Commit Graph

3462 Commits

Author SHA1 Message Date
Christof Schulze
e724fec260 gluon-l3roamd: adjust l3roamd startup parameters
* use local socket
* use main routing table,
* pass client-bridge
2018-02-15 23:54:06 +01:00
Matthias Schiffer
62d8d3e8f2
Update LEDE patches 2018-02-15 23:27:15 +01:00
Linus Lüssing
84a6f65f02 gluon-ebtables-limit-arp: a package for ARP rate-limiting
This package adds filters to limit the amount of ARP Requests
devices are allowed to send into the mesh. The limits are 6 packets
per minute per client device, by MAC address, and 1 per second per
node in total.

A burst of up to 50 ARP Requests is allowed until the rate-limiting
takes effect (see --limit-burst in the ebtables manpage).

Furthermore, ARP Requests with a target IP already present in the
batman-adv DAT Cache are excluded from the rate-limiting,
both regarding counting and filtering, as batman-adv will respond
locally with no burden for the mesh. Therefore, this limiter
should not affect popular target IPs, like gateways.

However it should mitigate the problem of curious people or
smart devices scanning the whole IP range. Which could create
a significant amount of overhead for all participants so far.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2018-02-15 23:21:11 +01:00
Linus Lüssing
66d4cdf466 kernel: bridge: ebtables: Avoid resetting limit rule state
This is needed for the Gluon ARP limiter to work without hiccups in
traffic.

Link: https://patchwork.ozlabs.org/patch/841210/
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2018-02-15 23:21:11 +01:00
kb-light
b98956e47e
gluon-config-mode-domain-select: new package
[Matthias Schiffer: slightly clean up code]
2018-02-15 20:57:53 +01:00
Matthias Schiffer
0dd03597a6
gluon-config-mode-core: allow returning functions from wizard modules
Allow returning functions in addition to the names of UCI packages to
commit. Functions are run after all packages have been committed.
2018-02-15 20:57:53 +01:00
Matthias Schiffer
345a5de861
gluon-core: add newline to the end of sysconfig files
Both gluon.sysconfig and libgluonutil already remove the trailing newline
if it exists. It's nicer to avoid files without a trailing newline, e.g.
for printing the file contents in a terminal.
2018-02-15 20:57:53 +01:00
Martin Weinelt
427c83754b gluon-core: 200-wireless: upgrade 11ac radios to VHT20 (#1328)
Patch originally authored by @oleeander.

Fixes #424
2018-02-15 20:29:19 +01:00
Matthias Schiffer
d61f6a1e85
gluon-core: rename iterate_radios() to foreach_radio(), pass whole radio section
Allows to remove some redundant UCI lookups.
2018-02-15 14:04:37 +01:00
Matthias Schiffer
ffa5bdd716
modules: update Gluon packages
7abd688e6ae7 sse-multiplex: don't use stdio FILE I/O for nonblocking sockets
2018-02-13 22:31:03 +01:00
Matthias Schiffer
985d0cfd81
modules: update LEDE
2e26bdfeca ar71xx: remove bs-partition ro-flag for UniFi AC
28483d4ab2 procd: update to latest git HEAD
2018-02-11 19:42:51 +01:00
Karsten
f69fbf7d05 gluon-core: don't disable legacy mesh on mesh_lan on reconfigure (#1323)
Fixes #1322
2018-02-07 07:33:25 +01:00
Andreas Ziegler
4315ef7a1f sunxi: cleanup BROKEN flag formatting 2018-02-07 04:03:00 +01:00
Julian
167e1b34dc sunxi: LeMaker Banana Pi: remove BROKEN (#1325) 2018-02-06 18:24:46 +01:00
Martin Weinelt
42763d21dc
gluon-mesh-vpn-core: add public key to nodeinfo response
This is currently only implemented in the gluon-mesh-vpn-fastd
package.

Advertising the public key may be deemed problematic when
your threat-model involves protecting the nodes privacy
from tunnel traffic correlation by onlink observers.

It can be enabled by setting site.mesh_vpn.fastd.pubkey_privacy
to `false`.
2018-02-04 20:47:53 +01:00
Matthias Schiffer
623faf794a
gluon-web: fix access to undefined in checkvalue()
Fixes: cfe1bba8 "gluon-web: fix radio button view of ListValues"
2018-02-04 18:57:27 +01:00
Matthias Schiffer
9ece0daa76
gluon-web: ListValue: convert keys to strings before adding to key list
Fixes validation of ListValues.

Fixes: ec532b95 "gluon-web: extend ListValue with optional and unset
values"
2018-02-04 18:57:27 +01:00
Vincent Wiemann
273a60fe62 ramips-mt7621: Add support for ZBT-WG3526-32M (#1296)
including backport of mtd patches.

The general flash issue (32MB) was discussed here:
https://gist.github.com/dmke/d389bc364b3f73f525076eaee0019dc1
The resulting patch was the following:
http://lists.infradead.org/pipermail/linux-mtd/2016-December/070889.html

Another patch by nbd168 added the required mtd read operations for supporting ZBT-WG3526-32M:
https://github.com/lede-project/source/commit/22d982e#diff-3835f027e16e6416090c1833bc732af3
2018-02-04 17:42:48 +01:00
Matthias Schiffer
c7ab72317e
lede: update patches 2018-02-03 14:22:48 +01:00
Matthias Schiffer
87ced3c5c6
modules: update LEDE
b1205a9211 ar71xx: /lib/ar71xx.sh: add model detection for TP-Link TL-WR810N
fbeae9d891 iptables: make kmod-ipt-debug part of default ALL build
6ea9a702c5 iptables: Fix target TRACE issue
00fa1e4108 curl: fix libcurl/mbedtls async interface
d5278cc48b kernel: bump 4.4 to 4.4.112 for 17.01
2ae0741f3b dnsmasq: backport validation fix in dnssec security fix
58d60bd283 dnsmasq: backport dnssec security fix for 17.01
d626aa005b mountd: bump to git HEAD version
f0336975be kernel: bump 4.4 to 4.4.111 for 17.01
fb6f21c657 kmod-sched-cake: bump to latest cake bake for 17.01
2e8a3bb35f ar71xx: Netgear WNR2000v4: do not include USB packages [17.01]
3fa86282fa build: fix restoring /etc/opkg with PER_DEVICE_ROOTFS
987a7e3175 ramips: fix lenovo newifi-y1 switch and LED config
dbb5ffaed5 ramips: firewrt: indicate boot status via LED
2018-02-03 14:17:29 +01:00
Matthias Schiffer
c479d9160d
gluon-core: don't request a prefix via DHCPv6 on WAN
The prefix is not used, and requesting it leads to odhcp6c log spam with
certain DHCPv6 servers.
2018-02-03 03:02:56 +01:00
Matthias Schiffer
09c2e60cd4
gluon-core: upgrade/110-network: fix formatting 2018-02-03 03:02:20 +01:00
Matthias Schiffer
6137169104
docs, README: Gluon v2017.1.5 2018-01-31 21:56:01 +01:00
Matthias Schiffer
40efe80c2f
docs, README: Gluon v2017.1.4 2018-01-31 21:54:59 +01:00
Matthias Schiffer
ec532b95cf
gluon-web: extend ListValue with optional and unset values
If a value is unset or optional, an empty choice is added to the selection.
This empty choice will be marked as invalid if the value is not optional.

This is properly supported for the 'select' widget only for now, and not
for 'radio'.
2018-01-31 17:08:21 +01:00
Matthias Schiffer
cfe1bba8ae
gluon-web: fix radio button view of ListValues
Pretty much everything about this was broken:
* Fix dependency tracking
* Fix vertical orientation
* Fix paddings
* Add theming
2018-01-31 15:47:45 +01:00
Matthias Schiffer
dbfd22d651
gluon-web: simplify DynamicList data attributes, respect size option 2018-01-30 23:55:08 +01:00
Matthias Schiffer
bc75ce5c86
gluon-site: remove dependency of GLUON_MULTIDOMAIN on gluon-site
Solves a recursive dependency problem.

While we're at it, also fix the description string.
2018-01-28 11:24:42 +01:00
Matthias Schiffer
ff073f55d8
Merge pull request #1318 from rotanid/target-cleanup
target files cleanup: variable checks and comments
2018-01-27 13:04:15 +01:00
Andreas Ziegler
e9362cb724 targets: update & cleanup reasons for BROKEN flags 2018-01-26 14:17:44 +01:00
Andreas Ziegler
e92140c593 targets: remove check if ATH10K_PACKAGES is set
as GLUON_WLAN_MESH now is set by default, ATH10K_PACKAGES is set by default, too
2018-01-26 14:17:35 +01:00
Matthias Schiffer
6ae067cb37
gluon-core: add domain aliases and pretty name
Based-on-patch-by: lemoer <git@irrelefant.net>
2018-01-26 12:32:47 +01:00
lemoer
2ef0af5fe8
gluon-respondd: add system.domain_code to respondd provider "nodeinfo"
[Matthias Schiffer: rebase]
2018-01-26 12:32:47 +01:00
Matthias Schiffer
8cb0388416
scripts/check_site.lua: enable in_site()/in_domain() checks 2018-01-26 12:32:47 +01:00
lemoer
146787fa5c
libgluonutil: merge domain and site configs
[Matthias Schiffer: rebase and simplify]
2018-01-26 12:32:47 +01:00
Matthias Schiffer
a2f45d0d32
gluon-core: store default domain in UCI 2018-01-26 12:32:46 +01:00
Matthias Schiffer
51c0ceeb55
scripts/check_site.lua: merge site and domains for validation
Each domain is validated separately, preferring domain values to site
values.

Based-on-patch-by: lemoer <git@irrelefant.net>
2018-01-26 12:32:46 +01:00
Matthias Schiffer
24a085a542
gluon-site: add default domain and check for it
This does not do anything yet, as this_domain() is not implemented yet.

