* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download dm_ipv6_lana
Survey
Document related concepts
Deep packet inspection wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Computer network wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Internet protocol suite wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
Research and developments Introduction to IPv6 Lana Abadie, Februar 5th 2008 Outline • Network – OSI model – IPv4 – IPv6 • Programming – – – – Dual/separated architecture IPv6 API Porting application to IPv6 Getaddrinfo Network IP in the OSI model Application : telnet Application Presentation Presentation Session Session Transport : TCP Transport Network : IP Network Data Link : Ethernet Data Physical Physical IPv4 stack Protocol • Since 1973 • Unreliable : best effort service • 32-bit addresses : 2^32 = 4.294.967.296 Header Version IHL TOS Identification TTL Protocol Length Fragment flags offset checksum Source address (32 bits) destination address (32 bits) Options padding IHL : Internet Header length TOS: type of service TTL : time to live IPv4 : problems • Exhaustion of addresses : around 2011 • Unequal geographical distribution (>50% USA) • New technologies and features (mobile computing, multicast, etc.) • Routing too complicated Move to IPv6 IPv6 Main objectives : • • • • Increase address space Reduce routing complexity Best security Coexist pacefully with the IPv4 Protocol • IETF Standard since 1996 • 128 bit addresses (3.4x1038) • Header simplification IPv6 Header Which IP version : v4 or v6? Flow control : useful when congestion Identify the flow : all the packets within the same context have the same flow number Traffic class Payload Length Version Flow label Next Hop -limit header Source address (32 bits) destination address (32 bits) IPv6 : what’s new • Notation : – 8000:0000:0000:0000:0123:4567:89AB:CDEF becomes 8000::::123:4567:89AB:CDEF – IPv4 @ :::192.31.254.46 – Not case-sensitive • No need to fragment : error if the packet is too big • No error checksum : gain time + done on the data link and transport layer • Geographical addresses: subnet prefix : 64 bits 3 5 bits 010 registryID n bits 56-n bits ProviderID SubscriberID Facilitate a broad geographic address allocation 64 bits IntraSubscriber Extension headers (new) • New method to implement options • After the IPv6 header • Each item is coded as (Type, Length, Variable) : – – – – – – Hop-by-Hop options (00) : options for the routers Destination options Routing (43) : like in IPv4 (list of routers to visit, etc) Fragment (only the source host can fragment packets) Authentication (51) Encapsulation security Payload (only the host can open the IP packet) Type of addresses 3 types of addresses in IPv6: • Unicast : node addresses : 1-1 communication • Multicast : group of nodes addresses (replaces broadcast) • Anycast : services addresses (receives by a set of nodes) Destination scopes : • Link-local : all the hosts located on the same link • Site-local : all the hosts part of the same site • Global : address used to communicate with the outside world A NIC can be associated with different addresses : e.g root# ip address list eth1 3: eth0: <broadcast, multicast, up mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:0c:29:c2:52:ff brd ff:ff:ff:ff:ff:ff inet6 fe80::20c:29ff:fec2:52ff/10 scope link inet6 3ffe:1200:4260:f:20c:29ff:fec2:52ff/64 scope global Stateless autoconfiguration • New in IPv6 : No manual intervention, apart from the DNS • No need to use DHCP Obtain a link-local address (system builds it): 1. generation of a 64-bit local identifier based on the MAC : e.g. 20c:29ff:fec2:52ff 2. verification of the uniqueness of the tentative address a. the host sends a ICMP packet with source = :: (undefined) and destination = fe80:: 20c:29ff:fec2:52ff b. If a node replies, means address already used, if not address is unique 3. if address unique, fe80:: 20c:29ff:fec2:52ff is assigned to the NIC, if not, a manual operation is required Obtain a global address • Usually prepend the subnet prefix to the Interface ID • Verification of the uniqueness