfc92955463897d8 Mon Sep 17 00:00:00 2001 -+Message-Id: <782710d7f18a2c9999410cb7cfc92955463897d8.1523559442.git.mschiffer@universe-factory.net> -+From: Matthias Schiffer -+Date: Thu, 12 Apr 2018 20:08:05 +0200 -+Subject: [PATCH net-next] ipv6: provide Kconfig switch to disable accept_ra by -+ default +diff --git a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl +index 8722126a6612d67a3f615166a7fbec146207e97f..a236a0194b665ff56c8330930bfd44709d1b0d3d 100755 +--- a/package/base-files/files/etc/init.d/sysctl ++++ b/package/base-files/files/etc/init.d/sysctl +@@ -26,6 +26,14 @@ apply_defaults() { + net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \ + net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \ + net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh" + -+Many distributions and users prefer to handle router advertisements in -+userspace; one example is OpenWrt, which includes a combined RA and DHCPv6 -+client. For such configurations, accept_ra should not be enabled by -+default. -+ -+As setting net.ipv6.conf.default.accept_ra via sysctl.conf or similar -+facilities may be too late to catch all interfaces and common sysctl.conf -+tools do not allow setting an option for all existing interfaces, this -+patch provides a Kconfig option to control the default value of -+default.accept_ra. -+ -+Using default.accept_ra is preferable to all.accept_ra for our usecase, -+as disabling all.accept_ra would preclude users from explicitly enabling -+accept_ra on individual interfaces. -+ -+Signed-off-by: Matthias Schiffer -+--- -+ net/ipv6/Kconfig | 12 ++++++++++++ -+ net/ipv6/addrconf.c | 2 +- -+ 2 files changed, 13 insertions(+), 1 deletion(-) -+ -+--- a/net/ipv6/Kconfig -++++ b/net/ipv6/Kconfig -+@@ -21,6 +21,18 @@ menuconfig IPV6 -+ -+ if IPV6 -+ -++config IPV6_ACCEPT_RA_DEFAULT -++ bool "IPv6: Accept router advertisements by default" -++ default y -++ help -++ The kernel can internally handle IPv6 router advertisements for -++ stateless address autoconfiguration (SLAAC) and route configuration, -++ which can be configured in detail and per-interface using a number of -++ sysctl options. This option controls the default value of -++ net.ipv6.conf.default.accept_ra. -++ -++ If unsure, say Y. -++ -+ config IPV6_ROUTER_PREF -+ bool "IPv6: Router Preference (RFC 4191) support" -+ ---help--- -+--- a/net/ipv6/addrconf.c -++++ b/net/ipv6/addrconf.c -+@@ -207,7 +207,7 @@ static struct ipv6_devconf ipv6_devconf_ -+ .forwarding = 0, -+ .hop_limit = IPV6_DEFAULT_HOPLIMIT, -+ .mtu6 = IPV6_MIN_MTU, -+- .accept_ra = 1, -++ .accept_ra = IS_ENABLED(CONFIG_IPV6_ACCEPT_RA_DEFAULT), -+ .accept_redirects = 1, -+ .autoconf = 1, -+ .force_mld_version = 0, -diff --git a/target/linux/generic/patches-4.4/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch b/target/linux/generic/patches-4.4/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch -new file mode 100644 -index 0000000000000000000000000000000000000000..8184a27705348c609d09c39a6d90b810d28fdead ---- /dev/null -+++ b/target/linux/generic/patches-4.4/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch -@@ -0,0 +1,60 @@ -+From 782710d7f18a2c9999410cb7cfc92955463897d8 Mon Sep 17 00:00:00 2001 -+Message-Id: <782710d7f18a2c9999410cb7cfc92955463897d8.1523559442.git.mschiffer@universe-factory.net> -+From: Matthias Schiffer -+Date: Thu, 12 Apr 2018 20:08:05 +0200 -+Subject: [PATCH net-next] ipv6: provide Kconfig switch to disable accept_ra by -+ default -+ -+Many distributions and users prefer to handle router advertisements in -+userspace; one example is OpenWrt, which includes a combined RA and DHCPv6 -+client. For such configurations, accept_ra should not be enabled by -+default. -+ -+As setting net.ipv6.conf.default.accept_ra via sysctl.conf or similar -+facilities may be too late to catch all interfaces and common sysctl.conf -+tools do not allow setting an option for all existing interfaces, this -+patch provides a Kconfig option to control the default value of -+default.accept_ra. -+ -+Using default.accept_ra is preferable to all.accept_ra for our usecase, -+as disabling all.accept_ra would preclude users from explicitly enabling -+accept_ra on individual interfaces. -+ -+Signed-off-by: Matthias Schiffer -+--- -+ net/ipv6/Kconfig | 12 ++++++++++++ -+ net/ipv6/addrconf.c | 2 +- -+ 2 files changed, 13 insertions(+), 1 deletion(-) -+ -+--- a/net/ipv6/Kconfig -++++ b/net/ipv6/Kconfig -+@@ -20,6 +20,18 @@ menuconfig IPV6 -+ -+ if IPV6 -+ -++config IPV6_ACCEPT_RA_DEFAULT -++ bool "IPv6: Accept router advertisements by default" -++ default y -++ help -++ The kernel can internally handle IPv6 router advertisements for -++ stateless address autoconfiguration (SLAAC) and route configuration, -++ which can be configured in detail and per-interface using a number of -++ sysctl options. This option controls the default value of -++ net.ipv6.conf.default.accept_ra. -++ -++ If unsure, say Y. -++ -+ config IPV6_ROUTER_PREF -+ bool "IPv6: Router Preference (RFC 4191) support" -+ ---help--- -+--- a/net/ipv6/addrconf.c -++++ b/net/ipv6/addrconf.c -+@@ -222,7 +222,7 @@ static struct ipv6_devconf ipv6_devconf_ -+ .forwarding = 0, -+ .hop_limit = IPV6_DEFAULT_HOPLIMIT, -+ .mtu6 = IPV6_MIN_MTU, -+- .accept_ra = 1, -++ .accept_ra = IS_ENABLED(CONFIG_IPV6_ACCEPT_RA_DEFAULT), -+ .accept_redirects = 1, -+ .autoconf = 1, -+ .force_mld_version = 0, ++ # first set default, then all interfaces to avoid races with appearing interfaces ++ if [ -d /proc/sys/net/ipv6/conf ]; then ++ echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra ++ for iface in /proc/sys/net/ipv6/conf/*/accept_ra; do ++ echo 0 > "$iface" ++ done ++ fi + } + + start() { From 95566316cb23c1aa4f9c6fa9e7787705268e8c92 Mon Sep 17 00:00:00 2001 From: Jan-Tarek Butt Date: Mon, 23 Apr 2018 12:19:35 +0200 Subject: [PATCH 36/36] gluon-hoodselector: add VPN-state and checksite Signed-off-by: Jan-Tarek Butt --- package/gluon-hoodselector/Makefile | 30 +++ package/gluon-hoodselector/check_site.lua | 37 ++++ .../files/usr/lib/micron.d/hoodselector | 1 + .../luasrc/usr/lib/lua/hoodselector/util.lua | 191 ++++++++++++++++++ .../luasrc/usr/sbin/hoodselector | 182 +++++++++++++++++ 5 files changed, 441 insertions(+) create mode 100644 package/gluon-hoodselector/Makefile create mode 100644 package/gluon-hoodselector/check_site.lua create mode 100644 package/gluon-hoodselector/files/usr/lib/micron.d/hoodselector create mode 100644 package/gluon-hoodselector/luasrc/usr/lib/lua/hoodselector/util.lua create mode 100755 package/gluon-hoodselector/luasrc/usr/sbin/hoodselector diff --git a/package/gluon-hoodselector/Makefile b/package/gluon-hoodselector/Makefile new file mode 100644 index 00000000..9094ae33 --- /dev/null +++ b/package/gluon-hoodselector/Makefile @@ -0,0 +1,30 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=gluon-hoodselector + +GLUON_VERSION = 3 +PKG_VERSION:=2 + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include ../gluon.mk + +define Package/gluon-hoodselector + SECTION:=gluon + CATEGORY:=Gluon + TITLE:=Automatically sorte routers into network hoods. + DEPENDS:=+gluon-site +gluon-mesh-batman-adv-15 @GLUON_MULTIDOMAIN + CONFLICTS:=+gluon-config-mode-domain-select +endef + +define