ip 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092
  1. .TH IP 3
  2. .SH NAME
  3. ip \- network protocols over IP
  4. .SH SYNOPSIS
  5. .nf
  6. .2C
  7. .B bind -a #I\fIspec\fP /net
  8. .B /net/ipifc
  9. .B /net/ipifc/clone
  10. .B /net/ipifc/stats
  11. .BI /net/ipifc/ n
  12. .BI /net/ipifc/ n /status
  13. .BI /net/ipifc/ n /ctl
  14. \&...
  15. .B /net/arp
  16. .B /net/bootp
  17. .B /net/iproute
  18. .B /net/ipselftab
  19. .B /net/log
  20. .B /net/ndb
  21. .B /net/esp
  22. .B /net/gre
  23. .B /net/icmp
  24. .B /net/icmpv6
  25. .B /net/il
  26. .B /net/ipmux
  27. .B /net/rudp
  28. .B /net/tcp
  29. .B /net/udp
  30. .B /net/tcp/clone
  31. .B /net/tcp/stats
  32. .BI /net/tcp/ n
  33. .BI /net/tcp/ n /data
  34. .BI /net/tcp/ n /ctl
  35. .BI /net/tcp/ n /local
  36. .BI /net/tcp/ n /remote
  37. .BI /net/tcp/ n /status
  38. .BI /net/tcp/ n /listen
  39. \&...
  40. .1C
  41. .fi
  42. .SH DESCRIPTION
  43. The IP device provides the interface to Internet protocol stacks.
  44. .I Spec
  45. is an integer from 0 to 15 identifying a stack.
  46. Each stack is independent of all others:
  47. the only information transfer between them is via programs that
  48. mount multiple stacks.
  49. Normally a system uses only one stack.
  50. However multiple stacks can be used for debugging
  51. new IP networks or implementing firewalls or proxy
  52. services.
  53. .PP
  54. All addresses used are 16-byte IPv6 addresses.
  55. We implement IPv4 and IPv6.
  56. IPv4 addresses are a subset of the IPv6 addresses and both standard
  57. .SM ASCII
  58. formats are accepted.
  59. In binary representation, all v4 addresses start with the 12 bytes, in hex:
  60. .IP
  61. .EX
  62. 00 00 00 00 00 00 00 00 00 00 ff ff
  63. .EE
  64. .SS "Configuring interfaces
  65. .PP
  66. Each stack may have multiple interfaces and each interface
  67. may have multiple addresses.
  68. The
  69. .B /net/ipifc
  70. directory contains a
  71. .B clone
  72. file, a
  73. .B stats
  74. file, and numbered subdirectories for each physical interface.
  75. .PP
  76. Opening the
  77. .B clone
  78. file reserves an interface.
  79. The file descriptor returned from the
  80. .IR open (2)
  81. will point to the control file,
  82. .BR ctl ,
  83. of the newly allocated interface.
  84. Reading
  85. .B ctl
  86. returns a text string representing the number of the interface.
  87. Writing
  88. .B ctl
  89. alters aspects of the interface.
  90. The possible
  91. .I ctl
  92. messages are:
  93. .\" .TF "bind loopback"
  94. .TF "bind netdev"
  95. .PD
  96. .TP
  97. .BI "bind ether " path
  98. Treat the device mounted at
  99. .I path
  100. as an Ethernet medium carrying IP and ARP packets
  101. and associate it with this interface.
  102. The kernel will
  103. .IR dial (2)
  104. .IR path !0x800
  105. and
  106. .IR path !0x806
  107. and use the two connections for IP and
  108. ARP respectively.
  109. .TP
  110. .B "bind pkt
  111. Treat this interface as a packet interface. Assume
  112. a user program will read and write the
  113. .I data
  114. file to receive and transmit IP packets to the kernel.
  115. This is used by programs such as
  116. .IR ppp (8)
  117. to mediate IP packet transfer between the kernel and
  118. a PPP encoded device.
  119. .TP
  120. .BI "bind netdev " path
  121. Treat this interface as a packet interface.
  122. The kernel will open
  123. .I path
  124. and read and write the resulting file descriptor
  125. to receive and transmit IP packets.
  126. .TP
  127. .BI "bind loopback "
  128. Treat this interface as a local loopback. Anything
  129. written to it will be looped back.
  130. .TP
  131. .B "unbind
  132. Disassociate the physical device from an IP interface.
  133. .TP
  134. .BI add\ "local mask remote mtu " proxy
  135. .PD 0
  136. .TP
  137. .BI try\ "local mask remote mtu " proxy
  138. .PD
  139. Add a local IP address to the interface.
  140. .I try
  141. adds the local address as a tentative address
  142. if it's an IPv6 address.
  143. The
  144. .IR mask ,
  145. .IR remote ,
  146. .IR mtu ,
  147. and
  148. .B proxy
  149. arguments are all optional. The default mask is
  150. the class mask for the local address. The default
  151. remote address is
  152. .I local
  153. ANDed with
  154. .IR mask .
  155. The default mtu is 1514 for Ethernet and 4096 for packet
  156. media.
  157. .IR Proxy ,
  158. if specified, means that this machine should answer
  159. ARP requests for the remote address.
  160. .IR Ppp (8)
  161. does this to make remote machines appear
  162. to be connected to the local Ethernet.
  163. .TP
  164. .BI remove\ "local mask"
  165. Remove a local IP address from an interface.
  166. .TP
  167. .BI mtu\ n
  168. Set the maximum transfer unit for this device to
  169. .IR n .
  170. The mtu is the maximum size of the packet including any
  171. medium-specific headers.
  172. .TP
  173. .BI reassemble
  174. Reassemble IP fragments before forwarding to this interface
  175. .TP
  176. .BI iprouting\ n
  177. Allow
  178. .RI ( n
  179. is missing or non-zero) or disallow
  180. .RI ( n
  181. is 0) forwarding packets between this interface and
  182. others.
  183. .TP
  184. .BI addmulti\ addr
  185. Treat the multicast
  186. .I addr
  187. on this interface as a local address.
  188. .TP
  189. .BI remmulti\ addr
  190. Remove the multicast address
  191. .I addr
  192. from this interface.
  193. .TP
  194. .BI "add6 " "v6addr pfx-len [onlink auto validlt preflt]"
  195. Add the local IPv6 address
  196. .I v6addr
  197. with prefix length
  198. .I pfx-len
  199. to this interface.
  200. See RFC 2461 §6.2.1 for more detail.
  201. The remaining arguments are optional:
  202. .RS
  203. .TF onlink
  204. .TP
  205. .I onlink
  206. flag: address is `on-link'
  207. .TP
  208. .I auto
  209. flag: autonomous
  210. .TP
  211. .I validlt
  212. valid life-time in seconds
  213. .TP
  214. .I preflt
  215. preferred life-time in seconds
  216. .RE
  217. .PD
  218. .TP
  219. .BI "ra6 " "keyword value ..."
  220. Set IPv6 router advertisement (RA) parameter
  221. .IR keyword 's
  222. .IR value .
  223. Known
  224. .IR keyword s
  225. and the meanings of their values follow.
  226. See RFC 2461 §6.2.1 for more detail.
  227. Flags are true iff non-zero.
  228. .RS
  229. .TF minraint
  230. .TP
  231. .B recvra
  232. flag: receive and process RAs.
  233. .TP
  234. .B sendra
  235. flag: generate and send RAs.
  236. .TP
  237. .B mflag
  238. flag: ``Managed address configuration'',
  239. goes into RAs.
  240. .TP
  241. .B oflag
  242. flag: ``Other stateful configuration'',
  243. goes into RAs.
  244. .TP
  245. .B maxraint
  246. ``maximum time allowed between sending unsolicited multicast''
  247. RAs from the interface, in ms.
  248. .TP
  249. .B minraint
  250. ``minimum time allowed between sending unsolicited multicast''
  251. RAs from the interface, in ms.
  252. .TP
  253. .B linkmtu
  254. ``value to be placed in MTU options sent by the router.''
  255. Zero indicates none.
  256. .TP
  257. .B reachtime
  258. sets the Reachable Time field in RAs sent by the router.
  259. ``Zero means unspecified (by this router).''
  260. .TP
  261. .B rxmitra
  262. sets the Retrans Timer field in RAs sent by the router.
