From aea52171b94ecaf448cf4a0ae75d465c9e21b85d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20L=C3=BCssing?= Date: Sat, 31 Mar 2018 17:31:22 +0200 Subject: [PATCH] gluon-ebtables-filter-multicast: relax multicast firewall rules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow the transmission of a multicast packet as long as it is not flooded through the whole mesh. Signed-off-by: Linus Lüssing --- .../files/lib/gluon/ebtables/355-mcast-drop | 5 +++++ .../luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh | 1 + 2 files changed, 6 insertions(+) diff --git a/package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/355-mcast-drop b/package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/355-mcast-drop index 46ac01a58a5..97ab85131cd 100644 --- a/package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/355-mcast-drop +++ b/package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/355-mcast-drop @@ -1 +1,6 @@ +if os.execute('batctl -v | grep -q "batman-adv: 2013.4"') ~= 0 then + rule ('MULTICAST_OUT -p IPv6 --ip6-dst ff02::1/128 -j DROP') + rule ('MULTICAST_OUT -p IPv6 --ip6-dst ff02::/ff0f:: -j mark --set-mark 0x4 --mark-target RETURN') +end + rule ('MULTICAST_OUT -j DROP') diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh index 2275c1cee02..d938c562f8b 100755 --- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh +++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh @@ -21,6 +21,7 @@ uci:section('batman-adv', 'mesh', 'bat0', { routing_algo = routing_algo, multicast_mode = true, multicast_fanout = 16, + noflood_mark = '0x4/0x4', }) uci:save('batman-adv')