Index of /swap2
swap2 is the successor to swap, see http://www.sssg.whoi.edu/swap for details
on the original swap system. The construction details and goals remain
as before. swap2 uses the same hardware that swap does, soekris 4521
systems with prism pcmcia radio cards. swap2 also supports atheros radio
cards concurrently. We have used 3 radio cards simultaneously in the soekris
hardware. It is no longer necessary to update the prism firmware.
swap2, based on pyramid linux, offers significantly improved performance
over swap. It uses olsr routing, and has none of the routing issues that
swap has. For unknown reasons, link delays and signal to noise ratios have
greatly improved. The system also runs at a very low load average, about
.05 versus 1.8 for swap. This is primarily due to the elimination of the
aladin daemon for network address assignment. olsr finds new routes very
quickly, typically in less than a minute.
This is the primary repository for swap2. Using 2 files from this directory,
you can easily build working swap2 systems. The installation program is named
makepyramidcf, and the image file it needs is named swap2.v1.tgz
Edit makepyramidcf if you wish. Probably the only thing worth changing
is the variable tardir, the directory where swap2.v1.tgz lives. You must
have a working compact flash (cf) reader/writer to make the system.
If makepyramidcf is invoked with the argument noperl, it will make a cf
card that does not include perl. This is useful if you are trying to install
on a 64mb compact flash card, since the perled version won't fit.
Then execute makepyramidcf. You must understand a bit about partitioning
in linux, to complete fdisk. After finishing fdisk and prompting you to
reinsert the card, makepyramidcf runs to completion.
The default installation makes a ton of assumptions, but if there is a
swap2 system nearby that uses the same class C subnet, currently 192.168.89.,
the systems will connect and function fully.
This installation is a ship installation. That means that there is
no default route, and that the firewall rules are slightly relaxed.
This can be changed easily to shore mode by copying
/etc/network/firewall-nat.shore over /etc/network/firewall-nat.
To set olsr to advertise a default route, copy /etc/olsrd.conf.shore over
/etc/olsrd.conf. You must also set a gateway for one of the network interfaces.
There is little difference in the 2 firewalls. The shore firewall does not
allow forwarding to radio interfaces. However it can be useful to use the less
restrictive ship firewall for a shore installation. In that case it is
possible to route to swap2 systems from shore by setting a route from a
shore machine to use the shore swap box as a gateway for the swap subnet.
This installation is slanted heavily towards a whoi installation, but this
shouldn't present any problems. Things like resolv.conf, ntp.conf and root's
collection of host keys in /root/.ssh, are examples of this sort of bias.
The following files should be changed when configuring a system:
/ro/etc/hostname
/etc/network/firewall-nat
/etc/network/interfaces
/etc/olsrd.conf if changing to a shore install (has a default route)
The following files should also be considered when customizing a system:
/root/.ssh/ (all files)
/etc/ntp.conf
/etc/dnsmasq.conf (the configuration editor manipulates this heavily)
/etc/hosts
/etc/resolv.conf
If you build 2 systems in this way, they cannot link, since each is
using the same (default) ip address 192.168.89.56. However, if you change
the wireless ip address in one of them, they will work together.
This is set in /etc/network/interfaces. Edit the entry for wlan0 if you are
using a prism radio, or ath0 if you are using an atheros radio.
If you wish to make several systems, and customize them, the directory "sources"
has everything you need. All of our additions to the original pyramid 1.0b5
are contained in the subdirectory tree named "additions". You can change any
of these, as well as copy files from the the pyramid-1.0b5 directory, modify
them and place them in the subdirectory "additions".
Before you execute mkbuild for the first time, you may want to change the
value of the base directory for the development system, "rootdir".
We use /var/ftp/pub/swap2 as that directory.
When you want to make a customized version of swap2, execute mkbuild. It
assembles a clean file tree in "build", by copying the contents of
"pyramid-1.0b4", "pyramid.perl" and "additions" After it makes a new compressed
tar image file of everything in "build", it executes makepyramidcf. It is
less than a 15 minute operation to make simple changes in the source tree,
make a new cf card, and reboot with the new system.
After you have executed mkbuild, you can see the exact original version of the
filesystem on the cf card in "build". The current version is also viewable at
http://www.sssg.whoi.edu/swap2/sources/build
There is a directory here named "updates". It will be populated with changes
made to swap2 after the initial realease. It will be maintained until the
next major release. Running the program get_updates.swap2, located in the
root directory of a swap2 system, will get these updates and install them on a
working swap2 system. This provides another method of making customized
versions of swap2. By building your own source tree similar to that in updates,
and changing the values of host and updates in get_updates.swap2 to point to
your own server, you can very easily maintain your own distribution.
We have arbitrarily chosen to preconfigure swap2 in the private class C
network space 192.168.89., but you can change this by editing
/etc/network/interfaces and /etc/network/firewall.nat. Unlike swap, radio
ip addresses are pre-assigned. Since olsr is so powerful, any subnet
connected via radio or ethernet can be routed. So the need for lots of unused
addresses goes away, and the 254 available are probably enough for the unols
fleet. Only the shore based stations need have unique network addresses.
All other addresses can be used almost arbitrarily, given the normal seperation
of vessels. On the odd chance that 2 vessels how up with the same ip address,
there is a low impact solution; just change 1 ip address. This is also a
zero management solution.
Since there is no dmz or swap subnet maintained by the swap2 box, the use of
the ethernet ports is arbitrary. We generally use eth0 for the ship or shore
network connction, and ignore eth1. However you can simply add a dmz by
configuring an unused ethernet port, and telling olsr to route it.
There is a new firewall philosophy here, forward everything and let almost
nothing into the swap2 system itself. It makes lots of things like voip
very happy. Whoever actually uses a swap2 system as a router is responsible
for their own firewall. swap2 is not your firewall answer.
Wireless security has been a concern at all of our swap development meetings.
We decided to ignore the issue. Although swap2 runs in ad-hoc mode, it
doesn't offer any dhcp services, therefore no ip address. Even if a hacker
assigns an ip address, the routing would be an issue. It is highly unlikely
that they would be running olsr. We have had several systems running in very
public places for about 3 months now, and have seen no attempt to use the
system.
Not all members of the swap development group agree with this philosophy, and
feel that swap2 should not have been released without increased wireless
security. I feel that it works for us and solves all of the old swap problems.
Therefore we decided to release it as it is. Given the ease of installing
updates on working systems, we feel this is a safe approach.
We have not tried dhcp, name serving, dynamic dns or many of
the other things that pyramid can do. The new pyramid is simply amazing.
There are many, many options we are not using, but they are there. We have
used portforwarding, configured from the web interface, and it works perfectly.
The web interface to the configuration editor is available via https. The
trick is to figure out how to access some interface on the system. It could
be via ethernet or wireless. Serial configuration is available too, but
only in command line mode.
The web configuration editor seems to have some issues that we have not been
able to resolve. Particularly, default routes often go missing, and the
masquerading flag seems to change sometimes when other things are changed.
To fix these problems, it is usually adequate to repeat the changes just made,
while checking and modifying the masquerading flags and default routes. It
might well be operator error.
The initial root password is passwd. There is an alias for the
passwd program that preserves password changes across reboots.
If you install swap2development.tgz on your system, you will have our
entire development system, with the exception of the archive directory.
If you install it at /var/ftp/pub/swap2, it will work without any changes.
The file swap2development.tgz is updated nightly.
June 7th, 2007
jim akens, laura stolp, woods hole oceanographic institution (whoi)
![[ICO]](/icons/blank.gif){kind=icon}
![[DIR]](/icons/back.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
![[ ]](/icons/tar.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}