Setting up an Ad Hoc Network

1. Introduction

1.1. Background

2. Prerequisites

2.1. What you need

3. Firmware

3.1. OpenWrt

3.2. Compiling

3.3. Downgrading Firmware

3.4. Installing

3.5. NVRAM

4. UTSA AODV Setup

4.1. Required Files

4.2. Testbed

4.3. Java Tool

5. Credits

1. Introduction

1.1. Background

2. Prerequisites

2.1. What you need

In order to have a complete setup you will need a linux x86 based computer with internet access. Not needed but very handy is a second network interface card, this is very handy when trouble shooting and uploading firmware to the routers.

To build the firmware you need a full development enviroment installed on your computer, this includes gcc, gcc-c++, binutils, kernel-headers, libgcc, glibc, glibc-devel, m4, bison, autoconf, and automake. If the build fails with all of these installed, there is usually some form of debug output which will inform you of what is needed to compile.

3. Firmware

3.1. OpenWrt

We chose OpenWRT for our test bed because of its modular compiling system. It is based off the original Linksys firmware, with many added improvements. The OpenWRT firmware has the added benefit of a ssh server to allow remote login to all the routers. This was very handy during our research because it allowed us to remotely monitor all of our routers.

3.2. Compiling

Download the following firmware

Required File: experimental.tar.gz

Prepare the firmware so it can be uploaded to the router

cd /usr/local/srcwget http://www.cs.utsa.edu/~jwilson/research/experimental.tar.gztar -zxf experimental.tar.gzcd buildrootmake menuconfig

Select the needed packages from the 'Package Selection' menu.

In our test bed we have tcpdump installed, when you select tcpdump it also selects the dependancies automatically (in this case libpcap).

After all the packages which are to be installed are selected, it is time to build the firmware. This process takes quite a bit of time, this is because every part of the firmware is downloaded and then compiled, including the kernel. The following command is all that needs to be ran.

make

Once make has completed the new firmware will be located in the bin directory. In all of our test beds we used the jffs2 firmware image. The reason for this is that all the files are read/write, if the squashfs firmware is used all the files are read only and soft linked to the proper locations from the /opt partition in the flash memory.

3.3. Downgrading Firmware

Required File: WRT54GV2_3.01.3_US_code.bin

Before installing the firmware you need to login to the router at http://192.168.1.1 (Username: admin / Password: admin) and verify the firmware that is installed. If the firmware is greater than version 3.01.3, you will need to download and install version 3.01.3

To downgrade the firmware installed on the router click on the Administration tab followed by the Firmware Upgrade tab

Click the Browse button and then select the WRT54GV2_3.01.3_US_code.bin firmware file. Then click the Upgrade button to downgrade the firmware to version 3.01.3.

(Note: This process takes about 1-2 minutes)

3.4. Installing

Required File: atftp-0.6.2.tar.gz

Once the firmware has been downgraded properly you need to navigate to the Administration tab and select Diagnostics from the submenu.

Select the Ping option and a new window will open.

Type the following commands into the 'IP Address or Domain Name:' field.

;cp${IFS}*/*/nvram${IFS}/tmp/n;*/n${IFS}set${IFS}boot_wait=on;*/n${IFS}commit;*/n${IFS}show>tmp/ping.log

(Note: Put the previous commands in 1 at a time and click the 'Ping' button, there is NO spaces at all, if you type these in by hand ensure there are no spaces.)

This will enable the boot_wait on the router and allow you to upload a custom firmware. This is also a safety measure, if something goes wrong while uploading the firmware, this will allow you to upload a new firmware to the router. If this step is not taken, the router can become useless in the event of a power failure or something those lines while the router is flashing.

Once boot_wait is enabled, it is time to install the new firmware which was compiled in step 3.2.

You will need to install atftp or another tftp client on the desktop machine in order to upload the firmware to the router.

wget http://www.cs.utsa.edu/~jwilson/research/atftp-0.6.2.tar.gztar -zxf atftp-0.6.2.tar.gzcd atftp-0.6.2./configure makemake install

At this point you are ready to install the OpenWRT firmware on the Linksys router.

atftptftp> connect 192.168.1.1tftp> mode octettftp> tracetftp> timeout 1tftp> put openwrt-wrt54g-jffs.bin

(Note: Do not hit enter to put the firmware just yet..)

