ࡱ> (M( D/ 0|DTimesNew Romantt| 0DHelveticaRomantt| 0 DCourieraRomantt| 00DTimes New Romantt| 0@DArialNew Romantt| 0@ .  @n?" dd@  @@`` phx   /9 0AA @e})ʚ;2Nʚ;g4FdFd  0ppp@ <4!d!d@k 0tX<4dddd@k 0tX <4dddd@l 0th___PPT2001D<4X0___PPT10 2___PPT9/ 0? %FIPv6 for Developers<@Ken Renard WareOnEarth Communications A&> Presentation Agenda]Socket API extensions Name Service API changes Tools and Recommendations Miscellaneous Topics$^]Programming with IPv6wThis presentation geared towards C programming Java programmers can go to sleep Java API is already IP version agnostic&P(P(Programming with IPv60Most applications will require minimal changes to support IPv6 Change the socket, name-service, and UI Network-intensive applications will require a bit more IDS, firewall, network/security analysis tools Security tools that use addresses in protocol L?(7^?(7^A Few Notes about Java and IPv6Class InetAddress will handle IPv4 & IPv6 addrs Methods that support IPv6 features isLinkLocalAddress() Methods that are version-agnostic toString(), getByAddress(), getAllByName(), etc Inet4Address and Inet6Address are subclasses Socket calls all use InetAddress Unless you are doing something specific to IPv4, not porting is necessary for Java code Underlying OS must support IPv6&0Z#ZZ"Z0Z-ZyZ Z #"+            X     #%  J xSocket API ExtensionsBasic socket() system call is unchanged Just a new protocol family for IPv6 s = socket(AF_INET, SOCK_DGRAM, 0); [IPv4] s = socket(AF_INET6, SOCK_DGRAM, 0); [IPv6] IPv4-only sockets continue to work as they always have System calls that bind or receive address to/from IPv6 sockets must use IPv6 socket addresses bind(), connect(), sendmsg(), sendto() accept(), recvfrom(), recvmsg(), getpeername(), getsockname()($We#$&e  tJ    IPv6 Address Structurestruct in6_addr versus struct in_addr Usually defined in /usr/include/netinet/in.h Often see int or uint to carry IPv4 addresses Makes IP address variables harder to find in code&Z[Z2Z 2 J struct in6_addrA few useful constants and macros () const struct in6_addr in6addr_any; /* :: */ INADDR_ANY is v4 equivalent const struct in6_addr in6addr_loopback; /* ::1 */ INADDR_LOOPBACK is v4 equivalent #define INET6_ADDRSTRLEN 46 Longest string representation of IPv6 address IN6_IS_ADDR_UNSPECIFIED(a) IN6_IS_ADDR_LOOPBACK(a) IN6_IS_ADDR_MULTICAST(a) IN6_IS_ADDR_LINKLOCAL(a) IN6_IS_ADDR_SITELOCAL(a) IN6_IS_ADDR_V4_MAPPED(a) IN6_IS_ADDR_V4_COMPAT(a) IN6_ARE_ADDR_EQUAL(a,b) Multicast scope macrosd3Z-ZZ2Z!ZZ.ZZ"          -                                      t$ 8VIPv6 Socket AddressesZNew socket address structure defined for IPv6 Usually defined in /usr/include/netinet/in.h@.-.,B  IPv6 Socket AddressesMost system calls that pass in or receive socket addresses use a generic (struct sockaddr *) Cast your specific type of sockaddr_* to a sockaddr before passing in/out Generic struct sockaddr is not large enough to hold IPv6 socket address Define new generic sockaddr_storage which has enough space to hold largest sockaddr system supports Has ss_family member that overlaps sin_family & sin6_family Usually defined in /usr/include/sys/socket.h.]ZZiZI DA   J C0 J &IPv6 Socket Addresses sockaddr_storage&'    IPv6 and IPv4 InteroperabilityAn IPv6 socket can talk to and accept IPv4 connections