Commit Graph

35 Commits

Author SHA1 Message Date
Maciej Krüger
2b8b50d73d
docs: rename ebtables->nftables 2023-05-01 21:30:13 +02:00
Matthias Schiffer
854fef4e12
docs: consistently indent .rst files with 2 spaces
2 spaces is the most common indentation width used in the docs; adjust
the rest for consistency.

Also change .editorconfig accordingly.
2021-12-24 14:16:04 +01:00
bobcanthelpyou
2ad473bcd4
docs: fix small typos and use common used notation (#2088) 2020-08-13 13:25:45 +02:00
Martin Weinelt
9b19883d97 add gluon-logging package
Allows reconfigurtion of remote syslog from within site.conf.

Conflicts with the gluon-web-logging package as user made changes
will be overwritten, because this package will reconfigure the syslog
destination on every upgrade.

Resolves #1845
2020-04-30 01:54:35 +02:00
Martin Weinelt
461d904086 Add gluon-mesh-wireless-sae package
This package adds support for SAE on 802.11s mesh connections.

Enabling this package will require all 802.11s mesh connections
to be encrypted using the SAE key agreement scheme. The security
of SAE relies upon the authentication through a shared secret.

In the context of public mesh networks a shared secret is an
obvious oxymoron. Still this functionality provides an improvement
over unencrypted mesh connections in that it protects against a
passive attacker who did not observe the key agreement. In addition
Management Frame Protection (802.11w) gets automatically enabled on
mesh interfaces to prevent protocol-level deauthentication attacks.

If `wifi.mesh.sae` is enabled a shared secret will automatically be
derived from the `prefix6` variable. This is as secure as it gets
for a public mesh network.

For *private* mesh networks `wifi.mesh.sae_passphrase` should be
set to your shared secret.

Fixes #1636
2020-03-23 17:06:43 +01:00
Ruben Barkow-Kuder
7220c59661 docs: gluon-radv-filterd: enhance documentation with example (#1900) 2020-01-12 17:36:02 +01:00
Matthias Schiffer
ed8cd9c0f7 docs: update for reflect dropped IBSS support 2019-11-07 19:48:16 +01:00
bobcanthelpyou
8553254867 docs: fix typos 2019-09-26 13:04:19 +02:00
Matthias Schiffer
5b97d36c7e gluon-mesh-batman-adv: remove gluon-mesh-batman-adv-14 2019-09-25 21:57:52 +02:00
Linus Lüssing
ff050a2916 docs: gluon-mesh-batman-adv: note regarding IGMP/MLD snooping switches
This adds a warning that entprise switches with an IGMP/MLD snooping
feature are not supported yet with IGMP/MLD filtering enabled.

For this to work, firstly the Linux bridge on the Gluon node needs to
support Multicast Router Discovery (RFC4286). But this feature was only
added to the Linux kernel recently, in 5.1.

Secondly, a Gluon node would need to periodically send "Multicast Router
Advertisment" (RFC4286) messages, to "announce" the multicast router
port setting on bridge port bat0.

Thirdly, the IGMP/MLD snooping switches would need to implement
RFC4286.
2019-09-21 23:45:44 +02:00
Martin Weinelt
798236b3cf
docs: gluon-hoodselector: add openstreetmap copyright
Fixes #1821
2019-09-17 13:21:42 +02:00
Tata
69fd7b5d81 docs: gluon-hoodselector: fix arrow with 0->0.05 to let it visible on svg's (#1816) 2019-09-14 15:34:26 +02:00
T-X
bce76bcaf0 docs: Add documentation for gluon-mesh-batman-adv (#1810)
This adds documentation for the gluon-mesh-batman-adv package and
elaborates on its build and configuration options, as well as
the implemented multicast architecture.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2019-09-10 23:55:06 +02:00
Jan-Tarek Butt
f9a47f027b gluon-hoodselector docs: add package documentation
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

gluon-hoodselector docs: replace 'Router have' with 'Router has'

gluon-hoodselector: docs: fix spelling/grammar

docs: gluon-hoodselector.rst, chnage 'VPN-mode' to VPN mode and 'trigon polygon' to triangle

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs/package/gluon-hoodselector: update .dia and .svg to current code behave

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs/package/gluon-hoodselector: replace hood with domain update doc to current code behave

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs hoodselector: fix spelling

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs/package/gluon-hoodselector: fix spelling second round

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs:gluon-hoodselector.rst: fix spelling

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs gluon-hoodselector.rst: fix line length

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs gluon-hoodselector: rename doc imports to be assoziated with the hoodselector

docs gluon-hoodselector: fix image name and rst inmport

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs gluon-hoodselector: information without es (uncountable)

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs/package: gluon-hoodselector.rst fix grammer issues

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
2019-06-29 02:43:01 +02:00
bobcanthelpyou
170c494f40 docs: fix typos and common misspellings (#1668) 2019-03-10 20:15:25 +01:00
David Bauer
c1b9ea2d9c gluon-scheduled-domain-switch: add package (#1555)
This package allows to automatically switch to another domain, either
at a given point in time or after the node was offline long enough.
2019-02-12 11:00:29 +01:00
Martin Weinelt
b0bfe25274 docs: add package/gluon-ebtables-limit-arp (#1386)
based on package documentation, authored by T_X 
84a6f65f02/package/gluon-ebtables-limit-arp/Makefile (L18-L39)

fixes #1383
2018-05-17 02:02:15 +02:00
Matthias Schiffer
84f82a1339
docs: remove duplicated (and outdated) site docs
At the moment, we don't have a good guideline for package-specific
configuration, but it seems like a good idea not to split configuration
into too many tiny pages, especially for packages that aren't commonly
selected explicitly.

