Download dm_ipv6_lana

Research and
developments
Introduction
to IPv6
Lana Abadie, Februar 5th 2008
Outline
• Network
– OSI model
– IPv4
– IPv6
• Programming
–
–
–
–
Dual/separated architecture
IPv6 API
Porting application to IPv6
Getaddrinfo
Network
IP in the OSI model
Application : telnet
Application
Presentation
Presentation
Session
Session
Transport : TCP
Transport
Network : IP
Network
Data Link :
Ethernet
Data
Physical
Physical
IPv4 stack
Protocol
• Since 1973
• Unreliable : best effort service
• 32-bit addresses : 2^32 = 4.294.967.296
Header
Version
IHL
TOS
Identification
TTL
Protocol
Length
Fragment
flags
offset
checksum
Source address (32 bits)
destination address (32 bits)
Options
padding
IHL : Internet Header
length
TOS: type of service
TTL : time to live
IPv4 : problems
• Exhaustion of addresses : around 2011
• Unequal geographical distribution (>50% USA)
• New technologies and features (mobile computing,
multicast, etc.)
• Routing too complicated
Move to IPv6
IPv6
Main objectives :
•
•
•
•
Increase address space
Reduce routing complexity
Best security
Coexist pacefully with the IPv4
Protocol
• IETF Standard since 1996
• 128 bit addresses (3.4x1038)
• Header simplification
IPv6 Header
Which IP
version : v4
or v6?
Flow control : useful
when congestion
Identify the flow : all the
packets within the same
context have the same
flow number
Traffic
class
Payload Length
Version
Flow label
Next
Hop -limit
header
Source address (32 bits)
destination address (32 bits)
IPv6 : what’s new
• Notation :
– 8000:0000:0000:0000:0123:4567:89AB:CDEF becomes
8000::::123:4567:89AB:CDEF
– IPv4 @ :::192.31.254.46
– Not case-sensitive
• No need to fragment : error if the packet is too big
• No error checksum : gain time + done on the data link and transport layer
• Geographical addresses:
subnet prefix : 64 bits
3
5 bits
010
registryID
n bits
56-n bits
ProviderID SubscriberID
Facilitate a broad geographic
address allocation
64 bits
IntraSubscriber
Extension headers (new)
• New method to implement options
• After the IPv6 header
• Each item is coded as (Type, Length, Variable) :
–
–
–
–
–
–
Hop-by-Hop options (00) : options for the routers
Destination options
Routing (43) : like in IPv4 (list of routers to visit, etc)
Fragment (only the source host can fragment packets)
Authentication (51)
Encapsulation security Payload (only the host can open
the IP packet)
Type of addresses
3 types of addresses in IPv6:
• Unicast : node addresses : 1-1 communication
• Multicast : group of nodes addresses (replaces broadcast)
• Anycast : services addresses (receives by a set of nodes)
Destination scopes :
• Link-local : all the hosts located on the same link
• Site-local : all the hosts part of the same site
• Global : address used to communicate with the outside world
A NIC can be associated with different addresses : e.g
root# ip address list eth1
3: eth0: <broadcast, multicast, up mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:0c:29:c2:52:ff brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fec2:52ff/10 scope link
inet6 3ffe:1200:4260:f:20c:29ff:fec2:52ff/64 scope global
Stateless autoconfiguration
• New in IPv6 : No manual intervention, apart from the DNS
• No need to use DHCP
Obtain a link-local address (system builds it):
1. generation of a 64-bit local identifier based on the MAC : e.g.
20c:29ff:fec2:52ff
2. verification of the uniqueness of the tentative address
a. the host sends a ICMP packet with source = :: (undefined) and
destination = fe80:: 20c:29ff:fec2:52ff
b. If a node replies, means address already used, if not address is
unique
3. if address unique, fe80:: 20c:29ff:fec2:52ff is assigned to the NIC, if
not, a manual operation is required
Obtain a global address
• Usually prepend the subnet prefix to the Interface ID
• Verification of the uniqueness address
Programming
IPv6 & programmers
• Need to port applications as IPv6 is coming soon
• Need to ensure pacific coexistence between IPv4-v6 : period
of transition
• Choice of architecture : dual or separated stack:
IPv6 API
IETF standardized two sets of extensions: RFC 3493 and RFC
3542.
