UNP summary Chapter 18 ~ 21 route socket, key management socket, broadcast, Multicast

 

I. routing socket

1. Overview

Three types of operations are supported in the router interface.

1) The process can send messages to the kernel through the write router interface.

2). The process can read messages from the kernel on the router interface. This is the way in which the core notification process has received and processed an ICMP redirection message.

3) The process can use the sysctl function to obtain the route table or list all configured interfaces.

 

2. Data link set interface address Structure

Some messages returned from the router set interface contain the data link set interface address structure, which is defined in <net/if_dl.h>

struct sockaddr_dl {  uint8_t      sdl_len;  sa_family_t  sdl_family;   /* AF_LINK */  uint16_t     sdl_index;    /* system assigned index, if > 0 */  uint8_t      sdl_type;     /* IFT_ETHER, etc. from <net/if_types.h> */  uint8_t      sdl_nlen;     /* name length, starting in sdl_data[0] */  uint8_t      sdl_alen;     /* link-layer address length */  uint8_t      sdl_slen;     /* link-layer selector length */  char         sdl_data[12]; /* minimum work area, can be larger;                                contains i/f name and link-layer address */};

 

3. sysctl operations

The main interest of the router set interface is to use the sysctl function to check the route table and interface list. Using this function to check the route table list does not require the superuser permission.

# Include <sys/param. h> # include <sys/sysctl. h> int sysctl (int * name, u_int namelen, void * oldp, size_t * oldlenp, void * newp, size_t newlen); // return: If success is 0, if error-1

This function uses a name similar to SNMP (Simple Network Management Protocol) MIB (Management Information Library ).

The parameter name is an integer array with the specified name, And the namelen is the number of elements in the array. The first element of the array specifies the subsystem to which the request is sent to the kernel, the second parameter specifies a part of the subsystem, and so on. To obtain a value, oldp must point to a buffer to store the value in the kernel. Oldlenp is a value-result parameter: When a function is called, oldlenp points to the buffer size. The returned value is the data volume returned by the kernel in the buffer. If the buffer is not large enough, the ENOMEM error is returned. As a special case, oldp can be a null pointer while oldlenp is a non-null pointer. The kernel determines the data volume that this call should have returned and returns this value through oldlenp. To set a new value, newp points to a buffer with the size of newlen. If no new value is specified, newp should be a null pointer and newlen should be 0.

We are interested in the network subsystem, which is specified by setting the first element of the name array to CTL_NET. The second element can be:

• AF_INET: gets or sets variables that affect the Internet protocol. The next level is the specific Protocol specified using a certain IPPROTO_XXX constant value.
• AF_LINK: gets or sets link layer information, for example, the number of PPP interfaces.
• AF_ROUTE: returns information about the route table or interface list.
• AF_UNSPEC: gets or sets some set interface layer variables, such as the maximum size of the buffer zone for sending or receiving requests from the set interface.

A simple example of sysctl is provided. This example uses the Internet Protocol to check whether the UDP checksum is Enabled:

#include     "unproute.h"#include     <netinet/udp.h>#include     <netinet/ip_var.h>#include     <netinet/udp_var.h> /* for UDPCTL_xxx constants */intmain(int argc, char **argv){    int     mib[4], val;    size_t  len;    mib[0] = CTL_NET;    mib[1] = AF_INET;    mib[2] = IPPROTO_UDP;    mib[3] = UDPCTL_CHECKSUM;    len = sizeof(val);    Sysctl(mib, 4, &val, &len, NULL, 0);    printf("udp checksum flag: %d\n", val);    exit(0) ;}

Returns the information returned by the CTL_NET/AF_ROUTE/NET_RT_IFLIST command of sysctl.

4. Interface Name and index function

The following four functions are used to describe a decoupling scenario. There is a concept that each interface has a unique name and a unique positive index (0 is never indexed)

# Include <net/if. h> unsigned int if_nametoindex (const char * ifname); // return: The interface index is positive when the request is successful, and the error value is 0 char * if_indextoname (unsigned int ifindex, char * ifname ); // return: a pointer to the interface name upon success and a NULLstruct if_nameindex * if_nameindex (void) Upon error; // return: A non-null pointer upon success, when an error occurs, NULLvoid if_freenameindex (struct if_nameindex * ptr );

If_nametoindex returns the index of the interface named ifname. if_indextoname returns a pointer to the given ifindex interface name. The ifname parameter points to a buffer file defined in the IFNAMSIZ header file, the caller must allocate this buffer to save the result. When the result is successful, this pointer is also the return value of the function. if_nameindex returns an array pointer to the if_nameindex structure.

 

 

 

II. Key Management socket

1. The only supported socket is the original socket

2. IPSec provides security services for groups based on security association (SA). It describes the source address and Destination Address (with optional transport protocols and ports), and the Mechanism (authentication) and a combination of key material. More than one SA can be applied to a single group of traffic streams (for example, one SA is used for seriousness and the other is used for encryption ). All the SA stored in a system constitute a security concept database (SADB ).

