On PoE-powered devices, we usually want to use WAN for the setup mode.
As all outdoor devices are PoE-powered, we can reuse this function. This
switches the setup mode interface for new installations / after config
reset on a few devices that were missing in this list before.
The 'preserve' flag can be used to mark a peer so it is not removed or
modified on upgrades. In addition, groups containing preserved peers are
not removed.
Fixes: #557
The netdev() lookup is confusing to use: whenever a interface does not
exist during boot (for example VLAN) or when the address is overridden
from board.json (which is not obvious at all), it will yield either no
address, or a different address than expected.
To avoid this confusion, using board.json-based interface() is
preferable. This converts all uses of netdev() to the corresponding
lan/wan lookups, except for the final fallback for eth0.
- Replace misnamed, closure-returning sysfs() to a reusable read() function
- Rename eth() to netdev(), pass full interface name
- Rename board() to interface()
- Split reuable get_netdev_addr() out of netdev()
gsub() returns the number of matches as its second return value. This
was unintendedly passed through by the util functions trim() and
node_id(). It can be presumed that this had no effect in practice, but
it can lead to surprising output when passing values to print() for
debugging.
Allows reconfigurtion of remote syslog from within site.conf.
Conflicts with the gluon-web-logging package as user made changes
will be overwritten, because this package will reconfigure the syslog
destination on every upgrade.
Resolves#1845
Use the value of the `name` site.conf field as label (it was
accidentally unused before).
Our site.conf currently doesn't define a specific order for the branch
entries. To avoid changing branch orders, sort entries by this label.
Fixes: #1961
Register to 'reset' event on form element and make call to 'update' function
delayed in 'data-update' handler to allow the form values to update beforehand.
When using a form's 'reset' button, form field visibility was not updated.
This could lead to situations where a checkbox had to be toggled again
twice to display the detail text inputs. (Example taken from private
wifi package)
This adds a helper method, which determines if the current platform
supports WPA3 or not.
WPA3 is supported if
- the device is not in the featureset category "tiny"
- the WiFi driver supports 802.11w management frame protection
The gluon-wireless-encryption package selects a WPA3 supporting
hostapd package as a dependency and stores the information, which
encryption method is supported to the device.
This package adds support for SAE on 802.11s mesh connections.
Enabling this package will require all 802.11s mesh connections
to be encrypted using the SAE key agreement scheme. The security
of SAE relies upon the authentication through a shared secret.
In the context of public mesh networks a shared secret is an
obvious oxymoron. Still this functionality provides an improvement
over unencrypted mesh connections in that it protects against a
passive attacker who did not observe the key agreement. In addition
Management Frame Protection (802.11w) gets automatically enabled on
mesh interfaces to prevent protocol-level deauthentication attacks.
If `wifi.mesh.sae` is enabled a shared secret will automatically be
derived from the `prefix6` variable. This is as secure as it gets
for a public mesh network.
For *private* mesh networks `wifi.mesh.sae_passphrase` should be
set to your shared secret.
Fixes#1636
Remove a lot of redundant code by switching to a match table listing
the targets and boards for each candidate for the primary MAC interface.
In addition, we add some flexiblity by allow to switch out the sysfs file
data source for the MAC address.
This reverts commits
- caf2dd037b.
- 07ebac6a49
- 55eff45f96
I accidentally pushed these commits as I had them lying around on a
dirty checkout I did testing on.
In addition this PR contains:
- split of gluon-respondd provider into multiple source files
- minor additional cleanups in gluon-mesh-babel respondd provider
(untested, as the babel respondd provider already doesn't compile prior
to these changes...)
many AVM devices do not have RESET/WPS buttons. So use the otherwise unused DECT/PHONE button to boot the device into setup mode.
This patch allows to enter the setup-mode by pressing the phone button
(often labeled as DECT) in addition to WPS and reset button.
This patch is necessary to allow supporting boards without a WPS and reset
button (e.g. AVM FRITZ!Box 7312).
With this commit, the status-led is set to be the "led-running"
device-tree alias for targets which do not implement the get_status_led
method in /etc/diag.sh.
