B.A.T.M.A.N

b.a.t.m.a.n@lists.open-mesh.org

15 participants
4308 discussions

[B.A.T.M.A.N.] [PATCH-maintv2 0/3] Some fixes for DAT/TT/Speedy join corner cases
by Simon Wunderlich 02 Sep '15

02 Sep '15

This is the second iteration of the patches, with the following changes (thanks Antonio for review): * split out style patch no 3 * change 4addr check to use only payload (DATA) subtype in the first patch * count number of VLANs instead of comparing VLANs explicitly in the last patch Original (slightly updated) description here: Upon debugging a network with dangling, bogus TT entries, I found a couple of bugs for which I would like to propose fixes. The network showed the following symptoms: * DAT was enabled * VLANs were used, but not every originator used the same VLANs * I've found global entries assigned to originators which actually never had the client in question connected to them. These false target originators didn't even had the VLANs in use or bridged for which the entry was done. This caused packets sent to be sent to these wrong originators. * The wrong entries also didn't get purged automatically, since they didn't announce the VLAN in question through their TT TLVLs, and the TT code didn't check for excess VLANs. * Furthermore, the temp flag was removed too early from the TT entries so that the purge function was not removing the entry after a timeout as well. * I've found that with DAT, the cached ARP replies may cause these TT entries to be created on behalf of the answering host. This is wrong, since the answering host (usually) doesn't actually has the client connected. We have not yet tested these patches in the network, and the bug also appears only once in a couple of days. Therefore I'd like to ask to review these patches thoroughly, and if you agree to the fixes we will apply them in this production network. Thanks, Simon Simon Wunderlich (3): batman-adv: fix speedy join for DAT cache replies batman-adv: avoid keeping false temporary entry batman-adv: detect local excess vlans in TT request net/batman-adv/routing.c | 19 +++++++++++++++---- net/batman-adv/translation-table.c | 24 +++++++++++++++++++++--- 2 files changed, 36 insertions(+), 7 deletions(-) -- 2.5.0

2 11

[B.A.T.M.A.N.] Patches missing in batman-adv next/maint and net-next
by Sven Eckelmann 30 Aug '15

30 Aug '15

Hi, there seems to be 5 patches missing in batman-adv next which are already in net-next.git. Most likely the maintainers already know about them but at least one of them didn't reach the b.a.t.m.a.n mailing list. * batman-adv: convert to using IFF_NO_QUEUE next (will be send as reply of this mail) * batman-adv: Fix memory leak on tt add with invalid vlan maint https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2015-August/013560.html * batman-adv: Remove unnecessary braces for test_bit() in DAT maint https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2015-August/013537.html * batman-adv: Remove unnecessary braces for test_bit() in NC maint https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2015-August/013538.html * batman-adv: Remove unnecessary braces for test_bit() in MCAST maint https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2015-August/013539.html There are also a bunch of patches missing in net-next (see attachment). I highly recommend to format these patches with the git-format-patches option --histogram. Otherwise patch 4 ("batman-adv: move neigh_node list add into batadv_neigh_node_new()") becomes unreadable. Kind regards, Sven

