We must ensure that each node becomes IGMP/MLD querier for its local
clients; having only a single querier for the whole mesh is generally
unreliable, leading to frequent "IGMP/MLD querier appeared/disappeared"
messages from batman-adv and unreliable snooping.
In smaller meshes it might be interesting only segment querier domains, but
allow membership reports to pass through the mesh, in order to support
snooping switches outside the mesh without special configuration. A
site.conf switch is provided to control this behaviour.
Fixes#1320
A downside of this behaviour is that the page does not work for IPv4-only
clients, as the redirect will always point at an IPv6 address.
Still, it seems like a good idea to enforce the redirect even from the IPv4
next-node address, as switching nodes while being connected to the status
page would lead to unexpected behaviour.
All Access-Control-Allow-Origin are removed to improve users' privacy. As
the status page API is thus not useful without the status page anymore,
merge them back into a single package.
The status-page-api respondd provider is removed as well.
Fixes#1194
This new status page is significantly smaller than the old one. It always
loads its resources from the same host as the page itself, not requiring
cross-origin requests anymore.
It also uses the common i18n infrastructure of gluon-web.
Fixes#914
- CGI script and index.html are moved from gluon-web to
gluon-config-mode-core, the script is renamed to 'config'
- gluon-web and gluon-web-model base views and i18n files are symlinked
into the new path
- gluon-web-theme is renamed to gluon-config-mode-theme and installs
directly into the new path
- all gluon-web-* models, controllers and views are moved into the new
path
By emitting Lua code to call translate() and pcdata(), we are more
flexible than when doing this internally in the parser. The performance
penalty should be negligible.
This patch moves the prefix4 subnet route from the local-node veth
device to br-client (while keeping the next node ipv4 address on the
local node device).
This is in preparation to allow routing over the br-client interface
later.
This package adds filters to limit the amount of ARP Requests
devices are allowed to send into the mesh. The limits are 6 packets
per minute per client device, by MAC address, and 1 per second per
node in total.
A burst of up to 50 ARP Requests is allowed until the rate-limiting
takes effect (see --limit-burst in the ebtables manpage).
Furthermore, ARP Requests with a target IP already present in the
batman-adv DAT Cache are excluded from the rate-limiting,
both regarding counting and filtering, as batman-adv will respond
locally with no burden for the mesh. Therefore, this limiter
should not affect popular target IPs, like gateways.
However it should mitigate the problem of curious people or
smart devices scanning the whole IP range. Which could create
a significant amount of overhead for all participants so far.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
