Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
firmware
FFS Gluon
Commits
c97be1e1
Unverified
Commit
c97be1e1
authored
Jun 08, 2021
by
Martin Weinelt
Committed by
GitHub
Jun 08, 2021
Browse files
Merge pull request #2209 from T-X/pr-batman-adv-noflood+mcast-fw-relax
parents
20f665b1
98f3f638
Changes
4
Hide whitespace changes
Inline
Side-by-side
package/gluon-ebtables-filter-multicast/luasrc/lib/gluon/ebtables/355-mcast-drop
View file @
c97be1e1
rule ('MULTICAST_OUT -p IPv6 --ip6-dst ff02::1/128 -j DROP')
rule ('MULTICAST_OUT -p IPv6 --ip6-dst ff00::/8 -j mark --set-mark 0x4 --mark-target RETURN')
rule ('MULTICAST_OUT -j DROP')
package/gluon-mesh-batman-adv/files/lib/netifd/proto/gluon_bat0.sh
View file @
c97be1e1
...
...
@@ -47,6 +47,7 @@ proto_gluon_bat0_setup() {
batctl orig_interval 5000
batctl hop_penalty
"
$(
lookup_uci
'gluon.mesh_batman_adv.hop_penalty'
15
)
"
batctl noflood_mark 0x4/0x4
case
"
$gw_mode
"
in
server
)
...
...
patches/packages/routing/0003-batman-adv-Introduce-no-noflood-mark.patch
0 → 100644
View file @
c97be1e1
From: Linus Lüssing <linus.luessing@c0d3.blue>
Date: Sat, 1 May 2021 22:19:03 +0200
Subject: batman-adv: Introduce no noflood mark
This mark prevents a multicast packet being flooded through the whole
mesh. The advantage of marking certain multicast packets via e.g.
ebtables instead of dropping is then the following:
This allows an administrator to let specific multicast packets pass as
long as they are forwarded to a limited number of nodes only and are
therefore creating no burdon to unrelated nodes.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
diff --git a/batman-adv/patches/0034-batman-adv-Introduce-no-noflood-mark.patch b/batman-adv/patches/0034-batman-adv-Introduce-no-noflood-mark.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2ccb6da270acf41e56f9a37801e23301e592b112
--- /dev/null
+++ b/batman-adv/patches/0034-batman-adv-Introduce-no-noflood-mark.patch
@@ -0,0 +1,167 @@
+From 25b21382238c783298c0d8defc8c739126c1b54d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@c0d3.blue>
+Date: Sat, 31 Mar 2018 03:36:19 +0200
+Subject: [PATCH] batman-adv: Introduce no noflood mark
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This mark prevents a multicast packet being flooded through the whole
+mesh. The advantage of marking certain multicast packets via e.g.
+ebtables instead of dropping is then the following:
+
+This allows an administrator to let specific multicast packets pass as
+long as they are forwarded to a limited number of nodes only and are
+therefore creating no burdon to unrelated nodes.
+
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+
+---
+
+https://www.open-mesh.org/projects/batman-adv/wiki/Noflood-broadcast-prevention
+
+Changelog v2:
+
+* rebased to master
+* sysfs -> netlink
+---
+ include/uapi/linux/batman_adv.h | 12 ++++++++++++
+ net/batman-adv/netlink.c | 22 ++++++++++++++++++++++
+ net/batman-adv/soft-interface.c | 20 ++++++++++++++++++++
+ net/batman-adv/types.h | 12 ++++++++++++
+ 4 files changed, 66 insertions(+)
+
+diff --git a/include/uapi/linux/batman_adv.h b/include/uapi/linux/batman_adv.h
+index 67f46367..6fabb7aa 100644
+--- a/include/uapi/linux/batman_adv.h
++++ b/include/uapi/linux/batman_adv.h
+@@ -480,6 +480,18 @@ enum batadv_nl_attrs {
+ */
+ BATADV_ATTR_MULTICAST_FANOUT,
+
++ /**
++ * @BATADV_ATTR_NOFLOOD_MARK: the noflood mark which allows to tag
++ * frames which should never be broadcast flooded through the mesh.
