macvlan interfaces never directly exchange traffic with the underlying
interface, but only with other hosts behind the interface. In consequence,
router advertisements from the uradvd running on br-client could never
reach local-node, preventing it from getting an IPv6 address without RAs
from an external radvd. Fix this be replacing the macvlan interface with
a veth pair (with the peer interface in br-client).
As a side effect, this saves about 5KB of flash, as the veth module is
simpler than macvlan.
When preparing the migration from macvlan to veth for local-node, MAC
address conflicts occurred as some ports of br-client had the same address
as local-node. Reverting the roles of both interfaces fixes this.
By default, br-client is left as an interface without addresses and
firewall rules that drop everything, so the bridge is used to connect its
ports only. gluon-mesh-batman-adv-core changes this to the usual set
of addresses and firewall rules.
The batadv debugfs requires large memory blocks to write the text debug
tables. This is inefficient for large tables like the global translation
table or the originators table.
The memory requirement can be reduced by using netlink. It copies smaller
packets in a binary format to the userspace program. The respondd module of
gluon-mesh-batman-adv-core can therefore parse larger originator tables
without causing an OOM on systems which are tight on memory.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The batadv debugfs requires large memory blocks to write the text debug
tables. This is inefficient for large tables like the global translation
table or the originators table.
The memory requirement can be reduced by using netlink. It copies smaller
packets in a binary format to the userspace program. gluon-status-page-api
can therefore parse larger originator tables without causing an OOM on
systems which are tight on memory.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
MAC and IP addresses are switched. This makes the gluon-client-bridge
package more useful for different routing protocols that don't need a
unique address on the client bridge.
As a side effect, gluon-radvd is now using the next-node address, which had
been considered before, but was dismissed to avoid having gluon-radvd
depend on gluon-next-node and gluon-mesh-batman-adv. This will be useful
for announcing default routes via gluon-radvd.
One downside is that this introduces a minor dependency on batman-adv in
gluon-respondd: the hotplug script that checked for the client interface
before will now check for local-node. This doesn't really matter: for mesh
protocols without a local-node interface, the check will do nothing (which
makes sense, as there is no interface to bind to for mesh-wide respondd).
Because we unconditionally appended `-i br-client` to the command line of
respondd, it wasn't restarted when br-client changed state. Now, we use a
jsonfilter expression on the network.interface dump data, similar to how the
other interface names are generated, and only add the interface to the argument
list if it is up.
If cookies are disabled, the Statuspage only displays an empty ("Not connected")
This checks if the localStorage API is available and working and only uses it in this case
Also allows better backwards compatibility.
Users may have defined additional mesh interfaces. Properly migrate these
to avoid subtly breaking the network config (and make them ready for new
mesh protocols).
Switch to:
1. WAN
2. LAN
3. Mesh VPN
As WAN and LAN are setup in gluon-mesh-batman-adv-core (and will be moved
to gluon-core), while the mesh VPN has its own package, giving WAN and LAN
the first indices is preferable.
Just like we enabled multicast snooping on the batman-adv client bridge
again, let's do the same for the WAN side.
With one exception: The IGMP/MLD querier is kept disabled to avoid
becoming too "bossy"/"noisy" on a foreign network. The main router on
the WAN side should perform querying and by that enable
IGMP/MLD/snooping if it considers this appropriate there.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
A few issues with the bridge snooping were identified and fixed
upstream in OpenWRT:
* "firewall: Allow IGMP and MLD input on WAN" (r45613)
* "kernel: bridge: backport two snooping related patches" (r45783)
* netifd: "bridge: Fix multicast_to_unicast feature by hairpin+isolate"
(OW: "netifd: update to the latest version, adds multicast-to-unicast fixes" (r46719))
* "kernel: bridge, multicast-to-unicast: assign src after pskb_may_pull()" (r46721)
* "kernel: bridge, multicast-to-unicast: fix echoes on STA" (46765)
These have very likely caused issues with the bridge snooping before,
which led to disabling it in the past. Let's reenable the multicast
snooping now that they were fixed for reduced multicast overhead on the
wifi.
Advantages are the following:
This mildly reduces overhead on the mesh layer. And significantly reduces
overhead on the AP interface and therefore significantly increases
available airtime (the currently most significant scalability bottleneck).
Secondly removes an easy, often accidental node-local Denial-of-Service
vector based on multicast flooding / streaming.
Thirdly, makes node-local multicast streaming feasible.
Finally should noticably increase battery life of mobile devices.
Note: bridge querier is disabled for br-wan. We want to avoid becoming
too "bossy"/"noisy" on a foreign network.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
The mesh side has become fairly huge in many communities. Up to
a few thousand entries can currently be found in the forwarding
database (fdb) of a bridge for its bridge port bat0.
The bridge fdb is kind of redundant to the batman-adv global translation
table here. Therefore this patch tries to reduce memory footprint by
following an approach similar to the IGMP/MLD split patchset approach:
Make the bridge oblivious not only regarding multicast listeners towards
the mesh but with this patch unicast hosts on the mesh, too.
If the destination of an ethernet frame is known by the bridge to be a
local one, then the frame is forwarded to the according port. If it is
unknown, then the frame is forwarded to the wifi AP interface and bat0.
mac80211 and batman-adv then know whether to drop or forward a frame
further through their own book-keeping.
Note that unicast-flood is not disabled for the wifi AP bridge port, nor
is learning disabled on the wifi AP. This is mainly to keep the
configuration in UCI and according setup scripts simple ;). However, not
disalbling unicast-flood on the wifi AP interface might also give a
minor latency improvement for newly joining wifi clients.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
The arguments are now provided by gluon-mesh-batman-adv-core, so
gluon-radvd can be used with other mesh protocols.
[Matthias Schiffer: removed PROVIDES dependency]
Some drivers (mt76) don't support arbitrary MAC addresses. Use the
addresses provided by the driver (avoiding the primary address) by default,
but fall back to our has-based scheme when the driver doesn't provide
(enough) addresses.
