版權資訊
作 者:(美國)QingLi (日本)KeiichiShima
編輯推薦
IPv6的時代即將到來!
《IPv6詳解:高級協定實現》由開源的IPv6標準參考實現KAME的核心開發人員撰寫,沿襲了被奉為經典的Richard Steverls的《TCP/IP詳解》的寫作方式和風格,覆蓋了IPv6技術的全部內容,是毋庸置疑的IPv6權威參考書。書中詳盡剖析了IPv6協定及其實現的技術細節,逐行詮釋了KAME每一行代碼的作用,並結合闡述了彌足珍貴的設計體會,對網路研究、設計和開發人員都有極高的參考價值。
全書分為兩卷,第1卷介紹核心協定的實現。第2卷主要介紹高級協定的實現。《IPv6詳解:高級協定實現》適合網路設計和開發人員閱讀,對於下一代網路產品研發人員尤其具有參考價值。Qin9Li 8IueCoat系統公司資深架構師,負責領導下一代支持IPv6的安全代理套用系統的設計和 開發工作:他曾在風河系統公司工作8年,是風河嵌入式IPv6產品的首席架構師:他擁有多項美國專利。並著有Real-TimeConceptsforEmbeddedSystems等暢銷書。他還是FreeBSD作業系統項目活 躍的開發者:TatuyaJinmei(神明達哉)東芝公司研究與開發中心的科學家。KAME項目核心開發人員。2003年在日本慶應義塾大學獲得博士學位,KeiichiShima(島慶一)日本Internellnitiative公司的資深研究人員。他的研究領域是IPv6和IPv6移動性。KAME項目核心開發人員,開發了移動IPv6/NEMO基本支持協定棧:現在正致力於BSD作業系統中新的移動棧(SHISA棧)的研究。
目錄
1 IPv6UnicastRoutingProtocols 1
1.1 Introduction 1
1.2 OverviewofRoutingConcepts 2
1.2 OverviewofVector-basedAlgorithmsandLink-StateAlgorithm 5
1.3.1 Distance-VectorAlgorithm 5
1.3.2 Path-VectorAlgorithm 7
1.3.3 Link-StateAlgorithm 7
1.4 IntroductiontoRIPng 10
1.4.1 RIPngMessageFormats 11
1.4.2 RIPngOperation 14
1.4.3 ProblemswithRIPng 15
1.5 IntroductiontoBGP4+ 17
1.5.1 BGP4+Operation 19
1.5.2 BGP4+Messages 21
1.5.3 PathAttributes 27
1.5.4 IPv6ExtensionsforBGP4+ 29
1.5.5 BGP4+RouteSelectionProcess 31
1.6 IntroductiontoOSPFv2 33
1.6.1 RouterAdjacencyandLSDBSynchronization 33
1.6.2 AreaTypesandRouterClassification 35
1.6.3 LinkStateAdvertisementandLSATypes 35
1.6.4 LSAFormats 37
1.6.5 OSPFTreeConstructionandRouteComputation 46
1.7 CodeIntroduction 49
1.8 IPv6RoutingTableintheBSDKernel 50
1.8.1 ScopeZoneRepresentationintheRoutingTable 53
1.9 RoutingAPI 55
1.9.1 RoutingSockets 55
1.9.2 DumpingRoutingTableviasysctl() 62
1.10 Overviewofroute6dDaemon 65
1.11 CommonDataStructures,RoutinesandGlobalVariables 65
1.11.1 StructuresforRIPngMessages 65
1.11.2 route6d’sRoutingTable 67
1.11.3 StructuresforLocalInterfaces 68
1.11.4 route6dRouteFilterEntry 70
1.11.5 SubroutinesandGlobalVariables 72
1.12 InterfaceConfiguration 74
1.12.1 ifconfig()Function 74
1.12.2 ifconfig1()Function 77
1.12 RIPngProtocolOperation 81
1.13.1 sendrequest()Function 82
1.13.2 riprecv()Function 83
1.13.3 riprequest()Function 96
1.13.4 ripsend()Function 97
1.13.5 ripalarm()Function 104
1.14 RoutingOperationUsingroute6d 105
1.14.1 ALeafNetwork 105
1.14.2 ASimpleLoopNetwork 108
1.14.3 AHierarchicalNetwork 111
2 IPv6Multicasting 113
2.1 Introduction 113
2.2 IPv6MulticastAddresstoLayer-2MulticastAddressMapping 114
2.2 MulticastListenerDiscoveryProtocol 114
2.3.1 MLDProtocolMessageFormat 115
2.3.2 RouterAlertOption 116
2.3.3 SourceAddressSelection 116
2.3.4 DestinationAddressSelection 116
2.3.5 MLDQuerier 116
2.3.6 OperationalVariables 117
2.3.7 MLDJoinProcess 118
2.3.8 MLDLeaveProcess 119
2.4 MulticastRoutingFundamentals 120
2.4.1 ReversePathForwarding 120
2.4.2 MulticastRoutingModels 121
2.4.3 ProtocolIndependentMulticast 125
2.4.4 IPv6SpecificIssuesaboutPIM 128
2.4.5 IPv6MulticastFuture—MLDv2andSSM 130
2.5 CodeIntroduction 131
2.6 MLDImplementation 133
2.6.1 TypesandStructures 133
2.6.2 mld6_init()Function 136
2.6.3 JoiningaGroup:mld6_start_listening()Function 137
2.6.4 LeavingaGroup:mld6_stop_listening()Function 139
2.6.5 InputProcessing:mld6_input()Function 140