Based-on-patch-by: lemoer <git@irrelefant.net>
2018-01-26 12:32:46 +01:00
Matthias Schiffer
07dbfea617
gluon-site: disable multidomain support by default 2018-01-26 12:32:46 +01:00
Matthias Schiffer
faceb3932c
config: check if GLUON_DEBUG is 1 rather than nonempty 2018-01-26 12:32:46 +01:00
Andreas Ziegler
a99fdf7919 ramips-mt7621: Netgear WNDR3700v5 has no factory image
fixes build after 3ec63b8c
2018-01-26 01:45:49 +01:00
Jan-Philipp Litza
cf329daaf0
Add package gluon-radv-filterd
This package drops all incoming router advertisements except for the
default router with the best metric according to B.A.T.M.A.N. advanced.

Note that advertisements originating from the node itself (for example
via gluon-radvd) are not affected.
2018-01-25 23:02:49 +01:00
Matthias Schiffer
7ae8a51126
gluon-core: allow zero VXLAN UDP checksum on RX
Also disabling TX checksums and not only allowing incoming packets without
checksum will provide another small speedup. As doing so would break wired
meshing with VXLAN-enabled nodes that require non-zero checksums, we will
wait a few days before this step.
2018-01-24 22:41:29 +01:00
Matthias Schiffer
e54b37d835
gluon-core: firewall: move VXLAN rules to the top
Evaluating these rules before all the ICMPv6 rules improves wired mesh
throughput measurably.
2018-01-24 22:41:29 +01:00
Matthias Schiffer
a9edd43693
Avoid unaligned memory accesses in VXLAN and batman-adv
Improves performance slightly.
2018-01-24 22:41:23 +01:00
Matthias Schiffer
2950cc3f59
gluon-core: only use a bridge for wired meshing when necessary
On most devices, there is only a single LAN interface connected to all LAN
ports, so no bridge is necessary.
2018-01-24 22:16:09 +01:00
Matthias Schiffer
8b44d09963
scripts/generate_manifest.sh: fix filesize for symlinks
scripts/filesize.sh doesn't follow symlinks.

Fixes #1316
2018-01-24 09:49:21 +01:00
Matthias Schiffer
4d4626f1c5
batman-adv: add fixes for packet checksum handling
Fixes "hw csum failure" log spam in batman-adv.
2018-01-23 12:14:29 +01:00
Matthias Schiffer
c89d4f5bfa
modules: update routing packages
86375f5 alfred: adjust intervals
c5f18d5 bird: fix build dependencies
013b91d nat46: harden 464xlat teardown logic
d464bf1 bmx6: fix gcc6&7 warnings, avoid json-c patch
f48f332 nodogsplash2: update to version 2.0.1 (#344)
c3487c6 nodogsplash2: Fix Startup Failure (#343)
9abfeba mcproxy: update to latest version (#339)
d3b2d83 bmx7_json: Fix broken include of json.h
5e96695 nodogsplash2: change configuration defaults (#341)
679f780 bmx: Use repos from https://github.com/bmx-routing and remove bmx7 json-c patch
69ef0bb nodogsplash2: set the default webroot explicitly
467f0b6 batman-adv: Fix missing function name for timer_setup
dabd584 cjdns: update to version 0.20
7cb7b83 bird-openwrt: update to version 0.3
3eb8bf4 alfred: upgrade package to latest release 2017.4
e211376 batctl: upgrade package to latest release 2017.4
d046353 batman-adv: upgrade package to latest release 2017.4
b47bae1 smcroute: make build id optional
73601c9 mrd6: remove build timestamp
1c6ef01 mrd6: refresh patches
78049b4 [olsr] Bump olsr version to 0.9.6.2
8d12cf5 alfred: upgrade package to latest release 2017.3
34db538 batctl: upgrade package to latest release 2017.3
14daec6 batman-adv: upgrade package to latest release 2017.3
7d56487 batman-adv: Fix conflicts with compat-wireless backports-4.14-rc1
187937b batman-adv: Prevent FTBFS when redefining ether_setup
bb8271c Update OONF to 0.14.1-1
4c76240 Update 0.14.1 release
565cd8d v0.14.1
560504b Control build type by CONFIG_DEBUG option
5a9cd90 Fix http plugin option for olsrd2
cfb3e95 Allow HTTP Plugin
15e5046 olsrd: pud: does not depend on ncurses
71d0a0b Add v0.14.0 OONF
91e76a2 mcproxy: remove pedantic flag to allow compilation with musl
2018-01-23 12:14:29 +01:00
Matthias Schiffer
0d4bb8ff60
modules: update Gluon packages
9a6ad5c batman-adv-legacy: update to 2018-01-23 git version
ea9c5dc batman-adv-legacy: update to 2018-01-22 git version

Fixes "hw csum failure" log spam in batman-adv-legacy.
2018-01-23 12:14:28 +01:00