[PATCH v2] configurehood: Prevent connecting two hoods

Adrian Schmutzler freifunk at adrianschmutzler.de
Do Dez 7 15:27:45 CET 2017


To prevent connecting hoods, this patch loads keyxchange files
from the local network (eth0.3/eth0) before it uses the gateway.

Thus, if other files are provided via wXconfigap, they are just
ignored. If a router is connected to two hoods by cable, it will
just disable the interfaces where a second hood file is detected
and wait until the next call of configurehood.

If cable and wXmesh are different, the cable has precedence.

If two hoods are present via cable on the same eth, wXmesh has
precedence.

If two hoods are present via cable on different eth, the first
eth has precedence and all others are disabled.

If cable has precedence, wXmesh is configured with the hood
file from cable.

Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>

---

Changes in v2:
- ifconfig eth down instead of ifconfig br-mesh down
- networking restart to get up interfaces again
- Cycle over eths instead of assuming just one
---
 .../fff/fff-hoods/files/usr/sbin/configurehood     | 35 +++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
index 822e5fc..5f05bf6 100755
--- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
+++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
@@ -10,6 +10,7 @@ sectorlocal=/etc/sectorfile
 sectortmp=/tmp/sectorfile
 sectorcopy=/www/hood/sectorfile
 hiddenapfile=/tmp/hiddenapflag
+resetnetworkfile=/tmp/resetnetwork
 
 rm -f "$hoodfile"
 
@@ -65,6 +66,12 @@ fi
 lat=$(uci -q get fff.system.latitude)
 long=$(uci -q get fff.system.longitude)
 
+# reenable network interfaces in case we disabled them earlier
+if [ -f "$resetnetworkfile" ]; then
+	/etc/init.d/network restart
+	rm "$resetnetworkfile"
+fi
+
 # if we have Internet, we download the Hoodfile from the keyxchangev2
 if hasInternet ; then
 	wget -T15 -t5 "http://keyserver.freifunk-franken.de/v2/?lat=$lat&long=$long" -O "$hoodfile"
@@ -119,7 +126,33 @@ else
 		fi
 	else
 		echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1"
-		wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile"
+		# check eth first
+		oldhood=""
+		for eth in $(batctl if | grep "eth" | sed -nE 's/.*(eth[^:]+):.*/\1/p'); do
+			for mac in $(batctl n | grep "eth" | sed -nE 's/.*eth[0-9.]+\s+([^\s]+)\s.*/\1/p'); do
+				EUI="$(echo "$mac" | awk -F: '{ printf("%02x%s:%sff:fe%s:%s%s\n", xor(("0x"$1),2), $2, $3, $4, $5, $6) }')"
+				wget -T15 -t5 "http://[fe80::${EUI}%${eth}]:2342/keyxchangev2data" -O "$hoodfile"
+				if [ -s "$hoodfile" ]; then
+					json_load "$(cat "$hoodfile")"
+					json_select hood
+					json_get_var newhood name
+					if [ -n "$oldhood" ] && [ -n "$newhood" ] && ( ! [ "$newhood" = "$oldhood" ] ) ; then
+						# 2nd hood found, kill br-mesh and try again in 5 minutes
+						echo "Two hoods detected. Remove cables to stay in just one."
+						ifconfig "$eth" down
+						touch "$resetnetworkfile"
+						exit 0
+					fi
+					oldhood="$newhood"
+				fi
+			done
+		done
+		if [ ! -s "$hoodfile" ]; then
+			# Only load hoodfile from gateway if not already present from local network
+			# - This gives local network a precedence (take the hood from local network)
+			# - This prevents file insertion from a third person, as will will only connect via LAN to who I trust
+			wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile"
+		fi
 		#UPLINK: Do nothing
 	fi
 fi
-- 
2.7.4



Mehr Informationen über die Mailingliste franken-dev