Project

General

Profile

News

2015-05-16 Introducing AlfredA

Added by Simon Wunderlich almost 9 years ago

AlfredA is a re-implementation of the alfred data-exchange protocol as native Java library for Android. The library aims to provide the secondary server functionality of A.L.F.R.E.D. (the almighty lighweight fact remote exchange daemon) to pull and push data from alfred primaries running somewhere in the network. This is especially useful in case the Android device (for example a smartphone) wishes to share its GPS location with the network. Other AlfredA-enabled apps or a central visualization server can fetch the location data to draw their location on a map. Also the reverse is possible: The network could provide information useful to the mobile clients like latest community network news or WiFi usage statistics for debugging/monitoring purposes, thus avoiding a central monitoring server.

AlfredA has been implemented as part of Bastian Rosners Bachelor Thesis to distribute location data in wireless mesh networks. The library as well as more information can be found on AlfredA's github repository page as well as the bachelor thesis paper [written in German]. Another outcome of the thesis is a wireshark dissector which can be used for debugging A.L.F.R.E.D. communication. In the process, the A.L.F.R.E.D developer team has also added extensive A.L.F.R.E.D. protocol documentation in our wiki to help Bastian with his implementation

We hope this work will inspire other Android app developers to use A.L.F.R.E.D. to store and receive data from their wireless mesh networks and will be useful to many projects. :)

Sample app using the AlfredA library:

Happy Routing,
the B.A.T.M.A.N team

The Joker attacks

Added by Simon Wunderlich almost 9 years ago

After laying low for quite some time, the Joker finally makes its appearance! "The Joker" - a penetration testing and research tool to test security aspects of batman-adv networks - was developed by security researchers Pedro Larbig and Alexander Oberle at TU Darmstadt (Germany), and we finally got permission to release the source code to the public.

The tool currently supports the following tests:

  • Peer/Route flooding: flood fake OGMs
  • Blackhole: announce to neighbors that the best route is via the attacker node
  • Loop Forming: create local loops on multi-hop paths
  • Fuzzing: modify packets randomly to create malformed packets

Pedro & Alexander developed the tool in order to facilitate their mesh network security research. Their work focuses on B.A.T.M.A.N. Advanced version 2011.1.0 and concluded that this version was performing pretty well in the Peer/Route and fuzzing tests. Albeit not being able to prevent maliciously provoked loops/blackholes entirely, B.A.T.M.A.N. Advanced did recover quickly when needed, according to their study.

To instigate further interest in mesh network security the 'Joker' code base is being published alongside this announcement. Hopefully, the Joker inspires security researchers as well as developers to investigate and fix issues in the B.A.T.M.A.N. protocol and/or implementation. We will also accept contributions for the Joker through the usual channels. Note that the tool does currently not work with the more recent versions 2013.4.0 or 2014.4.0 and later - patches are welcome.

Happy routing,

The B.A.T.M.A.N. team

Batman-adv 2015.0 released

Added by Sven Eckelmann almost 9 years ago

The B.A.T.M.A.N. team is pleased to announce the immediate availability of batman-adv 2015.0 - a bugfix and maintenance release introducing only fixes and and minor cleanups, providing a safe and pleasant update for everyone. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2015.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

The batman-adv compat code has been freed of a problem on old Linux kernel versions (< 2.6.39) causing a malfunction of packet forwarding to the assigned bridge. Packets entering the batman-adv mesh via the batX interface were not considered for interface bonding due to an erroneous comparison. This regression introduced by the routing code abstraction has been fixed. Also addressed has been a false warning triggered by the network coding lockdep class when running lockdep to find problems in the locking routines. The code also benefited from the usual set of kernel enhancements and checkpatch cleanups.

batctl

batctl imported some minor updates from the kernel header files. These include only code style cleanups and some misspelled words in comments.

alfred

alfred gained the ability to execute a specified command whenever the managed data changes (either new data arrived, stale data was purged or an update with an actual change was triggered). The executed command receives the IDs of the changed data as arguments.

The alfred server process now automatically drops privileges after the initial setup phase. This is a standard security practice to reduce the potential damage of a malicious attack in case an exploitable flaw were to be discovered. Documentation explaining how to start alfred as non-root process is available. In light of these changes, the packet validation code underwent additional scrutiny which led to improved checks on valid packet length and header validation.

Dataset version numbers are now correctly changed when the data is only updated and not added. This can be tested with the new verbose mode of the alfred client. It shows the version information of each received dataset.

Happy routing,

The B.A.T.M.A.N. team

The B.A.T.M.A.N. project endorses the Battle of the Mesh v8

Added by Sven Eckelmann about 9 years ago

The Wireless Battle of the Mesh is an event that aims to bring together people from across the globe to test the performance of different routing protocols for ad-hoc networks, like Babel, B.A.T.M.A.N., BMX, OLSR, and 802.11s.

Many developers and community networkers will join the event to hack, test, discuss, explain and learn.

If you are interested in dynamic routing protocols or wireless community networks you can't miss this event!

The battlemesh is free of charge and open for all, every year we strive to keep participation costs low by by negotiating deals for accommodation and food.

This year the event will take place from Monday 3rd to Sunday 9th of August 2015 in Maribor, Slovenia at the "Dom Obrambe Pekre".

The B.A.T.M.A.N. project endorses and supports the Battle of the Mesh v8 because of the efforts made by its community to advance the field of wireless mesh networking and foster the development of grassroots community networks.

The B.A.T.M.A.N. project will support the event by:

  • help to promote the event
  • numerous members of the B.A.T.M.A.N. community have already confirmed their attendance
  • help organizing the event
  • help setting up the testbed for protocol testing
  • will organize workshops to discuss integration and new features with other communities

Many other communities endorse and support the Wireless Battle of The Mesh v8, an up to date list of the endorsers of the Battlemesh v8 can be found at the main Battlemesh website.

If you are interested in coming join the event's Mailing List to stay up to date with the latest news.

Batman-adv 2014.4.0 released

Added by Sven Eckelmann about 9 years ago

Jan 05, 2015. Today the B.A.T.M.A.N. team releases an updated version of batman-adv: 2014.4.0. This release not only brings bugfixes but also addresses a security flaw which - when exploited - allows to crash a remote system running batman-adv. All batman-adv versions newer than and including version 2014.0.0 are vulnerable. An upgrade is strongly recommended. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.4.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

The security vulnerability described in CVE-2014-9428 (malformed batman-adv fragmentation packets can lead to a kernel crash) was discovered and fixed with this release. Another batman-adv fragmentation improvement allows fragments to arrive out-of-order instead of getting dropped, thus forcing a retransmission. The default hop penalty was increased to 30 to better support dual band setups in which a low hop penalty leads to excessively long paths. Also addressed was the miscounting of multicast recipients (with multicast optimizations enabled) leading to multicast packet loss in same cases.

batctl

batctl's tcpdump component was enriched with an TVLV parser to be able to print relevant TVLV container information such as announced gateway speeds, translation table updates, roaming announcements, etc. Previously printed bridge loop avoidance packets of the type 'request' reported a wrong backbone address. That has been fixed.

alfred

The alfred core can now change the interface it uses for network communication on the fly. This allows to reassign the interface without losing the currently stored data. Alfred processes running in primary mode are now able to handle multiple interfaces which will be used to exchange the same data. But it is also possible to run multiple processes on different interfaces which then manage their data independent from each other and can be accessed by the alfred clients using individual UNIX sockets.

Happy routing,

The B.A.T.M.A.N. team

Batman-adv 2014.3.0 released

Added by Marek Lindner over 9 years ago

July 22, 2014. Today the B.A.T.M.A.N. team releases an updated version of batman-adv: 2014.3.0. This release contains only bugfixes and and minor cleanups, providing a safe and pleasant update for everyone. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.3.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

When the batman-adv bridge loop avoidance packets are encapsulated in stacked VLAN headers (QinQ), the bridge loop avoidance code would ignore these packets leading to bogus entries in the local translation table. With this release such stacked VLAN bridge loop avoidance packets are dropped. Also addressed was a bogus warning triggered by the check for a batman-adv on top of another batman-adv interface. The code also benefited from the usual set of kernel enhancements and checkpatch cleanups.

batctl

In the early days of alfred, batctl's internal hash table handling code was used as starting point for alfred's own hash table code. Since then, alfred's hash table code has been further refined, debugged and beautified. Now, alfred's hash table code is 'imported' back into batctl's code to benefit from the improvements and keep both versions in sync. These improvements cover thorough error checking, potential memleak fixes and speedups. In addition, various fixes like proper initialization of variables, potential segmentation faults, etc pointed out by static analyzers found their way into this release.

alfred

The alfred core and its components received multiple fixes. The alfred-gpsd altitude check now compares the altitude and no longer the longitude. Error codes returned by fcntl system calls are correctly handled to avoid misleading subsequent calls. Various possible memleaks, access errors and strncpy issues were fixed as well.

Happy routing,

The B.A.T.M.A.N. team

Batman-adv 2014.2.0 released

Added by Marek Lindner almost 10 years ago

June 09, 2014. The B.A.T.M.A.N. team today releases batman-adv 2014.2.0 adding a new major component - multicast optimizations - along with a series of bug fixes. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.2.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

This release brings the first piece of a more efficient, group aware multicast forwarding infrastructure in batman-adv. In the past, batman-adv had treated multicast traffic like ordinary broadcast traffic and simply forwarded each multicast packet to every node in the network. Aiming to reduce unnecessary packet transmissions in large networks, this initial improvement announces multicast listeners via the translation table mechanism, thereby signaling interest in certain multicast traffic. Based on this information, batman-adv can make the decision to either drop multicast traffic if no listener is present or forwarding the multicast traffic via unicast if a single listener signaled interest. Alternatively, multicast traffic is forwarded to the entire network as before.
For now, these optimizations only apply if all nodes in the mesh have no bridge interface on top their batX interface. However, extending these optimizations beyond the realm of non-bridged interfaces as well as optimizing setups with more than one listener are on the roadmap.

Numerous reference counter imbalances in the heavily lifted routing code causing all sorts of shutdown issues like system hang on reboot have been addressed. Another reference counter balance was hidden in the fragmentation v2 code sparking similar shutdown issues. A kernel crash on accessing an insufficiently protected pointer in the gateway code has been eliminated. In some situations retrieving the originator table would also lead to a kernel crash due to improper checking. Fast adding and deletion of VLAN interfaces on top of batX drove batman-adv into an internal translation table state mismatch. The resulting translation table exchanges with neighbors were bogus, thus creating inconsistencies on every node in the network. On changing the batX mac address batman-adv did not inform the translation table to also update the entries of all VLAN interfaces on top of batX. Stale mac address announcements were the consequence.
The code documentation (kernel doc) has been extended, accompanied by the customary code cleanups & Linux coding style adjustments.

batctl

The newly added multicast optimizations can be turned on / off through batctl. Because the local and network-wide multicast mac address announcements are propagated via the translation table, batctl gained an option to filter multicast mac addresses and 'normal' client mac addresses upon translation table retrieval.
The tcpdump component received a fix for the erroneously printed IP src / dst fields (a regression introduced with the IPv6 parsing support). The local translation table skip table header parameter was updated to correctly skip the lengthened table header.

alfred

The detection and handling of once working but now broken network sockets has been improved. Alfred can easily encounter this situation if a local interface was recreated or a mac address changed e.g. due to manual assignment). The malfunctioning sockets are now closed and re-opened automatically.

Happy routing,

The B.A.T.M.A.N. team

Batman-adv 2014.1.0 released

Added by Marek Lindner about 10 years ago

The B.A.T.M.A.N. developers are happy to present batman-adv 2014.1.0, stabilizing the feature-packed 2014.0.0 release while also pushing routing improvements and other smaller features. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.1.0/

as well as prepackaged binaries in your distribution.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

Special thanks to Russell Senior for his vigorous testing and debugging efforts.

batman-adv

After having accomplished the heavy infrastructure lifting with the previous release, the attention shifted towards batman-adv's core functionality - routing packets - once more. The forwarding mechanism of the mesh protocol messages (OGMs) was revamped to allow applying rules when packets are forwarded from one interface to another. For example, when the same interface is used for sending and receiving, there might be throughput degradation on half-duplex interfaces such as WiFi which is now reflected in the metric. At the same time, packets switching interfaces (incoming interface is not equal to the outgoing one) do not get handicapped, effectively favoring interface switching. To pull all this together, batman-adv now maintains a routing table per interface (plus the default routing table) which essentially allows the kernel module to route traffic based on network wide multi-interface information.

