Project

General

Profile

News

Batman-adv 2015.2 released

Added by Marek Lindner almost 3 years ago

the B.A.T.M.A.N. team is excited to announce the release of batman-adv 2015.2, the December 2015 update to batman-adv, batctl and alfred. The batman-adv kernel module has undergone significant polishing in this cycle to deliver stability and reliability. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2015.2/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

While operating a mesh network with various nodes being configured with different VLANs, the translation table (TT) could enter an inconsistent state, leading to payload traffic never arriving at the destination. The TT consistency check was extended to no longer assume an identical VLAN configuration on every node in the network. Another corner case is triggered when a non-mesh client is detected via listening to payload traffic ('speedy join') and then roaming to a nearby mesh node before the previous mesh node ever officially announced the presence of said non-mesh client. Because this case also could lead to payload traffic being sent to limbo, the internal non-mesh client TT state is cleared before changing from 'speedy join' client to officially announced client. The memory footprint was reduced by switching to single linked list header for TT operations.
The distributed ARP table (DAT) received a fix preventing invalid stack access when searching for eligible DAT candidates causing a kernel crash. Also, DAT cache replies were able to fool the 'speedy join' mechanism of other mesh participants, as these replies were interpreted as non-mesh client payload data. This confusion is prevented with a proper packet type check.
Under specific circumstances the bridge loop avoidance (BLA) was able to provoke a 'network storm' of constantly repeating BLA claim tables synchronize requests due to missing locking and multiple writes to the same CRC checksum when adding/removing entries. This has been fixed by adding proper locking to the CRC checksum calculation.
The gateway list entry purging was at the origin of long delays on kernel module unload. The artificially introduced delay through a 'deleted' attribute has been replaced with modern RCU-style locking and reference counting. The gateway bandwidth calculation on 32Bit CPU systems could lead to an integer overflow which has been fixed. If parsing the provided gateway bandwidth is unsuccessful an error code is now communicated back to user space.
To avoid packet transmission issues when slave devices encapsulate packets without having enough room for the encapsulation header the required header size is updated each time a slave device is added and/or deleted. Memory access on forced kernel module unload was re-ordered to prevent a system crash. The code also benefited from the usual set of code beautifications and checkpatch cleanups.

batctl

The batctl utility was enriched with a 'routing algorithm' option, allowing to display all configured batman-adv mesh interfaces with their respective mesh protocol information, as well as setting the mesh protocol for the next mesh interface to be created.

alfred

In addition to fixing a few typos, the README now correctly mentions the libpcap dependency.

Happy routing,

The B.A.T.M.A.N. team

Batman-adv 2015.1 released

Added by Marek Lindner over 3 years ago

August 10, 2015. The B.A.T.M.A.N. team today releases batman-adv 2015.1 focusing on code cleanups, stability and bugfixes. Since no major code changes were introduced upgrading to this version should bear minimal risks. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2015.1/

as well as prepackaged binaries in your distribution.

Important changes

The default settings for enabling Network Coding and the bridge loop avoidance have been changed. If you are using either feature, please verify that your setup still behaves as expected after the upgrade.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

With this release the source directory structure has been modified to align with the batman-adv directory structure in the Linux kernel. This should facilitate proposing and applying patches based on the code base shipped with Linux kernel. In parallel to this restructuring effort, the compat layer (needed to support older Linux kernel versions) also has been modernized. The single compat include file has been divided into separate header files named after their up-to-date counterparts. Previously needed explicit compat includes could be removed, thus further reducing the difference between the Linux kernel code and the out-of-tree repository.

To make the first time deployment a better experience the default configuration has been changed: Network Coding support has been disabled due to its dependency on WiFi promiscuous mode that not all WiFi chips/drivers support. The bridge loop avoidance mechanism (BLA) has been enabled to prevent accidental bridge loops from being created.

