6b6578feec wireguard: version bump to 0.0.20171101
9740523763 ar71xx: fix LED config for DIR-869 A1
bdf19eec35 ipq806x: nbg6817: sync MAC addresses to the upstream values
2aff2add31 ipq806x: nbg6817: add kmod-fs-ext4 to device packages
63f6408ccc uclient: update to the latest version, fixes fetch of multiple files
Fixes a build issue in kmod-jool.
82ef2fd7 jool: fix PKG_BUILD_DIR to avoid kernel ABI mismatch
fee9a0aa monit: update to 5.24, use https download url
5a6fcfbc monit: update to 5.23
4479fada monit: update to 5.20, use PKG_HASH
9ce3deb8 sqlite3: update to 3.19.3
6bca8579 libs/sqlite3: Update to 3190200
0a279576 sqlite: update to 3.17.0
58a1a733 libwebsockets: add PROVIDES to both variants
e967fd8c icu: fix CVE-2017-14952 Double-Free Vulnerability [lede-17.01]
3c29b149 Revert "Provides a way to acquire the list of installed packages without the"
27bdc743 Revert "add ubus call to perform a sysupgrade and acl file for the attended"
cdcf6ad2 Revert "due to renaming .rpcd was forgotten in the Makefile"
04cbc70c due to renaming .rpcd was forgotten in the Makefile
f6c287f1 add ubus call to perform a sysupgrade and acl file for the attended sysupgrade use case as well uci defaults. Package is a part of the GSoC 17 project implementing easy sysupgrade functionality.
983819f3 Provides a way to acquire the list of installed packages without the need to have opkg available. It is being used for the GSoC 17 project implementing easy sysupgrade functionality.
cd5c4487 wireguard: drop package
9040b270 noddos: new backport of noddos from master branch
72e88678 wireguard: bump to release 0.0.20171005 for 17.01
de79f4c7 bluez: fix CVE-2017-1000250
b56e6504 tor: update to version 0.2.9.12
c69b0774 tor: update to version 0.2.9.11
ea9ca5ed ruby: bump to 2.4.2
fa3a118d collectd: uptime plugin: apply fix from upstream
4739584c mwan3: fix interface-bound traffic when interface is offline
d61bf45c haproxy: update to 1.7.8 and pending patches - fixes reload issue with hanging process
a6a44f91 pcre: Added fix for CVE-2017-11164 by adding stack recursion limit
1434dbdf pcre: upgrade to version 8.41 - fixes security issues
ad256bbf strongswan: fix typo
a7007291 strongswan: add curve25519 plugin
1143cb9b strongswan: bump to 5.5.3
384e89b3 strongswan: bump to 5.5.2
fe233e35 net/mwan3: update Makefile
42f46570 unbound: update to 1.6.5
a3c78648 net/mwan3: remove lock file on mwan3 stop
282e9001 net/mwan3: fix ping issue if last interface recovers from failure
94a52336 net/mwan3: fix ipset generation in hotplug script with an lock
822bc96b net/mwan3: add lock for mwan3 hotplug script
70d96f5d net/mwan3: add connected network regardless of mwan3 interface enable state
8a111b5b net/mwan3: mwan3track interrupt sleep on signal (trap) event
eefc65b0 net/mwan3: fix hotplug on ACTION ifdown
7fb33ad6 mosquitto: properly use localhost instead of ipv4
75f50611 mosquitto: support more config options in UCI
956ef7a8 acme: Make sure postrm script doesn't fail
788f17e9 acme: Fix for curl linked against mbed TLS. (#4254)
5383fd42 nlbwmon: update to latest version
29fb31fe nlbwmon: add package
ce5ff274 mosquitto: update to 1.4.14
bdac4914 mosquitto: update to 1.4.13
e4e22eb9 zabbix: update to 3.2.6
4ea3c274 zabbix: partially fix zabbix-extra-mac80211
26897f09 zabbix: update to 3.2.4, use PKG_HASH
f2539c58 lighttpd: backport more mod_cgi fixes queued for 1.4.46
46014e36 coreutils: stdbuf: fix missing libstdbuf.so
e8af9ce4 gnutls: updated to 3.5.13
4c26df19 libtasn1: updated to 4.12
b91c48ba openconnect: new option mtu
7af43217 openconnect: drop stale config: interface
9c9571fd openconnect: Bump openconnect to 7.08
72928442 minidlna: backport fixes from 1.1.6 and 1.2.0 releases
ca5d4b08 openldap: update to 2.4.45
dc558eaa mosquitto: fix empty client-nossl package
33d8f9e5 libdmapsharing: update to 2.9.38
53d18a45 tor: update to version 0.2.9.10
373fa54d35 kernel: bump 4.4 to 4.4.93 for 17.01
586a721d3f mountd: bump to git HEAD version (fixes SIGSEV crashes)
cdb2684dce LEDE v17.01.4: revert to branch defaults
444add156f LEDE v17.01.4: adjust config defaults
79f57e422d wireguard: version bump to 0.0.20171017
d501786ff2 hostapd: add wpa_disable_eapol_key_retries option
b6c3931ad6 hostapd: backport extra changes related to KRACK
a5e1f7f5ef mac80211: backport kernel fix for CVE-2017-13080
46e29bd078 x86: partly revert cabf775
707305a19d mac80211: Update wireless-regdb to master-2017-03-07
907d8703f4 wireguard: add wireguard to base packages
bff16304b0 brcmfmac: backport length check in brcmf_cfg80211_escan_handler()
fa0b5fce1f kernel: bump 4.4 to 4.4.92
e6fd17d04c ramips: fix compile warning in MT7621 NAND driver
2e9f3c6225 ramips: fix typo in MT7621 NAND driver
63c17142c8 hostapd: merge fixes for WPA packet number reuse with replayed messages and key reinstallation
cdd093b539 x86/64: add xen DomU support
cabf775e64 x86: Refresh subtargets kernel config
da0219ed9f x86: Fix xen serial console by removing conflicting PATA driver
f52b404aee x86/generic: use HIGHMEM64G instead of HIGHMEM4G to fix PAE and Xen
8ad1b09c6d kernel: add fix for bgmac with B50212E B1 PHY
c1023c8075 mt76: sync with version 878456caf60d from master
baa8eaaba6 bcm53xx: backport DTS changes up to the first 4.15 queued commits
94aa2b8af0 ar71xx: add rssileds to WA850RE v1 image
f67c22e0c2 toolchain/gdb: update to version 8.0.1
067221360e cmake: fix build error with Xcode 9 on macOS 12
a999f91ca3 gcc: fix build error with macOS + Xcode 9
2ce9c84a92 build: add a darwin sitefile to deal with macOS 10.12 + Xcode 9 build errors
f9a849ca84 ramips: mt7620: do not pad sysupgrade Archer images
Filtering by MAC address won't filter out multicast packages like router
solicitations, causing uradvd to send out router advertisements with
maximum frequency (every 3 seconds) in active meshes, even when no local
client is actually interested in the advertisements.