Unplug the router and while plugging it back in hit enter to put the firmware onto the router. Usually it will fail 1-2 times then catch it and start the upload process. However sometimes it may just not catch it in time, this is because there is only a 5 second window which was enabled with boot_wait. If it doesnt upload the first time unplug the router and plug it back again and attempt to put the firmware again.

Once the firmware has been uploaded to the router it will take about 2 minutes to flash. During this process it is vital not to unplug the router. This will cause bad bad things to happen. When the flashing process is complete the power light will be on solid, the DMZ light will be off, and the WLAN light will probably be blinking quite a bit.

At this point it is safe to unplug the router and plug it back in. The reason for this is the flash memory is read only at this point and we need to set a root password on the router, this can only be done when the filesystem is mounted read/write. When the router is done rebooting, telnet into it.

telnet 192.168.1.1

Once inside the router set the root password, this enables SSH and disables telnet.

passwd

When all the password tokens have been updated reboot the router.

reboot

At this point the router is a fully functional linux machine, SSH has been enabled so telnet will no longer work. By default the router has a built in firewall which will prohibit SSH access from the WAN port, however you can SSH in from any of the LAN ports and the WLAN ports. If you wish to disable the firewall, login to the router and remove the firewall script from the startup scripts and flush iptables.

rm -rf /etc/init.d/S45firewalliptables --flush

3.5. NVRAM

While it is possible to configure the router to use WDS, OLSR, Static Routing, and AODV at this point, we will only be covering the AODV parameters in this document.

Required File: aodv-setup.tar.gz

The file listed above is a shell script which needs to be copied to the router and ran. The contents of the script is as follows:

1.  #!/bin/sh2.  echo "Setting up filesystem..."3.  mkdir -p /root/.ssh4.  cat << /root/.ssh/authorized_keys >> EOF5.  ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAo/lxjrvjtukTKXN6wMeUNXcfPFuyl+fD+6SRWiqylwjUqWcXl51IVXtK8W64aws/oTYHX4fhVi52O26iitPg9KhuMOXqzl+hBXMTxibIxgUxGmEILngNECmkhs3m43gZa0riPiI6rBwAaoJBxBX9SJYLQ9K4Q0qgv3Cqp+7ibbU= root@gig006.  EOF7. 8.  cat << /root/.ssh/config >> EOF9.  StrictHostKeyChecking no10. EOF11.12. echo "Setting up root directory in passwd..."13. sed -i 's/\/tmp/\/root/' /etc/passwd14. 15. echo "Setting up NVRAM for AODV..."16. nvram set lan_ifname=vlan017. nvram unset lan_ifnames18. nvram set wifi_ifname=eth119. nvram set wifi_proto=static20. nvram set wifi_netmask=255.255.0.021. nvram set wl0_mode=sta22. nvram set wl0_infra=023. nvram set wl0_ssid=reshoc24. echo -n "Enter Wifi Address: "25. read ADDR26. echo $ADDR27. nvram set wifi_ipaddr=$ADDR28. nvram commit29. echo "Prepairing to reboot..."30. sleep 5 31. reboot

(Note: The text on line 5 should all be on 1 line, even though it appears to be on 3 lines)

• lan_ifname: The name of the linux interface which is assigned to the lan ports (4 port switch on back of router).
• lan_ifnames: We are removing this setting, it is not needed for AODV.
• wifi_ifname: The name of the linux interface which is assigned to the wireless antennas.
• wifi_proto: This can be static of dhcp.
• wifi_netmask: This is the netmask of the wireless interface.
• wifi_ipaddr: The ipaddress assigned to the wireless interface. This address must be unique on the network.
• wl0_mode: ap = Access Point (master mode), sta Client mode.
• wl0_infra: 0 = Ad Hoc mode, 1 = normal AP/Client mode.
• wl0_ssid: ESSID

Once the firmware is installed there are some NVRAM settings which need to be enabled in order to use AODV on the Linksys router. You will need to ssh into the router in order to define these settings.

4. UTSA AODV Setup

4.1. Required Files

In order to test the stability of the AODV network, we developed some utilities for both tcp and udp network tests.

Required File: utsa-tcp_udp-utils.tar.gz

This file contains the source code for those utilities. In order to compile them you must edit the Makefile.

