TODO.txt

think about:
root@EG-labor-AP:/ _netfilter_traffic_control_stop
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory


TODO-next:
# - store dmesg for later checks?: cp /tmp/dmesg.log "/www/dmesg.log.$( _system date humanreadable )"
# - db_restore() soll auch serverkopie benutzen (und aus cron.evaluate_syslogd rausnehmen)
# - make incoming_framecounter base on 'iw dev $wifidev station dump'
# - repair nodes with broken webserverconfig
# - webcam: [ $( logread | grep "uvcvideo: Failed to set UVC probe control" | wc -l ) -gt 5 ] && reboot
# - webcam: make resolution uci-configurable + fix 450 pixels -> modulo 16 -> 448 px
# - solution for special macs / no shaping: liszt28: nasf36: 02:50:43:ab:1c:91
# - px5g nur nachinstallieren, wenn erst/einmalig benoetigt
# - fix watch_random_node_id() during apply_profile
# - generalize live-traffic shower per mac on commandline
# - rrd for inet-gw/wan
# - inactive for >x mins? -> throttling/shape to original values
# - override_uci: 10m leasetime wlan when ipsystem = normal
# - why does stats/yesterday not work?
# - check autostart of webserver, otherwise we always spam the log after each reboot
# - switch() give points per connection-speed so we can better log
# - netfilter: special mode for NETFILTER_AUTOADD + testing
# - log all reboots not @4.00 during successful ntp_set
#   - crashlog or unknown reason?
# - ntp_set via neighbour
# - uci -g get ueberall
# - monitoring: cat $WIFI_RESTARTS.wlan0 2>/dev/null
# - olsr-init: IFS immer retten
# - finetune max_length in monitoring
# - why S01/overrid_uci_vars is not called
# - is S00/generate_kalua_loader really working?
# - integrate new rules for ejbw / lan-dhcp
# - testing if new function client_list() build correct: fix /30 WAN
# - activate patch for rcS-watcher
# - no inet_offer and ! ping_to_nexthop (but not myself) -> reboot
# - cron-replace: while true; do sleep 60; command . /tmp/CRON_IS_CAREFUL; touch /tmp/CRON_IS_CAREFUL; done &
#   - http://intercity-vpn.de/files/openwrt/dmesg_r35300_error_mac80211_ath9k.no_cron_action_anymore.txt
#   - http://intercity-vpn.de/files/openwrt/dmesg_r35300_error_mac80211_ath9k.no_cron_action_anymore-ps.txt
#   - or use dhcpscript to check if cron is running (is correct uptime in file x)?
# - autolearn olsr-neighhash? (K80!)
# - debug 0 byte mailfile r99/l28
# - image smaller, so that image-on-flash works
# - compile/test atheros image with -O0
# - generischer modulloader fuer lowmem-geraete
#   - xt_TCPMSS|xt_REDIRECT|xt_NETMAP|aead|crypto_blkcipher
# - apply zramscript: logger --> _log calls + loglevel same as firmware
# - dont influence oom-score for watchdog (S70prepare)
# - convert _switch() for all known hw-types
# - everybody gets "hybrid", if there is no neigh with ap-mode
#   - if b43 and ap -> mesh
# - build/apply_profile: set IP for hybrid-network
# - mail: http://vger.kernel.org/vger-lists.html#netdev : complain about: ip route list exact 0.0.0.0/0 || action
# - loader: check if multiple args in loader can be $@ instead of $1 $2 $3 ...
# - loader: if a zero-byte class is found, use logger in loader and dont fail (e.g. db() for weimarnetz)
# - if ntp_set was successful, update: head -n1 /www/NETFILTER_AUTOADD (or use a dedicated mechanism)
# - build: auto-activate SWAP in kernel for atheros
# - helper-script: vds: last traffic of $IP or $NODE or $HASH (tar -tvkf "$file.lzma" --force-local)


# idea:
# /www/startsysupgrade: ap-mode? reboot:
# special module loader + leave wifi off + netfilter off + olsr-slave

# idea:
# during scheduler -U, replace crontab with '/usr/bin/scheduler -U'

# 16mb-routers:
# S72 / no monitoring

# 16mb-routers:
# olsr-hna-slave? no NAT modules needed?

# repair all calls to set without "--"
# git grep "set "|grep -v -- "--"|grep -v reset|grep -v "uci set"|grep -v "nvram set"

# R30:
# - laptop eintragen?
# - olsr-error during check_inet?


# build:
# all patches/applymyprofile via git

# weimarnetz-server:
# for M in floppy usbcore usb_common ehci_hcd uhci_hcd cdrom hid usbhid i2c_core i2c_piix4 joydev soundcore snd psmouse snd_timer snd_page_alloc snd_pcm; do echo "blacklist $M" >>/etc/modprobe.d/my-blacklist.conf; done
#


# umount /space; mount -t tmpfs -o size=6G,mode=0777 tmpfs /space
#
# build in /dev/shm, symlink these
# ./bin (2mb) ./build_dir (3.5gb) ./staging_dir (250mb) ./tmp (15mb)
#
# symlink this globally: (~250 mb content)
# mkdir -p /tmp/openwrt-downloads
# chmod -R 777 /tmp/openwrt-downloads
# ln -s /tmp/openwrt-downloads dl 


