gluon-setup-mode: allow network-triggered activation #2778
Conversation
|
Having dug deeper into this topic, it seems like you can not send raw ethernet frames on Windows using python but require to install WinPCAP. Still, I'd like to keep the action radius of this feature limited to the physical point to point connection. Given that this is a "special" device-specific feature, I'd tend to suggest using a live-Linux distribution if necessary. |
github-actions
bot
added
3. topic: build
blocktrron
force-pushed
the
remote-setup-mode
branch
from
a5a521c to
17b7d2c
Compare
|
I feel like people could confuse the |
|
|
blocktrron
force-pushed
the
remote-setup-mode
branch
from
17b7d2c to
1836d79
Compare
github-actions
bot
added
3. topic: config-mode
blocktrron
force-pushed
the
remote-setup-mode
branch
from
1836d79 to
4d22ca5
Compare
github-actions
bot
removed
3. topic: wireless
| enter-setup-mode | ||
| check-setup-mode |
There was a problem hiding this comment.
Shouldn't it be wait-network-request and send-network-request?
|
There were two ideas regarding this functionality at today's Gluon Meetup:
These are more "or" options, and it is probably not necessary to have both. |
|
I dislike both concepts. As outlined above, the packet is only transferred on the link and filtered at the switch. So you need to a) have direct connection to the node and b) access to the power source. I don't see a real attack vector for the already in-place requirements. |
|
The concern voiced on the Meetup was that Unmanaged Switches won't filter those LLDP Packages. (I've got no idea about that). And then an attacker could take over a node once it reboots. On a Node with "Nightly" Firmware those reboots could take place quite often. |
|
I see this scenario as extremely remote. Even in case you flood LLDP packages over a switch, your threat-model implies an attacker already having compromised the Network the node is attached to. Looking at Gluons architecture, this is either the Uplink-LAN or another mesh-link. The only thing i might be able to compromise on is the blocking on automatic upgrades. The reason for it being AVM introduced it to their newer models using TZ. I however strongly oppose this proposal This only introduces unnecessary complexity without really addressing a threat model apart from a crashing node. |
AiyionPrime
added
the
2. status: waiting-on-review
Could you explain what you mean? The idea behind the proposal was to prevent an attacker in the WAN network to use the reboot following an upgrade to take over a node by requiring two reboots in quick succession. |
AiyionPrime
added
0. type: question
2. status: waiting-on-author
Add a flag to signal Gluon after an upgrade it was in fact updated from an automatic upgrade. Signed-off-by: David Bauer <[email protected]>
blocktrron
force-pushed
the
remote-setup-mode
branch
from
b0f87b7 to
8dc618f
Compare
|
Another stupid/wild idea (but maybe it ain't stupid if it works?) came to my mind: There is another way to communicate with a node that is ensured to only work on a direct link: Changing the advertised link speed. So one might be able to Morse(-like) a magic sequence via ethtool? That contrary to LLDP would never propagate over a network, even with an unmanaged switch. |
|
How about trying to detect a loopback plug? |
|
Whoever needs it: This PR currently resides as a community-packet here and is ready to use: |
|
since it's been a 1.5 years since the last force push. also: I wish you Happy Holidays! :) |
This commit adds the ability to Gluon's Setup-Mode to be activated using a magic packet while booting
Intention
Some Outdoor-Networking devices (Notably the ZyXEL NWA55AXE but also potential Extreme Networks / OCEDO APs) do not have a physical reset-button. Returning to setup-mode involves opening the devices case, attaching the serial console and proceeding from there.
This PR introduces a network-based activation process, where the device waits in preinit prior to setup-mode activation for a magic packet. When received, the setup-mode is activated for this power-cycle.
Implementation
The magic packet uses a custom ethertype and is sent with the LLDP Multicast ethernet-address. On proper networking equipment, this limits the packet scope to the domain of two devices and should not propagate over a switch. Combined with the activation window in preinit, this requires physical access to the device or the PoE Injector.
Usage
There are two c files located in the packet, one used in preinit by the target device and one for sending the magic packet.
Scope
This functionality is per-device specific. To be clear about this, a list of devices should be included in the documentation of Gluon's setup-mode where this activation method is supported.
This is intentional, as a generic invocation will (most likely) not work. Some devices use an internal switch which prevents the CPU from receiving this magic packet, thus breaking this feature.
ToDo
/contribfor setup-mode activation (C program is linux-specific)