More on the OLPC: Part 4: Hard core nerd technical specs (Networking)
OLPC networking is pretty cool. Like most of the OLPC dogma, it's made to be used in cooperation with other OLPCs in a group setting. This is really a groupware wireless setup. The OLPCs speak to one another, and share their networking. In addition, if one gets connected to a WAP, all the OLPCs in that group share the Internet access, and the software calculates who has the strongest connection to trace a path.
This example is best shown when you have a bunch talking to one another, but as I only have one, we'll take it as a normal "laptop connected to a WAP" setting.
So I did a little dump on the networking interfaces. There are three. The output has been truncated a little.
eth0 Link encap:Ethernet HWaddr 00:17:C4:10:FD:FF
inet addr:192.168.220.58 Bcast:192.168.220.255 Mask:255.255.255.0
inet6 addr: fe80::217:c4ff:fe10:fdff/64 Scope:Link
[...]
This is the main wireless, the one that connects to a WAP. In this case, it's connected to our conference room, which is useless without a login and password, but it has to assign an IP to give you a login and password. Sadly, since the OLPC browser does not support popups, I never get a prompt.
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
[...]
Loopback looks normal. No place like home.
msh0 Link encap:Ethernet HWaddr 00:17:C4:10:FD:FF
inet addr:169.254.10.191 Bcast:169.254.255.255 Mask:255.255.0.0
inet6 addr: fe80::217:c4ff:fe10:fdff/64 Scope:Link
The "msh" is the mesh network OLPC sets up to share connections. Did you notice the IP? Basic Networking 101 will tell you the 169.254.x.x subnet range is for APIPA: Automatic Private IP Addressing. The most common use you'll find is where Microsoft uses APIPA in instances where a DHCP server is not present. Linux does not automatically assign this, because that's not inherently safe to just assign an IP. But when a Microsoft host cannot find a DHCP server, it will assign itself an address in the 169.254 subnet range, thus allowing communications between itself and other PCs who are using APIPA:
Microsoft: "Whee! I am a network!! Anyone here? Hello? Whee!!!"
In Linux you can do this, too, but it does NOT do it automatically via dhclient or pump, so no "whee!!!" just:
Linux: [sits antisocially in a corner next to potted plant, eyes closed, with headphones, saying nothing]
Until you manually assign an address in some way.
But in THIS case, however, the msh network needs to connect to others in this subnet to do the mesh networking automatically, so... it kind of acts like a MS server looking for other servers to share a connection. I am not sure how safe this is for Linux, just having a network connection does not guarantee automatic hacker advantage in Linux, but an air sniffer among a bunch of OLPCs will see then quickly. I would imagine a malicious or curious hacker would then try to connect to other OLPCs, but I would assume that the msh module would prevent actual access to the box, unless the OLPC user recognizes the hacker as part of their group. But I wonder how this would be affected by airpwn or other spoofing?
BTW: I tested my new T-Mobile access this morning at Starbucks and connected right up to the Internet. If there had been another OLPC within range of mine, theoretically, they could also connect via my OLPC to my T-Mobile account.
BBTW: I am working on getting some good pictures of my OLPC through a coworker's digital camera. They are just for myself, and I doubt they will look different than any other OLPC photos on the web.
This example is best shown when you have a bunch talking to one another, but as I only have one, we'll take it as a normal "laptop connected to a WAP" setting.
So I did a little dump on the networking interfaces. There are three. The output has been truncated a little.
eth0 Link encap:Ethernet HWaddr 00:17:C4:10:FD:FF
inet addr:192.168.220.58 Bcast:192.168.220.255 Mask:255.255.255.0
inet6 addr: fe80::217:c4ff:fe10:fdff/64 Scope:Link
[...]
This is the main wireless, the one that connects to a WAP. In this case, it's connected to our conference room, which is useless without a login and password, but it has to assign an IP to give you a login and password. Sadly, since the OLPC browser does not support popups, I never get a prompt.
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
[...]
Loopback looks normal. No place like home.
msh0 Link encap:Ethernet HWaddr 00:17:C4:10:FD:FF
inet addr:169.254.10.191 Bcast:169.254.255.255 Mask:255.255.0.0
inet6 addr: fe80::217:c4ff:fe10:fdff/64 Scope:Link
The "msh" is the mesh network OLPC sets up to share connections. Did you notice the IP? Basic Networking 101 will tell you the 169.254.x.x subnet range is for APIPA: Automatic Private IP Addressing. The most common use you'll find is where Microsoft uses APIPA in instances where a DHCP server is not present. Linux does not automatically assign this, because that's not inherently safe to just assign an IP. But when a Microsoft host cannot find a DHCP server, it will assign itself an address in the 169.254 subnet range, thus allowing communications between itself and other PCs who are using APIPA:
Microsoft: "Whee! I am a network!! Anyone here? Hello? Whee!!!"
In Linux you can do this, too, but it does NOT do it automatically via dhclient or pump, so no "whee!!!" just:
Linux: [sits antisocially in a corner next to potted plant, eyes closed, with headphones, saying nothing]
Until you manually assign an address in some way.
But in THIS case, however, the msh network needs to connect to others in this subnet to do the mesh networking automatically, so... it kind of acts like a MS server looking for other servers to share a connection. I am not sure how safe this is for Linux, just having a network connection does not guarantee automatic hacker advantage in Linux, but an air sniffer among a bunch of OLPCs will see then quickly. I would imagine a malicious or curious hacker would then try to connect to other OLPCs, but I would assume that the msh module would prevent actual access to the box, unless the OLPC user recognizes the hacker as part of their group. But I wonder how this would be affected by airpwn or other spoofing?
BTW: I tested my new T-Mobile access this morning at Starbucks and connected right up to the Internet. If there had been another OLPC within range of mine, theoretically, they could also connect via my OLPC to my T-Mobile account.
BBTW: I am working on getting some good pictures of my OLPC through a coworker's digital camera. They are just for myself, and I doubt they will look different than any other OLPC photos on the web.