Linux Network Administrator Manual (8)

Article title: Linux Network Administrator Manual (8 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Chapter 8 point-to-Point Protocol
8.1 uncover P letters
Like SLIP, PPP is a protocol for sending data packets over a serial connection, but it improves the shortcomings of the former. It
Allow both parties to negotiate options such as IP address and maximum datagram size at the beginning of the communication, and provide the customer with authorization (permission
). For each such function, PPP has an independent protocol. Next, we will discuss briefly
Create a diagram. The discussion here is far from complete. if you want to know more about PPP, we strongly recommend that you read R
The specification of it in the FC-1548, as well as many related RFCs. [1]
The bottom layer of PPP is the High-Level Data Link Control Protocol.
For HDLC, [2] It defines the boundary of a single PPP frame and provides 16-bit check and. Compared with the very original SLI
In P packaging, a PPP frame can accommodate protocols other than IP addresses, such as Novell's IPX or Appletalk. PPP connection
This function is achieved by adding a protocol field to the basic HDLC frame. This field is used to identify the class of the packet carried by the frame.
Type.
The Link Control Protocol (LCP) is used for the upper layer of HDLC and is suitable for negotiation.
Data Link options, such as the maximum receiving Unit (MRU) that indicates the maximum datagram size that one side of the link agrees to receive ).
One important step in the configuration of PPP connections is the customer's authorization (permissions ). Although not mandatory
It is necessary. Generally, the called host (server) is required by verifying whether the customer knows a secret key value.
The customer authenticates himself. If the caller cannot provide the correct secret key value, the connection is interrupted. Use PPP, authorization is
That is, the caller can also ask the server to authenticate himself. These authentication processes are completely independent of both parties.
. There are two protocols for different authentication types, which will be further discussed below. They are named as password authentication.
Password Authentication protocol, or PAP and question Handshake Authentication (Challenge Handsha)
Ke Authentication Protocol), or CHAP.
A route uses the corresponding network control protocol (N
Etwork Control Protocol (NCP) is dynamically configured. For example, to send an IP datagram through a link
Both parties must first negotiate the IP addresses used by both parties. The control protocol used for this purpose is IPCP, that is, the Internet Protocol Control Association
(Internet Protocol Control Protocol ).
In addition to sending standard IP data packets through links, PPP also supports compressing the Van Jacson header of IP data packets. This is
The TCP header is reduced to only three bytes. It is also used for CSLIP, and is often called VJ header compression. Whether
Compression can also be determined through IPCP negotiation at the beginning.
8.2 PPP on Linux
In Linux, the PPP feature is divided into two parts: one is the low-level HDLC driver part of the kernel, and the other
One part is the pppd background program that processes various control protocols. The current version of Linux PPP is linux-pp.
P-1.0.0 that contains kernel PPP modules, pppd, and a chat program used to dial up to a remote system.
The PPP kernel driver is compiled by Michael Callahan. Pppd originated from a free ECS instance for Sun and Micron BSD
PPP implementation, which is compiled by Drew Perkins and others and maintained by Paul macerras. Is created by Al Long
Year [3] transplanted to Linux. Chat is compiled by Karl Fox. [4]
Just like SLIP, PPP is implemented through a special line procedure. To use a serial line through a PPP connection, your first
First, establish a connection through modem as usual, and then convert the line to the PPP mode. In this mode, all
The incoming data is passed to the PPP driver, which checks the validity of the input HDLC frame (each HDLC frame includes
There is a 16-bit test), and undo and distribute them. Currently, it can process IP datagram, which is optional
Compression of the Van jacbson header. To support IPX, the PPP driver will also be extended to process IPX packets.
The kernel drivers are supported by pppd and PPP background programs. the actual network communication can be performed on the link.
Before, it executes the necessary entire initialization and authentication process. Pppd behavior can be adjusted using some options. Since PPP is not
It is often complicated. it is impossible to explain everything in this chapter. Therefore, this book is not intended to cover all aspects of pppd, but
You have an introduction. For more information, see the online manual and READMEs in the original pppd release.
Most of the issues that have not been discussed in this chapter. If your problem persists after reading all the documents,
You should seek help from the news group comp. protocols. ppp, where you can access most of the developers including pppd
Several people.
8.3 run pppd
When you want to connect to the Internet through a PPP connection, you must set basic network functions, such as sending and receiving devices and parsing
. The two have been discussed in the previous chapter. For more information about using DNS on the serial link, see SLI
This is described in chapter P.
