On Tue, May 07, 2019 at 05:17:23PM +0200, Linus Lüssing wrote:
This would even allow some fancy stuff like rate limiting or per hardif behavior. With the problem that there is no package yet which does this in gluon.
Ah, that's an interesting idea. So basically filtering on the hardif instead of in batman-adv via some custom compiled BPF filters. So basically similar to writing a small program like the gluon-radv-filterd with a BPF_* parser?
https://github.com/freifunk-gluon/gluon/blob/master/package/gluon-radv-filte...
And usability is of course different. Compared to writing a BPF program it would just be an extra line in the firewall like here:
https://github.com/freifunk-gluon/gluon/pull/1357/files#diff-adbff50d8f3994f...
And setting the noflood_mark in batman-adv:
https://github.com/freifunk-gluon/gluon/pull/1357/files#diff-89c09eae71234dc...
Also, we would not only need to package it for Gluon then but also various Linux distributions used on gateways, I guess. To further reduce the ARP broadcasts for vanished clients on gateways, for instance (the second use-case).
Btw., I think rate-limiting would already be possible. We could set the mark in a rate-limited fashion incoming on bat0 with ebtables for instance.
Which could be useful to simplify gluon-ebtables-arp-limiter [0] a bit. Currently there's a loop over the "batctl dat_cache" table to add an exception to rate-limiting for addresses available in the cache.
Regards, Linus
[0]: https://github.com/freifunk-gluon/gluon/tree/master/package/gluon-ebtables-l...