Assuming dual-stacks active To connect to an IPv4 address via an IPv6 socket Use IPv4-Mapped address (e.g. ::FFFF:192.168.0.1) Use IPv4-Compatible address (e.g. ::192.168.0.1) Accepting connections on an IPv6 socket IPv4 connections will return IPv6 address as IPv4-mapped/compatible Can use IN6_IS_ADDR_V4_MAPPED to test Use AF_INET6 sockets for applications that will support both IPv4 and IPv67ZMZcZ(ZDZqZ7Mc(D  T1Dual-Stacked Nodes: Sending IPv4 and IPv6 Packets$2  2Dual-Stacked Nodes Receiving IPv4 and IPv6 Packets$3   IPv6 Socket OptionsyChanging socket type If an IPv6 application inherits a socket from a v4-only application and wants to make it a v6 socket*ee IPv6 Socket OptionsMulticast Options IPV6_MULTICAST_IF -- set interface (int) IPV6_MULTICAST_HOPS -- set hop limit (int) IPV6_MULTICAST_LOOP -- toggle loopback (int) IPV6_ADD_MEMBERSHIP -- (struct ipv6_mreq) IPV6_DROP_MEMBERSHIP -- (struct ipv6_mreq)6(   *Displaying and Interpreting IPv6 AddressesReplace inet_ntoa() and inet_addr() functions with protocol-agnostic versions inet_ntop() -- network format to presentation format inet_ntop(int af, void *src, char *dst, int cnt) src is in_addr, in6_addr, etc dst is char array of cnt bytes (INET[6]_ADDRSTRLEN) inet_pton() -- presentation format to network format inet_pton(int af, const char *src, void *dst) src is string represenation dst is pointer to in_addr, in6_addr, etc.pNZ5Z1ZSZ5Z.ZFZ  +   0                                --,,  Hostname and Address LookupsBDON T USE gethostbyname()/gethostbyaddr() Interface to address results is cumbersome with respect to address type Not thread-safe gethostbyname() behavior can be changed with resolver flag gethostbyname2() allows you to specify an address family gethostbyaddr() already has address family+ZXZZ !X,)t  X  > Hostname and Address LookupsPreferred interface is protocol independent getaddrinfo() and getnameinfo() Allows multiple addresses with independent types Addresses are returned as linked-list of type struct addrinfo,Q>, 1.6,  aHostname and Address Lookups~getaddrinfo() getaddrinfo(const char *node, const char *service, const struct addrinfo *hints, struct addrinfo **results);:qpR  . Hostname and Address Lookupsgetnameinfo() -- inverse lookup getnameinfo(const struct sockaddr *sa, size_t sa_len, char *host, size_t hostlen, char *serv, size_t servlen, int flags);\ 6S   %Advanced Socket API for IPv6 RFC 2292Details on header structures IPv6 header Extension Headers, ICMPv6 headers Neighbor Discovery message formats RAW sockets and ICMPv6 filters Ancillary data How to get IPv6 Extension data from socket Specifying and receiving Packet Information Src/Dst addr, in/out interface, in/out hop limit, next hop addr API for hop-by-hop, destination, routing options Future API for flow, PMTU, Neighbor reachabilityZQZ.Z+Z,Z@ZbZQ.+,@01H/U #IPv6 Programming: UI Considerations$$$Reading addresses -- use inet_pton()as needed Configuration/Data files and user input need to change Larger address strings -- larger buffers to read and parse Address lookups will return multiple addresses per host Do you need to handle []: format? Check for overflow Writing addresses -- use inet_ntop()as needed Text or GUI output will require larger screen area Building log messages will require larger buffers Data file formats may need change (addr type and size) Integration with databases or other processes.Z7Z;Z~Z.ZZ.Z  7:N    .