• RFC 3493 Basic Socket Interface Extensions for IPv6:
– Core socket functions
– Address data structures
– Name-to-Address translation functions
– Address conversion functions
• RFC 3542 Advanced Sockets Application Program Interface
(API) for IPv6
– IPv6 header
– extension headers
– extend the capability of IPv6 raw socket
Main changes
New family address
IPv4
socket(PF_INET,SOCK_STREAM,0); /* TCP socket */
socket(PF_INET,SOCK_DGRAM,0); /* UDP socket */
IPv6
#define
#define
AF_INET6
PF_INET6
10
AF_INET6
socket(PF_INET6,SOCK_STREAM,0); /* TCP socket */
socket(PF_INET6,SOCK_DGRAM,0); /* UDP socket */
New structures
IPv4
struct sockaddr_in
struct sockaddr
IPv6
struct sockaddr_in6
IPv4/v6
struct sockaddr_storage
Examples
IPv4
IPv6:
IPv4 /IPv6:
struct sockaddr_in addr;
socklen_t addrlen = sizeof(addr);
// fill addr structure using an IPv4 address
// before calling socket funtion
bind(sockfd,(struct sockaddr *)&addr, addrlen);
struct sockaddr_in6 addr;
socklen_t addrlen = sizeof(addr);
//fill addr structure using an IPv6 address
//before calling socket function
bind(sockfd,(struct sockaddr *)&addr, addrlen);
struct sockaddr_storage addr;
socklen_t addrlen=sizeof(addr);
// fill addr structure using an IPv4/IPv6 address
// and fill addrlen before calling socket function
bind(sockfd,(struct sockaddr *)&addr, addrlen);
Socket options
• To receive/send only IPv6 packets:
int on = 1;
if(setsockopt(s,IPPROTO_IPV6,IPV6_V6ONLY,(char *)&on,sizeof(on))==-1)
perror("setsockopt IPV6_V6ONLY");
else
printf("IPV6_V6ONLY set\n");
• To control the hop limit in outgoing unicast IPv6 packets.
int hoplimit = 10;
if (
setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
(char *) &hoplimit, sizeof(hoplimit))
== -1) perror("setsockopt IPV6_UNICAST_HOPS");
int hoplimit;
socklen_t len = sizeof(hoplimit);
if (
getsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, (char *)&hoplimit, &len)
== -1) perror("getsockopt IPV6_UNICAST_HOPS");
else
printf("Using %d for hop limit.\n", hoplimit);
Dual Stack
int ServSock, csock;
struct sockaddr_storage addr, from;
...
ServSock = socket(AF_INET6, SOCK_STREAM,PF_INET6);
bind(ServSock, &addr, sizeof(addr));
do {
csock = accept(ServSocket, &from,sizeof(from));
doClientStuff(csock);
} while (!finished);
$ netstat -nap |grep 5002
tcp6
0
0 :::5002
:::*
LISTEN
3720/a.out
Separated Stack
ADDRINFO AI0, AI1;
ServSock[0] = socket(AF_INET6, SOCK_STREAM, PF_INET6);
ServSock[1] = socket(AF_INET, SOCK_STREAM, PF_INET);
...
bind(ServSock[0], AI0->ai_addr, AI0->ai_addrlen);
bind(ServSock[1], AI1->ai_addr, AI1->ai_addrlen);
...
select(2, &SockSet, 0, 0, 0);
if (FD_ISSET(ServSocket[0], &SockSet)) {
// IPv6 connection
csock = accept(ServSocket[0], (LPSOCKADDR)&From,FromLen);
...
}
if (FD_ISSET(ServSocket[1], &SockSet)) {
// IPv4 connection
csock = accept(ServSocket[1], (LPSOCKADDR)&From, FromLen);
...
}
$ netstat -nap |grep 5002
tcp
tcp6
0
0
0 0.0.0.0:5002
0 :::5002
0.0.0.0:*
:::*
LISTEN
LISTEN
3720/a.out
3720/a.out
Rewriting your application
Functions to replace
Deprecated
New
Htonl, htons,
Inet_pton
ntohl,ntohs
Inet_ntop
Gethostbyname(2)
Getaddrinfo/freeaddrinfo
Advices :
• use hostname instead of addresses
• Avoid hard-coded numerical addresses
Useful checks
$
$
$
$
grep
grep
grep
grep
sockaddr_in *c *.h
in_addr *.c *.h
inet_aton *.c *.h
gethostbyname *.c *.h
Getaddrinfo (1/3)
#include <netdb.h>
#include <sys/socket.h>
int getaddrinfo(const char *nodename, const char *servname,
const struct addrinfo *hints, struct addrinfo **res);
Input
nodename
: a hostname or an address string.
servname : either a service name or decimal port number
string
Hints null pointer or a pointer to an addrinfo structure
filled by the caller (hints on the types of information.)
struct addrinfo {
int
int
int
int
ai_flags;
ai_family;
ai_socktype;
ai_protocol;
//
//
//
//
AI_PASSIVE, AI_CANONNAME, ..
