[doc] backup-redmine/2017-07-13, master: doc: open-mesh/FAQ (e8c62a67) - commits - lists.open-mesh.org

14 Jul 2017

Repository : ssh://git@open-mesh.org/doc
On branches: backup-redmine/2017-07-13,master
...

commit e8c62a67183a473ad7d43adef20a7b721919ab5f
Author: Simon Wunderlich sw@simonwunderlich.de
Date:   Sat Mar 26 18:15:15 2011 +0000
doc: open-mesh/FAQ
...

e8c62a67183a473ad7d43adef20a7b721919ab5f
 open-mesh/FAQ.textile | 76 +++++++++++++++++++++++++--------------------------
 1 file changed, 38 insertions(+), 38 deletions(-)

diff --git a/open-mesh/FAQ.textile b/open-mesh/FAQ.textile
index cc6ed3eb..71f57f96 100644
--- a/open-mesh/FAQ.textile
+++ b/open-mesh/FAQ.textile
@@ -1,87 +1,85 @@
+h1. FAQ
-= FAQ =
-{{{
-#!div style="width: 46em; text-align: justify"
+If you are missing a question/answer (quite likely) please use the [[MailingList|BATMAN mailing list]] or [[IRC|IRC channel]] to trigger us.
-If you are missing a question/answer (quite likely) please use the [wiki:MailingList B.A.T.M.A.N. mailing list] or [wiki:IRC IRC channel] to trigger us.
-=== Does B.A.T.M.A.N. have simulator (NS2, Omnet++, etc) support? ===
+h2. Does B.A.T.M.A.N. have simulator (NS2, Omnet++, etc) support?
-At this point no B.A.T.M.A.N. implementation (we know of) supports simulators like the ones mentioned above. However, some people experiment with B.A.T.M.A.N. using emulators (UML/Qemu/etc). If you are looking for step-by-step instructions to install such a system you can [wiki:Emulation read our emulation document].
-=== How to make my mesh network secure ? ===
+At this point no B.A.T.M.A.N. implementation (we know of) supports simulators like the ones mentioned above. However, some people experiment with B.A.T.M.A.N. using emulators (UML/Qemu/etc). If you are looking for step-by-step instructions to install such a system you can [[Emulation|read our emulation document]].
-What kind of security do you need? Security is a big field. Maybe you just 
-mean encryption and authentication.....
-When you only want to make the whole wlan stuff unreadable for the outside, 
-you could just use WPA_NONE. But this doesn't resolve the problem that the key 
-could leak and make the mesh attackable - but that is something which could 
-always happen. So it is probably not a solution for wifi community projects, but for 
-mesh networks controlled by a company.
+h2. How to make my mesh network secure ?
-There are other ideas for traffic over batman-adv. Just forget about 
-encrypting your data on the wifi layer, but instead do everything some layers above. 
-Some people experimented with the idea of implementing the needed authentication and 
-encryption over IPsec.
-And most of the encryption and authentication stuff has to be resolved by the 
-user and not by the network provider. This means https for sensible data 
-instead of http, ssh instead of telnet, pop3s instead of pop3 and so on.
+What kind of security do you need? Security is a big field. Maybe you just mean encryption and authentication.....
-So it really depends what you want and cannot be resolved in a "security for 
-everything, against any attack and for every purpose" blob.
+When you only want to make the whole wlan stuff unreadable for the outside, you could just use WPA_NONE. But this doesn't resolve the problem that the key could leak and make the mesh attackable - but that is something which could always happen. So it is probably not a solution for wifi community projects, but for mesh networks controlled by a company.
+There are other ideas for traffic over batman-adv. Just forget about encrypting your data on the wifi layer, but instead do everything some layers above. Some people experimented with the idea of implementing the needed authentication and encryption over IPsec.
-=== Why does batman need so much time to detect a "dead" node ? ===
+And most of the encryption and authentication stuff has to be resolved by the user and not by the network provider. This means https for sensible data instead of http, ssh instead of telnet, pop3s instead of pop3 and so on.
+
+So it really depends what you want and cannot be resolved in a "security for everything, against any attack and for every purpose" blob.
+
+h2. Why does batman need so much time to detect a "dead" node ?
+
+Or: Why can I see a node in the originator table a long time after it died ?
-Or: Why can I see a node in the originator table a long time after it died ?[[BR]]
 Or: Does batman really need 200 seconds (PURGE_TIMEOUT) to switch the route ?
