Repository : ssh://git@diktynna/doc On branches: backup-redmine,main
commit 04a8d0217ec0146354d54bbfc1dff39d6cc72cbc Author: Linus Lüssing linus.luessing@c0d3.blue Date: Wed Sep 11 08:29:08 2024 +0000
doc: batman-adv/DAT_DHCP_Snooping
04a8d0217ec0146354d54bbfc1dff39d6cc72cbc batman-adv/DAT_DHCP_Snooping.textile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/batman-adv/DAT_DHCP_Snooping.textile b/batman-adv/DAT_DHCP_Snooping.textile index db0a8cf6..cc80b0de 100644 --- a/batman-adv/DAT_DHCP_Snooping.textile +++ b/batman-adv/DAT_DHCP_Snooping.textile @@ -122,6 +122,8 @@ The first patch provides an alternative to filling the DAT DHT: It allows learni
h3. Noflood mark
+Status: _rejected_ (some opinion(s) were that it would be nice to have a more complete filter architecture, also this is not that straightforward/foolproof to administrate/configure) +_ The second patch allows to prevent forwarding a frame which batman-adv would otherwise flood. With a DHCP snooping in place and a lease timeout lower than the 5min. DAT timeout ARP Requests for addresses in the DHCP range can safely be dropped. The noflood mark can be configured like:
<pre><code> @@ -135,7 +137,6 @@ $ ebtables -p ARP --logical-out br0 -o bat0 --arp-op Request --arp-ip-dst 10.84.
This would result in the address range of 10.84.0.8-10.84.0.255 being marked for "noflood", while excempting 10.84.0.0-10.84.0.7.
- h3. Result
The following picture shows the amount of broadcasted ARP Request traffic before and after applying and configuring these patches at Freifunk Darmstadt (800 batman-adv nodes):