Commit Graph

945 Commits

Author SHA1 Message Date
Jan-Philipp Litza
cf329daaf0
Add package gluon-radv-filterd
This package drops all incoming router advertisements except for the
default router with the best metric according to B.A.T.M.A.N. advanced.

Note that advertisements originating from the node itself (for example
via gluon-radvd) are not affected.
2018-01-25 23:02:49 +01:00
Matthias Schiffer
7ae8a51126
gluon-core: allow zero VXLAN UDP checksum on RX
Also disabling TX checksums and not only allowing incoming packets without
checksum will provide another small speedup. As doing so would break wired
meshing with VXLAN-enabled nodes that require non-zero checksums, we will
wait a few days before this step.
2018-01-24 22:41:29 +01:00
Matthias Schiffer
e54b37d835
gluon-core: firewall: move VXLAN rules to the top
Evaluating these rules before all the ICMPv6 rules improves wired mesh
throughput measurably.
2018-01-24 22:41:29 +01:00
Matthias Schiffer
2950cc3f59
gluon-core: only use a bridge for wired meshing when necessary
On most devices, there is only a single LAN interface connected to all LAN
ports, so no bridge is necessary.
2018-01-24 22:16:09 +01:00
Matthias Schiffer
c84820cb08
package/gluon.mk: add to PKG_FILE_DEPENDS
Ensure packages get rebuilt when gluon.mk changes.
2018-01-19 13:22:26 +01:00
Matthias Schiffer
775028475b
check_site: move site loading logic to check_site_lib (which is renamed to check_site.lua) 2018-01-19 12:33:52 +01:00
Matthias Schiffer
7ccdacd294
treewide: rework check_site_lib.lua
In addition to significant internal differences in check_site_lib.lua (in
particular unifying error handling to a single place for the upcoming
multi-domain support), this changes the way fields are addressed in site
check scripts: rather than providing a string like 'next_node.ip6', the
path is passed as an array {'next_node', 'ip6'}.

Other changes in site check scripts:
* need_array and need_table now pass the full path to the sub fields to the
subcheck instead of the key and value
* Any check referring to a field inside a table implies that all higher
levels must be tables if they exist: a check for {'next_node', 'ip6'} adds
an implicit (optional) check for {'next_node'}, which allows to remove many
explicit checks for such tables
2018-01-19 10:12:43 +01:00
Matthias Schiffer
414dfa8155
libgluonutil: simplify CMakeLists.txt
libgluonutil is not usable outside the OpenWrt/LEDE environment anyways, so
it doesn't make much sense to make the CMakeLists.txt overly generic.
2018-01-19 06:23:29 +01:00
Matthias Schiffer
020afc856f
gluon-site: install domain configs
The domain configs are not checked yet, and not used for anything.

Based-on-patch-by: lemoer <git@irrelefant.net>
2018-01-19 05:44:25 +01:00
lemoer
50812b162c
treewide: forbid use of selected site variables in domain specific or site configs
[Matthias schiffer: rebase, add a few more restrictions]
2018-01-19 04:05:27 +01:00
lemoer
b520bf5c50
gluon-core: rename site_seed to domain_seed
[Matthias Schiffer: rebase]
2018-01-19 03:30:06 +01:00
Matthias Schiffer
1dd9845db1
package/gluon.mk: use nicer escaping in GluonCheckSite 2018-01-19 01:38:56 +01:00
lemoer
adcd5b7311
gluon-core: add gluon-reconfigure script
Not useful by itself except for testing; will be used for multi-domain
support.

[Matthias Schiffer: rename script, use for initial configuration]
2018-01-19 01:10:39 +01:00
lemoer
0f5d932c4f
gluon-core: add util gluon-show-site to print merged site config
This should not convert JSON to a Lua table and back, as this loses the
distinction between arrays and objects, but as our site.conf is defined in
Lua anyways (for now), this can be fixed in a later revision.

[Matthias Schiffer: rename to gluon-show-site, rebase]
2018-01-19 01:07:44 +01:00
lemoer
5817170821
gluon-core: introduce "gluon" uci package
[Matthias Schiffer: change section name and commit message]
2018-01-19 00:41:25 +01:00
Matthias Schiffer
0b80f1b5ce
gluon-core: reimplement gluon.site module in C
By basing the Lua gluon.site module on gluonutil_load_site_config(), the
config load implementation needs to changed only in a single place for
multi-domain support.
2018-01-18 16:29:00 +01:00
Matthias Schiffer
6cf88c3b03
Replace luci-lib-jsonc with our own lua-jsonc 2018-01-18 16:28:59 +01:00
Matthias Schiffer
12103d9638
gluon-web: remove useless serialize_json alias 2018-01-18 07:49:00 +01:00
Matthias Schiffer
01336f70ec
gluon-core: firewall: make the default input policy REJECT
Fixes #1311
2018-01-17 09:51:10 +01:00
Matthias Schiffer
a32fddf38c
gluon-core: firewall: accept inbound VXLAN traffic on wired mesh interfaces
Fixes #1308
2018-01-17 09:51:10 +01:00
Matthias Schiffer
454555a030
gluon-alfred: firewall: allow alfred server announces from mesh 2018-01-17 08:06:42 +01:00
Matthias Schiffer
18feb29b29
gluon-autoupdater: don't reference old autoupdater util library
Fixes #1310
2018-01-17 01:06:15 +01:00
David Bauer
99b02701cc ar71xx: add support for TP-Link Archer C58/C59/C60 (#1281) 2018-01-16 18:51:12 +01:00
Matthias Schiffer
18b9174d03
Use 'disabled' attribute instead of 'auto' to disable wired mesh interfaces
The 'auto' attribute still allows enabling the interface using ifup, which
is not intended when wired mesh is disabled.
2018-01-11 23:06:36 +01:00
Linus Lüssing
4911da56e1
gluon-ebtables: Enable concurrent ebtables updates
This enables the ebtables internal locking mechanism which
will avoid race conditions between multiple, concurrent
ebtables calls.