>>General IPv6 Programming: ToolsThere are some good software tools publicly available that can automatically determine if an IPv4 program contains IP-specific calls, and suggest needed changes. A few are: http://msdn.microsoft.com/library/ IPv6 Guide for Windows Sockets Applications Checkv4.exe utility program http://wwws.sun.com/software/solaris/ipv6/ IPv6 Socket Scrubber http://wwws.sun.com/software/solaris/ipv6/porting_guide_ipv6.pdf Porting Networking Applications to the IPv6 APIs Linux tools also availableU#UHU+UUAU1UU#H+ " A1 ]$L)General IPv6 Programming: Recommendations$*(yBuild application-specific address structure in the code. This would typically be a structure that includes the address type, address data, and optionally address size. This allows a single structure for dealing with multiple address types. Build small set of functions that deal with these address structures Functions may include: setting, comparing, printing, etc., address structures. Hostname lookups Expect multiple addresses to be returned. This should be obvious for hosts with multiple IPv4 addresses, but account for several IP addresses (at least 2) per interface. Also, consider link-local, multicast, and anycast addresses. When replacing IPv4 addresses in code Rename variables or structure members so that the compiler can help you find all instances of the address variable that need to be adjusted Use of "struct sockaddr_storage" and cast to the appropriate sockaddr_*:PPEPOPPP&PPHP:EO&    H  >l % )General IPv6 Programming: Recommendations*(When processing packets, look for: IPv6 extension headers -- may need to skip for transport layer access Tunneling of IPvX-in-IPvX (how many layers of encapsulation are sufficient to handle?) BPF issues Write protocol-independent code Will you be retired when IPv8 is deployed??`# ,# +,vIPv6 Miscellaneous Issues/Libpcap and Berkeley Packet Filters (BPF) Used by tcpdump, ethereal, etc. Have supported IPv6 for a few years But must be enabled in the build tcpdump ip6 tcpdump net 2001:480:31:10::/64 Filter on port X -- verify that v4 & v6 will be processed tcpdump -d port 22 Look for ldh[12] and compare to 0x86dd l*D!f;*D!f;  l*VR Checking BPF code for IPv6    0` 33` Sf3f` 33g` f` www3PP` ZXdbmo` \ғq>9y`Ӣ` 3f3ff` 3f3FKf` hk]wwwfܹ` ff>>\`Y{ff` R>&- {p_/̴>?" dd@,|?" dd@   " @ ` n?" dd@   @@``PR    @ ` ` p>>  (    6P P  T Click to edit Master title style! !  0PS   RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S  0DZ ``  P*   0P_ `   R*   0c `   R* H  0޽h ? 33 $Blank Presentation 0 0(  l  C 4jqp q l  C Аq `   q H  0޽h ? 33  0 @ ( Kz  l  C 4P   l  C   H  0޽h ? 33  0 PL( P Ll L C qP  q l L C \q q H L 0޽h ? 33  0 `(  l  C qP  q l  C q q H  0޽h ? 33  0 l(  ll l C qP  q l l C q  q H l 0޽h ? 33  0 p(  l  C \qP  q l  C  q ` q H  0޽h ? 33  0  (( f  l  C 8rP  r l  C rP  r   <ٍ P  *struct in6_addr { u_int8_t s6_addr[16]; } +*6  < r P   struct in6_addr { union { u_int8_t u6_addr8[16]; u_int16_t u6_addr16[8]; u_int32_t u6_addr32[4]; } u6_addr; } #define s6_addr u6_addr.u6_addr8 #define s6_addr16 u6_addr.u6_addr16 #define s6_addr32 u6_addr.u6_addr32     #   <%r0 *  ; Officially:   < 2r: E4  EOften implemented as:H  0޽h ? 