2.6.6 mld6_fasttimeo()Function 144
2.6.7 mld6_sendpkt()Function 146
2.6.8 mld_allocbuf()Function 149
2.7 IPv6MulticastInterface:mif6{}Structure 150
2.8 IPv6MulticastRoutingAPI 152
2.8.1 ip6_mrouter_set()Function 152
2.8.2 ip6_mrouter_init()Function 155
2.8.3 ip6_mrouter_get()Function 156
2.8.4 set_pim6()Function 157
2.8.5 add_m6if()Function 157
2.8.6 del_m6if()Function 160
2.8.7 ip6_mrouter_done()Function 161
2.8.8 mrt6_ioctl()Function 164
2.8.9 get_mif6_cnt()Function 164
2.9 IPv6MulticastForwardingCache 165
2.9.1 add_m6fc()Function 166
2.9.2 del_m6fc()Function 171
2.9.3 expire_upcalls()Function 172
2.9.4 get_sg_cnt()Function 173
2.10IPv6MulticastForwarding 174
2.10.1 ip6_mforward()Function 175
2.10.2 ip6_mdq()Function 183
2.10.3 phyint_send()Function 189
2.10.4 register_send()Function 192
2.10.5 socket_send()Function 194
2.10.6 pim6_input()Function 195
2.11 IPv6MulticastOperation 202
2.11.1 ifmcstatCommand 202
2.11.2 EnableIPv6MulticastRouting 203
2.11.3 pim6ddandpim6sdRoutingDaemons 203
2.11.4 pim6statOutput 203
2.11.5 netstatCommand 206
3 DNSforIPv6 207
3.1 Introduction 207
3.2 BasicsofDNSDefinitionsandProtocols 208
3.2.1 DNS,Domains,andZones 208
3.2.2 ResourceRecordsandZoneFiles 210
3.2.3 DNSTransactionandPacketFormat 212
3.2.4 NameResolutionandCaching 214
3.2 IPv6-RelatedTopicsaboutDNS 217
3.3.1 AAAAResourceRecord 217
3.3.2 DNSReverseTreeforIPv6 217
3.3.3 IPv6TransportforDNS 219
3.3.4 PacketSizeIssueandEDNS0 219
3.3.5 MisbehavingDNSServersagainstAAAA 222
3.3.6 ObsoleteStandards 225
3.4 ImplementationofIPv6DNSResolver 226
3.4.1 _dns_getaddrinfo()Function 229
3.4.2 getanswer()Function 235
3.4.3 res_queryN()Function 243
3.4.4 ResolverStateStructure 245
3.4.5 res_init()Function 248
3.4.6 res_send()Function 250
3.4.7 IPv6ReverseLookup:_dns_ghbyaddr()Function 260
3.5 IPv6DNSOperationwithBIND 264
3.5.1 OverviewofBIND9 265
3.5.2 GettingBIND9 266
3.5.3 BuildingandInstallingBIND9 266
3.5.4 ConfiguringBIND9 forIPv6Operation 267
3.5.5 Implementation-SpecificNotes 274
3.5.6 CompleteConfigurationExample 282
3.5.7 digandhostUtilities 286
4 DHCPv6 289
4.1 Introduction 289
4.2 OverviewoftheDHCPv6Protocol 290
4.2.1 CasesforDHCPv6 290
4.2.2 DefinitionsaboutDHCPv6 293
4.2.3 DHCPv6MessageExchanges 297
4.2.4 SummaryofDHCPv6Options 310
4.2.5 InteractionwithNeighborDiscovery 319
4.2.6 ComparisontoDHCPv4 319
4.2 CodeIntroduction 320
4.3.1 CommonDataStructuresandRoutines 320
4.4 ClientImplementation 326
4.4.1 Client-SpecificDataStructures 328
4.4.2 client6_mainloop()Function 332
4.4.3 client6_timo()Function 333
4.4.4 client6_send()Function 338
4.4.5 client6_recv()Function 344
4.4.6 client6_recvadvert()Function 346
4.4.7 client6_recvreply()Function 352
4.4.8 ProcessingIdentityAssociation 357
4.4.9 update_ia()Function 359
4.4.10 update_address()Function 365
4.4.11 reestablish_ia()Function 369
4.4.12 ia_timo()Function 374
4.4.12 ReleaseResources 379
4.5 ServerImplementation 382
4.5.1 server6_mainloop()Function 386
4.5.2 server6_recv()Function 387
4.5.3 process_relayforw()Function 391
4.5.4 react_solicit()Function 396
4.5.5 react_request()Function 401
4.5.6 make_ia()Function 406
4.5.7 react_renew()Function 417
4.5.8 react_rebind()Function 419
4.5.9 binding_time()Function 426
4.5.10 react_release()Function 428
4.5.11 react_informreq()Function 432
4.5.12 server6_send()Function 434
4.6 RelayAgentImplementation 439
4.6.1 relay6_loop()Function 439
4.6.2 relay6_recv()Function 441
4.6.3 relay_to_server()Function 444
4.6.4 relay_to_client()Function 450
4.7 ImplementationofDHCPv6Authentication 454
4.7.1 DataStructuresRelatedtoDHCPv6Authentication 454
4.7.2 set_auth()Function 455
4.7.2 process_auth()Function(ClientSide) 458
4.7.4 process_auth()Function(ServerSide) 462
4.8 DHCPv6Operation 468
4.8.1 BuildingtheDHCPv6Implementation 468
4.8.2 ConfiguringaDUID 469
4.8.3 ConfiguringtheDHCPv6Server 469
4.8.4 ConfiguringtheDHCPv6Client 470
4.8.5 ConfiguringtheDHCPv6RelayAgent 474
4.8.6 ConfiguringDHCPv6Authentication 475
4.8.7 ConfiguringControlCommandKeys 476
4.8.8 OperationofDHCPv6Services 476
5 MobileIPv6 485
5.1 Introduction 485
5.2 MobileIPv6Overview 486
5.2.1 TypesofNodes 487
5.2.2 BasicOperationofMobileIPv6 488
5.2 HeaderExtension 491
5.3.1 AlignmentRequirements 493
5.3.2 HomeAddressOption 493
5.3.3 Type 2 RoutingHeader 494
5.3.4 MobilityHeader 495
5.3.5 MobilityOptions 503
5.3.6 NeighborDiscoveryMessages 506
5.3.7 ICMPv6Messages 509
5.4 ProcedureofMobileIPv6 512
5.4.1 ProtocolConstantsandVariables 512
5.4.2 HomeRegistration 512
5.4.3 Bi-directionalTunneling 516
5.4.4 InterceptingPacketsforaMobileNode 518
5.4.5 ReturningHome 519
5.5 RouteOptimization 521
5.5.1 ReturnRoutability 522
5.5.2 SendingInitialMessages 522
5.5.3 RespondingtoInitialMessages 523
5.5.4 ComputingaSharedSecret 525
5.5.5 VerifyingMessage 526
5.5.6 SecurityConsiderations 527
5.5.7 De-RegisterBindingforCorrespondentNodes 528
5.5.8 BackwardCompatibility 528
5.6 MovementDetection 529
5.7 DynamicHomeAgentAddressDiscovery 530
5.8 MobilePrefixSolicitation/Advertisement 533
5.9 RelationshipwithIPsec 534
5.10 CodeIntroduction 537
5.10.1 Statistics 537
5.11 MobileIPv6RelatedStructures 539
5.11.1 Files 539
5.11.2 MobilityHeaderMessage—ip6_mh{}Structure 539
5.11.3 BindingRefreshRequestMessage—ip6_mh_binding_request{}Structure 541
5.11.4 HomeTestInitMessage—ip6_mh_home_test_init{}Structure 541
5.11.5 Care-ofTestInitMessage—ip6_mh_careof_test_init{}Structure 542
5.11.6 HomeTestMessage—ip6_mh_home_test{}Structure 543
5.11.7 Care-ofTestMessage—ip6_mh_careof_test{}Structure 543
5.11.8 BindingUpdateMessage—ip6_mh_binding_update{}Structure 544
5.11.9 BindingAcknowledgmentMessage—ip6_mh_binding_ack{}Structure 545
5.11.10 BindingErrorMessage—ip6_mh_binding_error{}Structure 546
5.11.11 MobilityOptionMessageStructures 548
5.11.12 MobilityOptionMessage—ip6_mh_opt{}Structure 548
5.11.12 BindingRefreshAdviceOption—ip6_mh_opt_refresh_advice{}Structure 549
5.11.14 AlternateCare-ofAddressOption—ip6_mh_opt_altcoa{}Structure 549
5.11.15 NonceIndexOption—ip6_mh_opt_nonce_index{}Structure 550
5.11.16 AuthenticationDataOption—ip6_mh_opt_auth_data{}Structure 550
5.11.17 TheInternalMobilityOption—mip6_mobility_options{}Structure 551
5.11.18 HomeAddressOption—ip6_opt_home_address{}Structure 551
5.11.19 Type 2 RoutingHeader—ip6_rthdr2{}Structure 552
5.11.20 TheModifiedRouterAdvertisementMessage—nd_router_advert{}Structure 552