  263. ``Zero means unspecified (by this router).''
  264. .TP
  265. .B ttl
  266. default value of the Cur Hop Limit field in RAs sent by the router.
  267. Should be set to the ``current diameter of the Internet.''
  268. ``Zero means unspecified (by this router).''
  269. .TP
  270. .B routerlt
  271. sets the Router Lifetime field of RAs sent from the interface, in ms.
  272. Zero means the router is not to be used as a default router.
  273. .PD
  274. .RE
  275. .PP
  276. Reading the interface's
  277. .I status
  278. file returns information about the interface, one line for each
  279. local address on that interface. The first line
  280. has 9 white-space-separated fields: device, mtu, local address,
  281. mask, remote or network address, packets in, packets out, input errors,
  282. output errors. Each subsequent line contains all but the device and mtu.
  283. See
  284. .B readipifc
  285. in
  286. .IR ip (2).
  287. .SS "Routing
  288. .PP
  289. The file
  290. .I iproute
  291. controls information about IP routing.
  292. When read, it returns one line per routing entry.
  293. Each line contains six white-space-separated fields:
  294. target address, target mask, address of next hop, flags,
  295. tag, and interface number.
  296. The entry used for routing an IP packet is the one with
  297. the longest mask for which destination address ANDed with
  298. target mask equals the target address.
  299. The one character flags are:
  300. .TP
  301. .B 4
  302. IPv4 route
  303. .TP
  304. .B 6
  305. IPv6 route
  306. .TP
  307. .B i
  308. local interface
  309. .TP
  310. .B b
  311. broadcast address
  312. .TP
  313. .B u
  314. local unicast address
  315. .TP
  316. .B m
  317. multicast route
  318. .TP
  319. .B p
  320. point-to-point route
  321. .PP
  322. The tag is an arbitrary, up to 4 character, string. It is normally used to
  323. indicate what routing protocol originated the route.
  324. .PP
  325. Writing to
  326. .B /net/iproute
  327. changes the route table. The messages are:
  328. .TP
  329. .B flush
  330. Remove all routes.
  331. .TP
  332. .BI tag\ string
  333. Associate the tag,
  334. .IR string ,
  335. with all subsequent routes added via this file descriptor.
  336. .TP
  337. .BI add\ "target mask nexthop"
  338. Add the route to the table. If one already exists with the
  339. same target and mask, replace it.
  340. .TP
  341. .BI remove\ "target mask"
  342. Remove a route with a matching target and mask.
  343. .SS "Address resolution
  344. .PP
  345. The file
  346. .B /net/arp
  347. controls information about address resolution.
  348. The kernel automatically updates the ARP information for Ethernet
  349. interfaces.
  350. When read, the file returns one line per address containing the
  351. type of medium, the status of the entry (OK, WAIT), the IP
  352. address, and the medium address.
  353. Writing to
  354. .B /net/arp
  355. administers the ARP information. The control messages are:
  356. .TP
  357. .B flush
  358. Remove all entries.
  359. .TP
  360. .BI add\ "type IP-addr Media-addr"
  361. Add an entry or replace an existing one for the
  362. same IP address.
  363. .TP
  364. .BI del\ "IP-addr"
  365. Delete an individual entry.
  366. .PP
  367. ARP entries do not time out. The ARP table is a
  368. cache with an LRU replacement policy. The IP stack
  369. listens for all ARP requests and, if the requester is in
  370. the table, the entry is updated.
  371. Also, whenever a new address is configured onto an
  372. Ethernet, an ARP request is sent to help
  373. update the table on other systems.
  374. .PP
  375. Currently, the only medium type is
  376. .BR ether .
  377. .SS "Debugging and stack information
  378. .PP
  379. If any process is holding
  380. .B /net/log
  381. open, the IP stack queues debugging information to it.
  382. This is intended primarily for debugging the IP stack.
  383. The information provided is implementation-defined;
  384. see the source for details. Generally, what is returned is error messages
  385. about bad packets.
  386. .PP
  387. Writing to
  388. .B /net/log
  389. controls debugging. The control messages
  390. are:
  391. .TP
  392. .BI set\ arglist
  393. .I Arglist
  394. is a space-separated list of items for which to enable debugging.
