There are some devices not acting properly to roaming events, in that
they do not timely reissue IGMP/MLD reports after reconnecting.
To compensate for that this commit reduces the query interval from 125
seconds to 20 and the query response interval from 20 seconds to 5.
This reduces a timeout to 20+5 seconds in the worst-case (12.5s average)
after a roaming event for such broken devices. This should be below the
30s "impatient user threshold" and below any connection timeout.
Until the bridge multicast snooping + querier gets re-enabled this is a
no-op.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Adopt the according modifications to the default firewall settings of
the WAN interface from OpenWRT, revision 45613.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
An IGMP/MLD domain split will prevent us from being able to track
multicast listeners on other nodes.
Therefore we need to always hand any multicast packets we received from
local clients to batman-adv. With bridge multicast snooping disabled,
the current setting in Gluon, this is already the case.
However, in preparation to enabling multicast snooping, we need to
enforce forwarding towards batman-adv by setting the bridge port
option "multicast_router" to 2.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
It is not supported by all browsers yet.
Also change load display always to display 2 decimal digits (as it is read
from the kernel with 2 decimal digits).
Fixes#606
Mobile browsers will often show or hide the address bar while scrolling.
This causes resize events which would often reset the signal graphs.
Fixes#662
Ethernet links provide transitive connectivity in all but very unusual
setup, enable mesh_no_rebroadcast to reduce load for devices on links with
many nodes.
Fixes#652
This new feature introduces the new uci section 'gluon-core.wireless' with a preserve_channels option:
* preserve_channels (boolean)
By setting this option to 1 (true) wifi channels will be preserved during upgrades.
Instead of starting gluon-respondd from a hotplug handler, add a proper
init script. The new init script has a restart_if_running argument which
is now used by the hotplug handler.
introduce function to recurse down to the lowest layer-2 interface
corresponding to a given interface.
also re-introduce some of the previously removed input validation plus
some more to protect against glob and path based exploits.
The timeout was calculated incorrectly (in each iteration the span between
the start time and the current time was substracted from the timeout
again), and would often become negative, causing warnings in the kernel
log.
On the status page statistics section counters for transmitted and received traffic were mixed up. Transmitted traffic was shown as received while received traffic was shown as being transmitted.
Fixes#586
Is makes sense to always look for both ibss_radio* and mesh_radio* sections
to determine if the meshing should be enabled when regenerating these
sections. Doing this, the disabled state will survive updates changing the
section name (either updating from pre-2015.2 while keeping IBSS, or
changing from IBSS to 11s or vice-versa).
If both ibss_radio* and mesh_radio* sections exist, the disabled state will
be kept correctly for each section, the behaviour is changed only when
creating a section that didn't exist before.
Fixes#549
PKG_FILE_DEPENDS caused the whole site repo to be hashed to determine if
gluon-site needed rebuilding. While this is normally no problem,
alternative build setups sometimes put the Gluon repo inside the site repo,
causing long build times and parallel build failures.
in a layer 2 mesh network, multicast pings cause a lot of traffic in the
network, significantly increasing the 'backgroudn noise' (= Grundrauschen)
and stressing nodes in the network.
this commit blacklists all icmpv4 multicast traffic as well as multicast
icmpv6 echo-requests and node iformation queries. as no application
depending on these types of multicast traffic is known, blacklisting is safe.
gluon-radio-config contained only a single file. The code has been adjusted
to allow creating a Gluon configuration without WLAN support by removing
the wifi24 and wifi5 sections from site.conf.
The file promotes the probably unnecessary re-execution of the announce
scripts. Instead, gluon-announced should be queried using
gluon-neighbour-info -d ::1 -p 1001 -t0 -r nodeinfo
if both gluon-announced and gluon-neighbour-info are present. But to not
depend on any of those, no script for this one-liner is provided.
Now that the status page api has been rewritten in C CPU load and memory
usage is much lower. Also, nodes with both ibss and 11s mesh and dual
band wifi may require up to 9 connections for a single client, thus the
previous limit of 12 seemed a little low.
Convert option ifname in br-client to use a list instead. This
simplifies adding and remove interfaces:
uci:add_to_set("network", "client", "ifname", "eth0")
uci:remove_from_set("network", "client", "ifname", "eth0")
An option ifname will be automatically converted to a list when
performing an upgrade.
