Commit Graph

1733 Commits

Author SHA1 Message Date
Maciej Krüger
08684e90bb
web-private-wifi: add warning about mesh on wan 2022-12-10 22:49:34 +01:00
Maciej Krüger
896c7c6d78
gluon-config-mode-theme: add .gluon-warning class 2022-12-10 22:49:29 +01:00
Maciej Krüger
30a6b76520
gluon-web-model: add Section:element and Element, add Warning template 2022-12-10 22:49:18 +01:00
Jan-Niklas Burfeind
a8dc234550 realtek-rtl838x: add support for D-Link DGS-1210-10P
as well as the target itself
2022-12-09 16:32:22 +01:00
Kistelini
a072a71213
gluon-core: preserve wireless channel width during updates (#2696)
If the uci option 'gluon.wireless.preserve_channels' is set then the channel width of wireless radios (htmode) is preserved during updates, too.
2022-11-08 10:00:27 +01:00
David Bauer
91bfa4f9c5 ramips-mt7621: add support for ZyXEL NWA55AXE 2022-10-31 12:30:37 +01:00
Martin Weinelt
0c66dc86d2
Merge pull request #2600 from herbetom/bridge-isolated-devices 2022-10-18 10:50:03 +02:00
David Bauer
d972a9df2c
gluon-core: use country3 UCI option (#2639)
Use the country3 option implemented in OpenWrt's hostapd configuration
handling instead of adding it as a custom option.

Signed-off-by: David Bauer <mail@david-bauer.net>

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-12 16:27:06 +02:00
David Bauer
dd30a6e658
rockchip-armv8: add support for NanoPi R4S (#2633) 2022-09-12 02:44:30 +02:00
David Bauer
bffd263617 gluon-core: return boolean from preserve_channels
This method previously returned the string literal of the config key,
leading to checks evaluating to true even in case this option was
disabled.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-08-15 20:53:24 +02:00
David Bauer
d9070eb41a gluon-core: provide migration for preserve_channels
The preserve_channels configuration option was moved to the gluon UCI
package without adding a proper migration.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-08-15 20:53:24 +02:00
David Bauer
50130c3832
gluon-core: increase ath10k peer limit (#2607)
Increase the peer limit for ath10k-ct from 32 to 96 STAs like it is set
for the non-ct firmware / driver. In order to make this work with the
memory constraints of the wireless platform, reduce the number of
concurrent vdevs to the maximum Gluon uses (4).

Closes #2604

Signed-off-by: David Bauer <mail@david-bauer.net>

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-08-10 17:05:51 +02:00
lemoer
70951318bc
gluon-respondd: fix missing section "wifi" for request type "neighbours" (#2599)
The below mentioned commit introduced a regression, that the "wifi"
section of the request type "neighbours" was empty:

    ~# gluon-neighbour-info -d ::1 -r neighbours | ffh_pretty_json
    {
      "wifi": [
      ],
      ...
    }

After this commit, the section (correctly) looks like this:

    root@UFU-FWH-A272-Tresckowstr-GemR-vorne:~# gluon-neighbour-info -d ::1 -r neighbours | ffh_pretty_json
    {
      "wifi": {
        "ca:38:7e:42:5f:21": {
          "neighbours": {
            "fe:9f:4d:01:ea:e1": {
              "noise": -102,
              "inactive": 50,
              "signal": -84
            },
            "fe:df:b9:84:37:51": {
              "noise": -102,
              "inactive": 20,
              "signal": -73
            }
          }
        }
      },
      ...
    }

The issue was due to the fact, that the iteration over the (mesh) wifi interfaces
was broken. The code was assuming, that the section

    config interface 'mesh_radio0'
            option proto 'gluon_mesh'

in /etc/config/network contains an option "ifname", which it does not.
The ifname property is only stored in the corresponding section in
/etc/config/wireless:

    config wifi-iface 'mesh_radio0'
            option ifname 'mesh0'
            option network 'mesh_radio0'
            option mode 'mesh'
            ...

Therefore, we now iterate over wifi-ifaces in /etc/config/wireless, that
have the mode 'mesh' instead. This resolves the issue.

Fixes 0f1fa243f7
2022-08-09 22:24:44 +02:00
lemoer
6df0647301
gluon-mesh-batman-adv: add "gateway_tq" field to respondd statistics (#2596)
This new field reflects the TQ to the selected gateway.

Before this commit, if you had connectivity issues in a larger mesh,
it was a tedious task to understand which nodes are affected and which
are not. By providing this new value for each node, it becomes easier
to see which nodes are affected by the connectivity issues and which
are not.

The new field "gateway_tq" is located at the toplevel of the
statistics resource (next to "gateway" and "gateway_nexthop"):

    gluon-neighbour-info -d ::1 -r statistics
    {
        ...
        "gateway": "02:a1:71:04:09:10",
        "gateway_nexthop": "88:e6:40:20:90:10",
        "gateway_tq": 193,
        ...
    }
2022-08-09 21:09:28 +02:00
David Bauer
5600b87014
Merge pull request #2553 from ffgraz/mmfd
Move common firewall rules to respective packages
2022-08-09 20:43:14 +02:00
Tom Herbers
75ceb0d963
web-admin: ignore minor compat-version on upgrade (#2590)
This implements the same behavior as it is used in the autoupdater [1].

