[B.A.T.M.A.N.] Non-batman Clients

[B.A.T.M.A.N.] Non-batman Clients

[Jonathan Haws]

I've followed the quick start guide, but apparently I'm missing 
something when it comes to non-batman clients.

I've set all this up using vagrant and VirtualBox.  The mesh seems to 
work perfectly, however when I put in non-batman clients they cannot 
communicate one with another.  I would expect that they would be able to 
ping one another.

I've given IP addresses to the bridge adapters on the 192.168.1.0/24 
subnet.  The clients I've given IP addresses on that same subnet 
(192.168.1.121 and 192.168.1.142).  When I tried pinging, I don't get 
anything back.  Sniffing packets in tcpdump shows that it is never 
getting anything back, though I did get an ARP back once with the 
correct MAC address, but still couldn't ping.  Never got an ARP back 
again...

I can ping from each client to the IP address of the bridge they are 
connecting to, but cannot ping anything else on the network.

Any thoughts?  Hopefully someone has seen this before and can point me 
in the right direction!

Also, is there a separate list for alfred, or should I use this list for 
alfred questions?

Thanks!
Jon


Here are the commands I used to setup:

batctl if add eth0 (eth0 already up)
ip link add name br0 type bridge
ip link set dev eth1 master br0
ip link set dev bat0 master br0
ip link set up dev eth1
ip link set up dev bat0
ip addr replace dev br0 192.168.1.102/24 (and 104 on the other node)


Here is what batadv-vis shows for my setup (I changed the labels "TT" 
for the two clients to "CLI<IP>").

digraph {
	subgraph "cluster_08:00:27:2c:10:05" {
		"08:00:27:2c:10:05"
	}
	"08:00:27:2c:10:05" -> "08:00:27:6b:86:2e" [label="1.016"]
	"08:00:27:2c:10:05" -> "0a:00:27:00:00:06" [label="TT"]
	"08:00:27:2c:10:05" -> "1e:8d:d3:23:ab:d4" [label="TT"]
	"08:00:27:2c:10:05" -> "08:00:27:b1:38:03" [label="CLI142"]
	"08:00:27:2c:10:05" -> "1e:8d:d3:23:ab:d4" [label="TT"]
	"08:00:27:2c:10:05" -> "08:00:27:1c:9b:14" [label="TT"]
	subgraph "cluster_08:00:27:a2:8c:62" {
		"08:00:27:a2:8c:62"
	}
	"08:00:27:a2:8c:62" -> "08:00:27:83:dd:41" [label="1.000"]
	"08:00:27:a2:8c:62" -> "08:00:27:38:31:55" [label="1.000"]
	"08:00:27:a2:8c:62" -> "08:00:27:f6:78:1a" [label="TT"]
	"08:00:27:a2:8c:62" -> "d6:f4:e6:bd:22:fb" [label="TT"]
	"08:00:27:a2:8c:62" -> "d6:f4:e6:bd:22:fb" [label="TT"]
	"08:00:27:a2:8c:62" -> "0a:00:27:00:00:05" [label="TT"]
	subgraph "cluster_08:00:27:38:31:55" {
		"08:00:27:38:31:55"
	}
	"08:00:27:38:31:55" -> "08:00:27:83:dd:41" [label="1.000"]
	"08:00:27:38:31:55" -> "08:00:27:a2:8c:62" [label="1.000"]
	"08:00:27:38:31:55" -> "52:98:12:67:6b:06" [label="TT"]
	"08:00:27:38:31:55" -> "0a:00:27:00:00:04" [label="TT"]
	"08:00:27:38:31:55" -> "08:00:27:08:ee:90" [label="CLI121"]
	"08:00:27:38:31:55" -> "52:98:12:67:6b:06" [label="TT"]
	"08:00:27:38:31:55" -> "08:00:27:17:21:9d" [label="TT"]
	subgraph "cluster_08:00:27:6b:86:2e" {
		"08:00:27:6b:86:2e"
		"08:00:27:83:dd:41" [peripheries=2]
	}
	"08:00:27:6b:86:2e" -> "08:00:27:2c:10:05" [label="1.000"]
	"08:00:27:83:dd:41" -> "08:00:27:38:31:55" [label="1.000"]
	"08:00:27:83:dd:41" -> "08:00:27:a2:8c:62" [label="1.016"]
	"08:00:27:6b:86:2e" -> "a6:f4:5c:fa:06:cd" [label="TT"]
	"08:00:27:6b:86:2e" -> "0a:00:27:00:00:03" [label="TT"]
	"08:00:27:6b:86:2e" -> "08:00:27:9c:bb:a3" [label="TT"]
	"08:00:27:6b:86:2e" -> "a6:f4:5c:fa:06:cd" [label="TT"]
}

