Pt97 compliance, Add strict gatekeeper mode for Meshtastic/MeshCore ingress#17
Open
mathisono wants to merge 25 commits into
Open
Pt97 compliance, Add strict gatekeeper mode for Meshtastic/MeshCore ingress#17mathisono wants to merge 25 commits into
mathisono wants to merge 25 commits into
Conversation
Removed reference to APRS interoperability with APRS.
1. Add exponential backoff for APRS backend reconnection (5s base, 5min cap) to avoid hammering unreachable servers every poll cycle. 2. Fix recv() to buffer all messages from a single read instead of returning only the first match. Remaining messages are drained via tick() -> router.queue() on the next cycle, and recv() checks the pending buffer before reading more data from the socket. 3. Separate kiss_rxbuf from rxbuf so KISS unframing and TNC2 line buffering never collide. 4. Send APRS ACK for every inbound message that carries a message-id, so the remote station knows Raven received the packet.
mathisono
pushed a commit
to mathisono/Raven
that referenced
this pull request
Jun 3, 2026
- Add strict gatekeeper mode for Meshtastic/MeshCore ingress (Part 97 compliance) - Add APRS bridge with APRS-IS, KISS TCP, and TCP text backends - APRS hardening: reconnect backoff, buffered recv, inbound ACK
mathisono
force-pushed
the
pt97-compliance
branch
from
4ac0944 to
6c19ac4
Compare
…stic ucode's module resolver rejects cycles in the import graph. The chain config→router→meshtastic→gatekeeper, with config also importing gatekeeper directly, triggers a circular dependency error. Break the cycle by: - Removing 'import gatekeeper' from both router.uc and meshtastic.uc - Adding router.setGatekeeper() to inject the reference at setup time - Passing gatekeeper via config._gatekeeper for meshtastic.uc - Using optional chaining (gatekeeper?.isEnabled()) so both modules work safely before the reference is injected
mathisono
force-pushed
the
pt97-compliance
branch
from
6c19ac4 to
b56b527
Compare
added 6 commits
June 2, 2026 19:50
When the APRS channel is selected, the input placeholder shows '@callsign message or #group message ...' so users know the direct-message and group syntax without reading docs.
- aprs.process() was empty, so outbound messages from UI never reached
APRS-IS. Now calls send() for locally-originated messages.
- Regex for parsing message IDs didn't handle APRS 1.1 reply-ack
trailing '}', causing {01} to appear in message text and ACKs
not being sent back (Xastir kept retransmitting).
…eed channel - Inbound messages from callsigns with a DM channel (e.g. kj6dzb-4 og==) now route to that DM channel instead of always going to the group feed. - Group members always route to the main APRS feed channel. - Outbound from DM channels auto-routes to the callsign in the channel name, stripping redundant @callsign prefix if present. - Default feed channel renamed to APRS-IS-Feed (no spaces in namekey). - Feed channel is auto-registered at setup even if not in config. - Channel key extracted once at setup for efficient DM matching.
…nly, wire up gatekeeper ref in meshcore - meshcore.uc: accept gatekeeper reference from config, add early-drop comment for encrypted packets - router.uc: when gatekeeper strict, only bridge text_message outbound to MeshCore and Meshtastic - Remove old r12 package artifacts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds an optional Strict Gatekeeper mode for Raven bridge deployments that forward Meshtastic or MeshCore text traffic into AREDN.
The goal is to make the bridge fail closed for common amateur-radio compliance risks when crossing from an unlicensed mesh into an AREDN / amateur-radio network.
What changed
gatekeeper.ucpolicy module.strict_gatekeeperconfiguration support:{ "strict_gatekeeper": { "enabled": true, "gateway_callsign": "W6XYZ", "allowed_callsigns": ["KN6PLV", "KJ6DZB"] } }allowed_callsignswhitelist.For example:
STRICT_GATEKEEPER.mddocumenting configuration, behavior, and operational caveats.Rationale
Meshtastic and MeshCore are useful companion meshes, but AREDN runs in a licensed amateur-radio environment where cleartext operation, station identification, and operator control matter.
The previous behavior allowed bridge traffic to be forwarded too openly. This PR introduces an opt-in mode that:
This preserves existing non-strict behavior by default while providing a safer operating mode for regulated deployments.
Notes and caveats
Strict Gatekeeper mode is not cryptographic identity proof. Meshtastic and MeshCore names are user-controlled, so a node can be renamed to look like a valid callsign. For real deployments, operators should use
allowed_callsigns, and a later hardening step should bind allowed operators to stable Meshtastic node IDs or MeshCore public keys.The callsign validator intentionally matches a simple US amateur callsign form: one or two letters, one numeral, and one to three letters. This will reject international callsigns or unusual/special-event formats that do not contain an extractable US-style token.
Dropped packet logging uses the existing
DEBUG0andDEBUG1channels, so headless OpenWrt deployments should confirm service/logd capture before relying on logs for troubleshooting.Testing
Not yet tested on live RF hardware in this PR.
Code was reviewed for ingress chokepoints:
meshtastic.ucbefore decrypt branches run.Follow-up work
MeshCore direct-message handling currently still performs protocol-level decryption inside
meshcore.ucbefore the router-level strict filter sees the decoded text. The router filter prevents non-text or non-rewritten MeshCore ingress from entering the queue, but the strictest future improvement would be to add a MeshCore decoder-level gate similar to the Meshtastic encrypted-packet hard stop.