3. IPSec also requires A security policy database (SPDB). SPDB to describe the requirements for group circulation. For example, IPsec AH authentication is required for group circulation between host A and host B.

4. Three types of operations are supported.

• Send messages to the kernel and open key management socket. You can request keys from the key management daemon.
• You can read data from the key management socket and request a key management daemon to install a SA for a New TCP session protected by the policy.
• Send a dump message.

5. Create a static Association

• The security parameter index uniquely identifies a SA Based on the destination address and the protocol used.
• Create a static association by filling in all the messages and sending the SADB_ADD message.
• The SADB_ADD message must have three extensions: SA, address, and key.

6. dynamically maintain security associations

Send a request to the key management socket, create a SA for the key management socket, negotiate security parameters with the remote end, and return the required SA.

For details, see UNP.

 

 

 

 

3. Broadcast

1. broadcast address

If {netid, subnetid, hostid} ({network ID, subnet ID, host ID}) is used to represent an IPv4 address. There are four types of broadcast addresses. We use-1 to indicate that all bits are 1 fields:

1). subnet broadcast address: {netid, subnetid,-1 }. This type of address orchestration refers to all interfaces on the subnetwork.

2). All subnet broadcast addresses: {netid,-1,-1 }. This type of broadcast address orchestration specifies all subnets on the network.

3). network broadcast address: {netid,-1 }. This type of address is used for networks without subnet division.

4). Restricted broadcast address: {-1,-1,-1 }. The router never forwards IP data whose destination address is 255.255.255.255.

 

2. Comparison between unicast and broadcast

Unicast IP datagram is only accepted by a single host specified by the destination IP address, and other hosts on the subnet are not affected;

All the organic resources on the subnet that do not participate in the corresponding broadcast application must also process the UDP broadcast datagram along the protocol stack all the way up until the packet is discarded when it passes through the UDP layer.

 

3. Competitive

Multiple processes access Shared data, but the correct structure depends on the execution sequence of processes. In this case, we call it race condition ). Competition is usually an important issue in thread programming, because there is a lot of data to be shared in the thread, such as all the full-process variables.

Various types of competition usually occur during signal processing. This is because the kernel sends signals at any time during our program execution.

 

4. Use the broadcast dg_cli Function

#include      "unp.h"static void recvfrom_alarm(int);voiddg_cli(FILE *fp, int sockfd, const SA *pservaddr, socklen_t servlen){    int     n;    const int on = 1;    char    sendline[MAXLINE], recvline[MAXLINE + 1];    socklen_t len;    struct sockaddr *preply_addr;    preply_addr = Malloc(servlen);    Setsockopt(sockfd, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on));    Signal(SIGALRM, recvfrom_alarm);    while (Fgets(sendline, MAXLINE, fp) != NULL) {        Sendto(sockfd, sendline, strlen(sendline), 0, pservaddr, servlen);        alarm(5);        for ( ; ; ) {            len = servlen;            n = recvfrom(sockfd, recvline, MAXLINE, 0, preply_addr, &len);            if (n < 0) {                if (errno == EINTR)                    break;      /* waited long enough for replies */                else                   err_sys("recvfrom error");            } else {                recvline[n] = 0; /* null terminate */                printf("from %s: %s",                       Sock_ntop_host(preply_addr, len), recvline);            }        }    }    free(preply_addr);}static voidrecvfrom_alarm(int signo){    return;                     /* just interrupt the recvfrom() */}

 

 

 

Iv. Multicasting

1. multicast address

1). IPv4 multicast address, IPv6 multicast address, and IPv6 multicast address

Class D addresses in IPv4 (from 224.0.0.0 to 239.255.255.255) are multicast addresses. The low 28 bits of class D address constitute the multicast group ID, and the whole 32-bit address is called the group address ).

The method for ing multicast addresses to Ethernet addresses is as follows:

The following IPv6 address format:

2). multicast address range

An IPv6 multicast address has a four-digit display range field, which determines the range in which multicast data packets can be moved. An IPv6 group also has a hop restriction field that limits the number of times the group is forwarded by the router. The following are the field values in the allocated range:

• 1: node-local)
• 2: link-local)
• 3: the local network is the site-local)
• 8: The local organization is the local organization (orgainization-local)
• 14: global)

Other values are not assigned or are retained. The local datagram of a node is not allowed to be output from the interface. The local datagram of a link cannot be forwarded by a router. The definition of a network or organization is determined by the multicast router administrator of the network or organization.

 

2. multicast socket options

The following lists some of the multicast socket options.

