-
Linus Lüssing authoredThis package adds filters to limit the amount of ARP Requests devices are allowed to send into the mesh. The limits are 6 packets per minute per client device, by MAC address, and 1 per second per node in total. A burst of up to 50 ARP Requests is allowed until the rate-limiting takes effect (see --limit-burst in the ebtables manpage). Furthermore, ARP Requests with a target IP already present in the batman-adv DAT Cache are excluded from the rate-limiting, both regarding counting and filtering, as batman-adv will respond locally with no burden for the mesh. Therefore, this limiter should not affect popular target IPs, like gateways. However it should mitigate the problem of curious people or smart devices scanning the whole IP range. Which could create a significant amount of overhead for all participants so far. Signed-off-by:
Linus Lüssing <linus.luessing@c0d3.blue>Linus Lüssing authoredThis package adds filters to limit the amount of ARP Requests devices are allowed to send into the mesh. The limits are 6 packets per minute per client device, by MAC address, and 1 per second per node in total. A burst of up to 50 ARP Requests is allowed until the rate-limiting takes effect (see --limit-burst in the ebtables manpage). Furthermore, ARP Requests with a target IP already present in the batman-adv DAT Cache are excluded from the rate-limiting, both regarding counting and filtering, as batman-adv will respond locally with no burden for the mesh. Therefore, this limiter should not affect popular target IPs, like gateways. However it should mitigate the problem of curious people or smart devices scanning the whole IP range. Which could create a significant amount of overhead for all participants so far. Signed-off-by:Linus Lüssing <linus.luessing@c0d3.blue>