  395. The possible items are:
  396. .BR ppp ,
  397. .BR ip ,
  398. .BR fs ,
  399. .BR tcp ,
  400. .BR il ,
  401. .BR icmp ,
  402. .BR udb ,
  403. .BR compress ,
  404. .BR ilmsg ,
  405. .BR gre ,
  406. .BR tcpmsg ,
  407. .BR udpmsg ,
  408. .BR ipmsg ,
  409. and
  410. .BR esp .
  411. .TP
  412. .BI clear\ arglist
  413. .I Arglist
  414. is a space-separated list of items for which to disable debugging.
  415. .TP
  416. .BI only\ addr
  417. If
  418. .I addr
  419. is non-zero, restrict debugging to only those
  420. packets whose source or destination is that
  421. address.
  422. .PP
  423. The file
  424. .B /net/ndb
  425. can be read or written by
  426. programs. It is normally used by
  427. .IR ipconfig (8)
  428. to leave configuration information for other programs
  429. such as
  430. .B dns
  431. and
  432. .B cs
  433. (see
  434. .IR ndb (8)).
  435. .B /net/ndb
  436. may contain up to 1024 bytes.
  437. .PP
  438. The file
  439. .B /net/ipselftab
  440. is a read-only file containing all the IP addresses
  441. considered local. Each line in the file contains
  442. three white-space-separated fields: IP address, usage count,
  443. and flags. The usage count is the number of interfaces to which
  444. the address applies. The flags are the same as for routing
  445. entries.
  446. .br
  447. .ne 3
  448. .SS "Protocol directories
  449. .PP
  450. The
  451. .I ip
  452. device
  453. supports IP as well as several protocols that run over it:
  454. TCP, UDP, RUDP, ICMP, IL, GRE, and ESP.
  455. TCP and UDP provide the standard Internet
  456. protocols for reliable stream and unreliable datagram
  457. communication.
  458. RUDP is a locally developed reliable datagram protocol based on
  459. UDP.
  460. ICMP is IP's catch-all control protocol used to send
  461. low level error messages and to implement
  462. .IR ping (8).
  463. IL provides a reliable datagram service for communication
  464. between Plan 9 machines but is now deprecated.
  465. GRE is a general encapsulation protocol.
  466. ESP is the encapsulation protocol for IPSEC.
  467. .PP
  468. Each protocol is a subdirectory of the IP stack.
  469. The top level directory of each protocol contains a
  470. .B clone
  471. file, a
  472. .B stats
  473. file, and subdirectories numbered from zero to the number of connections
  474. opened for this protocol.
  475. .PP
  476. Opening the
  477. .B clone
  478. file reserves a connection. The file descriptor returned from the
  479. .IR open (2)
  480. will point to the control file,
  481. .BR ctl ,
  482. of the newly allocated connection.
  483. Reading
  484. .B ctl
  485. returns a text
  486. string representing the number of the
  487. connection.
  488. Connections may be used either to listen for incoming calls
  489. or to initiate calls to other machines.
  490. .PP
  491. A connection is controlled by writing text strings to the associated
  492. .B ctl
  493. file.
  494. After a connection has been established data may be read from
  495. and written to
  496. .BR data .
  497. A connection can be actively established using the
  498. .B connect
  499. message (see also
  500. .IR dial (2)).
  501. A connection can be established passively by first
  502. using an
  503. .B announce
  504. message (see
  505. .IR dial (2))
  506. to bind to a local port and then
  507. opening the
  508. .B listen
  509. file (see
  510. .IR dial (2))
  511. to receive incoming calls.
  512. .PP
  513. The following control messages are supported:
  514. .TF "bind X"
  515. .PD
  516. .TP
  517. .BI connect\ ipaddress ! port "!r " local
  518. Establish a connection to the remote address
  519. .I ipaddress
  520. and remote port
  521. .IR port .
  522. If
  523. .I local
  524. is specified, it is used as the local port number.
  525. If
  526. .I local
  527. is not specified but
  528. .B !r
  529. is, the system will allocate
  530. a restricted port number (less than 1024) for the connection to allow communication
  531. with Unix
  532. .B login
  533. and
  534. .B exec
  535. services.
