Each time you buy a device, such as a new router, a family box, is the Glory cube, Millet box, the only thing that feels like a big head is their initial configuration.
Almost all of this box has an initial IP address used to plug in the network cable login interface later configure the IP address of the box, or more advanced, it has an AP itself, and then use your phone to connect this hotspot for mobile phone configuration, looks really cool! But it's an illusion!
Mobile phone connection During this AP, the phone can not connect with other APs, or even can not 4g/3g, or say with a notebook configuration, the network cable to connect notebooks and boxes, the notebook to add a box of the initial IP address of the same network segment IP, and then access, Unless the laptop has an extra wireless card (usually, OK, that's fine!) or a dual network card, or the laptop will not be able to check the data on the Internet (configuration process encountered a problem is normal)! In the event that the IP address of the existing network node in the home conflicts with this initial IP address, ... To know that 192.168.1.1 is almost a generic initial IP, if you buy multiple at once (same model?). box, you have to do repetitive work, connect the AP, or keep plugging the network cable!
There are a lot of other inconvenience, please use the person, step over the pit of people to add ...
Therefore, in view of the above inconvenience, this equipment has always been a geek toy, for the average person, that is a nightmare. I am a convenient first person, the most annoying is the trouble, when someone asked me how to turn over the wall, my answer is not to turn over the wall, because too much trouble, I do not have Google and die, so I would rather not I do not toss what turn over the wall. For I do not buy a family box or buy to throw in that no reason, also the same, do not have to die, so I would rather not and do not want trouble!
But when I found Mikrotik at work, I changed my mind.
Mikrotik can be installed in VMware, which makes it convenient to study it. And I did put it in VMware, too. After startup, I am worried about how to configure it, Internet search, found a thing called winbox, this thing can not configure the IP address, directly through the MAC address of the Mikrotik system "connect" to the system, and then configure it IP address!!
This is actually nothing magical, who told you to establish a connection must be through the IP address of Ah! Who told you that TCP is everything! In fact, when my colleague asked me how I could be proficient in the internet yesterday, I told him that I knew everything about the Internet except TCP and that you were proficient in the Internet. In addition to the unicast IP address, we also have multicast, even if there is no multicast IP address, we also have a multicast MAC address to use! Almost all of the switches will forward multicast traffic to all ports!
And this is about multicast, that's all! Multicast is an abstract organizer, the multicast address does not need to be bound with any host, it is no entity, for Mac multicast, as long as the multicast traffic to reach the network card, it can receive, for IP multicast, as long as the machine joined a "multicast group", it can be processed. For multicast communications that do not yet have an IP address, it is obvious that you can only use Mac multicast, how to route the multicast traffic received by the network card to the application, cannot rely on the protocol stack routing, because at this time the IP layer is not pass, rely on what? Rely on packet sockets!
Of course, the above discussion is a bit simple, there is no IGMP and pruning and so on, in fact, for my needs, there is no need for those, with the LAN communication, above those enough!
With the Microtik configuration, let's explore!
Open the Winbox interface, the MAC address of the Mikrotik device and its "Mikrotik" logo appear, then you can configure it! How did this happen?! To know the IP address of this Mikrotik device at this time I have no idea! As I've expected, it's used multicast! In fact, the Mikrotik device is launched to send CDP packets to the outside group, the CDP is a Cisco agreement designed to establish a link-layer Neighbor Information exchange protocol unrelated to the network layer protocol. It can broadcast its own device information, MAC address and so on without IP address or network layer without running IP protocol, which is why Winbox can display this Mikrotik device.
A multicast packet can be sent without an IP address, as long as there are multicast port routing entries! The next question is, how do I send data to the Mikrotik device on an external device, and if I can get a listener of the Mikrotik device to receive my packet, I can let it execute any program, such as Ifconfig $lan ...
However, I was wrong, although the multicast data allows the switch to be forwarded to the Mikrotik device (this is actually the most fundamental step!). ), but since Mikrotik does not have an IP address at this time, the packet cannot be received by the protocol stack! What to do?! That's when I thought about pcap!. Pcap is a universal packet import framework, it can even import non-native traffic data into the machine, if the data reached the local network card! And about the data reached the local network card this thing, multicast and solved!
