dan/liminix
1
0
Fork 5
Code

Compare commits

base: dan:b5722a01530ec7b42ee160ae790fe72e150b353a
Branches Tags
dan:main
dan:nftables-turned
dan:firescape
dan:runciter
dan:wip-pstore-tls
dan:fallover
dan:lte
dan:gateway-profile
dan:tftpboot-append-dtb
dan:mainline-omnia-wip
dan:armv7
dan:hark-how-all-the-belkin-rings
dan:first-do-no-arm
dan:doc-do-over
dan:module-based-network
dan:v1.0.0
...
compare: dan:60508f4d4eb2264fb2d7759bba9bf5137c2c7b90
Branches Tags
dan:main
dan:nftables-turned
dan:firescape
dan:runciter
dan:wip-pstore-tls
dan:fallover
dan:lte
dan:gateway-profile
dan:tftpboot-append-dtb
dan:mainline-omnia-wip
dan:armv7
dan:hark-how-all-the-belkin-rings
dan:first-do-no-arm
dan:doc-do-over
dan:module-based-network
dan:v1.0.0

5 Commits
b5722a0153 ... 60508f4d4e

Author SHA1 Message Date
Daniel Barlow
60508f4d4e update NEWS 
* Turris Omnia
* possible wifi regressions
 2024-02-16 21:00:59 +00:00
Daniel Barlow
ca64e9035e gl-ar750 ath9k needs cal data from MTD 2024-02-16 20:44:56 +00:00
Daniel Barlow
4bcc3d5b28 dhcpc6 scripts: simplify (and improve correctness) 2024-02-16 18:47:12 +00:00
Daniel Barlow
28fe37d555 deep thoughts 2024-02-16 18:30:54 +00:00
Daniel Barlow
175db9f604 tail -F for rotuer 2024-02-16 18:30:24 +00:00
8 changed files with 197 additions and 97 deletions
Show Stats Expand all files Collapse all files

16
NEWS
View File

@ -38,9 +38,13 @@ now runs on the TP-Link Archer AX23
2024-02-12 2024-02-12
* we now build wifi drivers (mac80211) from the same kernel source as * We now build wifi drivers (mac80211) from the same kernel source as
the running kernel, instead of using drivers from the linux-backports the running kernel, instead of using drivers from the linux-backports
project. project. This may be a regression on some devices that depend on
OpenWrt patches for wireless functionality: if you have a device that
used to work and now doesn't, refer to OpenWrt
package/kernel/mac80211/patches/ to see if there's something in there
that needs to be applied.
* in general, we build kernel modules (e.g. for nftables) at the same * in general, we build kernel modules (e.g. for nftables) at the same
time as the kernel itself instead of expecting to be able to build time as the kernel itself instead of expecting to be able to build
@ -68,3 +72,11 @@ the old location to the new one before rebooting into the new system
The `output`, `mkoutputs` functions defined by ${serviceFns} The `output`, `mkoutputs` functions defined by ${serviceFns}
have been updated for the new location. have been updated for the new location.
2024-02-16
New (or at least, previously unreported) port! Liminix now runs on the
Turris Omnia and has been serving my family's internet needs for most
of this week. Thanks to NGI0 Entrust and the NLnet Foundation for
sponsoring this development (and funding the hardware)

