From f0308ed93cc2578792f168152840c1be27d003f5 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 23 Nov 2015 00:39:32 +0100 Subject: [PATCH] docs: add documentation for gluon-ebtables-filter-{multicast,ra-dhcp} --- docs/index.rst | 2 ++ .../gluon-ebtables-filter-multicast.rst | 30 +++++++++++++++++++ .../package/gluon-ebtables-filter-ra-dhcp.rst | 13 ++++++++ 3 files changed, 45 insertions(+) create mode 100644 docs/package/gluon-ebtables-filter-multicast.rst create mode 100644 docs/package/gluon-ebtables-filter-ra-dhcp.rst diff --git a/docs/index.rst b/docs/index.rst index 692b2e50..445f9973 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -50,6 +50,8 @@ Packages :maxdepth: 1 package/gluon-client-bridge + package/gluon-ebtables-filter-multicast + package/gluon-ebtables-filter-ra-dhcp Releases -------- diff --git a/docs/package/gluon-ebtables-filter-multicast.rst b/docs/package/gluon-ebtables-filter-multicast.rst new file mode 100644 index 00000000..fa9f2d50 --- /dev/null +++ b/docs/package/gluon-ebtables-filter-multicast.rst @@ -0,0 +1,30 @@ +gluon-ebtables-filter-multicast +=============================== + +The *gluon-ebtables-filter-multicast* package filters out various kinds of +non-essential multicast traffic, as this traffic often constitutes a +disproportionate burden on the mesh network. Unfortunately, this breaks many useful services +(Avahi, Bonjour chat, ...), but this seems unavoidable, as the current Avahi implementation is +optimized for small local networks and causes too much traffic in lange mesh networks. + +The multicast packets are filtered between the nodes' client bridge (*br-client*) and mesh +interface (*bat0*) on output. + + +The following packet types are considered essential and aren't filtered: + +* ARP (except requests for/replies from 0.0.0.0) +* DHCP, DHCPv6 +* ICMPv6 (except Echo Requests (ping) and Node Information Queries (RFC4620) +* IGMP + +In addition, the following packet types are allowed to allow experimentation with +layer 3 routing protocols. + +* Babel +* OSPF +* RIPng + +The following packet types are also allowed: + +* BitTorrent Local Peer Discovery (it seems better to have local peers for BitTorrent than sending everything through the internet) diff --git a/docs/package/gluon-ebtables-filter-ra-dhcp.rst b/docs/package/gluon-ebtables-filter-ra-dhcp.rst new file mode 100644 index 00000000..539fbc0d --- /dev/null +++ b/docs/package/gluon-ebtables-filter-ra-dhcp.rst @@ -0,0 +1,13 @@ +gluon-ebtables-filter-ra-dhcp +============================= + +The *gluon-ebtables-filter-ra-dhcp* package tries to prevent common +misconfigurations (i.e. connecting the client interface of a Gluon +node to a private network) from causing issues for either of the +networks. + +The rules are the following: + +* DHCP requests, DHCPv6 requests and Router Solicitations may only be sent from clients to the mesh, but aren't forwarded + from the mesh to clients +* DHCP replies, DHCPv6 replies and Router Advertisements from clients aren't forwarded to the mesh