Also new on board is the extended AP isolation, aiming to grant fine-grained isolation control by working with a user specified 'skb mark'. Incoming broadcast packets carrying the specified skb mark are flagged as 'isolated' (translation table flag). Isolated packets received over the mesh are transformed back to an skb with a mark before they are forwarded to the upper layers. There, the packets can be filtered, dropped, etc by netfilter and friends based on the skb mark.

The DHCP packet handling scope was widened to force all DHCP packet types to unicast transmission (with the gateway feature enabled), covering older / unusual DHCP client implementations. Previously, only DHCP discover packets were forwarded as unicast. The MTU overhead calculation did not consider the prepended Ethernet header before setting dev->hard_header_len leading to fragmented packets. Also removed was the 1500 bytes MTU limit on the batX interface by improving the maximum MTU computation. A potential kernel crash on skb reallocation was fixed along numerous problems in the translation table component and a memory leak in the newly introduced TVLV infrastructure code.

batctl

The recent switch to the RTNL API was further enriched by replacing the custom RTNL code with the libnl library to reduce maintenance burden and security risks. The batctl Makefile attempts to locate the libnl library by itself as well as tries to determine the compiler options, thereby facilitating the build process.

To monitor the per-interface routing tables, batctl gained the ability to retrieve the routing table of a particular interface (the local routing table is shown per default). Also, the extended AP isolation mark/mask pair can be configured through batctl.

alfred

Fixed was a file descriptor leak in the batadv-vis component which is part of the alfred package. Over a longer period time file descriptors were opened and 'lost', leading batadv-vis to eventually hit the open file limit and stop normal operation.

Happy routing,

The B.A.T.M.A.N. team

The B.A.T.M.A.N. project endorses the Battle of the Mesh v7

Added by Marek Lindner about 10 years ago

The Wireless Battle of the Mesh is an event that aims to bring together people from across the globe to test the performance of different routing protocols for ad-hoc networks, like Babel, B.A.T.M.A.N., BMX, OLSR, and 802.11s.

Many developers and community networkers will join the event to hack, test, discuss, explain and learn.

If you are interested in dynamic routing protocols or wireless community networks you can't miss this event!

The battlemesh is free of charge and open for all, every year we strive to keep participation costs low by by negotiating deals for accommodation and food.

This year the event will take place from Monday 12th to Sunday 18th of May 2014 in Leipzig, Germany at the Sublab, a very cool local hackerspace.

The B.A.T.M.A.N. project endorses and supports the Battle of the Mesh v7 because of the efforts made by its community to advance the field of wireless mesh networking and foster the development of grassroots community networks.

The B.A.T.M.A.N. project will support the event by:

  • help to promote the event
  • numerous members of the B.A.T.M.A.N. community have already confirmed their attendance
  • help organizing the event
  • help setting up the testbed for protocol testing
  • will organize workshops to discuss integration and new features with other communities

Many other communities endorse and support the Wireless Battle of The Mesh v7, an up to date list of the endorsers of the Battlemesh v7 can be found at the main Battlemesh website.

If you are interested in coming join the event's Mailing List to stay up to date with the latest news.

Batman-adv 2014.0.0 released

Added by Marek Lindner about 10 years ago

the B.A.T.M.A.N. team is pleased to announce the immediate availability of batman-adv 2014.0.0 - a release coming with a rewritten packet handling engine and many new features almost uniquely tailored to preserve backward compatibility in the future. As the kernel module always depends on the Linux kernel it was compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.0.0/

as well as prepackaged binaries in your distribution.

Important changes

Compatibility break: In 2011, batman-adv broke backward compatibility with the introduction of the translation table mechanism. Since then, interests have been divided between those who wish a stable network with as little changes as possible and those who wish to experiment with new features to bring meshing to the next level. To accommodate both groups the batman-adv developers dedicated a lot of effort on building code infrastructure allowing to mix stable nodes with new features without breaking compatibility. This new system is incompatible to the pre-2014.0.0 versions, but it has been designed to stay compatible with future versions for the next decade or so.

At the same time, the legacy visualization support was removed from the kernel module. The alfred user space module provides an adequate replacement.

Thanks

Thanks to all people sending in patches:

and to all those that supported us with good advice or rigorous testing:

batman-adv

Transforming a rather static design to a module architecture in the interest of preserving backward compatibility requires modifications on a multitude of levels. The principal idea behind the TVLV (type-version-length-value) infrastructure is to break up mesh management data into logic chunks (containers) which can be extended in the future while preserving backward compatibility. If a mesh participant receives an unknown TVLV type or version of a certain container it can simply skip the current container and proceed with the next. Therefore, all non-routing data sent with OGMs (e.g. gateway advertisement, translation table data, etc) were transformed to TVLV containers that are still attached to OGMs. In addition, translation table request & response packets as well as roaming advertisement packets were transformed to TVLV containers too.
While designing the containers a couple of feature requests were also addressed: The compressed download & upload gateway bandwidth (known as 'gateway class') was replaced by uncompressed bandwidth information permitting granular gateway bandwidth announcement. DAT and network coding feature support is communicated into the mesh through TVLV containers as both subsystems optimize their performance based on the knowledge which mesh participant has the feature enabled.
In the interest of backward compatibility on the packet forwarding level batman-adv received a general unicast packet forwarding mechanism. This mechanism forwards or drops unknown packet types based on the packet type numbering.

The batman-adv built-in packet fragmentation has been redesigned and rewritten as part of the 'fragmentation 2' Google Summer of Code project. Major design goals include: Variable number of fragments (up to 16), generic fragmentation framework capable of handling all types of traffic (the 'old' fragmentation code was limited to payload unicast packets) and 'upper layer' transparency through early re-assembly. The maximum of local clients the translation table is able to handle went up by a factor of 16 (the maximum number of fragmented packets) as full translation table exchanges are able to take advantage of the newly introduced generic fragmentation. If the fragmentation is turned off or the MTU altered the local translation table is automatically reduced to fit the new maximum translation table size. Part of the increased maximum table size is the transition from CRC16 consistency checksumming to CRC32 to reduce collision probability and take advantage of hardware acceleration support. The translation table also gained full VLAN awareness making it the final component receiving full VLAN support. Non-mesh clients are now entirely separated on a per-VLAN basis. As a consequence, the bridge loop avoidance is capable of resolving bridge loops more elegantly (one VLAN might be bridged into the LAN while another one is not), the Distributed ARP Table (DAT) builds its distributed IP-MAC address hash on a per-VLAN basis and the AP isolation allows fine-grained control over which VLAN should be isolated and which should not.

The kernel module sets a dummy rx mode handler on batman-adv' virtual interface creation to be able to accept static multicast listener configurations on top of the batX interface. In order to help wireless drivers to select the suitable traffic queue (e.g. WMM queues), batman-adv peeks into the encapsulated payload IP or VLAN header and sets the skb priority field accordingly. This priority field is used whenever the lower layer drivers (like wireless or ethernet drivers) are unable to retrieve the prioritization themselves due to the batman-adv traffic encapsulation.

batctl

As part of our ongoing effort for better IPv6 support quite a few missing pieces have been tackled: The IP-address-to-MAC-address resolver was extended to also support IPv6 addresses. This was achieved by porting the internal resolver from the '/proc/net/arp' based approach to the RTNL API. As a result the translate, ping and traceroute commands accept IPv6 addresses as destination argument which batctl tries to convert back to MAC addresses in similar to the IPv4 conversion. Furthermore, the tcpdump component was enriched with an IPv6 parser being able to decapsulate TCP, UDP and common ICMPv6 packet types.
The vis export feature has been removed as the kernel module no longer supports the visualization protocol. A number of cleanups and smaller fixes such as marking local functions as static, adding header include guards and more found their way into this release as well.

alfred

The missing libmath linker flag of the alfred-gpsd component was fixed and its manpage installation arranged.

Happy routing,

The B.A.T.M.A.N. team

(51-60/115)

Also available in: Atom