++ */
++ BATADV_ATTR_NOFLOOD_MARK,
++
++ /**
++ * @BATADV_ATTR_NOFLOOD_MASK: the noflood (bit)mask which allows to tag
++ * frames which should never be broadcast flooded through the mesh.
++ */
++ BATADV_ATTR_NOFLOOD_MASK,
++
+ /* add attributes above here, update the policy in netlink.c */
+
+ /**
+diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c
+index e1978bc5..3d2c147a 100644
+--- a/net/batman-adv/netlink.c
++++ b/net/batman-adv/netlink.c
+@@ -134,6 +134,8 @@ static const struct nla_policy batadv_netlink_policy[NUM_BATADV_ATTR] = {
+ [BATADV_ATTR_AP_ISOLATION_ENABLED] = { .type = NLA_U8 },
+ [BATADV_ATTR_ISOLATION_MARK] = { .type = NLA_U32 },
+ [BATADV_ATTR_ISOLATION_MASK] = { .type = NLA_U32 },
++ [BATADV_ATTR_NOFLOOD_MARK] = { .type = NLA_U32 },
++ [BATADV_ATTR_NOFLOOD_MASK] = { .type = NLA_U32 },
+ [BATADV_ATTR_BONDING_ENABLED] = { .type = NLA_U8 },
+ [BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED] = { .type = NLA_U8 },
+ [BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED] = { .type = NLA_U8 },
+@@ -286,6 +288,14 @@ static int batadv_netlink_mesh_fill(struct sk_buff *msg,
+ bat_priv->isolation_mark_mask))
+ goto nla_put_failure;
+
++ if (nla_put_u32(msg, BATADV_ATTR_NOFLOOD_MARK,
++ bat_priv->noflood_mark))
++ goto nla_put_failure;
++
++ if (nla_put_u32(msg, BATADV_ATTR_NOFLOOD_MASK,
++ bat_priv->noflood_mark_mask))
++ goto nla_put_failure;
++
+ if (nla_put_u8(msg, BATADV_ATTR_BONDING_ENABLED,
+ !!atomic_read(&bat_priv->bonding)))
+ goto nla_put_failure;
+@@ -466,6 +476,18 @@ static int batadv_netlink_set_mesh(struct sk_buff *skb, struct genl_info *info)
+ bat_priv->isolation_mark_mask = nla_get_u32(attr);
+ }
+
++ if (info->attrs[BATADV_ATTR_NOFLOOD_MARK]) {
++ attr = info->attrs[BATADV_ATTR_NOFLOOD_MARK];
++
++ bat_priv->noflood_mark = nla_get_u32(attr);
++ }
++
++ if (info->attrs[BATADV_ATTR_NOFLOOD_MASK]) {
++ attr = info->attrs[BATADV_ATTR_NOFLOOD_MASK];
++
++ bat_priv->noflood_mark_mask = nla_get_u32(attr);
++ }
++
+ if (info->attrs[BATADV_ATTR_BONDING_ENABLED]) {
+ attr = info->attrs[BATADV_ATTR_BONDING_ENABLED];
+
+diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
+index c99facdb..4e71b9f3 100644
+--- a/net/batman-adv/soft-interface.c
++++ b/net/batman-adv/soft-interface.c
+@@ -176,6 +176,23 @@ static void batadv_interface_set_rx_mode(struct net_device *dev)
+ {
+ }
+
++/**
++ * batadv_send_skb_has_noflood_mark() - check if packet has a noflood mark
++ * @bat_priv: the bat priv with all the soft interface information
++ * @skb: the packet to check
++ *
++ * Return: True if the skb's mark matches a configured noflood mark and
++ * noflood mark mask. False otherwise.