Package/gluon-hoodselector/description + This is the hoodselector. The hoodselector is one of the main components for + splitting a layer 2 mesh network into seperated network segments (hoods). + The job of the hoodselector is to automatically detect in which hood + the router is located based on geo settings or by scanning its environment. + Based on these informations the hoodselector should select a hood from a + list of known hoods (hoodlist) and adjust vpn, wireless and mesh on lan + configuration based on the settings given for the selected hood. +endef + +$(eval $(call BuildPackageGluon,gluon-hoodselector)) diff --git a/package/gluon-hoodselector/check_site.lua b/package/gluon-hoodselector/check_site.lua new file mode 100644 index 00000000..4a832e43 --- /dev/null +++ b/package/gluon-hoodselector/check_site.lua @@ -0,0 +1,37 @@ +need_string_match(in_domain({'domain_seed'}), '^' .. ('%x'):rep(64) .. '$') + +function need_nil(path) + need(path, function(val) + if val == nil then + return true + end + return false + end, true, "default hood should not contain shapes") + return nil +end + +--Need to check if not default hood and does the default not contain shapes +if this_domain() ~= need_string(in_site({'default_domain'})) then + local no_shapes = true + for _,shape in ipairs(need_table(in_domain({'hoodselector', 'shapes'}))) do + no_shapes = false + if #shape >= 2 then + for _, pos in ipairs(shape) do + if pos.lat == nil or not ( pos.lat < 90.0 and pos.lat > -90.0 ) then + need(in_domain({'hoodselector', 'shapes'}), function(err) return false end, true, "lat muss match a rage +/-90.0") + end + if pos.lon == nil or not ( pos.lon < 180.0 and pos.lon > -180.0 ) then + need(in_domain({'hoodselector', 'shapes'}), function(err) return false end, true, "lon muss match a rage +/-180.0") + end + end + end + if #shape < 2 then + need(in_domain({'hoodselector', 'shapes'}), function(err) return false end, true, "needs to have at lease 2 coordiantes for rectangular shapes.") + end + end + if no_shapes then + need(in_domain({'hoodselector', 'shapes'}), function(err) return false end, true, "no shapes are defined in hoods") + end +else -- ente by default hood + need_nil(in_domain({'hoodselector', 'shapes'})) +end diff --git a/package/gluon-hoodselector/files/usr/lib/micron.d/hoodselector b/package/gluon-hoodselector/files/usr/lib/micron.d/hoodselector new file mode 100644 index 00000000..6e793151 --- /dev/null +++ b/package/gluon-hoodselector/files/usr/lib/micron.d/hoodselector @@ -0,0 +1 @@ +*/2 * * * * /usr/sbin/hoodselector diff --git a/package/gluon-hoodselector/luasrc/usr/lib/lua/hoodselector/util.lua b/package/gluon-hoodselector/luasrc/usr/lib/lua/hoodselector/util.lua new file mode 100644 index 00000000..5d1d1d4e --- /dev/null +++ b/package/gluon-hoodselector/luasrc/usr/lib/lua/hoodselector/util.lua @@ -0,0 +1,191 @@ +local fs = require 'nixio.fs' +local json = require 'jsonc' +local uci = require('simple-uci').cursor() +local site = require 'gluon.site' + +local M = {} + +function M.split(s, delimiter) + local result = {}; + for match in (s..delimiter):gmatch("(.-)"..delimiter) do + table.insert(result, match); + end + return result; +end + +local PID = M.split(io.open("/proc/self/stat", 'r'):read('*a'), " ")[1] + +function M.log(msg) + if msg then + io.stdout:write(msg.."