Packages affected: gluon-mesh-batman-adv-core, gluon-luci-portconfig
When rebooting the node in config mode, currently the fastd key is
forcefully displayed in a fixed format. This is confusing in communities
where fastd accepts all keys and no key submission is needed.
Furthermore, some communities might want to personalize the display of
the key (see #387).
This patch moves the displaying <div> from the package's lua file to the
translation files of the sample site configuration and mentiones the
change in the release notes.
Apart from replacing a patch for the former by two patches for latter,
this involved minimal adaptations of the lua scripts in the following
packages:
* gluon-announce
* gluon-announced
* gluon-mesh-batman-adv-core
* gluon-status-page
Split basic radio configuration from gluon-mesh-batman-adv as this will
be required for virtually any wireless mesh protocol.
This package takes care of setting:
- wireless channel,
- htmode and
- regulatory domain
gluon-mesh-batman-adv-core depends on this package.
This is a site.conf-breaking change in regard to the wireless config.
Make sure to read http://gluon.readthedocs.org/en/latest/user/site.html
and update your site.conf accordingly!
Support for 802.11s mesh interfaces has been added. Gluon now supports
three interface types: ap, ibss and mesh. All of them are now optional
and may be configured independently in site.conf.
A sample site.conf may look like this:
wifi24 = {
channel = 1,
htmode = 'HT40+',
ap = {
ssid = 'luebeck.freifunk.net',
},
ibss = {
ssid = '02:d1:11:37:fc:38',
bssid = '02:d1:11:37:fc:38',
mcast_rate = 12000,
},
mesh = {
id = 'ffhl-mesh',
mcast_rate = 12000,
},
},
The nodeinfo/network/addresses announcement included deprecated and
tentative addresses, which it clearly shouldn't as the host doesn't want
to be contacted on those addresses. They are now filtered out.
Always output empty objects or nothing at all where objects are expected, but
no elements exist.
Also remove a few unneeded "requires", a few basic modules are provided by
announce.lua by default.
By introducing a new option -a in addition to -p this patch allows
controlling the on-link flag of announcements.
A prefix specified using -a will have the on-link flag set to zero
while a prefix specified using -p will retain its behaviour (i.e.
on-link flag set).
Example:
gluon-radvd -i local-node -p 2001:db8:aaaa:/64 -a 2001:db8:bbbb::/64
This will announce 2001:db8:aaaa::/64 with the on-link flag set and
2001:db8:bbbb::/64 with the flag unset.
This adds mesh_on_lan functionality.
A new optional site.conf option, mesh_on_lan, has been added. If set to
'true', all LAN ports will be used for meshing instead of being part of
the client bridge.
This will introduce a new nodeinfo object, network.mesh.bat0.interfaces,
containing any of the the following subordinated objects:
- wireless
- tunnel
- other
Each of these objects contains a (possibly empty) list of MAC addresses
(lowercase, colon-notation) corresponding to a interface of the given
class. Combined with a batman graph it is thus possible to mark
sub-graphs as "wireless" or "vpn".
The previously used object mesh_intefaces is superseded by this new
object structure and mesh_interfaces will be removed in a future Gluon
release.
OpenWrt doesn't set the regdom unless a WLAN device is started. Explicitly set
the regdom in the setup mode to get the correct list of allowed txpower entries
in the planned LuCI module.
In Bremen it has been noted that a prefix may lead people to believe it
has to stay there and thus naming their nodes "ffhb-*", which is not
what the community wants (see FreifunkBremen/gluon-site-ffhb#1).
However, an empty prefix lead to the connecting hyphen still being
inserted. This commit thus makes the hyphen part of the configured
prefix and allows the prefix to be missing from the `site.conf`.
This adds a new announce.d datum "neighbours" (alfred 160) containing
information about mesh neighbours. It's intended to be an replacement
for batadv-vis.
In addition to the data already provided by batadv-vis it'll also
provide information about direct wifi neighbours.
Unlike batadv-vis, no data about clients is transmitted.
