Matthias Schiffer
543eb17882
gluon-core: remove DNS cache feature
...
dnsmasq's caching is severly broken and does not handle all answer records
equally. In particular, its cached answers are missing DNSKEY and DS
records, breaking DNSSEC validation on clients.
Remove the cache for now. It may return if dnsmasq is fixed or we switch to
a different resolver.
2018-04-13 15:15:40 +02:00
Matthias Schiffer
9b937a8c64
gluon-core: remove unused gluon.sysctl Lua module
2018-04-13 14:41:01 +02:00
Matthias Schiffer
25b32ec2fe
treewide: move sysctl settings to /etc/sysctl.d
...
net.ipv6.conf.br-client.forwarding is moved from gluon-client-bridge to
gluon-mesh-batman-adv, as the setting is not useful with non-bridged
protocols.
2018-04-13 14:41:01 +02:00
Matthias Schiffer
9f86bf3155
gluon-core: add default_hostname helper
2018-03-17 11:44:33 +01:00
Matthias Schiffer
83a6847fbd
gluon-web: remove unneeded functions from gluon.web.util
...
exec() is moved to gluon.util.
2018-02-25 17:13:30 +01:00
Matthias Schiffer
5dcb784308
gluon-core: remove unused lock and exec functions
2018-02-25 17:13:30 +01:00
Matthias Schiffer
987eef011a
gluon-core: remove unused user/group management functions, call lock command directly
2018-02-25 17:13:30 +01:00
Christof Schulze
9711afaf69
gluon-core: allow multiple domain names for next_node-feature
...
* change type of next_node.name
* create domain entry for each entry and add to dnsmasq configuration
[Matthias Schiffer: reword documentation]
2018-02-16 15:15:31 +01:00
Matthias Schiffer
345a5de861
gluon-core: add newline to the end of sysconfig files
...
Both gluon.sysconfig and libgluonutil already remove the trailing newline
if it exists. It's nicer to avoid files without a trailing newline, e.g.
for printing the file contents in a terminal.
2018-02-15 20:57:53 +01:00
Martin Weinelt
427c83754b
gluon-core: 200-wireless: upgrade 11ac radios to VHT20 ( #1328 )
...
Patch originally authored by @oleeander.
Fixes #424
2018-02-15 20:29:19 +01:00
Matthias Schiffer
d61f6a1e85
gluon-core: rename iterate_radios() to foreach_radio(), pass whole radio section
...
Allows to remove some redundant UCI lookups.
2018-02-15 14:04:37 +01:00
Karsten
f69fbf7d05
gluon-core: don't disable legacy mesh on mesh_lan on reconfigure ( #1323 )
...
Fixes #1322
2018-02-07 07:33:25 +01:00
Matthias Schiffer
c479d9160d
gluon-core: don't request a prefix via DHCPv6 on WAN
...
The prefix is not used, and requesting it leads to odhcp6c log spam with
certain DHCPv6 servers.
2018-02-03 03:02:56 +01:00
Matthias Schiffer
09c2e60cd4
gluon-core: upgrade/110-network: fix formatting
2018-02-03 03:02:20 +01:00
Matthias Schiffer
a2f45d0d32
gluon-core: store default domain in UCI
2018-01-26 12:32:46 +01:00
Matthias Schiffer
e54b37d835
gluon-core: firewall: move VXLAN rules to the top
...
Evaluating these rules before all the ICMPv6 rules improves wired mesh
throughput measurably.
2018-01-24 22:41:29 +01:00
Matthias Schiffer
2950cc3f59
gluon-core: only use a bridge for wired meshing when necessary
...
On most devices, there is only a single LAN interface connected to all LAN
ports, so no bridge is necessary.
2018-01-24 22:16:09 +01:00
lemoer
b520bf5c50
gluon-core: rename site_seed to domain_seed
...
[Matthias Schiffer: rebase]
2018-01-19 03:30:06 +01:00
lemoer
0f5d932c4f
gluon-core: add util gluon-show-site to print merged site config
...
This should not convert JSON to a Lua table and back, as this loses the
distinction between arrays and objects, but as our site.conf is defined in
Lua anyways (for now), this can be fixed in a later revision.
[Matthias Schiffer: rename to gluon-show-site, rebase]
2018-01-19 01:07:44 +01:00
Matthias Schiffer
0b80f1b5ce
gluon-core: reimplement gluon.site module in C
...
By basing the Lua gluon.site module on gluonutil_load_site_config(), the
config load implementation needs to changed only in a single place for
multi-domain support.
2018-01-18 16:29:00 +01:00
Matthias Schiffer
6cf88c3b03
Replace luci-lib-jsonc with our own lua-jsonc
2018-01-18 16:28:59 +01:00
Matthias Schiffer
01336f70ec
gluon-core: firewall: make the default input policy REJECT
...
Fixes #1311
2018-01-17 09:51:10 +01:00
Matthias Schiffer
a32fddf38c
gluon-core: firewall: accept inbound VXLAN traffic on wired mesh interfaces
...
Fixes #1308
2018-01-17 09:51:10 +01:00
David Bauer
99b02701cc
ar71xx: add support for TP-Link Archer C58/C59/C60 ( #1281 )
2018-01-16 18:51:12 +01:00
Matthias Schiffer
18b9174d03
Use 'disabled' attribute instead of 'auto' to disable wired mesh interfaces
...
The 'auto' attribute still allows enabling the interface using ifup, which
is not intended when wired mesh is disabled.
