search

ntop / n2n

Peer-to-peer VPN
GNU General Public License v3.0
6.14k stars 928 forks source link

support linux l2 bridge #1044

Closed maxleaf closed 1 year ago

maxleaf commented 2 years ago

this patch makes the n2n edge node support linux bridge. on receiving the pkts, It learns the relation between pkt's src mac address and n2n node mac address of the last jump on transmiting, It search the switch table to find next n2n node by pkt's dst mac address

nothing special on supernode supernode -c community.list -p 7777 -f

on edge -r option is needed edge -c mynetwork -k mysecretpass -l 124.221.64.200:7777 -r and then use bridge tool add edge0 to the linux bridge brctl addif br-lan edge0

Fixes #204 Fixes #732

Logan007 commented 2 years ago

I assume the .pyc file not to be part of the PR?

codecov-commenter commented 2 years ago

Codecov Report

Merging #1044 (c527715) into dev (06c489f) will decrease coverage by 0.06%. The diff coverage is 0.00%.

@@            Coverage Diff             @@
##              dev    #1044      +/-   ##
==========================================
- Coverage   20.74%   20.67%   -0.07%     
==========================================
  Files          47       47              
  Lines        8447     8475      +28     
==========================================
  Hits         1752     1752              
- Misses       6695     6723      +28
Impacted Files Coverage Δ
src/edge_utils.c 1.76% <0.00%> (-0.04%) :arrow_down:

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

maxleaf commented 2 years ago

I assume the .pyc file not to be part of the PR?

yeah, it was added unconscious

Logan007 commented 2 years ago

Well done as far as I can see. Let's see if we get some feedback from testing and then let's merge soon!!

maxleaf commented 2 years ago

However, I still am not aware how the initial packet exchange can work correctly, i.e. the initial learning, but that's probably just me... Could you elaborate a bit on this point please?

As the edge0 interface be added to linux bridge by cmd brctl addif br-lan edge0, the networks connected by n2n edge will be a large broadcast domain, emm... that may be a problem for large network, the inital learning is mainly triggered by arp request which will broadcast throughout the entire virtual lan.

Logan007 commented 2 years ago

the networks connected by n2n edge will be a large broadcast domain, emm... that may be a problem for large network

I remember concerns raised in #303. But I'd still be fine with your solution because you guarded it by -r option so users must actively enable it. However, as routing and bridging support might still mean different views, I will additionally guard your extensions with an extra "feature-define".

I do not think that we create a collision domain here. But still thinking about the broadcast domain...

Logan007 commented 2 years ago

So I added some documentation to explain the changes. I left some cavities in the /doc/Bridging.md file for you to fill. Could you please add at least the points mentioned and anything else that you might find useful? Thank you!

Once that is completed and we have some feedback from testing here (all, please test if you have an opportunity), we shall merge it very soon.

reinhard1 commented 1 year ago

I have tested this merge request.

Here is the command the start the supernode:

sudo ./supernode -c my_community.list -v -v -v -v -f -F ffff -p 7600

here is my_community.list

refugio_xxx

here is the command to start the local "edge"

sudo ./edge -c refugio_xxx -l localhost:7600 -k gggg -f -r -M 1500 -a 192.168.179.2

Here is the sequence to start the remote node:

sudo ./n2n_dev/edge -c refugio_xxx -E -l 192.168.2.120:7600 -M 1500 -k gggg -r -a 0.0.0.0/24 sudo brctl addbr br0 sudo brctl addif br0 eth1 sudo brctl addif br0 edge0 sudo ifconfig br0 192.168.179.1 netmask 255.255.255.0 up sudo ./opendhcpd -i /home/ar/opendhcp.ini -s /home/ar/opendhcp.state -l /home/ar/opendhcp%Y%m%d.log sudo brctl showmacs br0 sudo ifconfig edge0 0.0.0.0 promisc sudo ifconfig eth1 0.0.0.0 promisc

Please note, that the interface eth1 has the ip address 0.0.0.0 and edge0 has the ip address 0.0.0.0 too.

This configuration works, but if i ping from the local node to a device on the real ethernet on the remote node, i get duplicate answers for one device (a chinese netcam)

Trouble start, when i try to add a bridge on the local node too.

sudo ./edge -c refugio_xxx -l localhost:7600 -k gggg -f -r -M 1500 -a 0.0.0.0 14/Oct/2022 10:56:54 [edge_utils.c:3222] adding supernode = localhost:7600 14/Oct/2022 10:56:54 [edge.c:1029] WARNING: switching to AES as key was provided 14/Oct/2022 10:56:54 [edge.c:1069] starting n2n edge 3.1.1-58-g3c777ed Oct 9 2022 17:25:31 14/Oct/2022 10:56:54 [edge.c:1075] using compression: none. 14/Oct/2022 10:56:54 [edge.c:1076] using AES cipher. 14/Oct/2022 10:56:54 [edge_utils.c:392] number of supernodes in the list: 1 14/Oct/2022 10:56:54 [edge_utils.c:394] supernode 0 => localhost:7600 14/Oct/2022 10:56:54 [edge.c:1100] use manually set IP address 14/Oct/2022 10:56:54 [edge.c:1218] created local tap device IP: 0.0.0.0, Mask: 255.255.255.0, MAC: C2:AF:B7:5C:1F:FA 14/Oct/2022 10:56:54 [edge.c:1277] WARNING: n2n has not been compiled with libcap-dev; some commands may fail 14/Oct/2022 10:56:54 [edge.c:1283] dropping privileges to uid=65534, gid=65534 14/Oct/2022 10:56:54 [edge.c:1308] edge started 14/Oct/2022 10:56:54 [edge_utils.c:1160] successfully joined multicast group 224.0.0.68:1968 14/Oct/2022 10:56:54 [edge_utils.c:2605] ERROR: authentication error, MAC or IP address already in use or not released yet by supernode 14/Oct/2022 10:56:57 [edge_utils.c:2605] ERROR: authentication error, MAC or IP address already in use or not released yet by supernode 14/Oct/2022 10:57:00 [edge_utils.c:2605] ERROR: authentication error, MAC or IP address already in use or not released yet by supernode 14/Oct/2022 10:57:03 [edge_utils.c:1568] WARNING: supernode not responding, now trying [localhost:7600] 14/Oct/2022 10:57:03 [edge_utils.c:2605] ERROR: authentication error, MAC or IP address already in use or not released yet by supernode

I assume, i have problems with the ip address of the edge device 0.0.0.0

I try to start the bridge as on the remote node, by no connection to the remote node.

sudo brctl addbr br0 sudo brctl addif br0 edge0 sudo brctl addif br0 enx000ec66ab815 sudo ifconfig br0 192.168.179.2 netmask 255.255.255.0 up sudo ifconfig enx000ec66ab815 0.0.0.0 promisc sudo ifconfig edge0 0.0.0.0 promisc

Should this work?

hamishcoleman commented 1 year ago

I've done a quick test and this PR doesnt appear to break anything (I didnt test the bridging, just interop with existing edges)

@Logan007 perhaps we should merge it? Have you had a chance to test it in any way?

Logan007 commented 1 year ago

Here no opportunity to test in bridged scenario. But apart from cavities in Bridging.md, I think we can merge.