\n") + os.execute("logger hoodselector["..PID.."]: "..msg) + end +end + +-- bool if direct VPN. The detection is realaise by searching the fastd network interface inside the originator table +function M.directVPN(vpnIfaceList) + for _,vpnIface in ipairs(vpnIfaceList) do + local file = io.open("/sys/kernel/debug/batman_adv/bat0/originators", 'r') + if file ~= nil then + for outgoingIF in file:lines() do + -- escape special chars "[]-" + if outgoingIF:match(string.gsub("%[ " .. vpnIface .. "%]","%-", "%%-")) then + return true + end + end + end + end + return false +end + +function M.fastd_installed() + if io.open("/usr/bin/fastd", 'r') ~= nil then + return true + end + return false +end + +function M.tunneldigger_installed() + if io.open("/usr/bin/tunneldigger", 'r') ~= nil then + return true + end + return false +end + +-- Get Geoposition. Return nil for no position +function M.getGeolocation() + return {["lat"] = tonumber(uci:get('gluon-node-info', uci:get_first('gluon-node-info', 'location'), 'latitude')), + ["lon"] = tonumber(uci:get('gluon-node-info', uci:get_first('gluon-node-info', 'location'), 'longitude')) } +end + +function M.get_domains() + local list = {} + for domain_path in fs.glob('/lib/gluon/domains/*.json') do + table.insert(list, { + domain_code = domain_path:match('([^/]+)%.json$'), + domain = assert(json.load(domain_path)), + }) + end + return list +end + +-- Source with pseudocode: https://de.wikipedia.org/wiki/Punkt-in-Polygon-Test_nach_Jordan +-- see also https://en.wikipedia.org/wiki/Point_in_polygon +-- parameters: points A = (x_A,y_A), B = (x_B,y_B), C = (x_C,y_C) +-- return value: −1 if the ray from A to the right bisects the edge [BC] (the lower vortex of [BC] +-- is not seen as part of [BC]); +-- 0 if A is on [BC]; +-- +1 else +function M.crossProdTest(x_A,y_A,x_B,y_B,x_C,y_C) + if y_A == y_B and y_B == y_C then + if (x_B <= x_A and x_A <= x_C) or (x_C <= x_A and x_A <= x_B) then + return 0 + end + return 1 + end + if not ((y_A == y_B) and (x_A == x_B)) then + if y_B > y_C then + -- swap B and C + local h = x_B + x_B = x_C + x_C = h + h = y_B + y_B = y_C + y_C = h + end + if (y_A <= y_B) or (y_A > y_C) then + return 1 + end + local Delta = (x_B-x_A) * (y_C-y_A) - (y_B-y_A) * (x_C-x_A) + if Delta > 0 then + return 1 + elseif Delta < 0 then + return -1 + end + end + return 0 +end + +-- Source with pseudocode: https://de.wikipedia.org/wiki/Punkt-in-Polygon-Test_nach_Jordan +-- see also: https://en.wikipedia.org/wiki/Point_in_polygon +-- let P be a 2D Polygon and Q a 2D Point +-- return value: +1 if Q within P; +-- −1 if Q outside of P; +-- 0 if Q on an edge of P +function M.pointInPolygon(poly, point) + local t = -1 + for i=1,#poly-1 do + t = t * M.crossProdTest(point.lon,point.lat,poly[i][2],poly[i][1],poly[i+1][2],poly[i+1][1]) + if t == 0 then break end + end + return t +end + +-- Return hood from the hood file based on geo position or nil if no real hood could be determined +-- First check if an area has > 2 points and is hence a polygon. Else assume it is a rectangular +-- box defined by two points (south-west and north-east) +function M.getHoodByGeo(jhood,geo) + for _, hood in pairs(jhood) do + if hood.domain_code ~= site.default_domain() then + for _, area in pairs(hood.domain.hoodselector.shapes) do + if #area > 2 then + if (M.pointInPolygon(area,geo) == 1) then + return hood + end + else + if ( geo.lat >= area[1][1] and geo.lat < area[2][1] and geo.lon >= area[1][2] + and geo.lon < area[2][2] ) then + return hood + end + end + end + end + end + return nil +end + +function M.set_hoodconfig(geoHood) + if uci:get('gluon', 'core', 'domain') ~= geoHood.domain_code then + uci:set('gluon', 'core', 'domain', geoHood.domain_code) + uci:save('gluon') + uci:commit('gluon') -- necessary? + os.execute('gluon-reconfigure') + io.stdout:write("Set hood \""..geoHood.domain.domain_names[geoHood.domain_code].."