Batman switches the route as soon as it learns about a better path towards a destination which can take a fraction of a second up to several seconds very much depending on the settings and situation. When no more new originator messages are sent by a node (because it died), no more routing updates regarding this node are exchanged. Batman will not immediately delete this node from its database because the connection could just have a temporary problem and might recover. Only after a timeout period of (currently) 200 seconds the node is removed entirely from batman's internal database. It does not hurt to give the node a little extra time to recover from a connection loss as it speeds up the resume process. All routes using this "lost" node as intermediate hop will have changed towards another path in the meantime and are of no concern.
-=== Understanding the version and compatibility number ===
+
+h2. Understanding the version and compatibility number
+
The version number (defined as SOURCE_VERSION in the source)is the one displayed when launching the batmand in debug mode. It indicates the state of your code.
The compatibility number (defined as COMPAT_VERSION in the source) is transmitted with every broadcasted OGM to guide other batmand instances receiving this OGM whith the decision about incompatible protocol versions.
-=== Why are multiple interfaces problematic? ===
+
+h2. Why are multiple interfaces problematic?
+
The internet (and most network technology today) was designed with the idea that every interface on a given system has a unique broadcast adress. When a packet enters a system the kernel has to decide where it should be routed to. While using the same broadcast adresses on different interfaces you provoke an undefined situation as this should not happen (by design) and the result is unpredictable. In that case the Linux kernel will send all your packages to the first interface (in the routing table) with that broadcast address.
A solution to that problem is the usage of the Linux kernel option "BINDTODEVICE" which allows to specify an outgoing interface for a packet. Unfortunatly this option is a Linux-only feature (as far as we know). Therefore you won't be able to use multiple interfaces with the same broadcast addresses on other operation systems than Linux.
-=== Log larger amounts of debug messages ===
+
+h2. Log larger amounts of debug messages
+
First, install netcat on your device. On a OpenWRT based distro you can try this (packet version may vary):
-{{{
+<pre>
 ipkg install http://www.linuxops.net/ipkg/netcat_0.7.1_mipsel.ipk
-}}}
+</pre>
Then start batmand and pipe the output into netcat:
-{{{
+<pre>
 batmand -d 4 <your_interfaces> | nc -l -p <any_unused_port>
-}}}
+</pre>
Finally start the netcat client on your logging server and save the output:
-{{{
+<pre>
 nc <IP_of_your_device> <your_unused_port_from_step_2> > batman.log
-}}}
+</pre>
If you use a firewall, NAT or any other problematic network setup you can swap the netcat server position. Beware: Your netcat server has to be started before you start your netcat client.
-=== Update many Openwrt based systems ===
-   1. Download the update script: [http://downloads.open-mesh.org/batman/useful-scripts-and-tools/update_batman... update script]
+h3. Update many Openwrt based systems
+
+
+   1. Download the update script: "update script":http://downloads.open-mesh.org/batman/useful-scripts-and-tools/update_batman...
    2. Edit the the variables in the configuration section of the script to match your needs.
    3. Run the script. ;-)
@@ -91,10 +89,12 @@ Note: The HOSTS_TO_UPDATE variable in the script expects SSH host names which mu
 Tip: Use key based access to authenticate your login request on your machines to avoid typing your passwords too often. If you use encrypted keys you can enable the ssh-agent to manage your passwords.
-=== What is the batgat kernel module good for? ===
+
+h2. What is the batgat kernel module good for?
+
The batman daemon maintains a tunnel connection to every "batman internet client". Every packet that goes to the internet or comes back has to go through this tunnel. As it is a user space tunnel a lot of copying between user space and kernel land is necessary. Depending on the number of clients and the CPU power available this might be a bottleneck.
 The batgat kernel module tries to overcome this limitation. Once loaded the batman daemon will detect its presence automatically on startup. The daemon will activate the kernel module to let it handle the tunneling, hence avoiding the expensive copy operations. There is no difference between the daemon tunneling and the kernel tunneling other than that.
-}}}
+</pre>

    