5.11.21 TheModifiedPrefixInformationOption—nd_opt_prefix_info{}Structure 553
5.11.22 AdvertisementIntervalOption—nd_opt_adv_interval{}Structure 554
5.11.22 HomeAgentInformationOption—nd_opt_homeagent_info{}Structure 554
5.11.24 DynamicHomeAgentAddressDiscoveryRequestMessage—mip6_dhaad_req{}Structure 555
5.11.25 DynamicHomeAgentAddressDiscoveryReplyMessage—mip6_dhaad_rep{}Structure 555
5.11.26 MobilePrefixSolicitationMessage—mip6_prefix_solicit{}Structure 556
5.11.27 MobilePrefixAdvertisementMessage—mip6_prefix_advert{}Structure 556
5.11.28 BindingCacheEntry—mip6_bc{}Structure 557
5.11.29 BindingUpdateListEntry—mip6_bu{}Structure 559
5.11.30 HomeAgentEntry—mip6_ha{}structure 561
5.11.31 PrefixEntry—mip6_prefix{}Structure 562
5.11.32 HomeVirtualInterface—hif_softc{}Structure 563
5.12 MacroandTypeDefinitions 567
5.12 GlobalVariables 570
5.14 UtilityFunctions 570
5.14.1 Files 570
5.14.2 CreationofIPv6Header 570
5.14.3 ChecksumComputation 572
5.15 CommonMobilityHeaderProcessing 575
5.15.1 Files 575
5.15.2 MobilityHeaderInput 575
5.15.3 GeneratingBindingErrorMessages 581
5.15.4 RateLimitationofBindingErrorMessages 582
5.15.5 CreationofBindingErrorMessage 583
5.15.6 MobilityHeaderMessageDeliverytoRawSockets 585
5.16 HomeAgentandCorrespondentNode 588
5.16.1 Files 589
5.16.2 BindingUpdateMessageInput 589
5.16.3 BindingCacheEntryManagement 598
5.16.4 MobilityOptionsProcessing 606
5.16.5 ValidationofBindingUpdateMessageforCorrespondentNode 608
5.16.6 KbmandAuthorizationDataComputation 610
5.16.7 ManagingBindingCacheEntryasCorrespondentNode 615
5.16.8 SendingBindingRefreshRequestMessage 618
5.16.9 HomeRegistrationProcessing 622
5.16.10 TheDADProcedure 628
5.16.11 ProxyNeighborDiscoveryControl 634
5.16.12 HomeDe-RegistrationProcedure 639
5.16.13 SendingaBindingAcknowledgmentMessage 642
5.16.14 NonceandNodekeyManagement 649
5.16.15 ReceivingaHomeAddressOption 653
5.16.16 SendingPacketstoMobileNodesviaTunnel 660
5.16.17 RecoveryofTemporarilyDisabledProxyEntry 664
5.16.18 ReceivingICMPv6ErrorMessages 666
5.16.19 HomeAgentListManagement 670
5.16.20 PrefixListManagement 684
5.16.21 SendingaMobilePrefixAdvertisementMessage 684
5.16.22 ConstructingthePayload 687
5.17 MobileNode 689
5.17.1 Files 689
5.17.2 BindingUpdateListEntryManagement 689
5.17.3 MovementDetection 699
5.17.4 ConfiguringHomeAddresses 711
5.17.5 SendingaBindingUpdateMessage 721
5.17.6 ReceivingaBindingAcknowledgmentMessage 737
5.17.7 ReceivingaType 2 RoutingHeader 750
5.17.8 ReceivingaBindingRefreshRequestMessage 754
5.17.9 ReceivingaBindingErrorMessage 755
5.17.10 SourceAddressSelection 758
5.17.11 HomeAgentListManagement 763
5.17.12 PrefixInformationManagement 772
5.17.13 ReceivingPrefixInformationbyRouterAdvertisementMessages 784
5.17.14 SendingaMobilePrefixSolicitationMessage 793
5.17.15 ReceivingaMobilePrefixAdvertisementMessage 796
5.17.16 SendingaDynamicHomeAgentAddressDiscoveryRequestMessage 804
5.17.17 ReceivingaDynamicHomeAgentAddressDiscoveryReplyMessage 808
5.17.18 ReceivingICMPv6ErrorMessages 813
5.17.19 StateMachine 815
5.17.20 PrimaryStateMachine 817
5.17.21 SecondaryStateMachine 837
5.17.22 VirtualHomeInterface 844
5.17.23 ReturnRoutabilityandRouteOptimization 857