\"\n") + return true + end + return false +end + +-- Return the default hood in the hood list. +-- This method can return the following data: +-- * default hood +-- * nil if no default hood has been defined +function M.getDefaultHood(jhood) + for _, h in pairs(jhood) do + if h.domain_code == site.default_domain() then + return h + end + end + return nil +end + +function M.restart_services() + local procTBL = { + "fastd", + "tunneldigger", + "network", + } + + for proc in ipairs(procTBL) do + if io.open("/etc/init.d/"..proc, 'r') ~= nil then + print(proc.." restarting ...") + os.execute("/etc/init.d/"..proc.." restart") + end + end + if io.open("/etc/config/wireless", 'r') then + print("wifi restarting ...") + os.execute("wifi") + end +end + +return M diff --git a/package/gluon-hoodselector/luasrc/usr/sbin/hoodselector b/package/gluon-hoodselector/luasrc/usr/sbin/hoodselector new file mode 100755 index 00000000..fffa9db6 --- /dev/null +++ b/package/gluon-hoodselector/luasrc/usr/sbin/hoodselector @@ -0,0 +1,182 @@ +#!/usr/bin/lua + +-- PID file to ensure the hoodselector isn't running parallel +local pidPath="/var/run/hoodselector.pid" + +local uci = require('simple-uci').cursor() +local hoodutil = require("hoodselector.util") + +if io.open(pidPath, "r") ~=nil then + hoodutil.log("The hoodselector is still running.") + os.exit(1) +else + if io.open(pidPath, "w") ==nil then + hoodutil.log("Can`t create pid file on "..pidPath) + os.exit(1) + end +end + +-- Program terminating function including removing of PID file +local function exit(exc) + if io.open(pidPath, "r") ~=nil then + os.remove(pidPath) + end + os.exit(tonumber(exc)) +end + +-- initialization done + +local function get_mesh_vpn_interface() + local ret = {} + if hoodutil.fastd_installed() then + local vpnifac = uci:get('fastd', 'mesh_vpn_backbone', 'net') + if vpnifac ~= nil then + vpnifac = vpnifac:gsub("%_",'-') + table.insert(ret,vpnifac) + else + hoodutil.log("fastd uci config broken! abort...") + exit(1) + end + end + if hoodutil.tunneldigger_installed() then + local vpnifac = uci:get('tunneldigger', 'mesh_vpn', 'interface') + if vpnifac ~= nil then + table.insert(ret,vpnifac) + else + hoodutil.log("tunneldigger uci config broken! abort...") + exit(1) + end + end + return ret +end + +-- INITIALIZE AND PREPARE DATA -- +-- read hoodfile... +local jhood = hoodutil.get_domains() + +-- get defaul hood +local defaultHood = hoodutil.getDefaultHood(jhood) + + +-- VPN MODE +-- If we have a VPN connection then we will try to get the routers location and +-- select the hood coresponding to our location. +-- If no hood for the location has been defined, we will select +-- the default hood. +-- If we can not get our routers location, we will fallback to scan mode. +if hoodutil.directVPN(get_mesh_vpn_interface()) then + io.stdout:write('VPN connection found.\n') + local geo = hoodutil.getGeolocation() + if geo.lat ~= nil and geo.lon ~= nil then + io.stdout:write('Position found.\n') + local geoHood = hoodutil.getHoodByGeo(jhood, geo) + if geoHood ~= nil then + if hoodutil.set_hoodconfig(geoHood) then + hoodutil.restart_services() -- TMP solution + io.stdout:write('Hood set by VPN mode.\n') + end + exit(0) + end + io.stdout:write('No hood has been defined for current position.\n') + if hoodutil.set_hoodconfig(defaultHood) then + hoodutil.restart_services() -- TMP solution + io.stdout:write('Hood set by VPN mode.