[B.A.T.M.A.N.] Blocking OGMs from a node for testing purpose

Antonio Quartulli ordex at ritirata.org
Sun May 16 23:27:55 CEST 2010


Hi!

On lun, mag 17, 2010 at 03:37:44 +0800, Marek Lindner wrote:
> 
> Hey,
> 
> > The problem seems to be that iptables filters only packets that are sent
> > to IP layer and over..so any packet intended for a protocol living on a
> > layer lower than IP is not recognized (e.g. batman frame).
> 
> I'd say you are right here.
> 

> 
> > Ebtables instead works only on eth bridges...I tried it because I thought
> > that bat0 was acting like a bridge indeed but this is not the case...The
> > only solution I thought could be this: create a bridge-if br0, attach wlan0
> > to it and then attach br0 to bat0 and then you could let ebtables work
> > between wlan0 and br0....maybe it could work...
> > But attaching a wlan-if to a eth-bridge-if is not actually possible.
> 
> At the WCW we sat together to discuss the issue. The easiest thing to test 
> would be this: You create a bridge "br0" and add the wifi interface batman 
> usually runs on (e.g. wlan0). Then you configure batman-adv to run on the 
> bridge instead on wlan0 directly (batctl if add br0). Since the packets travel 
> through the bridge interface first, it might be possible to drop them there. 
> 

It is what i described just a few rows before..the problem is that
adding wlan0 interface to a eth-bridge (using cfg80211 driver) is not possible (due to
operation not permitted error, probably because devs don't want to do
that :P) either with iwlagn or rt2x00

:(:(:(

> Be sure to create an individual bridge interface for each wifi interface you 
> want to run batman-adv on. The purpose of the bridge interface is to allow 
> packet filtering, not to bridge interfaces.
> 
> Please let us know how it goes.  :-)
> 
> Cheers,
> Marek

Regards

-- 
Antonio Quartulli

Ognuno di noi, da solo, non vale nulla 
Ernesto "Che" Guevara


More information about the B.A.T.M.A.N mailing list