diff --git a/Makefile b/Makefile index 65901baf..f37e8825 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,7 @@ install: cp src/* ${DESTDIR}${PREFIX}/bin cp src/${APP}-mesh-batman ${DESTDIR}${PREFIX}/bin/batman cp src/${APP}-mesh-bmx6 ${DESTDIR}${PREFIX}/bin/bmx + cp src/${APP}-mesh-bmx7 ${DESTDIR}${PREFIX}/bin/bmxsec cp src/${APP}-backup-local ${DESTDIR}${PREFIX}/bin/backup cp src/${APP}-backup-local ${DESTDIR}${PREFIX}/bin/backup2friends cp src/${APP}-restore-local ${DESTDIR}${PREFIX}/bin/restore @@ -62,6 +63,7 @@ uninstall: rm -f ${PREFIX}/bin/restorefromfriend rm -f ${PREFIX}/bin/batman rm -f ${PREFIX}/bin/bmx + rm -f ${PREFIX}/bin/bmxsec rm -rf /etc/${APP} rm -f ${PREFIX}/bin/control rm -f ${PREFIX}/bin/controluser diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise index 1d655c7f..43eec197 100755 --- a/src/freedombone-image-customise +++ b/src/freedombone-image-customise @@ -128,6 +128,9 @@ MESH_TEXT_EDITOR='pluma' BMX6_REPO="https://github.com/bmx-routing/bmx6" BMX6_COMMIT='39dd1f2d99ac5a3fa28e92f8173c15039132e181' +BMX7_REPO="https://github.com/bmx-routing/bmx7" +BMX7_COMMIT='0a82c7c10fef44b259b35e77ab33632aa132d219' + PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin function configure_backports { @@ -644,13 +647,31 @@ EOF } mesh_shutdown_script() { + mesh_shutdown_script=$rootdir/usr/bin/meshshutdown + echo '#!/bin/bash' > $mesh_shutdown_script + echo '' >> $mesh_shutdown_script + echo "if grep -q 'batman-adv' ${MESH_CURRENT_PROTOCOL}; then" >> $mesh_shutdown_script + echo ' batman stop' >> $mesh_shutdown_script + echo 'fi' >> $mesh_shutdown_script + echo '' >> $mesh_shutdown_script + echo "if grep -q 'bmx6' ${MESH_CURRENT_PROTOCOL}; then" >> $mesh_shutdown_script + echo ' bmx stop' >> $mesh_shutdown_script + echo 'fi' >> $mesh_shutdown_script + echo '' >> $mesh_shutdown_script + echo "if grep -q 'bmx7' ${MESH_CURRENT_PROTOCOL}; then" >> $mesh_shutdown_script + echo ' bmxsec stop' >> $mesh_shutdown_script + echo 'fi' >> $mesh_shutdown_script + chroot "$rootdir" chmod +x /usr/bin/meshshutdown + echo '[Unit]' > $rootdir/etc/systemd/system/meshshutdown.service echo 'Description=Shuts down the mesh' >> $rootdir/etc/systemd/system/meshshutdown.service echo 'Before=shutdown.target' >> $rootdir/etc/systemd/system/meshshutdown.service echo '' >> $rootdir/etc/systemd/system/meshshutdown.service echo '[Service]' >> $rootdir/etc/systemd/system/meshshutdown.service + echo 'User=root' >> $rootdir/etc/systemd/system/meshshutdown.service + echo 'Group=root' >> $rootdir/etc/systemd/system/meshshutdown.service echo 'ExecStart=/bin/true' >> $rootdir/etc/systemd/system/meshshutdown.service - echo 'ExecStop=/bin/bash /usr/local/bin/batman stop' >> $rootdir/etc/systemd/system/meshshutdown.service + echo 'ExecStop=/bin/bash /usr/bin/meshshutdown' >> $rootdir/etc/systemd/system/meshshutdown.service echo 'RemainAfterExit=yes' >> $rootdir/etc/systemd/system/meshshutdown.service echo '' >> $rootdir/etc/systemd/system/meshshutdown.service echo '[Install]' >> $rootdir/etc/systemd/system/meshshutdown.service @@ -700,21 +721,93 @@ EOF exit 79835292 fi + rm $rootdir/usr/bin/install_bmx6 + echo '[Unit]' > $rootdir/etc/systemd/system/bmx6.service echo 'Description=BMX6 mesh routing protocol' >> $rootdir/etc/systemd/system/bmx6.service echo 'Requires=network.target' >> $rootdir/etc/systemd/system/bmx6.service echo 'After=network.target' >> $rootdir/etc/systemd/system/bmx6.service echo '' >> $rootdir/etc/systemd/system/bmx6.service echo '[Service]' >> $rootdir/etc/systemd/system/bmx6.service + echo 'Type=forking' >> $rootdir/etc/systemd/system/bmx6.service echo 'User=root' >> $rootdir/etc/systemd/system/bmx6.service echo 'Group=root' >> $rootdir/etc/systemd/system/bmx6.service echo 'ExecStart=/usr/sbin/bmx6 dev=wlan0' >> $rootdir/etc/systemd/system/bmx6.service + echo 'ExecStop=/usr/bin/kill -15 $MAINPID' >> $rootdir/etc/systemd/system/bmx6.service + echo 'PIDFile=/var/run/bmx6/pid' >> $rootdir/etc/systemd/system/bmx6.service echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/bmx6.service echo '' >> $rootdir/etc/systemd/system/bmx6.service echo '[Install]' >> $rootdir/etc/systemd/system/bmx6.service echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/bmx6.service } +install_bmx7() { + chroot "$rootdir" apt-get -qy install libjson-c-dev zlib1g-dev libiw-dev + + git clone $BMX7_REPO $rootdir/etc/bmx7 + + cat < $rootdir/usr/bin/install_bmx7 +#!/bin/bash +cd /etc +wget https://polarssl.org/code/releases/polarssl-1.3.3-gpl.tgz +tar xzvf polarssl-1.3.3-gpl.tgz +cd /etc/polarssl-1.3.3 +make +sudo make install + +cd /etc/bmx7 +git checkout $BMX7_COMMIT -b $BMX7_COMMIT +make EXTRA_CFLAGS="-DCRYPTLIB=POLARSSL_1_3_3" +make install + +cd /etc/bmx7/lib/bmx7_http_info +make +make install + +cd /etc/bmx7/lib/bmx7_json +make +make install + +cd /etc/bmx7/lib/bmx7_tun +make +make install + +cd /etc/bmx7/lib/bmx7_sms +make +make install + +cd /etc/bmx7/lib/bmx7_topology +make +make install +EOF + chroot "$rootdir" chmod +x /usr/bin/install_bmx7 + chroot "$rootdir" /usr/bin/install_bmx7 + + if [ ! -f $rootdir/usr/sbin/bmx7 ]; then + echo $'bmx7 was not installed' + exit 67836235 + fi + + rm $rootdir/usr/bin/install_bmx7 + + echo '[Unit]' > $rootdir/etc/systemd/system/bmx7.service + echo 'Description=BMX7 mesh routing protocol' >> $rootdir/etc/systemd/system/bmx7.service + echo 'Requires=network.target' >> $rootdir/etc/systemd/system/bmx7.service + echo 'After=network.target' >> $rootdir/etc/systemd/system/bmx7.service + echo '' >> $rootdir/etc/systemd/system/bmx7.service + echo '[Service]' >> $rootdir/etc/systemd/system/bmx7.service + echo 'Type=forking' >> $rootdir/etc/systemd/system/bmx7.service + echo 'User=root' >> $rootdir/etc/systemd/system/bmx7.service + echo 'Group=root' >> $rootdir/etc/systemd/system/bmx7.service + echo 'ExecStart=/usr/sbin/bmx7 dev=wlan0' >> $rootdir/etc/systemd/system/bmx7.service + echo 'ExecStop=/usr/bin/kill -15 $MAINPID' >> $rootdir/etc/systemd/system/bmx7.service + echo 'PIDFile=/var/run/bmx6/pid' >> $rootdir/etc/systemd/system/bmx7.service + echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/bmx7.service + echo '' >> $rootdir/etc/systemd/system/bmx7.service + echo '[Install]' >> $rootdir/etc/systemd/system/bmx7.service + echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/bmx7.service +} + initialise_mesh() { if [[ $VARIANT != "mesh"* ]]; then return @@ -751,10 +844,14 @@ initialise_mesh() { # dhcp daemon for hotspot on secondary wifi adapter chroot "$rootdir" apt-get -yq install dnsmasq + # set the default protocol to be used + echo 'batman-adv' > $rootdir$MESH_DEFAULT_PROTOCOL + configure_firewall install_avahi install_batman install_bmx6 + install_bmx7 mesh_shutdown_script install_vpn install_tomb diff --git a/src/freedombone-image-mesh b/src/freedombone-image-mesh index d041a71b..6df71311 100755 --- a/src/freedombone-image-mesh +++ b/src/freedombone-image-mesh @@ -1419,6 +1419,10 @@ if [ -f $MESH_INSTALL_SETUP ]; then systemctl disable bmx6 echo $'BMX6 disabled' >> $INSTALL_LOG + systemctl stop bmx7 + systemctl disable bmx7 + echo $'BMX7 disabled' >> $INSTALL_LOG + #tomb slam all tmp_ram_disk 100 enable_predictable_device_names diff --git a/src/freedombone-mesh-bmx7 b/src/freedombone-mesh-bmx7 new file mode 100755 index 00000000..a7f9e69a --- /dev/null +++ b/src/freedombone-mesh-bmx7 @@ -0,0 +1,310 @@ +#!/bin/bash +# +# .---. . . +# | | | +# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. +# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' +# ' ' --' --' -' - -' ' ' -' -' -' ' - --' +# +# Freedom in the Cloud +# +# Used to enable or disable BMX7 mesh protocol on wlanX +# +# License +# ======= +# +# Copyright (C) 2018 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +PROJECT_NAME='freedombone' +COMPLETION_FILE=/root/${PROJECT_NAME}-completed.txt + +# hotspot passphrase must be 5 characters or longer +HOTSPOT_PASSPHRASE="${PROJECT_NAME}" + +source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi +source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh + +mesh_protocol_init +update_wifi_adaptors + +if [ ! $IFACE ]; then + echo $'No wlan adaptor' + exit 0 +fi + +function status { + bmx7 -c status +} + +function stop { + if [ -z "$IFACE" ]; then + echo 'error: unable to find wifi interface, not enabling BMX7 mesh' + return + fi + + systemctl stop dnsmasq + systemctl disable dnsmasq + systemctl stop bmx7 + systemctl disable bmx7 + + if [ "$EIFACE" ]; then + ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier) + if [[ "$ethernet_connected" != "0" ]]; then + systemctl stop hostapd + ifconfig $EIFACE down -promisc + fi + fi + + avahi-autoipd -k $BRIDGE + avahi-autoipd -k $IFACE + ifconfig $IFACE down -promisc + + ifconfig $IFACE mtu 1500 + ifconfig $IFACE down + iwconfig $IFACE mode managed + + if [ $IFACE_SECONDARY ]; then + systemctl stop hostapd + systemctl disable hostapd + ifconfig $IFACE_SECONDARY mtu 1500 + ifconfig $IFACE_SECONDARY down + iwconfig $IFACE_SECONDARY mode managed + fi + + disable_mesh_firewall + + systemctl restart network-manager + + if [ -f $MESH_CURRENT_PROTOCOL ]; then + rm $MESH_CURRENT_PROTOCOL + fi +} + +function verify { + # TODO + echo -n '' +} + +function add_wifi_interface { + ifname=$1 + ifssid=$WIFI_SSID + if [ $2 ]; then + ifssid=$2 + fi + ifmode=ad-hoc + if [ $3 ]; then + ifmode=$3 + fi + ifchannel=$CHANNEL + if [ $4 ]; then + ifchannel=$4 + fi + + ifconfig $ifname down + ifconfig $ifname mtu 1500 + peermac=$(assign_peer_address) + if [ ! $peermac ]; then + echo $"Unable to obtain MAC address for $peermac on $ifname" + return + fi + ifconfig $ifname hw ether $peermac + echo $"$ifname assigned MAC address $peermac" + iwconfig $ifname enc off + iwconfig $ifname mode $ifmode essid $ifssid channel $ifchannel + + ifconfig $ifname up +} + +function start { + update_wifi_adaptors + + if [ -z "$IFACE" ] ; then + echo 'error: unable to find wifi interface, not enabling BMX7 mesh' + exit 723657 + fi + echo "info: enabling BMX7 mesh network $WIFI_SSID on $IFACE" + + mesh_protocol_stop + + systemctl stop network-manager + sleep 5 + + systemctl stop dnsmasq + systemctl disable dnsmasq + + # remove an avahi service which isn't used + if [ -f /etc/avahi/services/udisks.service ]; then + sudo rm /etc/avahi/services/udisks.service + fi + + global_rate_limit + + # Might have to re-enable wifi + rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true + + secondary_wifi_available= + if [ $IFACE_SECONDARY ]; then + if [[ $IFACE != $IFACE_SECONDARY ]]; then + if [ -d /etc/hostapd ]; then + if [ ${#HOTSPOT_PASSPHRASE} -gt 4 ]; then + secondary_wifi_available=1 + else + echo $'Hotspot passphrase is too short' + fi + fi + fi + fi + + add_wifi_interface $IFACE $WIFI_SSID ad-hoc $CHANNEL + ifconfig $IFACE up promisc + + if [ ! $secondary_wifi_available ]; then + sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx7 dev=${IFACE}|g" /etc/systemd/system/bmx7.service + else + sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx7 dev=${IFACE} dev=${EIFACE}|g" /etc/systemd/system/bmx7.service + fi + + systemctl daemon-reload + systemctl enable bmx7 + systemctl start bmx7 + + avahi-autoipd --force-bind --daemonize --wait $IFACE + + # NOTE: Don't connect the secondary wifi device. hostapd will handle that by itself + + ethernet_connected='0' + if [ "$EIFACE" ] ; then + ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier) + if [[ "$ethernet_connected" != "0" ]]; then + echo $'Trying ethernet bridge to the internet' + ifconfig $EIFACE up promisc + echo $'End of ethernet bridge' + else + echo $"$EIFACE is not connected" + fi + fi + + enable_mesh_seconary_wifi + + enable_mesh_firewall + + systemctl restart avahi-daemon + + enable_mesh_scuttlebot + enable_mesh_tor + + + sed -i "s|server_name .*|server_name ${HOSTNAME}.local;|g" /etc/nginx/sites-available/git_ssb + + systemctl restart nginx + + verify + + echo "bmx7" > $MESH_CURRENT_PROTOCOL +} + +function monitor { + if [ -z "$IFACE" ] ; then + echo 'error: unable to find wifi interface, not enabling BMX7 mesh' + exit 723657 + fi + + clear + echo '' + echo $'*** Stopping network ***' + echo '' + + stop + + echo "info: monitoring mesh network $WIFI_SSID on $IFACE" + + systemctl stop network-manager + sleep 5 + + clear + echo '' + echo $'*** Setting firewall rate limit ***' + echo '' + + global_rate_limit + + clear + echo '' + echo $'*** Enabling wifi adaptor in monitor mode ***' + echo '' + + # Might have to re-enable wifi + rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true + + ifconfig $IFACE down + ifconfig $IFACE mtu 1500 + ifconfig $IFACE hw ether $(assign_peer_address) + iwconfig $IFACE enc off + iwconfig $IFACE mode monitor channel $CHANNEL + sleep 1 + iwconfig $IFACE ap $CELLID + + ifconfig $IFACE up + + horst -i $IFACE + + clear + echo '' + echo $'*** Restarting the network daemon. This may take a while. ***' + echo '' + + start +} + +if ! grep -q "$IFACE" /proc/net/dev; then + echo 'Interface $IFACE was not found' + stop + exit 1 +fi + +case "$1" in + start|stop|status|monitor) + $1 + ;; + restart) + clear + echo '' + echo $'*** Stopping BMX7 mesh network connection ***' + echo '' + stop + sleep 10 + clear + echo '' + echo $'*** Starting BMX7 mesh network connection ***' + echo '' + start + ;; + ping) + ping $2 + ;; + data) + bmx7 -lc traffic=$IFACE + ;; + ls|list) + avahi-browse -atl + ;; + *) + echo "error: invalid parameter $1" + echo 'usage: $0 {start|stop|restart|status|ping|ls|list}' + exit 2 + ;; +esac +exit 0 diff --git a/src/freedombone-mesh-reset b/src/freedombone-mesh-reset index 32cfc46e..954277c2 100755 --- a/src/freedombone-mesh-reset +++ b/src/freedombone-mesh-reset @@ -31,10 +31,29 @@ PROJECT_NAME='freedombone' export TEXTDOMAIN=${PROJECT_NAME}-mesh-reset export TEXTDOMAINDIR="/usr/share/locale" +MESH_CURRENT_PROTOCOL=/root/.mesh_protocol MESH_INSTALL_COMPLETED=/root/.mesh_setup_completed if ! zenity --question --title=$'New Identity' --text=$"Do you want to reset your identity? This will reset ALL data for this peer, and you will not be able to recover it." --ok-label=No --cancel-label=Yes --width=300; then - sudo batman stop + + curr_protocol='batman-adv' + if grep -q "bmx6" $MESH_CURRENT_PROTOCOL; then + curr_protocol='bmx6' + fi + if grep -q "bmx7" $MESH_CURRENT_PROTOCOL; then + curr_protocol='bmx7' + fi + + if [[ "$curr_protocol" == 'batman-adv' ]]; then + sudo batman stop + fi + if [[ "$curr_protocol" == 'bmx6' ]]; then + sudo bmx stop + fi + if [[ "$curr_protocol" == 'bmx7' ]]; then + sudo bmxsec stop + fi + sudo pkill qtox sudo pkill firefox sudo pkill iceweasel @@ -42,7 +61,17 @@ if ! zenity --question --title=$'New Identity' --text=$"Do you want to reset you sudo pkill patchwork sudo rm -f $MESH_INSTALL_COMPLETED sudo ${PROJECT_NAME}-image-mesh $USER new - sudo batman start + + if [[ "$curr_protocol" == 'batman-adv' ]]; then + sudo batman start + fi + if [[ "$curr_protocol" == 'bmx6' ]]; then + sudo bmx start + fi + if [[ "$curr_protocol" == 'bmx7' ]]; then + sudo bmxsec start + fi + if [ -f $HOME/mesh-desktop.sh ]; then $HOME/mesh-desktop.sh else diff --git a/src/freedombone-utils-mesh b/src/freedombone-utils-mesh index 0a476bfd..fd06fb23 100755 --- a/src/freedombone-utils-mesh +++ b/src/freedombone-utils-mesh @@ -29,7 +29,8 @@ # along with this program. If not, see . # File which contains the current protocol in use -MESH_CURRENT_PROTOCOL=~/.mesh_protocol +MESH_CURRENT_PROTOCOL=/root/.mesh_protocol +MESH_DEFAULT_PROTOCOL=/root/.mesh_protocol_default function mesh_protocol_stop { if [ ! -f $MESH_CURRENT_PROTOCOL ]; then @@ -40,6 +41,10 @@ function mesh_protocol_stop { bmx stop fi + if grep -q "bmx7" $MESH_CURRENT_PROTOCOL; then + bmxsec stop + fi + if grep -q "batman-adv" $MESH_CURRENT_PROTOCOL; then batman stop fi