++ */
++static bool
++batadv_skb_has_noflood_mark(struct batadv_priv *bat_priv, struct sk_buff *skb)
++{
++ u32 match_mark = skb->mark & bat_priv->noflood_mark_mask;
++
++ return bat_priv->noflood_mark_mask &&
++ match_mark == bat_priv->noflood_mark;
++}
++
+ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb,
+ struct net_device *soft_iface)
+ {
+@@ -326,6 +343,9 @@ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb,
+ if (batadv_dat_snoop_outgoing_arp_request(bat_priv, skb))
+ brd_delay = msecs_to_jiffies(ARP_REQ_DELAY);
+
++ if (batadv_skb_has_noflood_mark(bat_priv, skb))
++ goto dropped;
++
+ if (batadv_skb_head_push(skb, sizeof(*bcast_packet)) < 0)
+ goto dropped;
+
+diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
+index c0ded822..09c877fa 100644
+--- a/net/batman-adv/types.h
++++ b/net/batman-adv/types.h
+@@ -1599,6 +1599,18 @@ struct batadv_priv {
+ */
+ u32 isolation_mark_mask;
+
++ /**
++ * @noflood_mark: the skb->mark value used to allow directed targeting
++ * only
++ */
++ u32 noflood_mark;
++
++ /**
++ * @noflood_mark_mask: bitmask identifying the bits in skb->mark to be
++ * used for the noflood mark
++ */
++ u32 noflood_mark_mask;
++
+ /** @bcast_seqno: last sent broadcast packet sequence number */
+ atomic_t bcast_seqno;
+
+--
+2.31.0
+
patches/packages/routing/0004-batctl-Add-noflood_mark-command.patch
0 → 100644
View file @
c97be1e1
From: Linus Lüssing <linus.luessing@c0d3.blue>
Date: Sat, 1 May 2021 22:19:41 +0200
Subject: batctl: Add noflood_mark command
Adds support for the new 'noflood_mark' setting in batman-adv.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
diff --git a/batctl/patches/0012-batctl-Add-noflood_mark-command.patch b/batctl/patches/0012-batctl-Add-noflood_mark-command.patch
new file mode 100644
index 0000000000000000000000000000000000000000..296f3c51b79333a8e96c340d151ba00b8f457120
--- /dev/null
+++ b/batctl/patches/0012-batctl-Add-noflood_mark-command.patch
@@ -0,0 +1,273 @@
+From c14abebbeb4af76600cd6eb508e5e4e38a436b2f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@c0d3.blue>
+Date: Fri, 26 Apr 2019 19:27:38 +0200
+Subject: [PATCH] batctl: Add noflood_mark command
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Adds support for the new 'noflood_mark' setting in batman-adv.
+
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+---
+Changelog v3:
+* changed command from a noflood tri-state option
+ to a value/mask one similar to the isolation mark
+* noflood.c -> noflood_mark.c
+
+Changelog v2:
+* added noflood.c
+---
+ Makefile | 1 +
+ README.rst | 15 ++++++
+ batman_adv.h | 12 +++++
+ man/batctl.8 | 23 ++++++++
+ noflood_mark.c | 141 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 192 insertions(+)
+ create mode 100644 noflood_mark.c
+
+diff --git a/Makefile b/Makefile
+index e3747a2..686de7e 100755
+--- a/Makefile
++++ b/Makefile
+@@ -61,6 +61,7 @@ $(eval $(call add_command,multicast_mode,y))
+ $(eval $(call add_command,nc_nodes,y))
+ $(eval $(call add_command,neighbors,y))
+ $(eval $(call add_command,network_coding,y))
++$(eval $(call add_command,noflood_mark,y))
+ $(eval $(call add_command,orig_interval,y))
+ $(eval $(call add_command,originators,y))
+ $(eval $(call add_command,ping,y))
+diff --git a/README.rst b/README.rst
+index 128f539..bc937d2 100644
+--- a/README.rst
++++ b/README.rst
+@@ -582,6 +582,21 @@ Usage::
+ * Example 4: ``batctl mark 0x0f``
+
+
++batctl noflood_mark
++=======================
++
++display or modify noflood_mark setting
++
++Usage::
++
++ batctl noflood_mark|nf $value[/0x$mask]
++
++* Example 1: ``batctl nf 0x00000001/0xffffffff``
++* Example 2: ``batctl nf 0x00040000/0xffff0000``
++* Example 3: ``batctl nf 16``
++* Example 4: ``batctl nf 0x0f``
++
++
+ batctl translocal
+ =================
+
+diff --git a/batman_adv.h b/batman_adv.h
+index 67f4636..6fabb7a 100644
+--- a/batman_adv.h
++++ b/batman_adv.h
+@@ -480,6 +480,18 @@ enum batadv_nl_attrs {
+ */
+ BATADV_ATTR_MULTICAST_FANOUT,
+
++ /**
++ * @BATADV_ATTR_NOFLOOD_MARK: the noflood mark which allows to tag
++ * frames which should never be broadcast flooded through the mesh.
