Setting up an Ad Hoc NetworkIn order to have a complete setup you will need a linux x86 based computer with internet access. Not needed but very handy is a second network interface card, this is very handy when trouble shooting and uploading firmware to the routers.To build the firmware you need a full development enviroment installed on your computer, this includes gcc, gcc-c++, binutils, kernel-headers, libgcc, glibc, glibc-devel, m4, bison, autoconf, and automake. If the build fails with all of these installed, there is usually some form of debug output which will inform you of what is needed to compile.We chose OpenWRT for our test bed because of its modular compiling system. It is based off the original Linksys firmware, with many added improvements. The OpenWRT firmware has the added benefit of a ssh server to allow remote login to all the routers. This was very handy during our research because it allowed us to remotely monitor all of our routers.Download the following firmware./experimental.tar.gzPrepare the firmware so it can be uploaded to the routercd /usr/local/src
wget http://www.cs.utsa.edu/~jwilson/research/experimental.tar.gz
tar -zxf experimental.tar.gz
cd buildroot
make menuconfigSelect the needed packages from the 'Package Selection' menu../aodv-1.pngIn our test bed we have tcpdump installed, when you select tcpdump it also selects the dependancies automatically (in this case libpcap)../aodv-2.png./aodv-3.pngAfter all the packages which are to be installed are selected, it is time to build the firmware. This process takes quite a bit of time, this is because every part of the firmware is downloaded and then compiled, including the kernel. The following command is all that needs to be ran.makeOnce make has completed the new firmware will be located in the bin directory. In all of our test beds we used the jffs2 firmware image. The reason for this is that all the files are read/write, if the squashfs firmware is used all the files are read only and soft linked to the proper locations from the /opt partition in the flash memory../WRT54GV2_3.01.3_US_code.binBefore installing the firmware you need to login to the router at http://192.168.1.1 (Username: admin / Password: admin) and verify the firmware that is installed. If the firmware is greater than version 3.01.3, you will need to download and install version 3.01.3./aodv-4.pngTo downgrade the firmware installed on the router click on the Administration tab followed by the Firmware Upgrade tab./aodv-7.pngClick the Browse button and then select the WRT54GV2_3.01.3_US_code.bin firmware file. Then click the Upgrade button to downgrade the firmware to version 3.01.3.This process takes about 1-2 minutes./atftp-0.6.2.tar.gzOnce the firmware has been downgraded properly you need to navigate to the Administration tab and select Diagnostics from the submenu../aodv-5.pngSelect the Ping option and a new window will open../aodv-6.pngType the following commands into the 'IP Address or Domain Name:' field.;cp${IFS}*/*/nvram${IFS}/tmp/n
;*/n${IFS}set${IFS}boot_wait=on
;*/n${IFS}commit
;*/n${IFS}show>tmp/ping.logPut the previous commands in 1 at a time and click the 'Ping' button, there is NO spaces at all, if you type these in by hand ensure there are no spaces.This will enable the boot_wait on the router and allow you to upload a custom firmware. This is also a safety measure, if something goes wrong while uploading the firmware, this will allow you to upload a new firmware to the router. If this step is not taken, the router can become useless in the event of a power failure or something those lines while the router is flashing.Once boot_wait is enabled, it is time to install the new firmware which was compiled in step 3.2.You will need to install atftp or another tftp client on the desktop machine in order to upload the firmware to the router.wget http://www.cs.utsa.edu/~jwilson/research/atftp-0.6.2.tar.gz
tar -zxf atftp-0.6.2.tar.gz
cd atftp-0.6.2
./configure
make
make installAt this point you are ready to install the OpenWRT firmware on the Linksys router.atftp
tftp> connect 192.168.1.1
tftp> mode octet
tftp> trace
tftp> timeout 1
tftp> put openwrt-wrt54g-jffs.binDo not hit enter to put the firmware just yet..Unplug the router and while plugging it back in hit enter to put the firmware onto the router. Usually it will fail 1-2 times then catch it and start the upload process. However sometimes it may just not catch it in time, this is because there is only a 5 second window which was enabled with boot_wait. If it doesnt upload the first time unplug the router and plug it back again and attempt to put the firmware again.Once the firmware has been uploaded to the router it will take about 2 minutes to flash. During this process it is vital not to unplug the router. This will cause bad bad things to happen. When the flashing process is complete the power light will be on solid, the DMZ light will be off, and the WLAN light will probably be blinking quite a bit.At this point it is safe to unplug the router and plug it back in. The reason for this is the flash memory is read only at this point and we need to set a root password on the router, this can only be done when the filesystem is mounted read/write. When the router is done rebooting, telnet into it.telnet 192.168.1.1Once inside the router set the root password, this enables SSH and disables telnet.passwdWhen all the password tokens have been updated reboot the router.rebootAt this point the router is a fully functional linux machine, SSH has been enabled so telnet will no longer work. By default the router has a built in firewall which will prohibit SSH access from the WAN port, however you can SSH in from any of the LAN ports and the WLAN ports. If you wish to disable the firewall, login to the router and remove the firewall script from the startup scripts and flush iptables.rm -rf /etc/init.d/S45firewall
iptables --flushWhile it is possible to configure the router to use WDS, OLSR, Static Routing, and AODV at this point, we will only be covering the AODV parameters in this document../aodv-setup.tar.gzThe file listed above is a shell script which needs to be copied to the router and ran. The contents of the script is as follows:1. #!/bin/sh
2. echo "Setting up filesystem..."
