From 806ac86633db46f02503b9e02a9e017eac9682ba Mon Sep 17 00:00:00 2001 From: rtrimana Date: Fri, 16 Jun 2017 15:29:00 -0700 Subject: [PATCH 01/16] Checking in a missing patch for hostapd; this is the workaround for DHCPACK that's missing when hostapd runs with disable_dgaf and proxy_arp --- ...0-hostapd_disable_dgaf_multicast_fix.patch | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 package/network/services/hostapd/patches/800-hostapd_disable_dgaf_multicast_fix.patch diff --git a/package/network/services/hostapd/patches/800-hostapd_disable_dgaf_multicast_fix.patch b/package/network/services/hostapd/patches/800-hostapd_disable_dgaf_multicast_fix.patch new file mode 100644 index 0000000000..e63d72c988 --- /dev/null +++ b/package/network/services/hostapd/patches/800-hostapd_disable_dgaf_multicast_fix.patch @@ -0,0 +1,34 @@ +--- a/src/ap/dhcp_snoop.c ++++ b/src/ap/dhcp_snoop.c +@@ -110,6 +110,15 @@ static void handle_dhcp(void *ctx, const + } + } + ++ if (hapd->conf->disable_dgaf && is_broadcast_ether_addr(buf)) { ++ for (sta = hapd->sta_list; sta; sta = sta->next) { ++ if (!(sta->flags & WLAN_STA_AUTHORIZED)) ++ continue; ++ x_snoop_mcast_to_ucast_convert_send(hapd, sta, ++ (u8 *) buf, len); ++ } ++ } ++ + if (msgtype == DHCPACK) { + if (b->your_ip == 0) + return; +@@ -145,15 +154,6 @@ static void handle_dhcp(void *ctx, const + } + sta->ipaddr = b->your_ip; + } +- +- if (hapd->conf->disable_dgaf && is_broadcast_ether_addr(buf)) { +- for (sta = hapd->sta_list; sta; sta = sta->next) { +- if (!(sta->flags & WLAN_STA_AUTHORIZED)) +- continue; +- x_snoop_mcast_to_ucast_convert_send(hapd, sta, +- (u8 *) buf, len); +- } +- } + } + + -- 2.34.1 From ed413c423d071c7dae493894ae2116487f0ba521 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Fri, 16 Jun 2017 15:40:10 -0700 Subject: [PATCH 02/16] Restoring workaround for ESP8266 --- sentinel_setup/setup/startup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sentinel_setup/setup/startup.sh b/sentinel_setup/setup/startup.sh index 2c0813950c..fee2e028f2 100755 --- a/sentinel_setup/setup/startup.sh +++ b/sentinel_setup/setup/startup.sh @@ -4,9 +4,9 @@ iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill # Do block ARP from ESP8266 to itself to avoid DHCPDECLINE -#arptables -A INPUT -j DROP --source-mac 18:fe:34:db:59:72 --destination-mac 18:fe:34:db:59:72 -#arptables -A OUTPUT -j DROP --source-mac 18:fe:34:db:59:72 --destination-mac 18:fe:34:db:59:72 -#arptables -A FORWARD -j DROP --source-mac 18:fe:34:db:59:72 --destination-mac 18:fe:34:db:59:72 +arptables -A INPUT -j DROP --source-mac 18:fe:34:db:59:72 --destination-mac 18:fe:34:db:59:72 +arptables -A OUTPUT -j DROP --source-mac 18:fe:34:db:59:72 --destination-mac 18:fe:34:db:59:72 +arptables -A FORWARD -j DROP --source-mac 18:fe:34:db:59:72 --destination-mac 18:fe:34:db:59:72 # block everything except ssh, icmp, http, and dhcp # Configure NAT -- 2.34.1 From 2d810231c11f54df2eb035d7db0b7a23c58ff33b Mon Sep 17 00:00:00 2001 From: Brian Demsky Date: Fri, 16 Jun 2017 21:25:49 -0700 Subject: [PATCH 03/16] Remove file that I checked into wrong directory --- ...0-hostapd_disable_dgaf_multicast_fix.patch | 34 ------------------- 1 file changed, 34 deletions(-) delete mode 100644 package/network/services/hostapd/files/800-hostapd_disable_dgaf_multicast_fix.patch diff --git a/package/network/services/hostapd/files/800-hostapd_disable_dgaf_multicast_fix.patch b/package/network/services/hostapd/files/800-hostapd_disable_dgaf_multicast_fix.patch deleted file mode 100644 index 9528f6d015..0000000000 --- a/package/network/services/hostapd/files/800-hostapd_disable_dgaf_multicast_fix.patch +++ /dev/null @@ -1,34 +0,0 @@ ---- a/src/ap/dhcp_snoop.c -+++ b/src/ap/dhcp_snoop.c -@@ -110,6 +110,15 @@ static void handle_dhcp(void *ctx, const u8 *src_addr, const u8 *buf, - } - } - -+ if (hapd->conf->disable_dgaf && is_broadcast_ether_addr(buf)) { -+ for (sta = hapd->sta_list; sta; sta = sta->next) { -+ if (!(sta->flags & WLAN_STA_AUTHORIZED)) -+ continue; -+ x_snoop_mcast_to_ucast_convert_send(hapd, sta, -+ (u8 *) buf, len); -+ } -+ } -+ - if (msgtype == DHCPACK) { - if (b->your_ip == 0) - return; -@@ -146,15 +155,6 @@ static void handle_dhcp(void *ctx, const u8 *src_addr, const u8 *buf, - } - sta->ipaddr = b->your_ip; - } -- -- if (hapd->conf->disable_dgaf && is_broadcast_ether_addr(buf)) { -- for (sta = hapd->sta_list; sta; sta = sta->next) { -- if (!(sta->flags & WLAN_STA_AUTHORIZED)) -- continue; -- x_snoop_mcast_to_ucast_convert_send(hapd, sta, -- (u8 *) buf, len); -- } -- } - } - - -- 2.34.1 From f7eb40e41873f5ea7d09ee22004335b440eb7671 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Mon, 19 Jun 2017 15:02:18 -0700 Subject: [PATCH 04/16] Modification in dhcp and wireless config files --- sentinel_setup/config/dhcp | 14 +++++++------- sentinel_setup/config/wireless | 8 ++++++-- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/sentinel_setup/config/dhcp b/sentinel_setup/config/dhcp index ddd0548ae5..83cab8c3f1 100644 --- a/sentinel_setup/config/dhcp +++ b/sentinel_setup/config/dhcp @@ -46,7 +46,7 @@ config host # RaspberryPi1 config host - option ip '192.168.1.108' + option ip '192.168.1.198' option mac '74:da:38:68:72:8a' # Android Phone @@ -55,14 +55,14 @@ config host option mac '64:bc:0c:43:3f:40' # Amcrest Camera 1 -config host - option ip '192.168.1.195' - option mac '3c:ef:8c:7f:c0:19' +#config host +# option ip '192.168.1.235' +# option mac '3c:ef:8c:7f:c0:19' # Amcrest Camera 2 -config host - option ip '192.168.1.196' - option mac '3c:ef:8c:6f:79:5a' +#config host +# option ip '192.168.1.241' +# option mac '3c:ef:8c:6f:79:5a' # iHome Speaker 1 config host diff --git a/sentinel_setup/config/wireless b/sentinel_setup/config/wireless index 15199a0047..add9277d52 100644 --- a/sentinel_setup/config/wireless +++ b/sentinel_setup/config/wireless @@ -6,6 +6,8 @@ config wifi-device 'radio0' option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0' option htmode 'VHT80' option disabled '0' + option proxy_arp '1' + option disable_dgaf '1' config wifi-iface 'default_radio0' option device 'radio0' @@ -13,7 +15,7 @@ config wifi-iface 'default_radio0' option mode 'ap' option ssid 'LEDE' option encryption 'psk2' - option key '1qaz2wsx3edc' + #option key '1qaz2wsx3edc' option wpa_psk_file '/etc/config/hostapd-psk' option isolate '1' @@ -24,6 +26,8 @@ config wifi-device 'radio1' option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0' option htmode 'HT20' option disabled '0' + option proxy_arp '1' + option disable_dgaf '1' config wifi-iface 'default_radio1' option device 'radio1' @@ -31,6 +35,6 @@ config wifi-iface 'default_radio1' option mode 'ap' option ssid 'LEDE' option encryption 'psk2' - option key '1qaz2wsx3edc' + #option key '1qaz2wsx3edc' option wpa_psk_file '/etc/config/hostapd-psk' option isolate '1' -- 2.34.1 From 273bafe0037f685c9af19a41aeff9d6566102309 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Mon, 19 Jun 2017 15:21:22 -0700 Subject: [PATCH 05/16] Modifying scripts to let UCI interface accomodate advanced hostapd options, i.e. wpa_psk_file, proxy_arp, and disable_dgaf --- .../files/lib/netifd/wireless/mac80211.sh | 10 ++++++++ .../network/services/hostapd/files/hostapd.sh | 25 +++++++++++++------ 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh index 82c374353e..e9f43d9991 100644 --- a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh +++ b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh @@ -22,6 +22,7 @@ drv_mac80211_init_device_config() { config_add_int beacon_int chanbw frag rts config_add_int rxantenna txantenna antenna_gain txpower distance config_add_boolean noscan ht_coex + config_add_boolean proxy_arp disable_dgaf # Advanced options for Sentinel config_add_array ht_capab config_add_array channels config_add_boolean \ @@ -93,8 +94,17 @@ mac80211_hostapd_setup_base() { [ "$auto_channel" -gt 0 ] && json_get_values channel_list channels json_get_vars noscan ht_coex + json_get_vars proxy_arp disable_dgaf json_get_values ht_capab_list ht_capab + # Option "option proxy_arp ''" + set_default proxy_arp 0 + append base_cfg "proxy_arp=$proxy_arp" "$N" + + # Option "option disable_dgaf ''" + set_default disable_dgaf 0 + append base_cfg "disable_dgaf=$disable_dgaf" "$N" + ieee80211n=1 ht_capab= case "$htmode" in diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 04ee9e21b7..534e49e0b4 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -262,13 +262,24 @@ hostapd_set_bss_options() { ;; psk) json_get_vars key wpa_psk_file - if [ ${#key} -lt 8 ]; then - wireless_setup_vif_failed INVALID_WPA_PSK - return 1 - elif [ ${#key} -eq 64 ]; then - append bss_conf "wpa_psk=$key" "$N" - else - append bss_conf "wpa_passphrase=$key" "$N" + # -- SENTINEL CHANGE -- + # We just check if the default key is defined. + # If it is undefined, the script will check if /etc/config/wireless + # specifies "option wpa_psk_file ''" + # e.g. option wpa_psk_file '/etc/config/hostapd-psk'. + # When "option key ''" is defined, together with + # "option wpa_psk_file ''", + # it will be the default key for any devices. + # Both options can be defined independently. + if [ -e "$key" ]; then + if [ ${#key} -lt 8 ]; then + wireless_setup_vif_failed INVALID_WPA_PSK + return 1 + elif [ ${#key} -eq 64 ]; then + append bss_conf "wpa_psk=$key" "$N" + else + append bss_conf "wpa_passphrase=$key" "$N" + fi fi [ -n "$wpa_psk_file" ] && { [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" -- 2.34.1 From 7c15c20b509ca150a36d0ee75bacfbcfcad9c9c8 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Tue, 20 Jun 2017 10:17:41 -0700 Subject: [PATCH 06/16] Adding build instructions into README file. --- README | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/README b/README index 405c18bac0..923097bb1c 100644 --- a/README +++ b/README @@ -26,4 +26,72 @@ Sunshine! Your LEDE Community http://www.lede-project.org +================================================================================ +This LEDE lede-17.01 branch was taken in July 2017 from the LEDE github +repository for Sentinel system. A few things have been added including a patch +for hostapd to make disable_dgaf and proxy_arp options work properly. + +The followings are the steps to be done to install this correctly on a NETGEAR R7800 +Nighthawk X4S router: + +1) Do "git clone ssh://plrg.eecs.uci.edu/home/git/lede" to download this LEDE +onto your local repository. Then execute "git checkout lede-17.01" to checkout +the right branch---this is a detached branch (there is no master branch), so we +have to do this to make sure that we can push and pull changes correctly. + +2) Copy the compilation configuration file sentinel.config into a .config file in +the main folder by executing "cp sentinel.config .config". + +3) Do "make defconfig" to setup the build options, then do "make world -j", +e.g. make world -j12. + +4) After the compilation, the image will be found in +bin/targets/ipq806x/generic/lede-ipq806x-R7800-squashfs-factory.img. We can flash +this image onto the Netgear R7800 Nighthawk X4S router using the instructions here: +https://lede-project.org/docs/guide-quick-start/standardflashinginstructions. + +5) After flashing and booting for the first time, we need to set up the router using +RJ45 cables; if we plug it into the WAN connection through DHCP mechanism, we can get +an IP address for that WAN port instantly; to set up network configrations, we can +access the router by connecting a device to the router, opening a browser, and typing +the default router IP address: http://192.168.1.1; this will open the lUCI configuration +page and we can set up the router now. + +6) We can set up first the LAN connection according to the LAN configuration +in sentinel_setup/config/network. + +7) Then we can set up a password for the system by typing "passwd" and giving it +a new password. + +8) Reboot the system and we can login using dropbear ssh authentication by typing +"ssh root@128.195.204.115" and inputting the password. If we want to use SSL key +for the sake of convenience, then we have to do the steps here: +https://wiki.openwrt.org/doc/howto/dropbear.public-key.auth +Basically we copy our machine's public-key to the LEDE system by typing: +ssh root@128.195.204.115 "tee -a /etc/dropbear/authorized_keys" < ~/.ssh/id_rsa.pub + +9) We need to copy the setup in dhcp, network, wireless, and hostapd-psk files in +sentinel_setup/config/ into the same files in /etc/config/ on the LEDE system. +Also we need to copy sentinel_setup/rc.local that contains the initial setup scripts +into /etc on the LEDE system. For the firewall file, since we do not use the +default firewall setup from LEDE, we can do +"mv /etc/config/firewall /etc/config/firewall.bak" to make it unreadable by LEDE +UCI when it is initializing the firewall rules when the system is booting up. + +10) Last, we need to copy the setup scripts in sentinel_setup/setup into /setup on +our LEDE system. This contains a number of scripts. +- "startup.sh" will be run by the rc.local script when LEDE is booting up. This script +contains the initial firewall rules for Sentinel router and a number of workaround +rules to fix a few issues when disable_dgaf and proxy_arp options are activated, i.e. +hostapd checksum bug (for disable_dgaf feature) and DHCPDECLINE issue when +a device gets an ARP unicast message about itself, causing it to think that its +IP address has been used by another device (so far only the ESP8266 is known to +have this problem). +- "clean" and "nat" scripts are for cleaning and activating NAT(Network Address Translation) +on the system. +- "dhcp" shows the IP address assignments to different connected devices. +- "show" shows the active iptables rules. +- "transfer" contains commands to transfer files through the "scp" command. + +12) Reboot the system and we will have a working LEDE router for Sentinel system. -- 2.34.1 From a5ddbab348c9d47c553d15c1104f69c39d98f56d Mon Sep 17 00:00:00 2001 From: rtrimana Date: Thu, 22 Jun 2017 08:40:31 -0700 Subject: [PATCH 07/16] Changing the checking condition for wpa_key/wpa_passphrase; use -n (check whether the key is defined or not) instead of -e (check whether file exists or not) --- package/network/services/hostapd/files/hostapd.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 534e49e0b4..2c01ed42ab 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -271,7 +271,7 @@ hostapd_set_bss_options() { # "option wpa_psk_file ''", # it will be the default key for any devices. # Both options can be defined independently. - if [ -e "$key" ]; then + if [ -n "$key" ]; then if [ ${#key} -lt 8 ]; then wireless_setup_vif_failed INVALID_WPA_PSK return 1 -- 2.34.1 From 11a510be215170a1500255bfef463533db1ac587 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Mon, 18 Sep 2017 15:32:04 -0700 Subject: [PATCH 08/16] Fixing nat and startup.sh scripts --- sentinel_setup/setup/nat | 2 ++ sentinel_setup/setup/startup.sh | 24 ++++++++++++------------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/sentinel_setup/setup/nat b/sentinel_setup/setup/nat index 3b3e6e2add..dbb6607ce4 100755 --- a/sentinel_setup/setup/nat +++ b/sentinel_setup/setup/nat @@ -1,3 +1,5 @@ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT +iptables -A FORWARD -i eth0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT +iptables -A FORWARD -i wlan1 -o eth0 -j ACCEPT diff --git a/sentinel_setup/setup/startup.sh b/sentinel_setup/setup/startup.sh index fee2e028f2..82ef2eb3cf 100755 --- a/sentinel_setup/setup/startup.sh +++ b/sentinel_setup/setup/startup.sh @@ -14,20 +14,20 @@ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Protocol ICMP iptables -A FORWARD -j ACCEPT -p icmp; -iptables -A INPUT -j ACCEPT -s 192.168.2.108 -d 192.168.2.1 -p icmp; -iptables -A INPUT -j ACCEPT -s 192.168.2.1 -d 192.168.2.108 -p icmp; -iptables -A OUTPUT -j ACCEPT -s 192.168.2.108 -d 192.168.2.1 -p icmp; -iptables -A OUTPUT -j ACCEPT -s 192.168.2.1 -d 192.168.2.108 -p icmp; +iptables -A INPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p icmp; +iptables -A INPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p icmp; +iptables -A OUTPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p icmp; +iptables -A OUTPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p icmp; # SSH port 22 -#iptables -A INPUT -j ACCEPT -s 192.168.2.108 -d 192.168.2.1 -p tcp --dport ssh; -#iptables -A INPUT -j ACCEPT -s 192.168.2.108 -d 192.168.2.1 -p tcp --sport ssh; -#iptables -A INPUT -j ACCEPT -s 192.168.2.1 -d 192.168.2.108 -p tcp --dport ssh; -#iptables -A INPUT -j ACCEPT -s 192.168.2.1 -d 192.168.2.108 -p tcp --sport ssh; -#iptables -A OUTPUT -j ACCEPT -s 192.168.2.108 -d 192.168.2.1 -p tcp --dport ssh; -#iptables -A OUTPUT -j ACCEPT -s 192.168.2.108 -d 192.168.2.1 -p tcp --sport ssh; -#iptables -A OUTPUT -j ACCEPT -s 192.168.2.1 -d 192.168.2.108 -p tcp --dport ssh; -#iptables -A OUTPUT -j ACCEPT -s 192.168.2.1 -d 192.168.2.108 -p tcp --sport ssh; +#iptables -A INPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --dport ssh; +#iptables -A INPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --sport ssh; +#iptables -A INPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p tcp --dport ssh; +#iptables -A INPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p tcp --sport ssh; +#iptables -A OUTPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --dport ssh; +#iptables -A OUTPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --sport ssh; +#iptables -A OUTPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p tcp --dport ssh; +#iptables -A OUTPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p tcp --sport ssh; iptables -A INPUT -j ACCEPT -p tcp --dport ssh; iptables -A INPUT -j ACCEPT -p tcp --sport ssh; iptables -A OUTPUT -j ACCEPT -p tcp --dport ssh; -- 2.34.1 From 5b052a390e5e9dfd3171f6c791f10ae8f3c7aba1 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Thu, 21 Sep 2017 11:20:39 -0700 Subject: [PATCH 09/16] Checking in new phone registration scripts; restructuring directories; fixing README --- README | 8 +- .../register/{ => version_1}/README | 0 .../register/{ => version_1}/devices.dat | 0 .../{ => version_1}/register_device.sh | 0 .../register/version_2/change_default_pw.sh | 27 ++++ .../register/version_2/connect_device.sh | 81 ++++++++++ .../register/version_2/register_device.sh | 151 ++++++++++++++++++ 7 files changed, 265 insertions(+), 2 deletions(-) rename sentinel_setup/register/{ => version_1}/README (100%) rename sentinel_setup/register/{ => version_1}/devices.dat (100%) rename sentinel_setup/register/{ => version_1}/register_device.sh (100%) create mode 100755 sentinel_setup/register/version_2/change_default_pw.sh create mode 100755 sentinel_setup/register/version_2/connect_device.sh create mode 100755 sentinel_setup/register/version_2/register_device.sh diff --git a/README b/README index 923097bb1c..1638446e0a 100644 --- a/README +++ b/README @@ -79,7 +79,11 @@ default firewall setup from LEDE, we can do "mv /etc/config/firewall /etc/config/firewall.bak" to make it unreadable by LEDE UCI when it is initializing the firewall rules when the system is booting up. -10) Last, we need to copy the setup scripts in sentinel_setup/setup into /setup on +10) We need to also create /root/sentinel_setup/register and copy the scripts in +sentinel_setup/register/version_2 into it. These Shell scripts work with the +Android app that registers and deletes devices to and fro the router. + +11) Last, we need to copy the setup scripts in sentinel_setup/setup into /setup on our LEDE system. This contains a number of scripts. - "startup.sh" will be run by the rc.local script when LEDE is booting up. This script contains the initial firewall rules for Sentinel router and a number of workaround @@ -94,4 +98,4 @@ on the system. - "show" shows the active iptables rules. - "transfer" contains commands to transfer files through the "scp" command. -12) Reboot the system and we will have a working LEDE router for Sentinel system. +13) Reboot the system and we will have a working LEDE router for Sentinel system. diff --git a/sentinel_setup/register/README b/sentinel_setup/register/version_1/README similarity index 100% rename from sentinel_setup/register/README rename to sentinel_setup/register/version_1/README diff --git a/sentinel_setup/register/devices.dat b/sentinel_setup/register/version_1/devices.dat similarity index 100% rename from sentinel_setup/register/devices.dat rename to sentinel_setup/register/version_1/devices.dat diff --git a/sentinel_setup/register/register_device.sh b/sentinel_setup/register/version_1/register_device.sh similarity index 100% rename from sentinel_setup/register/register_device.sh rename to sentinel_setup/register/version_1/register_device.sh diff --git a/sentinel_setup/register/version_2/change_default_pw.sh b/sentinel_setup/register/version_2/change_default_pw.sh new file mode 100755 index 0000000000..04bf06d564 --- /dev/null +++ b/sentinel_setup/register/version_2/change_default_pw.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# Print usage +if [ "$#" -eq 0 ] || [ "$1" == "-h" ]; then + echo "This is a simple script that change the pre-shared key of a router" + echo "using UCI command change password written in /etc/config/wireless" + echo "" + echo "Usage:" + echo " ./change_default_pw.sh [-h]" + echo " ./change_default_pw.sh [-ch ]" + echo "" + echo "Options:" + echo " -h show this usage" + echo " -ch change default into a specific password" + echo "" + +elif [ "$1" == "-ch" ]; then + # Change the wireless.key option in the config file. + PW=$2 + uci set wireless.default_radio0.key=$PW + uci set wireless.default_radio1.key=$PW + uci commit + /sbin/wifi + +else + echo "Unknown option. Please run ./change_default_pw.sh -h for usage." +fi diff --git a/sentinel_setup/register/version_2/connect_device.sh b/sentinel_setup/register/version_2/connect_device.sh new file mode 100755 index 0000000000..175799f2d4 --- /dev/null +++ b/sentinel_setup/register/version_2/connect_device.sh @@ -0,0 +1,81 @@ +#!/bin/sh + +# Print usage +if [ "$#" -eq 0 ] || [ "$1" == "-h" ]; then + echo "This is a simple script that register connected device into the system" + echo "/etc/config/hostapd-psk /etc/config/dhcp will be changed accordingly" + echo "~/sentinel_setup/register/register_device.sh will be executed" + echo "" + echo "Usage:" + echo " ./connect_device.sh [-h]" + echo " ./connect_device.sh [-co ]" + echo "" + echo "Options:" + echo " -h show this usage" + echo " -co connect a new device" + echo "" + +elif [ "$1" == "-co" ]; then + + # 0 + # Get password from $2 + # Supposing that key for radio0 and radio1 are equal + PW=$2 + + # Save default password from $4. If the argument is empty, let's use THE default one. + DEFAULT="1qaz2wsx3edc" + if [ ! -z "$4" ]; then + DEFAULT=$4 + fi + + # 1 + # Get MAC address and IP address from dhcp.leases file. + # Below scripts will find the most recently connected device by sorting the first column of lease file, + # which is time of lease expiry, in epoch time + # Before that, the file named devices.dat could not exist, so touch it first + touch ~/sentinel_setup/register/devices.dat + chmod 666 ~/sentinel_setup/register/devices.dat + + # now ready to use devices.dat. Get numbers of records in devices.dat + NR=$(cat ~/sentinel_setup/register/devices.dat | wc -l) + + # use temp file for procedure so that we don't touch original lease file + cp /tmp/dhcp.leases leases.temp + + for i in `seq 1 $NR` + do + #get line number(LN) + LN="${i}p" + #get target MAC address(TMAC) from devices.dat + TMAC=$(sed -n ${LN} ~/sentinel_setup/register/devices.dat | awk '{print $1}') + #remove the record with certain TMAC in the dhcp file so that we can get new one at the end + sed -e /${TMAC}/d leases.temp > leases.temp.temp + rm leases.temp + mv leases.temp.temp leases.temp + done + + # Filter done. There should be only one line in leases.temp, but just in + # case sort the epoch time + RECENT=$(sort -nrk1,1 leases.temp | head -1) + + # Get MAC, IP, NAME from RECENT + MAC=$(echo $RECENT | awk '{print $2}') + IP=$(echo $RECENT | awk '{print $3}') + # below was used when there were no name argument in the script + # NAME=$(echo $RECENT | awk '{print $4}') + NAME=$3 + + # 2 + # Add record to the database with ~/sentinel_setup/register/register_device.sh + ~/sentinel_setup/register/register_device.sh -a $MAC $IP $PW $NAME + + # 3 + # rewind the default password and apply config files + uci commit + ~/sentinel_setup/register/change_default_pw.sh -ch $DEFAULT + /sbin/wifi + +else + echo "Unknown option. Please run ./connect_device.sh -h for usage." + +fi diff --git a/sentinel_setup/register/version_2/register_device.sh b/sentinel_setup/register/version_2/register_device.sh new file mode 100755 index 0000000000..e9c28c1be6 --- /dev/null +++ b/sentinel_setup/register/version_2/register_device.sh @@ -0,0 +1,151 @@ +#!/bin/sh + +# Print usage +if [ "$#" -eq 0 ] || [ "$1" == "-h" ]; then + echo "Device registration utility for Sentinel system" + echo "This is a simple script that register a new device" + echo "into /etc/config/dhcp and /etc/config/hostapd-psk" + echo "Copyright (c) 2015-2017, Rahmadi Trimananda PLRG@UCIrvine" + echo "" + echo "Usage:" + echo " ./register_device.sh [-h]" + echo " ./register_device.sh [-a ]" + echo " ./register_device.sh [-l]" + echo " ./register_device.sh [-ln]" + echo " ./register_device.sh [-dm ]" + echo " ./register_device.sh [-dn ]" + echo "" + echo "Options:" + echo " -h show this usage" + echo " -a adding device by putting MAC address, desired IP address, key, and device name (optional)" + echo " -l show list of devices registered" + echo " -ln show list of names of devices registered" + echo " -dm delete a specific registered device with MAC address" + echo " -dn delete a specific registered device with name" + echo "" + +# add a device +elif [ "$1" == "-a" ]; then + if [ "$2" == "" ] || [ "$3" == "" ] || [ "$4" == "" ]; then + echo "Empty or incomplete parameters! Please run ./register_device.sh -h for usage." + + else + # Add a new device + MAC=$2 + IP=$3 + KEY=$4 + + # Keep a local log + echo "$MAC $IP $KEY $5" >> ~/sentinel_setup/register/devices.dat + + # Insert into /etc/config/hostapd-psk + echo "$MAC $KEY" >> /etc/config/hostapd-psk + + # Insert into /etc/config/dhcp + echo "" >> /etc/config/dhcp + + if [ "$5" != "" ]; then # If device-name is not empty + echo "# $5" >> /etc/config/dhcp + fi + + echo "config host" >> /etc/config/dhcp + echo " option ip '$IP'" >> /etc/config/dhcp + echo " option mac '$MAC'" >> /etc/config/dhcp + + if [ "$5" != "" ]; then # If device-name is not empty + echo " option name '$5'" >> /etc/config/dhcp + fi + + echo "Device added!" + fi + +# Print list of devices +elif [ "$1" == "-l" ]; then + echo "List of devices" + cat ~/sentinel_setup/register/devices.dat + echo "" + echo "/etc/config/hostapd-psk" + cat /etc/config/hostapd-psk + +# Print only the devices' names list +elif [ "$1" == "-ln" ]; then + cat ~/sentinel_setup/register/devices.dat | awk '{print $4}' + +# Delete device by MAC address +elif [ "$1" == "-dm" ]; then + # Make new file without the line containing specific MAC address then swap + sed -e "/$2/d" ~/sentinel_setup/register/devices.dat > tmp.dat + chmod 666 tmp.dat + rm ~/sentinel_setup/register/devices.dat + mv tmp.dat ~/sentinel_setup/register/devices.dat + + # update /etc/config/hostapd + sed -e "/$2/d" /etc/config/hostapd-psk > hostapd.tmp + rm /etc/config/hostapd-psk + mv hostapd.tmp /etc/config/hostapd-psk + + # update /etc/config/dhcp + # get line number of dhcp including the MAC address + LN=$(sed -n "/$2/=" /etc/config/dhcp) + HEAD=$(expr ${LN} - 3) + + # add 1, not 2, in case of no name line in target device + TAIL=$(expr ${LN} + 1) + sed "${HEAD},${TAIL}d" /etc/config/dhcp > dhcp.tmp + rm /etc/config/dhcp + mv dhcp.tmp /etc/config/dhcp + + #show on screen + echo "device deleted!" + + #apply change + /sbin/wifi + +# Delete by name. Similar to deleting with MAC +elif [ "$1" == "-dn" ]; then + # back up first + cp /etc/config/hostapd-psk /etc/config/hostapd-psk.bak + cp /etc/config/dhcp /etc/config/dhcp.bak + + #Multiple name arguments can be given. + VAR1=$1 + shift 1 + for arg in "$@" + do + NAME=${arg} + # Get MAC Address first looking up the devices.dat file + MAC=$(grep ${NAME} ~/sentinel_setup/register/devices.dat | awk '{print $1}') + + # Make new file without the line containing specific device name then swap + sed -e "/${NAME}/d" ~/sentinel_setup/register/devices.dat > tmp.dat + chmod 666 tmp.dat + rm ~/sentinel_setup/register/devices.dat + mv tmp.dat ~/sentinel_setup/register/devices.dat + + # update /etc/config/hostapd + sed -e "/${MAC}/d" /etc/config/hostapd-psk > hostapd.tmp + rm /etc/config/hostapd-psk + mv hostapd.tmp /etc/config/hostapd-psk + + # update /etc/config/dhcp + # get line number of dhcp including the MAC address + LN=$(sed -n "/${MAC}/=" /etc/config/dhcp) + HEAD=$(expr ${LN} - 3) + + # add 1, not 2, in case of no name in the dhcp file + TAIL=$(expr ${LN} + 1) + sed "${HEAD},${TAIL}d" /etc/config/dhcp > dhcp.tmp + rm /etc/config/dhcp + mv dhcp.tmp /etc/config/dhcp + done + + #show on screen + echo "device deleted!" + + #apply change + /sbin/wifi + +else + echo "Unknown option. Please run ./register_device.sh -h for usage." + +fi -- 2.34.1 From 7de6013839a457b5735d7961b994cce0976747f3 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Thu, 22 Feb 2018 09:20:49 -0800 Subject: [PATCH 10/16] Adjusting setup files to the most up-to-date. --- sentinel_setup/config/dhcp | 38 +++++++++++++++++++------------ sentinel_setup/config/hostapd-psk | 4 ++++ sentinel_setup/config/network | 2 +- sentinel_setup/setup/startup.sh | 13 ++++------- 4 files changed, 33 insertions(+), 24 deletions(-) diff --git a/sentinel_setup/config/dhcp b/sentinel_setup/config/dhcp index 83cab8c3f1..687a8f71cf 100644 --- a/sentinel_setup/config/dhcp +++ b/sentinel_setup/config/dhcp @@ -19,8 +19,8 @@ config dnsmasq config dhcp 'wifi' option interface 'wifi' - option start '100' - option limit '150' + option start '2' + option limit '254' option leasetime '48h' #option dhcpv6 'server' #option ra 'server' @@ -56,13 +56,23 @@ config host # Amcrest Camera 1 #config host -# option ip '192.168.1.235' -# option mac '3c:ef:8c:7f:c0:19' + option ip '192.168.1.133' + option mac '3c:ef:8c:7f:c0:19' # Amcrest Camera 2 #config host -# option ip '192.168.1.241' -# option mac '3c:ef:8c:6f:79:5a' + option ip '192.168.1.134' + option mac '3c:ef:8c:6f:79:5a' + +# Amcrest Camera 3 +config host + option ip '192.168.1.91' + option mac '9c:8e:cd:0f:e9:d8' + +# Amcrest Camera 4 +config host + option ip '192.168.1.83' + option mac '9c:8e:cd:0f:f1:60' # iHome Speaker 1 config host @@ -74,10 +84,10 @@ config host option ip '192.168.1.234' option mac 'c8:d5:fe:e6:a2:d8' -# ESP board -config host - option ip '192.168.1.222' - option mac '18:fe:34:db:59:72' +# Blossom Sprinkler +config host + option ip '192.168.1.129' + option mac '28:c2:dd:47:17:b6' # Lifx light bulb 1 config host @@ -89,8 +99,8 @@ config host option ip '192.168.1.232' option mac 'd0:73:d5:02:41:da' -# WeMo -config host - option ip '192.168.1.145' - option mac '94:10:3e:36:60:09' +# Dlink alarm +config host + option ip '192.168.1.4' + option mac 'c4:12:f5:de:38:20' diff --git a/sentinel_setup/config/hostapd-psk b/sentinel_setup/config/hostapd-psk index 18a3b9d94c..2acc9c4db6 100644 --- a/sentinel_setup/config/hostapd-psk +++ b/sentinel_setup/config/hostapd-psk @@ -4,9 +4,13 @@ 64:bc:0c:43:3f:40 1qaz2wsx3edcPhone 3c:ef:8c:7f:c0:19 1qaz2wsx3edcCam1 3c:ef:8c:6f:79:5a 1qaz2wsx3edcCam2 +9c:8e:cd:0f:e9:d8 1qaz2wsx3edcCam3 +9c:8e:cd:0f:f1:60 1qaz2wsx3edcCam4 c8:d5:fe:e6:ad:96 1qaz2wsx3edcSpk1 c8:d5:fe:e6:a2:d8 1qaz2wsx3edcSpk2 +28:c2:dd:47:17:b6 1qaz2wsx3edcBlsm 18:fe:34:db:59:72 1qaz2wsx3edcEsp d0:73:d5:12:8e:30 1qaz2wsx3edcLight1 d0:73:d5:02:41:da 1qaz2wsx3edcLight2 94:10:3e:36:60:09 1qaz2wsx3edc +c4:12:f5:de:38:20 1qaz2wsx3edcAlarm diff --git a/sentinel_setup/config/network b/sentinel_setup/config/network index 3ed1b20858..3da312e63f 100644 --- a/sentinel_setup/config/network +++ b/sentinel_setup/config/network @@ -11,7 +11,7 @@ config globals 'globals' config interface 'lan' option ifname 'eth0' option proto 'static' - option ipaddr '128.195.204.115' + option ipaddr '128.195.204.94' option netmask '255.255.254.0' option gateway '128.195.204.1' option dns '128.200.192.202 128.200.1.201' diff --git a/sentinel_setup/setup/startup.sh b/sentinel_setup/setup/startup.sh index 82ef2eb3cf..e9a41d1ff1 100755 --- a/sentinel_setup/setup/startup.sh +++ b/sentinel_setup/setup/startup.sh @@ -3,23 +3,18 @@ # Do IP mangling for checksum error issue after disable_dgaf=1 iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill -# Do block ARP from ESP8266 to itself to avoid DHCPDECLINE -arptables -A INPUT -j DROP --source-mac 18:fe:34:db:59:72 --destination-mac 18:fe:34:db:59:72 -arptables -A OUTPUT -j DROP --source-mac 18:fe:34:db:59:72 --destination-mac 18:fe:34:db:59:72 -arptables -A FORWARD -j DROP --source-mac 18:fe:34:db:59:72 --destination-mac 18:fe:34:db:59:72 - # block everything except ssh, icmp, http, and dhcp # Configure NAT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Protocol ICMP iptables -A FORWARD -j ACCEPT -p icmp; -iptables -A INPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p icmp; -iptables -A INPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p icmp; -iptables -A OUTPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p icmp; -iptables -A OUTPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p icmp; +iptables -A INPUT -j ACCEPT -p icmp; +iptables -A OUTPUT -j ACCEPT -p icmp; # SSH port 22 +# Note: 192.168.1.198 is the address of the master Raspberry Pi. +# So, please adjust it to your own setup if needed. #iptables -A INPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --dport ssh; #iptables -A INPUT -j ACCEPT -s 192.168.1.198 -d 192.168.1.1 -p tcp --sport ssh; #iptables -A INPUT -j ACCEPT -s 192.168.1.1 -d 192.168.1.198 -p tcp --dport ssh; -- 2.34.1 From 7ff6b5c63dab61f55310ca9f99a079c5b0627be3 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Thu, 22 Feb 2018 14:48:43 -0800 Subject: [PATCH 11/16] Renaming Sentinel to Vigilia; adjusting scripts; adding brctl option in menuconfig for busybox --- README | 35 +++++++++---------- sentinel_setup/setup/transfer | 2 -- .../sentinel.config => vigilia.config | 4 ++- {sentinel_setup => vigilia_setup}/config/dhcp | 0 .../config/firewall.bak | 0 .../config/hostapd-psk | 0 .../config/network | 1 + .../config/wireless | 0 {sentinel_setup => vigilia_setup}/rc.local | 0 .../register/version_1/README | 0 .../register/version_1/devices.dat | 0 .../register/version_1/register_device.sh | 0 .../register/version_2/change_default_pw.sh | 0 .../register/version_2/connect_device.sh | 0 .../register/version_2/register_device.sh | 0 .../sentinel.config | 0 .../clean => vigilia_setup/setup/clean.sh | 2 ++ .../setup/dhcp => vigilia_setup/setup/dhcp.sh | 2 ++ .../setup/nat => vigilia_setup/setup/nat.sh | 2 ++ .../restart => vigilia_setup/setup/restart.sh | 2 ++ .../setup/show => vigilia_setup/setup/show.sh | 2 ++ .../setup/startup.sh | 0 vigilia_setup/setup/transfer.sh | 4 +++ 23 files changed, 34 insertions(+), 22 deletions(-) delete mode 100755 sentinel_setup/setup/transfer rename sentinel_setup/sentinel.config => vigilia.config (99%) rename {sentinel_setup => vigilia_setup}/config/dhcp (100%) rename {sentinel_setup => vigilia_setup}/config/firewall.bak (100%) rename {sentinel_setup => vigilia_setup}/config/hostapd-psk (100%) rename {sentinel_setup => vigilia_setup}/config/network (97%) rename {sentinel_setup => vigilia_setup}/config/wireless (100%) rename {sentinel_setup => vigilia_setup}/rc.local (100%) rename {sentinel_setup => vigilia_setup}/register/version_1/README (100%) rename {sentinel_setup => vigilia_setup}/register/version_1/devices.dat (100%) rename {sentinel_setup => vigilia_setup}/register/version_1/register_device.sh (100%) rename {sentinel_setup => vigilia_setup}/register/version_2/change_default_pw.sh (100%) rename {sentinel_setup => vigilia_setup}/register/version_2/connect_device.sh (100%) rename {sentinel_setup => vigilia_setup}/register/version_2/register_device.sh (100%) rename sentinel.config => vigilia_setup/sentinel.config (100%) rename sentinel_setup/setup/clean => vigilia_setup/setup/clean.sh (91%) rename sentinel_setup/setup/dhcp => vigilia_setup/setup/dhcp.sh (65%) rename sentinel_setup/setup/nat => vigilia_setup/setup/nat.sh (96%) rename sentinel_setup/setup/restart => vigilia_setup/setup/restart.sh (56%) rename sentinel_setup/setup/show => vigilia_setup/setup/show.sh (91%) rename {sentinel_setup => vigilia_setup}/setup/startup.sh (100%) create mode 100755 vigilia_setup/setup/transfer.sh diff --git a/README b/README index 1638446e0a..42f724196e 100644 --- a/README +++ b/README @@ -29,7 +29,7 @@ Sunshine! ================================================================================ This LEDE lede-17.01 branch was taken in July 2017 from the LEDE github -repository for Sentinel system. A few things have been added including a patch +repository for Vigilia system. A few things have been added including a patch for hostapd to make disable_dgaf and proxy_arp options work properly. The followings are the steps to be done to install this correctly on a NETGEAR R7800 @@ -40,8 +40,8 @@ onto your local repository. Then execute "git checkout lede-17.01" to checkout the right branch---this is a detached branch (there is no master branch), so we have to do this to make sure that we can push and pull changes correctly. -2) Copy the compilation configuration file sentinel.config into a .config file in -the main folder by executing "cp sentinel.config .config". +2) Copy the compilation configuration file vigilia.config into a .config file in +the main folder by executing "cp vigilia.config .config". 3) Do "make defconfig" to setup the build options, then do "make world -j", e.g. make world -j12. @@ -53,49 +53,46 @@ https://lede-project.org/docs/guide-quick-start/standardflashinginstructions. 5) After flashing and booting for the first time, we need to set up the router using RJ45 cables; if we plug it into the WAN connection through DHCP mechanism, we can get -an IP address for that WAN port instantly; to set up network configrations, we can +an IP address for that WAN port instantly; to set up network configurations, we can access the router by connecting a device to the router, opening a browser, and typing the default router IP address: http://192.168.1.1; this will open the lUCI configuration page and we can set up the router now. 6) We can set up first the LAN connection according to the LAN configuration -in sentinel_setup/config/network. +in vigilia/config/network. 7) Then we can set up a password for the system by typing "passwd" and giving it a new password. 8) Reboot the system and we can login using dropbear ssh authentication by typing -"ssh root@128.195.204.115" and inputting the password. If we want to use SSL key +"ssh root@128.195.204.94" and inputting the password. If we want to use SSL key for the sake of convenience, then we have to do the steps here: https://wiki.openwrt.org/doc/howto/dropbear.public-key.auth Basically we copy our machine's public-key to the LEDE system by typing: -ssh root@128.195.204.115 "tee -a /etc/dropbear/authorized_keys" < ~/.ssh/id_rsa.pub +ssh root@128.195.204.94 "tee -a /etc/dropbear/authorized_keys" < ~/.ssh/id_rsa.pub 9) We need to copy the setup in dhcp, network, wireless, and hostapd-psk files in -sentinel_setup/config/ into the same files in /etc/config/ on the LEDE system. -Also we need to copy sentinel_setup/rc.local that contains the initial setup scripts +vigilia_setup/config/ into the same files in /etc/config/ on the LEDE system. +Also we need to copy vigilia_setup/rc.local that contains the initial setup scripts into /etc on the LEDE system. For the firewall file, since we do not use the default firewall setup from LEDE, we can do "mv /etc/config/firewall /etc/config/firewall.bak" to make it unreadable by LEDE UCI when it is initializing the firewall rules when the system is booting up. -10) We need to also create /root/sentinel_setup/register and copy the scripts in -sentinel_setup/register/version_2 into it. These Shell scripts work with the -Android app that registers and deletes devices to and fro the router. +10) We need to also create /root/vigilia_setup/register and copy the scripts in +vigilia_setup/register/version_2 into it. These Shell scripts work with the +Android app that registers and deletes devices to and from the router. -11) Last, we need to copy the setup scripts in sentinel_setup/setup into /setup on +11) Last, we need to copy the setup scripts in vigilia_setup/setup into /setup on our LEDE system. This contains a number of scripts. - "startup.sh" will be run by the rc.local script when LEDE is booting up. This script -contains the initial firewall rules for Sentinel router and a number of workaround +contains the initial firewall rules for Vigilia router and a number of workaround rules to fix a few issues when disable_dgaf and proxy_arp options are activated, i.e. -hostapd checksum bug (for disable_dgaf feature) and DHCPDECLINE issue when -a device gets an ARP unicast message about itself, causing it to think that its -IP address has been used by another device (so far only the ESP8266 is known to -have this problem). +hostapd checksum bug (for disable_dgaf feature). - "clean" and "nat" scripts are for cleaning and activating NAT(Network Address Translation) on the system. - "dhcp" shows the IP address assignments to different connected devices. - "show" shows the active iptables rules. - "transfer" contains commands to transfer files through the "scp" command. -13) Reboot the system and we will have a working LEDE router for Sentinel system. +13) Reboot the system and we will have a working LEDE router for Vigilia system. diff --git a/sentinel_setup/setup/transfer b/sentinel_setup/setup/transfer deleted file mode 100755 index 7eaae8067a..0000000000 --- a/sentinel_setup/setup/transfer +++ /dev/null @@ -1,2 +0,0 @@ -scp -r /root/setup rtrimana@128.195.204.132:/home/rtrimana/tmp/temp/LEDE/ -scp -r /etc/config rtrimana@128.195.204.132:/home/rtrimana/tmp/temp/LEDE/ diff --git a/sentinel_setup/sentinel.config b/vigilia.config similarity index 99% rename from sentinel_setup/sentinel.config rename to vigilia.config index ab175d2c92..8c0297a454 100644 --- a/sentinel_setup/sentinel.config +++ b/vigilia.config @@ -1903,7 +1903,9 @@ CONFIG_BUSYBOX_CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y CONFIG_BUSYBOX_CONFIG_VERBOSE_RESOLUTION_ERRORS=y # CONFIG_BUSYBOX_CONFIG_ARP is not set # CONFIG_BUSYBOX_CONFIG_ARPING is not set -# CONFIG_BUSYBOX_CONFIG_BRCTL is not set +CONFIG_BUSYBOX_CONFIG_BRCTL=y +CONFIG_BUSYBOX_CONFIG_FEATURE_BRCTL_FANCY=y +CONFIG_BUSYBOX_CONFIG_FEATURE_BRCTL_SHOW=y # CONFIG_BUSYBOX_CONFIG_DNSD is not set # CONFIG_BUSYBOX_CONFIG_ETHER_WAKE is not set # CONFIG_BUSYBOX_CONFIG_FAKEIDENTD is not set diff --git a/sentinel_setup/config/dhcp b/vigilia_setup/config/dhcp similarity index 100% rename from sentinel_setup/config/dhcp rename to vigilia_setup/config/dhcp diff --git a/sentinel_setup/config/firewall.bak b/vigilia_setup/config/firewall.bak similarity index 100% rename from sentinel_setup/config/firewall.bak rename to vigilia_setup/config/firewall.bak diff --git a/sentinel_setup/config/hostapd-psk b/vigilia_setup/config/hostapd-psk similarity index 100% rename from sentinel_setup/config/hostapd-psk rename to vigilia_setup/config/hostapd-psk diff --git a/sentinel_setup/config/network b/vigilia_setup/config/network similarity index 97% rename from sentinel_setup/config/network rename to vigilia_setup/config/network index 3da312e63f..c11a43e1f8 100644 --- a/sentinel_setup/config/network +++ b/vigilia_setup/config/network @@ -19,6 +19,7 @@ config interface 'lan' config interface 'wifi' option type 'bridge' + option ifname 'eth1' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' diff --git a/sentinel_setup/config/wireless b/vigilia_setup/config/wireless similarity index 100% rename from sentinel_setup/config/wireless rename to vigilia_setup/config/wireless diff --git a/sentinel_setup/rc.local b/vigilia_setup/rc.local similarity index 100% rename from sentinel_setup/rc.local rename to vigilia_setup/rc.local diff --git a/sentinel_setup/register/version_1/README b/vigilia_setup/register/version_1/README similarity index 100% rename from sentinel_setup/register/version_1/README rename to vigilia_setup/register/version_1/README diff --git a/sentinel_setup/register/version_1/devices.dat b/vigilia_setup/register/version_1/devices.dat similarity index 100% rename from sentinel_setup/register/version_1/devices.dat rename to vigilia_setup/register/version_1/devices.dat diff --git a/sentinel_setup/register/version_1/register_device.sh b/vigilia_setup/register/version_1/register_device.sh similarity index 100% rename from sentinel_setup/register/version_1/register_device.sh rename to vigilia_setup/register/version_1/register_device.sh diff --git a/sentinel_setup/register/version_2/change_default_pw.sh b/vigilia_setup/register/version_2/change_default_pw.sh similarity index 100% rename from sentinel_setup/register/version_2/change_default_pw.sh rename to vigilia_setup/register/version_2/change_default_pw.sh diff --git a/sentinel_setup/register/version_2/connect_device.sh b/vigilia_setup/register/version_2/connect_device.sh similarity index 100% rename from sentinel_setup/register/version_2/connect_device.sh rename to vigilia_setup/register/version_2/connect_device.sh diff --git a/sentinel_setup/register/version_2/register_device.sh b/vigilia_setup/register/version_2/register_device.sh similarity index 100% rename from sentinel_setup/register/version_2/register_device.sh rename to vigilia_setup/register/version_2/register_device.sh diff --git a/sentinel.config b/vigilia_setup/sentinel.config similarity index 100% rename from sentinel.config rename to vigilia_setup/sentinel.config diff --git a/sentinel_setup/setup/clean b/vigilia_setup/setup/clean.sh similarity index 91% rename from sentinel_setup/setup/clean rename to vigilia_setup/setup/clean.sh index 0c3fb63dfb..01e675edd9 100755 --- a/sentinel_setup/setup/clean +++ b/vigilia_setup/setup/clean.sh @@ -1,3 +1,5 @@ +#!/bin/sh + iptables -t filter -F iptables -t filter -X iptables -t nat -F diff --git a/sentinel_setup/setup/dhcp b/vigilia_setup/setup/dhcp.sh similarity index 65% rename from sentinel_setup/setup/dhcp rename to vigilia_setup/setup/dhcp.sh index 28632484c9..b8122ae992 100755 --- a/sentinel_setup/setup/dhcp +++ b/vigilia_setup/setup/dhcp.sh @@ -1 +1,3 @@ +#!/bin/sh + cat /tmp/dhcp.leases diff --git a/sentinel_setup/setup/nat b/vigilia_setup/setup/nat.sh similarity index 96% rename from sentinel_setup/setup/nat rename to vigilia_setup/setup/nat.sh index dbb6607ce4..ac2a335e3b 100755 --- a/sentinel_setup/setup/nat +++ b/vigilia_setup/setup/nat.sh @@ -1,3 +1,5 @@ +#!/bin/sh + iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT diff --git a/sentinel_setup/setup/restart b/vigilia_setup/setup/restart.sh similarity index 56% rename from sentinel_setup/setup/restart rename to vigilia_setup/setup/restart.sh index 3ce1217c74..b008bb39c5 100755 --- a/sentinel_setup/setup/restart +++ b/vigilia_setup/setup/restart.sh @@ -1 +1,3 @@ +#!/bin/sh + reboot & exit diff --git a/sentinel_setup/setup/show b/vigilia_setup/setup/show.sh similarity index 91% rename from sentinel_setup/setup/show rename to vigilia_setup/setup/show.sh index f1e3ea4802..78697fcb4c 100755 --- a/sentinel_setup/setup/show +++ b/vigilia_setup/setup/show.sh @@ -1,3 +1,5 @@ +#!/bin/sh + #iptables -vL -t filter #iptables -vL -t nat #iptables -vL -t mangle diff --git a/sentinel_setup/setup/startup.sh b/vigilia_setup/setup/startup.sh similarity index 100% rename from sentinel_setup/setup/startup.sh rename to vigilia_setup/setup/startup.sh diff --git a/vigilia_setup/setup/transfer.sh b/vigilia_setup/setup/transfer.sh new file mode 100755 index 0000000000..ef500b64e6 --- /dev/null +++ b/vigilia_setup/setup/transfer.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +scp -r /root/setup rtrimana@128.195.204.132:/home/ +scp -r /etc/config rtrimana@128.195.204.132:/home/ -- 2.34.1 From c708c7a74d41336330f6d8ef755eee19b5c72583 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Thu, 22 Feb 2018 16:33:38 -0800 Subject: [PATCH 12/16] .config has to include bridge to provide brctl functionality --- README | 3 +-- vigilia.config | 4 +--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/README b/README index 42f724196e..18938ad01e 100644 --- a/README +++ b/README @@ -43,8 +43,7 @@ have to do this to make sure that we can push and pull changes correctly. 2) Copy the compilation configuration file vigilia.config into a .config file in the main folder by executing "cp vigilia.config .config". -3) Do "make defconfig" to setup the build options, then do "make world -j", -e.g. make world -j12. +3) Do "make world -j", e.g. make world -j12. 4) After the compilation, the image will be found in bin/targets/ipq806x/generic/lede-ipq806x-R7800-squashfs-factory.img. We can flash diff --git a/vigilia.config b/vigilia.config index 8c0297a454..ab175d2c92 100644 --- a/vigilia.config +++ b/vigilia.config @@ -1903,9 +1903,7 @@ CONFIG_BUSYBOX_CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y CONFIG_BUSYBOX_CONFIG_VERBOSE_RESOLUTION_ERRORS=y # CONFIG_BUSYBOX_CONFIG_ARP is not set # CONFIG_BUSYBOX_CONFIG_ARPING is not set -CONFIG_BUSYBOX_CONFIG_BRCTL=y -CONFIG_BUSYBOX_CONFIG_FEATURE_BRCTL_FANCY=y -CONFIG_BUSYBOX_CONFIG_FEATURE_BRCTL_SHOW=y +# CONFIG_BUSYBOX_CONFIG_BRCTL is not set # CONFIG_BUSYBOX_CONFIG_DNSD is not set # CONFIG_BUSYBOX_CONFIG_ETHER_WAKE is not set # CONFIG_BUSYBOX_CONFIG_FAKEIDENTD is not set -- 2.34.1 From b5c60fcf76ffaefa4dfea85e0beeb1e8de2ccc78 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Mon, 26 Feb 2018 14:37:52 -0800 Subject: [PATCH 13/16] Completing README with missing instructions to get other installation packages --- README | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README b/README index 18938ad01e..af16ae4b83 100644 --- a/README +++ b/README @@ -40,8 +40,11 @@ onto your local repository. Then execute "git checkout lede-17.01" to checkout the right branch---this is a detached branch (there is no master branch), so we have to do this to make sure that we can push and pull changes correctly. -2) Copy the compilation configuration file vigilia.config into a .config file in -the main folder by executing "cp vigilia.config .config". +2) Run "./scripts/feeds update -a" to get all the latest package definitions +defined in feeds.conf / feeds.conf.default respectively and "./scripts/feeds +install -a" to install symlinks of all of them into package/feeds/. +Run "make menuconfig", choose "< Load >", and load "vigilia.config". Then save +this configuration as ".config". 3) Do "make world -j", e.g. make world -j12. -- 2.34.1 From 6b76377bc3e01c13030c8e2e718ce379e2ec3f7f Mon Sep 17 00:00:00 2001 From: rtrimana Date: Thu, 1 Mar 2018 13:32:31 -0800 Subject: [PATCH 14/16] Adding deletion of mangling rule before adding it back in startup.sh --- vigilia_setup/setup/startup.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/vigilia_setup/setup/startup.sh b/vigilia_setup/setup/startup.sh index e9a41d1ff1..e11c557a7d 100755 --- a/vigilia_setup/setup/startup.sh +++ b/vigilia_setup/setup/startup.sh @@ -1,6 +1,7 @@ #!/bin/sh # Do IP mangling for checksum error issue after disable_dgaf=1 +iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill # block everything except ssh, icmp, http, and dhcp -- 2.34.1 From 74adf919d2354036a5b4ef95633ddc354e4d10f5 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Tue, 24 Jul 2018 17:08:53 -0700 Subject: [PATCH 15/16] Renewing on router shell scripts for the phone app. --- README | 2 +- .../register/version_3/change_default_pw.sh | 29 +++ .../register/version_3/connect_device.sh | 94 +++++++++ .../register/version_3/register_device.sh | 187 ++++++++++++++++++ 4 files changed, 311 insertions(+), 1 deletion(-) create mode 100644 vigilia_setup/register/version_3/change_default_pw.sh create mode 100644 vigilia_setup/register/version_3/connect_device.sh create mode 100644 vigilia_setup/register/version_3/register_device.sh diff --git a/README b/README index af16ae4b83..42d8b6569b 100644 --- a/README +++ b/README @@ -82,7 +82,7 @@ default firewall setup from LEDE, we can do UCI when it is initializing the firewall rules when the system is booting up. 10) We need to also create /root/vigilia_setup/register and copy the scripts in -vigilia_setup/register/version_2 into it. These Shell scripts work with the +vigilia_setup/register/version_3 into it. These Shell scripts work with the Android app that registers and deletes devices to and from the router. 11) Last, we need to copy the setup scripts in vigilia_setup/setup into /setup on diff --git a/vigilia_setup/register/version_3/change_default_pw.sh b/vigilia_setup/register/version_3/change_default_pw.sh new file mode 100644 index 0000000000..67c1c61543 --- /dev/null +++ b/vigilia_setup/register/version_3/change_default_pw.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# Print usage +if [ "$#" -eq 0 ] || [ "$1" == "-h" ]; then + echo "This is a simple script that change the pre-shared key of a router" + echo "using UCI command change password written in /etc/config/wireless" + echo "" + echo "Usage:" + echo " ./change_default_pw.sh [-h]" + echo " ./change_default_pw.sh [-ch ]" + echo "" + echo "Options:" + echo " -h show this usage" + echo " -ch change default into a specific password" + echo "" + +elif [ "$1" == "-ch" ]; then + # Change the wireless.key option in the config file. + PW=$2 + uci set wireless.default_radio0.key=$PW + uci set wireless.default_radio1.key=$PW + uci commit + /sbin/wifi + +else + echo "Unknown option. Please run ./change_default_pw.sh -h for usage." +fi + + diff --git a/vigilia_setup/register/version_3/connect_device.sh b/vigilia_setup/register/version_3/connect_device.sh new file mode 100644 index 0000000000..d63635bb76 --- /dev/null +++ b/vigilia_setup/register/version_3/connect_device.sh @@ -0,0 +1,94 @@ +#!/bin/sh + +# Print usage +if [ "$#" -eq 0 ] || [ "$1" == "-h" ]; then + echo "This is a simple script that register connected device into the system" + echo "/etc/config/hostapd-psk /etc/config/dhcp will be changed accordingly" + echo "~/vigilia_setup/register/register_device.sh will be executed" + echo "" + echo "Usage:" + echo " ./connect_device.sh [-h]" + echo " ./connect_device.sh [-co ]" + echo "" + echo "Options:" + echo " -h show this usage" + echo " -co connect a new device" + echo "" + +elif [ "$1" == "-co" ]; then + + # 0 + # Get password from $2 + # Supposing that key for radio0 and radio1 are equal + PW=$2 + + # Save default password from $5. If the argument is empty, let's use THE default one. + DEFAULT="1qaz2wsx3edc" + if [ ! -z "$5" ]; then + DEFAULT=$5 + fi + + # 1 + # Get MAC address and IP address from dhcp.leases file. + # Below scripts will find the most recently connected device by sorting the first column of lease file, + # which is time of lease expiry, in epoch time + # Before that, the file named devices.dat could not exist, so touch it first + touch ~/vigilia_setup/register/devices.dat + chmod 666 ~/vigilia_setup/register/devices.dat + + # now ready to use devices.dat. Get numbers of records in devices.dat + NR=$(cat ~/vigilia_setup/register/devices.dat | wc -l) + + # use temp file for procedure so that we don't touch original lease file + cp /tmp/dhcp.leases leases.temp + + + grep $3 leases.temp > temp.temp + rm leases.temp + mv temp.temp leases.temp + +# for i in `seq 1 $NR` +# do +# #get line number(LN) +# LN="${i}p" +# #get target MAC address(TMAC) from devices.dat +# TMAC=$(sed -n ${LN} ~/vigilia_setup/register/devices.dat | awk '{print $1}') +# echo "TMAC: $TMAC" +# #remove the record with certain TMAC in the dhcp file so that we can get new one at the end +# sed -e /${TMAC}/d leases.temp > leases.temp.temp +# rm leases.temp +# mv leases.temp.temp leases.temp +# done + + # Filter done. There should be only one line in leases.temp, but just in + # case sort the epoch time +# RECENT=$(sort -nrk1,1 leases.temp | head -1) +# echo "Recent: $RECENT" + + # Get MAC, IP, NAME from RECENT + MAC=$(awk '{print $2}' leases.temp) + IP=$(awk '{print $3}' leases.temp) + # below was used when there were no name argument in the script + # NAME=$(echo $RECENT | awk '{print $4}') + NAME=$4 + + # 2 + # Add record to the database with ~/vigilia_setup/register/register_device.sh + echo "MAC: $MAC" + echo "IP: $IP" + echo "PW: $PW" + echo "Name: $NAME" + ~/vigilia_setup/register/register_device.sh -a $MAC $IP $PW $NAME + + # 3 + # rewind the default password and apply config files + uci commit + ~/vigilia_setup/register/change_default_pw.sh -ch $DEFAULT + /sbin/wifi + +else + echo "Unknown option. Please run ./connect_device.sh -h for usage." + +fi + + diff --git a/vigilia_setup/register/version_3/register_device.sh b/vigilia_setup/register/version_3/register_device.sh new file mode 100644 index 0000000000..f31dc3a512 --- /dev/null +++ b/vigilia_setup/register/version_3/register_device.sh @@ -0,0 +1,187 @@ +#!/bin/sh + +# Print usage +if [ "$#" -eq 0 ] || [ "$1" == "-h" ]; then + echo "Device registration utility for Vigilia system" + echo "This is a simple script that register a new device" + echo "into /etc/config/dhcp and /etc/config/hostapd-psk" + echo "Copyright (c) 2015-2017, Rahmadi Trimananda PLRG@UCIrvine" + echo "" + echo "Usage:" + echo " ./register_device.sh [-h]" + echo " ./register_device.sh [-a ]" + echo " ./register_device.sh [-l]" + echo " ./register_device.sh [-ln]" + echo " ./register_device.sh [-dm ]" + echo " ./register_device.sh [-dn ]" + echo "" + echo "Options:" + echo " -h show this usage" + echo " -a adding device by putting MAC address, desired IP address, key, and device name (optional)" + echo " -l show list of devices registered" + echo " -ln show list of names of devices registered" + echo " -dm delete a specific registered device with MAC address" + echo " -dn delete a specific registered device with name" + echo "" + +# add a device +elif [ "$1" == "-a" ]; then + while read line; do + for word in $line; do + if [ "$2" == $word ]; then + echo "MAC address: $2 is already used! Please use a different MAC address." + exit + fi + if [ "$3" == $word ]; then + echo "IP address: $3 is already used! Please use a different IP address." + exit + fi + if [ "$5" == $word ]; then + echo "Device name: $5 is already used! Please use a different Name." + exit + fi + done + done > ~/vigilia_setup/register/devices.dat + + # Insert into /etc/config/hostapd-psk + echo "$MAC $KEY" >> /etc/config/hostapd-psk + + # Insert into /etc/config/dhcp + echo "" >> /etc/config/dhcp + if [ "$5" != "" ]; then # If device-name is not empty + echo "# $5" >> /etc/config/dhcp + fi + + echo "config host" >> /etc/config/dhcp + echo " option ip '$IP'" >> /etc/config/dhcp + echo " option mac '$MAC'" >> /etc/config/dhcp + + if [ "$5" != "" ]; then # If device-name is not empty + echo " option name '$5'" >> /etc/config/dhcp + fi + + echo "Device added!" + fi + +# Print list of devices +elif [ "$1" == "-l" ]; then + echo "List of devices" + cat ~/vigilia_setup/register/devices.dat + echo "" + echo "/etc/config/hostapd-psk" + cat /etc/config/hostapd-psk + +# Print only the devices' names list +elif [ "$1" == "-ln" ]; then +# cat ~/vigilia_setup/register/devices.dat | awk '{print $4}' + cat ~/vigilia_setup/register/devices.dat | awk '{print $4," ",$1," ",$2}' + +# Delete device by MAC address +elif [ "$1" == "-dm" ]; then + # Make new file without the line containing specific MAC address then swap + + MAC=$2 + if grep -q $MAC devices.dat; then + echo "MAC Address found!" + else + echo "MAC Address was not found. Please enter a valid MAC Address." + fi + + sed -e "/$2/d" ~/vigilia_setup/register/devices.dat > tmp.dat + chmod 666 tmp.dat + rm ~/vigilia_setup/register/devices.dat + mv tmp.dat ~/vigilia_setup/register/devices.dat + + # update /etc/config/hostapd + sed -e "/$2/d" /etc/config/hostapd-psk > hostapd.tmp + rm /etc/config/hostapd-psk + mv hostapd.tmp /etc/config/hostapd-psk + + # update /etc/config/dhcp + # get line number of dhcp including the MAC address + LN=$(sed -n "/$2/=" /etc/config/dhcp) + HEAD=$(expr ${LN} - 3) + + # add 1, not 2, in case of no name line in target device + TAIL=$(expr ${LN} + 1) + sed "${HEAD},${TAIL}d" /etc/config/dhcp > dhcp.tmp + rm /etc/config/dhcp + mv dhcp.tmp /etc/config/dhcp + + #show on screen + echo "device deleted!" + + #apply change + /sbin/wifi + +# Delete by name. Similar to deleting with MAC +elif [ "$1" == "-dn" ]; then + # back up first + cp /etc/config/hostapd-psk /etc/config/hostapd-psk.bak + cp /etc/config/dhcp /etc/config/dhcp.bak + + + #Multiple name arguments can be given. + VAR1=$1 + NAME=$2 + FLAG=0 + shift 1 + for arg in "$@"; do + NAME=${arg} + # Get MAC Address first looking up the devices.dat file + MAC=$(grep ${NAME} ~/vigilia_setup/register/devices.dat | awk '{print $1}') + + + # Make new file without the line containing specific device name then swap + sed -e "/${NAME}/d" ~/vigilia_setup/register/devices.dat > tmp.dat + chmod 666 tmp.dat + rm ~/vigilia_setup/register/devices.dat + mv tmp.dat ~/vigilia_setup/register/devices.dat + + # update /etc/config/hostapd + sed -e "/${MAC}/d" /etc/config/hostapd-psk > hostapd.tmp + rm /etc/config/hostapd-psk + mv hostapd.tmp /etc/config/hostapd-psk + + # update /etc/config/dhcp + # get line number of dhcp including the MAC address + LN=$(sed -n "/${MAC}/=" /etc/config/dhcp) + HEAD=$(expr ${LN} - 3) + #echo "ln: $LN" + #echo "head: $HEAD" + + # add 1, not 2, in case of no name in the dhcp file + + TAIL=$(expr ${LN} + 1) + #echo "Tail: $TAIL" + sed "${HEAD},${TAIL}d" /etc/config/dhcp > dhcp.tmp + rm /etc/config/dhcp + mv dhcp.tmp /etc/config/dhcp + + #show on screen + echo "device deleted!" + done + + + #apply change + /sbin/wifi + + +else + echo "Unknown option. Please run ./register_device.sh -h for usage." + +fi + + + -- 2.34.1 From c5cda9c37e8f53d475034dca3dc8d1e3b687208e Mon Sep 17 00:00:00 2001 From: rtrimana Date: Thu, 26 Jul 2018 13:57:46 -0700 Subject: [PATCH 16/16] Adding (empty) devices.dat as this is needed by the phone app to start. --- README | 2 +- vigilia_setup/register/version_3/devices.dat | 0 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 vigilia_setup/register/version_3/devices.dat diff --git a/README b/README index 42d8b6569b..fddafd759c 100644 --- a/README +++ b/README @@ -81,7 +81,7 @@ default firewall setup from LEDE, we can do "mv /etc/config/firewall /etc/config/firewall.bak" to make it unreadable by LEDE UCI when it is initializing the firewall rules when the system is booting up. -10) We need to also create /root/vigilia_setup/register and copy the scripts in +10) We need to also create /root/vigilia_setup/register and copy the scripts and files in vigilia_setup/register/version_3 into it. These Shell scripts work with the Android app that registers and deletes devices to and from the router. diff --git a/vigilia_setup/register/version_3/devices.dat b/vigilia_setup/register/version_3/devices.dat new file mode 100644 index 0000000000..e69de29bb2 -- 2.34.1