5.17.24 RouteOptimizedCommunication 874
5.17.25 TunnelControl 884
5.17.26 ReceivingPacketsfromaTunnel 887
5.17.27 I/OControl 889
5.18 MobileIPv6Operation 892
5.18.1 RebuildingaKernelwithMobileIPv6Extension 892
5.18.2 RebuildingUserSpacePrograms 893
5.18.3 IPsecSignalProtection 894
5.18.4 ConfiguringNode 897
5.18.5 ViewingStatusInformation 899
5.18.6 ViewingStatistics 899
5.19 Appendix 901
5.19.1 TheManualPageofmip6control 901
6 IPv6andIPSecurity 903
6.1 Introduction 903
6.2 AuthenticationHeader 904
6.3 EncapsulatingSecurityPayload 906
6.4 TransportModeandTunnelMode 908
6.5 SecurityAssociationDatabase 909
6.5.1 SecurityPolicyDatabase 910
6.5.2 SecurityAssociationDatabase 911
6.5.3 SADandSPDExample 912
6.6 IPsecTrafficProcessing 913
6.7 SPDandSADManagement 914
6.7.1 ManualKeyingandAutomaticKeying 915
6.8 ManualConfiguration 916
6.8.1 ConfigurationFileFormat 917
6.8.2 ExamplesofManipulatingSPEntries 922
6.8.3 ExamplesofManipulatingSAEntries 924
6.9 InternetSecurityAssociationandKeyManagementProtocol(ISAKMP)Overview 925
6.9.1 ISAKMPExchanges 927
6.9.2 DomainofInterpretation 929
6.9.3 InternetKeyExchangeProtocol 930
6.10 RacoonOperation 931
6.10.1 ConfiguringRacoon 931
6.10.2 ConfigurationFileFormat 932
6.11 Scenarios 937
6.11.1 CreatingaVPNbetween3Networks 938
6.11.2 CreatingStarTopologyVPN 942
6.11.3 UsingTransportModeIPSecurity 945
6.11.4 ConnectingtotheServerfromPublicAccessPoints 949
References 953
Index 961
序言
Back in 1994,when the IETF accepted the proposal that iS known as IPv6 today,1 was convincedfrom that moment,such a new fundamental protocol would be difficult if not impossible to beaccepted,adopted and deployed by the networking community without a highqualiW opensource reference implementation that is freely available. This conviction stems from my close involvement with the original TCP/IPv4 protocolsand UC Berkeley’s BSD implementation of these protocols.I have seen firsthand how the BSDimplementation has made enormous contribution to the success of TCP/IPv4,commonly knownas the Internet protocols.We needed a new effort that played the same role for IPv6.
It was our turn to make a contribution to the world of the Internet from a developer’s pointof view,but at that time the economic impact of the Internet boom already made my colleaguesat Berkeley too busy.I understood that we had a mission and SO the IPv6 working group wasborn in the WIDE project for this purpose,which eventually evolved into the KAME project.
One of the requirements demanded of the so ftware to be developed by the KAWE project,was to demonstrate how the IPv6 protocols work and how well the protocols operate in realenvironments——a difficult and challenging task,With the long and very patient help from all thesupporters.the KAME project members fulfilled this goal with theft diligence and perseverance.The KAME implementation was adopted bv all major BSD variants as the defacto IPv6 implementation.And KAME iS often refefred to during IPv6 discussions at IETE meetings.I strongly believe the success of the KAME project played a significant role in the wide acceptance andthe continued adoption of the IPv6 technology.