Message ID | 1513605814-2464-1-git-send-email-freifunk@adrianschmutzler.de |
---|---|
State | Accepted |
Headers | show |
diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood index 822e5fc..e6a47df 100755 --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood @@ -10,6 +10,7 @@ sectorlocal=/etc/sectorfile sectortmp=/tmp/sectorfile sectorcopy=/www/hood/sectorfile hiddenapfile=/tmp/hiddenapflag +resetnetworkfile=/tmp/resetnetwork rm -f "$hoodfile" @@ -65,6 +66,12 @@ fi lat=$(uci -q get fff.system.latitude) long=$(uci -q get fff.system.longitude) +# reenable network interfaces in case we disabled them earlier +if [ -f "$resetnetworkfile" ]; then + /etc/init.d/network restart + rm "$resetnetworkfile" +fi + # if we have Internet, we download the Hoodfile from the keyxchangev2 if hasInternet ; then wget -T15 -t5 "http://keyserver.freifunk-franken.de/v2/?lat=$lat&long=$long" -O "$hoodfile" @@ -119,7 +126,35 @@ else fi else echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1" - wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile" + # check eth first + oldhood="" + ethfile="${hoodfile}eth" + for eth in $(batctl if | grep "eth" | sed -nE 's/.*(eth[^:]+):.*/\1/p'); do + for mac in $(batctl n | grep "$eth" | sed -nE 's/.*eth[0-9.]+\s+([^\s]+)\s.*/\1/p'); do + EUI="$(echo "$mac" | awk -F: '{ printf("%02x%s:%sff:fe%s:%s%s\n", xor(("0x"$1),2), $2, $3, $4, $5, $6) }')" + wget -T2 -t3 "http://[fe80::${EUI}%${eth}]:2342/keyxchangev2data" -O "$ethfile" + if [ -s "$ethfile" ]; then + json_load "$(cat "$ethfile")" + json_select hood + json_get_var newhood name + if [ -n "$oldhood" ] && [ -n "$newhood" ] && ( ! [ "$newhood" = "$oldhood" ] ) ; then + # 2nd hood found, kill interface and go on (next try in 5 min.) + echo "Two hoods detected. Remove cables to stay in just one." + ifconfig "$eth" down + touch "$resetnetworkfile" + continue 2 # go to the next interface + fi + mv "$ethfile" "$hoodfile" # Only use hoodfile if sane + [ -n "$oldhood" ] || oldhood="$newhood" # only set oldhood once + fi + done + done + if [ ! -s "$hoodfile" ]; then + # Only load hoodfile from gateway if not already present from local network + # - This gives local network a precedence (take the hood from local network) + # - This prevents file insertion from a third person, as I will only connect via LAN to who I trust + wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile" + fi #UPLINK: Do nothing fi fi
Hi sieht gut aus Reviewed-by: Christian Dresel <fff@chrisi01.de> Tested-by: Christian Dresel <fff@chrisi01.de> Was mich ein klein wenig beim testen gestört hat aber ich auch nicht weiß wie man es besser machen kann, durch das network restart fliegt man immer per SSH vom Router runter. Da dies aber nur passiert, wenn sowieso schon was kaputt ist, kann ich persönlich mit leben. mfg Christian On 18.12.2017 15:03, Adrian Schmutzler wrote: > To prevent connecting hoods, this patch loads keyxchange files > from the local network (eth0.3/eth0) before it uses the gateway. > > Thus, if other files are provided via wXconfigap, they are just > ignored. If a router is connected to two hoods by cable, it will > just disable the interfaces where a second hood file is detected > and wait until the next call of configurehood. > > If cable and wXmesh are different, the cable has precedence. > > If two hoods are present via cable on the same eth, wXmesh has > precedence. > > If two hoods are present via cable on different eth, the first > eth has precedence and all others are disabled. > > If cable has precedence, wXmesh is configured with the hood > file from cable. > > Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > > --- > > Changes in v2: > - ifconfig eth down instead of ifconfig br-mesh down > - networking restart to get up interfaces again > - Cycle over eths instead of assuming just one > > Changes in v3: > - Replace eth by $eth in inner for loop > - Use continue 2 instead of exit to go through all eths > - Only set oldhood once > - Use separate ethfile first, because otherwise a second eth > would overwrite the file although disabled > > Changes in v4: > - Reduced timeout and number of tries for wget > --- > .../fff/fff-hoods/files/usr/sbin/configurehood | 37 +++++++++++++++++++++- > 1 file changed, 36 insertions(+), 1 