This patch moves the prefix4 subnet route from the local-node veth
device to br-client (while keeping the next node ipv4 address on the
local node device).
This is in preparation to allow routing over the br-client interface
later.
In addition to significant internal differences in check_site_lib.lua (in
particular unifying error handling to a single place for the upcoming
multi-domain support), this changes the way fields are addressed in site
check scripts: rather than providing a string like 'next_node.ip6', the
path is passed as an array {'next_node', 'ip6'}.
Other changes in site check scripts:
* need_array and need_table now pass the full path to the sub fields to the
subcheck instead of the key and value
* Any check referring to a field inside a table implies that all higher
levels must be tables if they exist: a check for {'next_node', 'ip6'} adds
an implicit (optional) check for {'next_node'}, which allows to remove many
explicit checks for such tables
* gluon-core, gluon-client-bridge: introduce new firewall zone: local_client
* gluon-core: put clients in local_client zone, introduce drop-zone,
set dns-rules and zones
* gluon-respondd: allow respondd on mesh
* gluon-status-page-api: allow http input on mesh and client
Filtering by MAC address won't filter out multicast packages like router
solicitations, causing uradvd to send out router advertisements with
maximum frequency (every 3 seconds) in active meshes, even when no local
client is actually interested in the advertisements.
Fixes#1230
When a Gluon node is used to connect to an uplink router/DHCP server (for
example in deployments without VPN tunnels), the gw_mode must be set to
server; this should be preserved on upgrades.
Fixes#1196
We now create bat0 and primary0 independently of the lower mesh interfaces,
making the whole setup a lot more robust. In particular:
- we can't accidentially destroy primary0 because of concurrent setup and
teardown runs of different interfaces
- bat0 will always exist, even when no mesh interfaces are up (e.g. no link
on wired mesh)
- interfaces going down and up again will never tear down the whole of
batman-adv
- we can enable and disable bat0 independently of the lower interface
states
