Commit Graph

4231 Commits

Author SHA1 Message Date
Matthias Schiffer
31124ac687
patches: refresh "packages" patches (#2400) 2022-02-23 21:50:15 +01:00
Matthias Schiffer
073e559dc5
gluon-mesh-babel: do not allow disabling VXLAN (#2376)
With Babel, wired meshing cannot run on the same logical interface as
non-mesh traffic, so using VXLAN is mandatory.
2022-02-23 19:10:13 +01:00
David Bauer
428b8afb92
Merge pull request #2186 from freifunk-gluon/fastd-l2tp
fastd: add L2TP offload support
2022-02-23 19:03:19 +01:00
Matthias Schiffer
26b26395d1
Merge pull request #2399 from MyIgel/remove-xhtml
treewide: Replace xhtml content type with html, remove xhtml workaround, replace self closing tags
2022-02-22 21:46:29 +01:00
Matthias Schiffer
210cacdf55
docs: update for role-based interface configuration 2022-02-22 18:52:15 +01:00
Matthias Schiffer
a671b5081c
gluon-core: preserve explicitly marked network and system sections
A section can be marked as preseved by setting the gluon_preserve option
to 1. In addition the following conditions must hold:

- The preserved section must not already exist after OpenWrt's and
  Gluons setup scripts run. Modifying existing sections is currently
  unsupported.
- Preserved sections must be named, so it can be detected whether a
  section conflicts with a preexisting one.
2022-02-22 18:52:15 +01:00
Matthias Schiffer
6dcee2e324
gluon-web-network: update wired mesh settings for new role-based configuration 2022-02-22 18:52:15 +01:00
Matthias Schiffer
316e96a467
gluon-core, gluon-setup-mode: reset ifname sysconfigs on each update, introduce single_ifname
Allow interface names to change on updates to handle hwconfig -> DSA and
similar migrations.

On devices with only a single interface, a sysconfig single_ifname is
created instead of wan_ifname or lan_ifname to allow separate
configuration in site.conf.
2022-02-22 18:52:15 +01:00
Matthias Schiffer
c779d12369
treewide: use interface roles as basis for network configuration
With the new role-based interface configuration, it would be better to
rename the wan/wan6 interfaces to uplink/uplink6, but that would cause
unnecessary churn for the firewall configuration, so it is left for a
later update.

As all interfaces with the 'uplink' role are in the br-wan bridge, it is
not possible to assign these to the 'mesh' role independently - instead,
br-wan is added as a mesh interface as soon as a single interface has
both the 'uplink' and 'mesh' roles. The UCI section for this
configuration is now called 'mesh_uplink' instead of 'mesh_wan'.

For all interfaces that have the 'mesh', but not the 'uplink' role a
second configuration 'mesh_other' is created. If there is more than one
such interface, all these interfaces are bridged as well (creating a
bridge 'br-mesh_other'). This replaces the 'mesh_lan' section with its
optional 'br-mesh_lan' bridge, but can also include interfaces that were
not considered "LAN" when interfaces roles are modified (via site.conf
or manually).
2022-02-22 18:52:15 +01:00
Matthias Schiffer
4b8251c988
gluon-core: initialize interfaces role configuration
The new configuration generates sections iface_single/lan/wan in
/etc/config/gluon. These sections usually refer to a sysconfig-controlled
interface list, but adding custom sections with verbatim interfaces names
is also possible.

Each interface section contains a list of roles. The supported roles are
'client', 'uplink' and 'mesh'. Multiple roles can be configured on the
same interface (for example the old 'mesh_on_wan' setting would become
'uplink'+'mesh').

'client' is subsumed by any other role configured on the same interface
('client'+'mesh' is equivalent to 'mesh'). This property is important, as
it allows the Wired Mesh settings in gluon-web-network to simply add and
remove the mesh role without having to care what other roles are set -
so in the default setup, this would switch between 'client' and
'client'+'mesh' for the LAN interface.

By default, the WAN interface has role 'uplink' and the LAN interface
'client'; if only a single interface exists, the roles from the WAN
interface are used by default. The default for each of the three
interfaces (WAN/LAN/single) can be changed separated in site.conf,
superseding the old mesh_on_wan, mesh_on_lan and single_as_lan settings.
2022-02-22 18:52:15 +01:00
Matthias Schiffer
05c29512ec
gluon-core: sysconfig: avoid unnecessary writes
Do not write files when the content is unchanged.

