Initial commit

roles/batman/README.md

@@ -0,0 +1,143 @@
+# `flyoverhead.openwrt.batman`
+
+OpenWRT `B.A.T.M.A.N.` configuration
+- create and configure B.A.T.M.A.N. network
+
+## Role Variables
+
+| Variable | Descritpion | Status | Type | Default/Example |
+| :--- | :--- | :--- | :--- | :--- |
+| `batman_enabled` | Enable B.A.T.M.A.N. configuration | `required` | `boolean` | `false` |
+| `ath10k_ct_fix` | Enable [ath10k-ct drivers fix](https://openwrt.org/docs/guide-user/network/wifi/mesh/80211s#wireless_hardware_support) | `optional` | `boolean` | `false` |
+| `non_mesh_pkgs` | List of non-mesh wpad packages installed by default | `required` | `list` | `["wpad-mini", "wpad-basic", "wpad-basic-wolfssl", "wpad-basic-openssl", "wpad-basic-mbedtls"]` |
+| `batman_pkgs` | List of B.A.T.M.A.N. packages to be installed | `required` | `list` | `["wpad-mesh-wolfssl", "kmod-batman-adv", "batctl-default"]` |
+| `batman_network_interfaces` | List of [B.A.T.M.A.N. network interfaces](https://openwrt.org/docs/guide-user/network/wifi/mesh/batman#batman-adv_options_for_bat0_the_main_mesh_interface) to be configured |  | `list of dictionaries` |  |
+|  | B.A.T.M.A.N. control interface configuration |  |  |  |
+|  `id` | Unique B.A.T.M.A.N. control interface ID | `mandatory` | `string` | `bat0` |
+|  `state` | Interface status (`present` or `absent`) | `required` | `string` | `present` |
+|  `proto` | Interface protocol | `mandatory` | `string` | `batadv` |
+|  `aggregated_ogms` | Enable originator messages used to determine the qualities needed to direct neighbors and spreading this message throughout the whole mesh | `required` | `boolean` | `1` |
+|  `routing_algo` | Routing algorithm (`BATMAN_IV` or `BATMAN_V`) | `mandatory` | `string` | `BATMAN_IV` |
+|  `bonding` | Distribute frames through interfaces (similar in quality and speed) using Round Robin to increase throughput | `optional` | `boolean` | `0` |
+|  `fragmentation` | Enable packet fragmentation | `required` | `boolean` | `1` |
+|  `gw_mode` | Gateway mode (`off`, `client` or `server`) | `required` | `string` | `off` |
+|  `gw_bandwidth` | Gateway bandwidth (for `client` nodes to know about the gateway's quality stated by `download/upload`, and can be suffixed with `mbit` or `kbit`) | `optional` | `string` | `100mbit/20mbit` |
+|  `gw_sel_class` | Criteria by which client shoul select a gateway indicated by TQ (`1`, `2`, `3` or `XX`) | `optional` | `integer` | `20` |
+|  `log_level` | Standard warning/error messages are sent to the kernel log (`0-255` 8 bit Bitmask) | `optional` | `integer` | `0` |
+|  `orig_interval` | Interval (in milliseconds) in which batman-adv floods the network with its protocol information | `optional` | `integer` | `1000` |
+|  `bridge_loop_avoidance` | Enable avoidance of broadcast loops (for bridged LAN setups) | `required` | `boolean` | `1` |
+|  `distributed_arp_table` | Enable mesh-wide ARP table cache | `required` | `boolean` | `1` |
+|  `multicast_mode` | Enable group aware multicast forwarding infrastructure, aiming to reduce unnecessary packet transmissions | `required` | `boolean` | `1` |
+|  `multicast_fanout` | Batman-adv detects potential multicast listeners who are interested in traffic to a given multicast destination address (requires `multicast_mode`) | `optional` | `integer` | `16` |
+|  `network_coding` | Enable to combine two packets into a single transmission | `optional` | `boolean` | `0` |
+|  `hop_penalty` | Modify batman_adv's preference for multihop routes vs short routes | `optional` | `integer` | `30` |
+|  `ap_isolation` | Enable standard WiFi APs support AP Isolation to prevent clients communicating with each other | `optional` | `boolean` | `0` |
+|  `isolation_mark` | Firewall mark which allows to classify clients as isolated via firewall rules (defined as a `value/mask`) | `optional` | `string` | `0x00000000/0x00000000` |
+|  | B.A.T.M.A.N. link interface configuration |  |  |  |
+|  `name` | Unique B.A.T.M.A.N. link interface name | `mandatory` | `string` | `batmesh` |
+|  `state` | Interface status (`present` or `absent`) | `required` | `string` | `present` |
+|  `proto` | Interface protocol | `mandatory` | `string` | `batadv_hardif` |
+|  `master` | B.A.T.M.A.N. control interface name | `mandatory` | `string` | `bat0` |
+|  `mtu` | MTU value | `optional` | `integer` | `2304` |
+|  `delegate` | Enable prefix delegation | `optional` | `boolean` | `0` |
+| `batman_wireless_interfaces` | List of [B.A.T.M.A.N. network interfaces](https://openwrt.org/docs/guide-user/network/wifi/mesh/batman#s_encrypted_authenticated_mesh) |  | `list of dictionaries` |  |
+|  `id` | Unique wireless interface ID | `mandatory` | `string` | `mesh0` |
+|  `name` | Unique wireless interface name | `mandatory` | `string` | `mesh0` |
+|  `state` | Interface status (`present` or `absent`) | `required` | `string` | `present` |
+|  `device` | Radio device associated with the interface | `mandatory` | `string` | `radio0` |
+|  `network` | B.A.T.M.A.N. network associated with the interface (match `B.A.T.M.A.N. link interface name`) | `required` | `list` | `batmesh` |
+|  `mode` | Wireless interface operation mode | `required` | `string` | `mesh` |
+|  `disabled` | Disable wireless network | `required` | `boolean` | `0` |
+|  `mesh_id` | ID of the mesh network to join wireless interface to | `optional` | `string` | `example_mesh_id` |
+|  `mesh_fwding` | Switch off 802.11s forwarding/routing cause it's handled by batman-adv at each node | `required` | `boolean` | `0` |
+|  `encryption` | Wireless encryption method | `required` | `string` | `psk2+ccmp` |
+|  `key` | Passphrase for pre-shared key | `required` | `string` | `password` |
+
+## Dependencies
+
+| Name | Description |
+| :--- | :--- |
+| `Ansible Role: openwrt` | [Ansible role by gekmihesg](https://github.com/gekmihesg/ansible-openwrt) for managing OpenWRT and derivatives |
+
+## Example Playbook
+
+```yaml
+- hosts: openwrt
+  roles:
+      - role: flyoverhead.openwrt.batman
+```
+
+## Example Vars
+
+### Server Node
+
+```yaml
+batman_enabled: true
+ath10k_ct_fix: true
+batman_network_interfaces:
+  - id: "bat0"
+    state: "present"
+    proto: "batadv"
+    routing_algo: "BATMAN_IV"
+    gw_mode: "server"
+    gw_bandwidth: "100mbit/20mbit"
+  - id: "batmesh0"
+    state: "present"
+    proto: "batadv_hardif"
+    master: "bat0"
+    mtu: "2304"
+batman_wireless_interfaces:
+  - id: "mesh0"
+    name: "mesh0"
+    state: "present"
+    device: "radio0"
+    network: ["batmesh0"]
+    mode: "mesh"
+    mesh_id: "openwrt_mesh"
+    mesh_fwding: "0"
+    encryption: "psk2+ccmp"
+    key: "passphrase"
+```
+
+### Client Node
+
+```yaml
+batman_enabled: true
+ath10k_ct_fix: true
+batman_network_interfaces:
+  - id: "bat0"
+    state: "present"
+    proto: "batadv"
+    routing_algo: "BATMAN_IV"
+    gw_mode: "client"
+    gw_sel_class: "20"
+  - id: "batmesh0"
+    state: "present"
+    proto: "batadv_hardif"
+    master: "bat0"
+    mtu: "2304"
+batman_wireless_interfaces:
+  - id: "mesh0"
+    name: "mesh0"
+    state: "present"
+    device: "radio0"
+    network: ["batmesh0"]
+    mode: "mesh"
+    mesh_id: "openwrt_mesh"
+    mesh_fwding: "0"
+    encryption: "psk2+ccmp"
+    key: "passphrase"
+```
+
+## License
+
+[GNU General Public License v3.0](https://www.gnu.org/licenses/gpl-3.0.txt)
+
+## Author Information
+
+fly0v3rH34D
+
+## References
+
+- https://openwrt.org/docs/guide-user/network/wifi/mesh/batman
+- https://downloads.open-mesh.org/batman/manpages/batctl.8.html

roles/batman/defaults/main.yml

@@ -0,0 +1,64 @@
+---
+# Deafult B.A.T.M.A.N. status
+batman_enabled: false
+
+# Enable ath10k-ct drivers fix
+# https://openwrt.org/docs/guide-user/network/wifi/mesh/80211s#wireless_hardware_support
+ath10k_ct_fix: false
+
+# Non-mesh wpad packages
+non_mesh_pkgs:
+  [
+    "wpad-mini",
+    "wpad-basic",
+    "wpad-basic-wolfssl",
+    "wpad-basic-openssl",
+    "wpad-basic-mbedtls",
+  ]
+
+# B.A.T.M.A.N. packages
+batman_pkgs: ["wpad-mesh-wolfssl", "kmod-batman-adv", "batctl-default"]
+
+# B.A.T.M.A.N. network interfaces
+batman_network_interfaces:
+  - id: ""
+    state: ""
+    proto: ""
+    aggregated_ogms: ""
+    routing_algo: ""
+    bonding: ""
+    fragmentation: ""
+    gw_mode: ""
+    gw_bandwidth: ""
+    gw_sel_class: ""
+    log_level: ""
+    orig_interval: ""
+    bridge_loop_avoidance: ""
+    distributed_arp_table: ""
+    multicast_mode: ""
+    multicast_fanout: ""
+    network_coding: ""
+    hop_penalty: ""
+    ap_isolation: ""
+    isolation_mark: ""
+    delegate: ""
+  - id: ""
+    state: ""
+    proto: ""
+    master: ""
+    mtu: ""
+    delegate: ""
+
+# B.A.T.M.A.N. wireless interfaces
+batman_wireless_interfaces:
+  - id: ""
+    name: ""
+    state: ""
+    device: ""
+    network: []
+    mode: ""
+    disabled: ""
+    mesh_id: ""
+    mesh_fwding: ""
+    encryption: ""
+    key: ""

roles/batman/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+# Reload wireless service
+- name: Reload wireless
+  ansible.builtin.command:
+    cmd: "/sbin/wifi {{ item }}"
+  register: reload_wifi_status
+  changed_when: reload_wifi_status != 0
+  loop: ["config", "reload"]

roles/batman/meta/main.yml

@@ -0,0 +1,12 @@
+---
+galaxy_info:
+  author: flyoverhead
+  description: Configure B.A.T.M.A.N.
+  license: GPL-3.0
+  min_ansible_version: "2.13"
+  platforms:
+    - name: OpenWrt
+      versions: ["22.03"]
+  galaxy_tags: ["openwrt", "batman"]
+dependencies:
+  - role: gekmihesg.openwrt

roles/batman/tasks/ath10k.yml

@@ -0,0 +1,64 @@
+---
+# Don't replace current driver until it's not a *-ct one
+- name: Set default extroot status fact to false
+  ansible.builtin.set_fact:
+    replace_ath10k_ct_driver: false
+
+# Check current driver release
+- name: Check current ath10k firmware release
+  ansible.builtin.command:
+    cmd: "opkg list-installed | grep ath10k-firmware | awk '{print $1}'"
+    uses_shell: true
+  register: ath10k_firmware_current_release
+  changed_when: ath10k_firmware_current_release.rc != 0
+
+# Enable reinstall if installed driver contain *-ct postfix
+- name: Enable replacement of current driver
+  ansible.builtin.set_fact:
+    replace_ath10k_ct_driver: true
+  when: "'-ct' in ath10k_firmware_current_release.stdout"
+
+# Replace current driver with new one
+- name: Replace ath10k-ct firmware and module
+  when: replace_ath10k_ct_driver
+  block:
+    # Get current ath10k module package name
+    - name: Check current ath10k module release
+      ansible.builtin.command:
+        cmd: "opkg list-installed | grep kmod-ath10k | awk '{print $1}'"
+        uses_shell: true
+      register: ath10k_kmod_current_release
+
+    # Set current ath10k module package name fact
+    - name: Set current ath10k module release fact
+      ansible.builtin.set_fact:
+        ath10k_kmod_pkg_name: "{{ ath10k_kmod_current_release.stdout }}"
+
+    # Set current driver release name fact
+    - name: Set current driver release name fact
+      ansible.builtin.set_fact:
+        ath10k_driver_pkg_name: "{{ ath10k_firmware_current_release.stdout }}"
+
+    # Remove current driver
+    - name: Remove current driver
+      opkg:
+        name: "{{ item }}"
+        state: "absent"
+      loop: ["{{ ath10k_kmod_pkg_name }}", "{{ ath10k_driver_pkg_name }}"]
+
+    # Update opkg cache
+    - name: Update opkg cache
+      ansible.builtin.command:
+        cmd: "opkg update"
+      changed_when: false
+
+    # Install new driver
+    - name: Install new driver
+      opkg:
+        name: "{{ item }}"
+        state: "present"
+      loop:
+        [
+          "{{ ath10k_kmod_pkg_name | regex_replace('-?ct', '') }}",
+          "{{ ath10k_driver_pkg_name | regex_replace('-?ct', '') }}",
+        ]

roles/batman/tasks/interface.yml

@@ -0,0 +1,56 @@
+---
+# Set state status for B.A.T.M.A.N. interface
+- name: Set state status for batman interface {{ item.id }}
+  ansible.builtin.set_fact:
+    batman_interface_state: "{{ item.state | default('present') }}"
+
+# Delete B.A.T.M.A.N. interface
+- name: Delete batman interface {{ item.id }}
+  when: "'absent' in batman_interface_state"
+  uci:
+    command: "absent"
+    config: "network"
+    section: "{{ item.id }}"
+    type: "interface"
+
+# Create and configure B.A.T.M.A.N. interface
+- name: Create and configure batman interface
+  when: "'present' in batman_interface_state"
+  block:
+    # Create B.A.T.M.A.N. interface
+    - name: Create batman interface {{ item.id }}
+      uci:
+        command: "add"
+        config: "network"
+        section: "{{ item.id }}"
+        type: "interface"
+
+    # Configure B.A.T.M.A.N. interface
+    - name: Configure batman interface {{ item.id }}
+      uci:
+        command: "set"
+        config: "network"
+        section: "{{ item.id }}"
+        type: "interface"
+        value:
+          proto: "{{ item.proto | default(omit) }}"
+          aggregated_ogms: "{{ item.aggregated_ogms | default(omit) }}"
+          routing_algo: "{{ item.routing_algo | default(omit) }}"
+          bonding: "{{ item.bonding | default(omit) }}"
+          fragmentation: "{{ item.fragmentation | default(omit) }}"
+          gw_mode: "{{ item.gw_mode | default(omit) }}"
+          gw_bandwidth: "{{ item.gw_bandwidth | default(omit) }}"
+          gw_sel_class: "{{ item.gw_sel_class | default(omit) }}"
+          log_level: "{{ item.log_level | default(omit) }}"
+          orig_interval: "{{ item.orig_interval | default(omit) }}"
+          bridge_loop_avoidance: "{{ item.bridge_loop_avoidance | default(omit) }}"
+          distributed_arp_table: "{{ item.distributed_arp_table | default(omit) }}"
+          multicast_mode: "{{ item.multicast_mode | default(omit) }}"
+          multicast_fanout: "{{ item.multicast_fanout | default(omit) }}"
+          network_coding: "{{ item.network_coding | default(omit) }}"
+          hop_penalty: "{{ item.hop_penalty | default(omit) }}"
+          ap_isolation: "{{ item.ap_isolation | default(omit) }}"
+          isolation_mark: "{{ item.isolation_mark | default(omit) }}"
+          master: "{{ item.master | default(omit) }}"
+          mtu: "{{ item.mtu | default(omit) }}"
+          delegate: "{{ item.delegate | default(omit) }}"

roles/batman/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+# Fix ath10k drivers
+# https://openwrt.org/docs/guide-user/network/wifi/mesh/80211s#wireless_hardware_support
+- name: Fix ath10k drivers
+  ansible.builtin.include_tasks: ath10k.yml
+  when: batman_enabled and ath10k_ct_fix
+
+# Install required packages
+- name: Install required packages
+  ansible.builtin.include_tasks: prepare.yml
+  when: batman_enabled
+
+# Create B.A.T.M.A.N. wireless interfaces
+- name: Create batman wireless interfaces
+  ansible.builtin.include_role:
+    name: "wireless"
+  vars:
+    wireless_interfaces: "{{ batman_wireless_interfaces | default([]) }}"
+  when: batman_enabled
+
+# Configure B.A.T.M.A.N. network interfaces
+- name: Configure batman network interfaces
+  ansible.builtin.include_tasks: interface.yml
+  loop: "{{ batman_network_interfaces | default([]) }}"
+  when: batman_enabled
+
+# Apply changes and reload wireless service
+- name: Apply changes and reload wireless
+  when: batman_enabled
+  uci:
+    command: commit
+  notify: Reload wireless

roles/batman/tasks/prepare.yml

@@ -0,0 +1,48 @@
+---
+# Remove non-mesh wpad packages
+- name: Remove non-mesh wpad packages
+  opkg:
+    name: "{{ item }}"
+    state: "absent"
+  loop: "{{ non_mesh_pkgs }}"
+
+# Update opkg cache
+- name: Update opkg cache
+  ansible.builtin.command:
+    cmd: "opkg update"
+  changed_when: false
+
+# Install batman packages
+- name: Install batman packages
+  opkg:
+    name: "{{ item }}"
+    state: "present"
+  loop: "{{ batman_pkgs }}"
+
+# Check B.A.T.M.A.N. LuCI package status
+- name: Check batman luci package status
+  ansible.builtin.command:
+    cmd: "opkg list-installed | grep luci-proto-batman-adv | awk '{print $1}'"
+    uses_shell: true
+  register: batman_luci_package_status
+  changed_when: batman_luci_package_status.rc != 0
+
+# Install B.A.T.M.A.N. LuCI package
+- name: Install batman luci package
+  when: >
+    batman_luci_package_status.stdout is undefined or
+    batman_luci_package_status.stdout | length == 0
+  block:
+    # Copy local package file
+    - name: Copy luci-proto-batman-adv package file
+      ansible.builtin.copy:
+        src: "luci-proto-batman-adv.ipk"
+        dest: "/tmp/luci-proto-batman-adv.ipk"
+        owner: "root"
+        group: "root"
+        mode: "0755"
+
+    # Install B.A.T.M.A.N. LuCI package
+    - name: Install luci-proto-batman-adv package file
+      ansible.builtin.command:
+        cmd: "opkg install /tmp/luci-proto-batman-adv.ipk"