++ */
++ BATADV_ATTR_NOFLOOD_MARK,
++
++ /**
++ * @BATADV_ATTR_NOFLOOD_MASK: the noflood (bit)mask which allows to tag
++ * frames which should never be broadcast flooded through the mesh.
++ */
++ BATADV_ATTR_NOFLOOD_MASK,
++
+ /* add attributes above here, update the policy in netlink.c */
+
+ /**
+diff --git a/man/batctl.8 b/man/batctl.8
+index d42b682..5489c2e 100644
+--- a/man/batctl.8
++++ b/man/batctl.8
+@@ -124,6 +124,29 @@ If no parameter is given the current multicast fanout setting is displayed. Othe
+ the multicast fanout. The multicast fanout defines the maximum number of packet copies that may be generated for a
+ multicast-to-unicast conversion. Once this limit is exceeded distribution will fall back to broadcast.
+ .br
++.IP "\fBnoflood_mark\fP|\fBnf\fP"
++If no parameter is given the current noflood mark value is displayed.
++Otherwise the parameter is used to set or unset the noflood mark. The
++noflood mark allows to prevent broadcast flooding of a frame which
++was previously tagged via netfilter for instance. batman-adv will
++then only forward a frame into the mesh if destined to a limited
++number of destination nodes and drop the frame otherwise.
++.br
++The input is supposed to be of the form $value/$mask, where $value can be any
++32bit long integer (expressed in decimal or hex base) and $mask is a generic
++bitmask (expressed in hex base) that selects the bits to take into consideration
++from $value. It is also possible to enter the input using only $value and in
++this case the full bitmask is used by default.
++
++.br
++.br
++Example 1: 0x00000001/0xffffffff
++.br
++Example 2: 0x00040000/0xffff0000
++.br
++Example 3: 16 or 0x0F
++.br
++.br
+ .IP "\fBloglevel\fP|\fBll\fP [\fBlevel\fP[ \fBlevel\fP[ \fBlevel\fP]] \fB...\fP]"
+ If no parameter is given the current log level settings are displayed otherwise the parameter(s) is/are used to set the log
+ level. Level 'none' disables all verbose logging. Level 'batman' enables messages related to routing / flooding / broadcasting.
+diff --git a/noflood_mark.c b/noflood_mark.c
+new file mode 100644
+index 0000000..e89205c
+--- /dev/null
++++ b/noflood_mark.c
+@@ -0,0 +1,141 @@
++// SPDX-License-Identifier: GPL-2.0
++/* Copyright (C) 2009-2019 B.A.T.M.A.N. contributors:
++ *
++ * Antonio Quartulli <a@unstable.cc>
++ * Linus Lüssing <linus.luessing@c0d3.blue>
++ *
++ * License-Filename: LICENSES/preferred/GPL-2.0
++ */
++
++#include <errno.h>
++#include <stddef.h>
++#include <stdint.h>
++#include <string.h>
++
++#include "main.h"
++#include "sys.h"
++
++static struct noflood_mark_data {
++ uint32_t noflood_mark;
++ uint32_t noflood_mask;
++} noflood_mark;
++
++static int parse_noflood_mark(struct state *state, int argc, char *argv[])
++{
++ struct settings_data *settings = state->cmd->arg;
++ struct noflood_mark_data *data = settings->data;
++ char *mask_ptr;
++ char buff[256];
++ uint32_t mark;
++ uint32_t mask;
++ char *endptr;
++
++ if (argc != 2) {