This reverts commit 9b1eb40fe7.
With the batman-adv v2019.2 upgrade reverted (c1a7733956), the batman-adv
multicast-to-multi-unicast feature is not available yet. Without that it is
going to be very unlikely of the batman-adv multicast optimizations to
take effect. E.g. some outdated nodes would disable it.
To avoid confusion and diversion with a few communities having it enabled
and most implicitly deactivated, just deactivate it for all for now
until batman-adv is updated to v2019.2 or greater again.
mac_to_ip() calculates an ipv6 address from a mac address according to
RFC 4291. For wireguard we have to use specially crafted addresses that
must be unique. This allows calculating such unique mac-based addresses
by allowing to optionally specifying the bytes to be inserted into the
address.
The new routing_algo site.conf value BATMAN_IV_LEGACY is introduced. With
these changes, the routing_algo setting becomes mandatory.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
We cannot add the same file (here: /lib/gluon/mesh-batman-adv/compat) to
two, installed packages. Therefore, instead of determining the compat
version number from this file, infer it from the batman-adv release
version number instead.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
This is a fix for the broken ingress traffic-shaping in gluon v2018.2.2
and possibly earlier.
For ingress traffic shaping the kernel option NET_ACT_POLICE is needed.
Before this patch there was no dependency to this. Neither in
gluon_core, gluon-mesh-vpn-core nor in the package.
This patch adds this dependency.
[Matthias Schiffer: move dependency from GLUON_CORE to gluon-mesh-vpn-core]
Fixes#1790
package/gluon-web-network/luasrc/lib/gluon/config-mode/model/admin/network.lua:122:16: (W431) shadowing upvalue f on line 19
Fixes: bab4af01e ("gluon-web-network: improve PoE GPIO name translation
handling")
The gluon-authorized-keys is usually installed to use SSH keys to
authenticate a user against the device. To make this useful, it is also
required to disable passwordless SSH access to the device.
This new dependency is only required when the user doesn't have
gluon-setup-mode enabled already.
Fixes: #1777
Reported-by: yanosz <github@yanosz.net>
Fixes: a753fa79e3 ("gluon-authorized-keys: add keys from site.conf")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
This MR includs only the VPN MODE of the hoodselector whitch simply set
hoods base on their geopositions.
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
check_site.lua: fix language syntax
muss -> must
rage -> range
at lease -> at least
coordiantes -> coordinates
realaise -> realised
gluon-hoodselector: fix language syntax in hoodselector
can not -> can't
routers -> router's
continure -> continue
to next -> to the next
TMP -> temporary
for current -> for the current
continure -> continue
with next -> with the next
thier -> there
provides -> provide
possition -> position
therfore -> therefore
gluon-hoodselector: fix language syntax in util.lua
realaise -> realised
gluon-hoodselector: fix language syntax and use autoupdate lock mechanism.
gluon-hoodselector: fix spelling/grammar
gluon-hoodselector: automatically set SECTION and CATEGORY for Gluon packages
gluon-hoodselector-add-VPN-MODE: add micrond & libjson-c dependency
gluon-hoodselector-add-VPN-MODE: check running hoodselector before loading lua
gluon-hoodselector-add-VPN-MODE: remove nixio dependency from hoodselector util
Revert "gluon-hoodselector-add-VPN-MODE: check running hoodselector before loading lua"
This reverts commit 535b0a1b2fb73e563bf6a44b568a796440bd307f.
add luaposix and luabitop to pakage dependency
sbin/hoodselector: remove nixio requiemend
sbin/hoodselector: load hoods only if necessary
gluon-hoodselector: use VPN abstraction layer. the hoodselectore does
not need to know about all individual VPN protocols.
gluon-hoodselector: Makefile add gluon-mesh-vpn-core as dependency
gluon-hoodselector: apply changes of mesh vpn lib
gluon-hoodselector: remove outdated comments
package/gluon-hoodselector: check_site.lua rm domain seed check thus its already checked by gluon-core
package/gluon-hoodselector: util.lua code cleanup and refactoring
package/gluon-hoodselector: hoodselector code cleanup and refactoring
gluon-hoodselector: util.lua, use taps instead of spaces. Use posix.unistd.access instead of io.open
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
gluon-hoodselector: hoodselector, use taps instead of spaces.
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
gluon-hoodselector: check_site.lua: replace hood with domain
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
gluon-hoodselector: drop VPN mode and rename hood to domain. Furthermore implement geolocator mode as neorayder way
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: rm duplicated print output
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector util: fix wrong function signature
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
small typo fixes
small typo fixes
Update util.lua
processes are really restarted now. new (old) problem: nodes will not forget their former ipv6-addresses. watchdog could here with that.
gluon-hoodselector util.lua: replace i iterator with _
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
Update util.lua
now polygons with holes are recognized correctly. also a mix of nested polygons and boxes should be possible as shapes[]
package/gluon-hoodselector: hoodselector use gluon-reload for daemon restarts/reloads
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: util.lua use math-polygon lib and rm restart_services function. Rectengles will be converted into polygons now
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: Makefile rewrite description update depends list
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: check_site.lua reduce complexity
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: use : for gluon_version Val
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: fix if equal syntax
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
luasrc/usr/lib/lua/hoodselector/util.lua: check_site.lua simplify checksite script and fix if logic
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: set space after comma, rm unnecessary error handling
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: use only brackes on require function no mixup
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: check_site.lua rm unuse variables and fix non std global function
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: util.lua rm unuse include
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: rm comment return nil in function get_geolocation()
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
package/gluon-hoodselector: Makefile refactor pkg description
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
We now keep the VPN enable state, bandwidth limit enable and actual limits
in the core config to avoid having to recover "user intent" from different
config files when the used VPN packages change.
Fixes#1736
Several fixes and enhancements related to multicast were added upstream
in batman-adv. So let's give the batman-adv multicast optimizations
another go.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
The is_outdoor function is placed inside the gluon.platform module, not
the platform_info module. Currently, the outdoor-mode wizard component
and the upgrade script fail due to nil-value calls.
adds a section to the wizard for outdoor capable devices
that informs the user of of the regulatory situation and
allows a quick toggle of the outdoor mode.
Add the `wifi5.outdoor_chanlist` site configuration that
allows specifying an outdoor channel range that can be
switched to for regulatory compliance.
Upon enabling the outdoor option the device will
- configure the `outdoor_chanlist` on all 5 GHz radios
- which may enable DFS/TPC, based on the regulatory domain
- disable ibss/mesh on the 5 GHz radio, as DFS *will*
break mesh connections
- allow for htmode reconfiguration on 5 GHz radios
The outdoor option can be toggled from
- Advanced Settings
- W-LAN
- Outdoor Installation
The `preserve_channel` flag overrules the outdoor channel
selection.
The batctl v2013.4 build was removed from the batman-adv-legacy package
as the current, upstream batctl releases work with batman-adv-legacy,
too.
As a replacement we need to add the upstream batctl dependency to
gluon-mesh-batman-adv-14 to have a batctl available again here.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
The commit a080049735 ("gluon-status-page-mesh-batman-adv: Retrieve TQ of
neighbors with non-best direct link") removed the check whether a neighbor
has the BATADV_ATTR_FLAG_BEST set. But consumers may still want to filter
out or mark neighbors which don't have this flag set. To assist with such a
feature, enhance the neighbor object with an extra boolean "best" attribute
which stores whether the BATADV_ATTR_FLAG_BEST was found or not.
Reported-by: Vincent Wiemann <webmaster@codefetch.de>
The commit ee63ed42fe ("gluon-mesh-batman-adv: List neighbors with
non-best direct link") removed the check whether a neighbor has the
BATADV_ATTR_FLAG_BEST set. But consumers may still want to filter out or
mark neighbors which don't have this flag set. To assist with such a
feature, enhance the neighbor object with an extra boolean "best" attribute
which stores whether the BATADV_ATTR_FLAG_BEST was found or not.
Reported-by: Vincent Wiemann <webmaster@codefetch.de>