address Programming IPv6 & programmers • Need to port applications as IPv6 is coming soon • Need to ensure pacific coexistence between IPv4-v6 : period of transition • Choice of architecture : dual or separated stack: IPv6 API IETF standardized two sets of extensions: RFC 3493 and RFC 3542. • RFC 3493 Basic Socket Interface Extensions for IPv6: – Core socket functions – Address data structures – Name-to-Address translation functions – Address conversion functions • RFC 3542 Advanced Sockets Application Program Interface (API) for IPv6 – IPv6 header – extension headers – extend the capability of IPv6 raw socket Main changes New family address IPv4 socket(PF_INET,SOCK_STREAM,0); /* TCP socket */ socket(PF_INET,SOCK_DGRAM,0); /* UDP socket */ IPv6 #define #define AF_INET6 PF_INET6 10 AF_INET6 socket(PF_INET6,SOCK_STREAM,0); /* TCP socket */ socket(PF_INET6,SOCK_DGRAM,0); /* UDP socket */ New structures IPv4 struct sockaddr_in struct sockaddr IPv6 struct sockaddr_in6 IPv4/v6 struct sockaddr_storage Examples IPv4 IPv6: IPv4 /IPv6: struct sockaddr_in addr; socklen_t addrlen = sizeof(addr); // fill addr structure using an IPv4 address // before calling socket funtion bind(sockfd,(struct sockaddr *)&addr, addrlen); struct sockaddr_in6 addr; socklen_t addrlen = sizeof(addr); //fill addr structure using an IPv6 address //before calling socket function bind(sockfd,(struct sockaddr *)&addr, addrlen); struct sockaddr_storage addr; socklen_t addrlen=sizeof(addr); // fill addr structure using an IPv4/IPv6 address // and fill addrlen before calling socket function bind(sockfd,(struct sockaddr *)&addr, addrlen); Socket options • To receive/send only IPv6 packets: int on = 1; if(setsockopt(s,IPPROTO_IPV6,IPV6_V6ONLY,(char *)&on,sizeof(on))==-1) perror("setsockopt IPV6_V6ONLY"); else printf("IPV6_V6ONLY set\n"); • To control the hop limit in outgoing unicast IPv6 packets. int hoplimit = 10; if ( setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, (char *) &hoplimit, sizeof(hoplimit)) == -1) perror("setsockopt IPV6_UNICAST_HOPS"); int hoplimit; socklen_t len = sizeof(hoplimit); if ( getsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, (char *)&hoplimit, &len) == -1) perror("getsockopt IPV6_UNICAST_HOPS"); else printf("Using %d for hop limit.\n", hoplimit); Dual Stack int ServSock, csock; struct sockaddr_storage addr, from; ... ServSock = socket(AF_INET6, SOCK_STREAM,PF_INET6); bind(ServSock, &addr, sizeof(addr)); do { csock = accept(ServSocket, &from,sizeof(from)); doClientStuff(csock); } while (!finished); $ netstat -nap |grep 5002 tcp6 0 0 :::5002 :::* LISTEN 3720/a.out Separated Stack ADDRINFO AI0, AI1; ServSock[0] = socket(AF_INET6, SOCK_STREAM, PF_INET6); ServSock[1] = socket(AF_INET, SOCK_STREAM, PF_INET); ... bind(ServSock[0], AI0->ai_addr, AI0->ai_addrlen); bind(ServSock[1], AI1->ai_addr, AI1->ai_addrlen); ... select(2, &SockSet, 0, 0, 0); if (FD_ISSET(ServSocket[0], &SockSet)) { // IPv6 connection csock = accept(ServSocket[0], (LPSOCKADDR)&From,FromLen); ... } if (FD_ISSET(ServSocket[1], &SockSet)) { // IPv4 connection csock = accept(ServSocket[1], (LPSOCKADDR)&From, FromLen); ... } $ netstat -nap |grep 5002 tcp tcp6 0 0 0 0.0.0.0:5002 0 :::5002 0.0.0.0:* :::* LISTEN LISTEN 3720/a.out 3720/a.out Rewriting your application Functions to replace Deprecated New Htonl, htons, Inet_pton ntohl,ntohs Inet_ntop Gethostbyname(2) Getaddrinfo/freeaddrinfo Advices : • use hostname instead of addresses • Avoid hard-coded numerical addresses Useful checks $ $ $ $ grep grep grep grep sockaddr_in *c *.h in_addr *.c *.h inet_aton *.c *.h gethostbyname *.c *.h Getaddrinfo (1/3) #include <netdb.h> #include <sys/socket.h> int getaddrinfo(const char *nodename, const char *servname, const struct addrinfo *hints, struct addrinfo **res); Input nodename : a hostname or an address string. servname : either a service name or decimal port number string Hints null pointer or a pointer to an addrinfo structure filled by the caller (hints on the types of information.) struct addrinfo { int int int int ai_flags; ai_family; ai_socktype; ai_protocol; // // // // AI_PASSIVE, AI_CANONNAME, .. AF_xxx