Skip to content
Snippets Groups Projects
  1. Apr 21, 2021
  2. May 28, 2020
  3. May 24, 2020
  4. Mar 31, 2020
  5. Dec 07, 2018
  6. Jul 22, 2018
    • Sven Eckelmann's avatar
      gluon-client-bridge: Revert "move IPv4 local subnet route to br-client (#1312)" · 3ef28a46
      Sven Eckelmann authored
      The commit b3762fc6 ("gluon-client-bridge: move IPv4 local subnet route
      to br-client (#1312)") moves the IPv4 prefix from the local-port interface
      to br-client. A client requesting an IPv4 connection to the IPv4 anycast
      address of the node (the device running gluon) will create following
      packets:
      
      1. ARP packet from client to get the MAC of the mac address of the anycast
         IPv4 address
      2. ARP reply from node to client with the anycast MAC address for the IPv4
         anycast address
      3. IPv4 packet from client which requires reply (for example ICMP echo
         request)
      4. ARP request for the client MAC address for its IPv4 address in prefix4
         (done with the mac address of br-client and transmitted over br-client)
      5. IPv4 packet from node (transmitted over br-client with br-client MAC
         address) as reply for the client IPv4 packet (for example ICMP echo
         reply)
      
      The step 4 and 5 are problematic here because packets use the node specific
      MAC addresses from br-client instead of the anycast MAC address. The client
      will receive the ARP packet with the node specific MAC address and change
      their own neighbor IP (translation) table. This will for example break the
      access to the status page to the connected device or the anycast DNS
      forwarder implementation when the client roams to a different node.
      
      This reverts commit b3762fc6 and adds an
      upgrade code to remove local_node_route on on existing installations.
      3ef28a46
  7. Apr 13, 2018
  8. Feb 15, 2018
  9. Jan 11, 2018
  10. Dec 27, 2017
  11. Nov 25, 2017
    • Christof Schulze's avatar
      gluon-core: firewall rework, make base policy more restrictive · 1c1c9f8f
      Christof Schulze authored
       * gluon-core, gluon-client-bridge: introduce new firewall zone: local_client
       * gluon-core: put clients in local_client zone, introduce drop-zone,
         set dns-rules and zones
       * gluon-respondd: allow respondd on mesh
       * gluon-status-page-api: allow http input on mesh and client
      1c1c9f8f
  12. Aug 11, 2017
  13. Aug 08, 2017
  14. Jun 26, 2017
  15. Apr 13, 2017
  16. Apr 10, 2017
  17. Feb 23, 2017
  18. Feb 10, 2017
  19. Jan 18, 2017
  20. Dec 10, 2016
    • Matthias Schiffer's avatar
      gluon-client-bridge, gluon-mesh-batman-adv-core: switch roles of br-client and... · 8c4403ba
      Matthias Schiffer authored
      gluon-client-bridge, gluon-mesh-batman-adv-core: switch roles of br-client and local-node interfaces
      
      MAC and IP addresses are switched. This makes the gluon-client-bridge
      package more useful for different routing protocols that don't need a
      unique address on the client bridge.
      
      As a side effect, gluon-radvd is now using the next-node address, which had
      been considered before, but was dismissed to avoid having gluon-radvd
      depend on gluon-next-node and gluon-mesh-batman-adv. This will be useful
      for announcing default routes via gluon-radvd.
      
      One downside is that this introduces a minor dependency on batman-adv in
      gluon-respondd: the hotplug script that checked for the client interface
      before will now check for local-node. This doesn't really matter: for mesh
      protocols without a local-node interface, the check will do nothing (which
      makes sense, as there is no interface to bind to for mesh-wide respondd).
      8c4403ba
  21. Sep 07, 2016
  22. Jul 27, 2016
  23. Jul 20, 2016
  24. Jul 10, 2016
Loading