ip 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926
  1. .TH IP 3
  2. .SH NAME
  3. ip \- network protocols over IP
  4. .SH SYNOPSIS
  5. .nf
  6. .B bind -a #I\fIspec\fP /net
  7. .B /net/ipifc
  8. .B /net/ipifc/clone
  9. .B /net/ipifc/stats
  10. .BI /net/ipifc/ n
  11. .BI /net/ipifc/ n /status
  12. .BI /net/ipifc/ n /ctl
  13. \&...
  14. .B /net/arp
  15. .B /net/log
  16. .B /net/ndb
  17. .B /net/iproute
  18. .B /net/ipselftab
  19. .B /net/esp
  20. .B /net/gre
  21. .B /net/icmp
  22. .B /net/il
  23. .B /net/ipmux
  24. .B /net/rudp
  25. .B /net/tcp
  26. .B /net/udp
  27. .B /net/tcp/clone
  28. .B /net/tcp/stats
  29. .BI /net/tcp/ n
  30. .BI /net/tcp/ n /data
  31. .BI /net/tcp/ n /ctl
  32. .BI /net/tcp/ n /local
  33. .BI /net/tcp/ n /remote
  34. .BI /net/tcp/ n /status
  35. .BI /net/tcp/ n /listen
  36. \&...
  37. .fi
  38. .SH DESCRIPTION
  39. The IP device provides the interface to Internet protocol stacks.
  40. .I Spec
  41. is an integer from 0 to 15 identifying a stack.
  42. Each stack is physically independent of all others:
  43. the only information transfer between them is via programs that
  44. mount multiple stacks.
  45. Normally a system uses only one stack.
  46. However multiple stacks can be used for debugging
  47. new IP networks or implementing firewalls or proxy
  48. services.
  49. .PP
  50. All addresses used are 16-byte IPv6 addresses. Though
  51. we currently implement only IPv4, the IPv6 format is intended to
  52. prepare the way for an IPv6 implementation. IPv4 addresses
  53. are a subset of the IPv6 addresses and both standard
  54. .SM ASCII
  55. formats
  56. are accepted. In binary, all v4 addresses start with the
  57. 12 bytes:
  58. .EX
  59. 00 00 00 00 00 00 00 00 00 00 ff ff
  60. .EE
  61. .SS "Configuring interfaces
  62. .PP
  63. Each stack may have multiple interfaces and each interface
  64. may have multiple addresses.
  65. The
  66. .B /net/ipifc
  67. directory contains a
  68. .B clone
  69. file, a
  70. .B stats
  71. file, and numbered subdirectories for each physical interface.
  72. .PP
  73. Opening the
  74. .B clone
  75. file reserves an interface.
  76. The file descriptor returned from the
  77. .IR open (2)
  78. will point to the control file,
  79. .BR ctl ,
  80. of the newly allocated interface.
  81. Reading
  82. .B ctl
  83. returns a text string representing the number of the interface.
  84. Writing
  85. .B ctl
  86. alters aspects of the interface.
  87. The possible
  88. .I ctl
  89. messages are:
  90. .TP
  91. .BI "bind ether " path
  92. Treat the device mounted at
  93. .I path
  94. as an Ethernet medium carrying IP and ARP packets
  95. and associate it with this interface.
  96. The kernel will
  97. .IR dial (2)
  98. .IR path !0x800
  99. and
  100. .IR path !0x806
  101. and use the two connections for IP and
  102. ARP respectively.
  103. .TP
  104. .B "bind pkt
  105. Treat this interface as a packet interface. Assume
  106. a user program will read and write the
  107. .I data
  108. file to receive and transmit IP packets to the kernel.
  109. This is used by programs such as
  110. .IR ppp (8)
  111. to mediate IP packet transfer between the kernel and
  112. a PPP encoded device.
  113. .TP
  114. .BI "bind netdev " path
  115. Treat this interface as a packet interface.
  116. The kernel will open
  117. .I path
  118. and read and write the resulting file descriptor
  119. to receive and transmit IP packets.
