[PATCH] configurehood: Prevent connecting to hoods
Adrian Schmutzler
freifunk at adrianschmutzler.de
Mo Nov 20 23:41:48 CET 2017
To prevent connecting hoods, this patch loads keyxchange files
from the local network (eth0.3/eth0) before it uses the gateway.
Thus, if other files are provided via wXconfigap, they are just
ignored. If a router is connected to two hoods by cable, it will
just disable br-mesh and wait until the next call of configurehood.
If a router is misconfigured, it is thus not working at all,
which is intended.
Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
---
.../fff/fff-hoods/files/usr/sbin/configurehood | 28 +++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
index 822e5fc..74a070a 100755
--- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
+++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
@@ -65,6 +65,8 @@ fi
lat=$(uci -q get fff.system.latitude)
long=$(uci -q get fff.system.longitude)
+(ifconfig | grep -q "br-mesh") || ifconfig br-mesh up # reenable br-mesh in case we disabled it earlier
+
# if we have Internet, we download the Hoodfile from the keyxchangev2
if hasInternet ; then
wget -T15 -t5 "http://keyserver.freifunk-franken.de/v2/?lat=$lat&long=$long" -O "$hoodfile"
@@ -119,7 +121,31 @@ else
fi
else
echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1"
- wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile"
+ # check eth first
+ eth="$(batctl if | grep "eth" | sed -nE 's/.*(eth[^:]+):.*/\1/p')"
+ oldhood=""
+ for mac in $(batctl n | grep "eth" | sed -nE 's/.*eth[0-9.]+\s+([^\s]+)\s.*/\1/p'); do
+ EUI="$(echo "$mac" | awk -F: '{ printf("%02x%s:%sff:fe%s:%s%s\n", xor(("0x"$1),2), $2, $3, $4, $5, $6) }')"
+ wget -T15 -t5 "http://[fe80::${EUI}%${eth}]:2342/keyxchangev2data" -O "$hoodfile"
+ if [ -s "$hoodfile" ]; then
+ json_load "$(cat "$hoodfile")"
+ json_select hood
+ json_get_var newhood name
+ if [ -n "$oldhood" ] && [ -n "$newhood" ] && ( ! [ "$newhood" = "$oldhood" ] ) ; then
+ # 2nd hood found, kill br-mesh and try again in 5 minutes
+ echo "Two hoods detected. Remove cables to stay in just one."
+ ifconfig br-mesh down
+ exit 0
+ fi
+ oldhood="$newhood"
+ fi
+ done
+ if [ ! -s "$hoodfile" ]; then
+ # Only load hoodfile from gateway if not already present from local network
+ # - This gives local network a precedence (take the hood from local network)
+ # - This prevents file insertion from a third person, as will will only connect via LAN to who I trust
+ wget -T15 -t5 "http://[fe80::1%br-mesh]:2342/keyxchangev2data" -O "$hoodfile"
+ fi
#UPLINK: Do nothing
fi
fi
--
2.7.4
Mehr Informationen über die Mailingliste franken-dev