Fixes#1230
The generic upgrade script is moved to run after the more specific scripts.
In addition, the script will now remove the configuration sections of
uninstalled VPN packages, so both positive and negative changes of the
default enable state can be migrated correctly.
Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de>
Fixes: #1187
When a Gluon node is used to connect to an uplink router/DHCP server (for
example in deployments without VPN tunnels), the gw_mode must be set to
server; this should be preserved on upgrades.
Fixes#1196
The added debug information is stripped of during packaging, so it does not
increase the package size. It does however slightly change offsets in the
code, preventing the weird ash segfaults we've been seeing. Also, if the
issue returns, we'll have debug information matching the coredumps.
A bug in batman-adv can lead to a large amount of management traffic being
exchanged between nodes when the multicast optimizations are enabled,
effectively making the mesh unusable. It's safer to disable the feature
for now, until we have a real fix.
sha512sum doesn't add much code that is not also used by sha256sum, but the
change of the configuration hides the segfault issue described in:
https://bugs.lede-project.org/index.php?do=details&task_id=822
While the issue only seemed to affect dhcpv6.script, it would clutter /tmp
with coredumps, eventually leading to OOM.
The used nodejs 4.4.5 needs at least GCC 4.8 to be build
https://github.com/nodejs/node/blob/v4.x/BUILDING.md
Signed-off-by: Matthias Fritzsche <matthias@chemnitz.freifunk.net>
[Matthias Schiffer: moved information to the first section]
The staged sysupgrade allows to properly unmount the rootfs before writing
the new partitions. This will fix upgrades losing configuration when
parition sizes change on x86 and similar image types.
gluon-core: dns-cache documentation polish
Now its clear that upstreams severs normally means "community gateways".
* added cacheentries to description
* made upstream server description more general
* description of the A and AAAA-records for next_node added
* mention of Cache not being allocated when not set in site.conf
* dns-cache doku polish
Fixes#1084
Hardware is very similar to Archer C5v1 and C7v2.
Tested factory install and autoupdater.
IBSS Mesh on 2.4 and 5 GHz is working fine.
The only Ethernet Port is used for config mode and afterwards handled
as WAN Port.
We now create bat0 and primary0 independently of the lower mesh interfaces,
making the whole setup a lot more robust. In particular:
- we can't accidentially destroy primary0 because of concurrent setup and
teardown runs of different interfaces
- bat0 will always exist, even when no mesh interfaces are up (e.g. no link
on wired mesh)
- interfaces going down and up again will never tear down the whole of
batman-adv
- we can enable and disable bat0 independently of the lower interface
states
The current autoupdater will only respect the last line for a given model
name, so we can add SHA256 checksums as long as they occur before the
corresponding SHA512 line.
The size of the factory images is limited to 4MB, which caused build
failures when many additional packages were included.
Rather than moving the device to ar71xx-tiny, we ignore the factory images
and just build the sysupgrade. This way, the whole flash is usable for
Gluon.
This means that installing Gluon on these devices will now require to flash
a plain LEDE image first, and then upgrading using the Gluon sysupgrade
image.
Fixes#1020
We always want to prefer the unique node address for outgoing traffic. Note
that this doesn't have an effect with batman-adv, as usually br-client will
be the outgoing interface, so the unique address would be chosen anyways.
Also remove our own no_rebroadcast patch, as batman-adv v2016.5 now has a
more sophisticated rebroadcast suppression that should work automatically
in the most relevant cases.
macvlan interfaces never directly exchange traffic with the underlying
interface, but only with other hosts behind the interface. In consequence,
router advertisements from the uradvd running on br-client could never
reach local-node, preventing it from getting an IPv6 address without RAs
from an external radvd. Fix this be replacing the macvlan interface with
a veth pair (with the peer interface in br-client).
As a side effect, this saves about 5KB of flash, as the veth module is
simpler than macvlan.
When preparing the migration from macvlan to veth for local-node, MAC
address conflicts occurred as some ports of br-client had the same address
as local-node. Reverting the roles of both interfaces fixes this.
By default, br-client is left as an interface without addresses and
firewall rules that drop everything, so the bridge is used to connect its
ports only. gluon-mesh-batman-adv-core changes this to the usual set
of addresses and firewall rules.
The ar71xx-tiny target sets CONFIG_CLEAN_IPKG, which would delete opkg
control files required for user creation. Fix image generation and the user
creation script.
Fixes#1012
ath10k has to switch the regulatory domain when switching the default
country when ATH_USER_REGD is enabled. This is for example important when
switching from country US (FCC) to DE (ETSI). The ath implementation will
use ath_reg_dyn_country_user_allow to check if this is allowed.
Unfortunately, this function always seems to return false to
ath_reg_notifier_apply even when ATH_USER_REGD is enabled. But it must
actually always accept the requests from the user (when ATH_USER_REGD is
enabled) to correctly set the conformance test limits in the ath10k binary
blob.
Not doing it will sometimes allow too high transmit powers on edge channels
for correctly calibrated devices outside their default regulatory domain.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
The default abbreviation length depends on factors like user configuration,
git version and number of repository objects. Use unabbreviates IDs to make
patch generation more reproducible.
The batadv debugfs requires large memory blocks to write the text debug
tables. This is inefficient for large tables like the global translation
table or the originators table.
The memory requirement can be reduced by using netlink. It copies smaller
packets in a binary format to the userspace program. The respondd module of
gluon-mesh-batman-adv-core can therefore parse larger originator tables
without causing an OOM on systems which are tight on memory.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The batadv debugfs requires large memory blocks to write the text debug
tables. This is inefficient for large tables like the global translation
table or the originators table.
The memory requirement can be reduced by using netlink. It copies smaller
packets in a binary format to the userspace program. gluon-status-page-api
can therefore parse larger originator tables without causing an OOM on
systems which are tight on memory.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
MAC and IP addresses are switched. This makes the gluon-client-bridge
package more useful for different routing protocols that don't need a
unique address on the client bridge.
As a side effect, gluon-radvd is now using the next-node address, which had
been considered before, but was dismissed to avoid having gluon-radvd
depend on gluon-next-node and gluon-mesh-batman-adv. This will be useful
for announcing default routes via gluon-radvd.
One downside is that this introduces a minor dependency on batman-adv in
gluon-respondd: the hotplug script that checked for the client interface
before will now check for local-node. This doesn't really matter: for mesh
protocols without a local-node interface, the check will do nothing (which
makes sense, as there is no interface to bind to for mesh-wide respondd).
