Re: [riot-devel] RFC: packaging "start_network.sh" on IoT-LAB
Hi, 2017-04-20 10:23 GMT+02:00 Alexandre Abadie : > Then it should be quite straightforward but not very useful since the > command on its own is already very simple. > Besides that the command can already been used from A8 nodes. > I think it's even simpler if I don't have to think about logging onto the A8 node first and just do it, as I use any other IoT-LAB application ;-). Cheers, Martine ___ devel mailing list devel@riot-os.org https://lists.riot-os.org/mailman/listinfo/devel
Re: [riot-devel] RFC: packaging "start_network.sh" on IoT-LAB
Hi, - Mail original - > This sounds great! Indeed. I just gave it a try on IoT-LAB (only available on one of the development server for the moment) and it works very well. The gnrc_border_router application has to be built using a BAUDRATE of 50 but otherwise there's nothing special to change. > Would it be possible to merge this with the current > version of the script (say with an additional parameter), so we can > use it in the `iotlab-term` target version of the border router [1]? From what I understand are you thinking of adding something like this: iotlab-term: $(Q)sudo ethos_uhcpd.py $(M3HOST) $(TAP) $(IPV6_PREFIX) ? Then it should be quite straightforward but not very useful since the command on its own is already very simple. Besides that the command can already been used from A8 nodes. Cheers, Alex > > Cheers, > Martine > > [1] > https://github.com/RIOT-OS/RIOT/blob/master/examples/gnrc_border_router/Makefile#L65 > > 2017-04-11 16:33 GMT+02:00 Gaëtan Harter : > > Dear RIOT developers, > > > > > > Iam working on packaging an equivalent of gnrc_border_router > > "start_network.sh" script for IoT-LAB. > > > > The reason why I need to adapt it is that users are not root on the ssh > > frontend, and that the frontend is shared between different users. > > So I give sudo permissions for one executable, verify given arguments and > > execute ethos/uhcpd as regularuser so serial ports can be accessed. > > > > I would like to have your feedback on the tool so I could fix things before > > release. > > > > > > ### The steps I do: ### > > > > * Verify the given prefix is unused > > * Create TAP interface > > * Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345 > > * Call uhcpd in the background with cap-net-raw capability so that it > >can use --bind-to-device > > * Run ethos > > * Correctly cleanup everything in case of error and experiment stop > > > > > > ### What I removed from "start_network.sh:### > > > > * Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128 > >dev lo" > > > > > > ### Important to know ### > > > > Currentlyip6tables are dropping all input on thessh frontend, so it can > > only > > be used as a client.(That's why I needed to allow traffic for uhcpd). > > The original reason is to prevent users to run a public server on the > > frontend. > > And even with private addresses, the user would have no way to secure it > > from other users with iptables, or binding to aspecificinterface. > > > > > > For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface, I > > could do something similar for ethos. > > > > > > ### Running the wrapper ### > > > > The current arguments are: > > > >|ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix > >| > > > > |The output:| > > || > > > >|sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64 > >DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter > >DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1 > >net.ipv6.conf.tap0.forwarding = 1 > >DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0 > >net.ipv6.conf.tap0.accept_ra = 0 > >DEBUG:root:Calling: ip link set tap0 up > >DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0 > >DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0 > >DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp > >--dport 12345 -j ACCEPT > >DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser > >--cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64 > >--bind-to-device > >DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path > >/sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1 > >Switch from 'root' to 'harter' > >Switch from 'root' to 'harter' > >Joining IPv6 multicast group... > >entering loop... > >> ethos: sending hello. > >> ethos: activating serial pass through. > >> ethos: hello reply received > > > > > > > help > >help > >Command Description > >--- > >reboot Reboot the node > >ps Prints information about running threads. > >ping6Ping via ICMPv6 > >random_init initializes the PRNG > >random_get returns 32 bit of pseudo randomness > >ifconfig Configure network interfaces > >fibroute Manipulate the FIB (info: 'fibroute [add|del]') > >ncache manage neighbor cache by hand > >routers IPv6 default router list > >6ctx 6LoWPAN context configuration tool > > > uhcp_client(): no reply received > >uhcp_client(): sending REQ... > >got packet from fe80::221:d3ff:fe60:5a8d port 12345 > >got packet from fe80::50c1::fe5d:a1c7 port 40483 > >uhcp: push from fe80::50c1::fe5d:a1c7:40483 prefix=fd00::/64 > >gnrc_uh
