gluon-ebtables: don't filter incoming MLD Reports with brmldproxy

If there is no multicast router behind a bridge port then the Linux bridge multicast snooping code itself will refrain from forwarding a report, as recommended/required by RFC4541 ("Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches). So these rules are in most cases redundant. On the other hand, removing them allows to actually run an IPv6 multicast router behind a Gluon node. Since OpenWrt 23.05 it will allow detecting multicast routers via Multicast Router Discovery (RFC4286). And removing these ebtables rules will allow a layer 3 multicast router to then receive MLD reports from the mesh properly and by that to learn about others listeners in the mesh. These incoming MLD report filtering rules are only removed when gluon-mesh-batman-adv-brmldproxy is installed, to avoid any other functional changes otherwise. Signed-off-by: Linus Lüssing <[email protected]>
freifunk-gluon · Apr 17, 2024 · 3895867 · 3895867
1 parent d79a680
commit 3895867
Showing 1 changed file with 15 additions and 3 deletions.
diff --git a/package/gluon-ebtables/luasrc/lib/gluon/ebtables/105-mcast-drop-igmp-mld b/package/gluon-ebtables/luasrc/lib/gluon/ebtables/105-mcast-drop-igmp-mld
@@ -1,5 +1,14 @@
 local site = require 'gluon.site'
 
+local function file_exists(file)
+	local f = io.open(file)
+	if not f then
+		return false
+	end
+	f:close()
+	return true
+end
+
 rule('MULTICAST_IN -p IPv4 --ip-protocol igmp --ip-igmp-type membership-query -j DROP', 'nat')
 rule('MULTICAST_OUT -p IPv4 --ip-protocol igmp --ip-igmp-type membership-query -j DROP')
 
@@ -14,7 +23,10 @@ if site.mesh.filter_membership_reports(true) then
 	rule('MULTICAST_OUT_ICMPV6 -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 132 -j DROP') -- MLDv1 Done
 	rule('MULTICAST_OUT_ICMPV6 -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 143 -j DROP') -- MLDv2 Report
 
-	rule('MULTICAST_IN_ICMPV6 -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 131 -j DROP', 'nat') -- MLDv1 Report
-	rule('MULTICAST_IN_ICMPV6 -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 132 -j DROP', 'nat') -- MLDv1 Done
-	rule('MULTICAST_IN_ICMPV6 -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 143 -j DROP', 'nat') -- MLDv2 Report
+	# only install if gluon-mesh-batman-adv-brmldproxy is not
+	if not file_exists("/lib/gluon/upgrade/400-brmldproxy") then
+	        rule('MULTICAST_IN_ICMPV6 -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 131 -j DROP', 'nat') -- MLDv1 Report
+	        rule('MULTICAST_IN_ICMPV6 -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 132 -j DROP', 'nat') -- MLDv1 Done
+	        rule('MULTICAST_IN_ICMPV6 -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 143 -j DROP', 'nat') -- MLDv2 Report
+	end
 end