From 57f8b9bc6a0e39460b5b0872816f03b76a78c9bd Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 10 Feb 2017 09:32:39 +0100 Subject: [PATCH] Switch back roles of br-client and local-node interfaces When preparing the migration from macvlan to veth for local-node, MAC address conflicts occurred as some ports of br-client had the same address as local-node. Reverting the roles of both interfaces fixes this. By default, br-client is left as an interface without addresses and firewall rules that drop everything, so the bridge is used to connect its ports only. gluon-mesh-batman-adv-core changes this to the usual set of addresses and firewall rules. --- .../lib/gluon/upgrade/500-enable-alfred | 2 +- .../upgrade/300-gluon-client-bridge-network | 52 +++++++++---------- .../310-gluon-client-bridge-local-node | 20 +++++-- .../files/lib/gluon/radvd/arguments | 2 +- .../files/lib/gluon/respondd/client.dev | 2 +- ...0-gluon-mesh-batman-adv-core-client-bridge | 46 +++++++++++++--- .../330-gluon-mesh-batman-adv-core-local-node | 51 ------------------ .../gluon-mesh-batman-adv-core/src/respondd.c | 2 +- 8 files changed, 85 insertions(+), 92 deletions(-) delete mode 100755 package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-core-local-node diff --git a/package/gluon-alfred/luasrc/lib/gluon/upgrade/500-enable-alfred b/package/gluon-alfred/luasrc/lib/gluon/upgrade/500-enable-alfred index e4555e55..e1a28080 100755 --- a/package/gluon-alfred/luasrc/lib/gluon/upgrade/500-enable-alfred +++ b/package/gluon-alfred/luasrc/lib/gluon/upgrade/500-enable-alfred @@ -4,7 +4,7 @@ local uci = require('simple-uci').cursor() uci:delete('alfred', 'alfred') uci:section('alfred', 'alfred', 'alfred', { - interface = 'local-node', + interface = 'br-client', mode = 'slave', batmanif = 'bat0', start_vis = true, diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network index 723805e3..c3fefdf8 100755 --- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network +++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network @@ -1,37 +1,12 @@ #!/usr/bin/lua -local site = require 'gluon.site_config' local sysconfig = require 'gluon.sysconfig' +local sysctl = require 'gluon.sysctl' local util = require 'gluon.util' local uci = require('simple-uci').cursor() -local ip4, ip6 - -if site.next_node.ip4 then - local plen = site.prefix4:match('/%d+$') - ip4 = site.next_node.ip4 .. plen -end - -if site.next_node.ip6 then - ip6 = site.next_node.ip6 .. '/128' -end - -uci:section('network', 'interface', 'client', { - type = 'bridge', - proto = 'static', - macaddr = site.next_node.mac, - ipaddr = ip4, - ip6addr = ip6, -}) - -uci:delete('network', 'client', 'reqprefix') -uci:delete('network', 'client', 'peerdns') -uci:delete('network', 'client', 'sourcefilter') -uci:delete('network', 'client', 'netmask') - - local interfaces = uci:get('network', 'client', 'ifname') or {} if type(interfaces) == 'string' then @@ -48,11 +23,31 @@ if sysconfig.lan_ifname and not ifname and not uci:get_bool('network', 'mesh_lan end end -uci:set_list('network', 'client', 'ifname', interfaces) +uci:delete('network', 'client') +uci:section('network', 'interface', 'client', { + type = 'bridge', + ifname = interfaces, + proto = 'none', + auto = true, + ipv6 = false, + macaddr = sysconfig.primary_mac, +}) uci:save('network') +uci:delete('firewall', 'client') +uci:section('firewall', 'zone', 'client', { + name = 'client', + network = {'client'}, + input = 'DROP', + output = 'DROP', + forward = 'DROP', +}) + +uci:save('firewall') + + local dnsmasq = uci:get_first('dhcp', 'dnsmasq') uci:set('dhcp', dnsmasq, 'boguspriv', false) uci:set('dhcp', dnsmasq, 'localise_queries', false) @@ -65,3 +60,6 @@ uci:section('dhcp', 'dhcp', 'client', { }) uci:save('dhcp') + + +sysctl.set('net.ipv6.conf.br-client.forwarding', 0) diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node index 57ca68ff..efde1c3d 100755 --- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node +++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node @@ -1,5 +1,6 @@ #!/usr/bin/lua +local site = require 'gluon.site_config' local sysconfig = require 'gluon.sysconfig' local uci = require('simple-uci').cursor() @@ -10,14 +11,27 @@ uci:section('network', 'device', 'local_node_dev', { name = 'local-node', ifname = 'br-client', type = 'macvlan', - macaddr = sysconfig.primary_mac, + macaddr = site.next_node.mac, }) + +local ip4, ip6 + +if site.next_node.ip4 then + local plen = site.prefix4:match('/%d+$') + ip4 = site.next_node.ip4 .. plen +end + +if site.next_node.ip6 then + ip6 = site.next_node.ip6 .. '/128' +end + uci:delete('network', 'local_node') uci:section('network', 'interface', 'local_node', { ifname = 'local-node', - proto = 'none', - auto = true, + proto = 'static', + ipaddr = ip4, + ip6addr = ip6, }) uci:save('network') diff --git a/package/gluon-mesh-batman-adv-core/files/lib/gluon/radvd/arguments b/package/gluon-mesh-batman-adv-core/files/lib/gluon/radvd/arguments index 4062748a..eb6147b5 100755 --- a/package/gluon-mesh-batman-adv-core/files/lib/gluon/radvd/arguments +++ b/package/gluon-mesh-batman-adv-core/files/lib/gluon/radvd/arguments @@ -1,3 +1,3 @@ #!/usr/bin/lua local site = require "gluon.site_config" -print("-i br-client -p " .. site.prefix6) +print("-i local-node -p " .. site.prefix6) diff --git a/package/gluon-mesh-batman-adv-core/files/lib/gluon/respondd/client.dev b/package/gluon-mesh-batman-adv-core/files/lib/gluon/respondd/client.dev index 9a074885..b051c6c5 100644 --- a/package/gluon-mesh-batman-adv-core/files/lib/gluon/respondd/client.dev +++ b/package/gluon-mesh-batman-adv-core/files/lib/gluon/respondd/client.dev @@ -1 +1 @@ -local_node +client diff --git a/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-core-client-bridge b/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-core-client-bridge index ebe3edf2..5a956d4f 100755 --- a/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-core-client-bridge +++ b/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-core-client-bridge @@ -1,39 +1,71 @@ #!/usr/bin/lua +-- This script must be ordered after 300-gluon-client-bridge-network, as +-- it overrides parts of network.client + + +local site = require 'gluon.site_config' local sysconfig = require 'gluon.sysconfig' local sysctl = require 'gluon.sysctl' local uci = require('simple-uci').cursor() + uci:section('network', 'interface', 'client', { + ipv6 = true, + proto = 'dhcpv6', + reqprefix = 'no', + peerdns = not (site.dns and site.dns.servers), + sourcefilter = false, + keep_ra_dnslifetime = true, robustness = 3, query_interval = 2000, query_response_interval = 500, }) -uci:delete('network', 'client', 'igmp_snooping') uci:delete('network', 'client_lan') if sysconfig.lan_ifname then uci:section('network', 'interface', 'client_lan', { unicast_flood = false, + ifname = sysconfig.lan_ifname, }) - uci:set('network', 'client_lan', 'ifname', sysconfig.lan_ifname) end +uci:delete('network', 'local_node_route6') +uci:section('network', 'route6', 'local_node_route6', { + interface = 'client', + target = site.prefix6, + gateway = '::', +}) + uci:save('network') -uci:delete('firewall', 'client') uci:section('firewall', 'zone', 'client', { - name = 'client', - network = {'client'}, input = 'ACCEPT', output = 'ACCEPT', forward = 'REJECT', }) -uci:delete('firewall', 'client_dns') +uci:section('firewall', 'rule', 'client_dns', { + name = 'client_dns', + src = 'client', + dest_port = '53', + target = 'REJECT', +}) + +uci:delete('firewall', 'local_node') +uci:section('firewall', 'zone', 'local_node', { + name = 'local_node', + network = {'local_node'}, + input = 'ACCEPT', + output = 'ACCEPT', + forward = 'REJECT', +}) + +uci:delete('firewall', 'local_node_dns') uci:save('firewall') -sysctl.set('net.ipv6.conf.br-client.forwarding') + +sysctl.set('net.ipv6.conf.local-node.forwarding', 0) diff --git a/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-core-local-node b/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-core-local-node deleted file mode 100755 index d281b2c1..00000000 --- a/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-core-local-node +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/lua - --- This script must be ordered after 310-gluon-client-bridge-local-node, as --- it overrides parts of network.local_node - - -local site = require 'gluon.site_config' -local sysconfig = require 'gluon.sysconfig' -local sysctl = require 'gluon.sysctl' - -local uci = require('simple-uci').cursor() - - -uci:section('network', 'interface', 'local_node', { - proto = 'dhcpv6', - reqprefix = 'no', - peerdns = not (site.dns and site.dns.servers), - sourcefilter = false, - keep_ra_dnslifetime = true, -}) - -uci:delete('network', 'local_node_route6') -uci:section('network', 'route6', 'local_node_route6', { - interface = 'local-node', - target = site.prefix6, - gateway = '::', -}) - -uci:save('network') - - -uci:delete('firewall', 'local_node') -uci:section('firewall', 'zone', 'local_node', { - name = 'local_node', - network = {'local_node'}, - input = 'ACCEPT', - output = 'ACCEPT', - forward = 'REJECT', -}) - -uci:section('firewall', 'rule', 'local_node_dns', { - name = 'local_node_dns', - src = 'local_node', - dest_port = '53', - target = 'REJECT', -}) - -uci:save('firewall') - - -sysctl.set('net.ipv6.conf.local_node.forwarding', 0) diff --git a/package/gluon-mesh-batman-adv-core/src/respondd.c b/package/gluon-mesh-batman-adv-core/src/respondd.c index 33e1e0d5..09b6ac6f 100644 --- a/package/gluon-mesh-batman-adv-core/src/respondd.c +++ b/package/gluon-mesh-batman-adv-core/src/respondd.c @@ -102,7 +102,7 @@ static struct json_object * get_addresses(void) { &flags, ifname) != 18) continue; - if (strcmp(ifname, "local-node")) + if (strcmp(ifname, "br-client")) continue; if (flags & (IFA_F_TENTATIVE|IFA_F_DEPRECATED))