34
THOUGHTS.txt
View File

@ -4077,3 +4077,37 @@ TODO items not to lose track of
- finish belkin - finish belkin
- install sniproxy - install sniproxy
- is there something simple we can do to make it reboot again? - is there something simple we can do to make it reboot again?
- turn rotuer,extneder examples into "profiles" that don't embed
hardware specifics
Thu Feb 15 11:50:56 GMT 2024
1) to make tftpboot work with old bootm implementations we need
- compressed root
- uncompressed root
- kernel with dtb
dtb needs to know where uncompressed rootfs is and how big
2) if the image is a zImage (arm32) or an Image (arm64) we have to stick
with the three-arg bootz, and the dtb has to be lower in ram than the kernel
Fri Feb 16 15:43:32 GMT 2024
DHCP6c refresh is still wrong. We get updates for an address that
hasn't changed prefix or length, when the expiry times have changed,
and we can't action that by remove;add because remove will wipe out
any routes through the interface but add won't put them back
We can use "change" for both adds and changes, but we need to know that
a change is not a delete
The "identity" of an address is the address itself: kernel won't
let you add the same address with two different prefixes.
Keeping it simple, we could call "change" on every address in the
new-addresses list and "del" on every address in old-addresses
that is no longer in new-addresses
If the upstream has changed length, "ip addr change" is ignored,
so it needs to be in deleted as well as added/changed

2
devices/gl-ar750/default.nix
View File

@ -162,6 +162,8 @@
# OpenWrt kernel patches # OpenWrt kernel patches
extraPatchPhase = '' extraPatchPhase = ''
${openwrt.applyPatches.ath79} ${openwrt.applyPatches.ath79}
sed -i.bak -e '\,include <linux/hw_random.h>,a #include <linux/gpio/driver.h>' drivers/net/wireless/ath/ath9k/ath9k.h # context reqd for next patch
patch -p1 < ${openwrt.src}/package/kernel/mac80211/patches/ath9k/552-ath9k-ahb_of.patch
''; '';
config = { config = {

8
examples/rotuer.nix
View File

@ -200,9 +200,15 @@ in rec {
nftables nftables
strace strace
tcpdump tcpdump
s6
]; ];
programs.busybox.applets = [ programs.busybox = {
applets = [
"fdisk" "sfdisk" "fdisk" "sfdisk"
]; ];
options = {
FEATURE_FANCY_TAIL = "y";
};
};
} }

40
modules/dhcp6c/acquire-delegated-prefix.fnl
View File

@ -1,40 +1,32 @@
(local { : system } (require :anoia)) (local { : system } (require :anoia))
(local svc (require :anoia.svc)) (local svc (require :anoia.svc))
(fn changes [old-addresses new-addresses] (fn deletions [old-addresses new-addresses]
(let [added {} (let [deleted {}]
deleted {}]
(each [n address (pairs new-addresses)]
(if (not (. old-addresses n))
(table.insert added address)))
(each [n address (pairs old-addresses)] (each [n address (pairs old-addresses)]
(if (not (. new-addresses n)) (let [now (. new-addresses n)]
(table.insert deleted address))) (if (or (not now) (not (= now.len address.len)))
(values added deleted))) (table.insert deleted address))))
deleted))
(fn update-prefixes [device prefixes new-prefixes] (fn update-prefixes [wan-device addresses new-addresses exec]
(let [(added deleted) (changes prefixes new-prefixes)] (each [_ p (ipairs (deletions addresses new-addresses))]
;; if some address has changed (e.g. preferred/valid lifetime) (exec
;; then we don't want to delete it before re-adding it because (.. "ip address del " p.address "1/" p.len " dev " wan-device)))
;; the kernel will drop any routes that go through it. On the (each [_ p (pairs new-addresses)]
;; other hand, we can't add it _before_ deleting it as we'll (exec
;; get an error that it already exists. Therefore, use "change" (.. "ip address change " p.address "1/" p.len
;; instead of "add", it works a bit more like an upsert " dev " wan-device
(each [_ p (ipairs added)]
(system
(.. "ip address change " p.address "1/" p.len " dev " device
" valid_lft " p.valid " valid_lft " p.valid
" preferred_lft " p.preferred " preferred_lft " p.preferred
))) )))
(each [_ p (ipairs deleted)] new-addresses)
(system
(.. "ip address del " p.address "1/" p.len " dev " device)))))
(fn run [] (fn run []
(let [[state-directory lan-device] arg (let [[state-directory lan-device] arg
dir (svc.open state-directory)] dir (svc.open state-directory)]
(accumulate [addresses [] (accumulate [addresses []
v (dir:events)] v (dir:events)]
(update-prefixes lan-device addresses (v:output "prefix"))))) (update-prefixes lan-device addresses (v:output "prefix") system))))
{ : changes : run } { : changes : run }

116
modules/dhcp6c/acquire-wan-address-test.fnl
View File

@ -5,22 +5,44 @@
(local a1 (local a1
{ {
"2001-ab-cd-ef_hjgKHGhKJH" { "2001-ab-cd-ef" {
:address "2001:ab:cd:ef" :address "2001:ab:cd:ef"
:len "64" :len "64"
:preferred "200" :preferred "3600"
:valid "200" :valid "7200"
}
}
)
(local a156
{
"2001-ab-cd-ef" {
:address "2001:ab:cd:ef"
:len "56"
:preferred "3600"
:valid "7200"
} }
} }
) )
(local a2 (local a2
{ {
"2001-0-1-2-3_aNteBnb" { "2001-0-1-2-3" {
:address "2001:0:1:2:3" :address "2001:0:1:2:3"
:len "64" :len "64"
:preferred "200" :preferred "3600"
:valid "200" :valid "7200"
}
}
)
(local a21
{
"2001-0-1-2-3" {
:address "2001:0:1:2:3"
:len "64"
:preferred "1800"
:valid "5400"
} }
} }
) )
@ -30,39 +52,85 @@
`(when (not ,assertion) `(when (not ,assertion)
(assert false ,msg)))) (assert false ,msg))))
(macro expect= [actual expected]
`(let [ve# (view ,expected)
va# (view ,actual)]
(when (not (= ve# va#))
(assert false
(.. "\nexpected " ve# "\ngot " va#)
))))
(fn first-address [] (fn first-address []
(let [(add del) (let [deleted
(subject.changes (subject.deletions
{ } { }
a1 a1
)] )]
(expect (= (# del) 0)) (expect= deleted [])))
(expect (= (# add) 1))
(let [[first] add]
(expect (= first.address "2001:ab:cd:ef")))))
(fn second-address [] (fn second-address []
(let [(add del) (let [del
(subject.changes (subject.deletions
a1 a1
(merge (dup a1) a2) (merge (dup a1) a2)
)] )]
(expect (= (# del) 0)) (expect= del [])))
(expect (= (# add) 1))
(let [[first] add] (expect (= first.address "2001:0:1:2:3")))))
(fn less-address []1 (fn old-address-is-deleted []
(let [(add del) (let [del
(subject.changes (subject.deletions
(merge (dup a1) a2) (merge (dup a1) a2)
a1 a1
)] )]
(expect (= (# add) 0)) (expect= (. del 1) (. a2 "2001-0-1-2-3"))
(expect (= (# del) 1)) ))
(let [[first] del] (expect (= first.address "2001:0:1:2:3"))))) (fn changed-lifetime-not-deleted []
(let [del
(subject.deletions
(merge (dup a1) a2)
(merge (dup a1) a21)
)]
;; when an address lifetime changes, "ip address change"
;; will update that so it need not (should not) be deleted
(expect= del [])))
(fn changed-prefix-is-deleted []
(let [del
(subject.deletions a1 a156)]
;; when an address prefix changes, "ip address change"
;; ignores that cjhange, so we have to remove the
;; address before reinstating it
(expect= del [(. a1 "2001-ab-cd-ef")])))
(first-address) (first-address)
(second-address) (second-address)
(less-address) (old-address-is-deleted)
(changed-lifetime-not-deleted)
(changed-prefix-is-deleted)
(let [cmds []]
(subject.update-addresses
"ppp0" a1 (merge (dup a1) a2)
(fn [a] (table.insert cmds a)))
(expect=
(doto cmds table.sort)
[
;; order of changes is unimportant
"ip address change 2001:0:1:2:3/64 dev ppp0 valid_lft 7200 preferred_lft 3600"
"ip address change 2001:ab:cd:ef/64 dev ppp0 valid_lft 7200 preferred_lft 3600"
]))
(let [cmds []]
(subject.update-addresses
"ppp0" (merge (dup a1) a2) a1
(fn [a] (table.insert cmds a)))
(expect=
cmds
[
;; deletes are executed before changes
"ip address del 2001:0:1:2:3/64 dev ppp0"
"ip address change 2001:ab:cd:ef/64 dev ppp0 valid_lft 7200 preferred_lft 3600"
]))
(print "OK")

38
modules/dhcp6c/acquire-wan-address.fnl
View File

@ -1,40 +1,32 @@
(local { : system } (require :anoia)) (local { : system } (require :anoia))
(local svc (require :anoia.svc)) (local svc (require :anoia.svc))
;; acquire-delegated-prefix has very similar code: we'd like to move (fn deletions [old-addresses new-addresses]
;; this to anoia.svc when we see what the general form would look like (let [deleted {}]
(fn changes [old-addresses new-addresses]
(let [added {}
deleted {}]
(each [n address (pairs new-addresses)]
(if (not (. old-addresses n))
(table.insert added address)))
(each [n address (pairs old-addresses)] (each [n address (pairs old-addresses)]
(if (not (. new-addresses n)) (let [now (. new-addresses n)]
(table.insert deleted address))) (if (or (not now) (not (= now.len address.len)))
(values added deleted))) (table.insert deleted address))))
deleted))
(fn update-addresses [wan-device addresses new-addresses] (fn update-addresses [wan-device addresses new-addresses exec]
(let [(added deleted) (changes addresses new-addresses)] (each [_ p (ipairs (deletions addresses new-addresses))]
;; see comment in acquire-delegated-prefix.fnl (exec
(each [_ p (ipairs added)] (.. "ip address del " p.address "/" p.len " dev " wan-device)))
(system (each [_ p (pairs new-addresses)]
(exec
(.. "ip address change " p.address "/" p.len (.. "ip address change " p.address "/" p.len
" dev " wan-device " dev " wan-device
" valid_lft " p.valid " valid_lft " p.valid
" preferred_lft " p.preferred " preferred_lft " p.preferred
))) )))
(each [_ p (ipairs deleted)] new-addresses)
(system
(.. "ip address del " p.address "/" p.len " dev " wan-device)))
new-addresses))
(fn run [] (fn run []
(let [[state-directory wan-device] arg (let [[state-directory wan-device] arg
dir (svc.open state-directory)] dir (svc.open state-directory)]
(accumulate [addresses [] (accumulate [addresses []
v (dir:events)] v (dir:events)]
(update-addresses wan-device addresses (v:output "address"))))) (update-addresses wan-device addresses (v:output "address") system))))
{ : update-addresses : changes : run } { : update-addresses : deletions : run }

8
pkgs/odhcp-script/odhcp6-script.fnl
View File

@ -30,17 +30,11 @@
(each [_ a (ipairs (split " " addresses))] (each [_ a (ipairs (split " " addresses))]
(let [address (parse-address a) (let [address (parse-address a)
suffix (base64url (string.pack "n" (hash a))) suffix (base64url (string.pack "n" (hash a)))
;; keydir should be a function of all the address
;; attributes: we want it to change whenever anything changes
;; so that clients can see which addresses are new without
;; deep table comparisons
keydir (.. keydir (..
prefix prefix
(-> address.address (-> address.address
(: :gsub "::$" "") (: :gsub "::$" "")
(: :gsub ":" "-")) (: :gsub ":" "-")))]
"_"
suffix)]
(mktree (.. state-directory "/" keydir)) (mktree (.. state-directory "/" keydir))
(each [k v (pairs address)] (each [k v (pairs address)]
(write-value (.. keydir "/" k) v))))) (write-value (.. keydir "/" k) v)))))