Avoids a few unnecessary filesystem writes when resetting ifname
sysconfigs on each upgrade.
2022-02-22 18:52:15 +01:00
Matthias Schiffer
c2a5f57c40
treewide: regenerate network and system configs on every reconfigure 2022-02-22 18:52:15 +01:00
Matthias Schiffer
eea49a2834
gluon-config-mode-core: discard gluon-reconfigure output (#2395)
The stdout output of gluon-web scripts is directly sent to uhttpd,
becoming a part of the HTML output or even replacing HTTP status or
headers. The output of gluon-reconfigure is not supposed to end up
there.

While we're at it, also add an exec to avoid an unnecessary shell
process.
2022-02-22 18:51:45 +01:00
Igor Scheller
f033fcfc0d treewide: Replace /> self closing html tags with > 2022-02-22 18:48:09 +01:00
Igor Scheller
d728f17b8f treewide: Replace xhtml content type with html, remove xhtml workaround 2022-02-20 12:45:43 +01:00
Igor Scheller
bbc00017a9
gluon-web-osm: Fix " rendering in attribution with CDATA tag (#2398) 2022-02-20 11:51:58 +01:00
Martin Weinelt
65f5a3b0dd
Merge pull request #2394 from freifunk-gluon/update-ol 2022-02-15 15:51:24 +01:00
Matthias Schiffer
62b24ed7ce
gluon-web-osm: update OpenLayers default URL to 5.3.0
The OpenLayers JS/CSS download URL is dead. Update it to make the map
work again:

- Update from OpenLayers 5.2.0 to 5.3.0
- Switch from the obsolete rawgit.com URL to jsdelivr.net (rawgit.com
  was only redirecting to jsdelivr.net for the last few years anyways)
- Set a fixed commit in the URL, so the URL doesn't become outdated again
2022-02-13 22:07:36 +01:00
Martin Weinelt
545d1cbb11
patches: build perl single-threaded (#2392)
Prevents spurious build failures.
2022-02-11 21:40:22 +01:00
Matthias Schiffer
a8c7676215
docs: update Mesh VPN documentation
- Restructure page
- Add information on how to add L2TPv3 offloading support to a build
  using configurable ciphers. The null method is not reocmmended anymore.
- Add notes and pointers regarding the gateway configuration to provide
  gateway admins with hints on how to modify their configuration to
  accommodate this new feature.
- Mention wireguard support

Based-on-patch-by: Felix Kaechele <felix@kaechele.ca>
2022-02-08 21:09:16 +01:00
Matthias Schiffer
7c6befc7c3
gluon-mesh-vpn-fastd: add L2TP offload support 2022-02-08 21:09:15 +01:00
Matthias Schiffer
15eeb86f42
gluon-{,web-}mesh-vpn-fastd: add support for null@l2tp method
THe "null" and "null@l2tp" methods are considered equivalent and always
added and removed together when the method list is "configurable".
"null@l2tp" is added before "null", so it is preferred when the peer
supports both.
2022-02-08 21:01:42 +01:00
Matthias Schiffer
487d312d25
fastd: update and add L2TP variant
This also drops the GMAC-based methods from gluon-mesh-vpn-fastd's
check_site.lua, as they are not supported anymore.
2022-02-08 21:01:42 +01:00
David Bauer
2729293058
Merge pull request #2359 from freifunk-gluon/x86-separate-images
x86: copy separate kernel and rootfs images to "other" directory
2022-02-08 20:43:34 +01:00
Matthias Schiffer
68e8d32570
Merge pull request #2383 from freifunk-gluon/web-fixes
gluon-web: prohibit cross-origin POST requests
2022-02-03 16:49:22 +01:00
Matthias Schiffer
b6e498ba06
Merge pull request #2381 from freifunk-gluon/patch-cleanup
Update OpenWrt base, clean up patches
2022-02-03 16:48:54 +01:00
Matthias Schiffer
db80146093
Merge pull request #2368 from freifunk-gluon/lint-sh-fixes
lint-sh fixes
2022-02-03 16:37:18 +01:00
Matthias Schiffer
1041014cf3
Merge pull request #2382 from freifunk-gluon/cleanup
Removal of more obsolete migrations, minor cleanup and improvements to lsupgrade.sh
2022-02-01 23:31:41 +01:00
Matthias Schiffer
a83466be6e gluon-web: prohibit cross-origin POST
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.
2022-02-01 23:27:38 +01:00
Matthias Schiffer
f3960eeb47 gluon-web: improve error handling of parse_message_body()
Actually raise an error and turn it into an HTTP 400 return code when
something goes wrong, rather than ignoring the error.

