mac_to_ip() calculates an ipv6 address from a mac address according to
RFC 4291. For wireguard we have to use specially crafted addresses that
must be unique. This allows calculating such unique mac-based addresses
by allowing to optionally specifying the bytes to be inserted into the
address.
This is a fix for the broken ingress traffic-shaping in gluon v2018.2.2
and possibly earlier.
For ingress traffic shaping the kernel option NET_ACT_POLICE is needed.
Before this patch there was no dependency to this. Neither in
gluon_core, gluon-mesh-vpn-core nor in the package.
This patch adds this dependency.
[Matthias Schiffer: move dependency from GLUON_CORE to gluon-mesh-vpn-core]
Fixes#1790
The is_outdoor function is placed inside the gluon.platform module, not
the platform_info module. Currently, the outdoor-mode wizard component
and the upgrade script fail due to nil-value calls.
Add the `wifi5.outdoor_chanlist` site configuration that
allows specifying an outdoor channel range that can be
switched to for regulatory compliance.
Upon enabling the outdoor option the device will
- configure the `outdoor_chanlist` on all 5 GHz radios
- which may enable DFS/TPC, based on the regulatory domain
- disable ibss/mesh on the 5 GHz radio, as DFS *will*
break mesh connections
- allow for htmode reconfiguration on 5 GHz radios
The outdoor option can be toggled from
- Advanced Settings
- W-LAN
- Outdoor Installation
The `preserve_channel` flag overrules the outdoor channel
selection.
The device is broken until the next release. The LEDs are currently not
working (fixed in current OpenWRT master).
Also give a brief explanation about the BROKEN status being dependent on
the WiFi chip used and not the SoC family in general.
Gluon has multiple ways to obtain unique MAC-addresses. They are either
provided by the WiFi driver or derived from the primary MAC-address.
Quoting the same file:
> It's necessary that the first 45 bits of the MAC address don't
> vary on a single hardware interface, since some chips are using
> a hardware MAC filter. (e.g 'rt305x')
This currently fails in case the rt35xx based chips mac address differs
from the primary MAC. In this case, the MAC address for the client0 radio
(vif 1) comes from the WiFi driver. As there is only a single
MAC-address provided by '/sys/class/ieee80211/phyX/addresses' but the
MAC-address for mesh 0 (vif 2) is derived from the Node-ID, resulting in
different first 45 bits. The WiFi won't come up altogether in this case.
This commit verifies at least 4 MAC-Addresses are provided by the WiFi
driver. If this is not the case, all MAC-addresses are derived from the
primary MAC. This way, affected radios are working correctly.
This commit distributes dualband radios evenly on 2.4 GHz and 5GHz with
2.4 GHz being prioritised higher than 5 GHz. This means in case a device
has only a single radio and this radio supports operation in both bands,
it will be set to 2.4 GHz.
Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Signed-off-by: David Bauer <mail@david-bauer.net>
The redirect and dnat target are needed for gluon-alt-esc-client to
forward frames to the selected, alternative gateways.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
This adds support for the TP-Link TL-WR902Ac v1 travel router.
The device is marked as broken due to 64MB which might be insufficient
in certain environments.
This reverts commit b3d7011130.
with this change, DNS in batman-adv based networks is broken.
although the revert breaks babel based networks, this is not as big of a problem.
This device is a dual 5GHz device. It is recommended to manually change the
radio of the first device to the lower 5GHz channels and the second radio
to the upper 5GHz channels.
In multidomain setups, VXLAN is enabled by default, but can be disabled in
domain configs using the mesh/vxlan option. In single domain setups, the
mesh/vxlan option is mandatory.
The UCI option for legacy mode is removed.
Fixes#1364
dnsmasq's caching is severly broken and does not handle all answer records
equally. In particular, its cached answers are missing DNSKEY and DS
records, breaking DNSSEC validation on clients.
Remove the cache for now. It may return if dnsmasq is fixed or we switch to
a different resolver.