The batman-adv module came with its own Jenkins hash implementation used by all sorts of components like the originator table, the translation table and more. That implementation has been replaced with the in-kernel Jenkins hash which provides better optimized code. The debugfs components aren't compiled into the module anymore when debugfs is not compiled into the kernel. The initialization upon detection of a batman-adv gateway has been fixed as it could cause the kernel to hang on module unload. Various race conditions triggered by concurrent delete events in the translation table code have been fixed as well. Payload broadcast packets scheduled to be forwarded right on batman-adv disable or module onload are now properly purged to prevent memory leaks. With enabled distributed ARP table (DAT) batman-adv might have answered an ARP request for a local client. An additional mac address check prevents confusing switches in the LAN which rely on ARP to learn behind which port the client is located. Quite some effort was spent to improve the overall code readability, cleanups and coding style issues.

batctl

To support building batctl in combination with the musl C library the if_ether.h header file is now included from the 'netinet' folder instead of the 'linux' folder because musl does not allow mixing includes from 'netinet' and 'linux' at the same time.

alfred

Interfaces with more than one link-local addresses are now supported by alfred binding to specific an interfaces and its link-local EUI64 address. All outgoing alfred packets will be originating from that single address.

The size of the maximum alfred payload was slightly reduced. This ensures that the UDP/IPv6 stack is able to transfer the push data packets between different alfred servers.

Happy routing,

The B.A.T.M.A.N. team

2015-05-16 Introducing AlfredA

Added by Simon Wunderlich over 3 years ago

AlfredA is a re-implementation of the alfred data-exchange protocol as native Java library for Android. The library aims to provide the slave functionality of A.L.F.R.E.D. (the almighty lighweight fact remote exchange daemon) to pull and push data from alfred masters running somewhere in the network. This is especially useful in case the Android device (for example a smartphone) wishes to share its GPS location with the network. Other AlfredA-enabled apps or a central visualization server can fetch the location data to draw their location on a map. Also the reverse is possible: The network could provide information useful to the mobile clients like latest community network news or WiFi usage statistics for debugging/monitoring purposes, thus avoiding a central monitoring server.

AlfredA has been implemented as part of Bastian Rosners Bachelor Thesis to distribute location data in wireless mesh networks. The library as well as more information can be found on AlfredA's github repository page as well as the bachelor thesis paper [written in German]. Another outcome of the thesis is a wireshark dissector which can be used for debugging A.L.F.R.E.D. communication. In the process, the A.L.F.R.E.D developer team has also added extensive A.L.F.R.E.D. protocol documentation in our wiki to help Bastian with his implementation

We hope this work will inspire other Android app developers to use A.L.F.R.E.D. to store and receive data from their wireless mesh networks and will be useful to many projects. :)

Sample app using the AlfredA library:

Happy Routing,
the B.A.T.M.A.N team

The Joker attacks

Added by Simon Wunderlich over 3 years ago

After laying low for quite some time, the Joker finally makes its appearance! "The Joker" - a penetration testing and research tool to test security aspects of batman-adv networks - was developed by security researchers Pedro Larbig and Alexander Oberle at TU Darmstadt (Germany), and we finally got permission to release the source code to the public.

The tool currently supports the following tests:

  • Peer/Route flooding: flood fake OGMs
  • Blackhole: announce to neighbors that the best route is via the attacker node
  • Loop Forming: create local loops on multi-hop paths
  • Fuzzing: modify packets randomly to create malformed packets

Pedro & Alexander developed the tool in order to facilitate their mesh network security research. Their work focuses on B.A.T.M.A.N. Advanced version 2011.1.0 and concluded that this version was performing pretty well in the Peer/Route and fuzzing tests. Albeit not being able to prevent maliciously provoked loops/blackholes entirely, B.A.T.M.A.N. Advanced did recover quickly when needed, according to their study.

To instigate further interest in mesh network security the 'Joker' code base is being published alongside this announcement. Hopefully, the Joker inspires security researchers as well as developers to investigate and fix issues in the B.A.T.M.A.N. protocol and/or implementation. We will also accept contributions for the Joker through the usual channels. Note that the tool does currently not work with the more recent versions 2013.4.0 or 2014.4.0 and later - patches are welcome.

