[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNUnet-developers] helpers trying (and failing) to setup routing, i
Re: [GNUnet-developers] helpers trying (and failing) to setup routing, iptables, sysctl and such
Sun, 17 Apr 2016 22:37:26 +0200
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.6.0
I think a command-line argument is fine, just don't introduce
getopt()-style parsing into the SUID binaries ;-).
On 04/17/2016 10:21 PM, Daniel Golle wrote:
> I'm currently working on improving IPvX-over-GNUnet on OpenWrt.
> I believe that providing v4/v6/DNS exit service using an OpenWrt box
> is a quite good idea.
> On OpenWrt it doesn't make so much sense to mess around with routing,
> sysctl and iptables rules in the helpers as networking and firewall are
> managed by OpenWrt's services. The situation is also different from a
> desktop system because on an embedded device (think e.g.:
> IPvX-over-GNUnet router) the networking and firewall configuration
> corresponds to a specific use (think: tunneling all traffic through
> GNUnet) and do exactly that. To me it seems desirable to have an
> additional parameter (or even a compile-time configure argument!) for
> the dns- and exit-helpers to make them stay away from routing, sysctl
> and firewall stuff and just assume that an external service will handle
> all that once the interface comes up (because that's what netifd does
> on OpenWrt).
> Depending on your preference (additional cmdline parameter vs.
> compile-time), I'd like to introduce that option, so EXIT will be more
> useful to provide gateways to the ARPA internet in community mesh
> networks -- that's the main application for most of them and GNUnet
> could already offer a decentralized and more secure way to do that.
> GNUnet-developers mailing list
Description: OpenPGP digital signature