Co-authored-by: Tom Herbers <github@herbetom.de>

* document network roles and their effects

Now we use the new Image-customization framework in Gluon, we need to
also update the docs so examples and descriptions are acurate again.

Signed-off-by: David Bauer <mail@david-bauer.net>

2 spaces is the most common indentation width used in the docs; adjust
the rest for consistency.

Also change .editorconfig accordingly.

Allows reconfigurtion of remote syslog from within site.conf.

Conflicts with the gluon-web-logging package as user made changes
will be overwritten, because this package will reconfigure the syslog
destination on every upgrade.

Resolves #1845

This package adds support for SAE on 802.11s mesh connections.

Enabling this package will require all 802.11s mesh connections
to be encrypted using the SAE key agreement scheme. The security
of SAE relies upon the authentication through a shared secret.

In the context of public mesh networks a shared secret is an
obvious oxymoron. Still this functionality provides an improvement
over unencrypted mesh connections in that it protects against a
passive attacker who did not observe the key agreement. In addition
Management Frame Protection (802.11w) gets automatically enabled on
mesh interfaces to prevent protocol-level deauthentication attacks.

If `wifi.mesh.sae` is enabled a shared secret will automatically be
derived from the `prefix6` variable. This is as secure as it gets
for a public mesh network.

For *private* mesh networks `wifi.mesh.sae_passphrase` should be
set to your shared secret.

Fixes #1636

This adds a warning that entprise switches with an IGMP/MLD snooping
feature are not supported yet with IGMP/MLD filtering enabled.

For this to work, firstly the Linux bridge on the Gluon node needs to
support Multicast Router Discovery (RFC4286). But this feature was only
added to the Linux kernel recently, in 5.1.

Secondly, a Gluon node would need to periodically send "Multicast Router
Advertisment" (RFC4286) messages, to "announce" the multicast router
port setting on bridge port bat0.

Thirdly, the IGMP/MLD snooping switches would need to implement
RFC4286.

Fixes #1821

This adds documentation for the gluon-mesh-batman-adv package and
elaborates on its build and configuration options, as well as
the implemented multicast architecture.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

gluon-hoodselector docs: replace 'Router have' with 'Router has'

gluon-hoodselector: docs: fix spelling/grammar

docs: gluon-hoodselector.rst, chnage 'VPN-mode' to VPN mode and 'trigon polygon' to triangle

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs/package/gluon-hoodselector: update .dia and .svg to current code behave

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs/package/gluon-hoodselector: replace hood with domain update doc to current code behave

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs hoodselector: fix spelling

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs/package/gluon-hoodselector: fix spelling second round

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs:gluon-hoodselector.rst: fix spelling

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs gluon-hoodselector.rst: fix line length

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs gluon-hoodselector: rename doc imports to be assoziated with the hoodselector

docs gluon-hoodselector: fix image name and rst inmport

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs gluon-hoodselector: information without es (uncountable)

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

docs/package: gluon-hoodselector.rst fix grammer issues

Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>

This package allows to automatically switch to another domain, either
at a given point in time or after the node was offline long enough.

based on package documentation, authored by T_X 
https://github.com/freifunk-gluon/gluon/blob/84a6f65f02d7e36a073ba2839712f0c0bb1dda10/package/gluon-ebtables-limit-arp/Makefile#L18-L39

fixes #1383

At the moment, we don't have a good guideline for package-specific
configuration, but it seems like a good idea not to split configuration
into too many tiny pages, especially for packages that aren't commonly
selected explicitly.

Some uncommon configuration is dropped from the example site.conf to remove
clutter.

We must ensure that each node becomes IGMP/MLD querier for its local
clients; having only a single querier for the whole mesh is generally
unreliable, leading to frequent "IGMP/MLD querier appeared/disappeared"
messages from batman-adv and unreliable snooping.

In smaller meshes it might be interesting only segment querier domains, but
allow membership reports to pass through the mesh, in order to support
snooping switches outside the mesh without special configuration. A
site.conf switch is provided to control this behaviour.

Fixes #1320

[Matthias Schiffer: slightly clean up code]

This package drops all incoming router advertisements except for the
default router with the best metric according to B.A.T.M.A.N. advanced.

Note that advertisements originating from the node itself (for example
via gluon-radvd) are not affected.

This patch adds a new gluon-ebtables package to filter IGMP/MLD messages
via ebtables.

For one thing this reduces multicast overhead: About one third of all
ICMPv6 multicast traffic in Lübeck or Hamburg is MLD.

Furthermore it removes a potential Distributed Denial-of-Service vector
(see Gluon ticket #553).

Finally, it is a prerequisite for enabling bridge multicast snooping in
a decentral and robust fashion.

Note that IGMP/MLD are filtered for multicast traffic coming from
the mesh, too (new MULTICAST_IN), as unfortunately there seem to
be other queriers somewhere in the mesh at least for Freifunk
Lübeck. Also adding these rules to be prepared to anyone intentionally
or unintentionally disabling these filters on his/her node.

Node operators not running Gluon (for instance gateway nodes) should
make sure to either enable multicast_router towards bat0 or disable
multicast snooping entirely if they have a bridge on top of bat0.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

This package provides br-client and sets up a wireless AP interface for
clients.

gluon-radio-config contained only a single file. The code has been adjusted
to allow creating a Gluon configuration without WLAN support by removing
the wifi24 and wifi5 sections from site.conf.