The below mentioned commit introduced a regression, that the "wifi"
section of the request type "neighbours" was empty:
~# gluon-neighbour-info -d ::1 -r neighbours | ffh_pretty_json
{
"wifi": [
],
...
}
After this commit, the section (correctly) looks like this:
root@UFU-FWH-A272-Tresckowstr-GemR-vorne:~# gluon-neighbour-info -d ::1 -r neighbours | ffh_pretty_json
{
"wifi": {
"ca:38:7e:42:5f:21": {
"neighbours": {
"fe:9f:4d:01:ea:e1": {
"noise": -102,
"inactive": 50,
"signal": -84
},
"fe:df:b9:84:37:51": {
"noise": -102,
"inactive": 20,
"signal": -73
}
}
}
},
...
}
The issue was due to the fact, that the iteration over the (mesh) wifi interfaces
was broken. The code was assuming, that the section
config interface 'mesh_radio0'
option proto 'gluon_mesh'
in /etc/config/network contains an option "ifname", which it does not.
The ifname property is only stored in the corresponding section in
/etc/config/wireless:
config wifi-iface 'mesh_radio0'
option ifname 'mesh0'
option network 'mesh_radio0'
option mode 'mesh'
...
Therefore, we now iterate over wifi-ifaces in /etc/config/wireless, that
have the mode 'mesh' instead. This resolves the issue.
Fixes 0f1fa243f7
This new field reflects the TQ to the selected gateway.
Before this commit, if you had connectivity issues in a larger mesh,
it was a tedious task to understand which nodes are affected and which
are not. By providing this new value for each node, it becomes easier
to see which nodes are affected by the connectivity issues and which
are not.
The new field "gateway_tq" is located at the toplevel of the
statistics resource (next to "gateway" and "gateway_nexthop"):
gluon-neighbour-info -d ::1 -r statistics
{
...
"gateway": "02:a1:71:04:09:10",
"gateway_nexthop": "88:e6:40:20:90:10",
"gateway_tq": 193,
...
}
This implements the same behavior as it is used in the autoupdater [1].
This is for example required to allow the manual installation of
firmware upgrades via the config mode on devices which where migrated
from swconfig to DSA. Otherwise the image will always be invalid.
[1] b804281664
Depending on the source of the primary MAC address, uppercase digits
would be used on some devices. Convert the address to lowercase for
consistency.
We only change the case for newly configured nodes to avoid changing the
node ID and derives MAC addresses for existing installations.
Only restore the netifd proto for the WAN bridge in case the upgrade is
done from an older Gluon version.
For DSL targets, OpenWrt defaults the WAN proto to pppoe, while Gluon
uses the Ethernet ports for WAN. When unconditionally preserving the WAN
proto, pppoe is carried over to Gluon's network config.
Signed-off-by: David Bauer <mail@david-bauer.net>
There was never a device with a dedicated WAN port supported in Gluon
which could make use of such a workaround.
As the only relevant lantiq-xrx200 target now uses swconfig anyways,
we can remove this workaround.
Signed-off-by: David Bauer <mail@david-bauer.net>
OpenWrt now allows to specify the ifname of the transition interface
instead of SSID and BSSID, internally automatically detecting these from
interfaces on the same PHY. Thus, these cross-VAP dependant
configuration can be omitted from UCI.
Signed-off-by: David Bauer <mail@david-bauer.net>
Gone due to
commit 071cf7b20f ("Switch to Lua for target definitions")
Has prior been introduced as untested -> broken in
commit d586720c5c ("ar71xx-generic: add support for Ubiquiti NanoBeam M5")
Was commented out in the former commit.
An invalid branch may be set for various reasons:
- Previous firmware had an invalid default branch
- Branch list has changed and old UCI branch config was removed by a
site-specific upgrade script
- Manual UCI configuration
If a community uses different vpn providers, they typically
assume the same MTU for the wan device underneath the VPN. As
different VPN providers however have different overhead, the MTU
of the VPN device differs for each provider. Therefore this
commit makes the MTU of the VPN device provider specific.
This has two advantages:
1. The same site.conf can used to bake firmwares for different
VPN providers (only by selecting a diferent vpn feature in the
site.mk).
2. We are coming closer to the option of integrating multiple VPN
providers into one firmware.
WolfSSL has a significant lower flash footprint. Also, issues with OWE /
SAE connections were fixed in OpenWrt a while ago.
