| Message ID | 1505495533-14383-4-git-send-email-fff@chrisi01.de |
|---|---|
| State | Superseded |
| Headers | show |
diff --git a/src/packages/fff/fff-hoods/Makefile b/src/packages/fff/fff-hoods/Makefile new file mode 100644 index 0000000..f85178d --- /dev/null +++ b/src/packages/fff/fff-hoods/Makefile @@ -0,0 +1,39 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fff-hoods +PKG_VERSION:=0.0.1 +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoods + +include $(INCLUDE_DIR)/package.mk + +define Package/fff-hoods + SECTION:=base + CATEGORY:=Freifunk + TITLE:= Freifunk-Franken hoods + URL:=http://www.freifunk-franken.de + DEPENDS:=+fff-network +endef + +define Package/fff-hoods/description + This package load and configures the current hood +endef + +define Build/Prepare + echo "all: " > $(PKG_BUILD_DIR)/Makefile +endef + +define Build/Configure + # nothing +endef + +define Build/Compile + # nothing +endef + +define Package/fff-hoods/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,fff-hoods)) diff --git a/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods new file mode 100644 index 0000000..49f53e3 --- /dev/null +++ b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods @@ -0,0 +1,5 @@ +#!/bin/sh +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && { + sleep 3 + /usr/sbin/configurehood +} diff --git a/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods new file mode 100644 index 0000000..ca8d798 --- /dev/null +++ b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods @@ -0,0 +1 @@ +*/5 * * * * /usr/sbin/configurehood diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood new file mode 100755 index 0000000..49c36c7 --- /dev/null +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood @@ -0,0 +1,209 @@ +#!/bin/sh + +. /usr/share/libubox/jshn.sh +. /lib/functions/fff/wireless +. /etc/community.cfg + +# hidden AP check + +if [ -n /tmp/hiddenapflag ]; then + if [ "$(batctl gwl | wc -l)" -gt 2 ]; then + if ! wifiAddAP "$radio" "config.franken.freifunk.net" "configap" "configap" "1"; then + echo "Can't add AP interface on $radio." + exit 1 + else + #we must set here a fix ip adress + uci set network.configap=interface + uci set network.configap.proto='static' + uci set network.configap.ip6addr='fded:c8f0:4b9a::1/64' + uci commit network + fi + else + rm /tmp/hiddenapflag + fi +fi + +project="$VPN_PROJECT" +lat=$(uci get system.@system[0].latitude) +long=$(uci get system.@system[0].longitude) +mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) +hostname=$(cat /proc/sys/kernel/hostname) +[ "$hostname" = "OpenWrt" ] && hostname="" +[ "$hostname" = "" ] && hostname="$mac" + +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver +test_ipv4_host2="8.8.8.8" # Google DNS +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag + +# if we have Internet, we download the Hoodfile from the keyxchangev2 +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null || + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null || + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then + # do we have a fastd secret + if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }') + uci set fastd.${project}.secret="$secret" + uci commit fastd + fi + pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable) + #don't know what about port? Need this? Have we this in der old version? + wget -T15 "http://144.76.70.189/keyserver/json.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/keyxchangev2data + #if no Internet, we connect to the hidden AP and download the file from another Node in range +else + # connect to wireless hidden ap here and download from the next router the json File -O /tmp/keyxchangev2data + # only to that, when we have no gateway in range. If the Uplinkrouter change the hood, we lost the GW and to this automatically again i think! Nice idea? + if [ "$(batctl gwl | wc -l)" -lt 3 ]; then + #now we haven't a gateway in Range, we search for a hidden AP to get a keyxchangev2data file! + #first we delete all wifi settings + if ! wifiDelAll; then + echo "Can't delete current wifi setup" + exit 1 + fi + #now we look for phy and add this + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then + echo "$phy is 2.4 GHz" + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL") + if [ -z "$radio" ]; then + echo "Can't create radio for $phy" + exit 1 + fi + fi + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then + echo "$phy is 5 GHz" + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL_5GHZ") + if [ -z "$radio" ]; then + echo "Can't create radio for $phy" + exit 1 + fi + fi + #and here we add the station + if ! wifiAddSta "$radio" "config.franken.freifunk.net" "configSta"; then + echo "Can't add Sta interface on $radio." + exit 1 + else + # here we must set a fix ip adress on the new wifi interface! + uci set network.configSta=interface + uci set network.configSta.proto='static' + # we need a random adress because it can more than 1 Router connect! + # Set fe80::1 as IP + uci set network.configSta.ip6addr="fe80::1" + uci commit network + fi + + done + wifi + # wait a moment to start the interface + sleep 10; + #and here we can download the Hoodfile from the other node + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data + else + echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1" + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data + fi + + +fi + +# we get a json file in this format: +# https://pw.freifunk-franken.de/patch/205/ +# but without signature, every hood file we get is valid! + +sumnew=$(sha256sum /tmp/keyxchangev2data | cut -f1 -d " ") +sumold=$(sha256sum /www/public/keyxchangev2data | cut -f1 -d " ") +if [ "$sumnew" != "$sumold" ]; then + echo "New file detect, we reconfigure the Node"; + + # copy the file to webroot that other Meshrouter can download them + cp /tmp/keyxchangev2data /www/public/ + + json_load "$(cat /tmp/keyxchangev2data)" + json_select hood + + json_get_var hood name + json_get_var mesh_bssid mesh_bssid + json_get_var mesh_essid mesh_essid + json_get_var essid essid + # i think the next things we don't active this in the first version! we can do it later + #json_get_var channel2 channel2 + #json_get_var mode2 mode2 + #json_get_var type2 type2 + #json_get_var channel5 channel5 + #json_get_var mode5 mode5 + #json_get_var type5 type5 + #json_get_var protocol protocol + + echo "Setting hood name: $hood" + uci set system.