84a6f65f02
This package adds filters to limit the amount of ARP Requests devices are allowed to send into the mesh. The limits are 6 packets per minute per client device, by MAC address, and 1 per second per node in total. A burst of up to 50 ARP Requests is allowed until the rate-limiting takes effect (see --limit-burst in the ebtables manpage). Furthermore, ARP Requests with a target IP already present in the batman-adv DAT Cache are excluded from the rate-limiting, both regarding counting and filtering, as batman-adv will respond locally with no burden for the mesh. Therefore, this limiter should not affect popular target IPs, like gateways. However it should mitigate the problem of curious people or smart devices scanning the whole IP range. Which could create a significant amount of overhead for all participants so far. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
48 lines
897 B
C
48 lines
897 B
C
/*
|
|
* Copyright (c) 2017 Linus Lüssing <linus.luessing@c0d3.blue>
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0+
|
|
* License-Filename: LICENSE
|
|
*/
|
|
|
|
#include <linux/if_ether.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include "mac.h"
|
|
|
|
#define ETH_STRLEN (sizeof("aa:bb:cc:dd:ee:ff") - 1)
|
|
|
|
char mntoa_buf[ETH_STRLEN+1];
|
|
|
|
int mac_aton(const char *cp, struct mac_addr *mac)
|
|
{
|
|
struct mac_addr m;
|
|
int ret;
|
|
|
|
if (strlen(cp) != ETH_STRLEN)
|
|
return 0;
|
|
|
|
memset(&m, 0, sizeof(m));
|
|
|
|
ret = sscanf(cp, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
|
|
&m.storage[0], &m.storage[1], &m.storage[2],
|
|
&m.storage[3], &m.storage[4], &m.storage[5]);
|
|
|
|
if (ret != ETH_ALEN)
|
|
return 0;
|
|
|
|
*mac = m;
|
|
return 1;
|
|
}
|
|
|
|
char *mac_ntoa(struct mac_addr *mac)
|
|
{
|
|
unsigned char *m = mac->storage;
|
|
|
|
snprintf(mntoa_buf, sizeof(mntoa_buf),
|
|
"%02x:%02x:%02x:%02x:%02x:%02x",
|
|
m[0], m[1], m[2], m[3], m[4], m[5]);
|
|
|
|
return mntoa_buf;
|
|
}
|