3 3

[B.A.T.M.A.N.] pull request: batman-adv 20150828
by Antonio Quartulli 28 Aug '15

28 Aug '15

Hello David, this is our very last batch of patches intended for net-next/linux-4.3 It includes again 2 non-critical fixes which we couldn't send to net and then the rest is just code restyling and beautification. No major behavioural change was introduced. Please pull or let me know of any problem! Thanks a lot, Antonio The following changes since commit 1dd34b5ad8aebaff17b625fc0126e18243008a3f: bpf: fix bpf_skb_set_tunnel_key() helper (2015-08-26 17:38:13 -0700) are available in the git repository at: git://git.open-mesh.org/linux-merge.git tags/batman-adv-for-davem for you to fetch changes up to ed29266347025a19ee689807b07d121f0a7441f1: batman-adv: turn batadv_neigh_node_get() into local function (2015-08-27 20:15:34 +0200) ---------------------------------------------------------------- Included changes: - code beautification - remove obsolete 'deleted' attribute for bat-gw node - increase internal version number - prevent potential access to netdev object after deregistration - set needed_head/tail_room for batman virtual interface ---------------------------------------------------------------- Antonio Quartulli (1): batman-adv: don't access unregistered net_device object Marek Lindner (5): batman-adv: move hardif refcount inc to batadv_neigh_node_new() batman-adv: remove redundant hard_iface assignment batman-adv: move neigh_node list add into batadv_neigh_node_new() batman-adv: rearrange batadv_neigh_node_new() arguments to follow convention batman-adv: turn batadv_neigh_node_get() into local function Simon Wunderlich (3): batman-adv: remove obsolete deleted attribute for gateway node batman-adv: fix gateway client style issues batman-adv: Start new development cycle Sven Eckelmann (1): batman-adv: Add lower layer needed_(head|tail)room to own ones net/batman-adv/bat_iv_ogm.c | 30 +------------- net/batman-adv/gateway_client.c | 50 ++++++----------------- net/batman-adv/gateway_client.h | 2 +- net/batman-adv/hard-interface.c | 44 +++++++++++++++++++- net/batman-adv/main.c | 2 +- net/batman-adv/main.h | 2 +- net/batman-adv/originator.c | 90 ++++++++++++++++++++++++----------------- net/batman-adv/originator.h | 9 ++--- net/batman-adv/soft-interface.c | 2 - net/batman-adv/types.h | 2 - 10 files changed, 117 insertions(+), 116 deletions(-)

2 11

[B.A.T.M.A.N.] pull request: batman-adv 20150825
by Antonio Quartulli 25 Aug '15

25 Aug '15

Hello David, here you have another batch intended for net-next/linux-4.3. Most of the patches are about code restyling and beautification, but we also a couple of non critical fixes which didn't make their way through net. Please pull or let me know of any problem! Thanks a lot, Antonio The following changes since commit 56fff0a01fa056502a28d67cb5a2714d64780415: Merge branch 'fjes' (2015-08-24 14:06:37 -0700) are available in the git repository at: git://git.open-mesh.org/linux-merge.git tags/batman-adv-for-davem for you to fetch changes up to 854d2a63de86a769db4dbed75b660f544b3c0c7a: batman-adv: beautify supported routing algorithm list (2015-08-25 00:12:24 +0200) ---------------------------------------------------------------- Included changes: - code restyling and beautification - use int kernel types instead of C99 - update kereldoc - prevent potential hlist double deletion of VLAN objects - fix gw bandwidth calculation - convert list to hlist when needed - add lockdep_asserts calls in function with lock requirements described in kerneldoc ---------------------------------------------------------------- Marek Lindner (6): batman-adv: update kernel doc of batadv_tt_global_del_orig_entry() batman-adv: rename batadv_new_tt_req_node to batadv_tt_req_node_new batman-adv: convert orig_node->vlan_list to hlist batman-adv: prevent potential hlist double deletion batman-adv: convert bat_priv->tt.req_list to hlist batman-adv: beautify supported routing algorithm list Sven Eckelmann (9): batman-adv: Replace C99 int types with kernel type batman-adv: Fix kerneldoc over 80 column lines batman-adv: Remove multiple assignment per line batman-adv: Remove batadv_ types forward declarations batman-adv: Return EINVAL on invalid gw_bandwidth change batman-adv: Fix gw_bandwidth calculation on 32 bit systems batman-adv: Annotate deleting functions with external lock via lockdep batman-adv: Add lockdep_asserts for documented external locks batman-adv: Fix conditional statements indentation net/batman-adv/bat_iv_ogm.c | 102 +++++------ net/batman-adv/bitarray.c | 6 +- net/batman-adv/bitarray.h | 10 +- net/batman-adv/bridge_loop_avoidance.c | 78 ++++----- net/batman-adv/bridge_loop_avoidance.h | 8 +- net/batman-adv/debugfs.h | 1 - net/batman-adv/distributed-arp-table.c | 62 +++---- net/batman-adv/distributed-arp-table.h | 8 +- net/batman-adv/fragmentation.c | 13 +- net/batman-adv/gateway_client.c | 27 +-- net/batman-adv/gateway_client.h | 2 +- net/batman-adv/gateway_common.c | 67 +++++-- net/batman-adv/gateway_common.h | 1 - net/batman-adv/hash.c | 6 +- net/batman-adv/hash.h | 12 +- net/batman-adv/icmp_socket.c | 6 +- net/batman-adv/icmp_socket.h | 1 - net/batman-adv/main.c | 84 ++++----- net/batman-adv/main.h | 48 +++-- net/batman-adv/multicast.c | 35 ++-- net/batman-adv/multicast.h | 2 - net/batman-adv/network-coding.c | 55 +++--- net/batman-adv/network-coding.h | 4 - net/batman-adv/originator.c | 22 +-- net/batman-adv/originator.h | 11 +- net/batman-adv/packet.h | 204 +++++++++++----------- net/batman-adv/routing.c | 24 +-- net/batman-adv/routing.h | 6 +- net/batman-adv/send.c | 8 +- net/batman-adv/send.h | 11 +- net/batman-adv/soft-interface.c | 26 ++- net/batman-adv/soft-interface.h | 4 - net/batman-adv/sysfs.c | 4 +- net/batman-adv/sysfs.h | 2 - net/batman-adv/translation-table.c | 308 ++++++++++++++++++--------------- net/batman-adv/translation-table.h | 31 ++-- net/batman-adv/types.h | 113 ++++++------ 37 files changed, 733 insertions(+), 679 deletions(-)

