[riot-devel] RFC: packaging "start_network.sh" on IoT-LAB

Martine Lenders mail at martine-lenders.eu
Wed Apr 12 07:44:24 CEST 2017


Hi Gaëtan,
This sounds great! Would it be possible to merge this with the current
version of the script (say with an additional parameter), so we can
use it in the `iotlab-term` target version of the border router [1]?

Cheers,
Martine

[1] https://github.com/RIOT-OS/RIOT/blob/master/examples/gnrc_border_router/Makefile#L65

2017-04-11 16:33 GMT+02:00 Gaëtan Harter <gaetan.harter at inria.fr>:
> Dear RIOT developers,
>
>
> Iam working on packaging an equivalent of gnrc_border_router
> "start_network.sh" script for IoT-LAB.
>
> The reason why I need to adapt it is that users are not root on the ssh
> frontend, and that the frontend is shared between different users.
> So I give sudo permissions for one executable, verify given arguments and
> execute ethos/uhcpd as regularuser so serial ports can be accessed.
>
> I would like to have your feedback on the tool so I could fix things before
> release.
>
>
> ### The steps I do: ###
>
>  * Verify the given prefix is unused
>  * Create TAP interface
>  * Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345
>  * Call uhcpd in the background with cap-net-raw capability so that it
>    can use --bind-to-device
>  * Run ethos
>  * Correctly cleanup everything in case of error and experiment stop
>
>
> ### What I removed from "start_network.sh:###
>
>  * Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128
>    dev lo"
>
>
> ### Important to know ###
>
> Currentlyip6tables are dropping all input on thessh frontend, so it can only
> be used as a client.(That's why I needed to allow traffic for uhcpd).
> The original reason is to prevent users to run a public server on the
> frontend.
> And even with private addresses, the user would have no way to secure it
> from other users with iptables, or binding to aspecificinterface.
>
>
> For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface, I
> could do something similar for ethos.
>
>
> ### Running the wrapper ###
>
> The current arguments are:
>
>    |ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix
>    |
>
> |The output:|
> ||
>
>    |sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64
>    DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter
>    DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1
>    net.ipv6.conf.tap0.forwarding = 1
>    DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0
>    net.ipv6.conf.tap0.accept_ra = 0
>    DEBUG:root:Calling: ip link set tap0 up
>    DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0
>    DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0
>    DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp
>    --dport 12345 -j ACCEPT
>    DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser
>    --cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64
>    --bind-to-device
>    DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path
>    /sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1
>    Switch from 'root' to 'harter'
>    Switch from 'root' to 'harter'
>    Joining IPv6 multicast group...
>    entering loop...
>    ----> ethos: sending hello.
>    ----> ethos: activating serial pass through.
>    ----> ethos: hello reply received
>
>
>     > help
>    help
>    Command              Description
>    ---------------------------------------
>    reboot               Reboot the node
>    ps                   Prints information about running threads.
>    ping6                Ping via ICMPv6
>    random_init          initializes the PRNG
>    random_get           returns 32 bit of pseudo randomness
>    ifconfig             Configure network interfaces
>    fibroute             Manipulate the FIB (info: 'fibroute [add|del]')
>    ncache               manage neighbor cache by hand
>    routers              IPv6 default router list
>    6ctx                 6LoWPAN context configuration tool
>     > uhcp_client(): no reply received
>    uhcp_client(): sending REQ...
>    got packet from fe80::221:d3ff:fe60:5a8d port 12345
>    got packet from fe80::50c1:ffff:fe5d:a1c7 port 40483
>    uhcp: push from fe80::50c1:ffff:fe5d:a1c7:40483 prefix=fd00::/64
>    gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again
>    uhcp_client(): sending REQ...
>    got packet from fe80::221:d3ff:fe60:5a8d port 12345
>    got packet from fe80::e034:28ff:fe26:6ac3 port 49575
>    uhcp: push from fe80::e034:28ff:fe26:6ac3:49575 prefix=fd00::/64
>    gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again||
>    |||
>
> |||And the interface|looks like:
>
>    84: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>    pfifo_fast state UP group default qlen 500
>         link/ether 52:c1:ff:5d:a1:c7 brd ff:ff:ff:ff:ff:ff
>         inet6 fe80::50c1:ffff:fe5d:a1c7/64 scope link
>            valid_lft forever preferred_lft forever
>         inet6 fe80::1/64 scope link
>            valid_lft forever preferred_lft forever
>
>
> This is the current state, and with some documentation it could be released
> as is.
>
>
> I thank you in advance for your feedback
>
> Regards,
> Gaëtan Harter - IoT-LAB Team
> ||||
> _______________________________________________
> devel mailing list
> devel at riot-os.org
> https://lists.riot-os.org/mailman/listinfo/devel


More information about the devel mailing list