177 lines
5.9 KiB
Diff
177 lines
5.9 KiB
Diff
From: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
Date: Sat, 1 May 2021 22:19:03 +0200
|
|
Subject: batman-adv: Introduce no noflood mark
|
|
|
|
This mark prevents a multicast packet being flooded through the whole
|
|
mesh. The advantage of marking certain multicast packets via e.g.
|
|
ebtables instead of dropping is then the following:
|
|
|
|
This allows an administrator to let specific multicast packets pass as
|
|
long as they are forwarded to a limited number of nodes only and are
|
|
therefore creating no burdon to unrelated nodes.
|
|
|
|
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
|
|
diff --git a/batman-adv/patches/0034-batman-adv-Introduce-no-noflood-mark.patch b/batman-adv/patches/0034-batman-adv-Introduce-no-noflood-mark.patch
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..8dbde75343f04fb3a643e300856ecfac7dc23e32
|
|
--- /dev/null
|
|
+++ b/batman-adv/patches/0034-batman-adv-Introduce-no-noflood-mark.patch
|
|
@@ -0,0 +1,156 @@
|
|
+From 25b21382238c783298c0d8defc8c739126c1b54d Mon Sep 17 00:00:00 2001
|
|
+From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@c0d3.blue>
|
|
+Date: Sat, 31 Mar 2018 03:36:19 +0200
|
|
+Subject: [PATCH] batman-adv: Introduce no noflood mark
|
|
+MIME-Version: 1.0
|
|
+Content-Type: text/plain; charset=UTF-8
|
|
+Content-Transfer-Encoding: 8bit
|
|
+
|
|
+This mark prevents a multicast packet being flooded through the whole
|
|
+mesh. The advantage of marking certain multicast packets via e.g.
|
|
+ebtables instead of dropping is then the following:
|
|
+
|
|
+This allows an administrator to let specific multicast packets pass as
|
|
+long as they are forwarded to a limited number of nodes only and are
|
|
+therefore creating no burdon to unrelated nodes.
|
|
+
|
|
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
+
|
|
+---
|
|
+
|
|
+https://www.open-mesh.org/projects/batman-adv/wiki/Noflood-broadcast-prevention
|
|
+
|
|
+Changelog v2:
|
|
+
|
|
+* rebased to master
|
|
+* sysfs -> netlink
|
|
+---
|
|
+ include/uapi/linux/batman_adv.h | 12 ++++++++++++
|
|
+ net/batman-adv/netlink.c | 22 ++++++++++++++++++++++
|
|
+ net/batman-adv/soft-interface.c | 20 ++++++++++++++++++++
|
|
+ net/batman-adv/types.h | 12 ++++++++++++
|
|
+ 4 files changed, 66 insertions(+)
|
|
+
|
|
+--- a/include/uapi/linux/batman_adv.h
|
|
++++ b/include/uapi/linux/batman_adv.h
|
|
+@@ -481,6 +481,18 @@ enum batadv_nl_attrs {
|
|
+ */
|
|
+ BATADV_ATTR_MULTICAST_FANOUT,
|
|
+
|
|
++ /**
|
|
++ * @BATADV_ATTR_NOFLOOD_MARK: the noflood mark which allows to tag
|
|
++ * frames which should never be broadcast flooded through the mesh.
|
|
++ */
|
|
++ BATADV_ATTR_NOFLOOD_MARK,
|
|
++
|
|
++ /**
|
|
++ * @BATADV_ATTR_NOFLOOD_MASK: the noflood (bit)mask which allows to tag
|
|
++ * frames which should never be broadcast flooded through the mesh.