This is a preparation for the upcoming gluon-arp-limiter
daemon, to avoid issues if upon restarting gluon-ebtables
the gluon-arp-limiter daemon tries to modify the tables.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2018-01-03 19:58:53 +01:00
David Bauer
9273e56c63 ar71xx: add support for TP-Link Archer C7 v4 (#1289) 2018-01-03 16:50:23 +01:00
Christof Schulze
bc2fb8cc69 gluon-respondd: firewall should allow access for devices in zone local_client (#1291) 2017-12-31 19:57:57 +01:00
Christof Schulze
910a6c8bb3 gluon-respondd: add current unix time to statistics (#1287) 2017-12-29 23:49:28 +01:00
Matthias Schiffer
245e0f9ecc
Merge pull request #1280 from FreifunkVogtland/libbatadv
libbatadv: Add common batman-adv helper functions library
2017-12-28 14:50:13 +01:00
Christof Schulze
41ab551518
libgluonutil: add function that retrieves the node prefix from site.conf 2017-12-27 23:50:31 +01:00
Sven Eckelmann
6701aa81a5 gluon-status-page-api: Use genl helpers from libbatadv
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2017-12-27 17:40:41 +01:00
Sven Eckelmann
a267cc7ee7 gluon-mesh-batman-adv: Use genl helpers from libbatadv
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2017-12-27 17:40:35 +01:00
Sven Eckelmann
624cffc744 libbatadv: Add library for common batman-adv helpers
Interacting with batman-adv's genl interface requires some code and
definitions which could be shared between different packages. libbatadv is
trying to do this without providing any guarantee for ABI or API stability.
It is only useful in very controlled environments like gluon.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2017-12-27 17:40:30 +01:00
Matthias Schiffer
f799518194
gluon-ebtables-filter-multicast: do not filter out Bridge Loop Avoidance
batman-adv uses gratuitous ARP packets with certain target addresses for
BLA.

Fixes #1198
2017-12-27 17:22:37 +01:00
Karsten
35237c2ca1 gluon-web-network: make 'PoE Power Port[0-9]' translatable (#1173) 2017-12-27 03:11:49 +01:00
Matthias Schiffer
2b1ffb3034
gluon-core, gluon-client-bridge: create local_client zone in core
As core defines basic rules for this zone, it makes sense to create it
there.
2017-12-27 02:43:34 +01:00
Matthias Schiffer
8ea5810bda
gluon-core: firewall: allow inbound ICMPv4 ping on local_node 2017-12-27 02:43:34 +01:00
Matthias Schiffer
39284f00d0
gluon-core: firewall: allow Multicast Listener Discovery on mesh/local_client
Based-on-patch-by: Christof Schulze <christof.schulze@gmx.net>
2017-12-27 02:43:33 +01:00
Matthias Schiffer
a252383918
gluon-core: firewall: remove redundant ICMPv6 output rules
OUTPUT is always accepted, no need to allow ICMPv6 explicitly.
2017-12-27 02:43:33 +01:00
Matthias Schiffer
fe2048e4df
gluon-core: firewall: coding style
Wrap long lines.
2017-12-27 02:43:33 +01:00
Ralf Jung
4bae0a429f docs: dns-cache: explain setting dns.servers a bit more (#1268) 2017-12-27 00:21:08 +01:00
Christof Schulze
c544846bc5
gluon-neighbour-info: allow respondd replies on mesh and wan interface 2017-11-25 23:31:23 +01:00
Christof Schulze
e5b4d25451
gluon-respondd: allow access to respondd from mesh-internal addresses 2017-11-25 23:31:08 +01:00
Christof Schulze
1c1c9f8fc7
gluon-core: firewall rework, make base policy more restrictive
* gluon-core, gluon-client-bridge: introduce new firewall zone: local_client
 * gluon-core: put clients in local_client zone, introduce drop-zone,
   set dns-rules and zones
 * gluon-respondd: allow respondd on mesh
 * gluon-status-page-api: allow http input on mesh and client
2017-11-25 23:19:08 +01:00
Matthias Schiffer
7351fb5d4a
gluon-web-network: fix reading "legacy" mode settings from UCI
Fixes #1269
2017-11-25 22:08:58 +01:00
kb-light
f7f659c254
gluon-web-network: make poe_passthrough more generic 2017-11-15 22:45:22 +01:00
Christof Schulze
94e7827ac8
gluon-status-page: improve localization (#1241) 2017-10-31 19:25:27 +01:00
Ruben Barkow
99c405756f gluon-web-theme: allow more width in style for input fields and selectboxes (#1229) 2017-10-14 13:42:24 +02:00
Matthias Schiffer
9324d18fee
gluon-mesh-batman-adv: filter out all packages between bat0 and local-port
Filtering by MAC address won't filter out multicast packages like router
solicitations, causing uradvd to send out router advertisements with
maximum frequency (every 3 seconds) in active meshes, even when no local
client is actually interested in the advertisements.

Fixes #1230
2017-10-03 17:07:42 +02:00
Christof Schulze
86e89a86d1 gluon-mesh-vpn-fastd: make respondd module compile again (#1228)
by moving the declaration of ret to the top of get_fastd()
2017-09-24 23:49:00 +02:00