-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for babel routing protocol #934
Conversation
this depends on #938 |
this also depends on #939 |
this depends in #946 |
test was successful. there is a new status in the wiki. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why disable bridge multicast snooping?
@T-X unfortunately roaming does not work because the IPv6 address of the clients cannot be properly detected when igmp snooping is on. IPv6 prefixes also are not properly announced making the network next to unusable. |
For that thing on bugzilla, no one was able to name a way to reproduce the alleged problem in over 1.5 years. So I do not see any similarities yet. How are IPv6 addresses detected by l3roamd? Is the issue no detection upon roaming or a delayed detection? |
l3roamd will query for IPv6 addresses if it receives a packet directed towards an address it does not already know. It does this by using a multicast to ff02:... and this never reaches all necessary devices. |
Can you creature a capture of these multicast probing packets send by l3roamd and any MLD+ND messages with tcpdump? "this never reaches all necessary devices" means no to my previous, second question? Does l3roamd send the probing packets once only, without any retries? Edit: If you perform a tcpdump on the bridge or a bridge port, do it with "tcpdump -p" (= --no-promiscuous-mode) please. |
squashing all commits as this log will not rebase properly due to internal conflicts. |
Because of the changes in #972, |
case "$ACTION" | ||
in | ||
ifup) | ||
echo 1 > /sys/devices/virtual/net/br-client/bridge/multicast_snooping |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
File name seems to need an update, too. Also, multicast_snooping is enabled by default in the kernel (and OpenWRT+LEDE too), does it need to be set explicitly?
However, multicast_querier is not enabled by default (and I think the gluon-batman-adv packages do this?).
(Edit: on the other hand, while multicast_querier is not enabled by default in the vanilla kernel, netifd enables it by default in OpenWRT/LEDE. So probably not needed to be set explicitly either)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The latest netifd version in LEDE has disabled multicast_snooping for the LEDE release because it causes too many issues. I think we should do the same in Gluon for now... :/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What, why did nobody tell me? (ok, now you did :D)
Can you point me to some ticket?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only saw commit https://git.lede-project.org/?p=project/netifd.git;a=commitdiff;h=52541140f8138e31958cdc3d7e42a4029fa6bbc9, you should probably ask Felix about the reasons.
since some of the changes in the pr are already merged I am compiling a list... :)
|
proto = 'udp', | ||
target = 'ACCEPT', | ||
} | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we assume that the incoming fastd connections are limited to ports 100010-10010?
Are any other communities using different ports?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is about outgoing connections, other than that we probably cannot assume this.....
maybe the ports should be generated from site.conf
Good catch!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is done now.
sprintf(mac1, "%02x:%02x:%02x:%02x:%02x:%02x", | ||
orig[0], orig[1], orig[2], orig[3], orig[4], orig[5]); | ||
sprintf(mac1, "%02x:%02x:%02x:%02x:%02x:%02x", | ||
orig[0], orig[1], orig[2], orig[3], orig[4], orig[5]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this debug or an actual output?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
none of the above.. this writes to a variable instead of stdout or stderr....
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see, thats why i said i write, but never understand ...
Edit: i'm missing the head->wall smiley on github...
count_stations(&wifi24, &wifi5); | ||
|
||
// size_t total = atoi(get_line_from_run("exec sh -c 'ip -6 r s t 0 |grep 2a06|grep -v mesh-vpn|grep -v unreachable|grep -v /|wc -l'")); | ||
size_t total = get_all_client_count(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have a funny phenomenon here:
Sample from respondd output:
data: {"clients":{"total":4,"wifi":2,"wifi24":2,"wifi5":0}
I only have 2 clients connected via wifi, but the total seems to be 4.
Might it be that get_all_client_count actually counts all ipv6 adresses on the interfaces, not clients, and as all my devices have 2 ipv6 adresses if connected to the network -> 4 instead of 2.
Is this intended?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Additional:
data: {"clients":{"total":0,"wifi":1,"wifi24":1,"wifi5":0}
Opposite seems to be true too, it might be that the wifi connection is still open, but the route might be gone?
Mobile phone was logged in for ~10 min, probably gone to sleep/energy save.
As soon as i switched the screen on, the info was suddenly correct:
{"clients":{"total":1,"wifi":1,"wifi24":1,"wifi5":0}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this indeed is a bug due to the way clients are counted. at the moment the logic is counting only ip-addresses. Some smarter mechanism should be found for that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is done now. respondd will query l3roamd in the latest version.
@NeoRaider would df76c3d be something you feel could fit into master? The babel branch introduces a firewall that seems to be usable in the batman-world as well. |
@christf Hmm, a similar change would have to be done for the tunneldigger support. I'd love to just use the gluon-mesh-vpn user group for the firewall rule instead of dynamically creating port rules... but that won't work for tunneldigger either, as the actual tunnels are in the kernel and will not have their sockets opened by the correct group. In any case, the whole WAN firewall question is completely independent of Babel: both Babel and batman-adv can work with the current (unrestricted) firewall, or with a more restrictive firewall, so a separate PR to discuss this in would be great. |
@@ -16,6 +16,13 @@ uci:delete('dhcp', dnsmasq, 'cachesize') | |||
|
|||
uci:delete('firewall', 'client_dns') | |||
if dns.servers then | |||
localipv6 = uci:get("network", "loopback", "ip6addr") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
indentation wrong?
package/gluon-mesh-babel/Makefile
Outdated
include ../gluon.mk | ||
|
||
define Package/gluon-mesh-babel | ||
SECTION:=gluon |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please change all packages in your PR according to 994c949
@@ -0,0 +1,105 @@ | |||
#!/usr/bin/lua | |||
|
|||
-- TODO: replace REJECT by DROP. only use REJECT for debugging |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we really want to merge code that contains TODO statements?
@@ -0,0 +1,23 @@ | |||
#!/usr/bin/lua | |||
-- TODO: Migrate this into uci |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we really want to merge code that contains TODO statements?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
well, I have to say that I am not sure about the uci strategy. 2 years ago I learned from neoraider that we would be moving away from it. I left this TODO he to force a decision. In this case I think it is ok to not do uci.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my two review-comments about the TODOs aren't saying what you have to do, only that you have to decide one way or the other and if you want to solve it later, remove the TODO and add a new issue to gluon about this rather than abusing comments for it
CFLAGS += -Wall -g -fPIC -D_GNU_SOURCE | ||
|
||
ifeq ($(origin PKG_CONFIG), undefined) | ||
PKG_CONFIG = pkg-config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please compare this Makefile's indentation to that of other gluon packages
return true; | ||
} | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some of your new files contain one or even two newlines at the end, others don't ?
package/gluon-mesh-babel/Makefile
Outdated
endef | ||
|
||
define Build/Prepare | ||
mkdir -p $(PKG_BUILD_DIR) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a space too much
|
||
|
||
define Package/$(PKG_NAME) | ||
SECTION:=gluon |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please change all packages in your PR according to 994c949
Package working around icmp blackholes in the internet. | ||
endef | ||
|
||
define Build/Configure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can be removed as done by 934221b treewide
package/gluon-mesh-babel/Makefile
Outdated
$(CP) ./src/* $(PKG_BUILD_DIR)/ | ||
endef | ||
|
||
define Build/Configure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can be removed as done by 934221b treewide
PKG_VERSION:=$(if $(DUMP),x,$(GLUON_VERSION)) | ||
|
||
|
||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see 934221b
package/gluon-mesh-babel/Makefile
Outdated
|
||
define Build/Prepare | ||
mkdir -p $(PKG_BUILD_DIR) | ||
$(CP) ./src/* $(PKG_BUILD_DIR)/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can be removed as done by 934221b treewide
endef | ||
|
||
define Build/Compile | ||
$(call GluonSrcDiet,./luasrc,$(PKG_BUILD_DIR)/luadest/) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see 60522ee
endef | ||
|
||
define Package/$(PKG_NAME)/install | ||
$(CP) ./files/* $(1)/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see 60522ee
package/gluon-mesh-babel/Makefile
Outdated
PKG_VERSION:=1 | ||
|
||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) | ||
PKG_BUILD_DEPENDS := respondd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package/gluon-mesh-babel/Makefile
Outdated
endef | ||
|
||
define Build/Compile | ||
$(call Build/Compile/Default) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package/gluon-mesh-babel/Makefile
Outdated
$(INSTALL_BIN) $(PKG_BUILD_DIR)/neighbours-babel $(1)/lib/gluon/status-page/providers/ | ||
endef | ||
|
||
define Package/gluon-mesh-babel/postinst |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package/gluon-mesh-babel/Makefile
Outdated
endef | ||
|
||
define Package/gluon-mesh-babel/install | ||
$(CP) ./files/* $(1)/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in addition to what i commented before i noticed that some of the treewide changes that went into Gluon 2018.1 weren't applied to this PR yet. so this PR has two things left:
|
(2) is done. I was not sure in the first place if we really should use DROP, looking at gluon-core, REJECT is used there so I have removed this TODO to match policies. |
…here is ipv6 wan uplink
tested and ready for merge. /1) is done. |
this PR contains first support for a network as described in the l3 master plan.
this requires preliminary packages for l3roamd, babel (git version), mmfd which are all contained in the frankfurt main package repository on https://github.com/freifunk-ffm/packages
This PR contains init scripts for mmfd, l3roamd, babel, a firewall and the necessary integration of these components.
This set now (2017-06-17) includes a proof of concept implementation of prefixd including a gui.
https://wiki.ffm.freifunk.net/firmware:babel
this replaces #732