n2n icon indicating copy to clipboard operation
n2n copied to clipboard

Published 20 hours ago verified publisher icon ntop

support linux l2 bridge

Open maxleaf opened this issue 3 years ago • 7 comments
trafficstars

this patch makes the n2n edge node support linux bridge. on receiving the pkts, It learns the relation between pkt's src mac address and n2n node mac address of the last jump on transmiting, It search the switch table to find next n2n node by pkt's dst mac address

nothing special on supernode supernode -c community.list -p 7777 -f

on edge -r option is needed edge -c mynetwork -k mysecretpass -l 124.221.64.200:7777 -r and then use bridge tool add edge0 to the linux bridge brctl addif br-lan edge0

Fixes #204 Fixes #732

maxleaf avatar Aug 09 '22 06:08 maxleaf

I assume the .pyc file not to be part of the PR?

Logan007 avatar Aug 09 '22 17:08 Logan007

Codecov Report

Merging #1044 (c527715) into dev (06c489f) will decrease coverage by 0.06%. The diff coverage is 0.00%.

@@            Coverage Diff             @@
##              dev    #1044      +/-   ##
==========================================
- Coverage   20.74%   20.67%   -0.07%     
==========================================
  Files          47       47              
  Lines        8447     8475      +28     
==========================================
  Hits         1752     1752              
- Misses       6695     6723      +28
Impacted Files Coverage Δ
src/edge_utils.c 1.76% <0.00%> (-0.04%) :arrow_down:

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov-commenter avatar Aug 10 '22 06:08 codecov-commenter

I assume the .pyc file not to be part of the PR?

yeah, it was added unconscious

maxleaf avatar Aug 10 '22 06:08 maxleaf

Well done as far as I can see. Let's see if we get some feedback from testing and then let's merge soon!!

Logan007 avatar Aug 10 '22 07:08 Logan007

However, I still am not aware how the initial packet exchange can work correctly, i.e. the initial learning, but that's probably just me... Could you elaborate a bit on this point please?

As the edge0 interface be added to linux bridge by cmd brctl addif br-lan edge0, the networks connected by n2n edge will be a large broadcast domain, emm... that may be a problem for large network, the inital learning is mainly triggered by arp request which will broadcast throughout the entire virtual lan.

maxleaf avatar Aug 10 '22 07:08 maxleaf

the networks connected by n2n edge will be a large broadcast domain, emm... that may be a problem for large network

I remember concerns raised in #303. But I'd still be fine with your solution because you guarded it by -r option so users must actively enable it. However, as routing and bridging support might still mean different views, I will additionally guard your extensions with an extra "feature-define".

I do not think that we create a collision domain here. But still thinking about the broadcast domain...

Logan007 avatar Aug 10 '22 08:08 Logan007

So I added some documentation to explain the changes. I left some cavities in the /doc/Bridging.md file for you to fill. Could you please add at least the points mentioned and anything else that you might find useful? Thank you!

Once that is completed and we have some feedback from testing here (all, please test if you have an opportunity), we shall merge it very soon.

Logan007 avatar Aug 11 '22 11:08 Logan007

I have tested this merge request.

Here is the command the start the supernode:

sudo ./supernode -c my_community.list -v -v -v -v -f -F ffff -p 7600

here is my_community.list

refugio_xxx

here is the command to start the local "edge"

sudo ./edge -c refugio_xxx -l localhost:7600 -k gggg -f -r -M 1500 -a 192.168.179.2

Here is the sequence to start the remote node:

sudo ./n2n_dev/edge -c refugio_xxx -E -l 192.168.2.120:7600 -M 1500 -k gggg -r -a 0.0.0.0/24 sudo brctl addbr br0 sudo brctl addif br0 eth1 sudo brctl addif br0 edge0 sudo ifconfig br0 192.168.179.1 netmask 255.255.255.0 up sudo ./opendhcpd -i /home/ar/opendhcp.ini -s /home/ar/opendhcp.state -l /home/ar/opendhcp%Y%m%d.log sudo brctl showmacs br0 sudo ifconfig edge0 0.0.0.0 promisc sudo ifconfig eth1 0.0.0.0 promisc

Please note, that the interface eth1 has the ip address 0.0.0.0 and edge0 has the ip address 0.0.0.0 too.

This configuration works, but if i ping from the local node to a device on the real ethernet on the remote node, i get duplicate answers for one device (a chinese netcam)

Trouble start, when i try to add a bridge on the local node too.

sudo ./edge -c refugio_xxx -l localhost:7600 -k gggg -f -r -M 1500 -a 0.0.0.0 14/Oct/2022 10:56:54 [edge_utils.c:3222] adding supernode = localhost:7600 14/Oct/2022 10:56:54 [edge.c:1029] WARNING: switching to AES as key was provided 14/Oct/2022 10:56:54 [edge.c:1069] starting n2n edge 3.1.1-58-g3c777ed Oct 9 2022 17:25:31 14/Oct/2022 10:56:54 [edge.c:1075] using compression: none. 14/Oct/2022 10:56:54 [edge.c:1076] using AES cipher. 14/Oct/2022 10:56:54 [edge_utils.c:392] number of supernodes in the list: 1 14/Oct/2022 10:56:54 [edge_utils.c:394] supernode 0 => localhost:7600 14/Oct/2022 10:56:54 [edge.c:1100] use manually set IP address 14/Oct/2022 10:56:54 [edge.c:1218] created local tap device IP: 0.0.0.0, Mask: 255.255.255.0, MAC: C2:AF:B7:5C:1F:FA 14/Oct/2022 10:56:54 [edge.c:1277] WARNING: n2n has not been compiled with libcap-dev; some commands may fail 14/Oct/2022 10:56:54 [edge.c:1283] dropping privileges to uid=65534, gid=65534 14/Oct/2022 10:56:54 [edge.c:1308] edge started 14/Oct/2022 10:56:54 [edge_utils.c:1160] successfully joined multicast group 224.0.0.68:1968 14/Oct/2022 10:56:54 [edge_utils.c:2605] ERROR: authentication error, MAC or IP address already in use or not released yet by supernode 14/Oct/2022 10:56:57 [edge_utils.c:2605] ERROR: authentication error, MAC or IP address already in use or not released yet by supernode 14/Oct/2022 10:57:00 [edge_utils.c:2605] ERROR: authentication error, MAC or IP address already in use or not released yet by supernode 14/Oct/2022 10:57:03 [edge_utils.c:1568] WARNING: supernode not responding, now trying [localhost:7600] 14/Oct/2022 10:57:03 [edge_utils.c:2605] ERROR: authentication error, MAC or IP address already in use or not released yet by supernode

I assume, i have problems with the ip address of the edge device 0.0.0.0

I try to start the bridge as on the remote node, by no connection to the remote node.

sudo brctl addbr br0 sudo brctl addif br0 edge0 sudo brctl addif br0 enx000ec66ab815 sudo ifconfig br0 192.168.179.2 netmask 255.255.255.0 up sudo ifconfig enx000ec66ab815 0.0.0.0 promisc sudo ifconfig edge0 0.0.0.0 promisc

Should this work?

reinhard1 avatar Oct 14 '22 09:10 reinhard1

I've done a quick test and this PR doesnt appear to break anything (I didnt test the bridging, just interop with existing edges)

@Logan007 perhaps we should merge it? Have you had a chance to test it in any way?

hamishcoleman avatar May 01 '23 03:05 hamishcoleman

Here no opportunity to test in bridged scenario. But apart from cavities in Bridging.md, I think we can merge.

Logan007 avatar May 03 '23 04:05 Logan007