Dear RIOT developers,
Iam working on packaging an equivalent of gnrc_border_router
"start_network.sh" script for IoT-LAB.
The reason why I need to adapt it is that users are not root on the ssh
frontend, and that the frontend is shared between different users.
So I give sudo permissions for one executable, verify given arguments
and execute ethos/uhcpd as regularuser so serial ports can be accessed.
I would like to have your feedback on the tool so I could fix things
before release.
### The steps I do: ###
* Verify the given prefix is unused
* Create TAP interface
* Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345
* Call uhcpd in the background with cap-net-raw capability so that it
can use --bind-to-device
* Run ethos
* Correctly cleanup everything in case of error and experiment stop
### What I removed from "start_network.sh:###
* Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128
dev lo"
### Important to know ###
Currentlyip6tables are dropping all input on thessh frontend, so it can
only be used as a client.(That's why I needed to allow traffic for uhcpd).
The original reason is to prevent users to run a public server on the
frontend.
And even with private addresses, the user would have no way to secure it
from other users with iptables, or binding to aspecificinterface.
For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface,
I could do something similar for ethos.
### Running the wrapper ###
The current arguments are:
|ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix
|
|The output:|
||
|sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64
DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter
DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1
net.ipv6.conf.tap0.forwarding = 1
DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0
net.ipv6.conf.tap0.accept_ra = 0
DEBUG:root:Calling: ip link set tap0 up
DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0
DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0
DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp
--dport 12345 -j ACCEPT
DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser
--cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64
--bind-to-device
DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path
/sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1
Switch from 'root' to 'harter'
Switch from 'root' to 'harter'
Joining IPv6 multicast group...
entering loop...
----> ethos: sending hello.
----> ethos: activating serial pass through.
----> ethos: hello reply received
> help
help
Command Description
---------------------------------------
reboot Reboot the node
ps Prints information about running threads.
ping6 Ping via ICMPv6
random_init initializes the PRNG
random_get returns 32 bit of pseudo randomness
ifconfig Configure network interfaces
fibroute Manipulate the FIB (info: 'fibroute [add|del]')
ncache manage neighbor cache by hand
routers IPv6 default router list
6ctx 6LoWPAN context configuration tool
> uhcp_client(): no reply received
uhcp_client(): sending REQ...
got packet from fe80::221:d3ff:fe60:5a8d port 12345
got packet from fe80::50c1:ffff:fe5d:a1c7 port 40483
uhcp: push from fe80::50c1:ffff:fe5d:a1c7:40483 prefix=fd00::/64
gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again
uhcp_client(): sending REQ...
got packet from fe80::221:d3ff:fe60:5a8d port 12345
got packet from fe80::e034:28ff:fe26:6ac3 port 49575
uhcp: push from fe80::e034:28ff:fe26:6ac3:49575 prefix=fd00::/64
gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again||
|||
|||And the interface|looks like:
84: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP group default qlen 500
link/ether 52:c1:ff:5d:a1:c7 brd ff:ff:ff:ff:ff:ff
inet6 fe80::50c1:ffff:fe5d:a1c7/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
This is the current state, and with some documentation it could be
released as is.
I thank you in advance for your feedback
Regards,
Gaëtan Harter - IoT-LAB Team
||||
_______________________________________________
devel mailing list
devel@riot-os.org
https://lists.riot-os.org/mailman/listinfo/devel