  536. Otherwise a free port number starting at 5000 is chosen.
  537. The connect fails if the combination of local and remote address/port pairs
  538. are already assigned to another port.
  539. .TP
  540. .BI announce\ X
  541. .I X
  542. is a decimal port number or
  543. .LR * .
  544. Set the local port
  545. number to
  546. .I X
  547. and accept calls to
  548. .IR X .
  549. If
  550. .I X
  551. is
  552. .LR * ,
  553. accept
  554. calls for any port that no process has explicitly announced.
  555. The local IP address cannot be set.
  556. .B Announce
  557. fails if the connection is already announced or connected.
  558. .TP
  559. .BI bind\ X
  560. .I X
  561. is a decimal port number or
  562. .LR * .
  563. Set the local port number to
  564. .IR X .
  565. This exists to support emulation
  566. of BSD sockets by the APE libraries (see
  567. .IR pcc (1))
  568. and is not otherwise used.
  569. .TP
  570. .BI backlog\ n
  571. Set the maximum number of unanswered (queued) incoming
  572. connections to an announced port to
  573. .IR n .
  574. By default
  575. .I n
  576. is set to five. If more than
  577. .I n
  578. connections are pending,
  579. further requests for a service will be rejected.
  580. .TP
  581. .BI ttl\ n
  582. Set the time to live IP field in outgoing packets to
  583. .IR n .
  584. .TP
  585. .BI tos\ n
  586. Set the service type IP field in outgoing packets to
  587. .IR n .
  588. .PP
  589. Port numbers must be in the range 1 to 32767.
  590. .PP
  591. Several files report the status of a
  592. connection.
  593. The
  594. .B remote
  595. and
  596. .B local
  597. files contain the IP address and port number for the remote and local side of the
  598. connection. The
  599. .B status
  600. file contains protocol-dependent information to help debug network connections.
  601. On receiving and error or EOF reading or writing the
  602. .B data
  603. file, the
  604. .B err
  605. file contains the reason for error.
  606. .PP
  607. A process may accept incoming connections by
  608. .IR open (2)ing
  609. the
  610. .B listen
  611. file.
  612. The
  613. .B open
  614. will block until a new connection request arrives.
  615. Then
  616. .B open
  617. will return an open file descriptor which points to the control file of the
  618. newly accepted connection.
  619. This procedure will accept all calls for the
  620. given protocol.
  621. See
  622. .IR dial (2).
  623. .SS TCP
  624. .PP
  625. TCP connections are reliable point-to-point byte streams; there are no
  626. message delimiters.
  627. A connection is determined by the address and port numbers of the two
  628. ends.
  629. TCP
  630. .B ctl
  631. files support the following additional messages:
  632. .TP
  633. .B hangup
  634. close down a TCP connection
  635. .TP
  636. .BI keepalive \ n
  637. turn on keep alive messages.
  638. .IR N ,
  639. if given, is the milliseconds between keepalives
  640. (default 30000).
  641. .SS UDP
  642. .PP
  643. UDP connections carry unreliable and unordered datagrams. A read from
  644. .B data
  645. will return the next datagram, discarding anything
  646. that doesn't fit in the read buffer.
  647. A write is sent as a single datagram.
  648. .PP
  649. By default, a UDP connection is a point-to-point link.
  650. Either a
  651. .B connect
  652. establishes a local and remote address/port pair or
  653. after an
  654. .BR announce ,
  655. each datagram coming from a different remote address/port pair
  656. establishes a new incoming connection.
  657. However, many-to-one semantics is also possible.
  658. .PP
  659. If, after an
  660. .BR announce ,
  661. one of the following messages is written to
  662. .BR ctl ,
  663. then all messages sent to the announced port
  664. are received on the announced connection prefixed
  665. with the corresponding structure,
  666. declared in
  667. .BR <ip.h> .
