In case the limit_ingress or limit_egress options are not present in
gluon's mesh_vpn section the respondd provider compares a string literal
with a NULL pointer, crashing respondd.
Check both pointers prior to comparing them in order to mitigate this
issue.
Suggested-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: David Bauer <mail@david-bauer.net>
This fully abstracts VPN methods, making gluon-mesh-vpn-fastd and
gluon-mesh-vpn-tunneldigger completely self-contained.
Provide a LUA interface for generic interacting with VPN methods in
gluon-mesh-vpn-core and web packages.
This also adds the ability to install tunneldigger and fastd to the same
image, selecting the VPN method based on the selected domain.
Signed-off-by: David Bauer <mail@david-bauer.net>
Simplify the individual form providers by always running reconfigure. This
also commits all UCI packages, so we can remove all tracking of UCI
sections from the wizard code.
Instead of returning a list of packages to commit, the providers just
save their settings directly. Explicit runs of upgrade scripts are
removed, as they are now run by reconfigure.
This add support for a write() method on sections, in addition to the
value and form level write(). write() is only called when the section is
valid and visible. In addition, write() is empty by default, so it can be
overridden more easily.
Before this commit the decision whether a vxlan layer will be
introduced between the lower interface before the interface is
added to batman was inside the proto. Now the decision is moved
to the user of the proto.
Add a package for handling upgrade-scripts speific for the WAN radio
operation.
This way, the config mode interface can be removed seperately from the
core functionality to perform tasks on system upgrade. This can be
useful when the setup-mode is removed entirely for space preservation.
Allow the transmission of IPv6 multicast packets as long as they are not
flooded through the whole mesh.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Set the ifname for the WAN radio (Private WLAN) to wanX, X being the
radio index.
All other radios created by Gluon already have their ifname defined
following this pattern.
Signed-off-by: David Bauer <mail@david-bauer.net>
The rudimentary flash size determination function expects the partition
for the devices firmware to be called "linux" while it is (since quite
some time) "firmware".
Fix this error to display available flash size as well as more useful
error message in case the uploaded firmware image exceeds the flash
space.
Signed-off-by: David Bauer <mail@david-bauer.net>
With batman-adv 2020.4 and the according backports to batman-adv v2019.2
several more bugs were found and fixed regarding the batman-adv
multicast optimizations feature.
Also a "wakeup-call" feature was added to the Linux bridge IGMP/MLD
snooping code in Gluon to work around issues with Android devices.
With batman-adv now at v2019.2, multicast-to-multi-unicasts conversion
is supported, too. Which means that even if there are a few outdated nodes
these and all other recipients will be served multicast packets via unicast,
too, as long as the sum of receiving nodes does not exceed the multicast
fanout setting (default: 16). If is exceeded, then batman-adv will revert
back to broadcast flooding automatically.
Long story short, with all these extra measures in place, let's reenable
the batman-adv multicast optimizations to reduce the layer 2 overhead
and in preparation for multicast applications in the future.
The default is enabled for this feature anyway, so removing the
"batctl multicast_mode 0" overwrite is sufficient.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
End the process after one result in case -l is not given
and destination address is unicast.
Reduces singleshot execution time from timeout seconds to around 150ms.
resolves#2184
This device is a dual 5GHz device. It is recommended to manually change the
radio of the first device to the lower 5GHz channels and the second radio
to the upper 5GHz channels
Fixes respondd on 64bit archs, as gluonutil_get_primary_domain() was
assumed to return int without the prototype.
Fixes: bcf57467dd ("libgluonutil: implement gluonutil_get_primary_domain()")
This adds the OpenWrt label-mac device selection as the most preferred
fallback.
While this is only used on OpenWrt 19.07 for backports, we can also use
the label-mac device when backporting device support. This way, we have
to deal with less device-sepcific code downstream.
Signed-off-by: David Bauer <mail@david-bauer.net>
This switches the used wireless daemons for OWE / SAE to the OpenSSL
flavors. The WolfSSL implementation currently seems to be broken.
THis switch may be reverted at a later point in time when hostapd /
wpa_supplicant implementations for WolfSSL have matured.
Specifications:
* SoC: MT7620A
* RAM: 64 MB DDR
* Flash: 8MB NOR SPI flash
* WiFi: MT7612E (5Ghz) and builtin MT7620A (2.4GHz)
* LAN: 1x100M
The -factory images can be flashed from the device's web
interface or via nmrpflash.
Both devices differ by a additional power outlet for the EX3800.
This patch has been tested on a EX3800 device.
This renames the local_client zone to loc_client, as local_clint exceeds
the maximum zone length allowed for firewall3, which is 11 bytes.
This worked previously due to firewall3 using unsafe string operations.
Now creation of the chain fails (latest OpenWrt master).
