[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] helpers trying (and failing) to setup routing, i

From: Christian Grothoff
Subject: Re: [GNUnet-developers] helpers trying (and failing) to setup routing, iptables, sysctl and such
Date: Sun, 17 Apr 2016 22:37:26 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.6.0

Hi Daniel,

I think a command-line argument is fine, just don't introduce
getopt()-style parsing into the SUID binaries ;-).

Happy hacking!


On 04/17/2016 10:21 PM, Daniel Golle wrote:
> Hi!
> I'm currently working on improving IPvX-over-GNUnet on OpenWrt.
> I believe that providing v4/v6/DNS exit service using an OpenWrt box
> is a quite good idea.
> On OpenWrt it doesn't make so much sense to mess around with routing,
> sysctl and iptables rules in the helpers as networking and firewall are
> managed by OpenWrt's services. The situation is also different from a
> desktop system because on an embedded device (think e.g.:
> IPvX-over-GNUnet router) the networking and firewall configuration
> corresponds to a specific use (think: tunneling all traffic through
> GNUnet) and do exactly that. To me it seems desirable to have an
> additional parameter (or even a compile-time configure argument!) for
> the dns- and exit-helpers to make them stay away from routing, sysctl
> and firewall stuff and just assume that an external service will handle
> all that once the interface comes up (because that's what netifd does
> on OpenWrt).
> Depending on your preference (additional cmdline parameter vs.
> compile-time), I'd like to introduce that option, so EXIT will be more
> useful to provide gateways to the ARPA internet in community mesh
> networks -- that's the main application for most of them and GNUnet
> could already offer a decentralized and more secure way to do that.
> Cheers
> Daniel
> _______________________________________________
> GNUnet-developers mailing list
> address@hidden

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]