|
|
++ */
|
|
++ BATADV_ATTR_NOFLOOD_MASK,
|
|
++
|
|
+ /* add attributes above here, update the policy in netlink.c */
|
|
+
|
|
+ /**
|
|
+--- a/net/batman-adv/netlink.c
|
|
++++ b/net/batman-adv/netlink.c
|
|
+@@ -134,6 +134,8 @@ static const struct nla_policy batadv_ne
|
|
+ [BATADV_ATTR_AP_ISOLATION_ENABLED] = { .type = NLA_U8 },
|
|
+ [BATADV_ATTR_ISOLATION_MARK] = { .type = NLA_U32 },
|
|
+ [BATADV_ATTR_ISOLATION_MASK] = { .type = NLA_U32 },
|
|
++ [BATADV_ATTR_NOFLOOD_MARK] = { .type = NLA_U32 },
|
|
++ [BATADV_ATTR_NOFLOOD_MASK] = { .type = NLA_U32 },
|
|
+ [BATADV_ATTR_BONDING_ENABLED] = { .type = NLA_U8 },
|
|
+ [BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED] = { .type = NLA_U8 },
|
|
+ [BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED] = { .type = NLA_U8 },
|
|
+@@ -286,6 +288,14 @@ static int batadv_netlink_mesh_fill(stru
|
|
+ bat_priv->isolation_mark_mask))
|
|
+ goto nla_put_failure;
|
|
+
|
|
++ if (nla_put_u32(msg, BATADV_ATTR_NOFLOOD_MARK,
|
|
++ bat_priv->noflood_mark))
|
|
++ goto nla_put_failure;
|
|
++
|
|
++ if (nla_put_u32(msg, BATADV_ATTR_NOFLOOD_MASK,
|
|
++ bat_priv->noflood_mark_mask))
|
|
++ goto nla_put_failure;
|
|
++
|
|
+ if (nla_put_u8(msg, BATADV_ATTR_BONDING_ENABLED,
|
|
+ !!atomic_read(&bat_priv->bonding)))
|
|
+ goto nla_put_failure;
|
|
+@@ -466,6 +476,18 @@ static int batadv_netlink_set_mesh(struc
|
|
+ bat_priv->isolation_mark_mask = nla_get_u32(attr);
|
|
+ }
|
|
+
|
|
++ if (info->attrs[BATADV_ATTR_NOFLOOD_MARK]) {
|
|
++ attr = info->attrs[BATADV_ATTR_NOFLOOD_MARK];
|
|
++
|
|
++ bat_priv->noflood_mark = nla_get_u32(attr);
|
|
++ }
|
|
++
|
|
++ if (info->attrs[BATADV_ATTR_NOFLOOD_MASK]) {
|
|
++ attr = info->attrs[BATADV_ATTR_NOFLOOD_MASK];
|
|
++
|
|
++ bat_priv->noflood_mark_mask = nla_get_u32(attr);
|
|
++ }
|
|
++
|
|
+ if (info->attrs[BATADV_ATTR_BONDING_ENABLED]) {
|
|
+ attr = info->attrs[BATADV_ATTR_BONDING_ENABLED];
|
|
+
|
|
+--- a/net/batman-adv/soft-interface.c
|
|
++++ b/net/batman-adv/soft-interface.c
|
|
+@@ -175,6 +175,23 @@ static void batadv_interface_set_rx_mode
|
|
+ {
|
|
+ }
|
|
+
|
|
++/**
|
|
++ * batadv_send_skb_has_noflood_mark() - check if packet has a noflood mark
|
|
++ * @bat_priv: the bat priv with all the soft interface information
|
|
++ * @skb: the packet to check
|
|
++ *
|
|
++ * Return: True if the skb's mark matches a configured noflood mark and
|
|
++ * noflood mark mask. False otherwise.
|
|
++ */
|
|
++static bool
|
|
++batadv_skb_has_noflood_mark(struct batadv_priv *bat_priv, struct sk_buff *skb)
|
|
++{
|
|
++ u32 match_mark = skb->mark & bat_priv->noflood_mark_mask;
|
|
++
|
|
++ return bat_priv->noflood_mark_mask &&
|
|
++ match_mark == bat_priv->noflood_mark;
|
|
++}
|
|
++
|
|
+ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb,
|
|
+ struct net_device *soft_iface)
|
|
+ {
|
|
+@@ -325,6 +342,9 @@ send:
|
|
+ if (batadv_dat_snoop_outgoing_arp_request(bat_priv, skb))
|
|
+ brd_delay = msecs_to_jiffies(ARP_REQ_DELAY);
|
|
+
|
|
++ if (batadv_skb_has_noflood_mark(bat_priv, skb))
|
|
++ goto dropped;
|
|
++
|
|
+ if (batadv_skb_head_push(skb, sizeof(*bcast_packet)) < 0)
|
|
+ goto dropped;
|
|
+
|
|
+--- a/net/batman-adv/types.h
|
|
++++ b/net/batman-adv/types.h
|
|
+@@ -1635,6 +1635,18 @@ struct batadv_priv {
|
|
+ */
|
|
+ u32 isolation_mark_mask;
|
|
+
|
|
++ /**
|
|
++ * @noflood_mark: the skb->mark value used to allow directed targeting
|
|
++ * only
|
|
++ */
|
|
++ u32 noflood_mark;
|
|
++
|
|
++ /**
|
|
++ * @noflood_mark_mask: bitmask identifying the bits in skb->mark to be
|
|
++ * used for the noflood mark
|
|
++ */
|
|
++ u32 noflood_mark_mask;
|
|
++
|
|
+ /** @bcast_seqno: last sent broadcast packet sequence number */
|
|
+ atomic_t bcast_seqno;
|
|
+
|