From patchwork Mon Nov 20 22:41:48 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: configurehood: Prevent connecting to hoods
From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
X-Patchwork-Id: 699
Message-Id: <1511217708-31029-1-git-send-email-freifunk@adrianschmutzler.de>
To: franken-dev@freifunk.net
Date: Mon, 20 Nov 2017 23:41:48 +0100

To prevent connecting hoods, this patch loads keyxchange files
from the local network (eth0.3/eth0) before it uses the gateway.

Thus, if other files are provided via wXconfigap, they are just
ignored. If a router is connected to two hoods by cable, it will
just disable br-mesh and wait until the next call of configurehood.
If a router is misconfigured, it is thus not working at all,
which is intended.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
---
 .../fff/fff-hoods/files/usr/sbin/configurehood     | 28 +++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
index 822e5fc..74a070a 100755
--- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
+++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
@@ -65,6 +65,8 @@ fi
 lat=$(uci -q get fff.system.latitude)
 long=$(uci -q get fff.system.longitude)
 
+(ifconfig | grep -q "br-mesh") || ifconfig br-mesh up # reenable br-mesh in case we disabled it earlier
+
 # if we have Internet, we download the Hoodfile from the keyxchangev2
 if hasInternet ; then
 	wget -T15 -t5 "http://keyserver.freifunk-franken.de/v2/?lat=$lat&long=$long" -O "$hoodfile"
@@ -119,7 +121,31 @@ else
 		fi
 	else
 		echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1"
-		wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile"
+		# check eth first
+		eth="$(batctl if | grep "eth" | sed -nE 's/.*(eth[^:]+):.*/\1/p')"
+		oldhood=""
+		for mac in $(batctl n | grep "eth" | sed -nE 's/.*eth[0-9.]+\s+([^\s]+)\s.*/\1/p'); do
+			EUI="$(echo "$mac" | awk -F: '{ printf("%02x%s:%sff:fe%s:%s%s\n", xor(("0x"$1),2), $2, $3, $4, $5, $6) }')"
+			wget -T15 -t5 "http://[fe80::${EUI}%${eth}]:2342/keyxchangev2data" -O "$hoodfile"
+			if [ -s "$hoodfile" ]; then
+				json_load "$(cat "$hoodfile")"
+				json_select hood
+				json_get_var newhood name
+				if [ -n "$oldhood" ] && [ -n "$newhood" ] && ( ! [ "$newhood" = "$oldhood" ] ) ; then
+					# 2nd hood found, kill br-mesh and try again in 5 minutes
+					echo "Two hoods detected. Remove cables to stay in just one."
+					ifconfig br-mesh down
+					exit 0
+				fi
+				oldhood="$newhood"
+			fi
+		done
+		if [ ! -s "$hoodfile" ]; then
+			# Only load hoodfile from gateway if not already present from local network
+			# - This gives local network a precedence (take the hood from local network)
+			# - This prevents file insertion from a third person, as will will only connect via LAN to who I trust
+			wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile"
+		fi
 		#UPLINK: Do nothing
 	fi
 fi