[PATCH] fff-hoods: Use fe80::fff:1 to access hood file from gateways
Fabian Bläse
fabian at blaese.de
Mi Dez 5 22:30:13 CET 2018
Hallo,
ich sehe hier maximal einen Workaround.
Auch die fe80::fff:1 kann sich jemand krallen und alles ganz schnell kaputt machen.
Sinnvoll wäre hier - wenn überhaupt - eine Firewall, die entsprechende Neighbour Advertisements blockiert. Das bricht dann auch keine Kompatibilität.
Layer2 Netze sind halt per-se unsicher.
Gruß
Fabian
On 05.12.18 21:06, Adrian Schmutzler wrote:
> Since occationally client devices take the fe80::1 address,
> we change the gateways' address to fe80::fff:1, which should
> provide more uniqueness.
>
> Note that this only changes the address of the gateways, but
> not of the configap. The latter would break compatibility
> between meshing devices.
>
> Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
>
> ---
>
> This patch is provided for the case that all gateway admins
> add the fe80::fff:1 address to the interfaces.
> ---
> src/packages/fff/fff-hoods/Makefile | 2 +-
> src/packages/fff/fff-hoods/files/usr/lib/functions/fff/hoodfile | 2 +-
> src/packages/fff/fff-hoods/files/usr/sbin/configurehood | 4 ++--
> 3 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/src/packages/fff/fff-hoods/Makefile b/src/packages/fff/fff-hoods/Makefile
> index 264d28ab..a76e9c5f 100644
> --- a/src/packages/fff/fff-hoods/Makefile
> +++ b/src/packages/fff/fff-hoods/Makefile
> @@ -1,7 +1,7 @@
> include $(TOPDIR)/rules.mk
>
> PKG_NAME:=fff-hoods
> -PKG_VERSION:=5
> +PKG_VERSION:=6
> PKG_RELEASE:=1
>
> PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
> diff --git a/src/packages/fff/fff-hoods/files/usr/lib/functions/fff/hoodfile b/src/packages/fff/fff-hoods/files/usr/lib/functions/fff/hoodfile
> index 89af84c8..3dad69ad 100644
> --- a/src/packages/fff/fff-hoods/files/usr/lib/functions/fff/hoodfile
> +++ b/src/packages/fff/fff-hoods/files/usr/lib/functions/fff/hoodfile
> @@ -86,7 +86,7 @@ getGatewayHoodfile() {
>
> echo "Trying to get hoodfile from gateway..."
>
> - if wget -T15 -t5 -O "$file" "http://[fe80::1%br-mesh]:2342/keyxchangev2data"; then
> + if wget -T15 -t5 -O "$file" "http://[fe80::fff:1%br-mesh]:2342/keyxchangev2data"; then
> return 0
> else
> return 1
> diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
> index de60c21d..2bf64f4b 100755
> --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
> +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
> @@ -103,7 +103,7 @@ else
>
> getEthernetHoodfile "$hoodfiletmp" || getWirelessHoodfile "$hoodfiletmp"
> else
> - echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::1"
> + echo "We have a Gateway in Range, we load the keyxchangev2data from fe80::fff:1"
> getGatewayHoodfile "$hoodfiletmp" && cp "$hoodfiletmp" "$hoodfilewww"
> fi
> fi
> @@ -239,7 +239,7 @@ if [ -s "$hoodfiletmp" ]; then
> echo "Address already set."
> fi
> if ! ( ip -6 route show dev br-mesh | grep -q "fc00::" ) ; then
> - ip -6 route add fc00::/7 via fe80::1 dev br-mesh
> + ip -6 route add fc00::/7 via fe80::fff:1 dev br-mesh
> echo "Set ULA route to br-mesh."
> else
> echo "Route already set."
>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 833 bytes
Beschreibung: OpenPGP digital signature
URL : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20181205/e02ba200/attachment.sig>
Mehr Informationen über die Mailingliste franken-dev