Commit Graph

1330 Commits

Author SHA1 Message Date
David Bauer
6a15c704cd gluon-wireless-encryption-wpa3: switch to hostapd-wolfssl
This switches hostapd variant used for SAE and OWE from hostapd-openssl
to hostapd-wolfssl.

The bug shich one broke the wolfssl implementation was resolved upstream
with commit 631c437a91c2 ("hostapd: backport wolfssl bignum fixes").
This particular commit also got backported to OpenWrt 19.07.
2020-06-01 11:24:24 +02:00
Jan-Jonas Sämann
ed094bc68c
gluon-core: firewall: Allow custom gluon_wired interfaces (#2041)
This allows for multiple mesh legs out of one box. Useful for offloaders
and networks using vlan for separate mesh transport.
Custom mesh interfaces in a VXLAN domain are otherwise firewalled.

This fixes #1479
2020-05-31 10:57:58 +02:00
David Bauer
e951ff6e21 gluon-core: add support for configuring the beacon interval
This adds support for the beacon interval to be set on a per-band base.
This has the potential to reduce the amount of airtime used up for
sending beacon frames.
2020-05-30 00:47:33 +02:00
Jan-Tarek Butt
22847e4986
gluon-reload: add missing service restarts on domain switching
[Matthias Schiffer: fix up start/stop order and file permissions]
2020-05-28 23:30:25 +02:00
Matthias Schiffer
20c7fd9881
Merge pull request #2011 from freifunk-gluon/board-json-addresses
Look up primary MAC address through board.json for LAN/WAN
2020-05-28 22:30:14 +02:00
David Bauer
b1de28bab1 gluon-core: move wireless-related utils to wireless module
Separate wireless-related helper methods from the util module to a
new wireless module. This keeps them separated, as the amount of
wireless helpers increased in the past, justifying a separate module.
2020-05-28 21:46:23 +02:00
Matthias Schiffer
fcc6877c8b gluon-core: build in xt_CT with GLUON_SPECIALIZE_KERNEL
xt_CT was added to kmod-ipt-conntrack a while back. Update our
GLUON_SPECIALIZE_KERNEL rules accordingly.

When building xt_CT into the kernel, one of the symbols IP_NF_RAW and
IP6_NF_RAW must be enabled as well, even though there is no runtime
dependency when building as modules. The kernel grows by less than 1KB
even when both IP_NF_RAW and NETFILTER_XT_TARGET_CT are enabled, making
this change a (very slight) net win in both flash and RAM usage.
2020-05-28 19:40:29 +02:00
Ruben Barkow-Kuder
891bfc77ac
gluon-client-bridge: simplify boolean expressions (#2031) 2020-05-25 01:13:30 +02:00
lemoer
14481851f6
gluon-status-page: show primary_domain 2020-05-21 18:09:08 +02:00
lemoer
b9c1a026b1
gluon-respondd: emit "primary_domain_code" in nodeinfo
Closes #1974

Situation:
==========

$ ls -l /lib/gluon/domains/lindennord.json
lrwxrwxrwx    1 root     root            10 Jan  6 03:42 /lib/gluon/domains/lindennord.json -> dom17.json

Before:
=======

$ gluon-neighbour-info -d ::1 -p 1001 -r nodeinfo -c 1
{
   "node_id": "525400123456",
   "system": {
     "domain_code": "lindennord",
     "site_code": "ffh"
   },
...
}

After:
======

$ gluon-neighbour-info -d ::1 -p 1001 -r nodeinfo -c 1
{
   "node_id": "525400123456",
   "system": {
     "primary_domain_code": "dom17",
     "domain_code": "lindennord",
     "site_code": "ffh"
   },
...
}
2020-05-21 18:09:05 +02:00
lemoer
bcf57467dd libgluonutil: implement gluonutil_get_primary_domain()
Implemented using readlink() and basename() to the selected domain in
/lib/gluon/domains/${DOMAIN}.json.
2020-05-21 18:08:36 +02:00
lemoer
0c2a52c19f
libgluonutil: fix double free of domain_code when domain is not existing 2020-05-21 18:03:58 +02:00
lemoer
57516fe4e7
Add GLUON_MINIFY flag to allow skipping the minification process (#1916) 2020-05-13 00:45:06 +02:00
Matthias Schiffer
3daacfb92e
Merge pull request #2013 from freifunk-gluon/outdoor-setup-ifname
Reuse outdoor device logic for setup mode interface selection, plus some cleanup
2020-05-12 20:39:30 +02:00
Matthias Schiffer
b842ec43ff gluon-mesh-batman-adv: do not override WAN MAC address with VXLAN
As a partial fix to #496, do not touch the MAC address of the WAN
interface when using VXLANs (as only the MAC address of the VXLAN
interface matters to batman-adv).
2020-05-12 17:02:37 +02:00
Matthias Schiffer
8807c76a34
gluon-setup-mode: remove obsolete sysconfig.config_ifname migration
config_ifname was renamed to setup_ifname in Gluon v2015.1.
2020-05-10 16:38:42 +02:00
Matthias Schiffer
e9687d7ef1
gluon-setup-mode: use is_outdoor_device() for setup_ifname selection
On PoE-powered devices, we usually want to use WAN for the setup mode.
As all outdoor devices are PoE-powered, we can reuse this function. This
switches the setup mode interface for new installations / after config
reset on a few devices that were missing in this list before.
2020-05-10 16:38:42 +02:00
Matthias Schiffer
0dd9a3e07c
gluon-core: platform: add 2.4GHz-only outdoor devices 2020-05-10 16:38:41 +02:00
Matthias Schiffer
f4fe58cfd7
gluon-core: ignore is_outdoor_device() value on devices without 5GHz radio 2020-05-10 16:38:41 +02:00
Matthias Schiffer
5ec08d841d
gluon-core: platform: clean up device_supports_mfp()
- Use util.find_phy()
- Stop foreach() as soon as the result is known
2020-05-10 16:38:41 +02:00
Matthias Schiffer
3ccf7fdd96
gluon-mesh-vpn-fastd: clean up peers and groups on update
The 'preserve' flag can be used to mark a peer so it is not removed or
modified on upgrades. In addition, groups containing preserved peers are
not removed.

Fixes: #557
2020-05-10 14:30:25 +02:00
Matthias Schiffer
b019c703c9
gluon-mesh-vpn-fastd: reduce complexity of upgrade script 2020-05-10 13:06:00 +02:00
Matthias Schiffer
e93dca7cb3
gluon-core: primary-mac: replace all eth0/eth1 lookups with lan/wan
The netdev() lookup is confusing to use: whenever a interface does not
exist during boot (for example VLAN) or when the address is overridden
from board.json (which is not obvious at all), it will yield either no
address, or a different address than expected.

To avoid this confusion, using board.json-based interface() is
preferable. This converts all uses of netdev() to the corresponding
lan/wan lookups, except for the final fallback for eth0.
2020-05-08 19:56:36 +02:00
Matthias Schiffer
02e4a13069
gluon-core: primary-mac: add fallback to netdev address to interface()
In most cases, board.json does not contain any MAC addresses; in this
case, the default MAC address of the underlying interface is to be used.
2020-05-08 19:55:41 +02:00
Matthias Schiffer
2250665d18
gluon-core: primary-mac: cleanup
- Replace misnamed, closure-returning sysfs() to a reusable read() function
- Rename eth() to netdev(), pass full interface name
- Rename board() to interface()
- Split reuable get_netdev_addr() out of netdev()
2020-05-08 19:55:40 +02:00
Matthias Schiffer
0c5b5373bb
gluon-core: primary-mac: load board.json only once 2020-05-08 19:55:40 +02:00
Matthias Schiffer
c90b400ce5
Merge pull request #2008 from ctr49/master
add hardware: Linksys EA6350 v3
2020-05-08 19:15:39 +02:00
ctr49
02a908ee2f get primary_mac from board(wan) 2020-05-06 01:12:26 +02:00
Matthias Schiffer
0e681d5c37
gluon-core: util: avoid unintended second return value from gsub()
gsub() returns the number of matches as its second return value. This
was unintendedly passed through by the util functions trim() and
node_id(). It can be presumed that this had no effect in practice, but
it can lead to surprising output when passing values to print() for
debugging.
2020-05-04 23:38:22 +02:00
ctr49
e8767bc747 define primary mac 2020-05-04 21:44:47 +02:00
Martin Weinelt
9b19883d97 add gluon-logging package
Allows reconfigurtion of remote syslog from within site.conf.

Conflicts with the gluon-web-logging package as user made changes
will be overwritten, because this package will reconfigure the syslog
destination on every upgrade.

Resolves #1845
2020-04-30 01:54:35 +02:00
Jan Luebbe
6a371d88f0 gluon-setup-mode: start urngd instead of haveged
OpenWRT 19.07 enables urngd by default, so haveged is redundant.
2020-04-30 01:51:42 +02:00
Jan Luebbe
35b4a97cce gluon-autoupdater: start/stop urngd instead of haveged
OpenWRT 19.07 enables urngd by default, so haveged is redundant.
2020-04-30 01:51:42 +02:00
Matthias Schiffer
696b4316da gluon-web-autoupdater: use human-readable names as branch labels, sort by label
Use the value of the `name` site.conf field as label (it was
accidentally unused before).

Our site.conf currently doesn't define a specific order for the branch
entries. To avoid changing branch orders, sort entries by this label.

Fixes: #1961
2020-04-26 15:31:59 +02:00
Matthias Schiffer
778bf90561
gluon-mesh-batman-adv: add UCI setting for hop penalty
Add a UCI setting gluon.mesh_batman_adv.hop_penalty

Example UCI commands:

    uci set gluon.mesh_batman_adv=mesh_batman_adv
    uci set gluon.mesh_batman_adv.hop_penalty=20
    uci commit

`/etc/config/gluon` config section:

    config mesh_batman_adv 'mesh_batman_adv'
    	option hop_penalty '20'

Fixes: #1942
2020-04-20 23:35:07 +02:00
David Bauer
c5f43add3d gluon-core: add OWE MAC-assignment
Fixes commit 6692095f9d
2020-04-11 15:14:05 +02:00
Matthias Schiffer
7b7cde7256
Merge pull request #1970 from Kasalehlia/fix-form-reset
gluon-web-model: update inputs on form reset
2020-04-09 23:17:39 +02:00
Jan Alexander
17b49e20ee ath79-generic: add support for GL.iNet GL-AR750S 2020-04-09 20:29:24 +02:00
Jan Alexander
016b323a17 gluon-status-page: set fixed layout and responsive view for data tables 2020-04-07 22:34:23 +02:00
Kasalehlia
bf090a8a83 gluon-web-model: update inputs on form reset
Register to 'reset' event on form element and make call to 'update' function
delayed in 'data-update' handler to allow the form values to update beforehand.

When using a form's 'reset' button, form field visibility was not updated.
This could lead to situations where a checkbox had to be toggled again
twice to display the detail text inputs. (Example taken from private
wifi package)
2020-04-05 12:47:49 +02:00
Martin Weinelt
3fb4cdad13 gluon-respondd: allow queries from extra_prefix6
Fixes #1959
2020-04-04 22:13:10 +02:00
David Bauer
59a4cd63b8 gluon-respondd: expose OWE clients in nodeinfo
Provide the number of OWE stations in addition to the number of all
connected wireless clients.
2020-04-01 01:15:38 +02:00
David Bauer
9720be5112 gluon-web-wifi-config: set state of OWE VAP 2020-04-01 01:15:38 +02:00
David Bauer
6692095f9d gluob-client-bridge: add support for OWE encryption 2020-04-01 01:15:38 +02:00
David Bauer
c7fa1927aa gluon-web-private-wifi: enable WPA3 configuration
This allows a user to enable WPA3-Personal and WPA2-WPA3-MM for the
private WiFi in case it is supported by the platform.
2020-03-25 02:05:18 +01:00
David Bauer
86b5104790 gluon-core: add WPA3 platorm helper
This adds a helper method, which determines if the current platform
supports WPA3 or not.

WPA3 is supported if
 - the device is not in the featureset category "tiny"
 - the WiFi driver supports 802.11w management frame protection
2020-03-25 02:05:18 +01:00
David Bauer
00e029500e features: add hostapd-mini by default
If WPA3 is not selected as a feature, autmatically include
hostapd-mini.
2020-03-25 02:05:18 +01:00
David Bauer
b057015455 gluon-wireless-encryption: add package
The gluon-wireless-encryption package selects a WPA3 supporting
hostapd package as a dependency and stores the information, which
encryption method is supported to the device.
2020-03-25 02:05:18 +01:00
Martin Weinelt
461d904086 Add gluon-mesh-wireless-sae package
This package adds support for SAE on 802.11s mesh connections.

Enabling this package will require all 802.11s mesh connections
to be encrypted using the SAE key agreement scheme. The security
of SAE relies upon the authentication through a shared secret.

In the context of public mesh networks a shared secret is an
obvious oxymoron. Still this functionality provides an improvement
over unencrypted mesh connections in that it protects against a
passive attacker who did not observe the key agreement. In addition
Management Frame Protection (802.11w) gets automatically enabled on
mesh interfaces to prevent protocol-level deauthentication attacks.

If `wifi.mesh.sae` is enabled a shared secret will automatically be
derived from the `prefix6` variable. This is as secure as it gets
for a public mesh network.

For *private* mesh networks `wifi.mesh.sae_passphrase` should be
set to your shared secret.

Fixes #1636
2020-03-23 17:06:43 +01:00
Matthias Schiffer
3bd67ab25f gluon-core: retrieve primary MAC address from board.json for Netgear DGN3500B 2020-03-14 16:26:08 +01:00