[mesh-dev] Thinking through LAN port usage, or: Why bridges are bad news

Wed Apr 1 21:21:48 PDT 2015

On Mon, Mar 30, 2015 at 5:10 PM, Adrian Chadd <adrian at freebsd.org> wrote:

> So there are a few things we can hack into this.
>
> You could do some kind of "autodetect" on the port - if it sees a
> magic frame, put the port into "I'm a mesh node" vlan. Otherwise, take
> it out of the "I'm a mesh node!" vlan. Kind of like 802.1x, but
> without all the crap associated with it

I'm most of the way there with an implementation now:

  https://github.com/sudomesh/notdhcpserver

  https://github.com/sudomesh/notdhcpclient

and in order to remote-admin extender-nodes (antenna-nodes) from the
home-node GUI we'll need:

  https://github.com/sudomesh/ubus-https-forwarder

The actual changing of network config based on the notdhcp protocol will
simply be implemented as hook scripts, and I'll shell startup script and
hook scripts that pull their config from a notdhcp uci file.

Since we'll use https, each extender-node will need an SSL cert that is
trusted by the home nodes (the N750 nodes). The way this is solved is by
using makenode to generate a cert for each home node that is then given to
the extender-nodes by notdhcpserver. The extender-nodes for a single home
node are all given the same cert. The cert is transmitted in the clear, but
it is transmitted from a socket bound to a dedicated ethernet interface to
an extender-node that has deactivated its wifi interface. You would have to
physically intercept the packet on the wire, and since these nodes have
remote-reset and flash capability the security is already breached at that
point.

Based on advice from Jenny I've changed the naming (in the readme files)
from antenna-node to extender-node. The TP-Link N600/N750 routers have
external antennae but the nanostation/nanobridge nodes don't have any
obvious antennas. It's very likely that people will hear "antenna node" and
think we mean the TP-Link routers. Again based on suggestion from Jenny
I've taken to calling the N600/N750 routers home-nodes. Of course this is
up for discussion and change, but we should settle on a convention soon.

btw to those that don't know: Western Digital are no longer producing
networking products but fortunately TP-Link are selling products with the
same board and even the same model names. The difference is that the
TP-Links are ~$9 more expensive but have external detachable antennae. Oh
and they have two versions of the N600 (gigabit and no gigabit). We can
probably compensate somewhat for the price difference by bulk-ordering.

-- 
marc/juul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://sudoroom.org/lists/private/mesh-dev/attachments/20150401/3de8a8ab/attachment.html>