We also improve the conditions under which errors are thrown before
pump() is called: We don't need to check for the multipart/form-data
content-type twice, and a POST without this content-type is now always
an error.
2022-02-01 23:27:38 +01:00
Matthias Schiffer
de43b306d4 gluon-web: add CRLF to text/plain Internal Server Error output
Having a trailing newline is nice when viewing the returned data in a
terminal.
2022-02-01 23:27:38 +01:00
Matthias Schiffer
94519cfc56
gluon-web-*: remove unused "token" form value
This was a remnant of LuCI that was never used in gluon-web.
2022-02-01 23:22:08 +01:00
Matthias Schiffer
c75d90d9ab
workflows: lint: switch from apt to apt-get -y, add update
Using apt in scripts is discouraged. Also add an update to hopefully fix
the lua-check installation failure in CI.
2022-02-01 23:22:08 +01:00
Martin Weinelt
ae1187a29e
Merge pull request #2387 from freifunk-gluon/backport-action 2022-02-01 01:26:56 +01:00
Martin Weinelt
139c56073a
workflows: add backports action
By applying a label `backport <branch>` the action will automatically
try to cherry-pick the change to the target branch after the pull
request was successfully merged.
2022-02-01 01:26:30 +01:00
Matthias Schiffer
3ea770db73
ath79-generic: swap interfaces on TP-Link WBS210 v2 (#2385)
Swap the interfaces so than the PoE input port LAN0 is used for WAN and
config mode, and LAN1 becomes LAN.

To this end, the code previously used for ar71xx and removed in
commit 9fdc57c175 ("treewide: drop ar71xx platform specific code") is
reintroduced.

Fixes #2384
2022-01-28 19:45:34 +01:00
Matthias Schiffer
578daf5f87
gluon-core: remove obsolete config file 2022-01-23 14:44:07 +01:00
Matthias Schiffer
12127813c5
gluon-core: move preserve_channels setting to /etc/config/gluon
/etc/config/gluon-core is used for nothing else.

As /etc/config/gluon uses a named wireless section, also change the
get_first() to get().
2022-01-23 14:44:06 +01:00
Matthias Schiffer
b68a07e930
gluon-mesh-vpn-fastd: merge secret generation setup into main upgrade script
There wasn't really a reason to have a separate script to set a single
value.

In addition, the old script was using the identifier 'c' instead of
'uci' for the UCI cursor. Following the convention of the other scripts
is helpful so it is easy to grep for all uses of a certain config file/
option.
2022-01-23 14:44:06 +01:00
Matthias Schiffer
d8f6ed2406
gluon-node-info: remove obsolete migration/fixup 2022-01-23 14:44:06 +01:00
Matthias Schiffer
225e8692bd
gluon-radvd: remove obsolete migration 2022-01-23 14:44:06 +01:00
Matthias Schiffer
c530070e96
gluon-mesh-vpn-tunneldigger: remove obsolete migration 2022-01-23 14:44:06 +01:00
Matthias Schiffer
84f4c164f4
gluon-setup-mode: remove obsolete migration 2022-01-23 14:44:06 +01:00
Matthias Schiffer
c7e38fdc2c
contrib: lsupgrade: optimize output
- Use printf instead of echo for better portability
- Print whole path without reordering components
- Deduplicate code
2022-01-23 14:44:06 +01:00
Matthias Schiffer
c0afb9cc39
contrib: lsupgrade: do not search the OpenWrt "packages" feed
Iterating over all the package directories in the OpenWrt feed takes a
while, even though it doesn't contain any upgrade scripts. Skip the
whole directory.
2022-01-23 14:44:06 +01:00
Matthias Schiffer
1e50966b84
kernel: drop obsolete ebtables patches
We are on Linux 5.4, so these patches for Linux 4.14 don't do anything.
2022-01-23 11:39:02 +01:00
Matthias Schiffer
0db3c58329
modules: update OpenWrt base
97b95ef8b918 uci: update to the latest master

Replace the downstream UCI patch with a proper OpenWrt 21.02 backport.
2022-01-23 11:36:08 +01:00
David Bauer
2924afe562
Merge pull request #2378 from freifunk-gluon/master-updates
modules: updates
2022-01-21 21:10:34 +01:00
Martin Weinelt
5e1d46e2b7 modules: update gluon
5bca036 pretty-hostname: instantly apply hostname
a85fa33 treewide: change Github URLs from git:// to https:// (#252)
2022-01-20 12:44:27 +01:00
Martin Weinelt
afc9d6b235 modules: update routing
c2e138d olsrd: add ubus ipc integration to olsrd
7d07ef9 CI: fix runtime testing for non master branch
61cd00c naywatch: introduce kick-count
440e7af naywatch: fix mode without watchdog
c8b613e olsrd: fix meshing via wireguard tunnels
2022-01-20 12:44:26 +01:00