nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,442 Commits 26 Branches 63 Tags 18 MiB
5b34931a97
Commit Graph

939 Commits

Author SHA1 Message Date
Jan-Philipp Litza
5b34931a97
gluon-radv-filterd: Fix bug in BPF router lifetime filter 
The router lifetime field actually is 2 bytes long, but we only checked
the first one, thus falsely discarding RAs with router lifetime < 256
seconds.
 2018-01-03 14:59:50 +01:00
Jan-Philipp Litza
31660c7402
gluon-radv-filterd: Seperate macros for printf() and scanf() 2018-01-03 14:59:49 +01:00
Jan-Philipp Litza
ccfd102780
gluon-radv-filterd: Remove all UCI options except threshold 2018-01-03 14:59:48 +01:00
Jan-Philipp Litza
66a26d0d23
gluon-radv-filterd: Various small fixes due to NeoRaider 2018-01-03 14:59:48 +01:00
Jan-Philipp Litza
20d83bca76
gluon-radv-filterd: Refactor packet checking 
Move more to BPF code and do not try to parse extension headers in C that
wouldn't have made it through BPF anyway.
 2018-01-03 14:59:47 +01:00
Jan-Philipp Litza
5f3f371ee8
gluon-radv-filterd: Fix and simplify originators parsing 
Previously, only one nexthop was recognized. The parsing of the whole file
failed immediately when two or more hops were possible for *any* originator (not
only for one with a router behind it).

This makes the parser ignore most of the line in the originators table.
 2018-01-03 14:59:46 +01:00
Jan-Philipp Litza
a1fea711da
gluon-radv-filterd: Add respondd module reporting the chosen gateway 2018-01-03 14:59:45 +01:00
Jan-Philipp Litza
3bf4d12911
gluon-radv-filterd: Ship with own implementation of error() 2018-01-03 14:59:45 +01:00
Jan-Philipp Litza
5a4dc1f983
gluon-radv-filterd: Avoid use of GLUONDIR variable 2018-01-03 14:59:44 +01:00
Julian Labus
43664bf383
gluon-radv-filterd: updated socket filter 2018-01-03 14:59:43 +01:00
Jan-Philipp Litza
a313af733d
gluon-radv-filterd: Always output a message when choosing new router 2018-01-03 14:59:42 +01:00
Jan-Philipp Litza
c887960e90
gluon-radv-filterd: Tweak constants 
As I have seen instances of ebtables being killed with a timeout of 100ms,
increasing it to 500ms.

Also, to ease the straint on the CPU, increasing minimum time between TQ checks
to 15 seconds.
 2018-01-03 14:59:41 +01:00
Jan-Philipp Litza
bd85e99078
gluon-radv-filterd: Use fscanf() instead of getline() & sscanf() for BATMAN data 
This reduces the average CPU consumption (on a WDR4300) from 3% to 1%.

Also, this commit adds error messages when the parsing fails and makes matching
more flexible after all relevant fields have been found.
 2018-01-03 14:59:41 +01:00
Jan-Philipp Litza
2f8eed6f9a
gluon-radv-filterd: Add more debugging messages and more detailed errors 2018-01-03 14:59:40 +01:00
Jan-Philipp Litza
e4457f2f68
gluon-radv-filterd: Fix use-after-free when best router expires 2018-01-03 14:59:39 +01:00
Jan-Philipp Litza
3667d6061d
gluon-radv-filterd: Add license to source file 2018-01-03 14:59:38 +01:00
Jan-Philipp Litza
615fb91159
gluon-radv-filterd: Fix upgrade script permissions and compilation 2018-01-03 14:59:38 +01:00
Jan-Philipp Litza
7d20a24608
gluon-radv-filterd: Work with newer batman-adv versions 2018-01-03 14:59:37 +01:00
Jan-Philipp Litza
e3b4dc5031
gluon-radv-filterd: Update originators only if one is unknown 2018-01-03 14:59:36 +01:00
Jan-Philipp Litza
f963e054df
Add package gluon-radv-filterd 
This package drops all incoming router advertisements except for the
default router with the best metric according to B.A.T.M.A.N. advanced.

Note that advertisements originating from the node itself (for example
via gluon-radvd) are not affected.
 2018-01-03 14:59:35 +01:00
Christof Schulze
bc2fb8cc69 gluon-respondd: firewall should allow access for devices in zone local_client (#1291) 2017-12-31 19:57:57 +01:00
Christof Schulze
910a6c8bb3 gluon-respondd: add current unix time to statistics (#1287) 2017-12-29 23:49:28 +01:00
Matthias Schiffer
245e0f9ecc
Merge pull request #1280 from FreifunkVogtland/libbatadv 
libbatadv: Add common batman-adv helper functions library
 2017-12-28 14:50:13 +01:00
Christof Schulze
41ab551518
libgluonutil: add function that retrieves the node prefix from site.conf 2017-12-27 23:50:31 +01:00
Sven Eckelmann
6701aa81a5 gluon-status-page-api: Use genl helpers from libbatadv 
Signed-off-by: Sven Eckelmann <sven@narfation.org>
 2017-12-27 17:40:41 +01:00
Sven Eckelmann
a267cc7ee7 gluon-mesh-batman-adv: Use genl helpers from libbatadv 
Signed-off-by: Sven Eckelmann <sven@narfation.org>
 2017-12-27 17:40:35 +01:00
Sven Eckelmann
624cffc744 libbatadv: Add library for common batman-adv helpers 
Interacting with batman-adv's genl interface requires some code and
definitions which could be shared between different packages. libbatadv is
trying to do this without providing any guarantee for ABI or API stability.
It is only useful in very controlled environments like gluon.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
 2017-12-27 17:40:30 +01:00
Matthias Schiffer
f799518194
gluon-ebtables-filter-multicast: do not filter out Bridge Loop Avoidance 
batman-adv uses gratuitous ARP packets with certain target addresses for
BLA.