2 16

[B.A.T.M.A.N.] [PATCH-maint 0/4] Some fixes for DAT/TT/Speedy join corner cases
by Simon Wunderlich 25 Aug '15

25 Aug '15

Upon debugging a network with dangling, bogus TT entries, I found a couple of bugs for which I would like to propose fixes. The network showed the following symptoms: * DAT was enabled * VLANs were used, but not every originator used the same VLANs * I've found global entries assigned to originators which actually never had the client in question connected to them. These false target originators didn't even had the VLANs in use or bridged for which the entry was done. This caused packets sent to be sent to these wrong originators. * The wrong entries also didn't get purged automatically, since they didn't announce the VLAN in question through their TT TLVLs, and the TT code didn't check for excess VLANs. * Furthermore, the temp flag was removed too early from the TT entries so that the purge function was not removing the entry after a timeout as well. * I've found that with DAT, the cached ARP replies may cause these TT entries to be created on behalf of the answering host. This is wrong, since the answering host (usually) doesn't actually has the client connected. Three of these four patches fix various issues connected with the problem described above. The fourth one is merely a style fix which does not neccessarily have to be adopted to maint. We have not yet tested these patches in the network, and the bug also appears only once in a couple of days. Therefore I'd like to ask to review these patches thoroughly, and if you agree to the fixes we will apply them in this production network. Thanks, Simon Simon Wunderlich (4): batman-adv: fix speedy join for DAT cache replies batman-adv: avoid keeping false temporary entry batman-adv: unify flags access style in tt global add batman-adv: detect local excess vlans in TT request net/batman-adv/routing.c | 17 +++++++++++++---- net/batman-adv/translation-table.c | 33 ++++++++++++++++++++++++++++++--- 2 files changed, 43 insertions(+), 7 deletions(-) -- 2.5.0

2 15

[B.A.T.M.A.N.] Kernel crashes when using more than one interface in bat0
by Bjoern Franke 23 Aug '15

23 Aug '15

Hi, we are using batman-adv in our Freifunk network for meshing over several interfaces. The nodes are connected to vpn-servers via fastd, the vpn-servers are connected via tincd or gretap. When we put the fastd-interface and the tinc (or gretap)-inteface into bat0, the kernel crashes after some time. With 2013.4, no crashes occured, but since the update to 2014.3 the issue happens sometimes after 5 minutes, sometimes after 3 days. Upgrading to 2015.1 did not solve the problem, it seems the crashes occur more often then. Unfornately we have no logs now, because after the crashes no ssh -access to the servers are possible. nc / mm / bl are set disabled and seem to have no effect on this issue. Regards Bjoern -- xmpp bjo(a)schafweide.org

