diff --git a/docs/index.rst b/docs/index.rst index 7ab22df2..27b23d70 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -53,6 +53,9 @@ Packages package/gluon-client-bridge package/gluon-ebtables-filter-multicast package/gluon-ebtables-filter-ra-dhcp + package/gluon-radio-config + package/gluon-next-node + package/gluon-next-node-batman-adv Releases -------- diff --git a/docs/package/gluon-next-node-batman-adv.rst b/docs/package/gluon-next-node-batman-adv.rst new file mode 100644 index 00000000..cdb624ba --- /dev/null +++ b/docs/package/gluon-next-node-batman-adv.rst @@ -0,0 +1,10 @@ +gluon-next-node-batman-adv +========================== + +This package sets up ebtables rules to separate the next-node interface +from the layer 2 batman-adv mesh. + +site.conf +--------- + +See :doc:`gluon-next-node`. diff --git a/docs/package/gluon-next-node.rst b/docs/package/gluon-next-node.rst new file mode 100644 index 00000000..9e976f5b --- /dev/null +++ b/docs/package/gluon-next-node.rst @@ -0,0 +1,17 @@ +gluon-next-node +=============== + +This package provides a next-node anycast MAC, IPv6 and IPv4. This allows +a client to reach the node it is connected to using a static address. + +site.conf +--------- + +next_node.ip4 + IPv4 for the next-node interface + +next_node.ip6 + IPv6 for the next-node interface + +next_node.mac + MAC for the next-node interface diff --git a/package/gluon-mesh-batman-adv-core/files/files/lib/gluon/ebtables/250-next-node-batman-adv b/package/gluon-mesh-batman-adv-core/files/files/lib/gluon/ebtables/250-next-node-batman-adv new file mode 100644 index 00000000..082227a0 --- /dev/null +++ b/package/gluon-mesh-batman-adv-core/files/files/lib/gluon/ebtables/250-next-node-batman-adv @@ -0,0 +1,22 @@ +local site = require 'gluon.site_config' +local next_node = site.next_node + +if next_node then + rule('FORWARD --logical-in br-client -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP') + rule('FORWARD --logical-in br-client -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP') + + rule('FORWARD --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP') + rule('OUTPUT --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP') + rule('FORWARD --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP') + rule('OUTPUT --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP') + + rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP') + rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP') + rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP') + rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP') + + rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP') + rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP') + rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP') + rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP') +end diff --git a/package/gluon-mesh-batman-adv-core/files/files/lib/gluon/upgrade/400-next-node-batman-adv b/package/gluon-mesh-batman-adv-core/files/files/lib/gluon/upgrade/400-next-node-batman-adv new file mode 100755 index 00000000..2dc4d3dc --- /dev/null +++ b/package/gluon-mesh-batman-adv-core/files/files/lib/gluon/upgrade/400-next-node-batman-adv @@ -0,0 +1,43 @@ +#!/usr/bin/lua + +local site = require 'gluon.site_config' +local uci = require 'luci.model.uci' + +if site.next_node then + local c = uci.cursor() + + c:delete('firewall', 'local_node') + c:section('firewall', 'zone', 'local_node', + { + name = 'local_node', + network = {'local_node'}, + input = 'ACCEPT', + output = 'ACCEPT', + forward = 'REJECT', + } + ) + + c:delete('network', 'local_node_route6') + c:section('network', 'route6', 'local_node_route6', + { + interface = 'client', + target = site.prefix6, + gateway = '::', + } + ) + + c:delete('network', 'local_node_route4') + c:section('network', 'route6', 'local_node_route4', + { + interface = 'client', + target = site.prefix4, + gateway = '0.0.0.0', + } + ) + + c:save('firewall') + c:save('firewall') + c:save('network') + c:commit('firewall') + c:commit('network') +end diff --git a/package/gluon-next-node-batman-adv/Makefile b/package/gluon-next-node-batman-adv/Makefile new file mode 100644 index 00000000..fc43271c --- /dev/null +++ b/package/gluon-next-node-batman-adv/Makefile @@ -0,0 +1,36 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=gluon-next-node-batman-adv +PKG_VERSION:=1 + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include $(GLUONDIR)/include/package.mk + +define Package/gluon-next-node-batman-adv + SECTION:=gluon + CATEGORY:=Gluon + TITLE:=Next-node anycast address ebtables filter for batman-adv + DEPENDS:=+gluon-core +gluon-ebtables +gluon-next-node +gluon-mesh-batman-adv +kmod-macvlan +endef + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/gluon-next-node-batman-adv/install + $(CP) ./files/* $(1)/ +endef + +define Package/gluon-next-node-batman-adv/postinst +#!/bin/sh +$(call GluonCheckSite,check_site.lua) +endef + +$(eval $(call BuildPackage,gluon-next-node-batman-adv)) diff --git a/package/gluon-next-node-batman-adv/check_site.lua b/package/gluon-next-node-batman-adv/check_site.lua new file mode 100644 index 00000000..83889a8e --- /dev/null +++ b/package/gluon-next-node-batman-adv/check_site.lua @@ -0,0 +1,4 @@ +need_string_match('next_node.ip4', '^%d+.%d+.%d+.%d+$') +need_string_match('next_node.ip6', '^[%x:]+$') + +need_string_match('next_node.mac', '^%x[02468aAcCeE]:%x%x:%x%x:%x%x:%x%x:%x%x$') diff --git a/package/gluon-next-node/Makefile b/package/gluon-next-node/Makefile index df27ecbe..ebf580fc 100644 --- a/package/gluon-next-node/Makefile +++ b/package/gluon-next-node/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gluon-next-node -PKG_VERSION:=3 +PKG_VERSION:=4 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) @@ -11,7 +11,7 @@ define Package/gluon-next-node SECTION:=gluon CATEGORY:=Gluon TITLE:=Next-node anycast address - DEPENDS:=+gluon-core +gluon-ebtables +gluon-mesh-batman-adv +kmod-macvlan + DEPENDS:=+gluon-core +gluon-client-bridge +kmod-macvlan +PACKAGE_gluon-mesh-batman-adv-core:gluon-next-node-batman-adv endef define Package/gluon-next-node/description diff --git a/package/gluon-next-node/files/lib/gluon/ebtables/250-next-node b/package/gluon-next-node/files/lib/gluon/ebtables/250-next-node deleted file mode 100644 index 0df7abcc..00000000 --- a/package/gluon-next-node/files/lib/gluon/ebtables/250-next-node +++ /dev/null @@ -1,20 +0,0 @@ -local site = require 'gluon.site_config' -local next_node = site.next_node - -rule('FORWARD --logical-in br-client -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP') -rule('FORWARD --logical-in br-client -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP') - -rule('FORWARD --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP') -rule('FORWARD --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP') - -rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP') -rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP') - -rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP') -rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP') diff --git a/package/gluon-next-node/files/lib/gluon/upgrade/400-next-node b/package/gluon-next-node/files/lib/gluon/upgrade/400-next-node index 0ff959fe..aafdbd43 100755 --- a/package/gluon-next-node/files/lib/gluon/upgrade/400-next-node +++ b/package/gluon-next-node/files/lib/gluon/upgrade/400-next-node @@ -2,7 +2,6 @@ local site = require 'gluon.site_config' local uci = require 'luci.model.uci' -local ip = require 'luci.ip' local c = uci.cursor() @@ -17,39 +16,15 @@ c:section('network', 'device', 'local_node_dev', } ) -local prefix4 = ip.IPv4(site.prefix4) c:delete('network', 'local_node') c:section('network', 'interface', 'local_node', { ifname = 'local-node', proto = 'static', - ipaddr = site.next_node.ip4, - netmask = prefix4:mask():string(), + ipaddr = site.next_node.ip4 .. '/32', ip6addr = site.next_node.ip6 .. '/128', } ) -c:delete('network', 'local_node_route6') -c:section('network', 'route6', 'local_node_route6', - { - interface = 'client', - target = site.prefix6, - gateway = '::', - } -) - c:save('network') c:commit('network') - -c:delete('firewall', 'local_node') -c:section('firewall', 'zone', 'local_node', - { - name = 'local_node', - network = {'local_node'}, - input = 'ACCEPT', - output = 'ACCEPT', - forward = 'REJECT', - } -) -c:save('firewall') -c:commit('firewall')