++ fprintf(stderr, "Error - incorrect number of arguments (expected 1)\n");
++ return -EINVAL;
++ }
++
++ strncpy(buff, argv[1], sizeof(buff));
++ buff[sizeof(buff) - 1] = '\0';
++
++ /* parse the mask if it has been specified, otherwise assume the mask is
++ * the biggest possible
++ */
++ mask = 0xFFFFFFFF;
++ mask_ptr = strchr(buff, '/');
++ if (mask_ptr) {
++ *mask_ptr = '\0';
++ mask_ptr++;
++
++ /* the mask must be entered in hex base as it is going to be a
++ * bitmask and not a prefix length
++ */
++ mask = strtoul(mask_ptr, &endptr, 16);
++ if (!endptr || *endptr != '\0')
++ goto inval_format;
++ }
++
++ /* the mark can be entered in any base */
++ mark = strtoul(buff, &endptr, 0);
++ if (!endptr || *endptr != '\0')
++ goto inval_format;
++
++ data->noflood_mask = mask;
++ /* erase bits not covered by the mask */
++ data->noflood_mark = mark & mask;
++
++ return 0;
++
++inval_format:
++ fprintf(stderr, "Error - incorrect number of arguments (expected 1)\n");
++ fprintf(stderr, "The following formats for mark(/mask) are allowed:\n");
++ fprintf(stderr, " * 0x12345678\n");
++ fprintf(stderr, " * 0x12345678/0xabcdef09\n");
++ return -EINVAL;
++}
++
++static int print_noflood_mark(struct nl_msg *msg, void *arg)
++{
++ struct nlattr *attrs[BATADV_ATTR_MAX + 1];
++ struct nlmsghdr *nlh = nlmsg_hdr(msg);
++ struct genlmsghdr *ghdr;
++ int *result = arg;
++
++ if (!genlmsg_valid_hdr(nlh, 0))
++ return NL_OK;
++
++ ghdr = nlmsg_data(nlh);
++
++ if (nla_parse(attrs, BATADV_ATTR_MAX, genlmsg_attrdata(ghdr, 0),
++ genlmsg_len(ghdr), batadv_netlink_policy)) {
++ return NL_OK;
++ }
++
++ if (!attrs[BATADV_ATTR_NOFLOOD_MARK] ||
++ !attrs[BATADV_ATTR_NOFLOOD_MASK])
++ return NL_OK;
++
++ printf("0x%08x/0x%08x\n",
++ nla_get_u32(attrs[BATADV_ATTR_NOFLOOD_MARK]),
++ nla_get_u32(attrs[BATADV_ATTR_NOFLOOD_MASK]));
++
++ *result = 0;
++ return NL_STOP;
++}
++
++static int get_noflood_mark(struct state *state)
++{
++ return sys_simple_nlquery(state, BATADV_CMD_GET_MESH,
++ NULL, print_noflood_mark);
++}
++
++static int set_attrs_noflood_mark(struct nl_msg *msg, void *arg)
++{
++ struct state *state = arg;
++ struct settings_data *settings = state->cmd->arg;
++ struct noflood_mark_data *data = settings->data;
++
++ nla_put_u32(msg, BATADV_ATTR_NOFLOOD_MARK, data->noflood_mark);
++ nla_put_u32(msg, BATADV_ATTR_NOFLOOD_MASK, data->noflood_mask);
++
++ return 0;
++}
++
++static int set_noflood_mark(struct state *state)
++{
++ return sys_simple_nlquery(state, BATADV_CMD_SET_MESH,
++ set_attrs_noflood_mark, NULL);
++}
++
++static struct settings_data batctl_settings_noflood_mark = {
++ .sysfs_name = NULL,
++ .data = &noflood_mark,
++ .parse = parse_noflood_mark,
++ .netlink_get = get_noflood_mark,
++ .netlink_set = set_noflood_mark,
++};
++
++COMMAND_NAMED(SUBCOMMAND, noflood_mark, "nf", handle_sys_setting,
++ COMMAND_FLAG_MESH_IFACE | COMMAND_FLAG_NETLINK,
++ &batctl_settings_noflood_mark,
++ "[mark] \tdisplay or modify noflood_mark setting");
+--
+2.31.0
+
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment