The address of the vpn interface is calculated in the style of
modified EUI-64, based on a virtual mac address. This virtual mac
address consists of 0x00 as first byte and the other five bytes
are taken from the first bytes of md5sum(base64 encoded public key).
The algorithm was taken by the ffmuc, with a slight difference. ffmuc
calculated the result of md5sum(base64 encoded public key + '\n')
which was interpreted as accidential fault and therefore dropped.
Example:
- Public-Key: "gP3VJnTTvnQut+z4O+m0N9RgMyXbgyUbUkF3E3TKX2w="
- Address: "fe80::02ca:b8ff:fedc:2eb3"
The following interfaces are used for wireguard:
- wg_mesh -> wireguard interface
- mesh-vpn -> vxlan iface on top of wg_mesh
If you use this new feature, make sure the NTP servers in your site
config are publicly reachable. This is necessary, since wireguard
requires correct time before the vpn connection is established.
Therefore gluon performs ntp time synchronisation via WAN before it
establishes the vpn connection. Therefore the NTP servers have to
be publicly reachable (and not only via mesh).
Before this commit, some *.po files contained the same translation
twice within the same file. While this did not led to errors in
gluon yet, it is still invalid. This commit fixes that and removes
the duplicates.
- Move site check for prefix4 and extra_prefixes6 to gluon-core, so the
rules don't need to be duplicated in several packages. This also fixes
gluon-respondd not checking extra_prefixes6 at all when
gluon-ebtables-source-filter is not installed as well.
- A redundant check for prefix6 is removed from gluon-l3roamd (this was
already checked by gluon-core)
- A separate check for prefix4 remains in gluon-client-bridge, as the
setting in mandatory there
Fixes the display of client counts, which are numbers and not strings
in the respondd data.
Fixes: 3a885a1b22 ("gluon-status-page: make "gateway nexthop" a link (#2278)")
Do not depend on the respondd-airtime module just to get the configured
channels. This removes the display of the frequency in addition to the
channel, as it is not readily available.
In addition, the translation string is improved to allow for text after
the channel number.
This code is usually running on an embedded CPU without FPU. In
addtition to its inefficience, the algorithm is also much harder to
understand.
Replace the logarithm formula with a simple loop.
Specify conffiles for our packages, so they aren't overwritten during
opkg updates. While this only matters during development, it is
unintended to have different behaviour for opkg update and full firmware
updates.
The PHY lookup helper "find_phy_by_path" could not lookup the PHY name
for paths from multi-phy devices.
An example for such a path would be:
'1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
The integer after the plus (+) character determines the PHY index of the
specific device in relation to the PHY with the lowest index of the
device.
For example, if the device provides phy2 and phy3, the above path would
describe phy3. In case the device provides phy0 and phy1, it would
describe phy1.
Rewrite the "find_phy_by_path" function to support those paths as well
as regular device paths in a universal manner.
Signed-off-by: David Bauer <mail@david-bauer.net>
Delete all default network device sections upon first boot.
Only LAN & WAN networks are defined at this point. We are using the
legacy way of definiting bridges via the interface sections ifname
option.
The prior filtering was based upon a single device and didn't take into
consideration that DSA interface names can be named arbitrarily.
Signed-off-by: David Bauer <mail@david-bauer.net>
VoCores aren't exactly useful mesh nodes except for experimentation.
They certainly aren't worth maintaining a whole target, in particular
one that has a WLAN driver not used by any other target.
It was found that a one second timeout for nodeinfo data may be too low,
so that when a node is otherwise occupied that timeout may be reached
too often.
The nodeinfo query response is also vital to the status-page base
template, so that when it times out, the site will be turned in a broken
state, that it cannot recover from.
Fixes: #2256
A leading tab character usually marks recipe lines in Makefiles;
non-recipe lines must be indented using spaces.
The incorrect tab character doesn't seen to have caused any issues in
this case, but it should be fixed nonetheless, if only for consistency.
The file_contains_line helper function was not testing whether a file
exists or not prior attempting to read from it.
Add this check to circumvent errors on the private WiFi config in
case the hwflags file is missing.
Reported-by: Tom Herbers <freifunk@tomherbers.de>
Tested-by: Tom Herbers <freifunk@tomherbers.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
The relevant entry for the primary MAC location was lost when rebasing
the patch on OpenWrt 21.02.
Fixes commit ded4b8a711 ("rockchip-armv8: add FriendlyARM NanoPi R2S")
Signed-off-by: David Bauer <mail@david-bauer.net>
Configure a radio for HE (802.11ax) operation in case it's supported by
the hardware. This can be the case for 2.4 GHz as well as 5 GHz.
Signed-off-by: David Bauer <mail@david-bauer.net>
In case the limit_ingress or limit_egress options are not present in
gluon's mesh_vpn section the respondd provider compares a string literal
with a NULL pointer, crashing respondd.
Check both pointers prior to comparing them in order to mitigate this
issue.
Suggested-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: David Bauer <mail@david-bauer.net>