This is for example required to allow the manual installation of
firmware upgrades via the config mode on devices which where migrated
from swconfig to DSA. Otherwise the image will always be invalid.

[1] b804281664
2022-08-09 20:16:33 +02:00
Matthias Schiffer
20eea9b9ca
gluon-mesh-vpn-fastd: fix respondd segfault under load (#2594)
When running "fastd -v" fails, line may be NULL, causing a segfault in
strncmp.
2022-08-09 20:09:31 +02:00
Tom Herbers
33779ccd96
gluon-core: enable bridge port isolation for br-mesh_other interfaces 2022-08-09 10:51:55 +02:00
aiyion.prime
26b5764c74 gluon-setup-mode: add fallback led-boot as status
for devices in targets that do no implement `get_status_led` in /etc/diag.sh
and do not have an led-running in their dts
2022-07-10 23:22:11 +02:00
J. Burfeind
11905af169
ath79-generic: (re)add support for UniFi AC Mesh Pro (#2462)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-07-10 23:10:07 +02:00
Matthias Schiffer
e53e4440ae
gluon-core: always store primary MAC address in lowercase hex digits (#2579)
Depending on the source of the primary MAC address, uppercase digits
would be used on some devices. Convert the address to lowercase for
consistency.

We only change the case for newly configured nodes to avoid changing the
node ID and derives MAC addresses for existing installations.
2022-07-08 20:55:24 +02:00
David Bauer
a9fff111bd treewide: rename ip6tables-legacy
The ip6tables-legacy metapackage was renamed to ip6ables-zz-legacy.
2022-07-07 19:06:14 +02:00
Maciej Krüger
242a2dccd5
gluon-mesh-layer3-common: add node_prefix6 to check_site 2022-07-07 13:54:08 +02:00
Maciej Krüger
c3af0aca96
gluon-mesh-layer3-common: add radvd from babel 2022-07-07 13:54:05 +02:00
Maciej Krüger
b5f36c7e00
gluon-mesh-layer3-common: add ip6 from babel 2022-07-07 13:52:25 +02:00
Maciej Krüger
b59eb548b5
gluon-mesh-babel: use layer3 common 2022-07-07 13:52:25 +02:00
Maciej Krüger
85d61f12bd
gluon-mesh-babel: remove common fw rules 2022-07-07 13:52:25 +02:00
Maciej Krüger
0cf6fade94
gluon-mmfd: add firewall rules 2022-07-07 13:52:25 +02:00
Maciej Krüger
583dc69961
gluon-l3roamd: add firewall rules 2022-07-07 13:52:25 +02:00
Maciej Krüger
ef7ef09af8
gluon-mesh-layer3-common: add package 2022-07-07 13:52:24 +02:00
David Bauer
0394047a70
Merge pull request #2574 from blocktrron/lantiq-dsa
lantiq-xrx200: allow updates from swconfig to DSA
2022-07-06 22:20:10 +02:00
David Bauer
c06bdd6cfe
gluon-core: only restore WAN proto on upgrade (#2576)
Only restore the netifd proto for the WAN bridge in case the upgrade is
done from an older Gluon version.

For DSL targets, OpenWrt defaults the WAN proto to pppoe, while Gluon
uses the Ethernet ports for WAN. When unconditionally preserving the WAN
proto, pppoe is carried over to Gluon's network config.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-07-06 22:19:55 +02:00
timniklas
39f9bf7ac3
ipq40xx-mikrotik: add support for mikrotik-sxtsq-5-ac (#2573)
Co-Authored-By: J. Burfeind <github@aiyionpri.me>

Co-authored-by: Tim-Niklas Koch <info@tnkoch.de>
Co-authored-by: J. Burfeind <github@aiyionpri.me>
2022-07-06 22:18:40 +02:00
David Bauer
3aba0fe610 gluon-core: remove unused lantiq case
There was never a device with a dedicated WAN port supported in Gluon
which could make use of such a workaround.