 

3. mcast_jion and related functions

The following functions can hide the messy code caused by too many differences between IPv4 and IPv6 versions:

# Include "unp. h "int mcast_join (int sockfd, const struct sockaddr * sa, socklen_t salen, const char * ifname, u_int ifindex); // return value: 0 if the value is successful, -1int mcast_leave (int sockfd, const struct sockaddr * sa, socklen_t salen) in case of an error; // return: 0 in case of success,-1int mcast_set_if (int sockfd, const char * ifname, u_int ifindex); // return: 0 upon success,-1int mcast_set_loop upon error (int sockfd, int flag upon success); // return: 0 upon success, -1int mcast_set_ttl (int sockfd, int ttl) in case of an error; // return value: 0 in case of success and-1int mcast_get_if (int sockfd) in case of an error; // return: non-negative interface index upon success,-1int mcast_get_loop (int sockfd) When an error occurs; // return: The current feedback flag when the result is successful, and-1int mcast_get_ttl (int sockfd) when the error occurs ); // return: The current TTL or hop limit is returned when the request succeeds, and the error value is-1.

• The mcast_join function is added to a multicast group. The IP address of this group is in the Set interface address structure directed by addr. Its length is specified by salen.
• Mcast_leave leaves a multicast group. The IP address of this group is in the interface address structure directed by addr.
• Mcast_set_if sets the default Interface index for outbound multicast data packets. If the ifname is not empty, the interface name is specified. Otherwise, if the ifindex is greater than 0, the interface index is specified.
• Mcast_set_loop: Set the feedback option to 1 or 0.
• Mcast_set_ttl sets the TTL of IPv4 or the hop limit of IPv6.

 

4. Summary of differences between unicast, broadcast, and Multicast(From http://www.cnblogs.com/Ewin/archive/2008/11/25/1340752.html)

1. unicast:
One-to-one communication mode between hosts. vswitches and vrouters in the network only forward data and do not copy the data. If 10 clients need the same data, the server needs to transmit the data one by one and repeat the same work for 10 times. However, because it can respond to each customer in a timely manner, the current web browsing mode is all single-play, specifically IP Unicast protocol. Vrouters and vswitches in the network select a transmission path based on the target address, and transmit the IP Unicast data to the specified destination.
Advantages of unicast:
1) the server responds to client requests in a timely manner
2) The server can easily implement personalized services by sending inaccessible data for requests from each customer.

Disadvantages of unicast:
1) the server sends data streams to each client. The server traffic is equal to the number of clients × client traffic. The server is overwhelmed in streaming media applications with a large number of customers and high traffic per client.
2) the existing network bandwidth is a pyramid structure, and the inter-city backbone bandwidth is only equivalent to 5% of the total bandwidth of all its users. If all the unicast protocols are used, the network trunk will be overwhelmed. Now P2P applications have congested the trunk. It is almost impossible to expand the trunk by 20 times.

2. Broadcast:
One-to-all communication modes between hosts. The network copies and forwards signals from each host unconditionally, and all hosts can receive all information (whether required or not ), because it does not need to select a path, its network cost can be very low. A cable TV network is a typical broadcast network. Our TV actually receives signals from all channels, but only restores signals from one channel to a screen. Broadcast is allowed in the data network,It is restricted within the LAN of A L2 Switch.,Prohibit broadcast data from passing through the vro to prevent broadcast data from affecting hosts in a large area..
Broadcast advantages:
1) simple network equipment, simple maintenance, and low network deployment cost
2) because the server does not need to send data to each client separately, the server traffic load is extremely low.

Disadvantages of broadcast:
1) unable to provide personalized services in a timely manner based on the requirements and time of each customer.
2) The network allows the server to provide data with limited bandwidth. The maximum bandwidth of the client = the total bandwidth of the service. For example, the cable TV client line supports 100 channels (IF digital compression technology is used, 500 channels can be provided theoretically ), even if the service provider has more financial resources to configure more sending devices and change them to the fiber trunk, the limit cannot be exceeded. That is to say, it is impossible to provide more diversified and personalized services to many customers.
3) broadcast is prohibited from being transmitted over the Internet.

3. Multicast:
One-to-one communication mode between hosts, that is, hosts added to the same group can accept all data in this group, vswitches and vrouters in the network only copy and forward the required data to the demanders. A host can send a request to a vro to join or exit a group. The vro and vswitch in the network can copy and transmit data, that is, only the data in the group is transmitted to those hosts in the group. This wayData can be transmitted to multiple hosts that need to be added to the group at a time, and other communications between hosts that do not need to be added to the group are not affected..
Advantages of Multicast:
1) clients with the same data stream need to join the same group to share a data stream, saving the server load. It has the advantages of broadcast.
2) because the multicast protocol replicates and forwards data streams based on the receiver's needs, the total bandwidth of the server is not limited by the bandwidth of the client access end. The IP protocol supports over 0.2 billion multicast packets, so it provides a wide range of services.
3) this protocol and unicast protocol allow transmission over the Internet broadband network.

Disadvantages of Multicast:
1) Compared with the unicast protocol, there is no error correction mechanism and it is difficult to make up for packet loss errors, but it can be compensated through a certain Fault Tolerance Mechanism and QOS.
2) Although the current network supports multicast transmission, it still needs to be improved in terms of customer authentication and QOS. These shortcomings have mature solutions theoretically, it only needs to be gradually applied to existing networks.