Because we unconditionally appended `-i br-client` to the command line of
respondd, it wasn't restarted when br-client changed state. Now, we use a
jsonfilter expression on the network.interface dump data, similar to how the
other interface names are generated, and only add the interface to the argument
list if it is up.
The assignment of the gpio_count and reg_base in ath79_gpio_output_select
takes care that only supported platforms can use ath79_gpio_output_select.
But the rebase of the patches after the last OpenWrt base update
accidentally added an extra check for the SoC which was missing support
soc_is_qca955x().
Boots on QCA955X devices which were using ath79_gpio_output_select stopped
with
Kernel bug detected[#1]:
[...]
Call Trace:
[<803e6174>] ath79_gpio_output_select+0x30/0xe8
[<803ed590>] om5p_acv2_setup+0x24/0x200
[<803e4dc0>] ath79_setup+0x28/0x38
[<80069ac8>] do_one_initcall+0x148/0x1ec
[<803e2cc4>] kernel_init_freeable+0x150/0x208
[<80065218>] kernel_init+0x10/0x114
[<80060878>] ret_from_kernel_thread+0x14/0x1c
Fixes: a22c1d5670c1 ("Update OpenWrt base")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Some (possibly broken) bootloaders incorrectly initialize the at8033 phy.
This breaks auto-negotation on these SGMII devices. The mode has therefore
to be set back in to a valid configuration by Linux.
Fixes#911
propose to make uci commit more specific to minimize unwanted changes in other temporary written config files like wireless ssid (in some offline changers)
Using HTTPS breaks the download on Debian Wheezy. The switch was an
unintended side effect of the backport from LEDE.
Also, fix the commit message of the backport patch (mwlwifi is not updated
anymore since the last OpenWrt base upgrade).
Fixes#919
If cookies are disabled, the Statuspage only displays an empty ("Not connected")
This checks if the localStorage API is available and working and only uses it in this case
Also allows better backwards compatibility.
The GLUON_ATH10K_MESH must be set to 11s or ibss; when it is not set,
ath10k device images won't be built at all. This also allows us to remove
the BROKEN flag for ath10k devices, as the GLUON_ATH10K_MESH variable is
sufficient to avoid ath10k devices if desired.
Fixes#864
The MR1750 and OM5P-AC devices are based on ath9k SoCs and an external
ath10k chip. All devices which are using ath10k should be marked as broken
due to deficits in their IBSS support.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Users may have defined additional mesh interfaces. Properly migrate these
to avoid subtly breaking the network config (and make them ready for new
mesh protocols).
Switch to:
1. WAN
2. LAN
3. Mesh VPN
As WAN and LAN are setup in gluon-mesh-batman-adv-core (and will be moved
to gluon-core), while the mesh VPN has its own package, giving WAN and LAN
the first indices is preferable.
Generate flashable images for the Archer C7 v2 with current stock firmware
again.
To set the region code, the GLUON_REGION variable must be set to "us" or
"eu" in site.mk or as a make argument.
Fixes#860
need_one_of(varname, array, required) checks weather the value of the specified variable is part of given array.
need_array_of(varname, array, required) is similar to need_one_of() but assume that varname points to an array.
Just like we enabled multicast snooping on the batman-adv client bridge
again, let's do the same for the WAN side.
With one exception: The IGMP/MLD querier is kept disabled to avoid
becoming too "bossy"/"noisy" on a foreign network. The main router on
the WAN side should perform querying and by that enable
IGMP/MLD/snooping if it considers this appropriate there.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
A few issues with the bridge snooping were identified and fixed
upstream in OpenWRT:
* "firewall: Allow IGMP and MLD input on WAN" (r45613)
* "kernel: bridge: backport two snooping related patches" (r45783)
* netifd: "bridge: Fix multicast_to_unicast feature by hairpin+isolate"
(OW: "netifd: update to the latest version, adds multicast-to-unicast fixes" (r46719))
* "kernel: bridge, multicast-to-unicast: assign src after pskb_may_pull()" (r46721)
* "kernel: bridge, multicast-to-unicast: fix echoes on STA" (46765)
These have very likely caused issues with the bridge snooping before,
which led to disabling it in the past. Let's reenable the multicast
snooping now that they were fixed for reduced multicast overhead on the
wifi.
Advantages are the following:
This mildly reduces overhead on the mesh layer. And significantly reduces
overhead on the AP interface and therefore significantly increases
available airtime (the currently most significant scalability bottleneck).
Secondly removes an easy, often accidental node-local Denial-of-Service
vector based on multicast flooding / streaming.
Thirdly, makes node-local multicast streaming feasible.
Finally should noticably increase battery life of mobile devices.
Note: bridge querier is disabled for br-wan. We want to avoid becoming
too "bossy"/"noisy" on a foreign network.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
The mesh side has become fairly huge in many communities. Up to
a few thousand entries can currently be found in the forwarding
database (fdb) of a bridge for its bridge port bat0.
The bridge fdb is kind of redundant to the batman-adv global translation
table here. Therefore this patch tries to reduce memory footprint by
following an approach similar to the IGMP/MLD split patchset approach:
Make the bridge oblivious not only regarding multicast listeners towards
the mesh but with this patch unicast hosts on the mesh, too.
If the destination of an ethernet frame is known by the bridge to be a
local one, then the frame is forwarded to the according port. If it is
unknown, then the frame is forwarded to the wifi AP interface and bat0.
mac80211 and batman-adv then know whether to drop or forward a frame
further through their own book-keeping.
Note that unicast-flood is not disabled for the wifi AP bridge port, nor
is learning disabled on the wifi AP. This is mainly to keep the
configuration in UCI and according setup scripts simple ;). However, not
disalbling unicast-flood on the wifi AP interface might also give a
minor latency improvement for newly joining wifi clients.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
This patchset enables the RX LNA for the CPE210/510, improving RX by about
20dB. The profiles for CPE210 and CPE510 is split into two images.
The problematic patch switching the CPE510 to the secondary ART is left
out.
I've bought a couple of those devices from Senetic GmbH.
https://www.senetic.de/product/TL-WR842N
They have 16 MB of Flash and 64 MB of RAM. Platform support works fine,
I've also tested a little with Ethernet (since I saw some regressions on
OpenWRT/LEDE with 841v11), no problems.
Therefore, lets remove the broken mark.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Switching branches and applying patches in the build repos will
unnecessarily touch many files, causing rebuilds of packages that didn't
really change; furthermore, it is filling the reflog with many entries.
Don't ever switch to base branch in the build repos and apply patches in
a temporary clone to avoid these issues.
In addition, GPG signing is generally disabled in the build repos to
override potential global configuration (as signing doesn't make sense and
will slow down rebases).
The arguments are now provided by gluon-mesh-batman-adv-core, so
gluon-radvd can be used with other mesh protocols.
