docs: add documentation for gluon-ebtables-filter-{multicast,ra-dhcp}

This commit is contained in:
Matthias Schiffer 2015-11-23 00:39:32 +01:00
parent 81b2142e65
commit f0308ed93c
3 changed files with 45 additions and 0 deletions

View File

@ -50,6 +50,8 @@ Packages
:maxdepth: 1 :maxdepth: 1
package/gluon-client-bridge package/gluon-client-bridge
package/gluon-ebtables-filter-multicast
package/gluon-ebtables-filter-ra-dhcp
Releases Releases
-------- --------

View File

@ -0,0 +1,30 @@
gluon-ebtables-filter-multicast
===============================
The *gluon-ebtables-filter-multicast* package filters out various kinds of
non-essential multicast traffic, as this traffic often constitutes a
disproportionate burden on the mesh network. Unfortunately, this breaks many useful services
(Avahi, Bonjour chat, ...), but this seems unavoidable, as the current Avahi implementation is
optimized for small local networks and causes too much traffic in lange mesh networks.
The multicast packets are filtered between the nodes' client bridge (*br-client*) and mesh
interface (*bat0*) on output.
The following packet types are considered essential and aren't filtered:
* ARP (except requests for/replies from 0.0.0.0)
* DHCP, DHCPv6
* ICMPv6 (except Echo Requests (ping) and Node Information Queries (RFC4620)
* IGMP
In addition, the following packet types are allowed to allow experimentation with
layer 3 routing protocols.
* Babel
* OSPF
* RIPng
The following packet types are also allowed:
* BitTorrent Local Peer Discovery (it seems better to have local peers for BitTorrent than sending everything through the internet)

View File

@ -0,0 +1,13 @@
gluon-ebtables-filter-ra-dhcp
=============================
The *gluon-ebtables-filter-ra-dhcp* package tries to prevent common
misconfigurations (i.e. connecting the client interface of a Gluon
node to a private network) from causing issues for either of the
networks.
The rules are the following:
* DHCP requests, DHCPv6 requests and Router Solicitations may only be sent from clients to the mesh, but aren't forwarded
from the mesh to clients
* DHCP replies, DHCPv6 replies and Router Advertisements from clients aren't forwarded to the mesh