Posts Tagged Router

Birth of a new webcomic?

Today I was explaining to someone how data is being transmitted between routers on Internet. Thinking a bit more I believe stories involving routers communicating around the world encountering various stories (blocking firewall, rogue BGP packets, DDoS, etc) could make an interesting webcomic, both on the amusing side and the educational side.

Just so you know I absolutely sucks when it comes to drawing stuff, however the pencil tool in gimp seems to give interesting results (maybe). The easiest is to look at my first drawing explaining the structure of a packet and showing a router getting ready to route one of such packets.

The truck represents the link layer (usually ethernet). The idea with this image was to show that a router will usually just look at the IP layer and never look lower unless it is the target of the packet (ie. bgp sessions, etc).

Anyway I’ll see if I can put another image a bit bigger with frames (let’s try 3~4 frames) and a small fun story involving routers and packets (routers don’t have hands, they manipulate and direct packets with thoughts. Having to move hands would make the routing process too long). Now what’s missing is a name for this potential webcomic (and maybe someone to draw the stuff better than I do ; while I think routers are OK as blobs with big eyes, I need to improve my drawing of a truck and a packet)…

Tags: , , ,

Netindex RS-LJ01, is it GPL compliant?

Being in Japan allows one to find some extraordinary things at the big place which sells almost everything, ranging from bikes to computer parts, health products, video games and food.

My latest discovery is known as RS-LJ01. It is a small Wifi router made to be used anywhere (got a battery for 4 hours of routing) and an USB port to connect a 3G usb stick. With this you can have your Wifi hotspot in your pocket, and bring it anywhere.

The device is interesting, but the interface is all in japanese and I had some troubles with my basic japanese knowledge and some help from Google Translation to understand what was happening. I first configured my 3G login/password and got internet working, then tried to configure the device to use WPA and not WEP, but then I wasn’t able to login to the WPA network. Took me a while to find the reset button. I made new attempt at WPA using the “secondary SSID” option, without much success either.
I would really love to see what’s wrong with the WPA encryption myself (and maybe fix it), but without more informations about the device, it’s not going to be easy.

Read the rest of this entry »

Tags: , , , ,

Modifying incoming packet size on a linux router

Since I’ve setup my linux router, I noticed that some websites weren’t available anymore. The connection was established, sometimes I could even get small pages (ie. redirect pages), but most of the time, the interesting pages didn’t work.

Searching on internet helped me to suspect packet size. If the remote site was sending packets which are too big, they would get dropped, with an icmp reply saying “make things smaller, man” (in computer terms).

However, for some reason it may not work, if icmp packets are dropped, or if anything like this happens.

The symptom in my case was simple. I could access everything from the router itself, but from client computers, connection was hanging forever without data coming… Some tcpdump showed me that the mss (requested max packet size) value in the initial SYN connection packet sent by my router was 1414 while the one sent when the connection came from a client computer was 1460. That’s a 46 bytes difference. Knowing that networking in Japan is not the same as what I’m used to (for example, the VHDSL modem I use to connect to Internet also provides IPv6 directly, while IPv4 is obtained through PPPoE ; I suspect pppoe in fact transits through ipv6), I decided to change the value of mss in the connection packets.

Easier said than done, setting the MTU on ppp0 or changing mss in route didn’t have any impact on the data sent.

When nothing works, it’s time to use iptables for some dirty work:

iptables -I FORWARD 1 -o ppp0 -p tcp -j TCPMSS --tcp-flags syn,fin,ack syn --set-mss 1414

For all forwarded tcp SYN packets to interface ppp0, I set the mss to 1414… and guess what? It works. I can finally access websites that didn’t work. Strange workaround, and something I didn’t think I would ever have to do… well… life is weird.

Tags: , , , ,