[Matthias Schiffer: removed PROVIDES dependency]
Some drivers (mt76) don't support arbitrary MAC addresses. Use the
addresses provided by the driver (avoiding the primary address) by default,
but fall back to our has-based scheme when the driver doesn't provide
(enough) addresses.
This call takes an input and an output argument and will copy all files
from the input to the output, while minifying the Lua files.
[Matthias Schiffer: simplified definition, added commit message.]
Introduce new fixes:
* Avoid nullptr dereference in bla after vlan_insert_tag
* Avoid nullptr dereference in dat after vlan_insert_tag
* Avoid tt_req_node list put for unhashed entry
* Fix orig_node_vlan leak on orig_node_release
* Fix non-atomic bla_claim::backbone_gw access
* Fix reference leak in batadv_find_router
* Free last_bonding_candidate on release of orig_node
Also replace the gluon version of the speedyjoin patch with the one already
included in openwrt-routing.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Speedy join only works when the received packet is either broadcast or an
4addr unicast packet. Thus packets converted from broadcast to unicast via
the gateway handling code have to be converted to 4addr packets to allow
the receiving gateway server to add the sender address as temporary entry
to the translation table.
Not doing it will make the batman-adv gateway server drop the DHCP response
in many situations because it doesn't yet have the TT entry for the
destination of the DHCP response.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The new MR1750v2 device support is only available in LEDE master. The
relevant patches have to backported to add support for them in Gluon
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
The new OM2P-HSv3 device support is only available in LEDE master. The
relevant patches have to backported to add support for them in Gluon
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
This patchset enables the RX LNA for the CPE210/510, improving RX by about
20dB. The profiles for CPE210 and CPE510 is split into two images, so the
CPE510 can use the correct ART offset, improving the TX power by 10dB.
Fixes#796
Most doubles that are delivered via respondd have limited input
precision, but are converted with up to 17 digits of precision. That can
cause ugly blowups like 0.2800000000000001 in the output, which is
avoided by specifying better format strings (like "%.2f" in most cases).
The OpenMesh devices have a sticker with the eth0 mac address on the
bottom. Also all other mac addresses are calculated based on this address.
Therefore, it is better to use this as primary mac address instead of the
WiFi mac address.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
The returned name for OpenMesh devices with a an extra vX when calling
lua -e 'print(require("platform_info").get_image_name())'
doesn't contain a dash between the vX and the device name. Thus the image
should also not contain a dash.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
The new ath9k/ath10k based devices are only available in OpenWrt trunk. The
relevant patches have to backported to add support for them in Gluon
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
This patch adds a new gluon-ebtables package to filter IGMP/MLD messages
via ebtables.
For one thing this reduces multicast overhead: About one third of all
ICMPv6 multicast traffic in Lübeck or Hamburg is MLD.
Furthermore it removes a potential Distributed Denial-of-Service vector
(see Gluon ticket #553).
Finally, it is a prerequisite for enabling bridge multicast snooping in
a decentral and robust fashion.
Note that IGMP/MLD are filtered for multicast traffic coming from
the mesh, too (new MULTICAST_IN), as unfortunately there seem to
be other queriers somewhere in the mesh at least for Freifunk
Lübeck. Also adding these rules to be prepared to anyone intentionally
or unintentionally disabling these filters on his/her node.
Node operators not running Gluon (for instance gateway nodes) should
make sure to either enable multicast_router towards bat0 or disable
multicast snooping entirely if they have a bridge on top of bat0.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
ebtables actually skips any IPv6 extension headers like the hop-by-hop
one. So this rule is actually void.
The intend back then was to allow passing MLD messages into the mesh.
Since extension headers are skipped, the general icmpv6 rule will
actually match MLD messages. So the hop-by-hop rule is unnecessary,
too.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
The workaround to generate sysupgrade images for OpenMesh devices in gluon
is replaced in LEDE/OpenWrt by a special patch. It is therefore better to
drop the workaround and use the upstream version.
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Don't fork reboot process before all package hooks have been handled and
rendering is complete.
Replace debug.setfenv hack to close stdout with nixio.dup.
Fixes#772
The image validation currently fails on some devices (tested OpenMesh)
because it isn't done via sysupgrade. But the checks depend partially on
the integration in sysupgrade (e.g. via loops that can be stopped via
"break statements").
Instead of hacking its own version check, it is easier and better tested to
just use 'sysupgrade -T' like it is already done by LuCI.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Lua's tables are 1-based, so we must decrement the index by 1 to get the
desired MAC addresses. By not doing this, the second IBSS interface would
get the address with index 8, but only indices 0..7 are available.
Fixes: c73a12e0ea
There are a few devices which have more than one LAN interface (for example
some revision of the TL-WR941ND, which uses a DSA-based switch, so each
switch port has its own netdev.) On these devices we need a bridge for
mesh-on-lan (as the alternative of adding them to batman-adv individually
would need too many MAC addresses.)
While ath9k/ath10k devices can supprt VIFs with any combination of MAC addresses, there are also adapters which have a hardware MAC filter which only allows a few bits to differ. This commit changes the addresses of all VIFs to ony differ in the last 3 bits, which is required to support many Ralink/Mediatek based WLAN adapters.
Technically, the new addresses are generated by calculating an MD5 hash of the primary MAC address and using a part of this hash as a prefix for the MAC addresses.
The addresses (BSSIDs) of the AP VIFs are also reused for the LAN and WAN interfaces in mesh-on-LAN/WAN mode to reduce the number of needed addresses, and thus reduce the chance of collisions. This is not a problem as the MAC addresses of the AP VIFs are never used except as BSSID, and thus not seen by routing protocols like batman-adv.
Fixes#648
[Matthias Schiffer: rewrote commit message]
Device information can be found at:
http://www.8devices.com/products/carambola-2https://wiki.openwrt.org/toh/8devices/carambola2
I only did some minimal testing of gluon on the carambola 2 development
board:
- Config mode works
- Connects to Wifi Mesh
- Allows clients to connect
Notably, autoupgrade has not yet been tested.
Change to 010-primary-mac is necessary as the mac address printed
on the sticker is the one of eth0, not the wifi mac.
link "packages" instead of "community repositories"
add link for rejected features to bottom link list
link "#gluon" to webirc
link the mentioned commit 2a93c58
OpenWRT now supports the CISCO Meraki enterprise class routers
MR12, MR16, MR62 and MR66. The fabric firmware demands the yearly
renewal of a support license.
This firmware was successfully tested by @Garunda for the MR62 (and
the MR12 with it for which this is an alias). The initial firmware
pre OpenWRT adoption was prepared and adapted for Gluon by @tcatm.
The confirmation of the functionality of the image for the MR66
(and the aliased MR16 with it) is still pending.
The devices are of strategic interest to the Freifunk community as
they are making a rock-solid impression. However, these come with
fairly hefty annual license. The Freifunk may offer an escape route
for those who had signed up and want to keep their investment into the
similarly expensive hardware. Used evices sell for $60 on eBay/Amazon
in the US. Here in the old world it is all >300 €, still.
Credits go to @Garunda for testing, to @tcatm for finding the
OpenWRT patch prior to its adoption and preparing the initial Gluon
adaptation, to @smoe for the update once that patch had arrived in
OpenWRT, and to @NeoRaider for his review and advice to use
GluonModelAlias for MR62 and MR66 to point to MR12 and MR16,
respectively.
Original commit message:
MIPS: ath79: make bootconsole wait for both THRE and TEMT
This makes the ath79 bootconsole behave the same way as the generic 8250
bootconsole.
Also waiting for TEMT (transmit buffer is empty) instead of just THRE
(transmit buffer is not full) ensures that all characters have been
transmitted before the real serial driver starts reconfiguring the serial
controller (which would sometimes result in garbage being transmitted.)
This change does not cause a visible performance loss.
In addition, this seems to fix a hang observed in certain configurations on
many AR7xxx/AR9xxx SoCs during autoconfig of the real serial driver.
A more complete follow-up patch will disable 8250 autoconfig for ath79
altogether (the serial controller is detected as a 16550A, which is not
fully compatible with the ath79 serial, and the autoconfig may lead to
undefined behavior on ath79.)
Patch tested on v2016.1.x branch with Freifunk Magdeburg firmware on
Debian Jessie amd64 Xen host. See the same patch in our gluon fork here:
https://github.com/FreifunkMD/gluon/blob/fix-sysupgrade-xen/patches/openwrt/0058-x86-fix-platform_export_bootpart-for-Xen-virtual-disks.patch
Sysupgrade was tested successfully by manually making the change before
upgrading in the filesystem of the running node and upgrading to the
fixed FFMD experimental build in config mode via expert settings in
webgui.
Patch also submitted to OpenWRT trunk already.
Signed-off-by: Alexander Dahl <alex@netz39.de>
The Hornet UB is sold at least in the varieties. Without case it is a Hornet UB, with case and without connected USB port it is called AP121. If the USB port is present this device is called AP121U.
We have a AP121U in our mesh http://meshviewer.chemnitz.freifunk.net/#!v:m;n:00c0ca6efffa
We are mostly dealing with the 2.4GHz crap-band here, so increasing the
IGMP/MLD robustness parameter to three to be able to compensate for up
to two consecutive instead of just one lost packet.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
There are some devices not acting properly to roaming events, in that
they do not timely reissue IGMP/MLD reports after reconnecting.
To compensate for that this commit reduces the query interval from 125
seconds to 20 and the query response interval from 20 seconds to 5.
This reduces a timeout to 20+5 seconds in the worst-case (12.5s average)
after a roaming event for such broken devices. This should be below the
30s "impatient user threshold" and below any connection timeout.
Until the bridge multicast snooping + querier gets re-enabled this is a
no-op.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Adopt the according modifications to the default firewall settings of
the WAN interface from OpenWRT, revision 45613.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
An IGMP/MLD domain split will prevent us from being able to track
multicast listeners on other nodes.
Therefore we need to always hand any multicast packets we received from
local clients to batman-adv. With bridge multicast snooping disabled,
the current setting in Gluon, this is already the case.
However, in preparation to enabling multicast snooping, we need to
enforce forwarding towards batman-adv by setting the bridge port
option "multicast_router" to 2.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
It is not supported by all browsers yet.
Also change load display always to display 2 decimal digits (as it is read
from the kernel with 2 decimal digits).
Fixes#606
This option will make the generated commit IDs deterministic, greatly
reducing the number of repository objects created when calling `make
update` repeatedly.
Mobile browsers will often show or hide the address bar while scrolling.
This causes resize events which would often reset the signal graphs.
Fixes#662
Ethernet links provide transitive connectivity in all but very unusual
setup, enable mesh_no_rebroadcast to reduce load for devices on links with
many nodes.
Fixes#652
This new feature introduces the new uci section 'gluon-core.wireless' with a preserve_channels option:
* preserve_channels (boolean)
By setting this option to 1 (true) wifi channels will be preserved during upgrades.
Instead of starting gluon-respondd from a hotplug handler, add a proper
init script. The new init script has a restart_if_running argument which
is now used by the hotplug handler.
Tests done to verify that this worked as intended:
* checked plattform_info image_name
* checked primary_mac
* does appear in ffmap-d3
* does mesh
* does fastd-VPN
introduce function to recurse down to the lowest layer-2 interface
corresponding to a given interface.
also re-introduce some of the previously removed input validation plus
some more to protect against glob and path based exploits.
The timeout was calculated incorrectly (in each iteration the span between
the start time and the current time was substracted from the timeout
again), and would often become negative, causing warnings in the kernel
log.
On the status page statistics section counters for transmitted and received traffic were mixed up. Transmitted traffic was shown as received while received traffic was shown as being transmitted.
Fixes#586
Also
* create list of newly supported devices since v2015.1.2 in the v2015.2 release notes
* update information on docs/user/x86
* fix a comment in targets/ar71xx-generic/profiles.mk
The trunk version of mac80211 doesn't need these dependencies anymore as
they are compiled into the kernel.
While this didn't cause any issues for Gluon as we always build the kernel
with all modules, this fix makes the patch work on a plain OpenWrt CC as
well.
Is makes sense to always look for both ibss_radio* and mesh_radio* sections
to determine if the meshing should be enabled when regenerating these
sections. Doing this, the disabled state will survive updates changing the
section name (either updating from pre-2015.2 while keeping IBSS, or
changing from IBSS to 11s or vice-versa).
If both ibss_radio* and mesh_radio* sections exist, the disabled state will
be kept correctly for each section, the behaviour is changed only when
creating a section that didn't exist before.
Fixes#549
PKG_FILE_DEPENDS caused the whole site repo to be hashed to determine if
gluon-site needed rebuilding. While this is normally no problem,
alternative build setups sometimes put the Gluon repo inside the site repo,
causing long build times and parallel build failures.
in a layer 2 mesh network, multicast pings cause a lot of traffic in the
network, significantly increasing the 'backgroudn noise' (= Grundrauschen)
and stressing nodes in the network.
this commit blacklists all icmpv4 multicast traffic as well as multicast
icmpv6 echo-requests and node iformation queries. as no application
depending on these types of multicast traffic is known, blacklisting is safe.
This commit basically does two things: it urges users always to use an own
git repository to manage the site configuration, and it removed all
mentions of "communities" from the "Getting started" page, as it was too
Freifunk-specific.
Other documentation pages (especially the site configuration docs) should
probably be adjusted as well.
