Skip to content
Snippets Groups Projects
Select Git revision
  • testbuild
  • v2020.2.x-ffbs-next
  • v2021.1.x-ffbs-next
  • v2019.1.x-ffbs
  • v2020.1.x-ffbs-next
  • v2019.1.x-ffbs-next
  • dnat
  • master default protected
  • v2018.2.x-ffbs
  • v2018.2.2.1-ffbs
  • topic/wireguard_respondd
  • v2018.1.x-ffbs
  • v2017.1.x
  • v2020.2.3.6-ffbs-next
  • v2020.2.3.5-ffbs-next
  • v2020.2.3.4-ffbs-next
  • v2020.2.3.3-ffbs-next
  • v2020.2.3.2-ffbs-next
  • v2020.2.3.1-ffbs-next
  • v2020.2.3.0-ffbs-next
  • v2020.2.3
  • v2020.2.2.2-ffbs-next
  • v2020.2.2.1-ffbs-next
  • v2020.2.2-ffbs-next
  • v2020.2.2
  • v2020.2.1.2-ffbs-next
  • v2019.1.3-ffbs
  • v2019.1.3
  • v2020.2.1.1-ffbs-next
  • v2020.2.1
  • v2020.1.4
  • v2019.1.2.1-ffbs
  • v2020.2
33 results
Search by author
  • Any Author
  • darkbit darkbit
1 author
  1. Nov 27, 2018
  3. Oct 12, 2018
  5. Sep 01, 2018
  7. Jul 22, 2018
    • Sven Eckelmann's avatar
      gluon-client-bridge: Revert "move IPv4 local subnet route to br-client (#1312)" · ea9a69f7
      Sven Eckelmann authored 
      The commit b3762fc6 ("gluon-client-bridge: move IPv4 local subnet route
to br-client (#1312)") moves the IPv4 prefix from the local-port interface
to br-client. A client requesting an IPv4 connection to the IPv4 anycast
address of the node (the device running gluon) will create following
packets:

1. ARP packet from client to get the MAC of the mac address of the anycast
   IPv4 address
2. ARP reply from node to client with the anycast MAC address for the IPv4
   anycast address
3. IPv4 packet from client which requires reply (for example ICMP echo
   request)
4. ARP request for the client MAC address for its IPv4 address in prefix4
   (done with the mac address of br-client and transmitted over br-client)
5. IPv4 packet from node (transmitted over br-client with br-client MAC
   address) as reply for the client IPv4 packet (for example ICMP echo
   reply)

The step 4 and 5 are problematic here because packets use the node specific
MAC addresses from br-client instead of the anycast MAC address. The client
will receive the ARP packet with the node specific MAC address and change
their own neighbor IP (translation) table. This will for example break the
access to the status page to the connected device or the anycast DNS
forwarder implementation when the client roams to a different node.

This reverts commit b3762fc6 and adds an
upgrade code to remove local_node_route on on existing installations.
      ea9a69f7
    • Sven Eckelmann's avatar
      gluon-mesh-batman-adv: Drop IPv4 anycast related packets from/to bat0 · a7a5db9f
      Sven Eckelmann authored 
      The commit b3762fc6 ("gluon-client-bridge: move IPv4 local subnet route
to br-client (#1312)") moves the IPv4 prefix from the local-port interface
to br-client. A client requesting an IPv4 connection to the IPv4 anycast
address of the node (the device running gluon) will create following
packets:

1. ARP packet from client to get the MAC of the mac address of the anycast
   IPv4 address
2. ARP reply from node to client with the anycast MAC address for the IPv4
   anycast address
3. IPv4 packet from client which requires reply (for example ICMP echo
   request)
4. ARP request for the client MAC address for its IPv4 address in prefix4
   (done with the mac address of br-client and transmitted over br-client)
5. IPv4 packet from node (transmitted over br-client with br-client MAC
   address) as reply for the client IPv4 packet (for example ICMP echo
   reply)

The step 4 is extremely problematic here. ARP replies with the anycast IPv4
address must not be submitted or received via bat0 - expecially not when it
contains an node specific MAC address as source. When it is still done then
the wrong MAC address is stored in the batadv DAT cache and ARP packet is
maybe even forwarded to clients. This latter is especially true for ARP
requests which are broadcast and will be flooded to the complete mesh.

Clients will see these ARP packets and change their own neighbor IP
(translation) table. They will then try to submit the packets for IPv4
anycast addresses to the complete wrong device in the mesh. This will for
example break the access to the status page to the connected device or the
anycast DNS forwarder implementation. Especially the latter causes extreme
latency when clients try to connect to server using a domain name or even
breaks the connection setup process completely. Both are caused by the
unanswered DNS requests which at first glance look like packet loss.

An node must therefore take care of:

* not transmitting ARP packets related to the anycast IPv4 address over
  bat0
* drop ARP packets related to the anycast IPv4 when they are received on
  bat0 from a still broken node
* don't accept ARP packets related to the anycast IPv4 replies on local
  node when it comes from bat0

Fixes: b3762fc6 ("gluon-client-bridge: move IPv4 local subnet route to br-client (#1312)")
      a7a5db9f
  9. Jul 19, 2018
  11. Jun 30, 2018
  13. Jun 29, 2018
  15. Jun 24, 2018
  17. Jun 19, 2018
  19. Jun 09, 2018
  21. Jun 08, 2018
  23. Jun 05, 2018
  25. Jun 04, 2018
  27. May 22, 2018
  29. May 19, 2018
    • Christof Schulze's avatar
      gluon-config-mode-contact-info: provide enhancements for german, english and... · ab7f1acd
      Christof Schulze authored 
      gluon-config-mode-contact-info: provide enhancements for german, english and french translation to comply with DSGVO (#1394)

* do not allow to obligatorily require contact information
* add remark that the data is provided voluntarily
* mention how to delete the data
* be very clear about the fact that the data being entered is public and
  can be downloaded and processed by anyone.
      ab7f1acd
  31. May 17, 2018
  33. May 05, 2018
  35. Apr 27, 2018
  37. Apr 16, 2018
  39. Apr 15, 2018
  41. Apr 13, 2018