33  0 (( | (l ( C DHrP  r l ( C Ir r H ( 0޽h ? 33  0 WO ( , l  C ZrP  r l  C [r @ r |  < ]r   struct sockaddr_in6 { u_int16_t sin6_family; u_int16_t sin6_port; u_int32_t sin6_flowinfo; struct sockaddr_in6 sin6_addr; u_int32_t sin6_scope_id; };%    <kr*   #define SIN6_LEN struct sockaddr_in6 { u_int8_t sin6_len; u_int8_t sin6_family; u_int16_t sin6_port; u_int32_t sin6_flowinfo; struct sockaddr_in6 sin6_addr; u_int32_t sin6_scope_id; };6     0rZ`z  >BSD 4.3-based:  <r T* >BSD 4.4-based:H  0޽h ? 33  0 (  l  C rP  r l  C \r r H  0޽h ? 33  0 $(  $r $ S rP  r m $ 0r istruct sockaddr_storage ss; int ss_len; get_sock_addr((struct sockaddr *)&ss); switch (ss.ss_family) { case AF_INET: sin = (struct sockaddr_in *)&ss; ss_len = sizeof(struct sockaddr_in); break; case AF_INET6: sin6 = (struct sockaddr_in6 *)&ss; ss_len = sizeof(struct sockaddr_in6); break; [...] } ret = bind(s, (struct sockaddr *)&ss, ss_len);j1 <c_    #))H $ 0޽h ? 33  0 4(  4l 4 C |rP  r l 4 C r r H 4 0޽h ? 33x  0 ( ..p(  pr p S dr  r F Pt  p ` p 0Pt  p <Hr~t  N tcp_output()&  F p,  p  ` p 0p,  p <rp,  N udp_output()&  F  ,   p  `  p 0 ,   p <r ,  O tcp6_output()& F ,   p `  p 0,  p <8r,  O udp6_output()&  p <r?P. IAF_INET SOCK_STREAM p <r . HAF_INET SOCK_DGRAM p <r/ @. JAF_INET6 SOCK_STREAM p <rU;. IAF_INET6 SOCK_DGRAMoF  P  p  P: ` p 0 P  p < rN" 0 = ip_output()  pF IP   p  O:  p <r   > ip6_output()  ` p 0IP  ^B p 6DPN ^B p@ 6D ^B p 6D@0 ^B p@ 6D dB p@ <D dB p@ <D  p BWht4  ? IPv4-mapped    p BtI 0  ? IPv4-mapped  F  :  !p @4 ;` "p 0 :  #p 0t t :  (Auto-tunnel driver (prepend IPv4 header)0) dB $p@ <D: ;dB %p <Dd p @ &p BUlt i CIPv4-compatible^B 'p 6D: NN^B (p 6D:  )p <dt A To Link-Layer *p <tM A To Link-Layer^B +p 6D.PP^B ,p 6D.^B -p 6D.@@^B .p 6D.H p 0޽h ? ̙33Z  0  88t(  tr t S #tr  t pF   t p` t 0  t <%t  > Link Layer  nF  P  t  P: ` t 0 P  t <*tN 0 < ip_input()  oF  P   t  : `  t 0 P   t </tN" 0 = ip6_input()  ^B  t 6D: A^B  t 6D   t <p4t  ? Version = 6  F  :  t S ` t 0 :  t 0`9t :  t(Auto-tunnel driver (removes IPv4 header)0) t BK?tmA  M Protocol = 41$F Pt  t ` t 0Pt  t <`Dt>t  M tcp_input()&  F p,  t  ` t 0p,  t <Itp,@  M udp_input()&  F  ,  t  ` t 0 ,  t <Nt ,  N tcp6_input()&  F ,  t ` t 0,  t <St,  N udp6_input()&   t <Xtr+ IAF_INET SOCK_STREAM  t <$]tr  HAF_INET SOCK_DGRAM !t <atr  JAF_INET6 SOCK_STREAM "t <(etr0 IAF_INET6 SOCK_DGRAM^B #t 6DPp ^B $t 6DA ^B %t 6D ^B &t 6D)  't Bơ,jtO#  @ Protocol = 6   (t BKY6t1  A Protocol = 17 )t B[pqt  A Next Hdr = 17 *t BEPuto#  @ Next Hdr = 6   +t <yt}   QEthertype 0x0800 and 0x86dd^B ,t 6DPP^B -t 6D^B .t 6D ^B /t 6D<L   0  0t#  0 lB 1t <D   lB 2t <D 0 dB 3t <DP dB 4t <D 5t B|~t\ 0 ? IPv4-mapped   6t B,;4tp@D ? IPv4-mapped   7t <t Z` JEthertype 0x86dd^B 8t 6D H t 0޽h ? ̙33  0 80<( | <r < S tP  t r < S t@ t  < <tpq  mint addrform = PF_INET6; setsockopt(s, IPPROTO_IPV6, IPV6_ADDRFORM, (char *)&addrform, sizeof(addrform));nnl  "  < 0Lt  `  BChanging Hop Limitk < <țtx q kint hoplimit = 10; setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, (char *)&hoplimit, sizeof(hoplimit));llZ  1H < 0޽h ? 33  0 8( 'P 8l 8 C tP  t l 8 C `tP0 t H 8 0޽h ? 33  0 ,(  ,l , C \tP  t l , C  t  t H , 0޽h ? 33  0  0(   0l 0 C tP  t l 0 C t ` t H 0 0޽h ? 