  668. .TP
  669. .B headers
  670. .EX
  671. typedef struct Udphdr Udphdr;
  672. struct Udphdr
  673. {
  674. uchar raddr[16]; /* V6 remote address and port */
  675. uchar laddr[16]; /* V6 local address and port */
  676. uchar ifcaddr[16]; /* V6 interface address (receive only) */
  677. uchar rport[2]; /* remote port */
  678. uchar lport[2]; /* local port */
  679. };
  680. .EE
  681. .TP
  682. .B oldheaders
  683. .EX
  684. typedef struct OUdphdr OUdphdr;
  685. struct OUdphdr
  686. {
  687. uchar raddr[16]; /* V6 remote address and port */
  688. uchar laddr[16]; /* V6 local address and port */
  689. uchar rport[2]; /* remote port */
  690. uchar lport[2]; /* local port */
  691. };
  692. .EE
  693. .PP
  694. .L oldheaders
  695. is now seriously obsolete and will vanish soon.
  696. .PP
  697. Before a write, a user must prefix a similar structure to each message.
  698. The system overrides the user specified local port with the announced
  699. one. If the user specifies an address that isn't a unicast address in
  700. .BR /net/ipselftab ,
  701. that too is overridden.
  702. Since the prefixed structure is the same in read and write, it is relatively
  703. easy to write a server that responds to client requests by just copying new
  704. data into the message body and then writing back the same buffer that was
  705. read.
  706. .PP
  707. In this case (writing
  708. .L headers
  709. or
  710. .L noheaders
  711. to the
  712. .I ctl
  713. file),
  714. no
  715. .I listen
  716. nor
  717. .I accept
  718. is needed;
  719. otherwise,
  720. the usual sequence of
  721. .IR announce ,
  722. .IR listen ,
  723. .I accept
  724. must be executed before performing I/O on the corresponding
  725. .I data
  726. file.
  727. .SS RUDP
  728. .PP
  729. RUDP is a reliable datagram protocol based on UDP.
  730. Packets are delivered in order.
  731. RUDP does not support
  732. .BR listen .
  733. One must use either
  734. .B connect
  735. or
  736. .B announce
  737. followed immediately by
  738. .BR headers .
  739. .PP
  740. Unlike IL or TCP, the reboot of one end of a connection does
  741. not force a closing of the connection. Communications will
  742. resume when the rebooted machine resumes talking. Any unacknowledged
  743. packets queued before the reboot will be lost. A reboot can
  744. be detected by reading the
  745. .B err
  746. file. It will have the message
  747. .IP
  748. .BI hangup\ address ! port
  749. .PP
  750. where
  751. .I address
  752. and
  753. .I port
  754. are of the far side of the connection.
  755. Retransmitting a datagram more than 10 times
  756. is treated like a reboot:
  757. all queued messages are dropped, an error is queued to the
  758. .B err
  759. file, and the conversation resumes.
  760. .SS ICMP
  761. .PP
  762. ICMP is a datagram protocol used to exchange control requests and
  763. their responses with other machines' IP implementations.
  764. ICMP is primarily a kernel-to-kernel protocol, but it is possible
  765. to generate `echo request' packets from user programs.
  766. .SS IL
  767. .PP
  768. IL is a reliable point-to-point datagram protocol. Like TCP, IL delivers datagrams
  769. reliably and in order. Also like TCP, a connection is
  770. determined by the address and port numbers of the two ends.
  771. Like UDP, each read and write transfers a single datagram.
  772. .PP
  773. IL is efficient for LANs but doesn't have the
  774. congestion control features needed for use through
  775. the Internet.
  776. It is no longer necessary, except to communicate with old standalone
  777. .IR fs (4)
  778. file servers.
  779. Its use is now deprecated.
  780. .SS GRE
  781. .PP
  782. GRE is the encapsulation protocol used by PPTP.
  783. The kernel implements just enough of the protocol
  784. to multiplex it.
  785. .B Announce
  786. is not allowed in GRE, only
  787. .BR connect .
  788. Since GRE has no port numbers, the port number in the connect
  789. is actually the 16 bit
  790. .B eproto
  791. field in the GRE header.
  792. .PP
  793. Reads and writes transfer a
  794. GRE datagram starting at the GRE header.
  795. On write, the kernel fills in the
  796. .B eproto
  797. field with the port number specified
  798. in the connect message.