3. mkdir -p /root/.ssh
4. cat << /root/.ssh/authorized_keys >> EOF
5. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAo/lxjrvjtukTKXN6wMeUNXcfPFuyl+fD+6SRWiqylwjUqWcXl51IVXt
K8W64aws/oTYHX4fhVi52O26iitPg9KhuMOXqzl+hBXMTxibIxgUxGmEILngNECmkhs3m43gZa0riPiI6rBwAaoJBxB
X9SJYLQ9K4Q0qgv3Cqp+7ibbU= root@gig00
6. EOF
7.
8. cat << /root/.ssh/config >> EOF
9. StrictHostKeyChecking no
10. EOF
11.
12. echo "Setting up root directory in passwd..."
13. sed -i 's/\/tmp/\/root/' /etc/passwd
14.
15. echo "Setting up NVRAM for AODV..."
16. nvram set lan_ifname=vlan0
17. nvram unset lan_ifnames
18. nvram set wifi_ifname=eth1
19. nvram set wifi_proto=static
20. nvram set wifi_netmask=255.255.0.0
21. nvram set wl0_mode=sta
22. nvram set wl0_infra=0
23. nvram set wl0_ssid=reshoc
24. echo -n "Enter Wifi Address: "
25. read ADDR
26. echo $ADDR
27. nvram set wifi_ipaddr=$ADDR
28. nvram commit
29. echo "Prepairing to reboot..."
30. sleep 5
31. rebootThe text on line 5 should all be on 1 line, even though it appears to be on 3 lineslan_ifname: The name of the linux interface which is assigned to the lan ports (4 port switch on back of router).lan_ifnames: We are removing this setting, it is not needed for AODV.wifi_ifname: The name of the linux interface which is assigned to the wireless antennas.wifi_proto: This can be static of dhcp.wifi_netmask: This is the netmask of the wireless interface.wifi_ipaddr: The ipaddress assigned to the wireless interface. This address must be unique on the network.wl0_mode: ap = Access Point (master mode), sta Client mode.wl0_infra: 0 = Ad Hoc mode, 1 = normal AP/Client mode.wl0_ssid: ESSIDOnce the firmware is installed there are some NVRAM settings which need to be enabled in order to use AODV on the Linksys router. You will need to ssh into the router in order to define these settings.In order to test the stability of the AODV network, we developed some utilities for both tcp and udp network tests../utsa-tcp_udp-utils.tar.gzThis file contains the source code for those utilities. In order to compile them you must edit the Makefile.1. MIPS_CC:=/root/buildroot/staging_dir_mipsel/bin/mipsel-linux-gccThe MIPS_CC line needs to point to the mips compiler, this compiler was created in step 3.1./utsa-tcp-udp-utils_1.0.0-1_mipsel.ipkIf you do not wish to compile these utils I have provided a pre-compiled package above.Now it is time to compile and install the AODV Kernel module. We went with the NIST version of AODV for our test bed.http://www.antd.nist.gov/wctg/aodv_kernel/kernel-aodv_v2.2.2.tgzYou will also need our diff file in order to compile this package../kernel-aodv_v2.2.2-cvs.diff.tar.gzcd /usr/local/src
wget http://www.antd.nist.gov/wctg/aodv_kernel/kernel-aodv_v2.2.2.tgz
wget http://www.cs.utsa.edu/~jwilson/research/kernel-aodv_v2.2.2-cvs.diff.tar.gz
tar -zxf kernel-aodv_v2.2.2.tgz
tar -zxf kernel-aodv_v2.2.2-cvs.diff.tar.gz
patch -p1 < kernel-aodv_v2.2.2-cvs.diff
cd kernel-aodv_v2.2.2You will need to edit the Makefile to reflect your compiler settings.1. ifeq ($(TARGET),mipsel)
2. CC :=/root/buildroot/staging_dir_mipsel/bin/mipsel-linux-gcc
3. LD :=/root/buildroot/staging_dir_mipsel/bin/mipsel-linux-ld -r
4. KPATH := /root/buildroot/build_mipsel/linux/include
5. MODCFLAGS := -O2 -DMODULE -D__KERNEL__ -DLINUX
6. MODCFLAGS += -Wall -fomit-frame-pointer
7. MODCFLAGS += -fno-strict-aliasing -G 0 -mno-abicalls -fno-pic
8. MODCFLAGS += -mips32 -Wa,--trap -pipe -mlong-calls
9. MODCFLAGS += -DEXPORT_SYMTAB -fno-common -c -finline-limit=5000 -mno-abicalls
10. endifYou will need to edit lines 2-4 to reflect your OpenWRT installation path.Once you are finished editing the Makefile, simply run make and you will be left with a kernel_aodv.o file which will then need to be copied to the router.In order to properly test we setup a testbed containing 8 routers. One of the routers was used as a malicious node. One problem we ran into was proper spacing between the nodes in order to achive a multi-hop network. In order to correct this issue we tried many things including decreasing the power and rate at which the routers transmit their data. Below is a layout of our current test bed layout../expt-setup.pngThe commands which we used to alter the routers rate and power are as follows./usr/sbin/wl txpwr 128
/usr/sbin/wl rts 50We found that a transmit power of 128 with a rate to send of 50 was good for our test bed. It allowed us to achieve our multi-hop network. In most cases we were able to maintain atleast 2 hops throughout the network, at times however do to various conditions the network would switch between 1 to 3 hops on various nodes.All the routers transmit over wireless for the tests, we have each router hooked up to an ethernet port for administration and to collect data. Each router has a working SSH server which allows us to remotely login to them and upload various utilities. The SSH server is also used to start and stop all the network tests.In order to properly display our data in a human readable form we altered the Glomosim java utility. We made some major changes to the Glomosim java utility, including the ability to change nodes colors based on state information and added a graph which displays the current bandwidth being used on the network.This is an example of our network when an attack is not happening, notice the nodes all show up as being green. This image also shows our bandwidth monitor in action, the bandwidth monitor allows us to see the current bandwidth as well as the average over time of the bandwidth on the network../expt-dos1.pngOnce an attack starts the nodes will turn orange to indicate that an attack is happening as well as list which node is the attacking node. For reference, we send a special state to the Glomosim program to indicate when an attack has stated and when an attack has ended, these show up as red or blue verticle lines on the bandwidth graph../dos1n.PNGBased on this information you can see the difference in the bandwidth being transmitted on the network once an attack happens../dos1t.PNGIn order to aquire the information needed for Glomosim to display the data we had to create various tools. To test the bandwidth we created a UDP server/client in C to run on all the routers. The UDP program sends out packet information to the Glomosim perl server which is then fed into Glomosim for real time monitoring. To display when an attack is made, we created another UDP program in C which reads dmesg every couple seconds and sends the data from the kernel_aodv module to the Glomosim perl server as well. Each of these programs sends different state information to Glomosim which in turn interperts the data and displays node changes as well as bandwidth information.The research was conducted by:boppana@cs.utsa.edusdesilva@cs.utsa.edujwilson@cs.utsa.eduxsu@cs.utsa.eduAdditional Information
http://www.openwrt.org
http://www.seattlewireless.net/index.cgi/LinksysWrt54g
http://www.linksys.com/gpl/
http://www.draytek.co.uk/support/kb_wlan_wds.html
http://pcl.cs.ucla.edu/projects/glomosim/