From 2a51d94fbb06d086f1ee6b93dd343af4f37fc68c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20L=C3=BCssing?= Date: Tue, 8 Mar 2016 09:49:22 +0100 Subject: [PATCH 1/2] gluon-mesh-batman-adv-core: reenable multicast snooping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A few issues with the bridge snooping were identified and fixed upstream in OpenWRT: * "firewall: Allow IGMP and MLD input on WAN" (r45613) * "kernel: bridge: backport two snooping related patches" (r45783) * netifd: "bridge: Fix multicast_to_unicast feature by hairpin+isolate" (OW: "netifd: update to the latest version, adds multicast-to-unicast fixes" (r46719)) * "kernel: bridge, multicast-to-unicast: assign src after pskb_may_pull()" (r46721) * "kernel: bridge, multicast-to-unicast: fix echoes on STA" (46765) These have very likely caused issues with the bridge snooping before, which led to disabling it in the past. Let's reenable the multicast snooping now that they were fixed for reduced multicast overhead on the wifi. Advantages are the following: This mildly reduces overhead on the mesh layer. And significantly reduces overhead on the AP interface and therefore significantly increases available airtime (the currently most significant scalability bottleneck). Secondly removes an easy, often accidental node-local Denial-of-Service vector based on multicast flooding / streaming. Thirdly, makes node-local multicast streaming feasible. Finally should noticably increase battery life of mobile devices. Note: bridge querier is disabled for br-wan. We want to avoid becoming too "bossy"/"noisy" on a foreign network. Signed-off-by: Linus Lüssing --- .../lib/gluon/upgrade/310-gluon-mesh-batman-adv-core-mesh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-core-mesh b/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-core-mesh index ade6af57..6c2d2aab 100755 --- a/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-core-mesh +++ b/package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-core-mesh @@ -37,7 +37,7 @@ end uci:set('network', 'client', 'proto', 'dhcpv6') uci:set('network', 'client', 'reqprefix', 'no') -uci:set('network', 'client', 'igmp_snooping', 0) +uci:delete('network', 'client', 'igmp_snooping') uci:set('network', 'client', 'robustness', 3) uci:set('network', 'client', 'query_interval', 2000) uci:set('network', 'client', 'query_response_interval', 500) From 6594ba314c9c938127a49b730b2f76374443ca9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20L=C3=BCssing?= Date: Tue, 23 Aug 2016 00:16:38 +0200 Subject: [PATCH 2/2] gluon-core: reenable multicast snooping on WAN side MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Just like we enabled multicast snooping on the batman-adv client bridge again, let's do the same for the WAN side. With one exception: The IGMP/MLD querier is kept disabled to avoid becoming too "bossy"/"noisy" on a foreign network. The main router on the WAN side should perform querying and by that enable IGMP/MLD/snooping if it considers this appropriate there. Signed-off-by: Linus Lüssing --- package/gluon-core/luasrc/lib/gluon/upgrade/110-network | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network index bf87d47f..c61b81d1 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network @@ -9,11 +9,12 @@ uci:section('network', 'interface', 'wan', { ifname = sysconfig.wan_ifname, type = 'bridge', - igmp_snooping = 0, + multicast_querier = 0, peerdns = 0, auto = 1, } ) +uci:delete('network', 'wan', 'igmp_snooping') if not uci:get('network', 'wan', 'proto') then uci:set('network', 'wan', 'proto', 'dhcp')