Hi,
----- Mail original -----
> This sounds great!
Indeed. I just gave it a try on IoT-LAB (only available on one of the
development server for the moment) and it works very well. The
gnrc_border_router application has to be built using a BAUDRATE of 500000 but
otherwise there's nothing special to change.
> Would it be possible to merge this with the current
> version of the script (say with an additional parameter), so we can
> use it in the `iotlab-term` target version of the border router [1]?
From what I understand are you thinking of adding something like this:
iotlab-term:
$(Q)sudo ethos_uhcpd.py $(M3HOST) $(TAP) $(IPV6_PREFIX)
?
Then it should be quite straightforward but not very useful since the command
on its own is already very simple.
Besides that the <make term> command can already been used from A8 nodes.
Cheers,
Alex
>
> Cheers,
> Martine
>
> [1]
> https://github.com/RIOT-OS/RIOT/blob/master/examples/gnrc_border_router/Makefile#L65
>
> 2017-04-11 16:33 GMT+02:00 Gaëtan Harter <gaetan.har...@inria.fr>:
> > Dear RIOT developers,
> >
> >
> > Iam working on packaging an equivalent of gnrc_border_router
> > "start_network.sh" script for IoT-LAB.
> >
> > The reason why I need to adapt it is that users are not root on the ssh
> > frontend, and that the frontend is shared between different users.
> > So I give sudo permissions for one executable, verify given arguments and
> > execute ethos/uhcpd as regularuser so serial ports can be accessed.
> >
> > I would like to have your feedback on the tool so I could fix things before
> > release.
> >
> >
> > ### The steps I do: ###
> >
> > * Verify the given prefix is unused
> > * Create TAP interface
> > * Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345
> > * Call uhcpd in the background with cap-net-raw capability so that it
> > can use --bind-to-device
> > * Run ethos
> > * Correctly cleanup everything in case of error and experiment stop
> >
> >
> > ### What I removed from "start_network.sh:###
> >
> > * Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128
> > dev lo"
> >
> >
> > ### Important to know ###
> >
> > Currentlyip6tables are dropping all input on thessh frontend, so it can
> > only
> > be used as a client.(That's why I needed to allow traffic for uhcpd).
> > The original reason is to prevent users to run a public server on the
> > frontend.
> > And even with private addresses, the user would have no way to secure it
> > from other users with iptables, or binding to aspecificinterface.
> >
> >
> > For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface, I
> > could do something similar for ethos.
> >
> >
> > ### Running the wrapper ###
> >
> > The current arguments are:
> >
> > |ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix
> > |
> >
> > |The output:|
> > ||
> >
> > |sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64
> > DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter
> > DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1
> > net.ipv6.conf.tap0.forwarding = 1
> > DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0
> > net.ipv6.conf.tap0.accept_ra = 0
> > DEBUG:root:Calling: ip link set tap0 up
> > DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0
> > DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0
> > DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp
> > --dport 12345 -j ACCEPT
> > DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser
> > --cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64
> > --bind-to-device
> > DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path
> > /sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1
> > Switch from 'root' to 'harter'
> > Switch from 'root' to 'harter'
> > Joining IPv6 multicast group...
> > entering loop...
> > ----> ethos: sending hello.
> > ----> ethos: activating serial pass through.
> > ----> ethos: hello reply received
> >
> >
> > > help
> > help
> > Command Description
> > ---------------------------------------
> > reboot Reboot the node
> > ps Prints information about running threads.
> > ping6 Ping via ICMPv6
> > random_init initializes the PRNG
> > random_get returns 32 bit of pseudo randomness
> > ifconfig Configure network interfaces
> > fibroute Manipulate the FIB (info: 'fibroute [add|del]')
> > ncache manage neighbor cache by hand
> > routers IPv6 default router list
> > 6ctx 6LoWPAN context configuration tool
> > > uhcp_client(): no reply received
> > uhcp_client(): sending REQ...
> > got packet from fe80::221:d3ff:fe60:5a8d port 12345
> > got packet from fe80::50c1:ffff:fe5d:a1c7 port 40483
> > uhcp: push from fe80::50c1:ffff:fe5d:a1c7:40483 prefix=fd00::/64
> > gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again
> > uhcp_client(): sending REQ...
> > got packet from fe80::221:d3ff:fe60:5a8d port 12345
> > got packet from fe80::e034:28ff:fe26:6ac3 port 49575
> > uhcp: push from fe80::e034:28ff:fe26:6ac3:49575 prefix=fd00::/64
> > gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again||
> > |||
> >
> > |||And the interface|looks like:
> >
> > 84: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> > pfifo_fast state UP group default qlen 500
> > link/ether 52:c1:ff:5d:a1:c7 brd ff:ff:ff:ff:ff:ff
> > inet6 fe80::50c1:ffff:fe5d:a1c7/64 scope link
> > valid_lft forever preferred_lft forever
> > inet6 fe80::1/64 scope link
> > valid_lft forever preferred_lft forever
> >
> >
> > This is the current state, and with some documentation it could be released
> > as is.
> >
> >
> > I thank you in advance for your feedback
> >
> > Regards,
> > Gaëtan Harter - IoT-LAB Team
> > ||||
> > _______________________________________________
> > devel mailing list
> > devel@riot-os.org
> > https://lists.riot-os.org/mailman/listinfo/devel
> _______________________________________________
> devel mailing list
> devel@riot-os.org
> https://lists.riot-os.org/mailman/listinfo/devel
>
_______________________________________________
devel mailing list
devel@riot-os.org
https://lists.riot-os.org/mailman/listinfo/devel
