Re: [GNUnet-developers] helpers trying (and failing) to setup routing, iptables, sysctl and such

[Christian Grothoff]

Hi Daniel,

I think a command-line argument is fine, just don't introduce
getopt()-style parsing into the SUID binaries ;-).

Happy hacking!

-Christian

On 04/17/2016 10:21 PM, Daniel Golle wrote:
> Hi!
> 
> I'm currently working on improving IPvX-over-GNUnet on OpenWrt.
> I believe that providing v4/v6/DNS exit service using an OpenWrt box
> is a quite good idea.
> On OpenWrt it doesn't make so much sense to mess around with routing,
> sysctl and iptables rules in the helpers as networking and firewall are
> managed by OpenWrt's services. The situation is also different from a
> desktop system because on an embedded device (think e.g.:
> IPvX-over-GNUnet router) the networking and firewall configuration
> corresponds to a specific use (think: tunneling all traffic through
> GNUnet) and do exactly that. To me it seems desirable to have an
> additional parameter (or even a compile-time configure argument!) for
> the dns- and exit-helpers to make them stay away from routing, sysctl
> and firewall stuff and just assume that an external service will handle
> all that once the interface comes up (because that's what netifd does
> on OpenWrt).
> Depending on your preference (additional cmdline parameter vs.
> compile-time), I'd like to introduce that option, so EXIT will be more
> useful to provide gateways to the ARPA internet in community mesh
> networks -- that's the main application for most of them and GNUnet
> could already offer a decentralized and more secure way to do that.
> 
> Cheers
> 
> Daniel
> 
> _______________________________________________
> GNUnet-developers mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/gnunet-developers
>

signature.asc
Description: OpenPGP digital signature