[Commotion-dev] Fwd: Hack to set node's local time on boot in case remote OLSRd rejects its packets
Ben West
ben at gowasabi.net
Tue May 21 17:04:43 UTC 2013
Howdy again,
I've been having problems with a node that consistently powers up with
local time @ 1 Jan 1970, getting its OLSR packets rejected by other nodes
with correct local time. Henning seems to confirm this is done
intentionally by OLSRd for security reasons, creating a potential
chicken-and-egg problem for any nodes that depend on a getting a valid
route via OLSR to set their local time in the first place.
This particular node is a TP-Link TL-MR3020, although I believe the UBNT
radios are a little better about powering up with their local time not
quite as old as Disco.
Anyhoo, the hack I've put into /etc/rc.local is quoted below. Basically,
it takes the most recent file modification date under
/etc/somewhere/current and sets local time to that. For Commotion, if the
local time issue affects you, you could probably set the path just to
"/etc".
---------- Forwarded message ----------
From: Ben West <ben at gowasabi.net>
Date: Mon, May 20, 2013 at 2:10 PM
Subject: Re: [Olsr-users] Accepting packets from nodes with very old
localtime
To: Henning Rogge <hrogge at googlemail.com>
Cc: olsr-users <olsr-users at lists.olsr.org>
Hi Henning,
Thank you for the explanation. I do try to use link-layer security where
available (e.g. IBSS-RSN encryption), but would still prefer to retain
security mechanisms at other layers too.
Since OLSRd seems to still accept incoming packets whose timestamps are
only a couple years or so out of date, I am able to work-around this
problem by having such nodes run this delightful kludge in /etc/rc.local.
This kludge just takes advantage of the firmware typically having written
recently something to /etc/somewhere/current, and strips out the most
recent file timestamp.
# This is a hack to set localtime to something current enough so that
# remote a OLSRd instance will accept packets from this node.
# Get date/time components of most recent filemod under
/etc/somewhere/current
FILELISTING=`ls -l -u -e /etc/somewhere/current | tail -1`
[ -n "${FILELISTING}" ] && {
FILEMOD_YYYY=`echo $FILELISTING | awk '{printf "%d", $10}'`
FILEMOD_HHMMSS=`echo $FILELISTING | awk '{printf "%s", $9}'`
FILEMOD_DD=`echo $FILELISTING | awk '{printf "%s", $8}'`
FILEMOD_MONTH=`echo $FILELISTING | awk '{printf "%s", $7}'`
# Convert Month to numerical MM format
case "${FILEMOD_MONTH}" in
"Jan") FILEMOD_MM="01" ;;
"Feb") FILEMOD_MM="02" ;;
"Mar") FILEMOD_MM="03" ;;
"Apr") FILEMOD_MM="04" ;;
"May") FILEMOD_MM="05" ;;
"Jun") FILEMOD_MM="06" ;;
"Jul") FILEMOD_MM="07" ;;
"Aug") FILEMOD_MM="08" ;;
"Sep") FILEMOD_MM="09" ;;
"Oct") FILEMOD_MM="10" ;;
"Nov") FILEMOD_MM="11" ;;
"Dec") FILEMOD_MM="12" ;;
*) FILEMOD_MM="01" ;;
esac
# Set local date/time, assuming format "YYYY-MM-DD hh:mm:ss"
DATE="${FILEMOD_YYYY}-${FILEMOD_MM}-${FILEMOD_DD} $FILEMOD_HHMMSS"
date -s "${DATE}"
}
Again, I'm not sure why OLSRd or OSLRd + secure plugin chooses to reject
packets with timestamp (T - 40years), but still accept packets with
timestamp (T - 2years). The kludge above would render this security
provision moot, right?
On Mon, May 20, 2013 at 3:15 AM, Henning Rogge <hrogge at googlemail.com>wrote:
> On Mon, May 20, 2013 at 7:59 AM, Ben West <ben at gowasabi.net> wrote:
> > I've been testing a TP-Link TL-MR3020 running OpenWRT Attitude Adjustment
> > v12.09, albeit custom compiled to include the recent release olsrd
> v0.6.5.4.
> > This particular device has no internal hardware clock (not unusual for
> > low-cost consumer-grade wifi routers), and it does consistently boot up
> with
> > local time at 1 Jan 1970, which I've found causes other nodes to reject
> its
> > OLSR packets.
>
> If I understand the code right the neighbors of the OLSR node should
> forget the last stored timestamp after 30 seconds with no valid
> packet.
>
> > Besides that, is it possible to somehow disable timestamp checking for
> > incoming OLSR packets? Or is this a drawback of using the (now
> presumably
> > outdated) secure plugin?
>
> If you disable the timestamps you will be open to replay attacks,
> which are a trivial way to disrupt your network.
>
> The alternative would be to use some kind of linklayer-security, it
> would offer you practically the same security for OLSR than the secure
> plugin, most likely even more.
>
> Henning Rogge
>
> --
> We began as wanderers, and we are wanderers still. We have lingured
> long enough on the shores of the cosmic ocean. We are ready at last to
> set sail for the stars - Carl Sagan
>
--
Ben West
http://gowasabi.net
ben at gowasabi.net
314-246-9434
--
Ben West
http://gowasabi.net
ben at gowasabi.net
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20130521/4522aefc/attachment.html>
More information about the Commotion-dev
mailing list