Skip to content
Snippets Groups Projects
Select Git revision
  • testbuild
  • v2020.2.x-ffbs-next
  • v2021.1.x-ffbs-next
  • v2019.1.x-ffbs
  • v2020.1.x-ffbs-next
  • v2019.1.x-ffbs-next
  • dnat
  • master default protected
  • v2018.2.x-ffbs
  • v2018.2.2.1-ffbs
  • topic/wireguard_respondd
  • v2018.1.x-ffbs
  • v2017.1.x
  • v2020.2.3.6-ffbs-next
  • v2020.2.3.5-ffbs-next
  • v2020.2.3.4-ffbs-next
  • v2020.2.3.3-ffbs-next
  • v2020.2.3.2-ffbs-next
  • v2020.2.3.1-ffbs-next
  • v2020.2.3.0-ffbs-next
  • v2020.2.3
  • v2020.2.2.2-ffbs-next
  • v2020.2.2.1-ffbs-next
  • v2020.2.2-ffbs-next
  • v2020.2.2
  • v2020.2.1.2-ffbs-next
  • v2019.1.3-ffbs
  • v2019.1.3
  • v2020.2.1.1-ffbs-next
  • v2020.2.1
  • v2020.1.4
  • v2019.1.2.1-ffbs
  • v2020.2
33 results
Blame Permalink
Forked from ffbs / ffbs-gluon
Source project has a limited visibility.
  • Sven Eckelmann's avatar
    3ef28a46
    gluon-client-bridge: Revert "move IPv4 local subnet route to br-client (#1312)" · 3ef28a46
    Sven Eckelmann authored 
    The commit b3762fc6 ("gluon-client-bridge: move IPv4 local subnet route
to br-client (#1312)") moves the IPv4 prefix from the local-port interface
to br-client. A client requesting an IPv4 connection to the IPv4 anycast
address of the node (the device running gluon) will create following
packets:

1. ARP packet from client to get the MAC of the mac address of the anycast
   IPv4 address
2. ARP reply from node to client with the anycast MAC address for the IPv4
   anycast address
3. IPv4 packet from client which requires reply (for example ICMP echo
   request)
4. ARP request for the client MAC address for its IPv4 address in prefix4
   (done with the mac address of br-client and transmitted over br-client)
5. IPv4 packet from node (transmitted over br-client with br-client MAC
   address) as reply for the client IPv4 packet (for example ICMP echo
   reply)

The step 4 and 5 are problematic here because packets use the node specific
MAC addresses from br-client instead of the anycast MAC address. The client
will receive the ARP packet with the node specific MAC address and change
their own neighbor IP (translation) table. This will for example break the
access to the status page to the connected device or the anycast DNS
forwarder implementation when the client roams to a different node.

This reverts commit b3762fc6 and adds an
upgrade code to remove local_node_route on on existing installations.
    3ef28a46
    History
    gluon-client-bridge: Revert "move IPv4 local subnet route to br-client (#1312)"
    Sven Eckelmann authored 
    The commit b3762fc6 ("gluon-client-bridge: move IPv4 local subnet route
to br-client (#1312)") moves the IPv4 prefix from the local-port interface
to br-client. A client requesting an IPv4 connection to the IPv4 anycast
address of the node (the device running gluon) will create following
packets:

1. ARP packet from client to get the MAC of the mac address of the anycast
   IPv4 address
2. ARP reply from node to client with the anycast MAC address for the IPv4
   anycast address
3. IPv4 packet from client which requires reply (for example ICMP echo
   request)
4. ARP request for the client MAC address for its IPv4 address in prefix4
   (done with the mac address of br-client and transmitted over br-client)
5. IPv4 packet from node (transmitted over br-client with br-client MAC
   address) as reply for the client IPv4 packet (for example ICMP echo
   reply)

The step 4 and 5 are problematic here because packets use the node specific
MAC addresses from br-client instead of the anycast MAC address. The client
will receive the ARP packet with the node specific MAC address and change
their own neighbor IP (translation) table. This will for example break the
access to the status page to the connected device or the anycast DNS
forwarder implementation when the client roams to a different node.

This reverts commit b3762fc6 and adds an
upgrade code to remove local_node_route on on existing installations.