Commit Graph

22 Commits

Author SHA1 Message Date
J. Burfeind
6e09539539
gluon-mesh-batman-adv: implement neighbour and default_gw4 check (#2274) 2021-08-12 21:02:58 +02:00
Linus Lüssing
98f3f63842 gluon-ebtables-filter-multicast: relax IPv6 multicast firewall rules
Allow the transmission of IPv6 multicast packets as long as they are not
flooded through the whole mesh.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2021-05-01 22:36:14 +02:00
Linus Lüssing
288daf5a47 gluon-mesh-batman-adv: reenable batman-adv multicast optimizations
With batman-adv 2020.4 and the according backports to batman-adv v2019.2
several more bugs were found and fixed regarding the batman-adv
multicast optimizations feature.

Also a "wakeup-call" feature was added to the Linux bridge IGMP/MLD
snooping code in Gluon to work around issues with Android devices.

With batman-adv now at v2019.2, multicast-to-multi-unicasts conversion
is supported, too. Which means that even if there are a few outdated nodes
these and all other recipients will be served multicast packets via unicast,
too, as long as the sum of receiving nodes does not exceed the multicast
fanout setting (default: 16). If is exceeded, then batman-adv will revert
back to broadcast flooding automatically.

Long story short, with all these extra measures in place, let's reenable
the batman-adv multicast optimizations to reduce the layer 2 overhead
and in preparation for multicast applications in the future.

The default is enabled for this feature anyway, so removing the
"batctl multicast_mode 0" overwrite is sufficient.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2021-04-29 00:40:39 +02:00
Matthias Schiffer
92647cd47a
gluon-mesh-batman-adv: do not delete bat0 during hardif teardown (#2057)
With very bad timing, it is possible that the teardown script of a
gluon_mesh interface runs when bat0 was just created, but primary0 is not
yet added to it. Although there is no hardif to remove in this case,
bat0 will still be deleted, because there is no hardif in bat0.

Disable the interface removal logic by passing `-M` to `batctl interface`.
2020-06-13 18:44:46 +02:00
Matthias Schiffer
778bf90561
gluon-mesh-batman-adv: add UCI setting for hop penalty
Add a UCI setting gluon.mesh_batman_adv.hop_penalty

Example UCI commands:

    uci set gluon.mesh_batman_adv=mesh_batman_adv
    uci set gluon.mesh_batman_adv.hop_penalty=20
    uci commit

`/etc/config/gluon` config section:

    config mesh_batman_adv 'mesh_batman_adv'
    	option hop_penalty '20'

Fixes: #1942
2020-04-20 23:35:07 +02:00
Matthias Schiffer
b4101e54e0
gluon-mesh-batman-adv: remove remaining deprecated sysfs usage
While we're at it, also slightly optimize proto_gluon_bat0_renew.
2019-11-24 01:10:59 +01:00
Matthias Schiffer
f715a58fdb
gluon-mesh-batman-adv: remove obsolete no_rebroadcast setting 2019-11-24 00:53:54 +01:00
Matthias Schiffer
02c7503f74 gluon-mesh-batman-adv: remove MTU workaround for VLAN-on-WLAN
We don't support VLANs on 11s interfaces, so the workaround can be dropped
with the IBSS support.
2019-11-07 19:48:16 +01:00
Matthias Schiffer
b262b72563 gluon-mesh-batman-adv: adjust to removal of batman-adv UCI config 2019-10-30 00:06:14 +01:00
Matthias Schiffer
5b97d36c7e gluon-mesh-batman-adv: remove gluon-mesh-batman-adv-14 2019-09-25 21:57:52 +02:00
Linus Lüssing
cb899874dc
gluon-mesh-batman-adv: allow installing mesh-batman-adv-14 and -15 at the same time
The new routing_algo site.conf value BATMAN_IV_LEGACY is introduced. With
these changes, the routing_algo setting becomes mandatory.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2019-08-22 20:09:10 +02:00
Matthias Schiffer
ecc8ebc8ed
treewide: move ebtables filter definitions from files to luasrc 2019-06-18 19:52:33 +02:00
Matthias Schiffer
da45bd5987
treewide: do not use Lua module() 2019-06-16 15:51:43 +02:00
Matthias Schiffer
09916f6e35
gluon-mesh-batman-adv: drop packets from mesh with next-node source or destination address (#1714)
Fixes #1659
2019-04-28 14:56:09 +02:00
Sven Eckelmann
fc59d5208d gluon-mesh-batman-adv: Drop IPv4 anycast related packets from/to bat0
The commit b3762fc61c ("gluon-client-bridge: move IPv4 local subnet route
to br-client (#1312)") moves the IPv4 prefix from the local-port interface
to br-client. A client requesting an IPv4 connection to the IPv4 anycast
address of the node (the device running gluon) will create following
packets:

1. ARP packet from client to get the MAC of the mac address of the anycast
   IPv4 address
2. ARP reply from node to client with the anycast MAC address for the IPv4
   anycast address
3. IPv4 packet from client which requires reply (for example ICMP echo
   request)
4. ARP request for the client MAC address for its IPv4 address in prefix4
   (done with the mac address of br-client and transmitted over br-client)
5. IPv4 packet from node (transmitted over br-client with br-client MAC
   address) as reply for the client IPv4 packet (for example ICMP echo
   reply)

The step 4 is extremely problematic here. ARP replies with the anycast IPv4
address must not be submitted or received via bat0 - expecially not when it
contains an node specific MAC address as source. When it is still done then
the wrong MAC address is stored in the batadv DAT cache and ARP packet is
maybe even forwarded to clients. This latter is especially true for ARP
requests which are broadcast and will be flooded to the complete mesh.

Clients will see these ARP packets and change their own neighbor IP
(translation) table. They will then try to submit the packets for IPv4
anycast addresses to the complete wrong device in the mesh. This will for
example break the access to the status page to the connected device or the
anycast DNS forwarder implementation. Especially the latter causes extreme
latency when clients try to connect to server using a domain name or even
breaks the connection setup process completely. Both are caused by the
unanswered DNS requests which at first glance look like packet loss.

An node must therefore take care of:

* not transmitting ARP packets related to the anycast IPv4 address over
  bat0
* drop ARP packets related to the anycast IPv4 when they are received on
  bat0 from a still broken node
* don't accept ARP packets related to the anycast IPv4 replies on local
  node when it comes from bat0

Fixes: b3762fc61c ("gluon-client-bridge: move IPv4 local subnet route to br-client (#1312)")
2018-07-22 16:42:41 +02:00
Matthias Schiffer
25b32ec2fe
treewide: move sysctl settings to /etc/sysctl.d
net.ipv6.conf.br-client.forwarding is moved from gluon-client-bridge to
gluon-mesh-batman-adv, as the setting is not useful with non-bridged
protocols.
2018-04-13 14:41:01 +02:00
Matthias Schiffer
9324d18fee
gluon-mesh-batman-adv: filter out all packages between bat0 and local-port
Filtering by MAC address won't filter out multicast packages like router
solicitations, causing uradvd to send out router advertisements with
maximum frequency (every 3 seconds) in active meshes, even when no local
client is actually interested in the advertisements.

Fixes #1230
2017-10-03 17:07:42 +02:00
Matthias Schiffer
12ec6ab2bc
gluon-mesh-batman-adv: use new gluon.site library to avoid 'or {}' syntax 2017-08-08 13:53:20 +02:00
Steffen Förster
582d09615b
gluon-mesh-batman-adv: enable routing algorithm configuration through site.conf
[Matthias Schiffer: move to proto_gluon_bat0_setup() and default to BATMAN_IV]
2017-07-19 17:58:07 +02:00
Matthias Schiffer
08e667ba2e
gluon-client-bridge: add default next-node MAC address
The next-node MAC address doesn't need to be unique in different
communities, so we can as well add a default value.
2017-06-26 22:48:45 +02:00
Matthias Schiffer
e45c30330d
gluon-mesh-batman-adv: refactor interface management
We now create bat0 and primary0 independently of the lower mesh interfaces,
making the whole setup a lot more robust. In particular:

- we can't accidentially destroy primary0 because of concurrent setup and
  teardown runs of different interfaces
- bat0 will always exist, even when no mesh interfaces are up (e.g. no link
  on wired mesh)
- interfaces going down and up again will never tear down the whole of
  batman-adv
- we can enable and disable bat0 independently of the lower interface
  states
2017-04-12 19:23:08 +02:00
Matthias Schiffer
4ca67dcca5
gluon-mesh-batman-adv-*: unify into a single source package
For simplicity, we don't use different MTUs for compat 14 and 15 anymore,
there's no harm in using 1532 for batman-adv-legacy as well.
2017-04-12 04:22:45 +02:00