  799. .SS ESP
  800. .PP
  801. ESP is the Encapsulating Security Payload (RFC 1827).
  802. It is used to set up an encrypted tunnel between machines.
  803. Like GRE, ESP has no port numbers. Instead, the
  804. port number in the
  805. .B connect
  806. message is the SPI (Security Association Identifier (sic)).
  807. IP packets are written to and read from
  808. .BR data .
  809. The kernel encrypts any packets written to
  810. .BR data ,
  811. appends a MAC, and prefixes an ESP header before
  812. sending to the other end of the tunnel.
  813. Received packets are checked against their MAC's,
  814. decrypted, and queued for reading from
  815. .BR data .
  816. The control messages are:
  817. .TF "alg secret"
  818. .PD
  819. .TP
  820. .BI esp\ "alg secret
  821. Encrypt with the algorithm,
  822. .IR alg ,
  823. using
  824. .I secret
  825. as the key.
  826. Possible algorithms are:
  827. .BR null ,
  828. .BR des_56_cbc ,
  829. and
  830. .BR rc4_128 .
  831. .TP
  832. .BI ah\ "alg secret
  833. Use the hash algorithm,
  834. .IR alg ,
  835. with
  836. .I secret
  837. as the key for generating the MAC.
  838. Possible algorithms are:
  839. .BR null ,
  840. .BR hmac_sha1_96 ,
  841. and
  842. .BR hmac_md5_96 .
  843. .TP
  844. .B header
  845. Turn on header mode. Every buffer read from
  846. .B data
  847. starts with 4 unused bytes, and the first 4 bytes
  848. of every buffer written to
  849. .B data
  850. are ignored.
  851. .TP
  852. .B noheader
  853. Turn off header mode.
  854. .SS "IP packet filter
  855. .PP
  856. The directory
  857. .B /net/ipmux
  858. looks like another protocol directory.
  859. It is a packet filter built on top of IP. Each numbered
  860. subdirectory represents a different filter.
  861. The connect messages written to the
  862. .I ctl
  863. file describe the filter. Packets matching the filter can be read on the
  864. .B data
  865. file. Packets written to the
  866. .B data
  867. file are routed to an interface and transmitted.
  868. .PP
  869. A filter is a semicolon-separated list of
  870. relations. Each relation describes a portion
  871. of a packet to match. The possible relations are:
  872. .TF "ifc=expr"
  873. .PD
  874. .TP
  875. .BI proto= n
  876. the IP protocol number must be
  877. .IR n .
  878. .TP
  879. .BI dat[ n : m ]= expr
  880. bytes
  881. .I n
  882. through
  883. .I m
  884. following the IP packet must match
  885. .IR expr .
  886. .TP
  887. .BI ifc= expr
  888. the packet must have been received on an interface whose address
  889. matches
  890. .IR expr .
  891. .TP
  892. .BI src= expr
  893. The source address in the packet must match
  894. .IR expr .
  895. .TP
  896. .BI dst= expr
  897. The destination address in the packet must match
  898. .IR expr .
  899. .PP
  900. .I Expr
  901. is of the form:
  902. .TP
  903. .I \ value
  904. .TP
  905. .IB \ value | value | ...
  906. .TP
  907. .IB \ value & mask
  908. .TP
  909. .IB \ value | value & mask
  910. .PP
  911. If a mask is given, the relevant field is first ANDed with
  912. the mask. The result is compared against the value or list
  913. of values for a match. In the case of
  914. .BR ifc ,
  915. .BR dst ,
  916. and
  917. .B src
  918. the value is a dot-formatted IP address and the mask is a dot-formatted
  919. IP mask. In the case of
  920. .BR dat ,
  921. both value and mask are strings of 2 character hexadecimal digits representing
  922. 8 bit values.
  923. .PP
  924. A packet is delivered to only one filter.
  925. The filters are merged into a single comparison tree.
  926. If two filters match the same packet, the following
  927. rules apply in order (here '>' means is preferred to):
  928. .IP 1)
  929. protocol > data > source > destination > interface
  930. .IP 2)
  931. lower data offsets > higher data offsets
  932. .IP 3)
  933. longer matches > shorter matches
  934. .IP 4)
  935. older > younger
  936. .PP
  937. So far this has just been used to implement a version of
  938. OSPF in Inferno.
  939. .SS Statistics
  940. .PP
  941. The
  942. .B stats
  943. files are read only and contain statistics useful to network
  944. monitoring.
  945. .PP
  946. Reading
  947. .B /net/ipifc/stats
  948. returns a list of 19 tagged and new line separated fields representing:
  949. .EX
  950. .ft 1
  951. .2C
  952. .in +0.25i
  953. forwarding status (0 and 2 mean forwarding off,
  954. 1 means on)
  955. default TTL
  956. input packets
  957. input header errors
  958. input address errors
  959. packets forwarded
  960. input packets for unknown protocols
  961. input packets discarded
  962. input packets delivered to higher level protocols
  963. output packets
  964. output packets discarded
  965. output packets with no route
  966. timed out fragments in reassembly queue
  967. requested reassemblies
  968. successful reassemblies
  969. failed reassemblies
  970. successful fragmentations
  971. unsuccessful fragmentations
  972. fragments created
  973. .in -0.25i
  974. .1C
  975. .ft
  976. .EE
  977. .PP
  978. Reading
  979. .B /net/icmp/stats
  980. returns a list of 25 tagged and new line separated fields representing:
  981. .EX
  982. .ft 1
  983. .2C
  984. .in +0.25i
  985. messages received
  986. bad received messages
  987. unreachables received
  988. time exceededs received
  989. input parameter problems received
  990. source quenches received
  991. redirects received
  992. echo requests received
  993. echo replies received
  994. timestamps received
  995. timestamp replies received
  996. address mask requests received
  997. address mask replies received
  998. messages sent
  999. transmission errors
  1000. unreachables sent
  1001. time exceededs sent
  1002. input parameter problems sent
  1003. source quenches sent
  1004. redirects sent
  1005. echo requests sent
  1006. echo replies sent
  1007. timestamps sent
  1008. timestamp replies sent
  1009. address mask requests sent
  1010. address mask replies sent
  1011. .in -0.25i
  1012. .1C
  1013. .EE
  1014. .PP
  1015. Reading
  1016. .B /net/tcp/stats
  1017. returns a list of 11 tagged and new line separated fields representing:
  1018. .EX
  1019. .ft 1
  1020. .2C
  1021. .in +0.25i
  1022. maximum number of connections
  1023. total outgoing calls
  1024. total incoming calls
  1025. number of established connections to be reset
  1026. number of currently established connections
  1027. segments received
  1028. segments sent
  1029. segments retransmitted
  1030. retransmit timeouts
  1031. bad received segments
  1032. transmission failures
  1033. .in -0.25i
  1034. .1C
  1035. .EE
  1036. .PP
  1037. Reading
  1038. .B /net/udp/stats
  1039. returns a list of 4 tagged and new line separated fields representing:
  1040. .EX
  1041. .ft 1
  1042. .2C
  1043. .in +0.25i
  1044. datagrams received
  1045. datagrams received for bad ports
  1046. malformed datagrams received
  1047. datagrams sent
  1048. .in -0.25i
  1049. .1C
  1050. .EE
  1051. .PP
  1052. Reading
  1053. .B /net/il/stats
  1054. returns a list of 7 tagged and new line separated fields representing:
  1055. .EX
  1056. .ft 1
  1057. .2C
  1058. .in +0.25i
  1059. checksum errors
  1060. header length errors
  1061. out of order messages
  1062. retransmitted messages
  1063. duplicate messages
  1064. duplicate bytes
  1065. .in -0.25i
  1066. .1C
  1067. .EE
  1068. .PP
  1069. Reading
  1070. .B /net/gre/stats
  1071. returns a list of 1 tagged number representing:
  1072. .EX
  1073. .ft 1
  1074. .in +0.25i
  1075. header length errors
  1076. .in -0.25i
  1077. .EE
  1078. .SH "SEE ALSO"
  1079. .IR dial (2),
  1080. .IR ip (2),
  1081. .IR ndb (6),
  1082. .IR listen (8)
  1083. .SH SOURCE
  1084. .B /sys/src/9/ip
  1085. .SH BUGS
  1086. .I Ipmux
  1087. has not been heavily used and should be considered experimental.
  1088. It may disappear in favor of a more traditional packet filter in the future.