\n') + end + exit(0) + else + io.stdout:write('No position found\n') + end +else + io.stdout:write('No VPN connection found\n') +end + +--[[ + +if hoodutil.batmanHasGateway() then +441 io.stdout:write('Batman gateways found\n') +442 local gw_intf = {} +443 table.insert(gw_intf,hoodutil.get_batman_GW_interface()) +444 +445 if next(gw_intf) then +446 -- wifi interface +447 local bssidHood = hoodutil.get_radio_to_bssid(radios,gw_intf[1], jhood) +448 if bssidHood ~= nil then +449 --check if hood inside geo pos +450 local geo = hoodutil.getGeolocation() +451 if geo.lat ~= nil and geo.lon ~= nil then +452 io.stdout:write('Position found.\n') +453 local geoHood = hoodutil.getHoodByGeo(jhood, geo) +454 if geoHood ~= nil then +455 if string.format(hash.md5(table.tostring(bssidHood))) ~= + string.format(hash.md5(table.tostring(geoHood))) then +456 io.stdout:write('Geo hood and bssid hood are not equal, do wifi scan...\n') +457 local sortedWlanList = hoodutil.wlan_list_sorted(radios, mesh_prefix) +458 for i=#sortedWlanList,1,-1 do +459 if(string.lower(geoHood.bssid) ~= string.lower(sortedWlanList[i].bssid)) then +460 table.remove(sortedWlanList, i) +461 end +462 end +463 if next(sortedWlanList) then +464 io.stdout:write('Try to switch back in our real hood!\n') +465 io.stdout:write('After filtering we will test the following wireless networks:\n') +466 for _, network in pairs(sortedWlanList) do +467 print(network["quality"].."\t"..network["frequency"].."\t"..network["bssid"].."\t"..network["ssid"]) +468 end +469 io.stdout:write("Prepare configuration for testing wireless networks...\n") +470 local bssid = hoodutil.test_batman_mesh_networks(sortedWlanList, mesh_prefix) +471 hoodutil.wireless_restart() +472 io.stdout:write("Finished testing wireless networks, restored previous configuration\n") +473 if bssid ~= nil then +474 set_hoodconfig(geoHood, mesh_prefix, radios) +475 hoodutil.vpn_enable() +476 hoodutil.vpn_start() +477 io.stdout:write('Set Geo Hood by Gateway mode\n') +478 write_molwm(geoHood, radios) +479 exit(0) +480 else +481 io.stdout:write('No neighboring freifunk batman advanced mesh found.\n') +482 end +483 else +484 io.stdout:write('No networks left after filtering!\n') +485 end --end next(sortedWlanList) +486 else +487 io.stdout:write('Geo hood are equal to bssid hood no wifi scan necessary.\n') +488 end --end bssidHood ~= geoHood +489 else +490 io.stdout:write('No hood has been defined for current position.\n') +491 end --end geoHood ~= nil +492 else +493 io.stdout:write('No position found.\n') +494 end --end geo.lat ~= nil and geo.lon ~= nil +495 set_hoodconfig(bssidHood, mesh_prefix, radios) +496 io.stdout:write('Hood set by batmanHasGateway mode, GW source is wifi\n') +497 write_molwm(bssidHood,radios) +498 exit(0) +499 end --end bssidHood ~= nil +500 +501 -- mesh lan or wan interface +502 if hoodutil.mesh_lan_wan(gw_intf[1]) then +503 -- if mesh_lan/wan try to get hood by selected bssid of neightbour vpnRouters +504 local neighbourBssid = hoodutil.molw_get_bssid(gw_intf) +505 if neighbourBssid ~= nil then +506 bssidHood = hoodutil.gethoodByBssid(jhood, neighbourBssid) +507 if bssidHood ~= nil then +508 set_hoodconfig(bssidHood, mesh_prefix, radios) +509 io.stdout:write('Hood set by batmanHasGateway mode, GW source is mesh on lan/wan\n') +510 molwmtable["md5hash"] = "\"" .. string.format(hash.md5(table.tostring(bssidHood))) .. "\"" +511 molwmtable["hoodname"] = "\"" .. bssidHood["name"] .. "\"" +512 molwmtable["bssid"] = "\"" .. bssidHood["bssid"] .. "\"" +513 molwm_to_file() +514 exit(0) +515 end +516 end +517 end +518 end --end next(gw_intf) +519 local currendHood = hoodutil.getCurrentHood(jhood) +520 if currendHood ~= nil then +521 write_molwm(currendHood,radios) +522 end +523 end +--]] + +exit(0) -- Debug
<%:Node%>TQdBm <%:Distance%>