fff-layer3-vxmesh: join multple client nets with vxlan #82
|
@ -1,5 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
. /lib/functions.sh
|
||||||
|
|
||||||
configure() {
|
configure() {
|
||||||
local proto
|
local proto
|
||||||
local peerip
|
local peerip
|
||||||
|
@ -92,6 +94,52 @@ configure() {
|
||||||
EOF
|
EOF
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# learn routes to other peers only over babel interfaces with sufficient mtu
|
||||||
|
# - according to the rfc, vxlan packets must not be fragmented by a VTEP
|
||||||
|
# - the vxlan tunnel requires an mtu of 1570 when using ipv6
|
||||||
|
#
|
||||||
|
# -> to avoid sending too large packets over an interface with too small mtu,
|
||||||
|
# don't learn a route to a peer over that interface in the first place
|
||||||
|
babel_filter_mtu() {
|
||||||
|
local config="$1"
|
||||||
|
local otherpeers="$2"
|
||||||
|
local mtu
|
||||||
|
local ifname
|
||||||
|
|
||||||
|
case $config in
|
||||||
|
babelpeer*) ;;
|
||||||
|
wireguardpeer*) ;;
|
||||||
|
*) return ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
config_get mtu "$config" mtu
|
||||||
|
config_get ifname "$config" ifname
|
||||||
|
|
||||||
|
[ "${mtu:-0}" -ge "1570" ] && return
|
||||||
|
[ -z "${ifname}" ] && {
|
||||||
|
echo "WARNING: could not determine ifname from \"$config\""
|
||||||
|
return
|
||||||
|
}
|
||||||
|
for peer in $otherpeers; do
|
||||||
|
if ! uci -q batch > /dev/null; then
|
||||||
|
echo "FATAL: error adding babel filter for vxlan peer!"
|
||||||
|
echo " peer: \"$peer\""
|
||||||
|
echo " interface: \"$ifname\""
|
||||||
|
return 1
|
||||||
|
fi <<- EOF
|
||||||
|
add babeld filter
|
||||||
|
set babeld.@filter[-1].type="in"
|
||||||
|
set babeld.@filter[-1].ip="$peer"
|
||||||
|
set babeld.@filter[-1].if="$ifname"
|
||||||
|
set babeld.@filter[-1].addedbyautoconfig="true"
|
||||||
|
set babeld.@filter[-1].action="deny"
|
||||||
|
EOF
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
config_load network
|
||||||
jkimmel marked this conversation as resolved
Outdated
|
|||||||
|
config_foreach babel_filter_mtu interface "$otherpeers"
|
||||||
|
|
||||||
# with multiple routers in the network, there shouldn't be an authoritative
|
# with multiple routers in the network, there shouldn't be an authoritative
|
||||||
# dhcp server
|
# dhcp server
|
||||||
uci set dhcp.@dnsmasq[0].authoritative="0"
|
uci set dhcp.@dnsmasq[0].authoritative="0"
|
||||||
|
@ -103,9 +151,11 @@ configure() {
|
||||||
apply() {
|
apply() {
|
||||||
uci commit network
|
uci commit network
|
||||||
uci commit dhcp
|
uci commit dhcp
|
||||||
|
uci commit babeld
|
||||||
}
|
}
|
||||||
|
|
||||||
revert() {
|
revert() {
|
||||||
uci revert network
|
uci revert network
|
||||||
uci revert dhcp
|
uci revert dhcp
|
||||||
|
uci revert babeld
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
werden die Filter irgendwo wieder geloescht, wenn sich otherpeers aendern?
Jap, das macht https://git.freifunk-franken.de/freifunk-franken/firmware/src/tag/20210211-beta/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel#L87 bzw. https://git.freifunk-franken.de/freifunk-franken/firmware/src/tag/20210211-beta/src/packages/fff/fff-babeld/files/lib/functions/fff/babel#L103 .
Deswegen
set babeld.@filter[-1].addedbyautoconfig="true"
#125