The Freifunk Münsterland firmware was formerly known as Freifunk Münster firmware - while the URL hasn't changed. In future, there will probably be subdomains with their own files, but for now this is state of the project.
The upstream builds always use LINUX_RELEASE=1. By setting it to 2 we
ensure that our modules are always preferred as long as our kernel version
is at least as high as the upstream one.
I guess this is some copy and paste mistake which makes the example an
invalid site.conf. In my case merging the changes of the example into
our actual site.conf lead to an error because this line was merged to.
gluon-radio-config contained only a single file. The code has been adjusted
to allow creating a Gluon configuration without WLAN support by removing
the wifi24 and wifi5 sections from site.conf.
ath9k expects to get revision id 2 for the QCA9531 ver. 2 rev. 0. This
fixes the very low TX power on some devices like the TP-LINK
TL-WR841ND v10.
As ath79_soc_rev is only used to get the revision number to ath9k on the
QCA9533, just set it to the expected value on the ver. 2.
The file promotes the probably unnecessary re-execution of the announce
scripts. Instead, gluon-announced should be queried using
gluon-neighbour-info -d ::1 -p 1001 -t0 -r nodeinfo
if both gluon-announced and gluon-neighbour-info are present. But to not
depend on any of those, no script for this one-liner is provided.
This patch adds the kernel modules to for the very common Realtek RTL8150 and Realtek 8152 based USB-to-Ethernet converters.
After this patch the following packages can be added to targets (or site.mk):
kmod-usb-net-rtl8150
kmod-usb-net-rtl8152
The modules are already available in openwrt trunk, but not in Chaos Calmer. This patch is just a temporary backport.
The modules are needed for Futros with additional USB-Ethernet-Interface and VMs with dedicated USB-NIC
Add an optional third argument to the GluonProfile macro while contains the
OpenWrt profile name. This allows creating different Gluon profiles (with
different image names etc.) from the same OpenWrt profile.
We can't use the same image for these two devices, so as a workaround,
remove ZR-600DHP from the name for now, so the autoupdater can work and
users aren't confused.
Config for rootfs and grub is not needed anymore (https://dev.openwrt.org/ticket/18074)
Config file not needed anymore (set implicitly by gluon now)
Avoid empty vars
LuCI's authentication won't work without rpcd, but we aren't using the
authentication anyways. Users who need it can just install rpcd explicitly.
Fixes#452
Now that the status page api has been rewritten in C CPU load and memory
usage is much lower. Also, nodes with both ibss and 11s mesh and dual
band wifi may require up to 9 connections for a single client, thus the
previous limit of 12 seemed a little low.
Convert option ifname in br-client to use a list instead. This
simplifies adding and remove interfaces:
uci:add_to_set("network", "client", "ifname", "eth0")
uci:remove_from_set("network", "client", "ifname", "eth0")
An option ifname will be automatically converted to a list when
performing an upgrade.
Packages affected: gluon-mesh-batman-adv-core, gluon-luci-portconfig
When rebooting the node in config mode, currently the fastd key is
forcefully displayed in a fixed format. This is confusing in communities
where fastd accepts all keys and no key submission is needed.
Furthermore, some communities might want to personalize the display of
the key (see #387).
This patch moves the displaying <div> from the package's lua file to the
translation files of the sample site configuration and mentiones the
change in the release notes.
Apart from replacing a patch for the former by two patches for latter,
this involved minimal adaptations of the lua scripts in the following
packages:
* gluon-announce
* gluon-announced
* gluon-mesh-batman-adv-core
* gluon-status-page
Split basic radio configuration from gluon-mesh-batman-adv as this will
be required for virtually any wireless mesh protocol.
This package takes care of setting:
- wireless channel,
- htmode and
- regulatory domain
gluon-mesh-batman-adv-core depends on this package.
This is a site.conf-breaking change in regard to the wireless config.
Make sure to read http://gluon.readthedocs.org/en/latest/user/site.html
and update your site.conf accordingly!
Support for 802.11s mesh interfaces has been added. Gluon now supports
three interface types: ap, ibss and mesh. All of them are now optional
and may be configured independently in site.conf.
A sample site.conf may look like this:
wifi24 = {
channel = 1,
htmode = 'HT40+',
ap = {
ssid = 'luebeck.freifunk.net',
},
ibss = {
ssid = '02:d1:11:37:fc:38',
bssid = '02:d1:11:37:fc:38',
mcast_rate = 12000,
},
mesh = {
id = 'ffhl-mesh',
mcast_rate = 12000,
},
},
The nodeinfo/network/addresses announcement included deprecated and
tentative addresses, which it clearly shouldn't as the host doesn't want
to be contacted on those addresses. They are now filtered out.
hostapd would switch the primary and secondary channel on 5GHz networks in
certain circumstances, completely breaking the adhoc interfaces of the WLAN
adapter (they would lose their configuration).
As a temporary fix, disable this channel switch function.
The file targets/$GLUON_TARGET/config becomes optional, as many targets
only used it to set the board and subtarget.
Also fix targets without subtarget.
Recent changes in the routing configuration of OpenWrt broke source address
selection, sometimes leading to the node trying to contact other addresses in
the mesh network from the next-node address.
Revert the problematic commits until this has been solved upstream.
Always output empty objects or nothing at all where objects are expected, but
no elements exist.
Also remove a few unneeded "requires", a few basic modules are provided by
announce.lua by default.
By introducing a new option -a in addition to -p this patch allows
controlling the on-link flag of announcements.
A prefix specified using -a will have the on-link flag set to zero
while a prefix specified using -p will retain its behaviour (i.e.
on-link flag set).
Example:
gluon-radvd -i local-node -p 2001:db8:aaaa:/64 -a 2001:db8:bbbb::/64
This will announce 2001:db8:aaaa::/64 with the on-link flag set and
2001:db8:bbbb::/64 with the flag unset.
2015-05-08 21:46:12 +02:00
689 changed files with 25203 additions and 48684 deletions
CheckExternal:=test -d $(GLUON_ORIGOPENWRTDIR)||(echo'You don'"'"'t seem to have obtained the external repositories needed by Gluon; please call `make update` first!';false)
CheckTarget:=['$(LEDE_TARGET)']\
||(echo'Please set GLUON_TARGET to a valid target. Gluon supports the following targets:';$(foreach target,$(GLUON_TARGETS),echo ' * $(target)';)false)
CheckExternal:=test -d lede ||(echo'You don'"'"'t seem to have obtained the external repositories needed by Gluon; please call `make update` first!';false)
The second parameter defines the name of the image files generated by LEDE. Usually,
it is also the LEDE profile name; for devices that still use the old image build
code, a third parameter with the LEDE profile name can be passed. The profile names
can be found in the image Makefiles in ``lede/target/linux/<target>/image/Makefile``.
This is just so the autoupdater can work. The command has to be executed _on_ the target (eg. the hardware router with a flashed image). So you'll first have to build an image with a guessed name, and afterwards build a new, correctly named image. On targets which aren't supported by the autoupdater,
``require("platform_info").get_image_name()`` will just return ``nil`` and the final image name
may be defined arbitrarily.
Examples::
device tp-link-tl-wr1043n-nd-v1 tl-wr1043nd-v1
device alfa-network-hornet-ub hornet-ub HORNETUB
Suffixes and extensions
'''''''''''''''''''''''
By default, image files are expected to have the extension ``.bin``. In addition,
the images generated by LEDE have a suffix before the extension that defaults to
``-squashfs-factory`` and ``-squashfs-sysupgrade``.
This can be changed using the ``factory`` and ``sysupgrade`` commands, either at
the top of the file to set the defaults for all images, or for a single image. There
are three forms with 0 to 2 arguments (all work with ``sysupgrade`` as well)::
factory SUFFIX .EXT
factory .EXT
factory
When only an extension is given, the default suffix is retained. When no arguments
are given, this signals that no factory (or sysupgrade) image exists.
Aliases
'''''''
Sometimes multiple models use the same LEDE images. In this case, the ``alias``
command can be used to create symlinks and additional entries in the autoupdater
manifest for the alternative models.
Standalone images
'''''''''''''''''
On targets without *per-device rootfs* support in LEDE, the commands described above
can't be used. Instead, ``factory_image`` and ``sysupgrade_image`` are used::
factory_image PROFILE IMAGE .EXT
sysupgrade_image PROFILE IMAGE .EXT
Again, the profile name must match the value printed by the aforementioned Lua
command. The image name must match the part between the target name and the extension
as generated by LEDE and is to be omitted when no such part exists.
Packages
''''''''
The ``packages`` command takes an arbitrary number of arguments. Each argument
defines an additional package to include in the images in addition to the default
package sets defined by LEDE. When a package name is prefixed by a minus sign, the
packages are excluded instead.
The ``packages`` command may be used at the top of a target definition to modify
the default package list for all images, or just for a single device (when the
target supports *per-default rootfs*).
Configuration
'''''''''''''
The ``config`` command allows to add arbitary target-specific LEDE configuration
to be emitted to ``.config``.
Notes
'''''
On devices with multiple WLAN adapters, care must also be taken that the primary MAC address is
configured correctly. ``/lib/gluon/core/sysconfig/primary_mac`` should contain the MAC address which
can be found on a label on most hardware; if it does not, ``/lib/gluon/upgrade/core/initial/001-sysconfig``
can be found on a label on most hardware; if it does not, ``/lib/gluon/upgrade/010-primary-mac``
in ``gluon-core`` might need a fix. (There have also been cases in which the address was incorrect
even on devices with only one WLAN adapter, in these cases an OpenWrt bug was the cause).
even on devices with only one WLAN adapter, in these cases a LEDE bug was the cause).
Adding support for new hardware targets
---------------------------------------
Adding a new target is much more complex than adding a new profile. There are two basic steps
required for adding a new target:
Adjust packages
'''''''''''''''
One package that definitely needs adjustments for every new target added is ``lua-platform-info``. Just
start with a copy of an existing platform info script, adjust it for the new target, and add the new target
to the list of supported targets in the package Makefile.
Package adjustments
'''''''''''''''''''
On many targets, Gluon's network setup scripts (mainly in the packages ``gluon-core`` and ``gluon-mesh-batman-adv-core``)
One package that may need adjustments for new targets is ``libplatforminfo`` (to be found in
If the new platform works fine with the definitions found in ``default.c``, nothing needs to be done. Otherwise,
create a definition for the added target or subtarget, either by symlinking one of the files in the ``templates``
directory, or adding a new source file.
On many targets, Gluon's network setup scripts (mainly in the package ``gluon-core``)
won't run correctly without some adjustments, so better double check that everything is fine there (and the files
``primary_mac``, ``lan_ifname`` and ``wan_ifname`` in ``/lib/gluon/core/sysconfig/`` contain sensible values).
Add support to the build system
'''''''''''''''''''''''''''''''
A directory for the new target must be created under ``targets``, and it must be added
to ``targets/targets.mk``. In the new target directory, three files must be created:
Build system support
''''''''''''''''''''
* config
* profiles.mk
* vermagic
A definition for the new target must be created under ``targets``, and it must be added
to ``targets/targets.mk``. The ``GluonTarget`` macro takes one to three arguments:
the target name, the Gluon subtarget name (if the target has subtargets), and the
LEDE subtarget name (if it differs from the Gluon subtarget). The third argument
can be used to define multiple Gluon targets with different configuration for the
same LEDE target, like it is done for the ``ar71xx-tiny`` target.
The file ``config`` can be used to add additional, target-specific options to the OpenWrt config. It
must at least select the correct target and subtarget. For ``profiles.mk``, see :ref:`hardware-adding-profiles`.
The files ``vermagic`` must have the correct content so kernel modules from the upstream repositories
can be installed without dependency issues. The OpenWrt version a Gluon release is based on is defined by the upstream package repo URL in ``include/gluon.mk``
(in the variable ``CONFIG_VERSION_REPO``); at the time this documentation was written, this was ``barrier_breaker/14.07``; whenever
the package repo is updated, all ``vermagic`` files must be updated as well.
The content is a hash which is part of the version number of the kernel package. So in the case of ``ar71xx-generic`` on
``barrier_breaker``, we look for the kernel package in the directory ``https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base/``.
As the kernel package is called ``kernel_3.10.49-1-0114c71ed85677c9c1e4911437af4743_ar71xx.ipk``, the correct ``vermagic`` string
is ``0114c71ed85677c9c1e4911437af4743``.
After this, is should be sufficient to call ``make GLUON_TARGET=<target>-<subtarget>`` to build the images for the new target.
After this, is should be sufficient to call ``make GLUON_TARGET=<target>`` to build the images for the new target.
* Ubiquiti Loco M, Picostation M and Rocket M now get their own images (which are just copies of the Bullet M image)
so it's more obvious for users which image to use
* The x86-generic images now contain the e1000e ethernet driver by default
Bugfixes
~~~~~~~~
* Fix download of OpenSSL during build because of broken OpenSSL download servers (again...)
* Fix another ABI incompatiblity with the upstream kernel modules which prevented loading some filesystem-related modules
* Fix potential MAC address conflicts on x86 target when using mesh-on-wan/lan
* Fix signal strength indicators on TP-LINK CPE210/510
* Fix the model name string on some NETGEAR WNDR3700v2
* Fix 5GHz WLAN switching channels and losing connectivity when other WLANs using the same channel are detected (including other Gluon nodes...); see https://github.com/freifunk-gluon/gluon/issues/386
* Fix DNS resolution for mesh VPN on IPv6-only WAN; see https://github.com/freifunk-gluon/gluon/issues/397
* gluon-mesh-batman-adv-15: update batman-adv to 2015.0 with additional bugfixes (fixes various minor bugs)
* gluon-mesh-batman-adv-15: fix forwarding of fragmented frames over multiple links with different MTUs
batman-adv compat 15 doesn't re-fragment frames that are fragmented already. In particular,
this breaks transmission of large packets which are first fragmented for mesh-on-lan/wan and are then sent
over the mesh VPN, which has an even smaller MTU. Work around this limitation by decreasing the maximum fragment
size to 1280, so they can always be forwarded as long there's no link with a MTU smaller than 1280.
See https://github.com/freifunk-gluon/gluon/issues/435
The keys of the ``extra`` table (like ``modules`` in this example) can be chosen arbitrarily.
Instead of explicitly specifying the whole URL, using patterns is recommended. The following
patterns are understood:
- ``%n`` is replaced by the OpenWrt version codename (e.g. "chaos_calmer")
- ``%v`` is replaced by the OpenWrt version number (e.g. "15.05")
- ``%S`` is replaced by the target architecture (e.g. "ar71xx/generic")
- ``%GS`` is replaced by the Gluon site code (as specified in ``site.conf``)
- ``%GV`` is replaced by the Gluon version
- ``%GR`` is replaced by the Gluon release (as specified in ``site.mk``)
* ``site.mk``
- The packages `gluon-announce` and `gluon-announced` were merged into
the package `gluon-respondd`. If you had any of them (probably
`gluon-announced`) in your package list, you have to replace them.
* ``i18n/``
- The translations of ``gluon-config-mode:pubkey`` now have to show the fastd
public key themselves if desired, making the formatting of the key and whether it is shown at
all configurable. To retain the old format, add ``<p>`` to the beginning of
your translations and append::
"</p>"
"<div class=\"the-key\">"
" # <%= hostname %>"
" <br/>"
"<%= pubkey %>"
"</div>"
Internals
~~~~~~~~~
* OpenWrt has been updated to Chaos Calmer
* mac80211 has been backported from OpenWrt trunk r47249 (wireless-testing 2015-07-21)
This allows us to support the TL-WR940N v3/TL-WR941ND v6, which uses a TP9343 (QCA956x) SoC.
* Several packages have been moved from the Gluon repo to the packages repo, removing references to Gluon:
- gluon-cron -> micrond (the crontabs are now read from ``/usr/lib/micron.d`` instead of ``/lib/gluon/cron``)
- gluon-radvd -> uradvd
- gluon-simple-tc -> simple-tc (the config file has been renamed as well)
* Some of the Gluon-specific i18n support code in the build system has been removed, as LuCI now provides
similar facilities
* The C-based `luci-lib-jsonc` library is now used for JSON encoding/decoding instead of the pure Lua `luci-lib-json`
* The site config is now stored as JSON on the node. The Lua interface ``gluon.site_config`` is still available, and a C interface was added as part of the new package `libgluonutil`.
* The `respondd` daemon now uses C modules instead of Lua snippets, which greatly enhances response speed and reduces memory usage. The Gluon integration package has
been renamed from `gluon-announced` to `gluon-respondd`.
Known Issues
~~~~~~~~~~~~
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Expert Mode is recommended.
* batman-adv causes stability issues for both alfred and respondd/announced (`#177 <https://github.com/freifunk-gluon/gluon/issues/177>`_)
* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
* Inconsistent respondd/announced API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
The current API is inconsistent and will be replaced in the next release. The old API will still be supported for a while.
Support for Meraki devices (MR12/16/62/66) has been removed for now because of
severe problems (all devices were using the same MAC addresses). Support will return
when the issues have been fixed.
Bugfixes
~~~~~~~~
* Automatically restart respondd on failure (`#863 <https://github.com/freifunk-gluon/gluon/issues/863>`_)
There have been many reports of respondd processes disappearing; the exact cause is unclear,
but might be related to the batman-adv debugfs interface and/or out-of-memory conditions.
A new respondd initscript uses procd to automatically restart respondd when it dies.
* Make autoupdater timeouts more robust (`#987 <https://github.com/freifunk-gluon/gluon/issues/987>`_)
It was reported that wget processes sometimes hang indefinitely during the autoupdater manifest
download. The autoupdater has been improved to ensure that wget can always be interrupted after
a timeout.
This issue, together with the recent addition of lock files to ensure that only one instance
of the autoupdater can run at a time, had caused the autoupdater to blocked completely
by hanging processes in some cases (till a node was rebooted).
* Fix regulation domain switching in ath10k (`#1001 <https://github.com/freifunk-gluon/gluon/pull/1001>`_)
Prevents use of too high transmission power in some cases.
* Ensure that *prefix6* in site.conf is always a /64 prefix (`6b62e2f <https://github.com/freifunk-gluon/gluon/commit/6b62e2fc788cd1f83f6634288a15724dfc42b0fd>`_)
Other prefix lengths were never supported and don't make sense in many places the prefix is used. Ensure
that such configurations will not pass validation.
Known Issues
~~~~~~~~~~~~
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
* Fix batman-adv (compat 15) not being able to transmit packages of specific sizes (`b7eeef9 <https://github.com/freifunk-gluon/gluon/commit/b7eeef9b04b44a70b2a953c4efe35a3fdceba2db>`_)
We suspect that this issue was also the reason for the autoupdater/wget hangs observed by many communities.
Non-Gluon nodes like gateways should be updated to batman-adv 2017.0.1 to get the fix.
* Fix build after ftp.all.kernel.org discontinuation (`#1059 <https://github.com/freifunk-gluon/gluon/issues/1059>`_)
* Fix high load because of frequent calls of the respondd initscript (`9a0aeb9 <https://github.com/freifunk-gluon/gluon/commit/9a0aeb9b7482df4e4515e61356b9d393e3a7eacb>`_)
The respondd restart triggers added in v2016.2.3 ran a significant portion of the respondd initscript for each router advertisement
received. This was fixed by a backport of a netifd patch.
* x86 sysupgrade fixes (`41fd50d <https://github.com/freifunk-gluon/gluon/commit/41fd50d20ba31d73c4796c5b2d4eb44ad2258b90>`_,
If for some reason processes don't react to SIGKILL (usually because of a kernel bug),
a node could hang forever in sysupgrade, requiring a power cycle. This has been
fixed, triggering a reboot instead.
* Backport fixes to support building with Perl 5.26 or newer (`76753ed <https://github.com/freifunk-gluon/gluon/commit/76753ede0da78e24208f10675fa288247deec961>`_)
Known Issues
~~~~~~~~~~~~
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.