# http://www.useragentstring.com/pages/Browserlist/
# http://www.useragentstring.com/?uas=Opera/9.70%20(Linux%20i686%20;%20U;%20en-us)%20Presto/2.2.0


# patch: all ifconfig/route/arp/netstat calls can be wether with this or with 'ip' and build without these but with full 'ip'
# measure size change

# patch_kmodules: mode = remove_file()

# vivaldi:
for I in $( seq 34 46 ); do {
iptables -t nat -I PREROUTING -i $WANDEV -p tcp --dport 100${I} -j DNAT --to-destination 192.168.1.${I}:80
} done

iptables -t mangle -I PREROUTING -d 192.168.1.0/24 -j ACCEPT
iptables -t nat -I POSTROUTING ! -s 192.168.1.0/24 -d 192.168.1.0/24 -j SNAT --to-source 192.168.1.33
#iptables -t nat -I POSTROUTING ! -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE


# rehungen/userdb:
iptables -t nat -I PREROUTING -p tcp --dport 10080 -j DNAT --to-destination 10.10.8.33:80
iptables -t nat -I PREROUTING -p tcp --dport 10443 -j DNAT --to-destination 10.10.8.33:443
iptables -t nat -I POSTROUTING ! -s 10.0.0.0/8 -d 10.10.8.33 -j MASQUERADE
#
iptables -t nat -D PREROUTING 1
iptables -t nat -D PREROUTING 1
iptables -t nat -D POSTROUTING 1


# olsrd:
# dont start anymore if a stable olsr-master for myself (slave) is already found an safed, just refresh rules

# useful /etc/.vimrc:
set cul
hi CursorLine cterm=none ctermbg=darkgray ctermfg=white
syntax on
set syn=sh


# patch openwrt:
# git clone git://nbd.name/openwrt.git
# <make some changes>
# git commit		(respect http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
#	subject e.g. '[packages] olsrd: use system-logger instead of dumping to stdout'
#	subject e.g. '[base-files] failsafe-mode: print short help on commandline'
# git format-patch -1 -s  ('s' means: add signed-off ...)
# scp 000* root@intercity-vpn.de:/var/www/files/openwrt/patches
# mutt -H "$file"	(http://blog.ndrix.com/2007/05/mutt-and-git-format-patch.html)


# patch b43:
# git clone git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git
# <make some changes>
# git add .
# git commit -m "bla"
# git show >/tmp/my.patch
# sed -n '/^---/,$p' /tmp/my.patch >/tmp/841-b43-raise_dma_rx_ringbuffer_to_128.patch


# ideensammlung 'init' -> procd
# - source a shellscript every 60 sec
# - refresh watchdog every x sec
# - syslogd
# - klogd
# - hotplug2
#
# http://www.landley.net/hg/toybox/file/aad12ce05aae/toys/other/oneit.c
# http://spblinux.de/2.0/doc/init.html
# http://busybox.net/~vda/init_vs_runsv.html
# http://www.centos.org/docs/5/html/5.1/Installation_Guide/s2-boot-init-shutdown-init.html
# http://smarden.org/runit/


# monitoring: better show +123 more dmesg lines after boot

# liste aller freigeschalteten macs direkt in dhcp-script aufnehmen
# beim ersten cron.check_inet vom server holen:
# grep "C='..:..:..:..:..:..'" /tmp/DB/USER/login/rows | cut -d';' -f4 | cut -d"'" -f2


# userdb-gui:
# vorrat/ticketsart und in db_ticketcheck beruecksichtigen
# boltenhagendh: mehr 3-tagestickets


# userdb-gui:
# berichte: tages/wochen/monats + email angeben

# userdb-gui:
# berichte: taeglich: top 10 user?

# olsr_hna_slave:
# verbieten wenn master nicht _ipsystem wie ich hat (ejbw, wanolsr)

# why this?
# /etc/init.d/S69watch_olsrd_fff+ [daemon.alert] watch_dhcp_space() clients: lan: 0/150 wifi: 1/0

# make sure to use the password hash in /tmp/vds_user_$mac, even when we
# are freed by "already known on other station"


# reanimate cron via DHCP:
# udhcpc --syslog --interface $LANDEV --retries 10 --release --foreground --quit


# bugreport:
# - show normal olsr-neighs-table without error


# rehungen:
# - ask user-data every 3 month,
# - reset passwords 


# myinfo.sh:
# - start test via button and show download-speed in numbers


# rehungen: dns:
# - erzwingen von DNS = 10.10.8.33 ausser auf: sollstedt etc.
# - erlaubenvon wan-dns in Kindergarten
# - remove alias 10.1.0.8 auf kindergarten

# firmware-simpler schneller/sicherer:
  - ZENTRALER NODE = ZN
  - kein update/warten, wenn gerade AP-clients connected
  - ZN gibt firmware-datei raus? nein, muss proxy-cache erledigen
  - vor update: abmelden an ZN nach apply_profile + reboot = anmelden an ZN
  - erst dann freigabe fuer naechsten
  - alles ist gelockt mit angabe in sekunden, wann ca. erneute anfragen gestellt werden darf

# wartungmodus:
  - erstmal manuell per shell-wizard + script auf router
  - alle clients rauswerden
  - startseite = wartungsmodus
  - dnsmasq beantwortet alles mit $WIFIADR