AF_xxx
SOCK_xxx
0 or IPPROTO_xxx
socklen_t ai_addrlen;
// length of ai_addr
char
*ai_canonname; // canonical name for nodename
struct sockaddr *ai_addr; // binary address
struct addrinfo *ai_next; // next structure in linked list
};
Getaddrinfo (2/3)
ai_family: The protocol family to return (e.g. AF_INET, AF_INET6,
AF_UNSPEC). When ai_family is set to AF_UNSPEC, it means the
caller will accept any protocol family supported by the operating system.
ai_socktype: Denotes the type of socket that is wanted:
SOCK_STREAM, SOCK_DGRAM, or SOCK_RAW. When ai_socktype
is zero the caller will accept any socket type.
ai_protocol: Indicates which transport protocol is desired,
IPPROTO_UDP or IPPROTO_TCP. If ai_protocol is zero the caller will
accept any protocol.
ai_flags shall be set to zero or be the bitwise-inclusive OR of one or
more of the values:
AI_PASSIVE, AI_CANONNAME, AI_NUMERICHOST,
AI_NUMERICSERV , AI_V4MAPPED, AI_ALL, AI_ADDRCONFIG
Getaddrinfo (3/3)
Output
struct addrinfo {
int
ai_flags;
/* AI_PASSIVE, AI_CANONNAME, .. */
int
ai_family;
/* AF_xxx */
int
ai_socktype; /* SOCK_xxx */
int
ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
socklen_t ai_addrlen;
/* length of ai_addr */
char
*ai_canonname; /* canonical name for nodename */
struct sockaddr *ai_addr; /* binary address */
struct addrinfo *ai_next; /* next structure in linked list */
};
The information returned in the addrinfo structures is ready for socket calls and
ready to use in the connect, sendto (for client) or bind (for server) function.
ai_addr is a pointer to a socket address structure.
ai_addrlen is the length of this socket address structure.
ai_canonname member of the first returned structure points to the canonical
name of the host (if AI_CANONNAME flag is set in hints structure).
Error handling gai_strerror
#include <netdb.h>
char *gai_strerror(int error);
The error value returned by getaddrinfo can be translated by the gai_strerror
function into a human readable string.
EAI_ADDRFAMILY - address family for hostname not supported: the
specified network host does not have any network
addresses in the requested address family.
EAI_AGAIN
- The name server returned a temporary failure
indication. Try again later.
EAI_BADFLAGS
- ai_flags contains invalid flags.
EAI_FAIL
- unrecoverable failure in name resolution
EAI_FAMILY
- The requested address family is not supported
at all.
EAI_MEMORY
- Out of memory.
EAI_NODATA
- The specified network host exists, but does not
have any network addresses defined.
EAI_NONAME
- hostname or service not provided or known
EAI_SERVICE
- service not supported for ai_socktype
EAI_SOCKTYPE
- The requested socket type is not supported at
all.
EAI_SYSTEM
- Other system error, check errno for details.
Example
error=getaddrinfo("www.kame.net","http",&hints,&res0);
if(error) {
fprintf(stderr,"error: %s\n",gai_strerror(error));
exit(1);
}
freeaddrinfo(res0);
Getnameinfo
#include <sys/socket.h>
#include <netdb.h>
int getnameinfo (const struct sockaddr *sa, socklen_t salen,
char *host, socklen_t hostlen,
char *service, socklen_t servicelen,
int flags);
sa (input) points to the socket address structure containing the protocol
address to be converted in to a human-readable string. salen (input) is
the length of this structure.
host (output) points to a buffer able to contain up to hostlen (output)
characters containing the host name as a null-terminated string.
service (output) points to a buffer able to contain up to servicelen bytes
that receives the service name as a null-terminated string. If the service's
name cannot be located, the numeric form of the service address (for
example, its port number) shall be returned instead of its name.
flags changes the default actions of the function.
Conclusion
• Reengineering of the existent IP
–
–
–
–
Header much simpler
More addresses available
Easier routing
Security/authentication
• will come within a few year
– Need to be ready
– Rewrite applications
– Test interoperability IPv4-v6
IPv6 is a must so you will need sooner or later to rewrite
your application and test it.
David will tell you his experiences