  120. .TP
  121. .BI "bind loopback "
  122. Treat this interface as a local loopback. Anything
  123. written to it will be looped back.
  124. .TP
  125. .B "unbind
  126. Disassociate the physical device from an IP interface.
  127. .TP
  128. .BI add\ "local mask remote mtu " proxy
  129. Add a local IP address to the interface. The
  130. .IR mask ,
  131. .IR remote ,
  132. .IR mtu ,
  133. and
  134. .B proxy
  135. arguments are all optional. The default mask is
  136. the class mask for the local address. The default
  137. remote address is
  138. .I local
  139. ANDed with
  140. .IR mask .
  141. The default mtu is 1514 for Ethernet and 4096 for packet
  142. media.
  143. .IR Proxy ,
  144. if specified, means that this machine should answer
  145. ARP requests for the remote address.
  146. .IR Ppp (8)
  147. does this to make remote machines appear
  148. to be connected to the local Ethernet.
  149. .TP
  150. .BI remove\ "local mask"
  151. Remove a local IP address from an interface.
  152. .TP
  153. .BI mtu\ n
  154. Set the maximum transfer unit for this device to
  155. .IR n .
  156. The mtu is the maximum size of the packet including any
  157. medium-specific headers.
  158. .TP
  159. .BI reassemble
  160. Reassemble IP fragments before forwarding to this interface
  161. .TP
  162. .BI iprouting\ n
  163. Allow
  164. .RI ( n is missing
  165. or non-zero) or disallow
  166. .RI ( n
  167. is 0) forwarding packets between this interface and
  168. others.
  169. .TP
  170. .BI addmulti\ addr
  171. Treat the multicast
  172. .I addr
  173. on this interface as a local address.
  174. .TP
  175. .BI remmulti\ addr
  176. Remove the multicast address
  177. .I addr
  178. from this interface.
  179. .PP
  180. Reading the interface's
  181. .I status
  182. file returns information about the interface, one line for each
  183. local address on that interface. The first line
  184. has 9 white-space-separated fields: device, mtu, local address,
  185. mask, remote or network address, packets in, packets out, input errors,
  186. output errors. Each subsequent line contains all but the device and mtu.
  187. See
  188. .B readipifc
  189. in
  190. .IR ip (2).
  191. .SS "Routing
  192. .PP
  193. The file
  194. .I iproute
  195. controls information about IP routing.
  196. When read, it returns one line per routing entry.
  197. Each line contains six white-space-separated fields:
  198. target address, target mask, address of next hop, flags,
  199. tag, and interface number.
  200. The entry used for routing an IP packet is the one with
  201. the longest mask for which destination address ANDed with
  202. target mask equals the target address.
  203. The one character flags are:
  204. .TP
  205. .B 4
  206. IPv4 route
  207. .TP
  208. .B 6
  209. IPv6 route
  210. .TP
  211. .B i
  212. local interface
  213. .TP
  214. .B b
  215. broadcast address
  216. .TP
  217. .B u
  218. local unicast address
  219. .TP
  220. .B m
  221. multicast route
  222. .TP
  223. .B p
  224. point-to-point route
  225. .PP
  226. The tag is an arbitrary, up to 4 character, string. It is normally used to
  227. indicate what routing protocol originated the route.
  228. .PP
  229. Writing to
  230. .B /net/iproute
  231. changes the route table. The messages are:
  232. .TP
  233. .B flush
  234. Remove all routes.
  235. .TP
  236. .BI tag\ string
  237. Associate the tag,
  238. .IR string ,
  239. with all subsequent routes added via this file descriptor.
  240. .TP
  241. .BI add\ "target mask nexthop"
  242. Add the route to the table. If one already exists with the
  243. same target and mask, replace it.
  244. .TP
  245. .BI remove\ "target mask"
  246. Remove a route with a matching target and mask.
  247. .SS "Address resolution
  248. .PP
  249. The file
  250. .B /net/arp
  251. controls information about address resolution.
  252. The kernel automatically updates the ARP information for Ethernet
  253. interfaces.