# force minimal olsrd-setup for 16mb routers (only plugin txtinfo)

# apply_profile: use '/cgi-bin/:root:$p$root' if possible for uhttpd

# log/sms: sms.@sms[0].username / sms.@sms[0].password

# patch sysupgrade for also using /dev/console

# when in dmesg: 'failed to initialize PHY', no unloading of wireless stuff before sysupgrade

# kill ubusd, procd before sysupgrade?

# hack: activate shaping only for users which have over >mb

# if we know how long a task will last, feed a "box" with minute-signs, and cron-overload-detector will eat them up over time

# traffic ueber tunnel: config-option, wenn auch ueber lan

# split scheduler jobs into sourceable files, e.g. "w" and "O"

# rootserver: tun/tap per hna4 ankuendigen - pauschal fuer jeden

# remove dead-netfilter users midnight

# always remove dhcpscript for lowmem-devices, except if explicit configured

# deny tool if action?: while :;do ps | fgrep CRON_IS_CAREFUL | fgrep -v grep ; sleep 1; done

# wget: maybe do normal wget, but mark for cron_watcher?

# userdb-copy via wget()

# pdf-versand: seitennummern

# sms bei ticketversand nur 1mal, nicht pro seite


# beim 15min-summary abliefern neue tickets als used markieren/abziehen

# beim 15min-summary abliefern erlaubte mac's/Logins mitliefern


# wenn olsr-nachbarn nud=permanent sind, arp-plugin ausschalten
# sonst haut das plugin immer wieder rein in _net arp_permanent()

# packages automatisch mit passendem datum auschecken wie openwrt-git

# _olsr_uptime() work with uptime instead of date - check other function too

# system_date() to class date()

# check kmodules-hack for working pppoe

# 
# ssh bastian@gcc20.fsffrance.org

# userdb-GUI: force global fuzzy

# [ERR] are wired neighbours LQ/NLQ nearly synchronous? no! REMOTE/LQ/NLQ = '10.10.31.33'/'1000'/'0'
# uci changes | fgrep 10.10.31.0	// ignore hna-slaves

# monitoring: remove 0 byte or small db-backup


# 1) harte route setzen
# 2) while :; do ssh $IP; sleep 10; done
# 3) echo 4194304 >/sys/block/zram0/disksize; mkswap /dev/zram0; swapon /dev/zram0
# 4) comment 'killall dropbear' in /etc/init.d/S70prepare_fff+
# 5) uncomment usb-stuff in /etc/kalua/netfilter
# 6) rm /www/GOOD_MODULE_UNLOAD
# 7) reboot && exit

echo 4194304 >/sys/block/zram0/disksize; mkswap /dev/zram0; swapon /dev/zram0; sed -i 's/dropbear/dropBear/' /etc/init.d/S70prepare_fff+
sed -i 's|/etc/kalua_init|/etc/kalua_init;echo 4194304 >/sys/block/zram0/disksize;mkswap /dev/zram0;swapon /dev/zram0|' /etc/init.d/generate_kalua_loader 
sed -i 's/sleep 30/break;sleep 30/' /etc/init.d/apply_profile; sed -i 's/crond/crondBLA/' /etc/init.d/apply_profile
rm /etc/modules.d/19-usb-brcm47xx /etc/modules.d/50-usb-ohci /etc/modules.d/20-usb-core
sed -i 's/_wifi vendor_and_model_usb/# _wifi vendor_and_model_usb/' /etc/kalua/wifi; rm /www/GOOD_MODULE_UNLOAD; reboot && exit


# monitoring: dmesg:
# SQUASHFS error: Unable to read page, block c52d2, size ebb8
# SQUASHFS error: Unable to read fragment cache entry [c52d2]

# watch_random_node_id() really enforce apply_profile, if nodenumber clashes/registrator complains 

# echo 4194304 >/sys/block/zram0/disksize; mkswap /dev/zram0; swapon /dev/zram0

# package: ffweimar-mapstraction-karte

# rehungen: dont allow weblogin <r33726 (after updating hybrid-router)


# find a way to auto-config:
# hybrid
# dualradio: ap/ap
# dualradio: hybrid/ap
# dualradio: ap/adhoc

# liszt28: etx_ffeth + 02:ca:ff:ee:00:11 + kanal 11

# apply_profile: always do bssid_wellformed() even in 11g mode and preset to "02:ca:ff:ee:ba:be"

# sms bei ticketversand konfigurierbar machen

# monitoring: change order if ssid's in hybrid mode (first "Hotello", then 'bb')

# fusionpbx
# ^03643?(\d{5-8})$
# the ^03643 means that the number can start with 03643 but its optional

# rehungen 10.1.0.8 auf richtfunk ändern zu 10.10.254.33
# auf 8/kindergarten: + hna4 10.1.0.8/32

# apply_profile: boltenhagendh: festscheune: free-login

# apply_profie: config: dhcp: list notinterface = wan ::: nur wenn auch einspeiser, netzintern egal (rehungen8)


# on both servers:

# MYDIR="y"; ARCH="brcm47xx"; R=34054; FILE="openwrt-brcm47xx-squashfs.trx"; HARDWARE="Buffalo WHR-HP-G54"; K=3.3.8
# MYDIR="z"; ARCH="ar71xx";   R=34054; FILE="openwrt-ar71xx-generic-wzr-hp-ag300h-squashfs-sysupgrade.bin"; HARDWARE="Buffalo WZR-HP-AG300H"; K=3.3.8
# MYDIR="x"; ARCH="ar71xx";   R=34054; FILE="openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin"; HARDWARE="HARDWARE.TP-LINK TL-WR1043ND"; K=3.3.8