Re: [B.A.T.M.A.N.] Non-batman Clients

[Jonathan Haws]

> I've followed the quick start guide, but apparently I'm missing
> something when it comes to non-batman clients.
>
> I've set all this up using vagrant and VirtualBox.  The mesh seems to
> work perfectly, however when I put in non-batman clients they cannot
> communicate one with another.  I would expect that they would be able to
> ping one another.
>
> I've given IP addresses to the bridge adapters on the 192.168.1.0/24
> subnet.  The clients I've given IP addresses on that same subnet
> (192.168.1.121 and 192.168.1.142).  When I tried pinging, I don't get
> anything back.  Sniffing packets in tcpdump shows that it is never
> getting anything back, though I did get an ARP back once with the
> correct MAC address, but still couldn't ping.  Never got an ARP back
> again...
>
> I can ping from each client to the IP address of the bridge they are
> connecting to, but cannot ping anything else on the network.
>
> Any thoughts?  Hopefully someone has seen this before and can point me
> in the right direction!

Bump...has anyone run into this before?  Am I just missing something simple?

Thanks!

Re: [B.A.T.M.A.N.] Non-batman Clients

[Simon Wunderlich]

[-- Attachment #1: Type: text/plain, Size: 1945 bytes --]

Hi Jonathan,

On Friday 27 May 2016 22:25:46 Jonathan Haws wrote:
> I've followed the quick start guide, but apparently I'm missing
> something when it comes to non-batman clients.
> 
> I've set all this up using vagrant and VirtualBox.  The mesh seems to
> work perfectly, however when I put in non-batman clients they cannot
> communicate one with another.  I would expect that they would be able to
> ping one another.
> 
> I've given IP addresses to the bridge adapters on the 192.168.1.0/24
> subnet.  The clients I've given IP addresses on that same subnet
> (192.168.1.121 and 192.168.1.142).  When I tried pinging, I don't get
> anything back.  Sniffing packets in tcpdump shows that it is never
> getting anything back, though I did get an ARP back once with the
> correct MAC address, but still couldn't ping.  Never got an ARP back
> again...
> 
> I can ping from each client to the IP address of the bridge they are
> connecting to, but cannot ping anything else on the network.
> 
> Any thoughts?  Hopefully someone has seen this before and can point me
> in the right direction!
> 
> Also, is there a separate list for alfred, or should I use this list for
> alfred questions?

You can use this list for alfred stuff, there is no other list.

> 
> Thanks!
> Jon
> 
> 
> Here are the commands I used to setup:
> 
> batctl if add eth0 (eth0 already up)
> ip link add name br0 type bridge
> ip link set dev eth1 master br0
> ip link set dev bat0 master br0
> ip link set up dev eth1
> ip link set up dev bat0
> ip addr replace dev br0 192.168.1.102/24 (and 104 on the other node)

This looks good as far as I can tell.

Do you happen to use the 192.168.1.0/24 somewhere else? Do you have some IPs 
configured on eth0 or eth1 by any chance (best to remove them).

I guess, the best way to debug is to check with tcpdump on each interface 
(eth0, eth1, bat0, etc) and on each machine where you see your data is lost.

Cheers,
     Simon

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [B.A.T.M.A.N.] Non-batman Clients

[Marek Lindner]

[-- Attachment #1: Type: text/plain, Size: 1028 bytes --]

On Friday, May 27, 2016 22:25:46 Jonathan Haws wrote:
> I've given IP addresses to the bridge adapters on the 192.168.1.0/24 
> subnet.  The clients I've given IP addresses on that same subnet 
> (192.168.1.121 and 192.168.1.142).  When I tried pinging, I don't get 
> anything back.  Sniffing packets in tcpdump shows that it is never 
> getting anything back, though I did get an ARP back once with the 
> correct MAC address, but still couldn't ping.  Never got an ARP back 
> again...
> 
> I can ping from each client to the IP address of the bridge they are 
> connecting to, but cannot ping anything else on the network.

Can you ping from the nodes running batman-adv to other nodes running batman-
adv ? In other words: Is your mesh working ?

Can you provide specifics about what you saw when running tcpdump ? What does 
'never getting anything back' mean ? The ping goes one way without any pong 
showing up ? Have you checked on the ping destination (via tcpdump) that the 
ping ever made it there ?


Cheers,
Marek

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [B.A.T.M.A.N.] Non-batman Clients

[Jonathan Haws]

> Can you ping from the nodes running batman-adv to other nodes running batman-
> adv ? In other words: Is your mesh working ?

Yes, I can use the standard ping command to ping any batman node on the 
mesh from any other batman node.  It is the non-batman clients that are 
not communicating with anything.  They can only ping the node they are 
directly connected to.

> Can you provide specifics about what you saw when running tcpdump ? What does
> 'never getting anything back' mean ? The ping goes one way without any pong
> showing up ? Have you checked on the ping destination (via tcpdump) that the
> ping ever made it there ?

I had two non-batman clients on the mesh, connected to two different 
nodes separated by a third node (i.e. for the client on node 1 to 
communicate to the client on node 3, the data has to go through node 2). 
  Each client can ping the node they are connected to (the br0 
interface, which has the IP address), but when they try and ping another 
node or the other client I see the ping requests go out in tcpdump, but 
nothing received at the other end (again in tcpdump).  I do see a lot of 
ARP requests without replies on the originator if that helps.

Thanks!

Re: [B.A.T.M.A.N.] Non-batman Clients

[Jonathan Haws]

>> Can you ping from the nodes running batman-adv to other nodes running batman-
>> adv ? In other words: Is your mesh working ?
>
> Yes, I can use the standard ping command to ping any batman node on the
> mesh from any other batman node.  It is the non-batman clients that are
> not communicating with anything.  They can only ping the node they are
> directly connected to.
Double checked this just now and I can ping all batman nodes (their br0 
interfaces) just fine from any node.

>> Can you provide specifics about what you saw when running tcpdump ? What does
>> 'never getting anything back' mean ? The ping goes one way without any pong
>> showing up ? Have you checked on the ping destination (via tcpdump) that the
>> ping ever made it there ?
>
> I had two non-batman clients on the mesh, connected to two different
> nodes separated by a third node (i.e. for the client on node 1 to
> communicate to the client on node 3, the data has to go through node 2).
>    Each client can ping the node they are connected to (the br0
> interface, which has the IP address), but when they try and ping another
> node or the other client I see the ping requests go out in tcpdump, but
> nothing received at the other end (again in tcpdump).  I do see a lot of
> ARP requests without replies on the originator if that helps.

Here is some sample output.  Client 3b is trying to ping client 4a and 
4a is trying to ping 3b at the same time.  While all batman nodes can 
ping other nodes, they can only ping their own clients (i.e. those 
connected directly to them).

I'm guessing I'm missing some sort of routing information or bridge 
configuration.  If anyone can shed some light or let me know what sort 
of output they'd like to see I'm happy to gather it and send it along.

Thanks!


Client 3b: 192.168.1.132/24 -- 08:00:27:32:c7:1c
Command: tcpdump

17:46:26.923228 ARP, Request who-has 192.168.1.132 tell 192.168.1.141, 
length 46
17:46:26.923246 ARP, Reply 192.168.1.132 is-at 08:00:27:32:c7:1c (oui 
Unknown), length 28
17:46:26.952511 IP 192.168.1.132 > 192.168.1.141: ICMP echo request, id 
1374, seq 221, length 64


Client 4b: 192.168.1.141/24 -- 08:00:27:1f:90:aa
Command: tcpdump

17:46:26.021447 ARP, Request who-has 192.168.1.132 tell 192.168.1.141, 
length 28
17:46:26.357353 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, 
Request from 08:00:27:9d:43:0a (oui Unknown), length 300
17:46:26.953478 08:00:27:1f:90:aa (oui Unknown) > Broadcast, ethertype 
Unknown (0x4305), length 74:
	0x0000:  000f 3200 d609 7156 0800 271f 90aa 0800  ..2...qV..'.....
	0x0010:  271f 90aa 00ff 0024 0401 0014 0102 0002  '......$........
	0x0020:  3f0f a131 8000 2000 7720 f3e8 0000 0000  ?..1....w.......
	0x0030:  0601 0004 0000 0000 0201 0000            ............

Re: [B.A.T.M.A.N.] Non-batman Clients

[Jonathan Haws]

>>> Can you provide specifics about what you saw when running tcpdump ? What does
>>> 'never getting anything back' mean ? The ping goes one way without any pong
>>> showing up ? Have you checked on the ping destination (via tcpdump) that the
>>> ping ever made it there ?
>>
>> I had two non-batman clients on the mesh, connected to two different
>> nodes separated by a third node (i.e. for the client on node 1 to
>> communicate to the client on node 3, the data has to go through node 2).
>>     Each client can ping the node they are connected to (the br0
>> interface, which has the IP address), but when they try and ping another
>> node or the other client I see the ping requests go out in tcpdump, but
>> nothing received at the other end (again in tcpdump).  I do see a lot of
>> ARP requests without replies on the originator if that helps.
>
> Here is some sample output.  Client 3b is trying to ping client 4a and
> 4a is trying to ping 3b at the same time.  While all batman nodes can
> ping other nodes, they can only ping their own clients (i.e. those
> connected directly to them).
>
> I'm guessing I'm missing some sort of routing information or bridge
> configuration.  If anyone can shed some light or let me know what sort
> of output they'd like to see I'm happy to gather it and send it along.

One more update.  I switched to use the program arping to just send ARP 
packets.  I found that I can use arping to get the MAC address for any 
node, provided that MAC address is in the cache of the node I am 
connected to.

For example, if I run 'arping -I eth0 192.168.1.102 -c 5 -b' on my 
client at 192.168.1.141, I see replies coming from 192.168.1.104 (the 
batman node which has the MAC cached).  If I omit the '-b' on the arping 
command (i.e. use broadcast once, then unicast after), I get the first 
reply, but nothing thereafter, nor does the node see the unicast requests.

As another test, I run 'arping -I eth0 192.168.1.132 -c 5 -b' on my 
client at 192.168.1.141, I see the requests propagate through the mesh 
all the way to 192.168.1.132 and I see it reply via a unicast ARP reply. 
  However, this unicast ARP reply is not seen by node 192.168.1.103 at 
all (on any interface).

So it seems to be that there is something up with unicasting from a 
non-batman client.  Thoughts?

Re: [B.A.T.M.A.N.] Non-batman Clients

[Marek Lindner]

[-- Attachment #1: Type: text/plain, Size: 316 bytes --]

On Wednesday, June 08, 2016 19:29:12 Jonathan Haws wrote:
> So it seems to be that there is something up with unicasting from a 
> non-batman client.  Thoughts?

Do you client isolation enabled ? 
https://www.open-mesh.org/projects/batman-adv/wiki/Ap-isolation

That would achieve the desired effect.

Cheers,
Marek

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [B.A.T.M.A.N.] Non-batman Clients

[Jonathan Haws]

> So it seems to be that there is something up with unicasting from a
> non-batman client.  Thoughts?
>

I believe I got to the bottom of the issue - a non-issue really.  It was 
my virtual machine network configuration.  I still don't have things 
working in the virtual world, but I was able to track down a few 
machines to setup a quick little network and tested my configuration - 
works perfectly.

Thanks for the help everyone!