Happy routing,

The B.A.T.M.A.N. team

Batman-adv 2015.0 released

Added by Sven Eckelmann over 3 years ago

The B.A.T.M.A.N. team is pleased to announce the immediate availability of batman-adv 2015.0 - a bugfix and maintenance release introducing only fixes and and minor cleanups, providing a safe and pleasant update for everyone. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2015.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

The batman-adv compat code has been freed of a problem on old Linux kernel versions (< 2.6.39) causing a malfunction of packet forwarding to the assigned bridge. Packets entering the batman-adv mesh via the batX interface were not considered for interface bonding due to an erroneous comparison. This regression introduced by the routing code abstraction has been fixed. Also addressed has been a false warning triggered by the network coding lockdep class when running lockdep to find problems in the locking routines. The code also benefited from the usual set of kernel enhancements and checkpatch cleanups.

batctl

batctl imported some minor updates from the kernel header files. These include only code style cleanups and some misspelled words in comments.

alfred

alfred gained the ability to execute a specified command whenever the managed data changes (either new data arrived, stale data was purged or an update with an actual change was triggered). The executed command receives the IDs of the changed data as arguments.

The alfred server process now automatically drops privileges after the initial setup phase. This is a standard security practice to reduce the potential damage of a malicious attack in case an exploitable flaw were to be discovered. Documentation explaining how to start alfred as non-root process is available. In light of these changes, the packet validation code underwent additional scrutiny which led to improved checks on valid packet length and header validation.

Dataset version numbers are now correctly changed when the data is only updated and not added. This can be tested with the new verbose mode of the alfred client. It shows the version information of each received dataset.

Happy routing,

The B.A.T.M.A.N. team

The B.A.T.M.A.N. project endorses the Battle of the Mesh v8

Added by Sven Eckelmann over 3 years ago

The Wireless Battle of the Mesh is an event that aims to bring together people from across the globe to test the performance of different routing protocols for ad-hoc networks, like Babel, B.A.T.M.A.N., BMX, OLSR, and 802.11s.

Many developers and community networkers will join the event to hack, test, discuss, explain and learn.

If you are interested in dynamic routing protocols or wireless community networks you can't miss this event!

The battlemesh is free of charge and open for all, every year we strive to keep participation costs low by by negotiating deals for accommodation and food.

This year the event will take place from Monday 3rd to Sunday 9th of August 2015 in Maribor, Slovenia at the "Dom Obrambe Pekre".

The B.A.T.M.A.N. project endorses and supports the Battle of the Mesh v8 because of the efforts made by its community to advance the field of wireless mesh networking and foster the development of grassroots community networks.

The B.A.T.M.A.N. project will support the event by:

  • help to promote the event
  • numerous members of the B.A.T.M.A.N. community have already confirmed their attendance
  • help organizing the event
  • help setting up the testbed for protocol testing
  • will organize workshops to discuss integration and new features with other communities

Many other communities endorse and support the Wireless Battle of The Mesh v8, an up to date list of the endorsers of the Battlemesh v8 can be found at the main Battlemesh website.

If you are interested in coming join the event's Mailing List to stay up to date with the latest news.

Batman-adv 2014.4.0 released

Added by Sven Eckelmann almost 4 years ago

Jan 05, 2015. Today the B.A.T.M.A.N. team releases an updated version of batman-adv: 2014.4.0. This release not only brings bugfixes but also addresses a security flaw which - when exploited - allows to crash a remote system running batman-adv. All batman-adv versions newer than and including version 2014.0.0 are vulnerable. An upgrade is strongly recommended. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.4.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