# on build-server:
$DO r$R "$HARDWARE" standard kernel.addzram dataretention trafficshaping kcmdlinetweak

# on file-server:
# scp bastian@46.252.25.48:$MYDIR/release/openwrt/bin/$ARCH/$FILE "${HARDWARE}-exp-r${R}-${K}.sysupgrade.bin"
# cp "${HARDWARE}-exp-r${R}-${K}.sysupgrade.bin" "${HARDWARE}.sysupgrade.bin"; md5sum "${HARDWARE}.sysupgrade.bin"




# db_cleanup()
# = remove old entries from stats >1 month
# = dont hash login-entries older than X month untouched

# while :; do netstat -an 2>/dev/null | grep $LANADR:80 | grep ESTABLISHED | while read LINE; do set -- $LINE; echo -n "$( echo $5 | cut -d':' -f2 ) "; done | sort -n; test -z "$LINE" && echo "#"; sleep 5; done


# erste inbetriebnahme: _db_backup() schlaegt fehl. checken
# touch ... noetig


# forbid udp-source-ip-spoofing: sudo hping3 10.63.99.33 --udp --spoof 192.168.1.150


# package: ekuku-longshot: ath5k -b43 +mii-tool
# package: rrdtool


# rrd:
# each router
# each user
# each login


# high load + multiple dropbear-pids: shutdown dropbear
#
# needs iptables-mod-conntrack-extra: _net local_inet_offer && {
# iptables -I INPUT -i $WANDEV -p tcp -m tcp --dport 22 -m state --state NEW -m recent \
#  --set --name DEFAULT --rsource
# iptables -I INPUT -i $WANDEV -p tcp -m tcp --dport 22 -m state --state NEW -m recent \
#  --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP
# http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html
# }


# FILE_IN=youtube.flv
# FILE_OUT=vtech_kidizoom.avi	// 102_0366.avi
# ffmpeg -i "$FILE_IN" -r 25 -ab 16k -ar 22050 -vcodec mjpeg -b 64k -acodec pcm_s16le -ac 1 -s 320x240 -sameq "$FILE_OUT"


# complex feedback during server_ask weblogin() -> speed, traffic, yes/no, special message etc.


# for i in $(seq 0 255); do hex="$( printf "%X\n" $i )"; echo "$i: $hex: $( eval "echo \$'\x$hex'" )"; sleep 1; done


# bytes bei user_del speichern und bei user_add apply?


# wenn ramdisk voll, dann logrotate checken: manchmal ist /www/everlasting_syslog weg

# speedwerte in file schreiben
#
# change per user traffshaping implementieren: percent from original OR percentual change (down to 75% OR -5%)
#
# change per profile alle 15mins (?) neu applien (kurven vor ermitteln)


# best practise for making an hybrid-router (adhoc+ap):
# in /etc/config/network add (beside to normal wlan-network)
#
# config 'interface' 'wlanadhoc'
# 	option 'ifname' 'wlan0-1'
# 	option 'proto'  'static'
#	option 'ipaddr'  'same like in network wlan'
#	option 'netmask' 'same like in network wlan'
#
# in /etc/config/wireless add
#
# config wifi-iface
#	option device   radio0
#	option network  wlanadhoc
#	option mode     adhoc
#	option bssid    '02:ca:ff:ee:ba:be'
#	option ssid     'bb'
#
# config wifi-iface
#	option device   radio0
#	option network  wlan
#	option mode     ap
#	option ssid     'myAP'
#

# implement correct ipsystem() for vivaldi
# and integrate into definitions

# fix profile_counter -> faster check, run every night for every ticket
# dont lock weblogin-via-mac-enabled clients during db_process
# make use of SNI?: http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts 

# Make panic_on_oops configurable / always on
# http://lkml.indiana.edu/hypermail/linux/kernel/1204.1/01389.html

# weblogin:
# support for single-string-login

# _netfilter user_list verbose
# xx:xx:xx:xx:xx:xx $ip $dev $tx $rx $shape_in $shape_out

# option for not kicking users over time, but slow them down to 8kbit/8kbit -> move to another profile?
# if not used for X days, remove from DB

# why index_gen is fully done after creating 32 tickets? -> implement also index_gen for a specific entry

# implement wshaper.htb for each user

# make var: LOCAL_INET_OFFER=lan

# better force of reboot for lowmem-devices each night

# why does olsr_restarts_over_limit() not work in lowmem-AP?

# add: kernel.hung_task_panic=1
# add: softlockup_panic=1

# remove all: _uci is_oldstyle

# kalua_init: allow 0 byte classes and allow all calls to them

# netfilter: mode for redirect of DNS requests to me, must be done global or per user

# fake-hybrid: update:
# F=/etc/config/wireless;I=0;while read L;do case "$L" in *wifi-iface*) I=$(($I+1));;esac;test $I -gt 1 && L="#$L";echo $L;done <$F >/tmp/W;mv /tmp/W $F
# F=/etc/config/wireless;I=0;while read L;do case "\$L" in *wifi-iface*) I=\$((\$I+1));;esac;test \$I -gt 1 && L="#\$L";echo \$L;done <\$F >/tmp/W;mv /tmp/W \$F