2018-01-11 23:06:36 +01:00
David Bauer
9273e56c63
ar71xx: add support for TP-Link Archer C7 v4 ( #1289 )
2018-01-03 16:50:23 +01:00
Matthias Schiffer
2b1ffb3034
gluon-core, gluon-client-bridge: create local_client zone in core
...
As core defines basic rules for this zone, it makes sense to create it
there.
2017-12-27 02:43:34 +01:00
Matthias Schiffer
8ea5810bda
gluon-core: firewall: allow inbound ICMPv4 ping on local_node
2017-12-27 02:43:34 +01:00
Matthias Schiffer
39284f00d0
gluon-core: firewall: allow Multicast Listener Discovery on mesh/local_client
...
Based-on-patch-by: Christof Schulze <christof.schulze@gmx.net>
2017-12-27 02:43:33 +01:00
Matthias Schiffer
a252383918
gluon-core: firewall: remove redundant ICMPv6 output rules
...
OUTPUT is always accepted, no need to allow ICMPv6 explicitly.
2017-12-27 02:43:33 +01:00
Matthias Schiffer
fe2048e4df
gluon-core: firewall: coding style
...
Wrap long lines.
2017-12-27 02:43:33 +01:00
Christof Schulze
1c1c9f8fc7
gluon-core: firewall rework, make base policy more restrictive
...
* gluon-core, gluon-client-bridge: introduce new firewall zone: local_client
* gluon-core: put clients in local_client zone, introduce drop-zone,
set dns-rules and zones
* gluon-respondd: allow respondd on mesh
* gluon-status-page-api: allow http input on mesh and client
2017-11-25 23:19:08 +01:00
Matthias Schiffer
13b325355d
gluon-core: make old site_config library reference new one, not the other way around
2017-08-11 22:07:35 +02:00
Matthias Schiffer
ee6afaced9
treewide: use new gluon.site Lua library
...
Some files have received some additional refactoring.
2017-08-11 22:07:34 +02:00
Matthias Schiffer
8a41ed05f1
gluon-core: more coding style fixes
2017-08-11 20:28:59 +02:00
kb-light
90305761ce
gluon-core: update lib/gluon/upgrade/150-poe-passthrough for naming within lede
2017-08-11 20:27:51 +02:00
kb-light
949f4b7dd5
gluon-core: lib/gluon/upgrade/150-poe-passthrough: fix indentation
2017-08-11 20:26:08 +02:00
Matthias Schiffer
3df9fcecb0
gluon-core: explicitly disable radios without configuration in site.conf
2017-08-08 14:08:35 +02:00
Matthias Schiffer
293a45456b
gluon-core, gluon-client-bridge: use new gluon.site library in gluon.util
...
In particular, this affects users of gluon.util.iterate_radios.
2017-08-08 14:07:09 +02:00
Matthias Schiffer
1d6e6726d7
gluon-core: use new gluon.site library to avoid 'or {}' syntax
2017-08-08 13:53:02 +02:00
Matthias Schiffer
57adb49de2
gluon-core: add new gluon.site library for convenient access to optional values
...
The new gluon.site lua library will eventually replace gluon.site_config
(which is hereby deprecated, but will continue to be supported for a
while).
The new gluon.site library will wrap all values to allow traversing
non-existing tables without errors.
site = require 'gluon.site'
c = site.a.b.c -- doesn't fail even if a or a.b don't exist
The wrapped values must be unwrapped using call syntax:
site_name = site.site_name()
Using the call syntax on a non-existing value will return nil. An
alternative default value may be passed instead:
mac = site.next_node.mac('16:41:95:40:f7:dc')
2017-08-08 13:20:38 +02:00
Matthias Schiffer
6884aad788
gluon-core: simplify 820-dns-config code
2017-08-08 04:31:53 +02:00
Matthias Schiffer
31721a61f5
gluonc-core: 200-wireless: remove unneeded nil checks for uci:set_list()
...
uci:set_list() will delete the list when nil is passed, so there is no need
to differentiate between the cases.
2017-08-08 04:31:52 +02:00
Matthias Schiffer
06d0c0f211
gluon-core: fix 200-wireless coding style
2017-08-08 04:31:52 +02:00
Matthias Schiffer
ae593d8439
gluon-core: convert site seed to lowercase
...
While we use the hexadecimal representation as a hash input for simplicity,
it should not be interpreted as case-sensitive.
2017-06-27 23:28:23 +02:00
Matthias Schiffer
0d6f957196
gluon-core: introduce new gluon_wired netifd proto for wired meshing
...
The new proto will simplify the switch to VXLAN encapsulation.
2017-06-27 23:00:17 +02:00
Matthias Schiffer
8bcd0975af
gluon-core: add a "site seed" to site.conf to seed site-specific random values
2017-06-27 23:00:17 +02:00
Matthias Schiffer
acfc3cc1a2
gluon-core: upgrade/210-interface-wan: whitespace cleanup
2017-06-21 17:16:41 +02:00
Matthias Schiffer
0db63008cd
gluon-core: upgrade/220-interface-lan: whitespace cleanup
2017-06-21 02:56:23 +02:00
Linus Lüssing
c519ec4596
gluon-core: reenable multicast snooping for wan zone
...
LEDE recently disabled multicast snooping by default:
https://git.lede-project.org/?p=project/netifd.git;a=commitdiff;h=52541140f8138e31958cdc3d7e42a4029fa6bbc9
Reenable it for Gluon as there have been no confirmed issues for
LEDE and no negative reports concerning Gluon v2016.2.x so far.
Closes #1025 .
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2017-04-13 22:31:47 +02:00