Routing sockets, Key management sockets, broadcasts, multicast

Transferred from: http://www.cnblogs.com/biyeymyhjob/archive/2012/08/07/2626841.html

I. Routing sockets

1. Overview

Supports three types of operations in the router interface

1). The process can send the message inward through the write routing socket interface.

2). The process can read messages from the kernel on the routing socket interface, which is how the core notifies the process that an ICMP Redirect message has been received and processed.

3). The process can use the SYSCTL function to get the routing table or list all configured interfaces.

2. Data Link Socket interface address structure

Some of the messages returned on the routing socket interface include the data link socket interface address structure, which is defined in the <net/if_dl.h>

struct SOCKADDR_DL {
  uint8_t      Sdl_len;
  sa_family_t  sdl_family;   /* Af_link */
  uint16_t     sdl_index;    /* System assigned index, if > 0 */
  uint8_t      sdl_type;     /* Ift_ether, etc. from <net/if_types.h> */
  uint8_t      Sdl_nlen;     /* Name length, starting in sdl_data[0] */
  uint8_t      Sdl_alen;     /* Link-layer Address length */
  uint8_t      Sdl_slen;     /* Link-layer Selector length */
  char         sdl_data[12];/* Minimum work area, can is larger;
                                Contains i/f name and Link-layer address */
};

3.sysctl Operation

Our main point of interest for the routing socket interface is to use the SYSCTL function to check the routing table and the interface manifest, and use this function to check the routing table manifest without superuser privileges.

#include <sys/param.h>
 
#include <sys/sysctl.h>
 
int sysctl (int *name, u_int namelen, void *OLDP, size_t *oldlenp, void *newp, size_t newlen);
Return: If the success is 0, if error-1

This function uses a name similar to the SNMP (Simple Network Management Protocol) MIB (management information Base)

The parameter name is an integer array of the specified name, Namelen is the number of elements in the array. The first element of the array indicates which subsystem the request is destined to the kernel, and the second parameter indicates a part of the subsystem, and so on. To take a value, the OLDP needs to point to a buffer for the kernel to hold the value. OLDLENP is a value-result parameter: The value that OLDLENP points to when the function is called is the size of the buffer, the value returned is the amount of data that the kernel returns in the buffer, and if the buffer is not large enough, the ENOMEM error is returned. As a special case, OLDP can be a null pointer and OLDLENP is a non-null pointer, the kernel determines the amount of data that the call should return, and returns the value through OLDLENP. To set a new value, the NEWP needs to point to a buffer of size newlen, and if no new value is specified, NEWP should be a null pointer, and the Newlen should be 0

We are interested in the network subsystem, by setting the first element of the name array to Ctl_net to specify, the second element can be: af_inet: Gets or sets the variables that affect the Internet protocol. The next level specifies the specific protocol that is specified using a Ipproto_xxx constant value. Af_link: Gets or sets the link layer information, for example: the number of PPP interfaces. Af_route: Returns information for the routing table or interface manifest. Af_unspec: Gets or sets some set of interface layer variables, such as the maximum size of the set interface send or receive buffers

Now provide a simple example of sysctl, this example uses an Internet protocol to check whether the UDP checksum is turned on:

#include     "unproute.h"
#include     <netinet/udp.h>
#include     <netinet/ip_var.h>
#include     <netinet/udp_var.h>/* for Udpctl_xxx Constants

*
/int main (int argc, char **argv)
{
    int     mib[4], Val;
    size_t  Len;

    Mib[0] = ctl_net;
    MIB[1] = af_inet;
    MIB[2] = ipproto_udp;
    MIB[3] = udpctl_checksum;

    Len = sizeof (val);
    Sysctl (MIB, 4, &val, &len, NULL, 0);
    printf ("UDP checksum flag:%d\n", Val);

    Exit (0);
}

The following figure shows the information returned by the Sysctl ctl_net/af_route/net_rt_iflist command.

4. Interface name and index function

The following four functions are used to describe a decoupling scenario where there is a concept that each interface has a unique name and a unique positive index (0 is never used as an index)

#include <net/if.h>

unsigned int if_nametoindex (const char * ifname); 
Return: Positive interface index on success, 0

char * if_indextoname (unsigned int ifindex, char * ifname) on error;
 Return: Pointer to interface name on success, null

struct if_nameindex * if_nameindex (void) on error;
 Return: A non-null pointer on success, null

void If_freenameindex On error (struct if_nameindex * ptr);

If_nametoindex returns the index of the interface named IfName, If_indextoname returns a pointer to its interface name for the given IfIndex, and the ifname parameter points to a buffer that is defined in the Ifnamsiz header file. The caller must allocate this buffer to save the result, which is also the return value of the function when successful, and If_nameindex returns a pointer to an array of if_nameindex structures

ii. Key Management sockets

1. The only socket supported is the original socket

The 2.IPSec security Association,sa provides a security service for teaming, which describes the source and destination addresses (plus optional transport protocols and ports), mechanisms (authentication), and the combination of key footage. More than one SA can be applied on a single packet traffic flow (for example, one for authentication and one for encryption). All the sa stored in a system constitutes a database of security concepts (SADB).