# debug uhttpd:
# /usr/sbin/uhttpd -h /www -r HOSTNAME -c /etc/httpd.conf -x /cgi-bin
# -t 60 -T 30 -A 1 -E /cgi-bin-404.sh -I cgi-bin-404.sh 
# -n 1 -p 0.0.0.0:80 -i .sh=/bin/ash -C /etc/uhttpd.crt -K /etc/uhttpd.key -s 0.0.0.0:443


# use "cutycapt" for make screenshots/pdf of webpages
# and for automatic walled_garden-url's -> list_of_ipaddresses

# add to website: https://github.com/blog/273-github-ribbons

# everything before the first :
# ${varname%%:*}
# everything after the first :
# ${varname#*:}
#
# always use 'set -- $var'

rm /www/channel_try
for i in $(seq 1 300); do
	uci set wireless.radio0.channel=$i
	wifi
	sleep 8
	[ -z "$(iwconfig $WIFIDEV | grep "Not-Associated" )" ] && echo $i >>/www/channel_try
done >/dev/null

# netfilter user_add: make an option 'force' for ignoring reachability

# autoapply config_ath9kdebug if possible during standard-conf

# abstraction for ticketcounter "_counterA", use: watch_counter() + set in _db_autocreate_tickets_and_send_mail() and _db_ticketcheck()

# DSL-modem/get values: http://www.webtemp.org/?page=sm50b

# wan-dhcp? -> use dns provided by wan, not 8.8.8.8

# unselect b43legacy
# CONFIG_PACKAGE_kmod-b43legacy is not set

# why do WZR/dual-radio have problems with beeing an olsr-slave?

# check: how does it look, if ip must be reauthenticated during send_mail()?

# kirkwood:
# use flash_eraseall and nandwrite -p from mtd-utils
# I mean flash_eraseall both the kernel and rootfs partition
# nandwrite -p the kernel to the kernel mtd
# mount -t jffs2  the rootfs mtdblock
# and tar -C /mnt -xzf openwrt-kirkwood-rootfs.tar.gz
# all this is best done from within an initramfs image


# after r32739 it should be enough to use "sed -ne ':package; /^Package: / { s/.*: //; h; :line; n;
# s/^Status: .* \(.*\) .*/\1/; /^user$/ { x; p; }; t package; b line }' /usr/lib/opkg/status" to find the list of user
# installed packages

# css-sprites for weblogin?

# check 15mins: tmpfs full?

# ticketcheck: use idX_counterA for fast processing

# b43:
# http://permalink.gmane.org/gmane.linux.drivers.bcm54xx.devel/10680

# automate build / continous integration via
# echo "# CONFIG_foo is not set" >> .config; make defconfig

# lowmem-device: make sure ulogd is not started by default; /etc/init.d/ulogd disable
# option for enforce dns for specific client: iptables -t nat -I PREROUTING -p udp -s 10.63.99.6 --dport 53 -j DNAT --to 10.63.99.1
# special longshot-mode, ping always, log stats (timeouts) -> simply set IP to check
# _watch inetoffer() -> restart masq, if no -> yes

# captive portal with oauth support
# https://github.com/livibetter/bash-oauth/blob/master/OAuth.sh

# http://holstentor.metameute.de/nodes/nodes.html

# show (count?) interesting tasks:
#
# ps | while read LINE; do set $LINE
#	case "$5" in
#		COMMAND|init|watchdog|uniq|sort|sleep|ps)
#		;;
#		"["*)
#		;;
#		*)
#			basename $5
#		;;
#	esac
# done | sort | uniq

# A="$( grep " sda"$ /proc/partitions )"; set $A; echo $3/1024 ->kilobyte

# debug: paste in /etc/functions.sh
# iw(){ logger -s "iw $@"; /usr/sbin/iw $@; };
# ifconfig(){ logger -s "ifconfig $@"; /sbin/ifconfig $@; };

# hook in system_date() for setting time
# check if 'option hidden 1' makes sense for adhoc-mode-only routers

# auf DSLer/Satama: ip: 10.63.119.1
# iptables -t nat -I PREROUTING -i $WANDEV -p tcp --dport 443 -j DNAT --to-destination 10.63.222.1:80
# iptables -t nat -I POSTROUTING -d 10.63.222.1 -j MASQUERADE
# test: http://pubip:443/robots.txt

# auf DSLer/FparkSsee: ip: 10.63.222.1, interner zielrrouter: 192.168.101.112
# iptables -t nat -I PREROUTING -s 10.63.119.33 -p tcp --dport 80 -j DNAT --to-destination 192.168.101.112

