[OLSR-users] Rescue access

Ignacio García Pérez (spam-protected)
Fri Apr 8 09:52:27 CEST 2005 

Hi all,

As may be the case of many others, I manage a set of nodes with olsrd
installed which are physically located either very far or in hardly
accessible places. This means deploying a new olsrd version is a risky
process, because if *anything* goes wrong and access to the node is lost,
someone will have to go there.

So I have been thinking of programming something that would allow access to
the node even in the worst case. It needs not be efficient, because it will
be *very* rarely (ideally *never*) used.

In this message, I share my thoughs on the matter. I post it in this list
because though it is not olsr specific, I think it is a good place to find
people in my same situation that could share valuable comments on the
subject. Also, I don't want to reinvent the wheel. Does something like this
already exist?.

So, this is what I plan to program:

Data will be sent by simple network flooding. All nodes will listen to a
specific port for UDP packets. The packet header will contain:

- Destination IP address.
- Source IP address.
- Unique identifier (simple 32 bit counter increased by the source node for
each packet)

For each received packet, the node will first check if it has already seen
this packet (source IP and unique identifier) and if so ignore it.
Otherwise, if it is not for itself, it will broadcast it through all
interfaces.

I insist that I know this is hideously inefficient, but since it has not to
deal with any kind of routing, should work ALWAYS, no matter how much the
routing tables are screwed.

Now for the real implementation: I guess the easiest way is to use the TUN
interface. The program would create a tun0 network interface. All tun0
interfaces in all nodes should be configured to be in the same subnet,
different from the olsrd subnet, thus minimizing the chances of routing
table havoc in the olsrd subnet affect the "rescue" subnet. The program will
get packets sent to the tun0 device, pull the destination IP address,
encapsulate them into a UDP packet with the above described forma, and flood
the network. For flood UDP packets received that are addressed to the node,
it will simply deencapsulate them and make them available to the system
through the tun0 interface.

I think this meets the goals: extremelly simple and robust. Any comments?

Nacho.


P.S: there's also the concernt that placing a dumb network flooder in each
node makes a great way for malicious parties to DOS the mesh. Should I think
of some way to enforce permissions on the packets that can and cannot be
flooded?.

More information about the Olsr-users mailing list