[Chilli] Coova-Chilli Multi Tenanency Mode

David Bird david at coova.com
Thu Feb 7 17:19:05 UTC 2013


To serialize the iptables, you can edit the up.sh/down.sh scripts to
wrap all the commands inside something like:


(
flock -s 200

# ... commands executed under lock ...

) 200>/tmp/.chilli-flock

David

On Thu, 2013-02-07 at 16:44 +0000, Russell Mike wrote:
> 
> 
> 
> On Thu, Feb 7, 2013 at 4:05 PM, Luis Ferreira <lferreira at cabocom.cv>
> wrote:
> 
> 
> Luic SAID  
> 
> 
> Hello everyone,
>         
>  1. It could be related to iptable locking, because I've got a bit of
> success if I add "sleep 5" on /etc/init.d/chilli after starting each
> vlan. It's not 100% win, but at least the success rate increased.
>         
> 
> 
> Mike SAID: 
> I can agree to your point. But i do not use different script for
> starting multiple instances (vlans) the same "/etc/init.d/chilli
> start" does starts everything. But i have been advised to write a
> different script, then i will add the wait between the "start" of each
> instance. The following line in start script just check "chilli.conf"
> files and start everything.  MULTI=
> $(ls /usr/local/etc/chilli/*/chilli.conf 2>/dev/null)
> 
> 
> 
> 
> Luic Asked:  
>         2. The iptables file located at
>         v /usr/local/var/run/chilli.tun0.sh is it generated every time
>         chilli boots? Is it executed on chilli process startup? Could
>         that be the issue? Not giving enough time for the OS to write
>         the file, and ask it to run the script? If it’s that, that
>         would explain why is a sporadic problem happening on multi
>         chilli, because is starting several chilli processes as fast
>         as the machine is capable of.
>         
>         
>         Mike SAID: 
>         
>         Yes Luic, the file, the iptables rule under "/var/run/tun*.sh
>         is created every time.  Because i have seen that when there is
>         login page problem from a VLAN, i have verify that iptables
>         file exists normal for that tunnel
>         "/var/run/tun_problem_vlan.sh. Well, are you satisfied with
>         the contents for the iptables file? do you think that i still
>         need the iptable rule you advised earlier? in the above
>         section of the communication?
>         
>          
>         
>         Atentamente,
>         
>         Luis Ferreira
>         
>         Director Técnico
>         
>         Cabocom S.A.
>         
>          
>         
>         -----Mensagem original-----
>         De: Petr Štetiar [mailto:ynezz at true.cz] 
>         Enviada: quinta-feira, 7 de Fevereiro de 2013 05:35
>         Para: Robert White
>         Cc: Luis Ferreira; chilli at coova.org
>         Assunto: Re: [Chilli] Coova-Chilli Multi Tenanency Mode
>         
>         Robert White <rwhite at globalgossip.net> [2013-02-07 13:40:21]:
>         
>          Ynezz SAID: 
>         
>         All rules from up.sh except the following seem to get created:
>         
>          ipt_in -p tcp -m tcp --dport $UAMPORT --dst $ADDR -j ACCEPT
>         
>         
>          And sometimes some other rules :)
>         
>          It seems to only ever happen in multi-instance environments
>         so maybe
>         
>         it is something to do with iptables locking and not allowing
>         the 
>         
>         insertion of the rule while another instance is trying to do
>         the same?  I'm not sure.
>         
>  
>         Yes, maybe something like that, I didn't investigated it in
>         the detail either.
>         
>         I've added simple locking into the coova-chilli init.d script
>         and added wildcard system wide iptables rules like "-i tun+"
>         and it improved a lot.
>         
>          -- ynezz
>         
>         
> Mike Wrote: 
> 
> 
> HI Yneez, 
> 
> 
> It is Fully functional UB 12.4LTS x86_64, suffering with this disease
> only. It will help others as well, if your suggestion fixed the
> problem. Are you willing to provide more information so that i can
> edit the script & give a try? How the below is done you said
> 
> 
> I've added simple locking into the coova-chilli init.d script and
> added wildcard system wide iptables rules like "-i tun+" and it
> improved a lot.
> 
> 
> 
> 
> 
> Big Thanks 2 Everyone !!!! 
> 
> 
> Thanks RM --
> 
> 
> 
> 
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli

-- 
--
David Bird
http://www.linkedin.com/in/dwbird
https://twitter.com/wlanmac



More information about the Chilli mailing list