3.IPSEC also requires a security policy database (DATABASE,SPDB). Spdb describes the need for packet flow, such as packet flow between host A and Host B, which must use IPSec AH authentication.

4. Supports 3 types of operations send messages to the kernel and open Key management sockets. You can request a key from the Key management daemon to be read in from a key management socket, and you can request that a key management daemon install an SA for a new TCP session that needs to be protected by policy. Send a dump message.

5. Create a static association security parameter index combined with the destination address and the protocol used uniquely identifies an SA. Create a static association by filling out all messages and sending a SADB_ADD message. The SADB_ADD message must have 3 extensions: SA, address, and key

6. Dynamic maintenance of security associations

Send a request to a key management socket, create a key management socket, and negotiate security parameters with the remote to return the required SA.

See UNP

Third, broadcasting

1. Broadcast address

If you use {netid, SubnetID, HostID} ({network ID, subnet ID, host ID}), the IPV4 address is represented. So there are four types of broadcast addresses, and we use 1 to represent all fields with bits that are 1:

1). Subnet broadcast address: {NetID, SubnetID,-1}. This type of address orchestration specifies all interfaces on the subnet.

2). All subnet broadcast addresses: {NetID,-1,-1}. This type of broadcast address orchestration specifies all subnets on the network.

3). Webcast Address: {NetID,-1}. This type of address is used for networks that do not have subnetting.

4). Restricted broadcast address: {-1,-1,-1}. Router never forwards IP data with destination address of 255.255.255.255

2. Comparison of unicast and broadcast

Unicast IP datagrams are accepted only by a single host specified by the destination IP address, and no other hosts on the subnet are affected;

All machines that are not participating in the corresponding broadcast application on the subnet must also receive UDP broadcast datagrams along the protocol stack, up to the full process, until the packet goes through the UDP layer and is discarded.

3. Competitive status

Multiple processes access the shared data, but the correct structure relies on the execution order of the process, which we call the competitive state (race condition). Competitive state is often an important issue to be aware of in threading programming, because there is so much data in the thread that needs to be shared, such as all the whole variables.

In the process of signal processing, there are usually various types of competitive states. This is because during the execution of our program, the kernel always submits a signal.

4. Using the DG_CLI function of the broadcast

#include "unp.h" static void Recvfrom_alarm (int);
    void Dg_cli (FILE *fp, int sockfd, const SA *pservaddr, socklen_t servlen) {int n;
    const int on = 1;
    Char Sendline[maxline], recvline[maxline + 1];
    Socklen_t Len;

    struct SOCKADDR *preply_addr;

    PREPLY_ADDR = Malloc (Servlen);

    Setsockopt (SOCKFD, Sol_socket, So_broadcast, &on, sizeof (on));

    Signal (SIGALRM, recvfrom_alarm); 

        while (Fgets (Sendline, MAXLINE, fp)! = NULL) {Sendto (SOCKFD, Sendline, strlen (Sendline), 0, pservaddr, Servlen);
        Alarm (5); for (;;)
            {len = Servlen;
            n = recvfrom (SOCKFD, Recvline, MAXLINE, 0, preply_addr, &len);      if (n < 0) {if (errno = = eintr) break;
            /* Waited long enough for replies */Else Err_sys ("Recvfrom error"); } else {Recvline[n] = 0;/* NULL Terminate */printf ("FroM%s:%s ", Sock_ntop_host (Preply_addr, Len), recvline);
}}} free (PREPLY_ADDR);                     } static void Recvfrom_alarm (int signo) {return; /* Just interrupt the recvfrom () */}

Iv. Multicast

1. Multicast address

1). IPV4 multicast address and IPV6 multicast address, IPV6 multicast address

The class D addresses in IPv4 (from 224.0.0.0 to 239.255.255.255) are multicast addresses. The low 28 bits of the Class D address constitute the multicast group ID (group ID), and the entire 32-bit address is called the group address.

Here's how to map a multicast address to an Ethernet address:

The address format for the following IPv6:

2). Range of multicast addresses

The IPV6 multicast address has a 4-bit display range field that determines the range in which the multicast datagram can walk. The IPV6 group also has a skip field, which restricts the number of packets that are forwarded by the router. Here are a few of the range field values that have been assigned: