Conversation
|
I added another small change during the install to replace some daemons that aren't used for rayhunter. They phone home to verizon, and by replacing them with just shell scripts that sleep that's avoided. Plus it gets us more memory. |
|
|
||
| let rayhunter_daemon_init = RAYHUNTER_DAEMON_INIT.replace( | ||
| "#RAYHUNTER-PRESTART", | ||
| "pkill -f start_qt_daemon 2>/dev/null || true; sleep 1; pkill -f qt_daemon 2>/dev/null || true\n printf '#!/bin/sh\\nwhile true; do sleep 3600; done\\n' > /tmp/daemon-stub\n chmod 755 /tmp/daemon-stub\n mount --bind /tmp/daemon-stub /usr/bin/dmclient 2>/dev/null || true\n mount --bind /tmp/daemon-stub /usr/bin/upgrade 2>/dev/null || true\n kill -9 $(pidof dmclient) 2>/dev/null || true\n kill -9 $(pidof upgrade) 2>/dev/null || true\n sh /data/rayhunter/scripts/wifi-client.sh start 2>/dev/null &", |
There was a problem hiding this comment.
what if we did this from within the daemon? i.e. daemon sees it's configured with a wifi ssid, then runs all of this. then we're in a better position to switch wifi modes without using the installer, which is a feature you exposed (i.e. user first enables client mode, then uses rayhunter web UI to disable it -- this code still runs)
I also think that currently this will just destroy things if the user does not want to switch to client mode at all, or am I reading this wrong?
There was a problem hiding this comment.
also for my understanding, you're using mount --bind here so that a reboot reverts these changes, is that right?
There was a problem hiding this comment.
That's a good point, this was initially a proof of concept and when it worked I should have rewritten it in the daemon. I'm doing that now.
To answer your second question, yes I'm using mount --bind so that we don't end up in a scenario where there's any lasting changes from Rayhunter that prevent the device from being used for its intended purpose. Plus it's dangerous to rewrite compressed read only iirc.
| # Block stock Orbic daemons from phoning home (dmclient, upgrade, etc.) | ||
| # Allow only: replies to incoming connections, DHCP renewal, DNS, and HTTPS | ||
| # (needed for ntfy notifications). | ||
| iptables -A OUTPUT -o "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT |
There was a problem hiding this comment.
This, I think, is valid regardless of which WiFi mode we're in, and we should consider it a separate feature entirely.
I am not yet sure that OTA updates is something we should try to prevent though. If the OTA update arrives before rayhunter is installed (e.g. you buy a used device) you have the same problem, and eventually it will come out of the factory like that, so we will have to deal with firmware updates eventually.
There was a problem hiding this comment.
I'll add it as a separate piece and configurable on the GUI. I wouldn't want to deliver this without that option though since it basically could result in an OTA going out to anyone on wifi which potentially could nuke rayhunter or patch things.
| if tokio::fs::metadata(creds_path).await.is_ok() | ||
| && let Err(e) = tokio::fs::remove_file(creds_path).await | ||
| { | ||
| warn!("failed to remove wifi credentials: {e}"); |
There was a problem hiding this comment.
related to the other comment, but if you remove the wifi creds, it seems you want to revert to wifi AP mode?
|
Now that I have the moxee I'm checking if it can support this too. |
2 participants
This has been tested on the Orbic. I have a Moxxe but I haven't tested it on that yet. One concern is that the wpa_supplicant is 1MB at present, which isn't good for the moxxe until we move it's logging to /cache. We may want to limit this to only Orbic until other devices are confirmed to work with this.
Posting this so folks can start to take a look at it and give me feedback. I've got a small shell script also that I threw together to tell me about the capabilities of other devices which I don't own. Reach out to me on mattermost if you have a device other than the Orbic or Moxxe and I'll send that to you. Then we can get a better idea of which devices can support client mode.
Pull Request Checklist
cargo fmt.