1.  MIPS_CC:=/root/buildroot/staging_dir_mipsel/bin/mipsel-linux-gcc

(Note: The MIPS_CC line needs to point to the mips compiler, this compiler was created in step 3.1)

Required File: utsa-tcp-udp-utils_1.0.0-1_mipsel.ipk

If you do not wish to compile these utils I have provided a pre-compiled package above.

Now it is time to compile and install the AODV Kernel module. We went with the NIST version of AODV for our test bed.

Required File: kernel-aodv_v2.2.2.tgz

You will also need our diff file in order to compile this package.

Required File: kernel-aodv_v2.2.2-cvs.diff.tar.gz

cd /usr/local/srcwget http://www.antd.nist.gov/wctg/aodv_kernel/kernel-aodv_v2.2.2.tgzwget http://www.cs.utsa.edu/~jwilson/research/kernel-aodv_v2.2.2-cvs.diff.tar.gztar -zxf kernel-aodv_v2.2.2.tgztar -zxf kernel-aodv_v2.2.2-cvs.diff.tar.gzpatch -p1 < kernel-aodv_v2.2.2-cvs.diffcd kernel-aodv_v2.2.2

You will need to edit the Makefile to reflect your compiler settings.

1.  ifeq ($(TARGET),mipsel)2.         CC :=/root/buildroot/staging_dir_mipsel/bin/mipsel-linux-gcc3.         LD :=/root/buildroot/staging_dir_mipsel/bin/mipsel-linux-ld -r4.         KPATH := /root/buildroot/build_mipsel/linux/include5.         MODCFLAGS := -O2 -DMODULE -D__KERNEL__ -DLINUX6.         MODCFLAGS += -Wall -fomit-frame-pointer7.         MODCFLAGS += -fno-strict-aliasing -G 0 -mno-abicalls -fno-pic8.         MODCFLAGS += -mips32 -Wa,--trap -pipe -mlong-calls9.         MODCFLAGS += -DEXPORT_SYMTAB -fno-common -c -finline-limit=5000 -mno-abicalls10. endif

(Note: You will need to edit lines 2-4 to reflect your OpenWRT installation path.)

Once you are finished editing the Makefile, simply run make and you will be left with a kernel_aodv.o file which will then need to be copied to the router.

4.2. Testbed

In order to properly test we setup a testbed containing 8 routers. One of the routers was used as a malicious node. One problem we ran into was proper spacing between the nodes in order to achive a multi-hop network. In order to correct this issue we tried many things including decreasing the power and rate at which the routers transmit their data. Below is a layout of our current test bed layout.

The commands which we used to alter the routers rate and power are as follows.

/usr/sbin/wl txpwr 128/usr/sbin/wl rts 50

We found that a transmit power of 128 with a rate to send of 50 was good for our test bed. It allowed us to achieve our multi-hop network. In most cases we were able to maintain atleast 2 hops throughout the network, at times however do to various conditions the network would switch between 1 to 3 hops on various nodes.

All the routers transmit over wireless for the tests, we have each router hooked up to an ethernet port for administration and to collect data. Each router has a working SSH server which allows us to remotely login to them and upload various utilities. The SSH server is also used to start and stop all the network tests.

4.3. Java Tool

In order to properly display our data in a human readable form we altered the Glomosim java utility. We made some major changes to the Glomosim java utility, including the ability to change nodes colors based on state information and added a graph which displays the current bandwidth being used on the network.

This is an example of our network when an attack is not happening, notice the nodes all show up as being green. This image also shows our bandwidth monitor in action, the bandwidth monitor allows us to see the current bandwidth as well as the average over time of the bandwidth on the network.

Once an attack starts the nodes will turn orange to indicate that an attack is happening as well as list which node is the attacking node. For reference, we send a special state to the Glomosim program to indicate when an attack has stated and when an attack has ended, these show up as red or blue verticle lines on the bandwidth graph.

Based on this information you can see the difference in the bandwidth being transmitted on the network once an attack happens.

In order to aquire the information needed for Glomosim to display the data we had to create various tools. To test the bandwidth we created a UDP server/client in C to run on all the routers. The UDP program sends out packet information to the Glomosim perl server which is then fed into Glomosim for real time monitoring. To display when an attack is made, we created another UDP program in C which reads dmesg every couple seconds and sends the data from the kernel_aodv module to the Glomosim perl server as well. Each of these programs sends different state information to Glomosim which in turn interperts the data and displays node changes as well as bandwidth information.

5. Credits

The research was conducted by:

Additional Information