5 6

Re: [B.A.T.M.A.N.] Why we switched to Babel
by Marek Lindner 19 Aug '15

19 Aug '15

On Saturday, August 15, 2015 07:05:17 Marc Juul wrote: > > I am afraid by telling your mesh users that you switched to an IP based > > mesh protocol you lure them into a false sense of 'non-traceability'. It > > kind of feels like a debate we had almost a decade ago when WiFi came to > > the masses. People had the feeling to use WiFi they had to learn what this > > cumbersome SSL thing is. Because WiFi is insecure as the waves leave your > > home and the neighbors can eavesdrop on you .. Countless hours had to be > > invested into educating our mesh users that SSL always is a good thing. > > > > Personally, I rotate my MAC address on a daily basis. That works not only > > with > > batman-adv but everywhere. Obviously, that won't help you against the > > countless ad networks, Google, Facebook, etc, etc > > I hear you. > > The biggest danger I feel is that associating to one of our access points > once with your phone would then allow anyone, even a technically > semi-literate stalker, to track you and find out where you live and work > using something we built. My fear would be that someone could use this data > to put up a public web app where any idiot can put in a MAC address and > instantly get a nice map of movement activity. I think we are at a point in our discussion where we just repeat what was already said. batman-adv certainly can be improved to provide better anonymity by default. Even with such a mechanism in place people can be tracked in your network (with IP mesh routing or without). Tracking without connecting to your network is even easier than that. Therefore, I favor education over a technology arms race. The latter you won't be able to win as you eventually will have to battle people's desire for the 'least effort route'. > Hopefully these tracking services you mention are not quite so easy to > access and use for something like this by an unlicensed individual (but > maybe they are?) though even if others are making these types of services > available, I'd rather not make it easy for them to use our network for their > nefarious purposes. These systems are built for absolutely non-technical users. For those who prefer videos over boring texts: https://www.youtube.com/watch?v=hCGiGaRp7-U I recommend to pay close attention to the section they call 'loyal customers' (around 1:30min into the video). Note that this was just the first search result that came up. There are many more. Cheers, Marek

2 1

[B.A.T.M.A.N.] pull request: batman-adv 20150814
by Antonio Quartulli 17 Aug '15

17 Aug '15

Hi David, this is our first batch intended for net-next/linux-4.3 (resent after fixing the parenthesis as reported by Sergei). Here you have all those non-critical fixes/changes that we couldn't merge into the net tree as it was already too late in the release cycle. This is a summary of what each patch does: - patch 1 by Sven Eckelmann is changing the way the GW metric is computed so that the resulting operation does not make use of divisions and also does not lead to any data type promotion. This is a requirement for patch 2; - patch 2 by Ruben Wisniewski is changing the type of the variable used in the same GW metric computation as patch 1 to uint64_t so that potential integer overflows are prevented. Thanks to Sven's patch above no 64bit division will be involved; - patches 3, 4, 5 and 6 by Linus Lüssing are converting plain bitwise operations on capability bits to set/clear/test_bit() in order to ensure their atomicity and prevent potential race conditions; - patch 7, also by Linus, is making the multicast TVLV parsing routine thread-safe in order to prevent potential race conditions upon reception of two OGMs from the same originator at the same time; - patch 8 by Marek Lindner prevents potential double deletions of TT Request objects from its lists which would lead to a kernel crash. - patch 9 by Simon Wunderlich is ensuring that no enqueued packet is leaked when an interface is deactivated; - patch 10 by Linus Lüssing is setting the network header in the skb struct right after a packet was delivered to the batman virtual interface so that subsequent call to ip/ipv6_hdr() do not crash. Please pull or let me know of any problem! Thanks a lot David, Antonio The following changes since commit 07a51cd3794960548627a27aae68c1446341db32: vxlan: fix fdb_dump index calculation (2015-08-10 21:15:18 -0700) are available in the git repository at: git://git.open-mesh.org/linux-merge.git tags/batman-adv-for-davem for you to fetch changes up to 53cf037bf846417fd92dc92ddf97267f69b110f4: batman-adv: Fix potentially broken skb network header access (2015-08-14 22:52:10 +0200) ---------------------------------------------------------------- Included changes: - avoid integer overflow in GW selection routine - prevent race condition by making capability bit changes atomic (use clear/set/test_bit) - fix synchronization issue in mcast tvlv handler - fix crash on double list removal of TT Request objects - fix leak by puring packets enqueued for sending upon iface removal - ensure network header pointer is set in skb ---------------------------------------------------------------- Linus Lüssing (6): batman-adv: Make DAT capability changes atomic batman-adv: Make NC capability changes atomic batman-adv: Make TT capability changes atomic batman-adv: Make MCAST capability changes atomic batman-adv: Fix potential synchronization issues in mcast tvlv handler batman-adv: Fix potentially broken skb network header access Marek Lindner (1): batman-adv: protect tt request from double deletion Ruben Wisniewski (1): batman-adv: Avoid u32 overflow during gateway select Simon Wunderlich (1): batman-adv: remove broadcast packets scheduled for purged outgoing if Sven Eckelmann (1): batman-adv: Replace gw_reselect divisor with simple shift net/batman-adv/distributed-arp-table.c | 7 +-- net/batman-adv/gateway_client.c | 8 +--- net/batman-adv/multicast.c | 81 +++++++++++++++++++++++++--------- net/batman-adv/network-coding.c | 7 +-- net/batman-adv/originator.c | 5 +++ net/batman-adv/send.c | 3 +- net/batman-adv/soft-interface.c | 7 ++- net/batman-adv/translation-table.c | 17 ++++--- net/batman-adv/types.h | 15 ++++--- 9 files changed, 102 insertions(+), 48 deletions(-)