  254. When read, the file returns one line per address containing the
  255. type of medium, the status of the entry (OK, WAIT), the IP
  256. address, and the medium address.
  257. Writing to
  258. .B /net/arp
  259. administers the ARP information. The control messages are:
  260. .TP
  261. .B flush
  262. Remove all entries.
  263. .TP
  264. .BI add\ "type IP-addr Media-addr"
  265. Add an entry or replace an existing one for the
  266. same IP address.
  267. .PP
  268. ARP entries do not time out. The ARP table is a
  269. cache with an LRU replacement policy. The IP stack
  270. listens for all ARP requests and, if the requester is in
  271. the table, the entry is updated.
  272. Also, whenever a new address is configured onto an
  273. Ethernet, an ARP request is sent to help
  274. update the table on other systems.
  275. .PP
  276. Currently, the only medium type is
  277. .BR ether .
  278. .SS "Debugging and stack information
  279. .PP
  280. If any process is holding
  281. .B /net/log
  282. open, the IP stack queues debugging information to it.
  283. This is intended primarily for debugging the IP stack.
  284. The information provided is implementation-defined;
  285. see the source for details. Generally, what is returned is error messages
  286. about bad packets.
  287. .PP
  288. Writing to
  289. .B /net/log
  290. controls debugging. The control messages
  291. are:
  292. .TP
  293. .BI set\ arglist
  294. .I Arglist
  295. is a space-separated list of items for which to enable debugging.
  296. The possible items are:
  297. .BR ppp ,
  298. .BR ip ,
  299. .BR fs ,
  300. .BR tcp ,
  301. .BR il ,
  302. .BR icmp ,
  303. .BR udb ,
  304. .BR compress ,
  305. .BR ilmsg ,
  306. .BR gre ,
  307. .BR tcpmsg ,
  308. .BR udpmsg ,
  309. .BR ipmsg ,
  310. and
  311. .BR esp .
  312. .TP
  313. .BI clear\ arglist
  314. .I Arglist
  315. is a space-separated list of items for which to disable debugging.
  316. .TP
  317. .BI only\ addr
  318. If
  319. .I addr
  320. is non-zero, restrict debugging to only those
  321. packets whose source or destination is that
  322. address.
  323. .PP
  324. The file
  325. .B /net/ndb
  326. can be read or written by
  327. programs. It is normally used by
  328. .IR ipconfig (8)
  329. to leave configuration information for other programs
  330. such as
  331. .B dns
  332. and
  333. .B cs
  334. (see
  335. .IR ndb (8)).
  336. .B /net/ndb
  337. may contain up tp 1024 bytes.
  338. .PP
  339. The file
  340. .B /net/ipselftab
  341. is a read-only file containing all the IP addresses
  342. considered local. Each line in the file contains
  343. three white-space-separated fields: IP address, usage count,
  344. and flags. The usage count is the number of interfaces to which
  345. the address applies. The flags are the same as for routing
  346. entries.
  347. .SS "Protocol directories
  348. .PP
  349. The
  350. .I ip
  351. device
  352. supports IP as well as several protocols that run over it:
  353. TCP, IL, UDP, GRE, ESP, ICMP, and RUDP.
  354. TCP and UDP provide the standard Internet
  355. protocols for reliable stream and unreliable datagram
  356. communication.
  357. IL provides a reliable datagram service for communication
  358. between Plan 9 machines.
  359. GRE is a general encapsulation protocol.
  360. ESP is the encapsulation protocol for IPSEC.
  361. ICMP is IP's catch-all control protocol used to send
  362. low level error messages and to implement
  363. .IR ping (8).
  364. RUDP is a locally developed reliable datagram protocol based on
  365. UDP.
  366. .PP
  367. Each protocol is a subdirectory of the IP stack.
  368. The top level directory of each protocol contains a
  369. .B clone
  370. file, a
  371. .B stats
  372. file, and subdirectories numbered from zero to the number of connections
  373. opened for this protocol.
  374. .PP
  375. Opening the
  376. .B clone
  377. file reserves a connection. The file descriptor returned from the
  378. .IR open (2)
  379. will point to the control file,
  380. .BR ctl ,
  381. of the newly allocated connection.
  382. Reading
  383. .B ctl
  384. returns a text
  385. string representing the number of the
  386. connection.
  387. Connections may be used either to listen for incoming calls
  388. or to initiate calls to other machines.
  389. .PP
  390. A connection is controlled by writing text strings to the associated
  391. .B ctl
  392. file.
  393. After a connection has been established data may be read from
  394. and written to
  395. .BR data .
  396. A connection can be actively established using the
  397. .B connect
  398. message (see also
  399. .IR dial (2)).
  400. A connection can be established passively by first
  401. using an
  402. .B announce
  403. message (see
  404. .IR dial (2))
  405. to bind to a local port and then
  406. opening the
  407. .B listen
  408. file (see
  409. .IR dial (2))
  410. to receive incoming calls.
  411. .PP
  412. The following control messages are supported:
  413. .TP
  414. .BI connect\ ipaddress ! port "!r " local
  415. Establish a connection to the remote address
  416. .I ipaddress
  417. and remote port
  418. .IR port .
  419. If
  420. .I local
  421. is specified, it is used as the local port number.
  422. If
  423. .I local
  424. is not specified but
  425. .B !r
  426. is, the system will allocate
  427. a restricted port number (less than 1024) for the connection to allow communication
  428. with Unix
  429. .B login
  430. and
  431. .B exec
  432. services.
  433. Otherwise a free port number starting at 5000 is chosen.
  434. The connect fails if the combination of local and remote address/port pairs
  435. are already assigned to another port.
  436. .TP
  437. .BI announce\ X
  438. .I X
  439. is a decimal port number or
  440. .LR * .
  441. Set the local port
  442. number to
  443. .I X
  444. and accept calls to
  445. .IR X .
  446. If
  447. .I X
  448. is
  449. .LR * ,
  450. accept
  451. calls for any port that no process has explicitly announced.
  452. The local IP address cannot be set.
  453. .B Announce
  454. fails if the connection is already announced or connected.
  455. .TP
  456. .BI bind\ X
  457. .I X
  458. is a decimal port number or
  459. .LR * .
  460. Set the local port number to
  461. .IR X .
  462. This exists to support emulation
  463. of BSD sockets by the APE libraries (see
  464. .IR pcc (1))
  465. and is not otherwise used.
  466. .TP
  467. .BI backlog\ n
  468. Set the maximum number of unanswered (queued) incoming
  469. connections to an announced port to
  470. .IR n .
  471. By default
  472. .I n
  473. is set to five. If more than
  474. .I n
  475. connections are pending,
  476. further requests for a service will be rejected.
  477. .TP
  478. .BI ttl\ n
  479. Set the time to live IP field in outgoing packets to
  480. .IR n .
  481. .TP
  482. .BI tos\ n
  483. Set the service type IP field in outgoing packets to
  484. .IR n .
  485. .PP
  486. Port numbers must be in the range 1 to 32767.
  487. .PP
  488. Several files report the status of a
  489. connection.
  490. The
  491. .B remote
  492. and
  493. .B local
  494. files contain the IP address and port number for the remote and local side of the
  495. connection. The
  496. .B status
  497. file contains protocol-dependent information to help debug network connections.
  498. On receiving and error or EOF reading or writing the
  499. .B data
  500. file, the
  501. .B err
  502. file contains the reason for error.
  503. .PP
  504. A process may accept incoming connections by
  505. .IR open (2)ing
  506. the
  507. .B listen
  508. file.
  509. The
  510. .B open
  511. will block until a new connection request arrives.
  512. Then
  513. .B open
  514. will return an open file descriptor which points to the control file of the
  515. newly accepted connection.
  516. This procedure will accept all calls for the
  517. given protocol.
  518. See
  519. .IR dial (2).
  520. .SS TCP
  521. .PP
  522. TCP connections are reliable point-to-point byte streams; there are no
  523. message delimiters.
  524. A connection is determined by the address and port numbers of the two
  525. ends.
