forked from freifunk-franken/firmware
fff-layer3-vxmesh: add babel MTU filters
A VXLAN Tunnel (IPv6, without inner VLAN tag) adds 70 bytes of overhead to each packet. To support bridging our client interfaces with an MTU of 1500, VXLAN packets require a link with an MTU of 1570. To avoid sending too large packets to peers over a link with an MTU less than 1570, this patch adds filters to babel to ignore routes to peers announced over small links. Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
This commit is contained in:
parent
27e074b1ea
commit
d50feeab07
|
@ -1,5 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
. /lib/functions.sh
|
||||
|
||||
configure() {
|
||||
local proto
|
||||
local peerip
|
||||
|
@ -92,6 +94,52 @@ configure() {
|
|||
EOF
|
||||
done
|
||||
|
||||
# learn routes to other peers only over babel interfaces with sufficient mtu
|
||||
# - according to the rfc, vxlan packets must not be fragmented by a VTEP
|
||||
# - the vxlan tunnel requires an mtu of 1570 when using ipv6
|
||||
#
|
||||
# -> to avoid sending too large packets over an interface with too small mtu,
|
||||
# don't learn a route to a peer over that interface in the first place
|
||||
babel_filter_mtu() {
|
||||
local config="$1"
|
||||
local otherpeers="$2"
|
||||
local mtu
|
||||
local ifname
|
||||
|
||||
case $config in
|
||||
babelpeer*) ;;
|
||||
wireguardpeer*) ;;
|
||||
*) return ;;
|
||||
esac
|
||||
|
||||
config_get mtu "$config" mtu
|
||||
config_get ifname "$config" ifname
|
||||
|
||||
[ "${mtu:-0}" -ge "1570" ] && return
|
||||
[ -z "${ifname}" ] && {
|
||||
echo "WARNING: could not determine ifname from \"$config\""
|
||||
return
|
||||
}
|
||||
for peer in $otherpeers; do
|
||||
if ! uci -q batch > /dev/null; then
|
||||
echo "FATAL: error adding babel filter for vxlan peer!"
|
||||
echo " peer: \"$peer\""
|
||||
echo " interface: \"$ifname\""
|
||||
return 1
|
||||
fi <<- EOF
|
||||
add babeld filter
|
||||
set babeld.@filter[-1].type="in"
|
||||
set babeld.@filter[-1].ip="$peer"
|
||||
set babeld.@filter[-1].if="$ifname"
|
||||
set babeld.@filter[-1].addedbyautoconfig="true"
|
||||
set babeld.@filter[-1].action="deny"
|
||||
EOF
|
||||
done
|
||||
}
|
||||
|
||||
config_load network
|
||||
config_foreach babel_filter_mtu interface "$otherpeers"
|
||||
|
||||
# with multiple routers in the network, there shouldn't be an authoritative
|
||||
# dhcp server
|
||||
uci set dhcp.@dnsmasq[0].authoritative="0"
|
||||
|
@ -103,9 +151,11 @@ configure() {
|
|||
apply() {
|
||||
uci commit network
|
||||
uci commit dhcp
|
||||
uci commit babeld
|
||||
}
|
||||
|
||||
revert() {
|
||||
uci revert network
|
||||
uci revert dhcp
|
||||
uci revert babeld
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue