Commit Graph

7 Commits

Author SHA1 Message Date
Matthias Schiffer
74f4119c1b
treewide: add support for building kernel modules used by Gluon into the kernel 2018-04-13 17:32:20 +02:00
Matthias Schiffer
8e5abf02ae
treewide: switch to ebtables-tiny 2018-04-13 16:00:58 +02:00
Linus Lüssing
951b6632bc gluon-ebtables-limit-arp: do not add multicast addresses to filter
With the batman-adv multicast support compiled back in again we end up
with multicast addresses in the batman-adv translation table.

Currently we wrongly interpret multicast addresses returned by TT as a
unique host, too, which adds them with a source address filter to
ebtables as well. However, the source address of an ethernet frames is
never supposed to be a multicat one.

This leads to unnecessary entries in ebtables. Fixing this by ignoring
those MAC addreses returned by TT which have the multicast bit set.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2018-04-01 03:26:50 +02:00
Matthias Schiffer
68a706a948
gluon.mk: remove GLUON_PKG_MAKE option 2018-03-09 10:05:44 +01:00
Matthias Schiffer
60522ee253
treewide: move package Makefile boilerplate to gluon.mk 2018-03-08 19:49:41 +01:00
Matthias Schiffer
934221b86f
treewide: remove redundant definitions from package Makefiles 2018-03-07 21:23:41 +01:00
Linus Lüssing
84a6f65f02 gluon-ebtables-limit-arp: a package for ARP rate-limiting
This package adds filters to limit the amount of ARP Requests
devices are allowed to send into the mesh. The limits are 6 packets
per minute per client device, by MAC address, and 1 per second per
node in total.

A burst of up to 50 ARP Requests is allowed until the rate-limiting
takes effect (see --limit-burst in the ebtables manpage).

Furthermore, ARP Requests with a target IP already present in the
batman-adv DAT Cache are excluded from the rate-limiting,
both regarding counting and filtering, as batman-adv will respond
locally with no burden for the mesh. Therefore, this limiter
should not affect popular target IPs, like gateways.

However it should mitigate the problem of curious people or
smart devices scanning the whole IP range. Which could create
a significant amount of overhead for all participants so far.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2018-02-15 23:21:11 +01:00