Sample data:
{
"wifi": {
"90:f6:52:82:06:02": {
"neighbours": {
"f8:d1:11:2c:a7:d2": {
"noise": -95,
"inactive": 0,
"signal": 0
},
"96:f6:52:ff:cd:6f": {
"noise": -95,
"inactive": 0,
"signal": -37
}
}
}
},
"batadv": {
"90:f6:52:82:06:02": {
"neighbours": {
"96:f6:52:ff:cd:6f": {
"lastseen": 2.8500000000000001,
"tq": 177
}
}
},
"90:f6:52:82:06:03": {
"neighbours": {
"f8:d1:11:2c:a7:d3": {
"lastseen": 2.3500000000000001,
"tq": 206
}
}
}
},
"node_id": "90f652820602"
}
Moving the scripts to a common directory not only vastly simplifies the
zzz-gluon-upgrade script, but also allows to define an ordering of such
scripts across packages.
add invariant script "001-node-system" to add section "system" if not exist; add invariant script "010-node-role"
to add section "system" if not exist; add invariant script "010-node-role" to set role to default value
(site.roles.default) if not exist; depends on new site.conf section
When an early reboot is triggered because an upgrade script has disabled the
config mode, we need to explicitly call /etc/init.d/done, otherwise the overlay
will not be finalized after a firstboot and we get an endless reboot loop.
the gluon-announced package installs a hotplug script
that uses announce.lua from the gluon-announce package.
So we need to include gluon-announce as dependency.
Signed-off-by: flokli <florian@darmstadt.freifunk.net>
the ports were interchanged, see the following packet flow:
client:546 --> [ff02::1:2]:547
server:547 --> client:546
therefore we need to allow outgoing multicast packets with dst-port 547
and unicast packets from bat0 to clients with dst-port 546 and 547 in the other direction
This package will run as invariant script after each upgrade and copy
all keys from site.conf's authorized_keys entry to
/etc/dropbear/authorized_keys.
Existing keys will be preserved.
The site.conf entry 'authorized_keys' is required (if this package is
selected) and must contain a list of strings, each representing a line
of the resulting file.
Using the line
```
* * * * echo "foobar"
```
(notice the missing fifth time field) in a crontab causes gluon-cron
to enter an endless loop while parsing it, thus it won't even execute
the other, valid crontabs.
This is caused by the loop in [line 138] where `begin - min`
substracts the unsigned `min` from the signed `begin`. If now `begin`
is invalid, `strict_atoi` returns -1 and the loop starts at
`(-1)-1=MAX_INT` and runs while `i <= MAX_INT` which is always true.
The real culprit lies in [line 134] where exactly this case
`begin < min` is checked - but because of the signedness, this check doesn't
work as expected either.
The easiest solution is to make `min` a signed integer instead of an unsigned
one, as we do not require it to be very large and only pass the constants 0 or
1 to it.
To avoid other similar problems, this patch makes the input variable `n` a
signed integer as well.
Since switching to Barrier Breaker/procd, we'd not notice if we were
upgrading from a version before renaming the config file to gluon-setup-mode
as the upgrade scripts run after the preinit.
Fix this by checking later during setup mode init again and rebooting into the
regular run mode if we detect this case.
Die Bezeichnung "Mesh-VPN" ist etwas irreführend. Man kann denken, dass hiermit das Meshing aktiviert wird, wobei es ja — im Gegenteil — um eine Nutzung des WAN geht.
This adds
"client" { "total": <int>, "wifi": <int>" }
to statistics.d. "total" will be the number of clients connected.
"wifi" will be the number of clients connected over wifi. I.e. "total"
will always be equal to or greater than "wifi".
The node will not count itself.
This commit splits gluon-config-mode into several, mostly independent
packages.
* gluon-config-mode-core: basic functionality (required)
* gluon-config-mode-hostname: hostname field
* gluon-config-mode-autoupdater: show when autoupdater is enabled
* gluon-config-mode-mesh-vpn: fastd vpn configuration, bw limit
* gluon-config-mode-geo-location: geo coordinates
* gluon-config-mode-contact-info: contact info field
The package gluon-config-mode has been removed. You need to replace
it with these packages (or any subset of them) in site.mk:
* gluon-config-mode-hostname
* gluon-config-mode-autoupdater
* gluon-config-mode-mesh-vpn
* gluon-config-mode-geo-location
* gluon-config-mode-contact-info
Note: It is not possible to deactivate the autoupdater in config mode
anymore (expert mode will still allow it). Instead, a message is shown
in case the autoupdater is enabled.