[doc] backup-redmine/2018-08-24, backup-redmine/2019-09-14, master: doc: batman-adv/DAT_DHCP_Snooping (a950402) - commits - lists.open-mesh.org

15 Sep 2019

Repository : ssh://git@open-mesh.org/doc
On branches: backup-redmine/2018-08-24,backup-redmine/2019-09-14,master
...

commit a9504026d7a8851b094acd65bbaf9cbf191efb7c
Author: Linus Lüssing linus.luessing@c0d3.blue
Date:   Mon May 7 01:11:17 2018 +0000
doc: batman-adv/DAT_DHCP_Snooping
...

a9504026d7a8851b094acd65bbaf9cbf191efb7c
 batman-adv/DAT_DHCP_Snooping.textile | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/batman-adv/DAT_DHCP_Snooping.textile b/batman-adv/DAT_DHCP_Snooping.textile
index 9f30a2c..0746a99 100644
--- a/batman-adv/DAT_DHCP_Snooping.textile
+++ b/batman-adv/DAT_DHCP_Snooping.textile
@@ -109,6 +109,8 @@ So even if a client device has a stable IP and position it will likely result in
h2. Solution
+<insert link to patchset/branch here>
+
 h3. DHCP Snooping
The first patch provides an alternative to filling the DAT DHT: It allows learning IP-MAC pairs not only via ARP spoofing but DHCP spoofing, too. The advantage is that for DHCP we already have the gateway feature which always uses unicast transmissions.
@@ -123,6 +125,7 @@ $ brctl addbr br0
 $ brctl addif br0 bat0
 $ ebtables -p ARP --logical-out br0 -o bat0 --arp-op Request --arp-ip-dst 10.84.0.0/29 -j ACCEPT
 $ ebtables -p ARP --logical-out br0 -o bat0 --arp-op Request --arp-ip-dst 10.84.0.0/24 -j mark --mark-set 0x4
+[ set lease timeout to a low value ]
 </code></pre>
This would result in the address range of 10.84.0.8-10.84.0.255 being marked for "noflood", while excempting 10.84.0.0-10.84.0.7.
@@ -130,4 +133,12 @@ This would result in the address range of 10.84.0.8-10.84.0.255 being marked for
h3. Result
-The following picture shows the amount of broadcasted ARP Requests traffic before and after applying and configuring these patches at Freifunk Darmstadt (800 batman-adv nodes):
+The following picture shows the amount of broadcasted ARP Request traffic before and after applying and configuring these patches at Freifunk Darmstadt (800 batman-adv nodes):
+
+!{width:50%}ffda-BCAST-ARP-REQUEST-@.kbits-1d.2018-04-06.png!
+
+At about 23:00 this feature was enabled in their network on all gateway servers. Since then it is running there with no issues reported so far.
+
+A month later it still looks like this:
+
+!{width:50%}ffda-BCAST-ARP-REQUEST-@.kbits-1d.2018-05-07.png!:ffda-BCAST-ARP-REQUEST-@.kbits-1d.2018-04-06.png
\ No newline at end of file

    