See ddcb970274
Signed-off-by: David Bauer <mail@david-bauer.net>
Instead of using roles.wan directly as the default for roles.single,
create a copy of the table, so subsequent modifications of roles.single
don't affect roles.wan as well.
Fixes migration of Mesh-on-WAN status when no default for "single"
interfaces is set in site.conf.
luasrcdiet will not print the name of its input file when an error
occurs. To facilitate debugging, echo the name before calling it, so it
is visible with V=s or BUILD_LOG=1.
A section can be marked as preseved by setting the gluon_preserve option
to 1. In addition the following conditions must hold:
- The preserved section must not already exist after OpenWrt's and
Gluons setup scripts run. Modifying existing sections is currently
unsupported.
- Preserved sections must be named, so it can be detected whether a
section conflicts with a preexisting one.
Allow interface names to change on updates to handle hwconfig -> DSA and
similar migrations.
On devices with only a single interface, a sysconfig single_ifname is
created instead of wan_ifname or lan_ifname to allow separate
configuration in site.conf.
With the new role-based interface configuration, it would be better to
rename the wan/wan6 interfaces to uplink/uplink6, but that would cause
unnecessary churn for the firewall configuration, so it is left for a
later update.
As all interfaces with the 'uplink' role are in the br-wan bridge, it is
not possible to assign these to the 'mesh' role independently - instead,
br-wan is added as a mesh interface as soon as a single interface has
both the 'uplink' and 'mesh' roles. The UCI section for this
configuration is now called 'mesh_uplink' instead of 'mesh_wan'.
For all interfaces that have the 'mesh', but not the 'uplink' role a
second configuration 'mesh_other' is created. If there is more than one
such interface, all these interfaces are bridged as well (creating a
bridge 'br-mesh_other'). This replaces the 'mesh_lan' section with its
optional 'br-mesh_lan' bridge, but can also include interfaces that were
not considered "LAN" when interfaces roles are modified (via site.conf
or manually).
The new configuration generates sections iface_single/lan/wan in
/etc/config/gluon. These sections usually refer to a sysconfig-controlled
interface list, but adding custom sections with verbatim interfaces names
is also possible.
Each interface section contains a list of roles. The supported roles are
'client', 'uplink' and 'mesh'. Multiple roles can be configured on the
same interface (for example the old 'mesh_on_wan' setting would become
'uplink'+'mesh').
'client' is subsumed by any other role configured on the same interface
('client'+'mesh' is equivalent to 'mesh'). This property is important, as
it allows the Wired Mesh settings in gluon-web-network to simply add and
remove the mesh role without having to care what other roles are set -
so in the default setup, this would switch between 'client' and
'client'+'mesh' for the LAN interface.
By default, the WAN interface has role 'uplink' and the LAN interface
'client'; if only a single interface exists, the roles from the WAN
interface are used by default. The default for each of the three
interfaces (WAN/LAN/single) can be changed separated in site.conf,
superseding the old mesh_on_wan, mesh_on_lan and single_as_lan settings.
The stdout output of gluon-web scripts is directly sent to uhttpd,
becoming a part of the HTML output or even replacing HTTP status or
headers. The output of gluon-reconfigure is not supposed to end up
there.
While we're at it, also add an exec to avoid an unnecessary shell
process.
The OpenLayers JS/CSS download URL is dead. Update it to make the map
work again:
- Update from OpenLayers 5.2.0 to 5.3.0
- Switch from the obsolete rawgit.com URL to jsdelivr.net (rawgit.com
was only redirecting to jsdelivr.net for the last few years anyways)
- Set a fixed commit in the URL, so the URL doesn't become outdated again
THe "null" and "null@l2tp" methods are considered equivalent and always
added and removed together when the method list is "configurable".
"null@l2tp" is added before "null", so it is preferred when the peer
supports both.
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.
Actually raise an error and turn it into an HTTP 400 return code when
something goes wrong, rather than ignoring the error.
We also improve the conditions under which errors are thrown before
pump() is called: We don't need to check for the multipart/form-data
content-type twice, and a POST without this content-type is now always
an error.
Swap the interfaces so than the PoE input port LAN0 is used for WAN and
config mode, and LAN1 becomes LAN.
To this end, the code previously used for ar71xx and removed in
commit 9fdc57c175 ("treewide: drop ar71xx platform specific code") is
reintroduced.
Fixes#2384
There wasn't really a reason to have a separate script to set a single
value.
In addition, the old script was using the identifier 'c' instead of
'uci' for the UCI cursor. Following the convention of the other scripts
is helpful so it is easy to grep for all uses of a certain config file/
option.