[riot-devel] RFC: packaging "start_network.sh" on IoT-LAB

Gaëtan Harter gaetan.harter at inria.fr
Tue Apr 11 16:33:07 CEST 2017


Dear RIOT developers,


Iam working on packaging an equivalent of gnrc_border_router 
"start_network.sh" script for IoT-LAB.

The reason why I need to adapt it is that users are not root on the ssh 
frontend, and that the frontend is shared between different users.
So I give sudo permissions for one executable, verify given arguments 
and execute ethos/uhcpd as regularuser so serial ports can be accessed.

I would like to have your feedback on the tool so I could fix things 
before release.


### The steps I do: ###

  * Verify the given prefix is unused
  * Create TAP interface
  * Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345
  * Call uhcpd in the background with cap-net-raw capability so that it
    can use --bind-to-device
  * Run ethos
  * Correctly cleanup everything in case of error and experiment stop


### What I removed from "start_network.sh:###

  * Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128
    dev lo"


### Important to know ###

Currentlyip6tables are dropping all input on thessh frontend, so it can 
only be used as a client.(That's why I needed to allow traffic for uhcpd).
The original reason is to prevent users to run a public server on the 
frontend.
And even with private addresses, the user would have no way to secure it 
from other users with iptables, or binding to aspecificinterface.


For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface, 
I could do something similar for ethos.


### Running the wrapper ###

The current arguments are:

    |ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix
    |

|The output:|
||

    |sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64
    DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter
    DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1
    net.ipv6.conf.tap0.forwarding = 1
    DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0
    net.ipv6.conf.tap0.accept_ra = 0
    DEBUG:root:Calling: ip link set tap0 up
    DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0
    DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0
    DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp
    --dport 12345 -j ACCEPT
    DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser
    --cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64
    --bind-to-device
    DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path
    /sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1
    Switch from 'root' to 'harter'
    Switch from 'root' to 'harter'
    Joining IPv6 multicast group...
    entering loop...
    ----> ethos: sending hello.
    ----> ethos: activating serial pass through.
    ----> ethos: hello reply received


     > help
    help
    Command              Description
    ---------------------------------------
    reboot               Reboot the node
    ps                   Prints information about running threads.
    ping6                Ping via ICMPv6
    random_init          initializes the PRNG
    random_get           returns 32 bit of pseudo randomness
    ifconfig             Configure network interfaces
    fibroute             Manipulate the FIB (info: 'fibroute [add|del]')
    ncache               manage neighbor cache by hand
    routers              IPv6 default router list
    6ctx                 6LoWPAN context configuration tool
     > uhcp_client(): no reply received
    uhcp_client(): sending REQ...
    got packet from fe80::221:d3ff:fe60:5a8d port 12345
    got packet from fe80::50c1:ffff:fe5d:a1c7 port 40483
    uhcp: push from fe80::50c1:ffff:fe5d:a1c7:40483 prefix=fd00::/64
    gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again
    uhcp_client(): sending REQ...
    got packet from fe80::221:d3ff:fe60:5a8d port 12345
    got packet from fe80::e034:28ff:fe26:6ac3 port 49575
    uhcp: push from fe80::e034:28ff:fe26:6ac3:49575 prefix=fd00::/64
    gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again||
    |||

|||And the interface|looks like:

    84: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
    pfifo_fast state UP group default qlen 500
         link/ether 52:c1:ff:5d:a1:c7 brd ff:ff:ff:ff:ff:ff
         inet6 fe80::50c1:ffff:fe5d:a1c7/64 scope link
            valid_lft forever preferred_lft forever
         inet6 fe80::1/64 scope link
            valid_lft forever preferred_lft forever


This is the current state, and with some documentation it could be 
released as is.


I thank you in advance for your feedback

Regards,
Gaëtan Harter - IoT-LAB Team
||||


More information about the devel mailing list