Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
Gluon 2018.1 (in development)
#############################
Important notes
***************
This version changes the flash partition layout on some devices (TP-Link CPE/WBS 210/510). To avoid
upgrade failures, make sure to upgrade to Gluon 2017.1.8 or the latest Gluon 2016.2.x (unreleased)
before installing Gluon 2018.1.
Some of the following paragraphs describe so-called "feature flags". This new concept is
explained in :ref:`user-site-feature-flags`.
Added hardware support
**********************
ar71xx-generic
==============
* ALFA NETWORK
- AP121F
* AVM
- FRITZ!Box 4020
* OpenMesh
- A40
- A60
- OM2P v4
- OM2P-HS v4
* TP-Link
- Archer C59 v1 [#noibss]_
- CPE210 v2
ar71xx-nand
===========
* ZyXEL
- NBG6716
ar71xx-tiny
===========
* TP-Link
- TL-WA901ND v5
ipq806x [#newtarget]_ [#noibss]_
================================
* TP-Link
- Archer C2600
ramips-mt7620 [#newtarget]_ [#noibss]_
======================================
* GL Innovations
- GL-MT300A
- GL-MT300N
- GL-MT750
ramips-mt7628 [#newtarget]_ [#noibss]_
======================================
* VoCore
- VoCore 2
ramips-rt305x [#newtarget]_ [#noibss]_
======================================
* A5
- V11
* D-Link
- DIR615 (D1, D2, D3, D4, H1)
* VoCore
- VoCore (8MB, 16MB)
sunxi [#newtarget]_
===================
* LeMaker
- Lamobo r1
.. [#newtarget]
New target
.. [#noibss]
Device or target does not support AP+IBSS mode: This device or target will not be built
when *GLUON_WLAN_MESH* is set to ``ibss``.
New features
************
Multidomain support
===================
When mesh networks grow too large, it becomes necessary to split them into
multiple independent mesh domains to allow the meshes to work with reasonable
performance. Formerly, the only way to achieve this with Gluon was to build
a separate set of firmware images for each domain.
With Gluon 2018.1, multidomain firmwares can be used to achieve the same,
using only a single site configuration that is basis for several different
domain-specific configurations. The feature is explained in detail in
:doc:`../features/multidomain`.
Wired mesh encapsulation
========================
Gluon now supports encapsulating wired mesh traffic (Mesh on LAN/WAN) in
`VXLAN <https://en.wikipedia.org/wiki/Virtual_Extensible_LAN>`_.
See :doc:`../features/wired-mesh` for details on this feature.
Router advertisement filtering
==============================
Similar to the builtin batman-adv gateway feature for IPv4, the *gluon-radv-filterd* package
(*radv-filterd* feature flag) allows to filter IPv6 router advertisements received from the mesh
so that only the RAs with the best routing metric (TQ) reach the clients, ensuring that
the "best" (topologically closest) gateway is chosen as the IPv6 default route, thereby
reducing gateway crosstalk.
At the moment, this feature only filters RAs forwarded to clients; the RAs handled on
the nodes themselves will be unfiltered, so the nodes will still use arbitrary default
gateways.
IGMP/MLD segmentation
=====================
The IGMP/MLD segmentation feature previously provided by the *gluon-ebtables-segment-mld*
package has been extended and moved into the Gluon core; it does not exist as a separate package
anymore.
Filtering IGMP/MLD queries directed towards the mesh ensures that each node becomes the multicast querier
for its own clients (unless there are other multicast-aware switches connected to the node), rather
than electing a single, basically arbitrary node in the mesh to become the querier. Overall,
this should significantly improve the reliablity of multicast in the mesh. This is especially
important for IPv6, as the IPv6 Neighbour Discovery Protocol (NDP) is based on local multicast.
See also the documentation of the :ref:`site.conf mesh section <user-site-mesh>`.
gluon-ebtables-limit-arp
========================
The *gluon-ebtables-limit-arp* (*ebtables-limit-arp* feature flag) package adds filters to limit the
rate of ARP requests client devices are allowed to send into the mesh.
Certain client applications are known to generate a significant amount of such ARP requests and
are reportedly becoming more and more common. Without this package, such clients are one
known cause for mesh wide load and congestion problems (see also the :ref:`releases-v2018.1-known-issues`
section below).
Because of this package's implementation, which relies on frequent dynamic updates
- something ebtables does not perform well at - it is not included by default, as it can
cause unnecessary load. Feedback, especially with a close look on load and congestion on
nodes with a large number of changing client devices, is very much welcome. Depending on the
feedback, we might enable this feature by default in a future release.
Public key in respondd data (optional)
======================================
If desired, the fastd public key of a node can be included in the respondd nodeinfo data,
faciliating the correlations of VPN peers and nodes. As the VPN key is transmitted unencrypted
in the fastd handshake, this would theoretically allow an ISP to determine which nodes
are operated behind which internet line. Therefore, this feature must be enabled explicitly
by setting *mesh_vpn.pubkey_privacy* to ``false`` in *site.conf*.
B.A.T.M.A.N. V (experimental)
=============================
When using batman-adv compat 15, it is now possible to switch to the new routing
algorithm B.A.T.M.A.N. V (while the old algorithm is called B.A.T.M.A.N. IV) by
setting *mesh.batman_adv.routing_algo* to ``"BATMAN_V"``. Note that the new routing
algorithm is not backwards-compatible, so nodes using different algorithms can
not interoperate.
.. _releases-v2018.1-site-changes:
Site changes
************
site.mk
=======
* Due to improved package dependency handling, the packages
*gluon-config-mode-core* and *gluon-setup-mode* do not need
to be listed explicitly in *site.mk* anymore; they will be
pulled in implicitly.
* Including the *ebtables-limit-arp* feature flag is recommended. Please note
the abovementioned caveats on this feature.
* We recommend to use *GLUON_FEATURES* for all Gluon packages, and rely on
*GLUON_SITE_PACKAGES* for non-Gluon (OpenWrt) packages only, as explained
in :ref:`user-site-feature-flags`.
site.conf
=========
When updating a site configuration from Gluon 2017.1.x, the following changes
must be made:
* .. code-block:: lua
domain_seed = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
These 32 bytes of random data (encoded in hexadecimal) are used to seed a number
of site/domain specific random values that must be the same on all nodes of the
same mesh, but different for different meshes. The following command
can be used to generate such a random value:
.. code-block:: shell
echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
In multidomain setups, repeat this command for each domain.
At this time, only the VXLAN ID for wired meshing is derived from the domain seed.
* .. code-block:: lua
mesh = {
vxlan = true, -- or false
-- ...
},
In single domain setups, the new *mesh.vxlan* option is mandatory. It should be set to *true* in new
meshes; existing setups should set it to *false* to retain compatibility with older versions of Gluon.
In multidomain setups, *mesh.vxlan* defaults to *true* and does not need to be set explicitly.
It can still be set to *false* for individual domains that should allow wired meshing with existing
setups, which is also useful for migrating an existing mesh to a multidomain-capable firmware.
* Password change form
The password change form in the "Advanced settings" is not shown by default anymore, as SSH keys are
the recommended means of authentication. It is still possible to set a password via SSH while in
config mode.
Set
.. code-block:: lua
config_mode = {
remote_login = {
show_password_form = true,
-- ...
},
-- ...
},
to restore the old behaviour.
When shown, the password form requires a minimum password length of 12 characters now. This requirement
can be modified using the *config_mode.remote_login.min_password_length* setting.
i18n
====
It is now possible to override a few labels and descriptions in the configuration
wizard. The available message IDs are listed in :ref:`site-config-mode-texts`.
These new i18n strings are optional; leaving them empty or unset will retain the
default texts.
Internals
*********
Status page rewrite
===================
The status page has been rewritten to simplify the code and reduce its size. Rather than
having a static frontend and retrieving all information via JavaScript, all static information
in the status page is now generated on the node, and JavaScript is only used for dynamic data.
To achieve this, the status page was ported to the gluon-web framework. The new status page
also makes use of Gluon's usual i18n facilities now. In addition, the gluon-web-model
package was split out of the gluon-web core package, as model support is only required
for config mode packages, but not for the new status page.
i18n namespaces
===============
In earlier version of Gluon, all gluon-web (formerly LuCI) packages shared the same i18n namespace,
so independent packages could override each others translations (with an arbitrary translation of
the same string "winning"). This issue has been solved by giving each package its own translation
namespace, which is defined by the *package* directive in a package's controller. It is still
possible to access a different i18n namespace (e.g. gluon-web base or site translations), which is
described in :doc:`../dev/web/i18n`.
Package Makefile cleanup
========================
The Makefiles of the individual Gluon packages have been cleaned up significantly by moving a
lot of boilerplate code to *package/gluon.mk*. The new features of *package/gluon.mk* are
explained in detail in :doc:`../dev/packages`.
Site checker
============
* New JSON/Lua path specification
The old string-based path specifications in site check scripts (e.g. ``'autoupdater.branch'``)
have been replaced with arrays (``{'autoupdater', 'branch'}``). This will implicitly ensure that
*autoupdater* is a table when it exists (simplifying checks for deep structures), and it makes it easier
to specify paths with variable components (by referencing a variable as an array element).
* Alternatives
The site check library has gained support for *alternatives*. It is now possible to check
if a configuration satisfies one of multiple checks:
.. code-block:: lua
-- foo can be a boolean or a string!
alternatives(function()
need_boolean({'foo'})
end, function()
need_string({'foo'})
end)
As many branches (functions) as necessary can be passed to a single *alternatives* call, which will succeed when
at least one of the branches succeeds.
batman-adv multicast optimizations
==================================
After various extra rounds of testing and fixes, the batman-adv (compat 15) multicast optimizations were
reenabled: knowledge about potential multicast listeners is gathered and distributed through the mesh again.
This is the next step towards the addition of the actual multicast distribution optimizations, which are
being prepared in `#1357 <https://github.com/freifunk-gluon/gluon/pull/1357>`_. When finished, the optimizations
will help reduce the remaining Layer-2-specific network overhead, e.g. multicasted ICMPv6 messages.
No behaviour changes are expected yet, as the multicast sender side is still disabled.
Once the majority of the mesh network has been updated to Gluon 2018.1, it can be activated on
dedicated nodes by including `#1357 <https://github.com/freifunk-gluon/gluon/pull/1357>`_ in the firmware
build. Test feedback is very welcome.
.. _releases-v2018.1-known-issues:
Known issues
************
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
* Frequent reboots due to out-of-memory or high load due to memory pressure on weak hardware specially in larger meshes
(`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
Optimizations in Gluon 2018.1 have significantly improved memory usage.
There are still known bugs leading to unreasonably high load that we hope to
solve in future releases.