Some uncommon configuration is dropped from the example site.conf to remove
clutter.
2018-03-17 21:20:47 +01:00
Matthias Schiffer
17370d8462
gluon-ebtables: unconditionally segment IGMP/MLD
We must ensure that each node becomes IGMP/MLD querier for its local
clients; having only a single querier for the whole mesh is generally
unreliable, leading to frequent "IGMP/MLD querier appeared/disappeared"
messages from batman-adv and unreliable snooping.

In smaller meshes it might be interesting only segment querier domains, but
allow membership reports to pass through the mesh, in order to support
snooping switches outside the mesh without special configuration. A
site.conf switch is provided to control this behaviour.

Fixes #1320
2018-03-07 08:12:30 +01:00
Matthias Schiffer
002ab9b0e5
docs: package/gluon-config-mode-domain-select: fix syntax error 2018-02-23 14:06:43 +01:00
kb-light
b98956e47e
gluon-config-mode-domain-select: new package
[Matthias Schiffer: slightly clean up code]
2018-02-15 20:57:53 +01:00
Jan-Philipp Litza
cf329daaf0
Add package gluon-radv-filterd
This package drops all incoming router advertisements except for the
default router with the best metric according to B.A.T.M.A.N. advanced.

Note that advertisements originating from the node itself (for example
via gluon-radvd) are not affected.
2018-01-25 23:02:49 +01:00
Ruben Barkow
a92cfa3194 docs: standardize package descriptions and add missing example in site-example (#1179) 2017-12-27 21:48:21 +01:00
kb-light
46126de792 Add new package gluon-web-logging (#1153) 2017-07-11 02:58:45 +02:00
Ruben Barkow
84d117ff73
gluon-web-admin: add option to show/hide password-login and add minimum password length 2017-07-07 02:15:52 +02:00
kb-light
eefd2ef8db Add package gluon-ebtables-source-filter (#1015) 2017-04-09 18:18:51 +02:00
Matthias Schiffer
b08ac98f1c
docs: fix gluon-config-mode-contact-info syntax errors and formatting 2016-09-09 03:00:54 +02:00
Ruben Barkow
d03c88afb4 gluon-config-mode-contact-info: define an "obligatory" option in site.conf (#843) 2016-09-07 06:44:57 +02:00
Linus Lüssing
4199b216c6 ebtables-segment-mld: Segment IGMP/MLD domain
This patch adds a new gluon-ebtables package to filter IGMP/MLD messages
via ebtables.

For one thing this reduces multicast overhead: About one third of all
ICMPv6 multicast traffic in Lübeck or Hamburg is MLD.

Furthermore it removes a potential Distributed Denial-of-Service vector
(see Gluon ticket #553).

Finally, it is a prerequisite for enabling bridge multicast snooping in
a decentral and robust fashion.

Note that IGMP/MLD are filtered for multicast traffic coming from
the mesh, too (new MULTICAST_IN), as unfortunately there seem to
be other queriers somewhere in the mesh at least for Freifunk
Lübeck. Also adding these rules to be prepared to anyone intentionally
or unintentionally disabling these filters on his/her node.

Node operators not running Gluon (for instance gateway nodes) should
make sure to either enable multicast_router towards bat0 or disable
multicast snooping entirely if they have a bridge on top of bat0.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2016-05-20 22:59:31 +02:00
kb-light
269a8fbdd4 gluon-config-mode-geo-location: add ability to hide the altitude field (#693) 2016-04-27 12:37:30 +02:00
Adorfer
8f31ce81b3 -spelling 2015-11-23 13:11:26 +01:00
Matthias Schiffer
f0308ed93c docs: add documentation for gluon-ebtables-filter-{multicast,ra-dhcp} 2015-11-23 00:39:32 +01:00
Nils Schneider
84b6374970 gluon-client-bridge: basic br-client config and wireless AP
This package provides br-client and sets up a wireless AP interface for
clients.
2015-10-26 21:14:32 +01:00
Matthias Schiffer
22130e84e8 Merge gluon-radio-config into gluon-core
gluon-radio-config contained only a single file. The code has been adjusted
to allow creating a Gluon configuration without WLAN support by removing
the wifi24 and wifi5 sections from site.conf.
2015-10-26 20:59:56 +01:00
Nils Schneider
177086b881 gluon-radio-config: basic wireless configuration
Split basic radio configuration from gluon-mesh-batman-adv as this will
be required for virtually any wireless mesh protocol.

This package takes care of setting:

  - wireless channel,
  - htmode and
  - regulatory domain

gluon-mesh-batman-adv-core depends on this package.
2015-08-18 11:41:14 +02:00