[PATCH v5 4/4] Add fff-hoods
Christian Dresel
fff at chrisi01.de
Fr Sep 15 19:21:32 CEST 2017
hi
ich seh grad ich hab da was verdreht, wird in der nächsten Version gefixt:
On 15.09.2017 19:12, Christian Dresel wrote:
> ths packages connect to keyxchangev2
> after review we must change the serveradress! This is only a example
>
> Signed-off-by: Christian Dresel <fff at chrisi01.de>
> Signed-off-by: Jan Kraus <mayosemmel at gmail.com>
>
> Update in v2:
> - clean tabstops
> - move the json vpn out of the if because we need this after reboot
>
> Update in v5:
> !!UNTESTED!!
> - change hidden AP ip to locallink
> - Open hidden AP after more checks
> - Load json File from Gateway if Gateway in Batman in Range
>
>
> Signed-off-by: Christian Dresel <fff at chrisi01.de>
> ---
> src/packages/fff/fff-hoods/Makefile | 39 ++++
> .../files/etc/hotplug.d/iface/50-fff-hoods | 5 +
> .../fff/fff-hoods/files/usr/lib/micron.d/fff-hoods | 1 +
> .../fff/fff-hoods/files/usr/sbin/configurehood | 209 +++++++++++++++++++++
> 4 files changed, 254 insertions(+)
> create mode 100644 src/packages/fff/fff-hoods/Makefile
> create mode 100644 src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods
> create mode 100644 src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods
> create mode 100755 src/packages/fff/fff-hoods/files/usr/sbin/configurehood
>
> diff --git a/src/packages/fff/fff-hoods/Makefile b/src/packages/fff/fff-hoods/Makefile
> new file mode 100644
> index 0000000..f85178d
> --- /dev/null
> +++ b/src/packages/fff/fff-hoods/Makefile
> @@ -0,0 +1,39 @@
> +include $(TOPDIR)/rules.mk
> +
> +PKG_NAME:=fff-hoods
> +PKG_VERSION:=0.0.1
> +PKG_RELEASE:=1
> +
> +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoods
> +
> +include $(INCLUDE_DIR)/package.mk
> +
> +define Package/fff-hoods
> + SECTION:=base
> + CATEGORY:=Freifunk
> + TITLE:= Freifunk-Franken hoods
> + URL:=http://www.freifunk-franken.de
> + DEPENDS:=+fff-network
> +endef
> +
> +define Package/fff-hoods/description
> + This package load and configures the current hood
> +endef
> +
> +define Build/Prepare
> + echo "all: " > $(PKG_BUILD_DIR)/Makefile
> +endef
> +
> +define Build/Configure
> + # nothing
> +endef
> +
> +define Build/Compile
> + # nothing
> +endef
> +
> +define Package/fff-hoods/install
> + $(CP) ./files/* $(1)/
> +endef
> +
> +$(eval $(call BuildPackage,fff-hoods))
> diff --git a/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods
> new file mode 100644
> index 0000000..49f53e3
> --- /dev/null
> +++ b/src/packages/fff/fff-hoods/files/etc/hotplug.d/iface/50-fff-hoods
> @@ -0,0 +1,5 @@
> +#!/bin/sh
> +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
> + sleep 3
> + /usr/sbin/configurehood
> +}
> diff --git a/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods
> new file mode 100644
> index 0000000..ca8d798
> --- /dev/null
> +++ b/src/packages/fff/fff-hoods/files/usr/lib/micron.d/fff-hoods
> @@ -0,0 +1 @@
> +*/5 * * * * /usr/sbin/configurehood
> diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
> new file mode 100755
> index 0000000..49c36c7
> --- /dev/null
> +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
> @@ -0,0 +1,209 @@
> +#!/bin/sh
> +
> +. /usr/share/libubox/jshn.sh
> +. /lib/functions/fff/wireless
> +. /etc/community.cfg
> +
> +# hidden AP check
> +
> +if [ -n /tmp/hiddenapflag ]; then
> + if [ "$(batctl gwl | wc -l)" -gt 2 ]; then
> + if ! wifiAddAP "$radio" "config.franken.freifunk.net" "configap" "configap" "1"; then
> + echo "Can't add AP interface on $radio."
> + exit 1
> + else
> + #we must set here a fix ip adress
> + uci set network.configap=interface
> + uci set network.configap.proto='static'
> + uci set network.configap.ip6addr='fded:c8f0:4b9a::1/64'
eigentlich muss hier die fe80::1 gesetzt werden und...
> + uci commit network
> + fi
> + else
> + rm /tmp/hiddenapflag
> + fi
> +fi
> +
> +project="$VPN_PROJECT"
> +lat=$(uci get system. at system[0].latitude)
> +long=$(uci get system. at system[0].longitude)
> +mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> +hostname=$(cat /proc/sys/kernel/hostname)
> +[ "$hostname" = "OpenWrt" ] && hostname=""
> +[ "$hostname" = "" ] && hostname="$mac"
> +
> +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
> +test_ipv4_host2="8.8.8.8" # Google DNS
> +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag
> +
> +# if we have Internet, we download the Hoodfile from the keyxchangev2
> +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
> + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
> + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
> + # do we have a fastd secret
> + if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then
> + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }')
> + uci set fastd.${project}.secret="$secret"
> + uci commit fastd
> + fi
> + pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
> + #don't know what about port? Need this? Have we this in der old version?
> + wget -T15 "http://144.76.70.189/keyserver/json.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/keyxchangev2data
> + #if no Internet, we connect to the hidden AP and download the file from another Node in range
> +else
> + # connect to wireless hidden ap here and download from the next router the json File -O /tmp/keyxchangev2data
> + # only to that, when we have no gateway in range. If the Uplinkrouter change the hood, we lost the GW and to this automatically again i think! Nice idea?
> + if [ "$(batctl gwl | wc -l)" -lt 3 ]; then
> + #now we haven't a gateway in Range, we search for a hidden AP to get a keyxchangev2data file!
> + #first we delete all wifi settings
> + if ! wifiDelAll; then
> + echo "Can't delete current wifi setup"
> + exit 1
> + fi
> + #now we look for phy and add this
> + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do
> + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then
> + echo "$phy is 2.4 GHz"
> + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL")
> + if [ -z "$radio" ]; then
> + echo "Can't create radio for $phy"
> + exit 1
> + fi
> + fi
> + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then
> + echo "$phy is 5 GHz"
> + radio=$(wifiAddPhy "$phy" "$BATMAN_CHANNEL_5GHZ")
> + if [ -z "$radio" ]; then
> + echo "Can't create radio for $phy"
> + exit 1
> + fi
> + fi
> + #and here we add the station
> + if ! wifiAddSta "$radio" "config.franken.freifunk.net" "configSta"; then
> + echo "Can't add Sta interface on $radio."
> + exit 1
> + else
> + # here we must set a fix ip adress on the new wifi interface!
> + uci set network.configSta=interface
> + uci set network.configSta.proto='static'
> + # we need a random adress because it can more than 1 Router connect!
> + # Set fe80::1 as IP
> + uci set network.configSta.ip6addr="fe80::1"
> + uci commit network
...der Kram kann ersatzlos gestrichen werden da sowieso ne fe80::MAC
Adresse auf einer Station generiert werden sollte, ich hab die Station
und den AP in der v5 vertauscht.
mfg
Christian
> + fi
> +
> + done
> + wifi
> + # wait a moment to start the interface
> + sleep 10;
> + #and here we can download the Hoodfile from the other node
> + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data
> + else
> + echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1"
> + wget -T15 "http://[fe80::1%w2sta]/keyxchangev2data" -O /tmp/keyxchangev2data
> + fi
> +
> +
> +fi
> +
> +# we get a json file in this format:
> +# https://pw.freifunk-franken.de/patch/205/
> +# but without signature, every hood file we get is valid!
> +
> +sumnew=$(sha256sum /tmp/keyxchangev2data | cut -f1 -d " ")
> +sumold=$(sha256sum /www/public/keyxchangev2data | cut -f1 -d " ")
> +if [ "$sumnew" != "$sumold" ]; then
> + echo "New file detect, we reconfigure the Node";
> +
> + # copy the file to webroot that other Meshrouter can download them
> + cp /tmp/keyxchangev2data /www/public/
> +
> + json_load "$(cat /tmp/keyxchangev2data)"
> + json_select hood
> +
> + json_get_var hood name
> + json_get_var mesh_bssid mesh_bssid
> + json_get_var mesh_essid mesh_essid
> + json_get_var essid essid
> + # i think the next things we don't active this in the first version! we can do it later
> + #json_get_var channel2 channel2
> + #json_get_var mode2 mode2
> + #json_get_var type2 type2
> + #json_get_var channel5 channel5
> + #json_get_var mode5 mode5
> + #json_get_var type5 type5
> + #json_get_var protocol protocol
> +
> + echo "Setting hood name: $hood"
> + uci set system. at system[0].hood=$hood
> +
> + if ! wifiDelAll; then
> + echo "Can't delete current wifi setup"
> + exit 1
> + fi
> +
> + for phy in $(iw phy | awk '/^Wiphy/{ print $2 }'); do
> + if iw phy "$phy" info | grep -q -m1 "2... MHz"; then
> + echo "$phy is 2.4 GHz"
> + radio=$(wifiAddPhy "$phy" "1")
> + if [ -z "$radio" ]; then
> + echo "Can't create radio for $phy"
> + exit 1
> + fi
> + fi
> + if iw phy "$phy" info | grep -q -m1 "5... MHz"; then
> + echo "$phy is 5 GHz"
> + radio=$(wifiAddPhy "$phy" "13")
> + if [ -z "$radio" ]; then
> + echo "Can't create radio for $phy"
> + exit 1
> + fi
> + fi
> +
> + if ! wifiAddAP "$radio" "$essid" "mesh" "ap" "0"; then
> + echo "Can't add AP interface on $radio."
> + exit 1
> + fi
> +
> + # here we set a bit for add hidden AP
> + touch /tmp/hiddenapflag
> +
> + if ! wifiAddAdHocMesh "$radio" "$mesh_essid" "$mesh_bssid"; then
> + echo "Can't add AP interface on $radio."
> + exit 1
> + fi
> + done
> +
> + echo "Loading wifi"
> + wifi
> +
> +
> +else
> + echo "we have no new file and do nothing";
> +fi
> +
> +# and now we read the VPN Data and give this data to fff-vpn
> +
> +json_load "$(cat /tmp/keyxchangev2data)"
> +json_select vpn
> +Index="1"
> +rm /tmp/fastd_${project}_output
> +touch /tmp/fastd_${project}_output
> +while json_select $Index > /dev/null
> +do
> + json_get_var protocol protocol
> + if [ "$protocol" == "fastd"]; then
> + json_get_var servername name
> + echo "####$servername.conf" >> /tmp/fastd_${project}_output
> + echo "#name \"$servername\";" >> /tmp/fastd_${project}_output
> + json_get_var key key
> + echo "key \"$key\";" >> /tmp/fastd_${project}_output
> + json_get_var address address
> + json_get_var port port
> + echo "remote ipv4 \"$address\" port $port float;" >> /tmp/fastd_${project}_output
> + fi
> + echo "" >> /tmp/fastd_${project}_output
> + echo "###" >> /tmp/fastd_${project}_output
> +done
> +#this we do every 5 minutes, because it can change the VPN Protocol
> +#and now we get to vpn-select Script and load VPNs
> +sh /usr/sbin/vpn-select
>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 819 bytes
Beschreibung: OpenPGP digital signature
URL : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20170915/73be9eb6/attachment.sig>
Mehr Informationen über die Mailingliste franken-dev