33   0 0@M( t@ @l @ C 8tP  t l @ C t  t - @ <t` P struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ int ai_family; /* PF_xxx */ int ai_socktype; /* SOCK_xxx */ int ai_protocol; /* 0 or IPPROTO_x for IPv4 & IPv6 */ size_t ai_addrlen; /* length of ai_addr */ char *ai_canonname; /* canonical name for hostname */ struct sockaddr *ai_addr; /* binary address */ struct addrinfo *ai_next; /* next structure in linked list */ };  "      .  %.H @ 0޽h ? 33A  0 @D( 33 Dr D S 4tP  t r D S t  t U D <` struct addrinfo hints, *res, *res0; int error; memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; error = getaddrinfo("www.kame.net", "http", &hints, &res0); [...] for (res = res0; res; res = res->ai_next) { s = socket(res->ai_family, res->ai_socktype,res->ai_protocol); [...] error = connect(s, res->ai_addr, res->ai_addrlen); [...] }    +   ,H D 0޽h ? 33  0 PH$( 8, ( Hr H S dP   r H S P   H H 0޽h ? 33  0 `P( 4P Pl P C *P   l P C +  H P 0޽h ? 33  0 ph(  hl h C 6P   l h C ;0  H h 0޽h ? 33  0 T(  Tl T C IP0P   l T C dJ@`  H T 0޽h ? 33  0 X$(  Xr X S TP   r X S U@``  H X 0޽h ? 33  0  d( Q dl d C hP   l d C Xi  H d 0޽h ? 33  0 \(   \l \ C PvP   l \ C (w  H \ 0޽h ? 33  0 x ( | xl x C cqP  q t x <DgqE Troot# tcpdump -d port 22 (000) ldh [12] (001) jeq #0x86dd jt 2 jf 10 (002) ldb [20] (003) jeq #0x84 jt 6 jf 4 (004) jeq #0x6 jt 6 jf 5 (005) jeq #0x11 jt 6 jf 23 (006) ldh [54] (007) jeq #0x16 jt 22 jf 8 (008) ldh [56] (009) jeq #0x16 jt 22 jf 23 (010) jeq #0x800 jt 11 jf 23 (011) ldb [23] (012) jeq #0x84 jt 15 jf 13 (013) jeq #0x6 jt 15 jf 14 (014) jeq #0x11 jt 15 jf 23 (015) ldh [20] (016) jset #0x1fff jt 23 jf 17 (017) ldxb 4*([14]&0xf) (018) ldh [x + 14] (019) jeq #0x16 jt 22 jf 20 (020) ldh [x + 16] (021) jeq #0x16 jt 22 jf 23 (022) ret #96 (023) ret #0UU z                      )H x 0޽h ? 33rP0MVXz\`:`jsbyu i`{r"RgZ\<(|Z^0@} 1Oh+'0 `h  IPv6 for Developers Trial User ewheeler23Microsoft PowerPoint@<=@Ė1*@@w$pGg  m$  y--$xx--'Times-. $2 7IPv6 for Developers ."System7-Times-.  2 K?Ken.-Times-. 2 KMRenard.-Times-. 2 V# WareOnEarth .-Times-. 2 VLCommunications.-Times-.  2 ]5<{.-Times-. 2 ]7kdrenard.-Times-.  2 ]F@{.-Times-. 2 ]K wareonearth.-Times-. 2 ]`.com>a.-՜.+,0    #On-screen Show뿿\ "Times HelveticaCourierTimes New RomanArialBlank PresentationIPv6 for DevelopersPresentation AgendaProgramming with IPv6Programming with IPv6 A Few Notes about Java and IPv6Socket API ExtensionsIPv6 Address Structurestruct in6_addrIPv6 Socket AddressesIPv6 Socket Addresses'IPv6 Socket Addresses sockaddr_storageIPv6 and IPv4 Interoperability2Dual-Stacked Nodes: Sending IPv4 and IPv6 Packets3Dual-Stacked Nodes Receiving IPv4 and IPv6 PacketsIPv6 Socket OptionsIPv6 Socket Options+Displaying and Interpreting IPv6 AddressesHostname and Address LookupsHostname and Address LookupsHostname and Address LookupsHostname and Address Lookups&Advanced Socket API for IPv6 RFC 2292$IPv6 Programming: UI Considerations General IPv6 Programming: Tools*General IPv6 Programming: Recommendations*General IPv6 Programming: RecommendationsIPv6 Miscellaneous IssuesChecking BPF code for IPv6  Fonts UsedDesign Template Slide Titles _\0ewheelerewheeler  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqstuvwxy{|}~Root EntrydO)Current UserSummaryInformation(rPowerPoint Document(DocumentSummaryInformation8z