- Rename obtain_if_addr() to get_linklocal_address()
- Pass buffer of size INET6_ADDRSTRLEN instead of the oversized NI_MAXHOST
- Check if an address is link-local before converting to a string
- Replace an incorrect use of strncmp() with strcmp()
- Return status to caller
- Streamline control flow
While we're at it, the function handle_neighbour(), which is one of the
callers of get_linklocal_address() is slightly cleaned up as well.
This allows for multiple mesh legs out of one box. Useful for offloaders
and networks using vlan for separate mesh transport.
Custom mesh interfaces in a VXLAN domain are otherwise firewalled.
This fixes#1479
This adds support for the beacon interval to be set on a per-band base.
This has the potential to reduce the amount of airtime used up for
sending beacon frames.
Separate wireless-related helper methods from the util module to a
new wireless module. This keeps them separated, as the amount of
wireless helpers increased in the past, justifying a separate module.
xt_CT was added to kmod-ipt-conntrack a while back. Update our
GLUON_SPECIALIZE_KERNEL rules accordingly.
When building xt_CT into the kernel, one of the symbols IP_NF_RAW and
IP6_NF_RAW must be enabled as well, even though there is no runtime
dependency when building as modules. The kernel grows by less than 1KB
even when both IP_NF_RAW and NETFILTER_XT_TARGET_CT are enabled, making
this change a (very slight) net win in both flash and RAM usage.
As a partial fix to #496, do not touch the MAC address of the WAN
interface when using VXLANs (as only the MAC address of the VXLAN
interface matters to batman-adv).
On PoE-powered devices, we usually want to use WAN for the setup mode.
As all outdoor devices are PoE-powered, we can reuse this function. This
switches the setup mode interface for new installations / after config
reset on a few devices that were missing in this list before.
The 'preserve' flag can be used to mark a peer so it is not removed or
modified on upgrades. In addition, groups containing preserved peers are
not removed.
Fixes: #557
The netdev() lookup is confusing to use: whenever a interface does not
exist during boot (for example VLAN) or when the address is overridden
from board.json (which is not obvious at all), it will yield either no
address, or a different address than expected.
To avoid this confusion, using board.json-based interface() is
preferable. This converts all uses of netdev() to the corresponding
lan/wan lookups, except for the final fallback for eth0.
- Replace misnamed, closure-returning sysfs() to a reusable read() function
- Rename eth() to netdev(), pass full interface name
- Rename board() to interface()
- Split reuable get_netdev_addr() out of netdev()
gsub() returns the number of matches as its second return value. This
was unintendedly passed through by the util functions trim() and
node_id(). It can be presumed that this had no effect in practice, but
it can lead to surprising output when passing values to print() for
debugging.
Allows reconfigurtion of remote syslog from within site.conf.
Conflicts with the gluon-web-logging package as user made changes
will be overwritten, because this package will reconfigure the syslog
destination on every upgrade.
Resolves#1845
Use the value of the `name` site.conf field as label (it was
accidentally unused before).
Our site.conf currently doesn't define a specific order for the branch
entries. To avoid changing branch orders, sort entries by this label.
Fixes: #1961
Register to 'reset' event on form element and make call to 'update' function
delayed in 'data-update' handler to allow the form values to update beforehand.
When using a form's 'reset' button, form field visibility was not updated.
This could lead to situations where a checkbox had to be toggled again
twice to display the detail text inputs. (Example taken from private
wifi package)
This adds a helper method, which determines if the current platform
supports WPA3 or not.
WPA3 is supported if
- the device is not in the featureset category "tiny"
- the WiFi driver supports 802.11w management frame protection
The gluon-wireless-encryption package selects a WPA3 supporting
hostapd package as a dependency and stores the information, which
encryption method is supported to the device.
This package adds support for SAE on 802.11s mesh connections.
Enabling this package will require all 802.11s mesh connections
to be encrypted using the SAE key agreement scheme. The security
of SAE relies upon the authentication through a shared secret.
In the context of public mesh networks a shared secret is an
obvious oxymoron. Still this functionality provides an improvement
over unencrypted mesh connections in that it protects against a
passive attacker who did not observe the key agreement. In addition
Management Frame Protection (802.11w) gets automatically enabled on
mesh interfaces to prevent protocol-level deauthentication attacks.
If `wifi.mesh.sae` is enabled a shared secret will automatically be
derived from the `prefix6` variable. This is as secure as it gets
for a public mesh network.
For *private* mesh networks `wifi.mesh.sae_passphrase` should be
set to your shared secret.
Fixes#1636
