Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision
  • 0x4A6F-master
  • 0x4A6F-rpi4
  • autinerd/experimental-openwrt-24.10
  • experimental
  • feature/addMikrotikwAP
  • master
  • nrb/airmax-test
  • nrb/ar9344-reset-sequence
  • nrb/ex400-remove-wps
  • nrb/gluon-master-cpe510
  • nrb/test-radv-filter
  • nrbffs/fastd-remove-delay
  • nrbffs/netgear-ex6120
  • v2018.2.2-ffs
  • v2018.2.3-ffs
  • v2019.1-ffs
  • v2019.1.1-ffs
  • v2019.1.2-ffs
  • v2020.1-ffs
  • v2020.1.1-ffs
  • v2020.1.3-ffs
  • v2020.2-ffs
  • v2020.2.1-ffs
  • v2020.2.2-ffs
  • v2020.2.3-ffs
  • v2021.1-ffs
  • v2021.1.1-ffs
  • v2021.1.2-ffs
  • v2022.1.1-ffs
  • v2022.1.3-ffs
  • v2022.1.4-ffs
  • v2023.1-ffs
  • v2023.2-ffs
  • v2023.2.2-ffs
  • v2023.2.3-ffs
  • v2023.2.4-ffs
  • v2023.2.5-ffs
  • experimental-2022-09-24
  • experimental-2022-09-24-base
  • experimental-2023-03-11
  • experimental-2023-03-11-base
  • experimental-2023-03-12
  • experimental-2023-03-12-base
  • experimental-2023-03-16
  • experimental-2023-03-16-base
  • experimental-2023-03-20
  • experimental-2023-03-20-base
  • experimental-2023-03-23
  • experimental-2023-03-23-base
  • experimental-2023-03-25
  • experimental-2023-03-25-base
  • experimental-2023-03-26
  • experimental-2023-03-26-base
  • experimental-2023-03-30
  • experimental-2023-03-30-base
  • experimental-2023-03-31
  • experimental-2023-03-31-base
  • experimental-2023-04-01
  • experimental-2023-04-01-base
  • experimental-2023-04-08
  • experimental-2023-04-08-base
  • experimental-2023-04-10
  • experimental-2023-04-10-base
  • experimental-2023-04-13
  • experimental-2023-04-13-base
  • experimental-2023-04-15
  • experimental-2023-04-15-base
  • experimental-2023-04-16
  • experimental-2023-04-16-base
  • experimental-2023-04-18
  • experimental-2023-04-18-base
  • experimental-2023-04-20
  • experimental-2023-04-20-base
  • experimental-2023-04-26
  • experimental-2023-04-26-base
  • experimental-2023-04-28
  • experimental-2023-04-28-base
  • experimental-2023-04-30
  • experimental-2023-04-30-base
  • experimental-2023-05-02
  • experimental-2023-05-02-base
  • experimental-2023-05-03
  • experimental-2023-05-03-base
  • experimental-2023-05-12
  • experimental-2023-05-12-base
  • experimental-2023-05-21
  • experimental-2023-05-21-base
  • experimental-2023-05-25
  • experimental-2023-05-25-base
  • experimental-2023-07-02
  • experimental-2023-07-02-base
  • experimental-2023-07-04
  • experimental-2023-07-04-base
  • experimental-2023-07-12
  • experimental-2023-07-12-base
  • experimental-2023-07-16
  • experimental-2023-07-16-base
  • experimental-2023-08-04
  • experimental-2023-08-04-base
  • experimental-2023-08-10
  • experimental-2023-08-10-base
  • experimental-2023-09-08
  • experimental-2023-09-08-base
  • experimental-2023-09-09
  • experimental-2023-09-09-base
  • experimental-2023-09-10
  • experimental-2023-09-10-base
  • experimental-2023-09-11
  • experimental-2023-09-11-base
  • experimental-2023-09-12
  • experimental-2023-09-12-base
  • experimental-2023-09-13
  • experimental-2023-09-13-base
  • experimental-2023-09-15
  • experimental-2023-09-15-base
  • experimental-2023-09-16
  • experimental-2023-09-16-base
  • experimental-2023-09-18
  • experimental-2023-09-18-base
  • experimental-2023-09-20
  • experimental-2023-09-20-base
  • experimental-2023-09-27
  • experimental-2023-09-27-base
  • experimental-2023-09-28
  • experimental-2023-09-28-base
  • experimental-2023-09-29
  • experimental-2023-09-29-base
  • experimental-2023-10-02
  • experimental-2023-10-02-base
  • experimental-2023-10-13
  • experimental-2023-10-13-base
  • experimental-2023-10-14
  • experimental-2023-10-14-base
  • experimental-2023-10-16
  • experimental-2023-10-16-base
  • experimental-2023-10-23
  • experimental-2023-10-23-base
137 results

Target

Select target project
  • firmware/gluon
  • 0x4A6F/gluon
  • patrick/gluon
3 results
Select Git revision
  • 0x4A6F-master
  • 0x4A6F-rpi4
  • 2014.3.x
  • 2014.4.x
  • babel
  • hoodselector
  • master
  • radv-filterd
  • v2015.1.x
  • v2016.1.x
  • v2016.2.4-batmanbug
  • v2016.2.x
  • v2018.2.2-ffs
  • v2018.2.x
  • v2014.1
  • v2014.2
  • v2014.3
  • v2014.3.1
  • v2014.4
  • v2015.1
  • v2015.1.1
  • v2015.1.2
  • v2016.1
  • v2016.1.1
  • v2016.1.2
  • v2016.1.3
  • v2016.1.4
  • v2016.1.5
  • v2016.1.6
  • v2016.2
  • v2016.2.1
  • v2016.2.2
  • v2016.2.3
  • v2016.2.4
  • v2016.2.5
  • v2016.2.6
  • v2016.2.7
  • v2017.1
  • v2017.1.1
  • v2017.1.2
  • v2017.1.3
  • v2017.1.4
  • v2017.1.5
  • v2017.1.6
  • v2017.1.7
  • v2017.1.8
  • v2018.1
  • v2018.1.1
  • v2018.1.2
  • v2018.1.3
  • v2018.1.4
  • v2018.2
  • v2018.2-ffs0.1
  • v2018.2.1
  • v2018.2.1-ffs0.1
  • v2018.2.2-ffs0.1
56 results
Show changes
Showing
with 255 additions and 28 deletions
site = require('gluon.site')
local site = require 'gluon.site'
rule('LOCAL_FORWARD -p IPv6 --ip6-src fe80::/64 -j RETURN')
rule('LOCAL_FORWARD -p IPv6 --ip6-src ::/128 --ip6-proto ipv6-icmp -j RETURN')
......
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-ebtables
PKG_VERSION:=1
PKG_RELEASE:=1
PKG_CONFIG_DEPENDS := CONFIG_GLUON_SPECIALIZE_KERNEL
include ../gluon.mk
define Package/gluon-ebtables
TITLE:=Ebtables support
DEPENDS:=+gluon-core +ebtables-tiny \
+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_T_FILTER \
+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_T_NAT \
+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_ARP \
+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_IP \
+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_IP6 \
+!GLUON_SPECIALIZE_KERNEL:kmod-ebtables \
+!GLUON_SPECIALIZE_KERNEL:kmod-ebtables-ipv4 \
+!GLUON_SPECIALIZE_KERNEL:kmod-ebtables-ipv6
+kmod-ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6
endef
define Package/gluon-ebtables/description
......
......@@ -15,11 +15,9 @@
# Removing a specific rule file:
# $ /etc/init.d/gluon-ebtables stop /lib/gluon/ebtables/100-mcast-chain
START=19
STOP=91
exec_file() {
local file="$1"
......@@ -37,12 +35,10 @@ exec_file() {
}
exec_all() {
local sort_arg="$1"
local old_ifs="$IFS"
IFS='
'
for file in `find /lib/gluon/ebtables -type f | sort $sort_arg`; do
for file in $(find /lib/gluon/ebtables -type f | sort "$@"); do
exec_file "$file"
done
IFS="$old_ifs"
......@@ -51,7 +47,9 @@ exec_all() {
start() {
(
# shellcheck disable=SC2030,SC2031,SC2089
export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -A " .. command'
# shellcheck disable=SC2030,SC2031,SC2089
export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -N " .. name .. " -P " .. policy'
# Contains /var/lib/ebtables/lock for '--concurrent'
......@@ -59,7 +57,7 @@ start() {
mkdir -p /var/lib/ebtables
if [ -z "$1" ]; then
exec_all ''
exec_all
else
exec_file "$1"
fi
......@@ -68,11 +66,13 @@ start() {
stop() {
(
# shellcheck disable=SC2030,SC2031,SC2090
export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -D " .. command'
# shellcheck disable=SC2030,SC2031,SC2090
export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -X " .. name'
if [ -z "$1" ]; then
exec_all '-r'
exec_all -r
else
exec_file "$1"
fi
......
#!/bin/sh
/etc/init.d/gluon-ebtables stop
#!/bin/sh
/etc/init.d/gluon-ebtables start
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-harden-dropbear
include ../gluon.mk
define Package/gluon-harden-dropbear
TITLE:=Reduces dropbears exposition
DEPENDS:=+gluon-core +gluon-lock-password
endef
define Package/gluon-harden-dropbear/description
This packages disables password access if root is locked and disables dropbear if no access is configured.
endef
$(eval $(call BuildPackageGluon,gluon-harden-dropbear))
#!/usr/bin/lua
local uci = require('simple-uci').cursor()
local util = require('gluon.util')
local function is_root_pw_unlocked()
for line in io.lines("/etc/shadow") do
if line:match("^root:!") then
return false
end
end
return true
end
local function has_authorized_keys()
local file = io.open("/etc/dropbear/authorized_keys", "r")
if not file then
return false
end
for line in file:lines() do
-- if the line is neither comments nor solely whitespaces
if not (line:match("^%s*#") or line:match("^%s*$")) then
file:close()
return true
end
end
file:close()
return false
end
local root_pw_is_unlocked = is_root_pw_unlocked()
local password_auth = 'off'
if root_pw_is_unlocked then
password_auth = 'on'
end
-- disable dropbear alltogether, if no access is configured
local enable_dropbear = has_authorized_keys() or root_pw_is_unlocked
uci:foreach('dropbear', 'dropbear', function(s)
uci:tset('dropbear', s['.name'], {
enable = enable_dropbear,
PasswordAuth = password_auth,
RootPasswordAuth = password_auth}
)
end)
uci:save('dropbear')
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-hoodselector
include ../gluon.mk
define Package/gluon-hoodselector
TITLE:=Automatically migrate nodes between domains.
DEPENDS:=+luaposix +libgluonutil +lua-math-polygon +libjson-c +gluon-site +micrond +lua-bit32 @GLUON_MULTIDOMAIN
CONFLICTS:=+gluon-config-mode-domain-select
endef
define Package/gluon-hoodselector/description
Hoodselector automatically detects in which domain the node is
located based on its geolocation settings. Domains require
bounding boxes defined as polygons or rectangles. Hoodselector
selects a domain from the list of known domains and migrate
towards it without requiring a reboot.
endef
$(eval $(call BuildPackageGluon,gluon-hoodselector))
local function check_lat_lon_range(pos, range, label)
need({'hoodselector', 'shapes'}, function()
if (type(pos) ~= "number") then
return false
end
if pos > range or pos < -range then
return false
end
return true
end, true, label.." must match a range +/-"..range)
end
if this_domain() ~= need_string(in_site({'default_domain'})) then
for _, shape in pairs(need_table(in_domain({'hoodselector', 'shapes'}))) do
need({'hoodselector', 'shapes'}, function()
if #shape < 2 then
return false
end
for _, v in ipairs(shape) do
check_lat_lon_range(v.lat, 90.0, "lat")
check_lat_lon_range(v.lon, 180.0, "lon")
end
return true
end, true, "needs to have at least 2 coordinates for rectangular shapes.")
end
end
*/2 * * * * /usr/sbin/hoodselector
local util = require ('gluon.util')
local math_polygon = require('math-polygon')
local json = require ('jsonc')
local uci = require('simple-uci').cursor()
local site = require ('gluon.site')
local M = {}
function M.get_domains()
local list = {}
for _, domain_path in ipairs(util.glob('/lib/gluon/domains/*.json')) do
table.insert(list, {
domain_code = domain_path:match('([^/]+)%.json$'),
domain = assert(json.load(domain_path)),
})
end
return list
end
-- Return the default domain from the domain list.
-- This method can return the following data:
-- * default domain
function M.get_default_domain(jdomains)
for _, domain in pairs(jdomains) do
if domain.domain_code == site.default_domain() then
return domain
end
end
end
-- Get Geoposition.
-- This method can return the following data:
-- * table {lat, lon}
function M.get_geolocation()
return {
lat = tonumber(uci:get('gluon-node-info', uci:get_first('gluon-node-info', 'location'), 'latitude')),
lon = tonumber(uci:get('gluon-node-info', uci:get_first('gluon-node-info', 'location'), 'longitude'))
}
end
-- Return domain from the domain list based on geo position or nil if no geo based domain could be
-- determined.
function M.get_domain_by_geo(jdomains, geo)
for _, domain in pairs(jdomains) do
if domain.domain_code ~= site.default_domain() then
-- Keep record of how many nested shapes we are in, e.g. a polyon with holes.
local nesting = 1
for _, area in pairs(domain.domain.hoodselector.shapes) do
-- Convert rectangle, defined by to points, into polygon
if #area == 2 then
area = math_polygon.two_point_rec_to_poly(area)
end
if (math_polygon.point_in_polygon(area, geo) == 1) then
nesting = nesting * (-1)
end
end
if nesting == -1 then return domain end
end
end
return nil
end
function M.set_domain_config(domain)
if uci:get('gluon', 'core', 'domain') ~= domain.domain_code then
os.execute(string.format("exec gluon-switch-domain --no-reboot '%s'", domain.domain_code))
util.log('Set domain "' .. domain.domain.domain_names[domain.domain_code] .. '"', true)
return true
end
return false
end
return M
#!/usr/bin/lua
local bit = require('bit32')
local util = require ('gluon.util')
local unistd = require('posix.unistd')
local fcntl = require('posix.fcntl')
local hoodutil = require('hoodselector.util')
-- PID file to ensure the hoodselector isn't running parallel
local lockfile = '/var/lock/hoodselector.lock'
local lockfd, err = fcntl.open(lockfile, bit.bor(fcntl.O_WRONLY, fcntl.O_CREAT), 384) -- mode 0600
if not lockfd then
util.log(err, true)
os.exit(1)
end
local ok, _ = fcntl.fcntl(lockfd, fcntl.F_SETLK, {
l_start = 0,
l_len = 0,
l_type = fcntl.F_WRLCK,
l_whence = unistd.SEEK_SET,
})
if not ok then
io.stderr:write(string.format(
"Unable to lock file %s. Make sure there is no other instance of the hoodselector running.\n",
lockfile
))
os.exit(1)
end
-- geolocation mode
-- If we have a location we will try to select the domain corresponding to this location.
-- If no domain for the location has been defined or if we can't determine the node's location,
-- we will select the default domain as last fallback instance.
local geo = hoodutil.get_geolocation()
if geo.lat ~= nil and geo.lon ~= nil then
io.stdout:write('Position found. Enter "geolocation mode" ...\n')
local jdomains = hoodutil.get_domains()
local geo_base_domain = hoodutil.get_domain_by_geo(jdomains, geo)
if geo_base_domain ~= nil then
if hoodutil.set_domain_config(geo_base_domain) then
util.log('Domain set by geolocation mode.', true)
end
return
end
io.stdout:write('No domain has been defined for the current position. Continue with default domain mode\n')
else
io.stdout:write('No position found. Continue with default domain mode\n')
end
-- default domain mode
hoodutil.set_domain_config(hoodutil.get_default_domain(hoodutil.get_domains()))
......@@ -2,14 +2,11 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-iptables-clamp-mss-to-pmtu
GLUON_VERSION = $(shell git describe --always --dirty=+ 2>/dev/null || echo unknown)
PKG_VERSION:=$(if $(DUMP),x,$(GLUON_VERSION))
include ../gluon.mk
define Package/$(PKG_NAME)
TITLE:=This will establish a firewall rule to clamp the mss to pmtu on the mesh-vpn interface when the connection is towards 64:ff9b::/96
DEPENDS:= +ip6tables
DEPENDS:= +ip6tables-zz-legacy
endef
define Package/$(PKG_NAME)/description
......
*mangle
-A FORWARD -o mesh-vpn -p tcp -m tcp --tcp-flags SYN,RST SYN -d 64:ff9b::/96 -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o mesh-vpn+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-l3roamd
PKG_VERSION:=1
include ../gluon.mk
define Package/gluon-l3roamd
TITLE:=Configure l3roamd for babel
DEPENDS:=+gluon-core +l3roamd
TITLE:=Configure l3roamd for l3-mesh
DEPENDS:=+gluon-core +gluon-mesh-layer3-common +l3roamd +uc
endef
$(eval $(call BuildPackageGluon,gluon-l3roamd))