  526. TCP
  527. .B ctl
  528. files support the following additional messages:
  529. .TP
  530. .B hangup
  531. close down a TCP connection
  532. .TP
  533. .BI keepalive \ n
  534. turn on keep alive messages.
  535. .IR N ,
  536. if given, is the milliseconds between keepalives
  537. (default 30000).
  538. .SS UDP
  539. .PP
  540. UDP connections carry unreliable and unordered datagrams. A read from
  541. .B data
  542. will return the next datagram, discarding anything
  543. that doesn't fit in the read buffer.
  544. A write is sent as a single datagram.
  545. .PP
  546. By default, a UDP connection is a point-to-point link.
  547. Either a
  548. .B connect
  549. establishes a local and remote address/port pair or
  550. after an
  551. .BR announce ,
  552. each datagram coming from a different remote address/port pair
  553. establishes a new incoming connection.
  554. However, many-to-one semantics is also possible.
  555. .PP
  556. If, after an
  557. .BR announce ,
  558. one of the following messages is written to
  559. .BR ctl ,
  560. then all messages sent to the announced port
  561. are received on the announced connection prefixed with the given structure.
  562. .TP
  563. .B headers4
  564. .EX
  565. typedef struct Udphdr4 Udphdr4;
  566. struct Udphdr
  567. {
  568. uchar raddr[4]; /* v4 remote address and port */
  569. uchar laddr[4]; /* v4 local address and port */
  570. uchar rport[2];
  571. uchar lport[2];
  572. };
  573. .EE
  574. .TP
  575. .B headers
  576. .EX
  577. typedef struct Udphdr Udphdr;
  578. struct Udphdr
  579. {
  580. uchar raddr[16]; /* v6 remote address and port */
  581. uchar laddr[16]; /* v6 local address and port */
  582. uchar rport[2];
  583. uchar lport[2];
  584. };
  585. .EE
  586. .PP
  587. The only difference in the two is the type of address, IPv4 or IPv6.
  588. Before a write, a user must prefix a similar structure to each message.
  589. The system overrides the user specified local port with the announced
  590. one. If the user specifies an address that isn't a unicast address in
  591. .BR /net/ipselftab ,
  592. that too is overridden.
  593. Since the prefixed structure is the same in read and write, it is relatively
  594. easy to write a server that responds to client requests by just copying new
  595. data into the message body and then writing back the same buffer that was
  596. written.
  597. .SS RUDP
  598. .PP
  599. RUDP is a reliable datagram protocol based on UDP.
  600. Packets are delivered in order.
  601. RUDP does not support
  602. .BR listen .
  603. One must use either
  604. .B connect
  605. or
  606. .B announce
  607. followed immediately by
  608. .B headers
  609. or
  610. .BR headers4 .
  611. .PP
  612. Unlike IL or TCP, the reboot of one end of a connection does
  613. not force a closing of the connection. Communications will
  614. resume when the rebooted machine resumes talking. Any unacknowledged
  615. packets queued before the reboot will be lost. A reboot can
  616. be detected by reading the
  617. .B err
  618. file. It will have the message
  619. .IP
  620. .BI hangup\ address ! port
  621. .PP
  622. where
  623. .I address
  624. and
  625. .I port
  626. are of the far side of the connection.
  627. Retransmitting a datagram more than 10 times
  628. is treated like a reboot:
  629. all queued messages are dropped, an error is queued to the
  630. .B err
  631. file, and the conversation resumes.
  632. .SS IL
  633. .PP
  634. IL is a reliable point-to-point datagram protocol. Like TCP, IL delivers datagrams
  635. reliably and in order. Also like TCP, a connection is
  636. determined by the address and port numbers of the two ends.
  637. Like UDP, each read and write transfers a single datagram.
  638. .PP
  639. IL is efficient for LANs but doesn't have the
  640. congestion control features needed for use through
  641. the Internet.
  642. .SS GRE
  643. .PP
  644. GRE is the encapsulation protocol used by PPTP.
  645. The kernel implements just enough of the protocol
  646. to multiplex it.
