Add package gluon-radv-filterd

This package drops all incoming router advertisements except for the default router with the best metric according to B.A.T.M.A.N. advanced. Note that advertisements originating from the node itself (for example via gluon-radvd) are not affected.
freifunk-gluon · Sep 28, 2016 · 7f76474 · 7f76474
1 parent d017739
commit 7f76474
Show file tree

Hide file tree

Showing 9 changed files with 646 additions and 0 deletions.
diff --git a/package/gluon-radv-filterd/Makefile b/package/gluon-radv-filterd/Makefile
@@ -0,0 +1,46 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-radv-filterd
+PKG_VERSION:=1
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/gluon-radv-filterd
+  SECTION:=gluon
+  CATEGORY:=Gluon
+  TITLE:=Filter IPv6 router advertisements
+  DEPENDS:=+gluon-ebtables
+endef
+
+define Package/gluon-radv-filterd/description
+	Gluon community wifi mesh firmware framework: filter IPv6 router advertisements
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	$(CP) ./src/* $(PKG_BUILD_DIR)/
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+	CFLAGS="$(TARGET_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS)" $(MAKE) -C $(PKG_BUILD_DIR) $(TARGET_CONFIGURE_OPTS)
+endef
+
+define Package/gluon-radv-filterd/install
+	$(CP) ./files/* $(1)/
+
+	$(INSTALL_DIR) $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/gluon-radv-filterd $(1)/usr/sbin/
+endef
+
+define Package/gluon-radv-filterd/postinst
+#!/bin/sh
+$(call GluonCheckSite,check_site.lua)
+endef
+
+$(eval $(call BuildPackage,gluon-radv-filterd))
diff --git a/package/gluon-radv-filterd/README.md b/package/gluon-radv-filterd/README.md
@@ -0,0 +1,28 @@
+gluon-radv-filterd
+==================
+This package drops all incoming router advertisements except for the
+default router with the best metric according to B.A.T.M.A.N. advanced.
+
+Note that advertisements originating from the node itself (for example
+via gluon-radvd) are not affected and considered at all.
+
+"Best" router
+-------------
+The best router is determined by the TQ that is reported for its originator by
+B.A.T.M.A.N. advanced. If, for some reason, another gateway with a better TQ
+appears or an existing gateway increases its TQ above that of the chosen
+gateway, the chosen gateway will remain selected until the better gateway has a
+TQ value at least X higher than the selected gateway. This is called
+hysteresis, and X can be specified on the commandline/via UCI/the site.conf and
+defaults to 20 (just as for the IPv4 gateway selection feature built into
+B.A.T.M.A.N. advanced).
+
+"Local" routers
+---------------
+The package has functionality to assign "local" routers, i.e. those connected
+via cable or WLAN instead of via the mesh (technically: appearing in the
+`transtable_local`), a fake TQ of 512 so that they are always preferred.
+However, if used together with the `gluon-ebtables-filter-ra-dhcp` package,
+these router advertisements are filtered anyway and reach neither the node nor
+any other client. You currently have to disable the package or insert custom
+ebtables rules in order to use local routers.
diff --git a/package/gluon-radv-filterd/check_site.lua b/package/gluon-radv-filterd/check_site.lua
@@ -0,0 +1,3 @@
+if need_table('radv_filterd', nil, false) then
+    need_number('radv_filterd.threshold')
+end
diff --git a/package/gluon-radv-filterd/files/etc/config/gluon-radv-filterd b/package/gluon-radv-filterd/files/etc/config/gluon-radv-filterd
@@ -0,0 +1,4 @@
+config filterd
+	option iface 'br-client'
+	option chain 'RADV_FILTER'
+	option threshold '20'
diff --git a/package/gluon-radv-filterd/files/etc/init.d/gluon-radv-filterd b/package/gluon-radv-filterd/files/etc/init.d/gluon-radv-filterd
@@ -0,0 +1,34 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=50
+DAEMON=/usr/sbin/gluon-radv-filterd
+
+validate_filterd_section() {
+    uci_validate_section gluon-radv-filterd filterd "${1}" \
+            'iface:string' \
+            'chain:string:RADV_FILTER' \
+            'threshold:uinteger:20'
+}
+
+start_service() {
+    config_load gluon-radv-filterd
+    config_foreach start_filterd filterd
+}
+
+start_filterd() {
+    local iface chain threshold
+    validate_filterd_section "$1"
+
+    procd_open_instance
+    procd_set_param command $DAEMON -i "$iface" -c "$chain" -t $threshold
+    procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
+    procd_set_param netdev br-client
+    procd_set_param stderr 1
+    procd_close_instance
+}
+
+service_triggers() {
+    procd_add_reload_trigger "gluon-radv-filterd"
+    procd_add_validation "validate_filterd_section"
+}
diff --git a/package/gluon-radv-filterd/files/lib/gluon/ebtables/400-radv-filterd b/package/gluon-radv-filterd/files/lib/gluon/ebtables/400-radv-filterd
@@ -0,0 +1,3 @@
+chain('RADV_FILTER', 'DROP')
+rule 'FORWARD -p IPv6 -i bat0 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -j RADV_FILTER'
+rule 'RADV_FILTER -j ACCEPT'
diff --git a/package/gluon-radv-filterd/luasrc/lib/gluon/upgrade/300-gluon-radv-filterd b/package/gluon-radv-filterd/luasrc/lib/gluon/upgrade/300-gluon-radv-filterd
@@ -0,0 +1,11 @@
+#!/usr/bin/lua
+
+local site = require 'gluon.site_config'
+local uci = (require 'luci.model.uci').cursor()
+
+if site.radv_filterd and site.radv_filterd.threshold then
+    uci:foreach('gluon-radv-filterd', 'filterd', function(section)
+        uci:set('gluon-radv-filterd', section['.name'], 'threshold', site.radv_filterd.threshold)
+    end)
+    uci:save('gluon-radv-filterd')
+end
diff --git a/package/gluon-radv-filterd/src/Makefile b/package/gluon-radv-filterd/src/Makefile
@@ -0,0 +1,4 @@
+all: gluon-radv-filterd
+
+gluon-radv-filterd: gluon-radv-filterd.c
+	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -Wall -o $@ $^ $(LDLIBS)