The security vulnerability described in CVE-2014-9428 (malformed batman-adv fragmentation packets can lead to a kernel crash) was discovered and fixed with this release. Another batman-adv fragmentation improvement allows fragments to arrive out-of-order instead of getting dropped, thus forcing a retransmission. The default hop penalty was increased to 30 to better support dual band setups in which a low hop penalty leads to excessively long paths. Also addressed was the miscounting of multicast recipients (with multicast optimizations enabled) leading to multicast packet loss in same cases.

batctl

batctl's tcpdump component was enriched with an TVLV parser to be able to print relevant TVLV container information such as announced gateway speeds, translation table updates, roaming announcements, etc. Previously printed bridge loop avoidance packets of the type 'request' reported a wrong backbone address. That has been fixed.

alfred

The alfred core can now change the interface it uses for network communication on the fly. This allows to reassign the interface without losing the currently stored data. Alfred processes running in master mode are now able to handle multiple interfaces which will be used to exchange the same data. But it is also possible to run multiple processes on different interfaces which then manage their data independent from each other and can be accessed by the alfred clients using individual UNIX sockets.

Happy routing,

The B.A.T.M.A.N. team

Batman-adv 2014.3.0 released

Added by Marek Lindner over 4 years ago

July 22, 2014. Today the B.A.T.M.A.N. team releases an updated version of batman-adv: 2014.3.0. This release contains only bugfixes and and minor cleanups, providing a safe and pleasant update for everyone. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.3.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

When the batman-adv bridge loop avoidance packets are encapsulated in stacked VLAN headers (QinQ), the bridge loop avoidance code would ignore these packets leading to bogus entries in the local translation table. With this release such stacked VLAN bridge loop avoidance packets are dropped. Also addressed was a bogus warning triggered by the check for a batman-adv on top of another batman-adv interface. The code also benefited from the usual set of kernel enhancements and checkpatch cleanups.

batctl

In the early days of alfred, batctl's internal hash table handling code was used as starting point for alfred's own hash table code. Since then, alfred's hash table code has been further refined, debugged and beautified. Now, alfred's hash table code is 'imported' back into batctl's code to benefit from the improvements and keep both versions in sync. These improvements cover thorough error checking, potential memleak fixes and speedups. In addition, various fixes like proper initialization of variables, potential segmentation faults, etc pointed out by static analyzers found their way into this release.

alfred

The alfred core and its components received multiple fixes. The alfred-gpsd altitude check now compares the altitude and no longer the longitude. Error codes returned by fcntl system calls are correctly handled to avoid misleading subsequent calls. Various possible memleaks, access errors and strncpy issues were fixed as well.

Happy routing,

The B.A.T.M.A.N. team

Batman-adv 2014.2.0 released

Added by Marek Lindner over 4 years ago

June 09, 2014. The B.A.T.M.A.N. team today releases batman-adv 2014.2.0 adding a new major component - multicast optimizations - along with a series of bug fixes. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.2.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

This release brings the first piece of a more efficient, group aware multicast forwarding infrastructure in batman-adv. In the past, batman-adv had treated multicast traffic like ordinary broadcast traffic and simply forwarded each multicast packet to every node in the network. Aiming to reduce unnecessary packet transmissions in large networks, this initial improvement announces multicast listeners via the translation table mechanism, thereby signaling interest in certain multicast traffic. Based on this information, batman-adv can make the decision to either drop multicast traffic if no listener is present or forwarding the multicast traffic via unicast if a single listener signaled interest. Alternatively, multicast traffic is forwarded to the entire network as before.
For now, these optimizations only apply if all nodes in the mesh have no bridge interface on top their batX interface. However, extending these optimizations beyond the realm of non-bridged interfaces as well as optimizing setups with more than one listener are on the roadmap.

