Dear RIOT developers,
Iam working on packaging an equivalent of gnrc_border_router "start_network.sh" script for IoT-LAB.
The reason why I need to adapt it is that users are not root on the ssh frontend, and that the frontend is shared between different users. So I give sudo permissions for one executable, verify given arguments and execute ethos/uhcpd as regularuser so serial ports can be accessed.
I would like to have your feedback on the tool so I could fix things before release.
### The steps I do: ###
* Verify the given prefix is unused * Create TAP interface * Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345 * Call uhcpd in the background with cap-net-raw capability so that it can use --bind-to-device * Run ethos * Correctly cleanup everything in case of error and experiment stop
### What I removed from "start_network.sh:###
* Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128 dev lo"
### Important to know ###
Currentlyip6tables are dropping all input on thessh frontend, so it can only be used as a client.(That's why I needed to allow traffic for uhcpd). The original reason is to prevent users to run a public server on the frontend. And even with private addresses, the user would have no way to secure it from other users with iptables, or binding to aspecificinterface.
For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface, I could do something similar for ethos.
### Running the wrapper ###
The current arguments are:
>ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix >
The output:|
>sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64 DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1 net.ipv6.conf.tap0.forwarding = 1 DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0 net.ipv6.conf.tap0.accept_ra = 0 DEBUG:root:Calling: ip link set tap0 up DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0 DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0 DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp --dport 12345 -j ACCEPT DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64 --bind-to-device DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path /sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1 Switch from 'root' to 'harter' Joining IPv6 multicast group... entering loop... ----> ethos: sending hello. ----> ethos: activating serial pass through. ----> ethos: hello reply received
> help help Command Description