# more generic solution for simulated hw-clock

# dell-2300:
# robocfg show (egal ob LAN- oder WAN-kabel steckt)
#
# probing eth1
# phyid: Success
# probing eth0
# phyid: Success
# bcm53xx_probe: Success



build()
* bug: minor: same gitrev-tarball must have the same hash
* bug: minor: leave channel untouched in AP-mode, when rewriting profile
* bug: minor: http://wiki.openwrt.org/doc/howto/vpn.nat.pptp
* feature+: (testing) no stopping cron.minutely due to SSH-action on all inet-offer-nodes
* feature+: use .txz instead of .tgz for tarball
* feature+: include mysshpubkeys.ipk -> /root/.ssh/authorized_keys | known_hosts
* feature+: include mydesign + mysettings
* feature+: build /tmp/loader + kalua_working_dir on demand directly in the image (safes space)
* feature+: rework zram-stuff, simple append '; echo >$size >$kernel' to /etc/modules.d/00-zram
* feature+: apply_profile: better use dhcp-space on wifi
* feature+: ipsystem() cleanup variables-usage, throw away everything which is not used
* feature+: ipsystem() new var: NETDEVPRE=WAN|LAN|WIFI - show if $IP is from lan/wan/wifi
* feature+: autoinstall/deinstall_if_needed of: luci-mod-admin-full + luci-theme-bootstrap + ( libiwinfo-lua )
* hardware: Picostation M2 = dmesg: "MyLoader: sysp=f0f0f0f0, boardp=f0f0f0f0, parts=f1f0f0f0" + "mtd: partition "rootfs_data" created automatically, ofs=3A0000, len=410000"
* hardware: Bullet:        = dmesg: "MyLoader: sysp=f0f0f0f0, boardp=f0f0f0f0, parts=f0f0f0f0" + "mtd: partition "rootfs_data" created automatically, ofs=390000, len=420000"
* specialtweak: elephant/76: dualradio/olsr-hna-slave-error?
* specialtweak: apply_profile: olympia/2: telefonanlage -> OlsrMainIp = $WIFIADR
* specialtweak: apply_profile: hotelloB01/K80: disable olsr-hna-slave
* specialtweak: preskil: timezone "MUT"
* specialtweak: fparkssee: 222: olsrd: hna-offer (it's over lan)
* specialtweak: marinapark: inet:96/10 :announce alias-ip
* specialtweak: galerie: 3_inet: no wan OLSR
* specialtweak: fparkssee: 223: must have 152 for neigh? -> rapid shrink of routing table?
* specialtweak: ejbw/52 -> landhcp on (flurtelefone)

vpn()
* feature+: cleanup andi's approach

netfilter()
* bug: major: use a dummy policy-routing rule on simplemesh to avoid clients
* bug: minor: remove /tmp/user-$HASH* during restart()
* documentation: describe dependencies for each mode
* feature+: move vds-data to user's dir /tmp/NETFILTER/USER/$MAC/dataretention
* feature+: support special dir for vds-data, e.g. softlinked to usbdisk?
* feature+: conntrack_max++ on 32mb+: http://wiki.imagestream.com/wiki/Resolving_%22ip_conntrack:_table_full,_dropping_packet%22_errors
* feature+: check if connection_tracking is really of when '-m state --state' is not used
* feature+: maintenance-mode() on: enforce 5353-dnsmasq + logout all + show special message in weblogin off: back to normal + simulate 8.8.8.8
* feature+: use 'dnsmasq --address=/#/$WIFIADR -p 5353' and redirect splashed dns-queries (test: nslookup gmx.de $SERVER -port=5353)
* feature+: detect 0x1337-port action ("a neighbour reboots")
* feature+: config-option to forbid forwarding for local-net-clients ("no clients"), to have a simple/fast setup on mesh-nodes
* feature+: masquerade "$exception/$cidr"
* feature+: portforwarding start|stop: iptables -t nat -I PREROUTING -p tcp -i $WANDEV --dport 222 -j DNAT --to-destination 10.63.2.34:22
* feature+: user_quota add|del "$mac" "$upload" "$download"
* feature+: user_quota query "$mac" <up|down|all>
* feature+: user_quota diff "$mac" <up|down|all>
* feature+: user_speed add|del "$mac" "$upload" "$download"
* feature+: user_adblock add|del
* feature+: olsr_whitelist (no more double ip's by accident) + monitoring bad packets
* feature+: use "passiv" speedtesting with connbytes: packets/quantum


lowmem()
* feature+: maintain a list if essential kmods/hardware-type, instead of checking each if used
* feature+: dynamically remove wandev, if not needed
* feature+: switch off lan-dhcp on APs
* feature+: switch off dhcp-script in APs
* feature+: use zram-based ramdisk instead of tmpfs (frontswap/cleancache)
* feature+: measure ssh-port-activity, kill daemon if no action for x minutes
* feature+: build config_profile-specific dhcp-script during startup (lowering condition checks/size)
* idea: instead of crond, use: 'while :; do . /tmp/cron.script; sleep 60; done &' -> problem? does it really safe mem?