Fixes #1198
 2017-12-27 17:22:37 +01:00
Karsten
35237c2ca1 gluon-web-network: make 'PoE Power Port[0-9]' translatable (#1173) 2017-12-27 03:11:49 +01:00
Matthias Schiffer
2b1ffb3034
gluon-core, gluon-client-bridge: create local_client zone in core 
As core defines basic rules for this zone, it makes sense to create it
there.
 2017-12-27 02:43:34 +01:00
Matthias Schiffer
8ea5810bda
gluon-core: firewall: allow inbound ICMPv4 ping on local_node 2017-12-27 02:43:34 +01:00
Matthias Schiffer
39284f00d0
gluon-core: firewall: allow Multicast Listener Discovery on mesh/local_client 
Based-on-patch-by: Christof Schulze <christof.schulze@gmx.net>
 2017-12-27 02:43:33 +01:00
Matthias Schiffer
a252383918
gluon-core: firewall: remove redundant ICMPv6 output rules 
OUTPUT is always accepted, no need to allow ICMPv6 explicitly.
 2017-12-27 02:43:33 +01:00
Matthias Schiffer
fe2048e4df
gluon-core: firewall: coding style 
Wrap long lines.
 2017-12-27 02:43:33 +01:00
Ralf Jung
4bae0a429f docs: dns-cache: explain setting dns.servers a bit more (#1268) 2017-12-27 00:21:08 +01:00
Christof Schulze
c544846bc5
gluon-neighbour-info: allow respondd replies on mesh and wan interface 2017-11-25 23:31:23 +01:00
Christof Schulze
e5b4d25451
gluon-respondd: allow access to respondd from mesh-internal addresses 2017-11-25 23:31:08 +01:00
Christof Schulze
1c1c9f8fc7
gluon-core: firewall rework, make base policy more restrictive 
* gluon-core, gluon-client-bridge: introduce new firewall zone: local_client
 * gluon-core: put clients in local_client zone, introduce drop-zone,
   set dns-rules and zones
 * gluon-respondd: allow respondd on mesh
 * gluon-status-page-api: allow http input on mesh and client
 2017-11-25 23:19:08 +01:00
Matthias Schiffer
7351fb5d4a
gluon-web-network: fix reading "legacy" mode settings from UCI 
Fixes #1269
 2017-11-25 22:08:58 +01:00
kb-light
f7f659c254
gluon-web-network: make poe_passthrough more generic 2017-11-15 22:45:22 +01:00
Christof Schulze
94e7827ac8
gluon-status-page: improve localization (#1241) 2017-10-31 19:25:27 +01:00
Ruben Barkow
99c405756f gluon-web-theme: allow more width in style for input fields and selectboxes (#1229) 2017-10-14 13:42:24 +02:00
Matthias Schiffer
9324d18fee
gluon-mesh-batman-adv: filter out all packages between bat0 and local-port 
Filtering by MAC address won't filter out multicast packages like router
solicitations, causing uradvd to send out router advertisements with
maximum frequency (every 3 seconds) in active meshes, even when no local
client is actually interested in the advertisements.

Fixes #1230
 2017-10-03 17:07:42 +02:00
Christof Schulze
86e89a86d1 gluon-mesh-vpn-fastd: make respondd module compile again (#1228) 
by moving the declaration of ret to the top of get_fastd()
 2017-09-24 23:49:00 +02:00
lemoer
4899dda4af treewide: check for NULL after uci_alloc_context() (#1224) 2017-09-21 20:56:40 +02:00
Matthias Schiffer
9ab93992d1
gluon-autoupdater: mirror URLs must start with http:// 
The older busybox-based wget erroneously accepted URLs without protocol.
Add validator to avoid building firmwares with broken autoupdates.
 2017-09-05 19:04:27 +02:00
Matthias Schiffer
fda2d10b6f
gluon-web-admin: simplify info.html template 2017-08-11 22:09:08 +02:00
Matthias Schiffer
13b325355d
gluon-core: make old site_config library reference new one, not the other way around 2017-08-11 22:07:35 +02:00
Matthias Schiffer
ee6afaced9
treewide: use new gluon.site Lua library 
Some files have received some additional refactoring.
 2017-08-11 22:07:34 +02:00
Matthias Schiffer
fd36bcce07
gluon-web-admin: fix info.html template indentation 2017-08-11 21:25:46 +02:00