  647. .B Announce
  648. is not allowed in GRE, only
  649. .BR connect .
  650. Since GRE has no port numbers, the port number in the connect
  651. is actually the 16 bit
  652. .B eproto
  653. field in the GRE header.
  654. .PP
  655. Reads and writes transfer a
  656. GRE datagram starting at the GRE header.
  657. On write, the kernel fills in the
  658. .B eproto
  659. field with the port number specified
  660. in the connect message.
  661. .SS ESP
  662. .PP
  663. ESP is the Encapsulating Security Payload (RFC 1827).
  664. It is used to set up an encrypted tunnel between machines.
  665. Like GRE, ESP has no port numbers. Instead, the
  666. port number in the
  667. .B connect
  668. message is the SPI (Security Association Identifier (sic)).
  669. IP packets are written to and read from
  670. .BR data .
  671. The kernel encrypts any packets written to
  672. .BR data ,
  673. appends a MAC, and prefixes an ESP header before
  674. sending to the other end of the tunnel.
  675. Received packets are checked against their MAC's,
  676. decrypted, and queued for reading from
  677. .BR data .
  678. The control messages are:
  679. .TP
  680. .BI esp\ "alg secret
  681. Encrypt with the algorithm,
  682. .IR alg ,
  683. using
  684. .I secret
  685. as the key.
  686. Possible algorithms are:
  687. .BR null ,
  688. .BR des_56_cbc ,
  689. and
  690. .BR rc4_128 .
  691. .TP
  692. .BI ah\ "alg secret
  693. Use the hash algorithm,
  694. .IR alg ,
  695. with
  696. .I secret
  697. as the key for generating the MAC.
  698. Possible algorithms are:
  699. .BR null ,
  700. .BR hmac_sha1_96 ,
  701. and
  702. .BR hmac_md5_96 .
  703. .TP
  704. .B header
  705. Turn on header mode. Every buffer read from
  706. .B data
  707. starts with 4 unsued bytes, and the first 4 bytes
  708. of every buffer written to
  709. .B data
  710. are ignored.
  711. .TP
  712. .B noheader
  713. Turn off header mode.
  714. .SS "IP packet filter
  715. .PP
  716. The directory
  717. .B /net/ipmux
  718. looks like another protocol directory.
  719. It is a packet filter built on top of IP. Each numbered
  720. subdirectory represents a different filter.
  721. The connect messages written to the
  722. .I ctl
  723. file describe the filter. Packets matching the filter can be read on the
  724. .B data
  725. file. Packets written to the
  726. .B data
  727. file are routed to an interface and transmitted.
  728. .PP
  729. A filter is a semicolon-separated list of
  730. relations. Each relation describes a portion
  731. of a packet to match. The possible relations are:
  732. .TP
  733. .BI proto= n
  734. the IP protocol number must be
  735. .IR n .
  736. .TP
  737. .BI dat[ n : m ]= expr
  738. bytes
  739. .I n
  740. through
  741. .I m
  742. following the IP packet must match
  743. .IR expr .
  744. .TP
  745. .BI ifc= expr
  746. the packet must have been received on an interface whose address
  747. matches
  748. .IR expr .
  749. .TP
  750. .BI src= expr
  751. The source address in the packet must match
  752. .IR expr .
  753. .TP
  754. .BI dst= expr
  755. The destination address in the packet must match
  756. .IR expr .
  757. .PP
  758. .I Expr
  759. is of the form:
  760. .TP
  761. .I \ value
  762. .TP
  763. .IB \ value | value | ...
  764. .TP
  765. .IB \ value & mask
  766. .TP
  767. .IB \ value | value & mask
  768. .PP
  769. If a mask is given, the relevant field is first ANDed with
  770. the mask. The result is compared against the value or list
  771. of values for a match. In the case of
  772. .BR ifc ,
  773. .BR dst ,
  774. and
  775. .B src
  776. the value is a dot-formatted IP address and the mask is a dot-formatted
  777. IP mask. In the case of
  778. .BR dat ,
  779. both value and mask are strings of 2 character hexadecimal digits representing
  780. 8 bit values.
  781. .PP
  782. A packet is delivered to only one filter.
  783. The filters are merged into a single comparison tree.
  784. If two filters match the same packet, the following
  785. rules apply in order (here '>' means is preferred to):
  786. .IP 1)
  787. protocol > data > source > destination > interface
  788. .IP 2)
  789. lower data offsets > higher data offsets
  790. .IP 3)
  791. longer matches > shorter matches
  792. .IP 4)
  793. older > younger
  794. .PP
  795. So far this has just been used to implement a version of
  796. OSPF in Inferno.
  797. .SS Statistics
  798. .PP
  799. The
  800. .B stats
  801. files are read only and contain statistics useful to network
  802. monitoring.
  803. .PP
  804. Reading
  805. .B /net/ipifc/stats
  806. returns a list of 19 tagged and new line separated fields representing:
  807. .EX
  808. .ft 1
  809. forwarding status (0 and 2 mean forwarding off, 1 means on)
  810. default TTL
  811. input packets
  812. input header errors
  813. input address errors
  814. packets forwarded
  815. input packets for unknown protocols
  816. input packets discarded
  817. input packets delivered to higher level protocols
  818. output packets
  819. output packets discarded
  820. output packets with no route
  821. timed out fragments in reassembly queue
  822. requested reassemblies
  823. successful reassemblies
  824. failed reassemblies
  825. successful fragmentations
  826. unsuccessful fragmentations
  827. fragments created
  828. .ft
  829. .EE
  830. .PP
  831. Reading
  832. .B /net/icmp/stats
  833. returns a list of 25 tagged and new line separated fields representing:
  834. .EX
  835. .ft 1
  836. messages received
  837. bad received messages
  838. unreachables received
  839. time exceededs received
  840. input parameter problems received
  841. source quenches received
  842. redirects received
  843. echo requests received
  844. echo replies received
  845. timestamps received
  846. timestamp replies received
  847. address mask requests received
  848. address mask replies received
  849. messages sent
  850. transmission errors
  851. unreachables sent
  852. time exceededs sent
  853. input parameter problems sent
  854. source quenches sent
  855. redirects sent
  856. echo requests sent
  857. echo replies sent
  858. timestamps sent
  859. timestamp replies sent
  860. address mask requests sent
  861. address mask replies sent
  862. .EE
  863. .PP
  864. Reading
  865. .B /net/tcp/stats
  866. returns a list of 11 tagged and new line separated fields representing:
  867. .EX
  868. .ft 1
  869. maximum number of connections
  870. total outgoing calls
  871. total incoming calls
  872. number of established connections to be reset
  873. number of currently established connections
  874. segments received
  875. segments sent
  876. segments retransmitted
  877. retransmit timeouts
  878. bad received segments
  879. transmission failures
  880. .EE
  881. .PP
  882. Reading
  883. .B /net/udp/stats
  884. returns a list of 4 tagged and new line separated fields representing:
  885. .EX
  886. .ft 1
  887. datagrams received
  888. datagrams received for bad ports
  889. malformed datagrams received
  890. datagrams sent
  891. .EE
  892. .PP
  893. Reading
  894. .B /net/il/stats
  895. returns a list of 7 tagged and new line separated fields representing:
  896. .EX
  897. .ft 1
  898. checksum errors
  899. header length errors
  900. out of order messages
  901. retransmitted messages
  902. duplicate messages
  903. duplicate bytes
  904. .EE
  905. .PP
  906. Reading
  907. .B /net/gre/stats
  908. returns a list of 1 tagged number representing:
  909. .EX
  910. .ft 1
  911. header length errors
  912. .EE
  913. .SH "SEE ALSO"
  914. .IR listen (8),
  915. .IR dial (2),
  916. .IR ndb (6)
  917. .SH SOURCE
  918. .B /sys/src/9/ip
  919. .SH BUGS
  920. .I Ipmux
  921. has not been heavily used and should be considered experimental.
  922. It may disappear in favor of a more traditional packet filter in the future.