SOCK_xxx 0 or IPPROTO_xxx socklen_t ai_addrlen; // length of ai_addr char *ai_canonname; // canonical name for nodename struct sockaddr *ai_addr; // binary address struct addrinfo *ai_next; // next structure in linked list }; Getaddrinfo (2/3) ai_family: The protocol family to return (e.g. AF_INET, AF_INET6, AF_UNSPEC). When ai_family is set to AF_UNSPEC, it means the caller will accept any protocol family supported by the operating system. ai_socktype: Denotes the type of socket that is wanted: SOCK_STREAM, SOCK_DGRAM, or SOCK_RAW. When ai_socktype is zero the caller will accept any socket type. ai_protocol: Indicates which transport protocol is desired, IPPROTO_UDP or IPPROTO_TCP. If ai_protocol is zero the caller will accept any protocol. ai_flags shall be set to zero or be the bitwise-inclusive OR of one or more of the values: AI_PASSIVE, AI_CANONNAME, AI_NUMERICHOST, AI_NUMERICSERV , AI_V4MAPPED, AI_ALL, AI_ADDRCONFIG Getaddrinfo (3/3) Output struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME, .. */ int ai_family; /* AF_xxx */ int ai_socktype; /* SOCK_xxx */ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ socklen_t ai_addrlen; /* length of ai_addr */ char *ai_canonname; /* canonical name for nodename */ struct sockaddr *ai_addr; /* binary address */ struct addrinfo *ai_next; /* next structure in linked list */ }; The information returned in the addrinfo structures is ready for socket calls and ready to use in the connect, sendto (for client) or bind (for server) function. ai_addr is a pointer to a socket address structure. ai_addrlen is the length of this socket address structure. ai_canonname member of the first returned structure points to the canonical name of the host (if AI_CANONNAME flag is set in hints structure). Error handling gai_strerror #include <netdb.h> char *gai_strerror(int error); The error value returned by getaddrinfo can be translated by the gai_strerror function into a human readable string. EAI_ADDRFAMILY - address family for hostname not supported: the specified network host does not have any network addresses in the requested address family. EAI_AGAIN - The name server returned a temporary failure indication. Try again later. EAI_BADFLAGS - ai_flags contains invalid flags. EAI_FAIL - unrecoverable failure in name resolution EAI_FAMILY - The requested address family is not supported at all. EAI_MEMORY - Out of memory. EAI_NODATA - The specified network host exists, but does not have any network addresses defined. EAI_NONAME - hostname or service not provided or known EAI_SERVICE - service not supported for ai_socktype EAI_SOCKTYPE - The requested socket type is not supported at all. EAI_SYSTEM - Other system error, check errno for details. Example error=getaddrinfo("www.kame.net","http",&hints,&res0); if(error) { fprintf(stderr,"error: %s\n",gai_strerror(error)); exit(1); } freeaddrinfo(res0); Getnameinfo #include <sys/socket.h> #include <netdb.h> int getnameinfo (const struct sockaddr *sa, socklen_t salen, char *host, socklen_t hostlen, char *service, socklen_t servicelen, int flags); sa (input) points to the socket address structure containing the protocol address to be converted in to a human-readable string. salen (input) is the length of this structure. host (output) points to a buffer able to contain up to hostlen (output) characters containing the host name as a null-terminated string. service (output) points to a buffer able to contain up to servicelen bytes that receives the service name as a null-terminated string. If the service's name cannot be located, the numeric form of the service address (for example, its port number) shall be returned instead of its name. flags changes the default actions of the function. Conclusion • Reengineering of the existent IP – – – – Header much simpler More addresses available Easier routing Security/authentication • will come within a few year – Need to be ready – Rewrite applications – Test interoperability IPv4-v6 IPv6 is a must so you will need sooner or later to rewrite your application and test it. David will tell you his experiences