Re: [riot-devel] RFC: packaging "start_network.sh" on IoT-LAB
Hi Gaëtan, This sounds great! Would it be possible to merge this with the current version of the script (say with an additional parameter), so we can use it in the `iotlab-term` target version of the border router [1]? Cheers, Martine [1] https://github.com/RIOT-OS/RIOT/blob/master/examples/gnrc_border_router/Makefile#L65 2017-04-11 16:33 GMT+02:00 Gaëtan Harter : > Dear RIOT developers, > > > Iam working on packaging an equivalent of gnrc_border_router > "start_network.sh" script for IoT-LAB. > > The reason why I need to adapt it is that users are not root on the ssh > frontend, and that the frontend is shared between different users. > So I give sudo permissions for one executable, verify given arguments and > execute ethos/uhcpd as regularuser so serial ports can be accessed. > > I would like to have your feedback on the tool so I could fix things before > release. > > > ### The steps I do: ### > > * Verify the given prefix is unused > * Create TAP interface > * Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345 > * Call uhcpd in the background with cap-net-raw capability so that it >can use --bind-to-device > * Run ethos > * Correctly cleanup everything in case of error and experiment stop > > > ### What I removed from "start_network.sh:### > > * Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128 >dev lo" > > > ### Important to know ### > > Currentlyip6tables are dropping all input on thessh frontend, so it can only > be used as a client.(That's why I needed to allow traffic for uhcpd). > The original reason is to prevent users to run a public server on the > frontend. > And even with private addresses, the user would have no way to secure it > from other users with iptables, or binding to aspecificinterface. > > > For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface, I > could do something similar for ethos. > > > ### Running the wrapper ### > > The current arguments are: > >|ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix >| > > |The output:| > || > >|sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64 >DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter >DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1 >net.ipv6.conf.tap0.forwarding = 1 >DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0 >net.ipv6.conf.tap0.accept_ra = 0 >DEBUG:root:Calling: ip link set tap0 up >DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0 >DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0 >DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp >--dport 12345 -j ACCEPT >DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser >--cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64 >--bind-to-device >DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path >/sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1 >Switch from 'root' to 'harter' >Switch from 'root' to 'harter' >Joining IPv6 multicast group... >entering loop... >> ethos: sending hello. >> ethos: activating serial pass through. >> ethos: hello reply received > > > > help >help >Command Description >--- >reboot Reboot the node >ps Prints information about running threads. >ping6Ping via ICMPv6 >random_init initializes the PRNG >random_get returns 32 bit of pseudo randomness >ifconfig Configure network interfaces >fibroute Manipulate the FIB (info: 'fibroute [add|del]') >ncache manage neighbor cache by hand >routers IPv6 default router list >6ctx 6LoWPAN context configuration tool > > uhcp_client(): no reply received >uhcp_client(): sending REQ... >got packet from fe80::221:d3ff:fe60:5a8d port 12345 >got packet from fe80::50c1::fe5d:a1c7 port 40483 >uhcp: push from fe80::50c1::fe5d:a1c7:40483 prefix=fd00::/64 >gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again >uhcp_client(): sending REQ... >got packet from fe80::221:d3ff:fe60:5a8d port 12345 >got packet from fe80::e034:28ff:fe26:6ac3 port 49575 >uhcp: push from fe80::e034:28ff:fe26:6ac3:49575 prefix=fd00::/64 >gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again|| >||| > > |||And the interface|looks like: > >84: tap0: mtu 1500 qdisc >pfifo_fast state UP group default qlen 500 > link/ether 52:c1:ff:5d:a1:c7 brd ff:ff:ff:ff:ff:ff > inet6 fe80::50c1::fe5d:a1c7/64 scope link >valid_lft forever preferred_lft forever > inet6 fe80::1/64 scope link >valid_lft forever preferred_lft forever > > > This is the current state, and with some documentation it could be released > as is. > > > I thank you in advance for your feedbac