As an example of how to use pppd to establish a PPP connection, let's assume that you are at vlager again. You have already dialed P
PP server, c3po, and log on to the ppp account. C3po has started its PPP driver. When you exit
After the communication program, run the following command:
# Pppd/dev/cua3 38400 crtscts defaultroute
This will convert the serial line cua3 to the PPP mode and establish an IP connection to the c3po. The transmission speed for the serial port
Is 38400bps. The crtscts option enables the port's hardware handshake function, which is absolutely necessary for a speed higher than 9600bps
.
After pppd is started, the first thing pppd does is to use LCP to negotiate several connection features with the remote end.
The province option set will work, so we don't plan to consider this here. We will return the details in the following sections.
Discuss LCP.
At this point, we also assume that c3po does not need to obtain any authentication from our side, so the configuration phase is successfully completed.
Then, pppd uses IPCP and IP control protocol to negotiate IP parameters with its peers. Since we didn't refer to pppd
Specify any special IP address. It will try to use the parser to find the address obtained by the local host name. After that, the two will
Advertise their addresses to the other party.
Generally, these default settings have no errors. Even if your machine is on an Ethernet, you can
The PPP interface uses the same IP address. Of course, pppd allows you to use different addresses or request the recipient to use a specific
. These options will be described in later sections.
After the IPCP setup stage is passed, pppd will prepare the network layer of your host to use the PPP connection. It first configures PPP
As a point-to-point connection, network interfaces use ppp0 for the first active PPP connection, and use ppp1 for the second one in sequence.
And so on. Next, it sets a route table entry pointing to the host at the other end of the link. In the example shown above, pp
Pd will point the default network route to c3po, because we have given it the defaultroute option. [5] This makes all
The host datagram on the local network is sent to c3po. Pppd also supports several different routing schemes.
This chapter will be discussed in detail later.
8.4 use option files
Before pppd analyzes its command line parameters, it scans several files to find the default options. These files may contain
Command line parameters, which are distributed on any line. The comment statement starts.
The first option file is/etc/ppp/options, which is always scanned when pppd is started. Use it to set some global defaults
Value is a good idea because it allows you to prevent your users from doing something that threatens security. For example
You should add the auth option to the file for the peer authorization (PAP or CHAP. The user cannot overwrite this option.
So it is impossible to establish a PPP connection with any system that is not in our authorized database.
Other option files read after the/etc/ppp/options file are. ppprc in the user's home directory. It allows each
The user specifies her own default option set.
A sample/etc/ppp/options file can be like this:
# Global options for pppd running on vlager.vbrew.com
Auth # require authentication
Usehostname # use local hostname for CHAP
Lock # use UUCP-style device locking
Domain vbrew.com # our domain name
The first two of these options are used for permission authentication and will be explained below. The lock keyword makes pppd comply with the standard UU
CP device lock method. According to this convention, each process that accesses a serial device, such as/dev/cua3, in the UUCP spool object
Create a lock file named LCK .. cua3 to indicate that the device is in use. This is to avoid any other program
For example, you can use minicom or uucico to open a serial device that is in use by PPP.
In the global configuration file, these options are provided because the options shown above cannot be overwritten.
A reasonable security level. However, note that some options can be overwritten later. In this example, conn
Ect string.
8.5 use chat to dial out
One of the inconvenient things in the above example is that you must establish a connection manually before you can start pppd. Unlike dip,
Pppd does not have its own scripting language for dialing to a remote system or logging on, but depends on some external programs or sh
The ell script is used to do these tasks. You can use the connect command line option to give pppd the command to be executed. Pppd will redirect this life
Standard input and output to the serial line. For this useful program, it is compiled by Don Libes.
. It has a very powerful Tcl-based language and is specifically designed for such applications.
The pppd package contains a program also called chat, which is used to specify a UUCP-style session script. Basically,
A session script is the interactive string sequence we expect to receive from the remote system and the response words we send.
String sequence. We will call it the expected string and the sending string respectively. This is an excerpt from a typical session script
:
Ogin: b1ff ssword: s3kr3t
This tells chat to wait for the remote system to send a logon prompt and return the login name b1ff. We just waited for ogin: so
It does not matter whether the logon prompt is in upper or lower case, or whether it is correct. The following is another expected word.
It causes the chat to wait for the prompt and then send your password.
Basically, the above is what the chat script has to do. Of course, dialing