nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gluon-next-node: split batman-adv dependent code

Browse Source 
ebtables and firewall rules have been moved to
gluon-mesh-batman-adv-core. They'll only be active when site.next_node
is set. gluon-next-node is still required in that case.

When gluon-mesh-batman-adv-core is selected, this package has a dependency
This commit is contained in:
Nils Schneider 2015-08-18 11:27:52 +02:00 committed by root
parent f4208f2a2b
commit e980593ff4
10 changed files with 138 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/index.rst
View File

@ -53,6 +53,9 @@ Packages
package/gluon-client-bridge package/gluon-client-bridge
package/gluon-ebtables-filter-multicast package/gluon-ebtables-filter-multicast
package/gluon-ebtables-filter-ra-dhcp package/gluon-ebtables-filter-ra-dhcp
package/gluon-radio-config
package/gluon-next-node
package/gluon-next-node-batman-adv
Releases Releases
-------- --------

10
docs/package/gluon-next-node-batman-adv.rst Normal file
View File

@ -0,0 +1,10 @@
gluon-next-node-batman-adv
==========================
This package sets up ebtables rules to separate the next-node interface
from the layer 2 batman-adv mesh.
site.conf
---------
See :doc:`gluon-next-node`.

17
docs/package/gluon-next-node.rst Normal file
View File

@ -0,0 +1,17 @@
gluon-next-node
===============
This package provides a next-node anycast MAC, IPv6 and IPv4. This allows
a client to reach the node it is connected to using a static address.
site.conf
---------
next_node.ip4
IPv4 for the next-node interface
next_node.ip6
IPv6 for the next-node interface
next_node.mac
MAC for the next-node interface

22
package/gluon-mesh-batman-adv-core/files/files/lib/gluon/ebtables/250-next-node-batman-adv Normal file
View File

@ -0,0 +1,22 @@
local site = require 'gluon.site_config'
local next_node = site.next_node
if next_node then
rule('FORWARD --logical-in br-client -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
rule('FORWARD --logical-in br-client -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP')
end

43
package/gluon-mesh-batman-adv-core/files/files/lib/gluon/upgrade/400-next-node-batman-adv Executable file
View File

@ -0,0 +1,43 @@
#!/usr/bin/lua
local site = require 'gluon.site_config'
local uci = require 'luci.model.uci'
if site.next_node then
local c = uci.cursor()
c:delete('firewall', 'local_node')
c:section('firewall', 'zone', 'local_node',
{
name = 'local_node',
network = {'local_node'},
input = 'ACCEPT',
output = 'ACCEPT',
forward = 'REJECT',
}
)
c:delete('network', 'local_node_route6')
c:section('network', 'route6', 'local_node_route6',
{
interface = 'client',
target = site.prefix6,
gateway = '::',
}
)
c:delete('network', 'local_node_route4')
c:section('network', 'route6', 'local_node_route4',
{
interface = 'client',
target = site.prefix4,
gateway = '0.0.0.0',
}
)
c:save('firewall')
c:save('firewall')
c:save('network')
c:commit('firewall')
c:commit('network')
end

36
package/gluon-next-node-batman-adv/Makefile Normal file
View File

@ -0,0 +1,36 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-next-node-batman-adv
PKG_VERSION:=1
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
include $(GLUONDIR)/include/package.mk
define Package/gluon-next-node-batman-adv
SECTION:=gluon
CATEGORY:=Gluon
TITLE:=Next-node anycast address ebtables filter for batman-adv
DEPENDS:=+gluon-core +gluon-ebtables +gluon-next-node +gluon-mesh-batman-adv +kmod-macvlan
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
endef
define Build/Configure
endef
define Build/Compile
endef
define Package/gluon-next-node-batman-adv/install
$(CP) ./files/* $(1)/
endef
define Package/gluon-next-node-batman-adv/postinst
#!/bin/sh
$(call GluonCheckSite,check_site.lua)
endef
$(eval $(call BuildPackage,gluon-next-node-batman-adv))

4
package/gluon-next-node-batman-adv/check_site.lua Normal file
View File

@ -0,0 +1,4 @@
need_string_match('next_node.ip4', '^%d+.%d+.%d+.%d+$')
need_string_match('next_node.ip6', '^[%x:]+$')
need_string_match('next_node.mac', '^%x[02468aAcCeE]:%x%x:%x%x:%x%x:%x%x:%x%x$')

4
package/gluon-next-node/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-next-node PKG_NAME:=gluon-next-node
PKG_VERSION:=3 PKG_VERSION:=4
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
@ -11,7 +11,7 @@ define Package/gluon-next-node
SECTION:=gluon SECTION:=gluon
CATEGORY:=Gluon CATEGORY:=Gluon
TITLE:=Next-node anycast address TITLE:=Next-node anycast address
DEPENDS:=+gluon-core +gluon-ebtables +gluon-mesh-batman-adv +kmod-macvlan DEPENDS:=+gluon-core +gluon-client-bridge +kmod-macvlan +PACKAGE_gluon-mesh-batman-adv-core:gluon-next-node-batman-adv
endef endef
define Package/gluon-next-node/description define Package/gluon-next-node/description

20
package/gluon-next-node/files/lib/gluon/ebtables/250-next-node
View File

@ -1,20 +0,0 @@
local site = require 'gluon.site_config'
local next_node = site.next_node
rule('FORWARD --logical-in br-client -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
rule('FORWARD --logical-in br-client -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP')
rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP')
rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP')

27
package/gluon-next-node/files/lib/gluon/upgrade/400-next-node
View File

@ -2,7 +2,6 @@
local site = require 'gluon.site_config' local site = require 'gluon.site_config'
local uci = require 'luci.model.uci' local uci = require 'luci.model.uci'
local ip = require 'luci.ip'
local c = uci.cursor() local c = uci.cursor()
@ -17,39 +16,15 @@ c:section('network', 'device', 'local_node_dev',
} }
) )
local prefix4 = ip.IPv4(site.prefix4)
c:delete('network', 'local_node') c:delete('network', 'local_node')
c:section('network', 'interface', 'local_node', c:section('network', 'interface', 'local_node',
{ {
ifname = 'local-node', ifname = 'local-node',
proto = 'static', proto = 'static',
ipaddr = site.next_node.ip4, ipaddr = site.next_node.ip4 .. '/32',
netmask = prefix4:mask():string(),
ip6addr = site.next_node.ip6 .. '/128', ip6addr = site.next_node.ip6 .. '/128',
} }
) )
c:delete('network', 'local_node_route6')
c:section('network', 'route6', 'local_node_route6',
{
interface = 'client',
target = site.prefix6,
gateway = '::',
}
)
c:save('network') c:save('network')
c:commit('network') c:commit('network')
c:delete('firewall', 'local_node')
c:section('firewall', 'zone', 'local_node',
{
name = 'local_node',
network = {'local_node'},
input = 'ACCEPT',
output = 'ACCEPT',
forward = 'REJECT',
}
)
c:save('firewall')
c:commit('firewall')