Broadcast-Storm

Erik Logtenberg erik at logtenberg.eu
Tue Mar 16 19:52:56 CET 2010 

Personally, I don't think it is a wise plan to try and build packet
filtering in tinc. Packet filtering is a complex task, which is quite
different from the VPN-task that tinc is designed for. There already are
great implementations for packet filtering available, so you'd be
re-inventing the wheel in a specifically contra-intuitive place.

I think you'd be better off just using the firewall-software that is
available on the different platforms that you use. The fact that this is
not portable sucks, but I don't think you are suggesting the right solution.
My two cents: if you would really want to solve the problem that you
describe (the problem that you cannot use the samen firewall software on
different platforms), then solve that by picking the one you like most
and porting that to the target platform(s).

-- Erik

Donald Pearson schreef:
> Let me be the first to encourage you.
> 
> filtering would be an outstanding feature.
> 
> On 3/16/10, Markus Dangl <sky at q1cc.net> wrote:
>> Hi,
>>
>> I've got a small tinc network (switched) set up and it usually works
>> fine. But sometimes i get echos from my own broadcasts and sometimes
>> this even leads to a broadcast storm (two nodes forwarding the
>> broadcasts in circle, thus flooding the whole network with copies of the
>> same packet).
>>
>> I'm currently unsure on how to debug this using tinc. So my questions are:
>>  - How does tinc handle broadcasts when in switching mode? Does tinc
>> understand STP? (I usually enable STP on all my linux bridges).
>>  - Not all of the clients update their tinc clients regularly, so i
>> might have several tinc versions from 1.0.9 to 1.0.12 in my net. Could
>> it be that incompatibilities between these versions are responsible for
>> this?
>>
>> B.t.w.:
>>
>> Sadly not all of the installations are maintained by people that
>> actually know a lot about network stuff. Also, a lot of the nodes run on
>> Windows :/ so i don't have a portable way to use packet filtering on all
>> nodes.
>>
>> A nice-to-have feature for tinc would be to have some filtering options,
>> maybe even a real packet filter (like those *-tables tools on linux). I
>> see that that's not really tincs job, but there currently is no portable
>> way of packet filtering, but tinc could do it :)
>> If there are more people that could make good use of such a feature i
>> might just start experimenting a little with the tinc sources.
>>
>> With kind regards,
>> Markus Dangl
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>

More information about the tinc mailing list