As the only relevant lantiq-xrx200 target now uses swconfig anyways,
we can remove this workaround.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-07-05 23:45:07 +02:00
J. Burfeind
e5a6233709
ath79-generic: (re)add WBS510 v1 (#2543)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-07-03 23:49:38 +02:00
David Bauer
ef3e195340
Merge pull request #2548 from AiyionPrime/ath79-lan-split
gluon-core: split dual lan devices
2022-06-25 18:06:46 +02:00
aiyion.prime
8ee1d44567 gluon-core: split dual lan devices 2022-06-25 16:37:45 +02:00
aiyion.prime
ca37f2036c gluon-enter-setup-mode: remove unused pipefail
posix-sh does not support pipefail this way
2022-06-22 14:58:30 +02:00
aiyion.prime
4ab486dd2c run-build.sh, gluon_bat0.sh: add double quotes
to prevent word splitting and globbing
2022-06-22 14:56:12 +02:00
David Bauer
df07fc8040
gluon-client-bridge: simplify OWE-TM configuration (#2550)
OpenWrt now allows to specify the ifname of the transition interface
instead of SSID and BSSID, internally automatically detecting these from
interfaces on the same PHY. Thus, these cross-VAP dependant
configuration can be omitted from UCI.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-06-19 17:06:02 +02:00
Maximilian Baumgartner
b74287c017
rampis-mt7621: add support for Netgear WAC104 (#2557)
Co-authored-by: Maximilian Baumgartner <aufhaxer@googlemail.com>
2022-06-17 23:27:06 +02:00
J. Burfeind
1f4c5681e4
ath79-generic: add support for CPE710v1 (#2558) 2022-06-17 23:12:36 +02:00
J. Burfeind
1ab1df080e
ath79-generic: (re)add support for NanoStation Loco M2 (XW) (#2547)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-06-16 14:52:05 +02:00
Matthias Schiffer
ae7b87b0f0
Merge pull request #2520 from freifunk-gluon/check-updater-branch
gluon-autoupdater: check default branch name, check number of pubkeys, revert invalid branch on update/reconfigure
2022-06-11 10:32:19 +02:00
J. Burfeind
2887adef5f
ath79-generic: (re)add support for NanoBeam M5 (XW) (#2432)
Gone due to
commit 071cf7b20f ("Switch to Lua for target definitions")

Has prior been introduced as untested -> broken in
commit d586720c5c ("ar71xx-generic: add support for Ubiquiti NanoBeam M5")

Was commented out in the former commit.
2022-05-30 20:44:43 +02:00
Jan
b690939fae
ramips-mt7620: remove "broken" status for ASUS RT-AC51U (#2494) 2022-05-27 21:40:05 +02:00
Matthias Schiffer
92a6b81e8a
gluon-autoupdater: check that good_signatures does not exceed number of provided pubkeys 2022-05-27 12:12:26 +02:00
Matthias Schiffer
53cf8796c7
gluon-autoupdater: revert to default branch when configured branch is invalid
An invalid branch may be set for various reasons:

- Previous firmware had an invalid default branch
- Branch list has changed and old UCI branch config was removed by a
  site-specific upgrade script
- Manual UCI configuration
2022-05-27 12:00:32 +02:00
Matthias Schiffer
2c65f0834b
gluon-autoupdater: factor out default_branch() function
Make the code clearer and prepare for invalid branch fixup.
2022-05-27 12:00:32 +02:00
Matthias Schiffer
db48b6b693
gluon-autoupdater: check default branch name
Check the default branch (both from site.conf and GLUON_AUTOUPDATER_BRANCH)
against the list of configured branch names to avoid misconfiguration.
2022-05-27 12:00:32 +02:00
Matthias Schiffer
d24ae56378
gluon-core: check-site: support checking "custom" values
The new "value" helper can be used to turn a Lua value into a path that
can be passed to need_*() etc.
2022-05-27 12:00:31 +02:00
Matthias Schiffer
674ec7b64a
ath79-generic: re-add support for Ubiquiti UniFi AP Outdoor+ (#2440)
Removed in 45c84a117b ("ar71xx: drop target").
2022-05-26 23:35:18 +02:00
David Bauer
1ef3edbe58
Merge pull request #2352 from lemoer/pr_site_vpn_mtu_in_provider
RFC: gluon-mesh-vpn-*: make MTU of VPN device provider specific
2022-05-22 11:45:10 +02:00
J. Burfeind
36f406746e
gluon-status-page: fix mesh-vpn section for wg (#2502)
Since freifunk-gluon/packages#250 mesh-vpn-peers
can be empty arrays if they're not connected
and the node is in a WireGuard site.
2022-05-21 20:27:14 +02:00
lemoer
7c81897b4c gluon-mesh-vpn-*: make vpn MTU provider specific
If a community uses different vpn providers, they typically
assume the same MTU for the wan device underneath the VPN. As
different VPN providers however have different overhead, the MTU
of the VPN device differs for each provider. Therefore this
commit makes the MTU of the VPN device provider specific.

This has two advantages:
1. The same site.conf can used to bake firmwares for different
   VPN providers (only by selecting a diferent vpn feature in the
   site.mk).
2. We are coming closer to the option of integrating multiple VPN
   providers into one firmware.
2022-05-21 18:12:49 +02:00
Maciej Krüger
57c0bdbf56
gluon-core: add post-setup.d .keep (#2525)
This folder is referenced in files/lib/netifd/proto/gluon_mesh.sh, but 
there's no .keep for it
2022-05-20 18:59:37 +02:00
J. Burfeind
02edf564bd
ath79-generic: (re)add CPE210v3 (#2506)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-13 23:36:34 +02:00
Matthias Schiffer
b68f2484ff
treewide: remove leftover GLUON_SPECIALIZE_KERNEL dependencies (#2514)
This was removed in commit c23bc293ef ("treewide: remove
GLUON_SPECIALIZE_KERNEL").
2022-05-08 12:14:03 +02:00
David Bauer
56eaf4aa28
treewide: switch crypto lib to WolfSSL (#2509)
WolfSSL has a significant lower flash footprint. Also, issues with OWE /
SAE connections were fixed in OpenWrt a while ago.

See ddcb970274

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-05-07 15:17:03 +02:00
David Bauer
d656d38c7c mesh-vpn-core: require legacy iptables
Require legacy iptables, as Gluon still depends on firewall3. Otherwise,
nftables is pulled in as a dependency.
2022-05-06 20:55:57 +02:00
David Bauer
3dc3b40819 treewide: replace ip6tables with ip6tables-legacy 2022-04-30 16:35:06 +02:00
Matthias Schiffer
a27edd4baa
Merge pull request #2459 from ffgraz/cm
gluon-setup-mode: add gluon-enter-setup-mode
2022-04-27 18:36:59 +02:00
Matthias Schiffer
1992383134
Merge pull request #2457 from MyIgel/statuspage-fix-tables
gluon-status-page: explicitly add tbody element to fix table manipulation
2022-04-27 17:20:24 +02:00
Igor Scheller
1ceb4428da gluon-status-page: Use querySelector instead of firstElementChild 2022-04-17 23:26:17 +02:00
Igor Scheller
68a5a74d1d gluon-status-page: Move mesh vpn id to table body, directly use table body 2022-04-17 23:10:40 +02:00
Matthias Schiffer
a8d25670ce
gluon-core: use copy of "WAN" role list for "single" default (#2478)
Instead of using roles.wan directly as the default for roles.single,
create a copy of the table, so subsequent modifications of roles.single
don't affect roles.wan as well.

Fixes migration of Mesh-on-WAN status when no default for "single"
interfaces is set in site.conf.
2022-04-17 20:46:53 +02:00
Matthias Schiffer
1252871217
gluon-core: fix gluon.util.get_role_interfaces() with empty role list (#2472)
The function failed when an interface has no roles assigned, breaking
several upgrade scripts.

Closes #2471
2022-04-17 01:19:22 +02:00
Matthias Schiffer
4225bd3853
gluon-core: fix setting interface default roles from site.conf (#2463)
Make the code match the docs and check_site.lua by actually looking up
the "default_roles" field, not "roles".
2022-04-13 00:49:46 +02:00
Igor Scheller
ea7b3163d1 gluon-status-page: Code clarification and formatting 2022-04-11 23:51:19 +02:00
J. Burfeind
684b4a80a0
ath79-generic: (re)add support for wbs210v1 (#2461)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-04-08 00:18:34 +02:00
Maciej Krüger
1d7d50cf23
gluon-setup-mode: use gluon-enter-setup-mode 2022-04-06 22:30:02 +02:00
Maciej Krüger
cc49806e08
gluon-setup-mode: add gluon-enter-setup-mode
Script to enable setup mode and reboot

Fixes #2412
2022-04-06 22:29:45 +02:00
Igor Scheller
3e0a6a64e3 gluon-status-page: Use <tbody> as browsers can add it automatically 2022-04-03 13:54:20 +02:00
J. Burfeind
dfa209a88a
ath79-generic: (re)add NanoStation M2/M5 (XW) (#2443)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-04-03 00:01:38 +02:00
J. Burfeind
39c3c7adf3
ath79-generic: (re)add support for UniFi AP PRO (#2416)
Ubiquiti UniFi AP PRO

Gone due to
commit 45c84a1 ("ar71xx: drop target")
2022-03-26 11:11:32 +01:00
J. Burfeind
087c15ae0c
ath79-generic: (re)add support for UniFi AC Mesh (#2428)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-03-26 10:52:35 +01:00
J. Burfeind
1bfad8ff02
ath79-generic: (re)add support for CPE510 v1.x (#2430)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-03-25 23:39:19 +01:00
J. Burfeind
fd8d5a3cdb
ath79-generic: (re)add support for CPE210 v2.x (#2429)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-03-25 18:21:24 +01:00
J. Burfeind
a5ada094bf
ath79-generic: (re)add support for CPE210 v1.x (#2410)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-03-24 19:21:45 +01:00
Matthias Schiffer
9c13c4755e
gluon.mk: print source file name in GluonSrcDiet (#2424)
luasrcdiet will not print the name of its input file when an error
occurs. To facilitate debugging, echo the name before calling it, so it
is visible with V=s or BUILD_LOG=1.
2022-03-24 06:48:10 +01:00
David Bauer
a3203b26c4
Merge pull request #2372 from freifunk-gluon/uci-regen
Regenerate network and system UCI configs on every reconfigure, switch to role-based interface configuration
2022-03-20 17:54:04 +01:00
Matthias Schiffer
073e559dc5
gluon-mesh-babel: do not allow disabling VXLAN (#2376)
With Babel, wired meshing cannot run on the same logical interface as
non-mesh traffic, so using VXLAN is mandatory.
2022-02-23 19:10:13 +01:00
David Bauer
428b8afb92
Merge pull request #2186 from freifunk-gluon/fastd-l2tp
fastd: add L2TP offload support
2022-02-23 19:03:19 +01:00
Matthias Schiffer
26b26395d1
Merge pull request #2399 from MyIgel/remove-xhtml
treewide: Replace xhtml content type with html, remove xhtml workaround, replace self closing tags
2022-02-22 21:46:29 +01:00
Matthias Schiffer
a671b5081c
gluon-core: preserve explicitly marked network and system sections
A section can be marked as preseved by setting the gluon_preserve option
to 1. In addition the following conditions must hold:

- The preserved section must not already exist after OpenWrt's and
  Gluons setup scripts run. Modifying existing sections is currently
  unsupported.
- Preserved sections must be named, so it can be detected whether a
  section conflicts with a preexisting one.
2022-02-22 18:52:15 +01:00
Matthias Schiffer
6dcee2e324
gluon-web-network: update wired mesh settings for new role-based configuration 2022-02-22 18:52:15 +01:00
Matthias Schiffer
316e96a467
gluon-core, gluon-setup-mode: reset ifname sysconfigs on each update, introduce single_ifname
Allow interface names to change on updates to handle hwconfig -> DSA and
similar migrations.

On devices with only a single interface, a sysconfig single_ifname is
created instead of wan_ifname or lan_ifname to allow separate
configuration in site.conf.
2022-02-22 18:52:15 +01:00
Matthias Schiffer
c779d12369
treewide: use interface roles as basis for network configuration
With the new role-based interface configuration, it would be better to
rename the wan/wan6 interfaces to uplink/uplink6, but that would cause
unnecessary churn for the firewall configuration, so it is left for a
later update.

As all interfaces with the 'uplink' role are in the br-wan bridge, it is
not possible to assign these to the 'mesh' role independently - instead,
br-wan is added as a mesh interface as soon as a single interface has
both the 'uplink' and 'mesh' roles. The UCI section for this
configuration is now called 'mesh_uplink' instead of 'mesh_wan'.

For all interfaces that have the 'mesh', but not the 'uplink' role a
second configuration 'mesh_other' is created. If there is more than one
such interface, all these interfaces are bridged as well (creating a
bridge 'br-mesh_other'). This replaces the 'mesh_lan' section with its
optional 'br-mesh_lan' bridge, but can also include interfaces that were
not considered "LAN" when interfaces roles are modified (via site.conf
or manually).
2022-02-22 18:52:15 +01:00
Matthias Schiffer
4b8251c988
gluon-core: initialize interfaces role configuration
The new configuration generates sections iface_single/lan/wan in
/etc/config/gluon. These sections usually refer to a sysconfig-controlled
interface list, but adding custom sections with verbatim interfaces names
is also possible.

Each interface section contains a list of roles. The supported roles are
'client', 'uplink' and 'mesh'. Multiple roles can be configured on the
same interface (for example the old 'mesh_on_wan' setting would become
'uplink'+'mesh').

'client' is subsumed by any other role configured on the same interface
('client'+'mesh' is equivalent to 'mesh'). This property is important, as
it allows the Wired Mesh settings in gluon-web-network to simply add and
remove the mesh role without having to care what other roles are set -
so in the default setup, this would switch between 'client' and
'client'+'mesh' for the LAN interface.

By default, the WAN interface has role 'uplink' and the LAN interface
'client'; if only a single interface exists, the roles from the WAN
interface are used by default. The default for each of the three
interfaces (WAN/LAN/single) can be changed separated in site.conf,
superseding the old mesh_on_wan, mesh_on_lan and single_as_lan settings.
2022-02-22 18:52:15 +01:00
Matthias Schiffer
05c29512ec
gluon-core: sysconfig: avoid unnecessary writes
Do not write files when the content is unchanged.

Avoids a few unnecessary filesystem writes when resetting ifname
sysconfigs on each upgrade.
2022-02-22 18:52:15 +01:00
Matthias Schiffer
c2a5f57c40
treewide: regenerate network and system configs on every reconfigure 2022-02-22 18:52:15 +01:00
Matthias Schiffer
eea49a2834
gluon-config-mode-core: discard gluon-reconfigure output (#2395)
The stdout output of gluon-web scripts is directly sent to uhttpd,
becoming a part of the HTML output or even replacing HTTP status or
headers. The output of gluon-reconfigure is not supposed to end up
there.

While we're at it, also add an exec to avoid an unnecessary shell
process.
2022-02-22 18:51:45 +01:00
Igor Scheller
f033fcfc0d treewide: Replace /> self closing html tags with > 2022-02-22 18:48:09 +01:00
Igor Scheller
d728f17b8f treewide: Replace xhtml content type with html, remove xhtml workaround 2022-02-20 12:45:43 +01:00
Igor Scheller
bbc00017a9
gluon-web-osm: Fix " rendering in attribution with CDATA tag (#2398) 2022-02-20 11:51:58 +01:00
Matthias Schiffer
62b24ed7ce
gluon-web-osm: update OpenLayers default URL to 5.3.0
The OpenLayers JS/CSS download URL is dead. Update it to make the map
work again:

- Update from OpenLayers 5.2.0 to 5.3.0
- Switch from the obsolete rawgit.com URL to jsdelivr.net (rawgit.com
  was only redirecting to jsdelivr.net for the last few years anyways)
- Set a fixed commit in the URL, so the URL doesn't become outdated again
2022-02-13 22:07:36 +01:00
Matthias Schiffer
7c6befc7c3
gluon-mesh-vpn-fastd: add L2TP offload support 2022-02-08 21:09:15 +01:00
Matthias Schiffer
15eeb86f42
gluon-{,web-}mesh-vpn-fastd: add support for null@l2tp method
THe "null" and "null@l2tp" methods are considered equivalent and always
added and removed together when the method list is "configurable".
"null@l2tp" is added before "null", so it is preferred when the peer
supports both.
2022-02-08 21:01:42 +01:00
Matthias Schiffer
487d312d25
fastd: update and add L2TP variant
This also drops the GMAC-based methods from gluon-mesh-vpn-fastd's
check_site.lua, as they are not supported anymore.
2022-02-08 21:01:42 +01:00
Matthias Schiffer
68e8d32570
Merge pull request #2383 from freifunk-gluon/web-fixes
gluon-web: prohibit cross-origin POST requests
2022-02-03 16:49:22 +01:00
Matthias Schiffer
1041014cf3
Merge pull request #2382 from freifunk-gluon/cleanup
Removal of more obsolete migrations, minor cleanup and improvements to lsupgrade.sh
2022-02-01 23:31:41 +01:00
Matthias Schiffer
a83466be6e gluon-web: prohibit cross-origin POST
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.
2022-02-01 23:27:38 +01:00
Matthias Schiffer
f3960eeb47 gluon-web: improve error handling of parse_message_body()
Actually raise an error and turn it into an HTTP 400 return code when
something goes wrong, rather than ignoring the error.

We also improve the conditions under which errors are thrown before
pump() is called: We don't need to check for the multipart/form-data
content-type twice, and a POST without this content-type is now always
an error.
2022-02-01 23:27:38 +01:00
Matthias Schiffer
de43b306d4 gluon-web: add CRLF to text/plain Internal Server Error output
Having a trailing newline is nice when viewing the returned data in a
terminal.
2022-02-01 23:27:38 +01:00
Matthias Schiffer
94519cfc56
gluon-web-*: remove unused "token" form value
This was a remnant of LuCI that was never used in gluon-web.
2022-02-01 23:22:08 +01:00
Matthias Schiffer
3ea770db73
ath79-generic: swap interfaces on TP-Link WBS210 v2 (#2385)
Swap the interfaces so than the PoE input port LAN0 is used for WAN and
config mode, and LAN1 becomes LAN.

To this end, the code previously used for ar71xx and removed in
commit 9fdc57c175 ("treewide: drop ar71xx platform specific code") is
reintroduced.

Fixes #2384
2022-01-28 19:45:34 +01:00
Matthias Schiffer
578daf5f87
gluon-core: remove obsolete config file 2022-01-23 14:44:07 +01:00
Matthias Schiffer
12127813c5
gluon-core: move preserve_channels setting to /etc/config/gluon
/etc/config/gluon-core is used for nothing else.

As /etc/config/gluon uses a named wireless section, also change the
get_first() to get().
2022-01-23 14:44:06 +01:00
Matthias Schiffer
b68a07e930
gluon-mesh-vpn-fastd: merge secret generation setup into main upgrade script
There wasn't really a reason to have a separate script to set a single
value.

In addition, the old script was using the identifier 'c' instead of
'uci' for the UCI cursor. Following the convention of the other scripts
is helpful so it is easy to grep for all uses of a certain config file/
option.
2022-01-23 14:44:06 +01:00
Matthias Schiffer
d8f6ed2406
gluon-node-info: remove obsolete migration/fixup 2022-01-23 14:44:06 +01:00
Matthias Schiffer
225e8692bd
gluon-radvd: remove obsolete migration 2022-01-23 14:44:06 +01:00
Matthias Schiffer
c530070e96
gluon-mesh-vpn-tunneldigger: remove obsolete migration 2022-01-23 14:44:06 +01:00
Matthias Schiffer
84f4c164f4
gluon-setup-mode: remove obsolete migration 2022-01-23 14:44:06 +01:00
Luflosi
55e95dd49b
ath79-generic: add support for TP-Link Archer A7 v5 (#2374) 2022-01-14 23:20:22 +01:00
aiyion.prime
6b6a091634 fixup! gluon-mesh-babel: implement neighbour check 2022-01-14 11:47:37 +01:00
Maciej Krüger
a8d6a99f5b
gluon-mesh-vpn-wireguard: fix empty string key
Co-Authored-By: Matthias Schiffer <mschiffer@universe-factory.net>
2022-01-14 04:53:28 +01:00
Maciej Krüger
78ca654c5c
gluon-mesh-vpn-fastd: fix empty string key
Co-Authored-By: Matthias Schiffer <mschiffer@universe-factory.net>
2022-01-14 04:53:28 +01:00
Maciej Krüger
08a8ef0bcd
gluon-web-admin: remove pubkey empty string workarround
Co-Authored-By: Matthias Schiffer <mschiffer@universe-factory.net>
2022-01-14 04:53:25 +01:00
Maciej Krüger
816d2796be
gluon-core: add gluon info binary
This copies the code from web-admin and uses it to create a neat
cli-accessible summary about a node

This could also be extended or possibly have all the data the status
page has

Co-Authored-By: Matthias Schiffer <mschiffer@universe-factory.net>
2022-01-14 04:53:19 +01:00
J. Burfeind
7427ba2280
gluon-status-page: split bwlimit into two lines (#2371)
Fixes: 1cb0fc84fc ("gluon-status-page: swap bandwidth limits (#2304)")
Resolves #2370
2022-01-07 21:35:15 +01:00
David Bauer
b95b857aa8
Merge pull request #2339 from freifunk-gluon/status-page-iwinfo
gluon-status-page: use UCI + iwinfo to get channel information
2022-01-02 19:18:53 +01:00
Matthias Schiffer
eaac48e20d
gluon-mesh-vpn-fastd: remove obsolete migration 2022-01-01 01:46:19 +01:00
Matthias Schiffer
97ef7889c6
gluon-core: remove more obsolete migrations 2022-01-01 01:45:52 +01:00
Matthias Schiffer
9712912904
gluon-l3roamd: remove obsolete migration code 2021-12-31 23:22:14 +01:00
Matthias Schiffer
5b40265ff2
gluon-mesh-batman-adv: remove obsolete migration code 2021-12-31 23:16:15 +01:00
Matthias Schiffer
bae14abca4
gluon-core: remove obsolete proto 'batadv' -> 'gluon_mesh' migration
More migration code from 2016.
2021-12-31 22:51:29 +01:00
Matthias Schiffer
16bf5e3e5d
gluon-core: remove obsolete sysconfig.gluon_version handling
The file /lib/gluon/version/core hasn't existed since early 2014, so
this whole script is obsolete.
2021-12-31 22:51:29 +01:00
Matthias Schiffer
4019293e85
gluon-respondd: remove obsolete migration from upgrade script (#2350)
announced was renamed to respondd in 2016. Let's remove the obsolete
migration code.
2021-12-25 11:42:57 +01:00
David Bauer
fdc79c5721
gluon-ebtables-limit-arp: declare clock as extern (#2343)
Declare the clock variable as extern in the header file.

Fixes compilation of gluon-ebtables-limit-arp with OpenWrt master:

multiple definition of `clock'; /gluon/openwrt/tmp/ccuynR0G.o:(.bss+0x230): first defined here

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-20 17:37:51 +01:00
Matthias Schiffer
17e1aa4ffd
gluon-core: migrate wireless configuration from hwmode to band
The migration is done very early, as other upgrade scripts depend on the
band setting through platform.device_uses_11a().
2021-12-19 16:43:19 +01:00
David Bauer
c52089fcda
treewide: use radio band option to determine frequency band
The 'hwmode' setting has been replaced with 'band' in OpenWrt to add
support for newer bands outside of 2.4G and 5G. Adjust Gluon accordingly.

[Matthias Schiffer: rebased, extended commit message]
2021-12-19 16:43:12 +01:00
Matthias Schiffer
b40b1c82e0
Merge pull request #2312 from freifunk-gluon/gluon-web-wifi-cleanup
Hide WLAN config on devices without WLAN + related cleanup
2021-12-16 20:03:27 +01:00
Matthias Schiffer
1013dcb148
gluon-ebtables-filter-ra-dhcp: disable DHCPv4 filter when gw_mode == 'server' (#2324)
In meshes without VPN or supernodes, it may be desirable to connect a
router providing IPv4 addresses directly to a regular Gluon node. For
this to work, it was necessary to remove the gluon-ebtables-filter-ra-dhcp
package from the node, so the autoupdater also needed to be disabled.

To avoid this, make gluon-ebtables-filter-ra-dhcp disable the DHCPv4
filter rules when gw_mode is set to 'server'.

No solution is provided for RA/DHCPv6, but this seems less pressing for
local meshes, as nodes can already provide working IPv6 connectivity
by themselves through gluon-radvd.
2021-12-16 20:01:57 +01:00
Matthias Schiffer
201e1597b1
gluon-status-page: use UCI + iwinfo to get channel information
The network.wireless status ubus call only returns the configured
channel from UCI, breaking the status page in outdoor mode, where the
configuration contains 'auto' instead of a number.

Fixes: 0d3fa6b59b ("gluon-status-page: use ubus to get radio channels")
Closes #2336
2021-12-15 22:48:13 +01:00
aiyion.prime
1944ea0e01 gluon-status-page: fix lastImage in Signal() 2021-11-12 12:23:37 +01:00
aiyion.prime
8c85be2125 gluon-status-page: fix address_to_groups()
In js `return` does behave like `continue` in a forEach() iteration.
The fixed function was intended to return nothing on error and does so
now, instead of a shorter (useless) array like before.
2021-11-12 12:19:47 +01:00
Matthias Schiffer
51a1708453
gluon-neighbour-info: avoid recv() with NULL buffer (#2323)
Calling functions like recv() with a NULL buffer is not explicitly
allowed by the POSIX standard, so it must be avoided to be portable
across different libc implementations. Allocate an initial buffer before
handling requests, and also pass this buffer to the peek recv() call.

Fixes: 531937cf6f ("gluon-neighbour-info: fix broken output with large results")
2021-10-16 14:01:34 +02:00
Matthias Schiffer
f419db58a2 Set PKG_VERSION in gluon.mk
This removes PKG_VERSION and PKG_RELEASE from most Makefiles, as the
value was never useful for Gluon packages; instead, PKG_VERSION is set
to 1 in gluon.mk.

It also removes two other weird definitions:

- gluon-iptables-clamp-mss-to-pmtu replicating the old PKG_VERSION logic
  from gluon-core, but without the fixed PKG_BUILD_DIR to prevent
  unnessary rebuilds
- gluon-hoodselector set GLUON_VERSION=3
2021-10-07 23:42:38 +02:00
Matthias Schiffer
a6187cce70
gluon-core, gluon-site: get version numbers from .config
Calling git describe directly breaks isolation between the build system
and packages. Replace this with proper .config variables, like we
already do for GLUON_RELEASE.

Also replace the PKG_VERSION hack with a static '1', as we do for other
packages - while having those version numbers in opkg was cute, it was
also entirely useless. Having a fixed PKG_VERSION allows us to remove
the PKG_BUILD_DIR override as well.
2021-10-05 21:48:07 +02:00
T-X
531937cf6f
gluon-neighbour-info: fix broken output with large results (#2322)
Currently a buffer with a fixed size of 8192 bytes is used. However the
result can potentially be larger, which leads to a truncated JSON
output on stdout. UDP packets, without compression and with IP
fragmentation, can be up to 64KiB large.

Instead of using a fixed size buffer on the stack ask the kernel first
about the size of the UDP data and allocate a buffer of appropriate size
on the heap before receiving the UDP data.

The issue was observed with a custom respondd provider.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2021-10-04 21:23:29 +02:00
lemoer
3f7c0b3ae8
gluon-mesh-vpn-wireguard: add package (#2168)
The address of the vpn interface is calculated in the style of
modified EUI-64, based on a virtual mac address. This virtual mac
address consists of 0x00 as first byte and the other five bytes
are taken from the first bytes of md5sum(base64 encoded public key).

The algorithm was taken by the ffmuc, with a slight difference. ffmuc
calculated the result of md5sum(base64 encoded public key + '\n')
which was interpreted as accidential fault and therefore dropped.

Example:
- Public-Key: "gP3VJnTTvnQut+z4O+m0N9RgMyXbgyUbUkF3E3TKX2w="
- Address: "fe80::02ca:b8ff:fedc:2eb3"

The following interfaces are used for wireguard:
- wg_mesh  -> wireguard interface
- mesh-vpn -> vxlan iface on top of wg_mesh

If you use this new feature, make sure the NTP servers in your site
config are publicly reachable. This is necessary, since wireguard
requires correct time before the vpn connection is established.
Therefore gluon performs ntp time synchronisation via WAN before it
establishes the vpn connection. Therefore the NTP servers have to
be publicly reachable (and not only via mesh).
2021-09-15 01:25:59 +02:00
Matthias Schiffer
a40a89d906
gluon-web-wifi-config, gluon-web-private-wifi: hide pages on devices without WLAN
Fixes: #2311
2021-09-13 18:10:49 +02:00
Matthias Schiffer
5f1f960753
gluon-core: introduce device_uses_wlan() helper 2021-09-13 17:47:04 +02:00
Matthias Schiffer
ed7134fae6
gluon-web-wifi-config: reuse device_uses_11a() instead of reimplementing it less efficiently 2021-09-13 17:43:16 +02:00
Matthias Schiffer
7a2cd66cb9
gluon-core: move a few WLAN-specific functions from gluon.platform to gluon.wireless
Avoid requiring gluon.wireless from gluon.platform, and requiring
gluon.platform from various other scripts.
2021-09-13 17:41:15 +02:00
lemoer
077439de46
treewide: remove duplicate i18n translations (#2309)
Before this commit, some *.po files contained the same translation
twice within the same file. While this did not led to errors in
gluon yet, it is still invalid. This commit fixes that and removes
the duplicates.
2021-09-11 22:47:11 +02:00
Matthias Schiffer
1ae7046958
treewide: clean up site checks for prefix[46] and extra_prefixes6
- Move site check for prefix4 and extra_prefixes6 to gluon-core, so the
  rules don't need to be duplicated in several packages. This also fixes
  gluon-respondd not checking extra_prefixes6 at all when
  gluon-ebtables-source-filter is not installed as well.
- A redundant check for prefix6 is removed from gluon-l3roamd (this was
  already checked by gluon-core)
- A separate check for prefix4 remains in gluon-client-bridge, as the
  setting in mandatory there
2021-09-04 21:17:29 +02:00
Matthias Schiffer
90fe74bf4d
Merge pull request #2289 from freifunk-gluon/status-page-improvements
Status page improvements
2021-09-04 21:11:05 +02:00
Martin Weinelt
c132c5abb7
Merge pull request #2301 from herbetom/eap225-outdoor
ath79-generic: add support for TP-Link EAP225-Outdoor v1
2021-09-01 15:12:55 +02:00
Tom Herbers
1cb0fc84fc
gluon-status-page: swap bandwidth limits (#2304) 2021-08-31 20:07:17 +02:00