Well, that's it, there's the plan. To verify this scenario, create two virtual machines, A, B, and a NIC for each virtual machine, both of which are placed in the segment, so they belong to a link. Start two virtual machines, but do not configure any one IP address, so two virtual machines are no IP address!
Ctrl-g enters virtual machine A's terminal programming, writes the Python script, the script is very simple:
#!/usr/local/bin/pythonimport sysimport osimport timefrom time import sleep,ctimeimport signalimport Threadingfrom Scapy.all Import *flt_in = "DST 224.1.2.3 and UDP" Def signal_handler (signal, frame): Os._exit (0) class Threadwraper ( Threading. Thread): def __init__ (self,func,args,name= "): Threading. Thread.__init__ (self) self.name=name self.func=func Self.args=args def Run (self): Apply (Self.func,self.args) def recv_in (pktdata): If UDP in Pktdata and PKTDATA[UDP]: Payload = pktdata[udp].payload Print str (payload) # Todo too much! Before executing the configuration command, at least verify ... # Execute the command that the received string represents! Os.system (str (payload)) # Well, just get out of it, or else you can throw a bag around? Fortunately, the above can add some validation. Os._exit (0) def recv_packet_in (): Sniff (iface = "Eth1", PRN = recv_in, store = 0, filter = flt_in) if __name__ = = ' __m Ain__ ': signal.signal (signal. SIGINT, signal_handler) In_thread = Threadwraper (recv_packet_in, (), recv_packet_in.__name__) In_thread.setdaemon (T Rue) In_thread.start () Signal.pause ()
This is a package and execute the command of the program, I named exec.py, then also need a command to send the program, as follows:
#include <stdio.h> #include <string.h> #include <sys/socket.h> #include < Netinet/in.h>int Main () { int sd; struct sockaddr_in addr_to_config; Char *buf = "ifconfig eth0 1.1.1.8/10"; memset (&addr_to_config, 0, sizeof (addr_to_config)); addr_to_config.sin_family = af_inet; ADDR_TO_CONFIG.SIN_ADDR.S_ADDR = inet_addr ("224.1.2.3"); Addr_to_config.sin_port = htons (1111); SD = socket (af_inet, SOCK_DGRAM, 0); if (SD < 0) { return 0; } if (sendto (SD, BUF, strlen (BUF), 0, (struct sockaddr*) &addr_to_config, sizeof (addr_to_config)) < 0) { return 0; } return 1;}
Compiled into CONFIG.
This program is actually very simple, just send a multicast data, it runs on virtual machine B. It sends the payload that exec.py executes. The entire process does not involve an IP address. exec.py run on the box to be configured, that is, virtual machine A, and config is running on the same network segment of the device, that is, virtual machine B, the execution of Conf will send multicast, send a string to the multicast address, such as sending "Ifconfig eth1 1.1.1.8/10", So, wait exec.py, Roger.
will be executed, and eventually the IP address of the eth1 of the exec.py machine will be configured to 1.1.1.8/10 the problem is, if I buy 10 boxes, how do I tell which box the data I send will arrive? At this time, think of the CDP, the box first put its own information, including the identification serial number, including the MAC address group broadcast, and then similar to the Winbox program to receive multicast messages, users follow this type of information to configure the specific box!
This completes the automatic configuration of all:
0. Connect the box to the same network as the configuration machine;
1. The box launches, the multicast own identification information;
2. Run the conf.py program with the box connected to a configuration host within a network select the boxes that need to be configured based on the multicast identification information received;
3. Fill in the configuration information to conf.py, and then use multicast to send it to the box selected in the 2nd step;
4. If you feel insecure enough, then you can use the SSL protocol, do not assume that SSL is running on top of TCP, it can also run with memory, such as bio_mem!
...
In the future no longer need to connect the fixed IP address of the box, in another way, we change a way, before the box has its own IP, completely through the multicast communication, through multicast to configure the IP address! No longer need to plug and unplug the network cable and connect the AP!
However, this is a vision for the IPv4, for IPv6, this is a natural thing, because IPV6 naturally has the function of automatic configuration.
Automatic configuration of Home routers and boxes based on Cisco CDP protocol
