[riot-devel] RFC: packaging "start_network.sh" on IoT-LAB

Alexandre Abadie alexandre.abadie at inria.fr
Thu Apr 20 10:23:44 CEST 2017


Hi,

----- Mail original -----
> This sounds great! 

Indeed. I just gave it a try on IoT-LAB (only available on one of the development server for the moment) and it works very well. The gnrc_border_router application has to be built using a BAUDRATE of 500000 but otherwise there's nothing special to change.

> Would it be possible to merge this with the current
> version of the script (say with an additional parameter), so we can
> use it in the `iotlab-term` target version of the border router [1]?

>From what I understand are you thinking of adding something like this:
iotlab-term:
	$(Q)sudo ethos_uhcpd.py $(M3HOST) $(TAP) $(IPV6_PREFIX)
?

Then it should be quite straightforward but not very useful since the command on its own is already very simple.
Besides that the <make term> command can already been used from A8 nodes.

Cheers,

Alex

> 
> Cheers,
> Martine
> 
> [1]
> https://github.com/RIOT-OS/RIOT/blob/master/examples/gnrc_border_router/Makefile#L65
> 
> 2017-04-11 16:33 GMT+02:00 Gaëtan Harter <gaetan.harter at inria.fr>:
> > Dear RIOT developers,
> >
> >
> > Iam working on packaging an equivalent of gnrc_border_router
> > "start_network.sh" script for IoT-LAB.
> >
> > The reason why I need to adapt it is that users are not root on the ssh
> > frontend, and that the frontend is shared between different users.
> > So I give sudo permissions for one executable, verify given arguments and
> > execute ethos/uhcpd as regularuser so serial ports can be accessed.
> >
> > I would like to have your feedback on the tool so I could fix things before
> > release.
> >
> >
> > ### The steps I do: ###
> >
> >  * Verify the given prefix is unused
> >  * Create TAP interface
> >  * Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345
> >  * Call uhcpd in the background with cap-net-raw capability so that it
> >    can use --bind-to-device
> >  * Run ethos
> >  * Correctly cleanup everything in case of error and experiment stop
> >
> >
> > ### What I removed from "start_network.sh:###
> >
> >  * Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128
> >    dev lo"
> >
> >
> > ### Important to know ###
> >
> > Currentlyip6tables are dropping all input on thessh frontend, so it can
> > only
> > be used as a client.(That's why I needed to allow traffic for uhcpd).
> > The original reason is to prevent users to run a public server on the
> > frontend.
> > And even with private addresses, the user would have no way to secure it
> > from other users with iptables, or binding to aspecificinterface.
> >
> >
> > For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface, I
> > could do something similar for ethos.
> >
> >
> > ### Running the wrapper ###
> >
> > The current arguments are:
> >
> >    |ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix
> >    |
> >
> > |The output:|
> > ||
> >
> >    |sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64
> >    DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter
> >    DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1
> >    net.ipv6.conf.tap0.forwarding = 1
> >    DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0
> >    net.ipv6.conf.tap0.accept_ra = 0
> >    DEBUG:root:Calling: ip link set tap0 up
> >    DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0
> >    DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0
> >    DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp
> >    --dport 12345 -j ACCEPT
> >    DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser
> >    --cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64
> >    --bind-to-device
> >    DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path
> >    /sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1
> >    Switch from 'root' to 'harter'
> >    Switch from 'root' to 'harter'
> >    Joining IPv6 multicast group...
> >    entering loop...
> >    ----> ethos: sending hello.
> >    ----> ethos: activating serial pass through.
> >    ----> ethos: hello reply received
> >
> >
> >     > help
> >    help
> >    Command              Description
> >    ---------------------------------------
> >    reboot               Reboot the node
> >    ps                   Prints information about running threads.
> >    ping6                Ping via ICMPv6
> >    random_init          initializes the PRNG
> >    random_get           returns 32 bit of pseudo randomness
> >    ifconfig             Configure network interfaces
> >    fibroute             Manipulate the FIB (info: 'fibroute [add|del]')
> >    ncache               manage neighbor cache by hand
> >    routers              IPv6 default router list
> >    6ctx                 6LoWPAN context configuration tool
> >     > uhcp_client(): no reply received
> >    uhcp_client(): sending REQ...
> >    got packet from fe80::221:d3ff:fe60:5a8d port 12345
> >    got packet from fe80::50c1:ffff:fe5d:a1c7 port 40483
> >    uhcp: push from fe80::50c1:ffff:fe5d:a1c7:40483 prefix=fd00::/64
> >    gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again
> >    uhcp_client(): sending REQ...
> >    got packet from fe80::221:d3ff:fe60:5a8d port 12345
> >    got packet from fe80::e034:28ff:fe26:6ac3 port 49575
> >    uhcp: push from fe80::e034:28ff:fe26:6ac3:49575 prefix=fd00::/64
> >    gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again||
> >    |||
> >
> > |||And the interface|looks like:
> >
> >    84: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> >    pfifo_fast state UP group default qlen 500
> >         link/ether 52:c1:ff:5d:a1:c7 brd ff:ff:ff:ff:ff:ff
> >         inet6 fe80::50c1:ffff:fe5d:a1c7/64 scope link
> >            valid_lft forever preferred_lft forever
> >         inet6 fe80::1/64 scope link
> >            valid_lft forever preferred_lft forever
> >
> >
> > This is the current state, and with some documentation it could be released
> > as is.
> >
> >
> > I thank you in advance for your feedback
> >
> > Regards,
> > Gaëtan Harter - IoT-LAB Team
> > ||||
> > _______________________________________________
> > devel mailing list
> > devel at riot-os.org
> > https://lists.riot-os.org/mailman/listinfo/devel
> _______________________________________________
> devel mailing list
> devel at riot-os.org
> https://lists.riot-os.org/mailman/listinfo/devel
> 


More information about the devel mailing list