deletion(-) > > diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > index 822e5fc..e6a47df 100755 > --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > @@ -10,6 +10,7 @@ sectorlocal=/etc/sectorfile > sectortmp=/tmp/sectorfile > sectorcopy=/www/hood/sectorfile > hiddenapfile=/tmp/hiddenapflag > +resetnetworkfile=/tmp/resetnetwork > > rm -f "$hoodfile" > > @@ -65,6 +66,12 @@ fi > lat=$(uci -q get fff.system.latitude) > long=$(uci -q get fff.system.longitude) > > +# reenable network interfaces in case we disabled them earlier > +if [ -f "$resetnetworkfile" ]; then > + /etc/init.d/network restart > + rm "$resetnetworkfile" > +fi > + > # if we have Internet, we download the Hoodfile from the keyxchangev2 > if hasInternet ; then > wget -T15 -t5 "http://keyserver.freifunk-franken.de/v2/?lat=$lat&long=$long" -O "$hoodfile" > @@ -119,7 +126,35 @@ else > fi > else > echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1" > - wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile" > + # check eth first > + oldhood="" > + ethfile="${hoodfile}eth" > + for eth in $(batctl if | grep "eth" | sed -nE 's/.*(eth[^:]+):.*/\1/p'); do > + for mac in $(batctl n | grep "$eth" | sed -nE 's/.*eth[0-9.]+\s+([^\s]+)\s.*/\1/p'); do > + EUI="$(echo "$mac" | awk -F: '{ printf("%02x%s:%sff:fe%s:%s%s\n", xor(("0x"$1),2), $2, $3, $4, $5, $6) }')" > + wget -T2 -t3 "http://[fe80::${EUI}%${eth}]:2342/keyxchangev2data" -O "$ethfile" > + if [ -s "$ethfile" ]; then > + json_load "$(cat "$ethfile")" > + json_select hood > + json_get_var newhood name > + if [ -n "$oldhood" ] && [ -n "$newhood" ] && ( ! [ "$newhood" = "$oldhood" ] ) ; then > + # 2nd hood found, kill interface and go on (next try in 5 min.) > + echo "Two hoods detected. Remove cables to stay in just one." > + ifconfig "$eth" down > + touch "$resetnetworkfile" > + continue 2 # go to the next interface > + fi > + mv "$ethfile" "$hoodfile" # Only use hoodfile if sane > + [ -n "$oldhood" ] || oldhood="$newhood" # only set oldhood once > + fi > + done > + done > + if [ ! -s "$hoodfile" ]; then > + # Only load hoodfile from gateway if not already present from local network > + # - This gives local network a precedence (take the hood from local network) > + # - This prevents file insertion from a third person, as I will only connect via LAN to who I trust > + wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile" > + fi > #UPLINK: Do nothing > fi > fi
Hi Der Patch ist erstmal ganz gut und hilft weiter. Wirkt auch sehr gut durchdacht. Reviewed-by: Tim Niemeyer <tim@tn-x.org> Dennoch loest er das Problem nicht ganz korrekt, denn im Fall der Kollision bleibt die kaputte Verbindung bis zu 5 Minuten erhalten. Langfristig müssen wir also trotzdem noch weiter entwickeln. Tim Am 18. Dezember 2017 15:03:34 MEZ schrieb Adrian Schmutzler <freifunk@adrianschmutzler.de>: >To prevent connecting hoods, this patch loads keyxchange files >from the local network (eth0.3/eth0) before it uses the gateway. > >Thus, if other files are provided via wXconfigap, they are just >ignored. If a router is connected to two hoods by cable, it will >just disable the interfaces where a second hood file is detected >and wait until the next call of configurehood. > >If cable and wXmesh are different, the cable has precedence. > >If two hoods are present via cable on the same eth, wXmesh has >precedence. > >If two hoods are present via cable on different eth, the first >eth has precedence and all others are disabled. > >If cable has precedence, wXmesh is configured with the hood >file from cable. > >Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > >--- > >Changes in v2: >- ifconfig eth down instead of ifconfig br-mesh down >- networking restart to get up interfaces again >- Cycle over eths instead of assuming just one > >Changes in v3: >- Replace eth by $eth in inner for loop >- Use continue 2 instead of exit to go through all eths >- Only set oldhood once >- Use separate ethfile first, because otherwise a second eth > would overwrite the file although disabled > >Changes in v4: >- Reduced timeout and number of tries for wget >--- >.../fff/fff-hoods/files/usr/sbin/configurehood | 37 >+++++++++++++++++++++- > 1 file changed, 36 insertions(+), 1 deletion(-) > >diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >index 822e5fc..e6a47df 100755 >--- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >+++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >@@ -10,6 +10,7 @@ sectorlocal=/etc/sectorfile > sectortmp=/tmp/sectorfile > sectorcopy=/www/hood/sectorfile > hiddenapfile=/tmp/hiddenapflag >+resetnetworkfile=/tmp/resetnetwork > > rm -f "$hoodfile" > >@@ -65,6 +66,12 @@ fi > lat=$(uci -q get fff.system.latitude) > long=$(uci -q get fff.system.longitude) > >+# reenable network interfaces in case we disabled them earlier >+if [ -f "$resetnetworkfile" ]; then >+ /etc/init.d/network restart >+ rm "$resetnetworkfile" >+fi >+ > # if we have Internet, we download the Hoodfile from the keyxchangev2 > if hasInternet ; then > wget -T15 -t5 >"http://keyserver.freifunk-franken.de/v2/?lat=$lat&long=$long" -O >"$hoodfile" >@@ -119,7 +126,35 @@ else > fi > else > echo "We have a Gateway in Range, we load the keyxchangev2data from >fe80::1" >- wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O >"$hoodfile" >+ # check eth first >+ oldhood="" >+ ethfile="${hoodfile}eth" >+ for eth in $(batctl if | grep "eth" | sed -nE >'s/.*(eth[^:]+):.*/\1/p'); do >+ for mac in $(batctl n | grep "$eth" | sed -nE >'s/.*eth[0-9.]+\s+([^\s]+)\s.*/\1/p'); do >+ EUI="$(echo "$mac" | awk -F: '{ printf("%02x%s:%sff:fe%s:%s%s\n", >xor(("0x"$1),2), $2, $3, $4, $5, $6) }')" >+ wget -T2 -t3 "http://[fe80::${EUI}%${eth}]:2342/keyxchangev2data" >-O "$ethfile" >+ if [ -s "$ethfile" ]; then >+ json_load "$(cat "$ethfile")" >+ json_select hood >+ json_get_var newhood name >+ if [ -n "$oldhood" ] && [ -n "$newhood" ] && ( ! [ "$newhood" = >"$oldhood" ] ) ; then >+ # 2nd hood found, kill interface and go on (next try in 5 min.) >+ echo "Two hoods detected. Remove cables to stay in just one." >+ ifconfig "$eth" down >+ touch "$resetnetworkfile" >+ continue 2 # go to the next interface >+ fi >+ mv "$ethfile" "$hoodfile" # Only use hoodfile if sane >+ [ -n "$oldhood" ] || oldhood="$newhood" # only set oldhood once >+ fi >+ done >+ done >+ if [ ! -s "$hoodfile" ]; then >+ # Only load hoodfile from gateway if not already present from local >network >+ # - This gives local network a precedence (take the hood from local >network) >+ # - This prevents file insertion from a third person, as I will >only connect via LAN to who I trust >+ wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O >"$hoodfile" >+ fi > #UPLINK: Do nothing > fi > fi
Hi Und applied. Danke Tim Am Samstag, den 23.12.2017, 14:24 +0100 schrieb Tim Niemeyer: > Hi > > Der Patch ist erstmal ganz gut und hilft weiter. Wirkt auch sehr gut > durchdacht. > > Reviewed-by: Tim Niemeyer <tim@tn-x.org> > > Dennoch loest er das Problem nicht ganz korrekt, denn im Fall der > Kollision bleibt die kaputte Verbindung bis zu 5 Minuten erhalten. > Langfristig müssen wir also trotzdem noch weiter entwickeln. > > Tim > > > Am 18. Dezember 2017 15:03:34 MEZ schrieb Adrian Schmutzler <freifunk > @adrianschmutzler.de>: > > To prevent connecting hoods, this patch loads keyxchange files > > from the local network (eth0.3/eth0) before it uses the gateway. > > > > Thus, if other files are provided via wXconfigap, they are just > > ignored. If a router is connected to two hoods by cable, it will > > just disable the interfaces where a second hood file is detected > > and wait until the next call of configurehood. > > > > If cable and wXmesh are different, the cable has precedence. > > > > If two hoods are present via cable on the same eth, wXmesh has > > precedence. > > > > If two hoods are present via cable on different eth, the first > > eth has precedence and all others are disabled. > > > > If cable has precedence, wXmesh is configured with the hood > > file from cable. > > > > Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > > > > --- > > > > Changes in v2: > > - ifconfig eth down instead of ifconfig br-mesh down > > - networking restart to get up interfaces again > > - Cycle over eths instead of assuming just one > > > > Changes in v3: > > - Replace eth by $eth in inner for loop > > - Use continue 2 instead of exit to go through all eths > > - Only set oldhood once > > - Use separate ethfile first, because otherwise a second eth > > would overwrite the file although disabled > > > > Changes in v4: > > - Reduced timeout and number of tries for wget > > --- > > .../fff/fff-hoods/files/usr/sbin/configurehood | 37 > > +++++++++++++++++++++- > > 1 file changed, 36 insertions(+), 1 deletion(-) > > > > diff --git a/src/packages/fff/fff- > > hoods/files/usr/sbin/configurehood > > b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > > index 822e5fc..e6a47df 100755 > > --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > > +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > > @@ -10,6 +10,7 @@ sectorlocal=/etc/sectorfile > > sectortmp=/tmp/sectorfile > > sectorcopy=/www/hood/sectorfile > > hiddenapfile=/tmp/hiddenapflag > > +resetnetworkfile=/tmp/resetnetwork > > > > rm -f "$hoodfile" > > > > @@ -65,6 +66,12 @@ fi > > lat=$(uci -q get fff.system.latitude) > > long=$(uci -q get fff.system.longitude) > > > > +# reenable network interfaces in case we disabled them earlier > > +if [ -f "$resetnetworkfile" ]; then > > + /etc/init.d/network restart > > + rm "$resetnetworkfile" > > +fi > > + > > # if we have Internet, we download the Hoodfile from the > > keyxchangev2 > > if hasInternet ; then > > wget -T15 -t5 > > "http://keyserver.freifunk-franken.de/v2/?lat=$lat&long=$long" -O > > "$hoodfile" > > @@ -119,7 +126,35 @@ else > > fi > > else > > echo "We have a Gateway in Range, we load the > > keyxchangev2data from > > fe80::1" > > - wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxc > > hangev2data" -O > > "$hoodfile" > > + # check eth first > > + oldhood="" > > + ethfile="${hoodfile}eth" > > + for eth in $(batctl if | grep "eth" | sed -nE > > 's/.*(eth[^:]+):.*/\1/p'); do > > + for mac in $(batctl n | grep "$eth" | sed > > -nE > > 's/.*eth[0-9.]+\s+([^\s]+)\s.*/\1/p'); do > > + EUI="$(echo "$mac" | awk -F: '{ > > printf("%02x%s:%sff:fe%s:%s%s\n", > > xor(("0x"$1),2), $2, $3, $4, $5, $6) }')" > > + wget -T2 -t3 "http://[fe80::${EUI} > > %${eth}]:2342/keyxchangev2data" > > -O "$ethfile" > > + if [ -s "$ethfile" ]; then > > + json_load "$(cat > > "$ethfile")" > > + json_select hood > > + json_get_var newhood name > > + if [ -n "$oldhood" ] && [ > > -n "$newhood" ] && ( ! [ "$newhood" = > > "$oldhood" ] ) ; then > > + # 2nd hood found, > > kill interface and go on (next try in 5 min.) > > + echo "Two hoods > > detected. Remove cables to stay in just one." > > + ifconfig "$eth" > > down > > + touch > > "$resetnetworkfile" > > + continue 2 # go to > > the next interface > > + fi > > + mv "$ethfile" "$hoodfile" > > # Only use hoodfile if sane > > + [ -n "$oldhood" ] || > > oldhood="$newhood" # only set oldhood once > > + fi > > + done > > + done > > + if [ ! -s "$hoodfile" ]; then > > + # Only load hoodfile from gateway if not > > already present from local > > network > > + # - This gives local network a precedence > > (take the hood from local > > network) > > + # - This prevents file insertion from a > > third person, as I will > > only connect via LAN to who I trust > > + wget -T15 -t5 "http://[fe80::1%br-mesh]:23 > > 42/keyxchangev2data" -O > > "$hoodfile" > > + fi > > #UPLINK: Do nothing > > fi > > fi
To prevent connecting hoods, this patch loads keyxchange files from the local network (eth0.3/eth0) before it uses the gateway. Thus, if other files are provided via wXconfigap, they are just ignored. If a router is connected to two hoods by cable, it will just disable the interfaces where a second hood file is detected and wait until the next call of configurehood. If cable and wXmesh are different, the cable has precedence. If two hoods are present via cable on the same eth, wXmesh has precedence. If two hoods are present via cable on different eth, the first eth has precedence and all others are disabled. If cable has precedence, wXmesh is configured with the hood file from cable. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> --- Changes in v2: - ifconfig eth down instead of ifconfig br-mesh down - networking restart to get up interfaces again - Cycle over eths instead of assuming just one Changes in v3: - Replace eth by $eth in inner for loop - Use continue 2 instead of exit to go through all eths - Only set oldhood once - Use separate ethfile first, because otherwise a second eth would overwrite the file although disabled Changes in v4: - Reduced timeout and number of tries for wget --- .../fff/fff-hoods/files/usr/sbin/configurehood | 37 +++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-)