RFC: packaging "start_network.sh" on IoT-LAB

Development archive
1

Dear RIOT developers,

Iam working on packaging an equivalent of gnrc_border_router "start_network.sh" script for IoT-LAB.

The reason why I need to adapt it is that users are not root on the ssh frontend, and that the frontend is shared between different users. So I give sudo permissions for one executable, verify given arguments and execute ethos/uhcpd as regularuser so serial ports can be accessed.

I would like to have your feedback on the tool so I could fix things before release.

### The steps I do: ###

  * Verify the given prefix is unused   * Create TAP interface   * Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345   * Call uhcpd in the background with cap-net-raw capability so that it     can use --bind-to-device   * Run ethos   * Correctly cleanup everything in case of error and experiment stop

### What I removed from "start_network.sh:###

  * Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128     dev lo"

### Important to know ###

Currentlyip6tables are dropping all input on thessh frontend, so it can only be used as a client.(That's why I needed to allow traffic for uhcpd). The original reason is to prevent users to run a public server on the frontend. And even with private addresses, the user would have no way to secure it from other users with iptables, or binding to aspecificinterface.

For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface, I could do something similar for ethos.

### Running the wrapper ###

The current arguments are:

    >ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix     >

The output:|

    >sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64     DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter     DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1     net.ipv6.conf.tap0.forwarding = 1     DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0     net.ipv6.conf.tap0.accept_ra = 0     DEBUG:root:Calling: ip link set tap0 up     DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0     DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0     DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp     --dport 12345 -j ACCEPT     DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser     --cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64     --bind-to-device     DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path     /sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1     Switch from 'root' to 'harter'     Joining IPv6 multicast group...     entering loop...     ----> ethos: sending hello.     ----> ethos: activating serial pass through.     ----> ethos: hello reply received

     > help     help     Command Description

2

Hi Gaƫtan, This sounds great! Would it be possible to merge this with the current version of the script (say with an additional parameter), so we can use it in the `iotlab-term` target version of the border router [1]?

Cheers, Martine

[1] https://github.com/RIOT-OS/RIOT/blob/master/examples/gnrc_border_router/Makefile#L65

3

Hi,

----- Mail original -----

This sounds great!

Indeed. I just gave it a try on IoT-LAB (only available on one of the development server for the moment) and it works very well. The gnrc_border_router application has to be built using a BAUDRATE of 500000 but otherwise there's nothing special to change.

Would it be possible to merge this with the current version of the script (say with an additional parameter), so we can use it in the `iotlab-term` target version of the border router [1]?

From what I understand are you thinking of adding something like this:

iotlab-term:   $(Q)sudo ethos_uhcpd.py $(M3HOST) $(TAP) $(IPV6_PREFIX) ?

Then it should be quite straightforward but not very useful since the command on its own is already very simple. Besides that the <make term> command can already been used from A8 nodes.

Cheers,

Alex

4

Hi,