misc()
* bug: major: fparkssee/222: cron.check_inet_gw / laninet_offer
* bug: major: patch mtd.c for verify + correct error-codes, respect that in sysupgrade
* bug: major: netintern scp with pubkeys is b0rken?
* bug: minor: why hangs '/etc/init.d/rcS' + 'logger' in tasklist
* bug: minor: wget_do() always cleanup fragments in ramdisk /tmp/wget_do_*
* bug: minor: change timing for inet-speedtest to be more accurate
* bug: minor: speedtest without iptables -> use /proc/net/dev -> e.g. $WANDEV
* bug: minor: change server/file for inet-speedtest (roundrobin)
* bug: minor: during speedtest disable any forwarding to be more accurate
* bug: minor: remove all occurences of normal wget: cron.upgrade_packages / cron.evaluate_ulogd / speedtest?
* bug: minor: read dbclient cmdline + check ssh/http-reverse-ssh-tunnel correctly
* feature+: collect radio-stats each minute (ath9k)
* feature+: shell/logger: lookout for a way the handover "interactive" mode, e.g. *.sh calls another *.sh
* feature+: use curl or ssl-enabled wget for HTTPS-based REST for internal communication instead of plain HTTP
* feature+: set a maximum pause/uptime before running a scheduler job/in general, so we have "unknown" reboot
* feature+: firmware_burn() no pause in image-on-flash mode
* feature+: get rid of the cronwatchdog.sh
* feature+: use something like crondog.o, which pitches the kernel watchdog every 20 secs
* feature+: kalua-loader: only regen, if md5sum differs (overall/each class)
* feature+: if inet_offer via WANDEV, check regulary ping to gateway (primacom-problem)
* feature+: overclocking WRT54G? http://www.dd-wrt.com/wiki/index.php/Linksys_WRT54G/GL/GS/GX#Clock_Speed_and_Overclocking
* feature+: overclocking WHR-HP-54g (EU-version)? http://www.dd-wrt.com/phpBB2/viewtopic.php?p=102911&sid=01f76318a484a52a3267e4c2fe61ef41
* feature+: choose random channel on ap on early boot
* feature+: no default route/neterror on AP? change essid -> 'MAINTENANCE MODE (error)' and back to normal, if OK
* feature+: firmware_update_pmu() needs locking
* feature+: make logile-archive-length (monitoring etc.) configureable and limit it on lowmem-devices
* feature+: uci2nvram-wrapper for having a configureable lowflash-squashfs-only-device
* feature+: after setting time with ntp, safe /tmp/uptime2unixtime - so we have an offset for easy calculating
* cleanup: use generic locking-mechanism and use /tmp/lock
* cleanup: remove all calls to nvram-stuff
* cleanup: remove all calls to _uci is_oldstyle()

documentation()
* feature+: add screenshots of userdb-gui
* feature+: add screenshots of several splash-pages/captive-portals/weblogins
* feature+: add script for generate functions-call-graph with arguments

upgrade_packages()
* feature+: success? broadcast to all neighbours: "do it now"
* cleanup: use wget() for fetching or maybe activate busybox-option 'wget -T xxx'
* cleanup: use full opkg features for upgrade: if package-source-list is in ramdisk, temporarily hide full repo but leave ours alive and use 'opkg update', 'opkg install mydesign' (upgrade?)

switch()
* bug: minor: be correct when translating vlans, e.g. if somebody has changed the position of wan-port
* feature+: check every minute, if state of wan-port has changed: do ifup/ifdown accordingly
* feature+: detect permanent status-change of one or more ports
* feature+: detect time of port-status-change and include in monitoring

pdf()
* feature+: ongoing site-numbers for overview
* feature+: ongoing ticketnumber for labels

monitoring()
* bug: minor: after each correct transmitted line, move the OK-mark one line further (now, a wrong transmission after line 99/100 will cause an retransmission of all 99 lines)
* feature+: implement heartbeat, which simply refreshes old values ("no change, but alive")
* feature+: add some more speedtest-servers/files and use appropriate, e.g. in mauritus: http://www.gov.mu/portal/goc/educationsite/file/Livelihood%20And%20Trade%20Skills%20Book.pdf
* feature+: show: minstrelRX from my wifi-gateway '_tool remote $gateway minstrel'
* feature+: show: /www/dmesg.$$ + how many lines dmesg has raised during boot
* feature+: show: how many connection time, how many wifi-clients
* feature+: show: dhcp via trafficlight: LAN-max+used|WIFI-max+used|dhcpscript-on/off|dnsserver (color=symbol or ip)|cachesize|queries|cachehits|size:/etc/local.hosts (adblock)
* feature+: show: olsrd on/off
* feature+: show: last weblogin-fetch
* feature+: show: last weblogin-good-login
* feature+: show: last dhcp-offer
* feature+: show: db: profiles/logins/devices/index?
* feature+: different/shorter intervals for different values
* feature+: for specific changes fire a monitoring send immediately
* feature+: show: detect usb-stick plugin/out
* feature+: show: per neigh: HT20/HT40, LGI/SGI, MCS xy/rate
* feature+: show: wifi_signal() non_olsr_clients
* feature+: show: count of different connected clients LAN/WIFI + conn_time
* feature+: show: last wifi_phy_restart() reason (if any)
* feature+: show: count of usertunnels
* feature+: intranet internal aggregation of monitoring data
* feature+: network-map with javascript: http://thejit.org/demos/ -> http://thejit.org/static/v20/Jit/Examples/ForceDirected/example2.js
* feature+: network-map 3d with js: http://mrdoob.github.com/three.js/ -> http://mrdoob.github.com/three.js/examples/canvas_lines.html

monitoring-server()
* bug: password-protect admin-interface
* bug: accept/deny hostname if more than one is given (e.g. changed a correct hostname)
* feature+: allow change of arbitrary values via webif
* feature+: show olsrd-errors in relation to time-unit
* feature+: detect devices with always short uptime
* feature+: use 'logo.gif' from 'design.ipk' of all profiles to build a nice summary