Numerous reference counter imbalances in the heavily lifted routing code causing all sorts of shutdown issues like system hang on reboot have been addressed. Another reference counter balance was hidden in the fragmentation v2 code sparking similar shutdown issues. A kernel crash on accessing an insufficiently protected pointer in the gateway code has been eliminated. In some situations retrieving the originator table would also lead to a kernel crash due to improper checking. Fast adding and deletion of VLAN interfaces on top of batX drove batman-adv into an internal translation table state mismatch. The resulting translation table exchanges with neighbors were bogus, thus creating inconsistencies on every node in the network. On changing the batX mac address batman-adv did not inform the translation table to also update the entries of all VLAN interfaces on top of batX. Stale mac address announcements were the consequence.
The code documentation (kernel doc) has been extended, accompanied by the customary code cleanups & Linux coding style adjustments.

batctl

The newly added multicast optimizations can be enabled / disabled through batctl. Because the local and network-wide multicast mac address announcements are propagated via the translation table, batctl gained an option to filter multicast mac addresses and 'normal' client mac addresses upon translation table retrieval.
The tcpdump component received a fix for the erroneously printed IP src / dst fields (a regression introduced with the IPv6 parsing support). The local translation table skip table header parameter was updated to correctly skip the lengthened table header.

alfred

The detection and handling of once working but now broken network sockets has been improved. Alfred can easily encounter this situation if a local interface was recreated or a mac address changed e.g. due to manual assignment). The malfunctioning sockets are now closed and re-opened automatically.

Happy routing,

The B.A.T.M.A.N. team

Batman-adv 2014.1.0 released

Added by Marek Lindner over 4 years ago

The B.A.T.M.A.N. developers are happy to present batman-adv 2014.1.0, stabilizing the feature-packed 2014.0.0 release while also pushing routing improvements and other smaller features. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.1.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

Special thanks to Russell Senior for his vigorous testing and debugging efforts.

batman-adv

After having accomplished the heavy infrastructure lifting with the previous release, the attention shifted towards batman-adv's core functionality - routing packets - once more. The forwarding mechanism of the mesh protocol messages (OGMs) was revamped to allow applying rules when packets are forwarded from one interface to another. For example, when the same interface is used for sending and receiving, there might be throughput degradation on half-duplex interfaces such as WiFi which is now reflected in the metric. At the same time, packets switching interfaces (incoming interface is not equal to the outgoing one) do not get handicapped, effectively favoring interface switching. To pull all this together, batman-adv now maintains a routing table per interface (plus the default routing table) which essentially allows the kernel module to route traffic based on network wide multi-interface information.

Also new on board is the extended AP isolation, aiming to grant fine-grained isolation control by working with a user specified 'skb mark'. Incoming broadcast packets carrying the specified skb mark are flagged as 'isolated' (translation table flag). Isolated packets received over the mesh are transformed back to an skb with a mark before they are forwarded to the upper layers. There, the packets can be filtered, dropped, etc by netfilter and friends based on the skb mark.

The DHCP packet handling scope was widened to force all DHCP packet types to unicast transmission (with the gateway feature enabled), covering older / unusual DHCP client implementations. Previously, only DHCP discover packets were forwarded as unicast. The MTU overhead calculation did not consider the prepended Ethernet header before setting dev->hard_header_len leading to fragmented packets. Also removed was the 1500 bytes MTU limit on the batX interface by improving the maximum MTU computation. A potential kernel crash on skb reallocation was fixed along numerous problems in the translation table component and a memory leak in the newly introduced TVLV infrastructure code.

batctl

The recent switch to the RTNL API was further enriched by replacing the custom RTNL code with the libnl library to reduce maintenance burden and security risks. The batctl Makefile attempts to locate the libnl library by itself as well as tries to determine the compiler options, thereby facilitating the build process.

To monitor the per-interface routing tables, batctl gained the ability to retrieve the routing table of a particular interface (the local routing table is shown per default). Also, the extended AP isolation mark/mask pair can be configured through batctl.

alfred

Fixed was a file descriptor leak in the batadv-vis component which is part of the alfred package. Over a longer period time file descriptors were opened and 'lost', leading batadv-vis to eventually hit the open file limit and stop normal operation.

Happy routing,

The B.A.T.M.A.N. team

(21-30/87)

Also available in: Atom