2 11

[B.A.T.M.A.N.] [PATCH] alfred: mention libcap in the README
by Simon Wunderlich 17 Aug '15

17 Aug '15

Reported-by: Florian Steinel <alfred(a)open-mesh.org.flonet.net> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- README | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README b/README index 7cef9f6..938a275 100644 --- a/README +++ b/README @@ -29,8 +29,9 @@ alfred depends on: * librt (usually part of libc) * IPv6 support in the kernel/host system -and if distributing GPS information: - * libgps +and optionally: + * libgps - if you want to distribute GPS information + * libcap - if you want extra security by dropping unneeded privileges To compile alfred, simply type: @@ -53,6 +54,10 @@ CONFIG_ALFRED_GPSD=n: $ make CONFIG_ALFRED_GPSD=n $ make CONFIG_ALFRED_GPSD=n install +If don't want to compile with libcap to drop privileges, use: + + $ make CONFIG_ALFRED_CAPABILITIES=n + $ make CONFIG_ALFRED_CAPABILITIES=n install Usage ----- -- 2.1.4

1 1

Re: [B.A.T.M.A.N.] Why we switched to Babel
by Marek Lindner 15 Aug '15

15 Aug '15

On Saturday, August 15, 2015 04:21:27 Marc Juul wrote: > > What spoke against using the batman-adv layer2 fragmentation: > > > > http://www.open-mesh.org/projects/open-mesh/wiki/2012-09-24-GSoC-2012-Mart > > in-Hundebolls-Final-Report ? > > This was a while back now but if I remember correctly we were getting > terrible performance when using fragmentation. We were at the time using > the old Picostation 2 HP routers, which we only later learned perform > terribly even when they're just acting as dumb bridges, so that could > definitely have been a significant factor. None of our team were super > experienced with wifi/mesh when we started out and we are much wiser now > than we were a year ago when we made this switch, so it's possible that we > could go back and use fragmentation and have batman-adv work for us now. I'd expect some impact on performance but nothing as dramatic as what you are describing. Would be interesting to get actual numbers. > However, the privacy issue with a city-wide network using the client MAC > address for identification still stands as something we do not know how to > fix for batman-adv. To make matters worse we've had some people > misinterpret what we're doing and then go out and tell others that we're > making some privacy-focused network with anti-NSA-surveillance measures, > which made it even worse to have to explain that anyone who knows your MAC > can track you as you move about the city. Though I recognize and share the desire for privacy batman-adv is first and foremost a mesh protocol. Not an anonymizer or NSA-defender. That being said, I am not adverse to somebody working on this subject and making batman-adv a better place. I do like to point that even by not using batman-adv one can easily be tracked via the MAC address on a national or global scale. Search online for the magic words 'presence analytics' and you'll get an impressive list of companies (most of them based in the Bay area) offering products & tools able to track you all around the country or even internationally (depends on the size of your business). I myself have been contacted by quite a number of companies asking me to help them to develop such systems. You don't even need to connect to these hotspots to be tracked. Passing by is enough. I am afraid by telling your mesh users that you switched to an IP based mesh protocol you lure them into a false sense of 'non-traceability'. It kind of feels like a debate we had almost a decade ago when WiFi came to the masses. People had the feeling to use WiFi they had to learn what this cumbersome SSL thing is. Because WiFi is insecure as the waves leave your home and the neighbors can eavesdrop on you .. Countless hours had to be invested into educating our mesh users that SSL always is a good thing. Personally, I rotate my MAC address on a daily basis. That works not only with batman-adv but everywhere. Obviously, that won't help you against the countless ad networks, Google, Facebook, etc, etc Cheers, Marek

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

B.A.T.M.A.N