From a16142af9e06921a3b1eeca4d3179dfeb7b3d9c3 Mon Sep 17 00:00:00 2001 From: Stefan Agner Date: Fri, 27 Sep 2024 15:23:45 +0200 Subject: [PATCH] openthread_border_router: bump to latest and smaller improvements (#3772) * openthread_border_router: bump to latest and smaller improvements Bump to OTBR POSIX version 09574a202c2 (2024-09-23 08:54:32 -0700) and fix some smaller issues, specifically make sure that the log output is not buffered and avoid ipset errors. * openthread_border_router: bump to latest again Bump to OTBR POSIX version ff7227ea9a2 (2024-09-25 14:54:08 -0700). Gets rid of a local patch. --- .../0001-support-deleting-the-dataset.patch | 10 ++-- .../0002-set-netif-route-metric-lower.patch | 8 +-- ...-disable-syslog-for-otbr-web-as-well.patch | 52 ------------------- openthread_border_router/CHANGELOG.md | 6 +++ openthread_border_router/Dockerfile | 4 +- openthread_border_router/build.yaml | 2 +- openthread_border_router/config.yaml | 2 +- .../etc/s6-overlay/s6-rc.d/otbr-agent/run | 15 +++--- .../etc/s6-overlay/s6-rc.d/otbr-web/run | 2 +- 9 files changed, 29 insertions(+), 72 deletions(-) delete mode 100644 openthread_border_router/0003-logging-support-disable-syslog-for-otbr-web-as-well.patch diff --git a/openthread_border_router/0001-support-deleting-the-dataset.patch b/openthread_border_router/0001-support-deleting-the-dataset.patch index 578b67b09d5..3804f5c76b8 100644 --- a/openthread_border_router/0001-support-deleting-the-dataset.patch +++ b/openthread_border_router/0001-support-deleting-the-dataset.patch @@ -1,4 +1,4 @@ -From e67d11327f3ee5f67107d866c2df575a2695727c Mon Sep 17 00:00:00 2001 +From 2efa60f83b71402ce0c1ef176be8f88a9bfdefac Mon Sep 17 00:00:00 2001 From: Stefan Agner Date: Mon, 5 Jun 2023 23:41:50 +0200 Subject: [PATCH] support deleting the dataset @@ -16,7 +16,7 @@ otDatasetCreateNewNetwork). 3 files changed, 57 insertions(+) diff --git a/src/rest/openapi.yaml b/src/rest/openapi.yaml -index 2ba2a4dd56..2edc4af29a 100644 +index 2ba2a4dd56f..2edc4af29ad 100644 --- a/src/rest/openapi.yaml +++ b/src/rest/openapi.yaml @@ -248,6 +248,18 @@ paths: @@ -55,7 +55,7 @@ index 2ba2a4dd56..2edc4af29a 100644 schemas: LeaderData: diff --git a/src/rest/resource.cpp b/src/rest/resource.cpp -index ce154c2e5b..1708faf6ab 100644 +index ce154c2e5b3..1708faf6abc 100644 --- a/src/rest/resource.cpp +++ b/src/rest/resource.cpp @@ -767,12 +767,47 @@ exit: @@ -107,7 +107,7 @@ index ce154c2e5b..1708faf6ab 100644 GetDataset(aDatasetType, aRequest, aResponse); break; diff --git a/src/rest/resource.hpp b/src/rest/resource.hpp -index 0929dbcc50..cbe1702f2f 100644 +index 0929dbcc50c..cbe1702f2fb 100644 --- a/src/rest/resource.hpp +++ b/src/rest/resource.hpp @@ -150,6 +150,7 @@ private: @@ -119,5 +119,5 @@ index 0929dbcc50..cbe1702f2f 100644 void DeleteOutDatedDiagnostic(void); void UpdateDiag(std::string aKey, std::vector &aDiag); -- -2.46.0 +2.46.1 diff --git a/openthread_border_router/0002-set-netif-route-metric-lower.patch b/openthread_border_router/0002-set-netif-route-metric-lower.patch index 1f8b4cde56b..9643ab75d58 100644 --- a/openthread_border_router/0002-set-netif-route-metric-lower.patch +++ b/openthread_border_router/0002-set-netif-route-metric-lower.patch @@ -1,4 +1,4 @@ -From 7662acaaffb9cf730a8ba1d4f6014832dad23d0f Mon Sep 17 00:00:00 2001 +From afb29a91024247f46e9e75954b930f4518444360 Mon Sep 17 00:00:00 2001 From: Stefan Agner Date: Sat, 20 Jan 2024 16:31:28 +0100 Subject: [PATCH] set netif route metric lower @@ -11,17 +11,17 @@ OpenThread network interface's own route is lower than that. 1 file changed, 1 insertion(+) diff --git a/third_party/openthread/CMakeLists.txt b/third_party/openthread/CMakeLists.txt -index 8ea4516e4e..97007a58cd 100644 +index eab6e7c6007..9e01d66aefd 100644 --- a/third_party/openthread/CMakeLists.txt +++ b/third_party/openthread/CMakeLists.txt @@ -106,6 +106,7 @@ target_compile_definitions(ot-config INTERFACE + "-DOPENTHREAD_CONFIG_LOG_CLI=1" "-DOPENTHREAD_CONFIG_MAX_STATECHANGE_HANDLERS=3" "-DOPENTHREAD_CONFIG_MLE_STEERING_DATA_SET_OOB_ENABLE=1" - "-DOPENTHREAD_CONFIG_TCP_ENABLE=0" + "-DOPENTHREAD_POSIX_CONFIG_NETIF_PREFIX_ROUTE_METRIC=64" "-DOPENTHREAD_POSIX_CONFIG_FILE=\"${PROJECT_BINARY_DIR}/src/agent/openthread-otbr-posix-config.h\"" ) -- -2.46.0 +2.46.1 diff --git a/openthread_border_router/0003-logging-support-disable-syslog-for-otbr-web-as-well.patch b/openthread_border_router/0003-logging-support-disable-syslog-for-otbr-web-as-well.patch deleted file mode 100644 index e088d212844..00000000000 --- a/openthread_border_router/0003-logging-support-disable-syslog-for-otbr-web-as-well.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 4c8958890eb01448e08921bf3b313cb2169760d0 Mon Sep 17 00:00:00 2001 -From: Stefan Agner -Date: Fri, 16 Aug 2024 11:46:17 +0200 -Subject: [PATCH] [logging] support disable syslog for otbr-web as well - -Commit c88a5fce6659 ("[logging] add command line arg to disable syslog") -allows to disable logging to syslog via command line argument. Support -the same -s command line argument for otbr-web as well. ---- - src/web/main.cpp | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/web/main.cpp b/src/web/main.cpp -index 922038d88c..8b2c20c4e6 100644 ---- a/src/web/main.cpp -+++ b/src/web/main.cpp -@@ -76,9 +76,10 @@ int main(int argc, char **argv) - otbrLogLevel logLevel = OTBR_LOG_INFO; - int ret = 0; - int opt; -- uint16_t port = OT_HTTP_PORT; -+ uint16_t port = OT_HTTP_PORT; -+ bool syslogDisable = false; - -- while ((opt = getopt(argc, argv, "d:I:p:va:")) != -1) -+ while ((opt = getopt(argc, argv, "d:I:p:va:s")) != -1) - { - switch (opt) - { -@@ -103,6 +104,10 @@ int main(int argc, char **argv) - ExitNow(); - break; - -+ case 's': -+ syslogDisable = true; -+ break; -+ - default: - fprintf(stderr, "Usage: %s [-d DEBUG_LEVEL] [-I interfaceName] [-p port] [-a listenAddress] [-v]\n", - argv[0]); -@@ -111,7 +116,7 @@ int main(int argc, char **argv) - } - } - -- otbrLogInit(argv[0], logLevel, true, false); -+ otbrLogInit(argv[0], logLevel, true, syslogDisable); - otbrLogInfo("Running %s", OTBR_PACKAGE_VERSION); - - if (interfaceName == nullptr) --- -2.46.0 - diff --git a/openthread_border_router/CHANGELOG.md b/openthread_border_router/CHANGELOG.md index 84de0218483..85714af9683 100644 --- a/openthread_border_router/CHANGELOG.md +++ b/openthread_border_router/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2.11.0 + +- Bump to OTBR POSIX version ff7227ea9a2 (2024-09-25 14:54:08 -0700) +- Make log output unbuffered +- Avoid ipset errors when firewall is disabled + ## 2.10.0 - Bump to OTBR POSIX version b66cabfaa0 (2024-08-14 08:01:56 -0700) diff --git a/openthread_border_router/Dockerfile b/openthread_border_router/Dockerfile index e9aa7e8b497..3f329d80e43 100644 --- a/openthread_border_router/Dockerfile +++ b/openthread_border_router/Dockerfile @@ -18,7 +18,6 @@ ENV DOCKER 1 COPY 0001-support-deleting-the-dataset.patch /usr/src COPY 0002-set-netif-route-metric-lower.patch /usr/src -COPY 0003-logging-support-disable-syslog-for-otbr-web-as-well.patch /usr/src COPY 0001-channel-monitor-disable-by-default.patch /usr/src # Required and installed (script/bootstrap) can be removed after build ENV OTBR_BUILD_DEPS build-essential ninja-build cmake wget ca-certificates \ @@ -56,7 +55,6 @@ RUN \ && ./script/bootstrap \ && patch -p1 < /usr/src/0001-support-deleting-the-dataset.patch \ && patch -p1 < /usr/src/0002-set-netif-route-metric-lower.patch \ - && patch -p1 < /usr/src/0003-logging-support-disable-syslog-for-otbr-web-as-well.patch \ && ( \ cd third_party/openthread/repo \ && patch -p1 < /usr/src/0001-channel-monitor-disable-by-default.patch \ @@ -89,6 +87,8 @@ RUN \ -DOT_CHANNEL_MONITOR=ON \ -DOT_COAP=OFF \ -DOT_COAPS=OFF \ + -DOT_DNS_CLIENT_OVER_TCP=OFF \ + -DOT_THREAD_VERSION=1.3 \ && cd build/otbr/ \ && ninja \ && ninja install) \ diff --git a/openthread_border_router/build.yaml b/openthread_border_router/build.yaml index 1301515a07a..1b31c91d500 100644 --- a/openthread_border_router/build.yaml +++ b/openthread_border_router/build.yaml @@ -3,5 +3,5 @@ build_from: aarch64: ghcr.io/home-assistant/aarch64-base-debian:bookworm amd64: ghcr.io/home-assistant/amd64-base-debian:bookworm args: - OTBR_VERSION: b66cabfaa0b6829314e8c326c4f92bfbaa55ad9b + OTBR_VERSION: ff7227ea9a2dc0e50f92ab93bd5c9a29e82fe793 UNIVERSAL_SILABS_FLASHER: 0.0.22 diff --git a/openthread_border_router/config.yaml b/openthread_border_router/config.yaml index 4b48145e0b7..976b075d36c 100644 --- a/openthread_border_router/config.yaml +++ b/openthread_border_router/config.yaml @@ -1,5 +1,5 @@ --- -version: 2.10.0 +version: 2.11.0 slug: openthread_border_router name: OpenThread Border Router description: OpenThread Border Router add-on diff --git a/openthread_border_router/rootfs/etc/s6-overlay/s6-rc.d/otbr-agent/run b/openthread_border_router/rootfs/etc/s6-overlay/s6-rc.d/otbr-agent/run index 56f78bd4ae9..d539cc2da49 100755 --- a/openthread_border_router/rootfs/etc/s6-overlay/s6-rc.d/otbr-agent/run +++ b/openthread_border_router/rootfs/etc/s6-overlay/s6-rc.d/otbr-agent/run @@ -66,13 +66,16 @@ fi mkdir -p /data/thread && ln -sft /var/lib /data/thread || bashio::exit.nok "Could not create directory /var/lib/thread to store Thread data." +# We compile the OTBR with firewall support, so otbr-agent tries to update the +# ipsets. Therefor, create ipsets always to avoid errors from otbr-agent. Just +# the ipsets won't have an effect in practice when the firewall is disabled. +ipset create -exist otbr-ingress-deny-src hash:net family inet6 +ipset create -exist otbr-ingress-deny-src-swap hash:net family inet6 +ipset create -exist otbr-ingress-allow-dst hash:net family inet6 +ipset create -exist otbr-ingress-allow-dst-swap hash:net family inet6 + if bashio::config.true 'firewall'; then bashio::log.info "Setup OTBR firewall..." - ipset create -exist otbr-ingress-deny-src hash:net family inet6 - ipset create -exist otbr-ingress-deny-src-swap hash:net family inet6 - ipset create -exist otbr-ingress-allow-dst hash:net family inet6 - ipset create -exist otbr-ingress-allow-dst-swap hash:net family inet6 - ip6tables -N $otbr_forward_ingress_chain ip6tables -I FORWARD 1 -o $thread_if -j $otbr_forward_ingress_chain @@ -116,7 +119,7 @@ echo "${otbr_rest_listen}" > /tmp/otbr-agent-rest-api echo "${otbr_rest_listen_port}" >> /tmp/otbr-agent-rest-api bashio::log.info "Starting otbr-agent..." -exec s6-notifyoncheck -d -s 300 -w 300 -n 0 \ +exec s6-notifyoncheck -d -s 300 -w 300 -n 0 stdbuf -oL \ "/usr/sbin/otbr-agent" -I ${thread_if} -B "${backbone_if}" \ --rest-listen-address "${otbr_rest_listen}" \ -d${otbr_log_level_int} -v -s \ diff --git a/openthread_border_router/rootfs/etc/s6-overlay/s6-rc.d/otbr-web/run b/openthread_border_router/rootfs/etc/s6-overlay/s6-rc.d/otbr-web/run index 951719294d3..76c619348c4 100755 --- a/openthread_border_router/rootfs/etc/s6-overlay/s6-rc.d/otbr-web/run +++ b/openthread_border_router/rootfs/etc/s6-overlay/s6-rc.d/otbr-web/run @@ -7,4 +7,4 @@ declare otbr_web_port otbr_web_port="$(bashio::addon.port 8080)" -exec /usr/sbin/otbr-web -I wpan0 -d6 -s -p "${otbr_web_port}" +exec stdbuf -oL /usr/sbin/otbr-web -I wpan0 -d6 -s -p "${otbr_web_port}"