[B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Max Ip]

Hi all,

I have three nodes (connected through wifi) running batman-adv,

node_1 ------ node_2 ------node_3

They have ip address ipv4 10.42.43.1 , 2  , 3 respectively.

Now, all the nodes are connected to each other.

To see the bandwidth and jitter patterns through relaying, I decided
to disconnect node_1 and node_3.

In node_1 ,

sudo iptables -A INPUT -s 10.42.43.3 -j DROP

When, I now run batman-adv protocol, node_1 still finds node_3 without
node_2 being involved.

Though they cannot ping and avahi doesn't run, batman-adv shows them
as 1 hop neighbors.

How can I disconnect node_1 from node_3 so that I can see the 2 hop patterns.

Thankyou in advance.

Max

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Marek Lindner]

On Monday, July 04, 2011 14:45:57 Max Ip wrote:
> sudo iptables -A INPUT -s 10.42.43.3 -j DROP
> 
> When, I now run batman-adv protocol, node_1 still finds node_3 without
> node_2 being involved.
> 
> Though they cannot ping and avahi doesn't run, batman-adv shows them
> as 1 hop neighbors.
> 
> How can I disconnect node_1 from node_3 so that I can see the 2 hop
> patterns.

batman-adv operates on layer 2 - the mac address layer. IP addresses are 
irrelevant for the mesh to work. You can remove all IP addresses and the nodes 
still find each other (try batctl ping or batctl traceroute when you have no 
IP addresses configured). Therefore blocking the IP traffic does not interrupt 
anything. You'd have to block mac addresses via ebtables or similar tools.

Regards,
Marek

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Max Ip]

Hi all,

This is something to be posted in other forums. But just wanted to
know if you faced the same problem.

I tried to drop the connections between the end users (node_1 and node_3) of

node_1 ----node_2-----node_3


iptables -t raw -A PREROUTING -i wlan0 -m mac --mac-source
00:13:a9:c3:ae:8f -j DROP


but the protocol still doesn't show the two hop environment.




On Mon, Jul 4, 2011 at 2:55 PM, Marek Lindner <lindner_marek@yahoo.de> wrote:
> On Monday, July 04, 2011 14:45:57 Max Ip wrote:
>> sudo iptables -A INPUT -s 10.42.43.3 -j DROP
>>
>> When, I now run batman-adv protocol, node_1 still finds node_3 without
>> node_2 being involved.
>>
>> Though they cannot ping and avahi doesn't run, batman-adv shows them
>> as 1 hop neighbors.
>>
>> How can I disconnect node_1 from node_3 so that I can see the 2 hop
>> patterns.
>
> batman-adv operates on layer 2 - the mac address layer. IP addresses are
> irrelevant for the mesh to work. You can remove all IP addresses and the nodes
> still find each other (try batctl ping or batctl traceroute when you have no
> IP addresses configured). Therefore blocking the IP traffic does not interrupt
> anything. You'd have to block mac addresses via ebtables or similar tools.
>
> Regards,
> Marek
>

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Antonio Quartulli]

On Mon, Jul 04, 2011 at 06:06:19PM +0200, Max Ip wrote:
> Hi all,
> 
> This is something to be posted in other forums. But just wanted to
> know if you faced the same problem.
> 
> I tried to drop the connections between the end users (node_1 and node_3) of
> 
> node_1 ----node_2-----node_3
> 
> 
> iptables -t raw -A PREROUTING -i wlan0 -m mac --mac-source
> 00:13:a9:c3:ae:8f -j DROP
> 

This will not work because in this way you are blocking IP datagram with
source mac address equal to 00:13:a9:c3:ae:8f. Batman packets are not IP
datagram, so you can't block them by means of iptables.

As Marek suggested, you should use something like ebtables. But honestly I
remember that ebtables support has been removed from batman some time
ago.

Regards,


-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Sven Eckelmann]

[-- Attachment #1: Type: text/plain, Size: 347 bytes --]

> As Marek suggested, you should use something like ebtables. But honestly I
> remember that ebtables support has been removed from batman some time
> ago.

What about using a bridge over the actual device to simulate the bad link
together with ebtables? This would resolve the problem that batman-adv must be
ebtables aware.

Kind regards,
	Sven

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Marek Lindner]

On Monday, July 04, 2011 20:22:56 Antonio Quartulli wrote:
> As Marek suggested, you should use something like ebtables. But honestly I
> remember that ebtables support has been removed from batman some time
> ago.

You can still filter all packets from a certain mac address with ebtables. The 
batman-adv ebtables support was to filter specific batman-adv packets.

Cheers,
Marek

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Antonio Quartulli]

On Mon, Jul 04, 2011 at 08:29:14PM +0200, Sven Eckelmann wrote:
> > As Marek suggested, you should use something like ebtables. But honestly I
> > remember that ebtables support has been removed from batman some time
> > ago.
> 
> What about using a bridge over the actual device to simulate the bad link
> together with ebtables? This would resolve the problem that batman-adv must be
> ebtables aware.


You mean enslave wlan0 (e.g.) to br0 and then put br0 into bat0?
If so, it sounds good, because at that point you can use ebtables
against frames going through br0.


Regards,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Max Ip]

I tried ebtables to block the mac address of the neighboring node.

sudo ebtables -I OUTPUT -s 00:1b:77:06:1c:15 -j DROP
sudo ebtables -I INPUT -s 00:1b:77:06:1c:15 -j DROP

But the batctl o command still shows 00:1b:77:06:1c:15 as one of the
originators.

My question is won't the enslaving wlan0 to br0 have the same problem
because the mac address for both br0 and wlan0 will be the same?

On Mon, Jul 4, 2011 at 8:39 PM, Antonio Quartulli <ordex@autistici.org> wrote:
> On Mon, Jul 04, 2011 at 08:29:14PM +0200, Sven Eckelmann wrote:
>> > As Marek suggested, you should use something like ebtables. But honestly I
>> > remember that ebtables support has been removed from batman some time
>> > ago.
>>
>> What about using a bridge over the actual device to simulate the bad link
>> together with ebtables? This would resolve the problem that batman-adv must be
>> ebtables aware.
>
>
> You mean enslave wlan0 (e.g.) to br0 and then put br0 into bat0?
> If so, it sounds good, because at that point you can use ebtables
> against frames going through br0.
>
>
> Regards,
>
> --
> Antonio Quartulli
>
> ..each of us alone is worth nothing..
> Ernesto "Che" Guevara
>

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Gioacchino Mazzurco]

This one is useless because batman-adv use broadcast as destination
and moreover your are dropping a mac address that is not on your
machine as source in OUTPUT chain this doesn't make sense
>sudo ebtables -I OUTPUT -s 00:1b:77:06:1c:15 -j DROP

you can use also iptables that is already installed do to this with
--mac-source option without installing ebtables

2011/7/6 Max Ip <ipmax2011@googlemail.com>:
> I tried ebtables to block the mac address of the neighboring node.
>
> sudo ebtables -I OUTPUT -s 00:1b:77:06:1c:15 -j DROP
> sudo ebtables -I INPUT -s 00:1b:77:06:1c:15 -j DROP
>
> But the batctl o command still shows 00:1b:77:06:1c:15 as one of the
> originators.
>
> My question is won't the enslaving wlan0 to br0 have the same problem
> because the mac address for both br0 and wlan0 will be the same?
>
> On Mon, Jul 4, 2011 at 8:39 PM, Antonio Quartulli <ordex@autistici.org> wrote:
>> On Mon, Jul 04, 2011 at 08:29:14PM +0200, Sven Eckelmann wrote:
>>> > As Marek suggested, you should use something like ebtables. But honestly I
>>> > remember that ebtables support has been removed from batman some time
>>> > ago.
>>>
>>> What about using a bridge over the actual device to simulate the bad link
>>> together with ebtables? This would resolve the problem that batman-adv must be
>>> ebtables aware.
>>
>>
>> You mean enslave wlan0 (e.g.) to br0 and then put br0 into bat0?
>> If so, it sounds good, because at that point you can use ebtables
>> against frames going through br0.
>>
>>
>> Regards,
>>
>> --
>> Antonio Quartulli
>>
>> ..each of us alone is worth nothing..
>> Ernesto "Che" Guevara
>>
>

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Antonio Quartulli]

On Wed, Jul 06, 2011 at 11:41:53AM +0200, Max Ip wrote:
> I tried ebtables to block the mac address of the neighboring node.
> 
> sudo ebtables -I OUTPUT -s 00:1b:77:06:1c:15 -j DROP
> sudo ebtables -I INPUT -s 00:1b:77:06:1c:15 -j DROP

These commands won't have effect on not-bridge interfaces. That's why
you are still able to see 00:1b:77:06:1c:15 in your originator table.

> 
> But the batctl o command still shows 00:1b:77:06:1c:15 as one of the
> originators.
> 
> My question is won't the enslaving wlan0 to br0 have the same problem
> because the mac address for both br0 and wlan0 will be the same?
> 

Why do you care about the wlan0/br0 mac address? Am I missing something?


Regards,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Antonio Quartulli]

On Wed, Jul 06, 2011 at 11:47:36AM +0200, Gioacchino Mazzurco wrote:
> This one is useless because batman-adv use broadcast as destination
> and moreover your are dropping a mac address that is not on your
> machine as source in OUTPUT chain this doesn't make sense
> >sudo ebtables -I OUTPUT -s 00:1b:77:06:1c:15 -j DROP
> 
> you can use also iptables that is already installed do to this with
> --mac-source option without installing ebtables
> 

As already mentioned, this will not work. iptables only affects IP
packets. All the traffic below the IP-level will not be blocked.

Regards,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Re: [B.A.T.M.A.N.] Disconnecting the nodes in batman-adv 2011.1.0

[Max Ip]

For the three nodes:

mac_a ------ mac_b ------mac_c

I bridged the eth1 interface for both mac_a and mac_c.

iface br0 inet dhcp
bridge_ports eth0 eth1

ifup br0

However, for mac_b I didn't bridge since there we are not supposed
filter connection to mac_b.

Now, I installed batman-adv2011.1.0 on mac_a and mac_c and filtered
the mac address using:

 ebtables -I INPUT -s MAC -j DROP

As predicted, the batctl ping mac had no reply for these nodes. Also,
the nodes didn't detect each other.

Now, I installed batman-adv-2011.1.0 on mac_b.

After running batman on mac_b,

mac_a could see OGM from mac_c through neighbors and the pinging
command also worked between the end users.

So, the multihop environment runs well with ebtables now. Thanks to
all who replied.

Now, I want test the bandwidth, CPU usage and throughput usage in
single hop and double hop cases.

I found the tool iperf for bandwidth measurement but it is IP based
again. Is there any tool to measure bandwidth via mac address?

What I am thinking is to assign IP address to bat0 interface for each
nodes and use iperf or jperf.

Also, what bandwidth pattern can I expect for the single hop and
double hop cases?

Thanks in advance.

Max




On Wed, Jul 6, 2011 at 11:50 AM, Antonio Quartulli <ordex@autistici.org> wrote:
> On Wed, Jul 06, 2011 at 11:47:36AM +0200, Gioacchino Mazzurco wrote:
>> This one is useless because batman-adv use broadcast as destination
>> and moreover your are dropping a mac address that is not on your
>> machine as source in OUTPUT chain this doesn't make sense
>> >sudo ebtables -I OUTPUT -s 00:1b:77:06:1c:15 -j DROP
>>
>> you can use also iptables that is already installed do to this with
>> --mac-source option without installing ebtables
>>
>
> As already mentioned, this will not work. iptables only affects IP
> packets. All the traffic below the IP-level will not be blocked.
>
> Regards,
>
> --
> Antonio Quartulli
>
> ..each of us alone is worth nothing..
> Ernesto "Che" Guevara
>