[riot-devel] RFC: packaging "start_network.sh" on IoT-LAB
Dear RIOT developers, Iam working on packaging an equivalent of gnrc_border_router "start_network.sh" script for IoT-LAB. The reason why I need to adapt it is that users are not root on the ssh frontend, and that the frontend is shared between different users. So I give sudo permissions for one executable, verify given arguments and execute ethos/uhcpd as regularuser so serial ports can be accessed. I would like to have your feedback on the tool so I could fix things before release. ### The steps I do: ### * Verify the given prefix is unused * Create TAP interface * Allow INPUT traffic on the frontend forUDP:[ff15::abcd]:12345 * Call uhcpd in the background with cap-net-raw capability so that it can use --bind-to-device * Run ethos * Correctly cleanup everything in case of error and experiment stop ### What I removed from "start_network.sh:### * Adding the local hard-writtenaddress: "ip a a fd00:dead:beef::1/128 dev lo" ### Important to know ### Currentlyip6tables are dropping all input on thessh frontend, so it can only be used as a client.(That's why I needed to allow traffic for uhcpd). The original reason is to prevent users to run a public server on the frontend. And even with private addresses, the user would have no way to secure it from other users with iptables, or binding to aspecificinterface. For tunslip6, I also add the address PREFIX::1/64 on the tun0 interface, I could do something similar for ethos. ### Running the wrapper ### The current arguments are: |ethos_uhcpd.py [-h] [--verbose] host tap ipv6_prefix | |The output:| || |sudo ethos_uhcpd.py --verbose m3-1 tap0 fd00::/64 DEBUG:root:Calling: ip tuntap add tap0 mode tap user harter DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.forwarding=1 net.ipv6.conf.tap0.forwarding = 1 DEBUG:root:Calling: sysctl -w net.ipv6.conf.tap0.accept_ra=0 net.ipv6.conf.tap0.accept_ra = 0 DEBUG:root:Calling: ip link set tap0 up DEBUG:root:Calling: ip addr add fe80::1/64 dev tap0 DEBUG:root:Calling: ip route add fd00::/64 via fe80::2 dev tap0 DEBUG:root:Calling: ip6tables -A INPUT -i tap0 -d ff15::abcd -p udp --dport 12345 -j ACCEPT DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --cap-net-raw -- /opt/ethos_tools/bin/uhcpd tap0 fd00::/64 --bind-to-device DEBUG:root:Calling: /usr/bin/python -m iotlabsudo.execuser --path /sbin -- /opt/ethos_tools/bin/ethos tap0 tcp:m3-1 Switch from 'root' to 'harter' Switch from 'root' to 'harter' Joining IPv6 multicast group... entering loop... > ethos: sending hello. > ethos: activating serial pass through. > ethos: hello reply received > help help Command Description --- reboot Reboot the node ps Prints information about running threads. ping6Ping via ICMPv6 random_init initializes the PRNG random_get returns 32 bit of pseudo randomness ifconfig Configure network interfaces fibroute Manipulate the FIB (info: 'fibroute [add|del]') ncache manage neighbor cache by hand routers IPv6 default router list 6ctx 6LoWPAN context configuration tool > uhcp_client(): no reply received uhcp_client(): sending REQ... got packet from fe80::221:d3ff:fe60:5a8d port 12345 got packet from fe80::50c1::fe5d:a1c7 port 40483 uhcp: push from fe80::50c1::fe5d:a1c7:40483 prefix=fd00::/64 gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again uhcp_client(): sending REQ... got packet from fe80::221:d3ff:fe60:5a8d port 12345 got packet from fe80::e034:28ff:fe26:6ac3 port 49575 uhcp: push from fe80::e034:28ff:fe26:6ac3:49575 prefix=fd00::/64 gnrc_uhcpc: uhcp_handle_prefix(): got same prefix again|| ||| |||And the interface|looks like: 84: tap0: mtu 1500 qdisc pfifo_fast state UP group default qlen 500 link/ether 52:c1:ff:5d:a1:c7 brd ff:ff:ff:ff:ff:ff inet6 fe80::50c1::fe5d:a1c7/64 scope link valid_lft forever preferred_lft forever inet6 fe80::1/64 scope link valid_lft forever preferred_lft forever This is the current state, and with some documentation it could be released as is. I thank you in advance for your feedback Regards, Gaëtan Harter - IoT-LAB Team ___ devel mailing list devel@riot-os.org https://lists.riot-os.org/mailman/listinfo/devel