@system[0].hood=$hood + + if ! wifiDelAll; then + echo "Can't delete current wifi setup" + exit 1 + fi + + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then + echo "$phy is 2.4 GHz" + radio=$(wifiAddPhy "$phy" "1") + if [ -z "$radio" ]; then + echo "Can't create radio for $phy" + exit 1 + fi + fi + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then + echo "$phy is 5 GHz" + radio=$(wifiAddPhy "$phy" "13") + if [ -z "$radio" ]; then + echo "Can't create radio for $phy" + exit 1 + fi + fi + + if ! wifiAddAP "$radio" "$essid" "mesh" "ap" "0"; then + echo "Can't add AP interface on $radio." + exit 1 + fi + + # here we set a bit for add hidden AP + touch /tmp/hiddenapflag + + if ! wifiAddAdHocMesh "$radio" "$mesh_essid" "$mesh_bssid"; then + echo "Can't add AP interface on $radio." + exit 1 + fi + done + + echo "Loading wifi" + wifi + + +else + echo "we have no new file and do nothing"; +fi + +# and now we read the VPN Data and give this data to fff-vpn + +json_load "$(cat /tmp/keyxchangev2data)" +json_select vpn +Index="1" +rm /tmp/fastd_${project}_output +touch /tmp/fastd_${project}_output +while json_select $Index > /dev/null +do + json_get_var protocol protocol + if [ "$protocol" == "fastd"]; then + json_get_var servername name + echo "####$servername.conf" >> /tmp/fastd_${project}_output + echo "#name \"$servername\";" >> /tmp/fastd_${project}_output + json_get_var key key + echo "key \"$key\";" >> /tmp/fastd_${project}_output + json_get_var address address + json_get_var port port + echo "remote ipv4 \"$address\" port $port float;" >> /tmp/fastd_${project}_output + fi + echo "" >> /tmp/fastd_${project}_output + echo "###" >> /tmp/fastd_${project}_output +done +#this we do every 5 minutes, because it can change the VPN Protocol +#and now we get to vpn-select Script and load VPNs +sh /usr/sbin/vpn-select
hi ich seh grad ich hab da was verdreht, wird in der nächsten Version gefixt: On 15.09.2017 19:12, Christian Dresel wrote: > ths packages connect to keyxchangev2 > after review we must change the serveradress! This is only a example > > Signed-off-by: Christian Dresel <fff@chrisi01.de> > Signed-off-by: Jan Kraus <mayosemmel@gmail.com> > > Update in v2: > - clean tabstops > - move the json vpn out of the if because we need this after reboot > > Update in v5: > !!UNTESTED!! > - change hidden AP ip to locallink > - Open hidden AP after more checks > - Load json File from Gateway if Gateway in Batman in Range > > > Signed-off-by: Christian Dresel <fff@chrisi01.de> > --- > src/packages/fff/fff-hoods/Makefile | 39 ++++ > .../files/etc/hotplug.d/iface/50-fff-hoods | 5 + > .../fff/fff-hoods/files/usr/lib/micron.d/fff-hoods | 1 + > .../fff/fff-hoods/files/usr/sbin/configurehood | 209 +++++++++++++++++++++ > 4 files changed, 254 insertions(+) > create mode 100644 src/packages/fff/fff-hoods/Makefile > create mode 100644 src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods > create mode 100644 src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods > create mode 100755 src/packages/fff/fff-hoods/files/usr/sbin/configurehood > > diff --git a/src/packages/fff/fff-hoods/Makefile b/src/packages/fff/fff-hoods/Makefile > new file mode 100644 > index 0000000..f85178d > --- /dev/null > +++ b/src/packages/fff/fff-hoods/Makefile > @@ -0,0 +1,39 @@ > +include $(TOPDIR)/rules.mk > + > +PKG_NAME:=fff-hoods > +PKG_VERSION:=0.0.1 > +PKG_RELEASE:=1 > + > +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoods > + > +include $(INCLUDE_DIR)/package.mk > + > +define Package/fff-hoods > + SECTION:=base > + CATEGORY:=Freifunk > + TITLE:= Freifunk-Franken hoods > + URL:=http://www.freifunk-franken.de > + DEPENDS:=+fff-network > +endef > + > +define Package/fff-hoods/description > + This package load and configures the current hood > +endef > + > +define Build/Prepare > + echo "all: " > $(PKG_BUILD_DIR)/Makefile > +endef > + > +define Build/Configure > + # nothing > +endef > + > +define Build/Compile > + # nothing > +endef > + > +define Package/fff-hoods/install > + $(CP) ./files/* $(1)/ > +endef > + > +$(eval $(call BuildPackage,fff-hoods)) > diff --git a/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods > new file mode 100644 > index 0000000..49f53e3 > --- /dev/null > +++ b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods > @@ -0,0 +1,5 @@ > +#!/bin/sh > +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && { > + sleep 3 > + /usr/sbin/configurehood > +} > diff --git a/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods > new file mode 100644 > index 0000000..ca8d798 > --- /dev/null > +++ b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods > @@ -0,0 +1 @@ > +*/5 * * * * /usr/sbin/configurehood > diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > new file mode 100755 > index 0000000..49c36c7 > --- /dev/null > +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > @@ -0,0 +1,209 @@ > +#!/bin/sh > + > +. /usr/share/libubox/jshn.sh > +. /lib/functions/fff/wireless > +. /etc/community.cfg > + > +# hidden AP check > + > +if [ -n /tmp/hiddenapflag ]; then > + if [ "$(batctl gwl | wc -l)" -gt 2 ]; then > + if ! wifiAddAP "$radio" "config.franken.freifunk.net" "configap" "configap" "1"; then > + echo "Can't add AP interface on $radio." > + exit 1 > + else > + #we must set here a fix ip adress > + uci set network.configap=interface > + uci set network.configap.proto='static' > + uci set network.configap.ip6addr='fded:c8f0:4b9a::1/64' eigentlich muss hier die fe80::1 gesetzt werden und... > + uci commit network > + fi > + else > + rm /tmp/hiddenapflag > + fi > +fi > + > +project="$VPN_PROJECT" > +lat=$(uci get system.@system[0].latitude) > +long=$(uci get system.@system[0].longitude) > +mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) > +hostname=$(cat /proc/sys/kernel/hostname) > +[ "$hostname" = "OpenWrt" ] && hostname="" > +[ "$hostname" = "" ] && hostname="$mac" > + > +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver > +test_ipv4_host2="8.8.8.8" # Google DNS > +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag > + > +# if we have Internet, we download the Hoodfile from the keyxchangev2 > +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null || > + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null || > + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then > + # do we have a fastd secret > + if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then > + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }') > + uci set fastd.${project}.secret="$secret" > + uci commit fastd > + fi > + pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable) > + #don't know what about port? Need this? Have we this in der old version? > + wget -T15 "http://144.76.70.189/keyserver/json.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/keyxchangev2data > + #if no Internet, we connect to the hidden AP and download the file from another Node in range > +else > + # connect to wireless hidden ap here and download from the next router the json File -O /tmp/keyxchangev2data > + # only to that, when we have no gateway in range. If the Uplinkrouter change the hood, we lost the GW and to this automatically again i think! Nice idea? > + if [ "$(batctl gwl | wc -l)" -lt 3 ]; then > + #now we haven't a gateway in Range, we search for a hidden AP to get a keyxchangev2data file! > + #first we delete all wifi settings > + if ! wifiDelAll; then > + echo "Can't delete current wifi setup" > + exit 1 > + fi > + #now we look for phy and add this > + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do > + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then > + echo "$phy is 2.4 GHz" > + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL") > + if [ -z "$radio" ]; then > + echo "Can't create radio for $phy" > + exit 1 > + fi > + fi > + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then > + echo "$phy is 5 GHz" > + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL_5GHZ") > + if [ -z "$radio" ]; then > + echo "Can't create radio for $phy" > + exit 1 > + fi > + fi > + #and here we add the station > + if ! wifiAddSta "$radio" "config.franken.freifunk.net" "configSta"; then > + echo "Can't add Sta interface on $radio." > + exit 1 > + else > + # here we must set a fix ip adress on the new wifi interface! > + uci set network.configSta=interface > + uci set network.configSta.proto='static' > + # we need a random adress because it can more than 1 Router connect! > + # Set fe80::1 as IP > + uci set network.configSta.ip6addr="fe80::1" > + uci commit network ...der Kram kann ersatzlos gestrichen werden da sowieso ne fe80::MAC Adresse auf einer Station generiert werden sollte, ich hab die Station und den AP in der v5 vertauscht. mfg Christian > + fi > + > + done > + wifi > + # wait a moment to start the interface > + sleep 10; > + #and here we can download the Hoodfile from the other node > + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data > + else > + echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1" > + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data > + fi > + > + > +fi > + > +# we get a json file in this format: > +# https://pw.freifunk-franken.de/patch/205/ > +# but without signature, every hood file we get is valid! > + > +sumnew=$(sha256sum /tmp/keyxchangev2data | cut -f1 -d " ") > +sumold=$(sha256sum /www/public/keyxchangev2data | cut -f1 -d " ") > +if [ "$sumnew" != "$sumold" ]; then > + echo "New file detect, we reconfigure the Node"; > + > + # copy the file to webroot that other Meshrouter can download them > + cp /tmp/keyxchangev2data /www/public/ > + > + json_load "$(cat /tmp/keyxchangev2data)" > + json_select hood > + > + json_get_var hood name > + json_get_var mesh_bssid mesh_bssid > + json_get_var mesh_essid mesh_essid > + json_get_var essid essid > + # i think the next things we don't active this in the first version! we can do it later > + #json_get_var channel2 channel2 > + #json_get_var mode2 mode2 > + #json_get_var type2 type2 > + #json_get_var channel5 channel5 > + #json_get_var mode5 mode5 > + #json_get_var type5 type5 > + #json_get_var protocol protocol > + > + echo "Setting hood name: $hood" > + uci set system.@system[0].hood=$hood > + > + if ! wifiDelAll; then > + echo "Can't delete current wifi setup" > + exit 1 > + fi > + > + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do > + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then > + echo "$phy is 2.4 GHz" > + radio=$(wifiAddPhy "$phy" "1") > + if [ -z "$radio" ]; then > + echo "Can't create radio for $phy" > + exit 1 > + fi > + fi > + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then > + echo "$phy is 5 GHz" > + radio=$(wifiAddPhy "$phy" "13") > + if [ -z "$radio" ]; then > + echo "Can't create radio for $phy" > + exit 1 > + fi > + fi > + > + if ! wifiAddAP "$radio" "$essid" "mesh" "ap" "0"; then > + echo "Can't add AP interface on $radio." > + exit 1 > + fi > + > + # here we set a bit for add hidden AP > + touch /tmp/hiddenapflag > + > + if ! wifiAddAdHocMesh "$radio" "$mesh_essid" "$mesh_bssid"; then > + echo "Can't add AP interface on $radio." > + exit 1 > + fi > + done > + > + echo "Loading wifi" > + wifi > + > + > +else > + echo "we have no new file and do nothing"; > +fi > + > +# and now we read the VPN Data and give this data to fff-vpn > + > +json_load "$(cat /tmp/keyxchangev2data)" > +json_select vpn > +Index="1" > +rm /tmp/fastd_${project}_output > +touch /tmp/fastd_${project}_output > +while json_select $Index > /dev/null > +do > + json_get_var protocol protocol > + if [ "$protocol" == "fastd"]; then > + json_get_var servername name > + echo "####$servername.conf" >> /tmp/fastd_${project}_output > + echo "#name \"$servername\";" >> /tmp/fastd_${project}_output > + json_get_var key key > + echo "key \"$key\";" >> /tmp/fastd_${project}_output > + json_get_var address address > + json_get_var port port > + echo "remote ipv4 \"$address\" port $port float;" >> /tmp/fastd_${project}_output > + fi > + echo "" >> /tmp/fastd_${project}_output > + echo "###" >> /tmp/fastd_${project}_output > +done > +#this we do every 5 minutes, because it can change the VPN Protocol > +#and now we get to vpn-select Script and load VPNs > +sh /usr/sbin/vpn-select >
Hi Am Freitag, den 15.09.2017, 19:12 +0200 schrieb Christian Dresel: > ths packages connect to keyxchangev2 > after review we must change the serveradress! This is only a example > > Signed-off-by: Christian Dresel <fff@chrisi01.de> > Signed-off-by: Jan Kraus <mayosemmel@gmail.com> > > Update in v2: > - clean tabstops > - move the json vpn out of the if because we need this after reboot > > Update in v5: > !!UNTESTED!! > - change hidden AP ip to locallink > - Open hidden AP after more checks > - Load json File from Gateway if Gateway in Batman in Range > > > Signed-off-by: Christian Dresel <fff@chrisi01.de> > --- > src/packages/fff/fff-hoods/Makefile | 39 ++++ > .../files/etc/hotplug.d/iface/50-fff-hoods | 5 + > .../fff/fff-hoods/files/usr/lib/micron.d/fff-hoods | 1 + > .../fff/fff-hoods/files/usr/sbin/configurehood | 209 +++++++++++++++++++++ > 4 files changed, 254 insertions(+) > create mode 100644 src/packages/fff/fff-hoods/Makefile > create mode 100644 src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods > create mode 100644 src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods > create mode 100755 src/packages/fff/fff-hoods/files/usr/sbin/configurehood > > diff --git a/src/packages/fff/fff-hoods/Makefile b/src/packages/fff/fff-hoods/Makefile > new file mode 100644 > index 0000000..f85178d > --- /dev/null > +++ b/src/packages/fff/fff-hoods/Makefile > @@ -0,0 +1,39 @@ > +include $(TOPDIR)/rules.mk > + > +PKG_NAME:=fff-hoods > +PKG_VERSION:=0.0.1 > +PKG_RELEASE:=1 > + > +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoods > + > +include $(INCLUDE_DIR)/package.mk > + > +define Package/fff-hoods > + SECTION:=base > + CATEGORY:=Freifunk > + TITLE:= Freifunk-Franken hoods > + URL:=http://www.freifunk-franken.de > + DEPENDS:=+fff-network > +endef > + > +define Package/fff-hoods/description > + This package load and configures the current hood > +endef > + > +define Build/Prepare > + echo "all: " > $(PKG_BUILD_DIR)/Makefile > +endef > + > +define Build/Configure > + # nothing > +endef > + > +define Build/Compile > + # nothing > +endef > + > +define Package/fff-hoods/install > + $(CP) ./files/* $(1)/ > +endef > + > +$(eval $(call BuildPackage,fff-hoods)) > diff --git a/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods > new file mode 100644 > index 0000000..49f53e3 > --- /dev/null > +++ b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods > @@ -0,0 +1,5 @@ > +#!/bin/sh > +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && { > + sleep 3 > + /usr/sbin/configurehood > +} > diff --git a/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods > new file mode 100644 > index 0000000..ca8d798 > --- /dev/null > +++ b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods > @@ -0,0 +1 @@ > +*/5 * * * * /usr/sbin/configurehood > diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > new file mode 100755 > index 0000000..49c36c7 > --- /dev/null > +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > @@ -0,0 +1,209 @@ > +#!/bin/sh > + > +. /usr/share/libubox/jshn.sh > +. /lib/functions/fff/wireless > +. /etc/community.cfg Wofür ist das? Nur für das $project=fff ? Dann weg lassen und hart kodieren. > + > +# hidden AP check > + > +if [ -n /tmp/hiddenapflag ]; then Nicht -n sondern -f. Mehr Informationen dazu kriegst du, wenn du "man test" in dein magisches schwarzes Fenster eingibst. > + if [ "$(batctl gwl | wc -l)" -gt 2 ]; then Warum 2? Ist da vielleicht noch etwas "Schrott" im Output? Man sollte den Check vielleicht in eine Funktion auslagern: isGatewayAvailable() { if [ "$(batctl gwl | wc -l)" -gt 2 ]; then return true; else return false; fi } > + if ! wifiAddAP "$radio" "config.franken.freifunk.net" "configap" "configap" "1"; then > + echo "Can't add AP interface on $radio." > + exit 1 > + else > + #we must set here a fix ip adress > + uci set network.configap=interface > + uci set network.configap.proto='static' > + uci set network.configap.ip6addr='fded:c8f0:4b9a::1/64' Ah ja. Hier war das mit der fe80::1 .. > + uci commit network > + fi > + else > + rm /tmp/hiddenapflag > + fi > +fi > + > +project="$VPN_PROJECT" Brauch man nicht. > +lat=$(uci get system.@system[0].latitude) > +long=$(uci get system.@system[0].longitude) > +mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) Müssen wir die MAC noch mitschicken? > +hostname=$(cat /proc/sys/kernel/hostname) > +[ "$hostname" = "OpenWrt" ] && hostname="" > +[ "$hostname" = "" ] && hostname="$mac" > + > +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver > +test_ipv4_host2="8.8.8.8" # Google DNS > +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag > + > +# if we have Internet, we download the Hoodfile from the keyxchangev2 > +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null || > + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null || > + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then > + # do we have a fastd secret > + if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then > + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }') > + uci set fastd.${project}.secret="$secret" > + uci commit fastd > + fi > + pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable) Brauchen wir nicht mehr. > + #don't know what about port? Need this? Have we this in der old version? > + wget -T15 "http://144.76.70.189/keyserver/json.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/keyxchangev2data Das Zeug sollte noch auf keyserver.freifunk-franken.de .. Ich denke es reicht, wenn wir lat/lon übermitteln. > + #if no Internet, we connect to the hidden AP and download the file from another Node in range > +else > + # connect to wireless hidden ap here and download from the next router the json File -O /tmp/keyxchangev2data > + # only to that, when we have no gateway in range. If the Uplinkrouter change the hood, we lost the GW and to this automatically again i think! Nice idea? > + if [ "$(batctl gwl | wc -l)" -lt 3 ]; then Wieso 3? > + #now we haven't a gateway in Range, we search for a hidden AP to get a keyxchangev2data file! > + #first we delete all wifi settings > + if ! wifiDelAll; then Das löscht nur die Config, die Interfaces gehen wohl nicht aus. > + echo "Can't delete current wifi setup" > + exit 1 > + fi > + #now we look for phy and add this > + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do > + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then > + echo "$phy is 2.4 GHz" > + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL") > + if [ -z "$radio" ]; then > + echo "Can't create radio for $phy" > + exit 1 > + fi > + fi > + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then > + echo "$phy is 5 GHz" > + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL_5GHZ") > + if [ -z "$radio" ]; then > + echo "Can't create radio for $phy" > + exit 1 > + fi > + fi > + #and here we add the station > + if ! wifiAddSta "$radio" "config.franken.freifunk.net" "configSta"; then > + echo "Can't add Sta interface on $radio." > + exit 1 > + else > + # here we must set a fix ip adress on the new wifi interface! > + uci set network.configSta=interface > + uci set network.configSta.proto='static' > + # we need a random adress because it can more than 1 Router connect! > + # Set fe80::1 as IP > + uci set network.configSta.ip6addr="fe80::1" Wird die nicht eh automatisch gesetzt? > + uci commit network > + fi > + > + done > + wifi Ggfs wurde das durch uci commit wireless, welches in der functions/wireless aufgerufen wurde bereits erledigt. > > + # wait a moment to start the interface > + sleep 10; > + #and here we can download the Hoodfile from the other node > + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data > + else > + echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1" > + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data > + fi > + > + > +fi > + > +# we get a json file in this format: > +# https://pw.freifunk-franken.de/patch/205/ > +# but without signature, every hood file we get is valid! > + > +sumnew=$(sha256sum /tmp/keyxchangev2data | cut -f1 -d " ") Was passiert, wenn der Download nicht geklappt hat? > +sumold=$(sha256sum /www/public/keyxchangev2data | cut -f1 -d " ") Was passiert, wenn die Datei noch nicht da ist? > +if [ "$sumnew" != "$sumold" ]; then > + echo "New file detect, we reconfigure the Node"; > + > + # copy the file to webroot that other Meshrouter can download them > + cp /tmp/keyxchangev2data /www/public/ > + > + json_load "$(cat /tmp/keyxchangev2data)" > + json_select hood > + > + json_get_var hood name > + json_get_var mesh_bssid mesh_bssid > + json_get_var mesh_essid mesh_essid > + json_get_var essid essid > + # i think the next things we don't active this in the first version! we can do it later > + #json_get_var channel2 channel2 > + #json_get_var mode2 mode2 > + #json_get_var type2 type2 > + #json_get_var channel5 channel5 > + #json_get_var mode5 mode5 > + #json_get_var type5 type5 > + #json_get_var protocol protocol > + > + echo "Setting hood name: $hood" > + uci set system.@system[0].hood=$hood > + > + if ! wifiDelAll; then > + echo "Can't delete current wifi setup" > + exit 1 > + fi > + > + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do > + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then > + echo "$phy is 2.4 GHz" > + radio=$(wifiAddPhy "$phy" "1") > + if [ -z "$radio" ]; then > + echo "Can't create radio for $phy" > + exit 1 > + fi > + fi > + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then > + echo "$phy is 5 GHz" > + radio=$(wifiAddPhy "$phy" "13") > + if [ -z "$radio" ]; then > + echo "Can't create radio for $phy" > + exit 1 > + fi > + fi > + > + if ! wifiAddAP "$radio" "$essid" "mesh" "ap" "0"; then > + echo "Can't add AP interface on $radio." > + exit 1 > + fi > + > + # here we set a bit for add hidden AP > + touch /tmp/hiddenapflag > + > + if ! wifiAddAdHocMesh "$radio" "$mesh_essid" "$mesh_bssid"; then > + echo "Can't add AP interface on $radio." > + exit 1 > + fi > + done > + > + echo "Loading wifi" > + wifi s.o. > + > + Das VPN muss hier noch eingestellt werden. > +else > + echo "we have no new file and do nothing"; > +fi > + > +# and now we read the VPN Data and give this data to fff-vpn > + > +json_load "$(cat /tmp/keyxchangev2data)" Oh. Nochmal öffnen? Auch, wenn die Datei gar nicht neu war? Ich denke das muss oben mit rein. > +json_select vpn > +Index="1" > +rm /tmp/fastd_${project}_output > +touch /tmp/fastd_${project}_output > +while json_select $Index > /dev/null > +do > + json_get_var protocol protocol > + if [ "$protocol" == "fastd"]; then > + json_get_var servername name > + echo "####$servername.conf" >> /tmp/fastd_${project}_output > + echo "#name \"$servername\";" >> /tmp/fastd_${project}_output > + json_get_var key key > + echo "key \"$key\";" >> /tmp/fastd_${project}_output > + json_get_var address address > + json_get_var port port > + echo "remote ipv4 \"$address\" port $port float;" >> /tmp/fastd_${project}_output An dieser Stelle sollte besser gleich die richtige fastd Config (/etc/fastd/fff/peers/$file) angelegt werden. Und danach der fastd einmal reloaded werden. Ich hab vorhin noch überlegt, ob man diese Funktionalität nicht auch gut auslagern könnte. Wie genau das aussehen könnte weiß ich auch noch nicht so genau. Vielleicht, in dem unser fff-fastd Paket ein Script nach /lib/functions/fff/vpn/fastd gelegt wird. Hier würde man dann nur prüfen ob diese Datei da ist (das wäre sie ja, wenn das Paket eingebacken wurde) und würde sie dann mit den passenden Parametern starten. Das selbe würde man mit Tunneldigger machen. > + fi Der else Zweig für den Tunneldigger fehlt. > + echo "" >> /tmp/fastd_${project}_output > + echo "###" >> /tmp/fastd_${project}_output > +done > +#this we do every 5 minutes, because it can change the VPN Protocol > +#and now we get to vpn-select Script and load VPNs > +sh /usr/sbin/vpn-select Das wird nicht mehr benötigt. Tim > -- > 2.1.4 >
hi On 15.09.2017 23:51, Tim Niemeyer wrote: > Hi > > Am Freitag, den 15.09.2017, 19:12 +0200 schrieb Christian Dresel: >> ths packages connect to keyxchangev2 >> after review we must change the serveradress! This is only a example >> >> Signed-off-by: Christian Dresel <fff@chrisi01.de> >> Signed-off-by: Jan Kraus <mayosemmel@gmail.com> >> >> Update in v2: >> - clean tabstops >> - move the json vpn out of the if because we need this after reboot >> >> Update in v5: >> !!UNTESTED!! >> - change hidden AP ip to locallink >> - Open hidden AP after more checks >> - Load json File from Gateway if Gateway in Batman in Range >> >> >> Signed-off-by: Christian Dresel <fff@chrisi01.de> >> --- >> src/packages/fff/fff-hoods/Makefile | 39 ++++ >> .../files/etc/hotplug.d/iface/50-fff-hoods | 5 + >> .../fff/fff-hoods/files/usr/lib/micron.d/fff-hoods | 1 + >> .../fff/fff-hoods/files/usr/sbin/configurehood | 209 +++++++++++++++++++++ >> 4 files changed, 254 insertions(+) >> create mode 100644 src/packages/fff/fff-hoods/Makefile >> create mode 100644 src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods >> create mode 100644 src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods >> create mode 100755 src/packages/fff/fff-hoods/files/usr/sbin/configurehood >> >> diff --git a/src/packages/fff/fff-hoods/Makefile b/src/packages/fff/fff-hoods/Makefile >> new file mode 100644 >> index 0000000..f85178d >> --- /dev/null >> +++ b/src/packages/fff/fff-hoods/Makefile >> @@ -0,0 +1,39 @@ >> +include $(TOPDIR)/rules.mk >> + >> +PKG_NAME:=fff-hoods >> +PKG_VERSION:=0.0.1 >> +PKG_RELEASE:=1 >> + >> +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoods >> + >> +include $(INCLUDE_DIR)/package.mk >> + >> +define Package/fff-hoods >> + SECTION:=base >> + CATEGORY:=Freifunk >> + TITLE:= Freifunk-Franken hoods >> + URL:=http://www.freifunk-franken.de >> + DEPENDS:=+fff-network >> +endef >> + >> +define Package/fff-hoods/description >> + This package load and configures the current hood >> +endef >> + >> +define Build/Prepare >> + echo "all: " > $(PKG_BUILD_DIR)/Makefile >> +endef >> + >> +define Build/Configure >> + # nothing >> +endef >> + >> +define Build/Compile >> + # nothing >> +endef >> + >> +define Package/fff-hoods/install >> + $(CP) ./files/* $(1)/ >> +endef >> + >> +$(eval $(call BuildPackage,fff-hoods)) >> diff --git a/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods >> new file mode 100644 >> index 0000000..49f53e3 >> --- /dev/null >> +++ b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods >> @@ -0,0 +1,5 @@ >> +#!/bin/sh >> +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && { >> + sleep 3 >> + /usr/sbin/configurehood >> +} >> diff --git a/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods >> new file mode 100644 >> index 0000000..ca8d798 >> --- /dev/null >> +++ b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods >> @@ -0,0 +1 @@ >> +*/5 * * * * /usr/sbin/configurehood >> diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >> new file mode 100755 >> index 0000000..49c36c7 >> --- /dev/null >> +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >> @@ -0,0 +1,209 @@ >> +#!/bin/sh >> + >> +. /usr/share/libubox/jshn.sh >> +. /lib/functions/fff/wireless >> +. /etc/community.cfg > Wofür ist das? Nur für das $project=fff ? Dann weg lassen und hart > kodieren. ack > >> + >> +# hidden AP check >> + >> +if [ -n /tmp/hiddenapflag ]; then > Nicht -n sondern -f. > > Mehr Informationen dazu kriegst du, wenn du "man test" in dein magisches > schwarzes Fenster eingibst. schau ich mir an danke > >> + if [ "$(batctl gwl | wc -l)" -gt 2 ]; then > Warum 2? Ist da vielleicht noch etwas "Schrott" im Output? es gibt im neuen Batman keinen Output mehr in der Art "No Gatewy in Range" Es kommen 2 Zeilen die immer gleich da sind und dann pro GW eine weitere Zeile dazu. Wenn es also >2 Zeilen sind, haben wir ein GW in Range bei (<)=2 keins. > > Man sollte den Check vielleicht in eine Funktion auslagern: > isGatewayAvailable() { > if [ "$(batctl gwl | wc -l)" -gt 2 ]; then > return true; > else > return false; > fi > } jupp darüber hab ich auch bereits nachgedacht, macht vermutlich wirklich Sinn. > >> + if ! wifiAddAP "$radio" "config.franken.freifunk.net" "configap" "configap" "1"; then >> + echo "Can't add AP interface on $radio." >> + exit 1 >> + else >> + #we must set here a fix ip adress >> + uci set network.configap=interface >> + uci set network.configap.proto='static' >> + uci set network.configap.ip6addr='fded:c8f0:4b9a::1/64' > Ah ja. Hier war das mit der fe80::1 .. siehe meine erste Antwort auf diese Mail, das hab ich total vermasselt ;) > >> + uci commit network >> + fi >> + else >> + rm /tmp/hiddenapflag >> + fi >> +fi >> + >> +project="$VPN_PROJECT" > Brauch man nicht. ack > >> +lat=$(uci get system.@system[0].latitude) >> +long=$(uci get system.@system[0].longitude) >> +mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) > Müssen wir die MAC noch mitschicken? Wenn wir fastd so betreiben wie besprochen... ähm nein müssen wir dann auch nicht mehr. Wir müssen eigentlich nur noch lat/lon mitschicken, der ganze andere Rest sollte unnötig sein. Der Keyserver muss die Daten noch nicht mal mehr speichern. Wir brauchen ja nur noch die Json für die Koordinaten das ganze andere Zeug kann weg oder? > >> +hostname=$(cat /proc/sys/kernel/hostname) >> +[ "$hostname" = "OpenWrt" ] && hostname="" >> +[ "$hostname" = "" ] && hostname="$mac" >> + >> +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver >> +test_ipv4_host2="8.8.8.8" # Google DNS >> +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag >> + >> +# if we have Internet, we download the Hoodfile from the keyxchangev2 >> +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null || >> + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null || >> + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then >> + # do we have a fastd secret >> + if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then >> + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }') >> + uci set fastd.${project}.secret="$secret" >> + uci commit fastd >> + fi >> + pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable) > Brauchen wir nicht mehr. das wäre super, dann können wir das Script auch problemlos direkt beim Start in der rc.local aufrufen. > >> + #don't know what about port? Need this? Have we this in der old version? >> + wget -T15 "http://144.76.70.189/keyserver/json.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/keyxchangev2data > Das Zeug sollte noch auf keyserver.freifunk-franken.de .. siehe commit Message, das ist so zum testen (da dort ein lauffähiger keyxchange läuft) und sollte vor dem applien geändert werden. > > Ich denke es reicht, wenn wir lat/lon übermitteln. ah hab ich oben bereits vermutet das dies reicht ;) > >> + #if no Internet, we connect to the hidden AP and download the file from another Node in range >> +else >> + # connect to wireless hidden ap here and download from the next router the json File -O /tmp/keyxchangev2data >> + # only to that, when we have no gateway in range. If the Uplinkrouter change the hood, we lost the GW and to this automatically again i think! Nice idea? >> + if [ "$(batctl gwl | wc -l)" -lt 3 ]; then > Wieso 3? siehe auch oben, bei weniger als 3 haben wir kein GW in Range. Wird dann aber vermutlich später über die Funktion gelöst. > >> + #now we haven't a gateway in Range, we search for a hidden AP to get a keyxchangev2data file! >> + #first we delete all wifi settings >> + if ! wifiDelAll; then > Das löscht nur die Config, die Interfaces gehen wohl nicht aus. da wir am Ende ein wifi ausführen gibt es keine config mehr und sie gehen dann schon aus oder? Zumindest waren sie das bei mir immer in den ersten Tests. > >> + echo "Can't delete current wifi setup" >> + exit 1 >> + fi >> + #now we look for phy and add this >> + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do >> + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then >> + echo "$phy is 2.4 GHz" >> + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL") >> + if [ -z "$radio" ]; then >> + echo "Can't create radio for $phy" >> + exit 1 >> + fi >> + fi >> + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then >> + echo "$phy is 5 GHz" >> + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL_5GHZ") >> + if [ -z "$radio" ]; then >> + echo "Can't create radio for $phy" >> + exit 1 >> + fi >> + fi >> + #and here we add the station >> + if ! wifiAddSta "$radio" "config.franken.freifunk.net" "configSta"; then >> + echo "Can't add Sta interface on $radio." >> + exit 1 >> + else >> + # here we must set a fix ip adress on the new wifi interface! >> + uci set network.configSta=interface >> + uci set network.configSta.proto='static' >> + # we need a random adress because it can more than 1 Router connect! >> + # Set fe80::1 as IP >> + uci set network.configSta.ip6addr="fe80::1" > Wird die nicht eh automatisch gesetzt? siehe letzte Antwort auf diese Mail, hab ich vermasselt und diese Zeile für den Hidden AP gehalten ;) ja kann natürlich weg. > >> + uci commit network >> + fi >> + >> + done >> + wifi > Ggfs wurde das durch uci commit wireless, welches in der > functions/wireless aufgerufen wurde bereits erledigt. ich glaube das war nötig um die Änderung zu übernehmen, schau es mir gerne bei einem Test aber nochmal ohne an. > >> >> + # wait a moment to start the interface >> + sleep 10; >> + #and here we can download the Hoodfile from the other node >> + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data >> + else >> + echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1" >> + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data >> + fi >> + >> + >> +fi >> + >> +# we get a json file in this format: >> +# https://pw.freifunk-franken.de/patch/205/ >> +# but without signature, every hood file we get is valid! >> + >> +sumnew=$(sha256sum /tmp/keyxchangev2data | cut -f1 -d " ") > Was passiert, wenn der Download nicht geklappt hat? > >> +sumold=$(sha256sum /www/public/keyxchangev2data | cut -f1 -d " ") > Was passiert, wenn die Datei noch nicht da ist? > >> +if [ "$sumnew" != "$sumold" ]; then wenn da Files fehlen gibt es mit diesen IF anscheinend wirklich Probleme. Muss ich mir mal überlegen wie man das besser machen kann. >> + echo "New file detect, we reconfigure the Node"; >> + >> + # copy the file to webroot that other Meshrouter can download them >> + cp /tmp/keyxchangev2data /www/public/ >> + >> + json_load "$(cat /tmp/keyxchangev2data)" >> + json_select hood >> + >> + json_get_var hood name >> + json_get_var mesh_bssid mesh_bssid >> + json_get_var mesh_essid mesh_essid >> + json_get_var essid essid >> + # i think the next things we don't active this in the first version! we can do it later >> + #json_get_var channel2 channel2 >> + #json_get_var mode2 mode2 >> + #json_get_var type2 type2 >> + #json_get_var channel5 channel5 >> + #json_get_var mode5 mode5 >> + #json_get_var type5 type5 >> + #json_get_var protocol protocol >> + >> + echo "Setting hood name: $hood" >> + uci set system.@system[0].hood=$hood >> + >> + if ! wifiDelAll; then >> + echo "Can't delete current wifi setup" >> + exit 1 >> + fi >> + >> + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do >> + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then >> + echo "$phy is 2.4 GHz" >> + radio=$(wifiAddPhy "$phy" "1") >> + if [ -z "$radio" ]; then >> + echo "Can't create radio for $phy" >> + exit 1 >> + fi >> + fi >> + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then >> + echo "$phy is 5 GHz" >> + radio=$(wifiAddPhy "$phy" "13") >> + if [ -z "$radio" ]; then >> + echo "Can't create radio for $phy" >> + exit 1 >> + fi >> + fi >> + >> + if ! wifiAddAP "$radio" "$essid" "mesh" "ap" "0"; then >> + echo "Can't add AP interface on $radio." >> + exit 1 >> + fi >> + >> + # here we set a bit for add hidden AP >> + touch /tmp/hiddenapflag >> + >> + if ! wifiAddAdHocMesh "$radio" "$mesh_essid" "$mesh_bssid"; then >> + echo "Can't add AP interface on $radio." >> + exit 1 >> + fi >> + done >> + >> + echo "Loading wifi" >> + wifi > s.o. > >> + >> + > Das VPN muss hier noch eingestellt werden. ich würde eher Vorschlagen, das VPN soll weiterhin das vpn-select Package einstellen, dafür ist es ja da. > >> +else >> + echo "we have no new file and do nothing"; >> +fi >> + >> +# and now we read the VPN Data and give this data to fff-vpn >> + >> +json_load "$(cat /tmp/keyxchangev2data)" > Oh. Nochmal öffnen? Auch, wenn die Datei gar nicht neu war? hmh unnötig oder ;) > > Ich denke das muss oben mit rein. nein weil es kann sich z.b. das Tunnelprotokoll auf einen GW ändern z.b. bisher kein l2tp angeboten jetzt hat er auf einmal l2tp da bleibt die json gleich aber es ändert sich was, deshalb muss das immer alle 5min ausgeführt werden. Wie bisher übrigens auch, das was ich hier ins /tmp wegschreiben hat die alte Firmware alle 5 Minuten vom keyxchange heruntergeladen und ebenfalls nach /tmp weggeschrieben und den rest ausgeführt, es ändert sich von der Funtkion des vpn-select also nur recht wenig, siehe 3/4. > >> +json_select vpn >> +Index="1" >> +rm /tmp/fastd_${project}_output >> +touch /tmp/fastd_${project}_output >> +while json_select $Index > /dev/null >> +do >> + json_get_var protocol protocol >> + if [ "$protocol" == "fastd"]; then >> + json_get_var servername name >> + echo "####$servername.conf" >> /tmp/fastd_${project}_output >> + echo "#name \"$servername\";" >> /tmp/fastd_${project}_output >> + json_get_var key key >> + echo "key \"$key\";" >> /tmp/fastd_${project}_output >> + json_get_var address address >> + json_get_var port port >> + echo "remote ipv4 \"$address\" port $port float;" >> /tmp/fastd_${project}_output > An dieser Stelle sollte besser gleich die richtige fastd Config > (/etc/fastd/fff/peers/$file) angelegt werden. Und danach der fastd > einmal reloaded werden. > > Ich hab vorhin noch überlegt, ob man diese Funktionalität nicht auch gut > auslagern könnte. Wie genau das aussehen könnte weiß ich auch noch nicht > so genau. Vielleicht, in dem unser fff-fastd Paket ein Script > nach /lib/functions/fff/vpn/fastd gelegt wird. Hier würde man dann nur > prüfen ob diese Datei da ist (das wäre sie ja, wenn das Paket > eingebacken wurde) und würde sie dann mit den passenden Parametern > starten. Das selbe würde man mit Tunneldigger machen. > >> + fi > Der else Zweig für den Tunneldigger fehlt. das soll mMn weiterhin das GW entscheiden ob es Tunneldigger anbietet oder nicht und nicht in der json stehen. Ich bin dagegen diese Info in die json zu kodieren dafür ist der Tunneldigger viel zu wacklig. Ich hab das in letzter Zeit sehr häufig an und wieder ab geschaltet und das will ich auf meinem GW machen können und nicht jedes mal die json / keyxchangev2 oder gar übern dez. keyxxchange signiert rumeditieren. Da die json aber so aufgebaut war, hab ich erstmal das Protokoll abgefragt kann man dann aber vermutlich auch einfach weglassen wenn man sich dafür entscheidet das so zu machen wie ich es gerne hätte. > >> + echo "" >> /tmp/fastd_${project}_output >> + echo "###" >> /tmp/fastd_${project}_output >> +done >> +#this we do every 5 minutes, because it can change the VPN Protocol >> +#and now we get to vpn-select Script and load VPNs >> +sh /usr/sbin/vpn-select > Das wird nicht mehr benötigt. Ich würde Vorschlagen das ganze VPN Zeug weiterhin den vpn-select Script machen zu lassen. Wir übergeben ihn hier nur die Daten. Optimieren kann man das ganze, wenn das vpn-select Script selbst die json zerlegt das wäre für mich der 2. Schritt. Erstmal soll das Zeug laufen ohne zuviel in anderen Packages rumzueditieren. Da kann man dann weitere Patches drauf aufbauen (siehe Pad [1], da ist dies bereits unter "Zukünftige Änderungen..." eingetragen) mfg Christian [1] https://pad.freifunk.net/p/keyxchangev2 > > Tim >> -- >> 2.1.4 >> > > >