olsr()
* bug: major: check_plausi() costs_getting_worse: doess the double check really work? (comparing correct database?)
* bug: minor: olsr-hna-slave: don't become a slave, if behind is an further olsr-neigh (e.g. at wandev, but default is via lan)
* bug: minor: olsr-hna-slave: master: block olsr-packets from slave before restarting daemon, otherwise we get the hna again
* feature+: deactivate arp-plugin, make arp permanent during check_plausi()
* feature+: olsr-hna-slave: if OK for specific host is often, output NEVER
* feature+: olsr-hna-slave: if answer is NEVER, dont try again this ip
* feature+: olsr-hna-slave: force to ask a specific neigh, if "ip" is set via uci
* feature+: maintain a list of all HNA-entries, lookout for missing ones
* feature+: check_plausi: detect: no_wifi_neigh, but had_good_before
* feature+: check_plausi: detect: lost a good neigh

sms()
* feature+: simplify procedure and use/send only one token (not username+password)
* feature+: premium-sms
* feature+: text2pay
* feature+: smsbox.net

fax()
* feature+: implement sipgate-API

userdb()
* bug: major: check if '_db user device show $ID' can be changed to be more exakt, e.g. append 'last'?
* bug: major: respect settings how much macs/devices are allowed to getin with one login (b0rken)
* bug: major: respect group-logins during device-check (e.g. devices eat up limit for 1 login)
* bug: minor: respect race, if index_gen runs, but new logins will be added
* bug: minor: change specific login -> index_gen runs not automatically or wrong
* feature+: implement ticket-print for Avery Zweckform Quick&Clean C32011
* feature+: db_backup() always give a reason, change logprio according
* feature+: remember last OK ticket-mail-sending - profile specific
* feature+: list_logins: last week, last month ...
* feature+: during cron.add-traff, built: active_users.html -> show in userdb-gui (+overall time/traff)
* feature+: index_gen() allow specific login (fast!)
* feature+: report() username/password or login_id -> fetches all devices
* feature+: report() $mac: -> PDF -> email
* feature+: report() show XX devices on YY routers
* feature+: report() top 10 users, top 10 devices
* feature+: report() show theoretical max download and "x percent of" for top-graphs + typical up/download ratio
* feature+: report() rotate_view() http://meinews.niuz.biz/re-t496245.html?s=1bf4dc343372425d68a62bcd18de7a6d&amp;
* feature+: report() punchcard: http://g.raphaeljs.com/dotchart.html
* feature+: report() traffic: http://g.raphaeljs.com/linechart.html
* feature+: measure tickets/s during index_gen and safe this value
* feature+: during index_gen write a mark each 30sec according to speed-value (see above)
* feature+: profile: allow access to internal network: yes/no
* feature+: profile: sanitize all speed-values to integer
* feature+: meta: weblogin = username/password | sms | both: (which is default)(user selectable)
* feature+: meta: weblogin is blocked, if hostname is virgin: yes/no
* feature+: meta: emails, sms-numbers, fax-numbers 
* feature+: meta: object name, speed uplink/downlink, ...
* feature+: meta: default language for weblogin (=order of languages)
* feature+: login: add message to user on next login
* feature+: login: temporarily disable a login
* feature+: relation between login and free-lan-dhcp-device
* feature+: list_logins: show used_or_not
* feature+: list_logins: show last used time
* feature+: username_namespace: 'islands of the world'
* feature+: auto distribute DB over network
* feature+: after making e.g. 32 logins, print a direct link to overview
* feature+: index_gen() if password = number && fuzzy-mode -> _list uniq $(hashes)
* cleanup: move hardcoded db-servers into config_var which is set during apply_profile

weblogin()
* bug: minor: translate logout-page
* bug: major: sms-mode: make sure, that phonenumer is safed in database
* cleanup: minor: change/translate varnames in terms_of_use.meta
* feature+: link to installation-object-name/webpage on logo
* feature+: fakepop / autoanswer pop3 action ("please login")
* feature+: make use of user-language via HTTP_ACCEPT_LANGUAGE
* feature+: make the sms-auth only visible in configurable timeslots
* feature+: implement credit-card API for payment
* feature+: implement import of xml/csv logins

usertunnel()
* bug: minor: allow local entry in/out: e.g. direct connection to inet_offering node
* bug: minor: check via ping the other tunnel-end - stop tunnel if fails (test: server reboots)
* bug: minor: disconnecting client: rewrite all.conf + remove client.conf 
* bug: minor: use different config-file-names on client/server
* bug: minor: release unused tunnel IDs
* feature+: explicit intranet tunnels (compression, another shaping?)
* feature+: join several tunnels into one, to corectly shape several devices with one login

config()
* bug: minor: leave already configured special network/vlan-settings
* feature+: make WAN-olsr better configureable
* feature+: repect /tmp/resolv.conf.ppp + .auto? (faster resolution)
* feature+: use special ip4 for service HNA/redundancy: 6.6.6.[5|6|7|8] = monitoring|dns|userdb|tunnelsrv

scheduler()
* bug: minor: why does it happen: "scheduler_allow_run() removing lockfile, which seems to be left by accident"
* feature+: run tasks at a specific time

net()
* cleanup: implement pingtest-abstraction and use it
* feature+: sort "/tmp/dhcp.leases" | while read LINE; do set $LINE; echo "$( _system date unixtime2date $1 ) $LINE";done

wifi()
* bug: major: b43: "BCM4318 chipset: AP mode does not work because of packet loss in high transmission rates"
* feature+: check if arping-test raised wifi-tx-counter
* feature+: b43: try module parameter 'nohwcrypt=1 qos=0' (lowering mem?)