1
0

ip 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929
  1. .TH IP 3
  2. .SH NAME
  3. ip \- network protocols over IP
  4. .SH SYNOPSIS
  5. .nf
  6. .B bind -a #I\fIspec\fP /net
  7. .B /net/ipifc
  8. .B /net/ipifc/clone
  9. .B /net/ipifc/stats
  10. .BI /net/ipifc/ n
  11. .BI /net/ipifc/ n /status
  12. .BI /net/ipifc/ n /ctl
  13. \&...
  14. .B /net/arp
  15. .B /net/log
  16. .B /net/ndb
  17. .B /net/iproute
  18. .B /net/ipselftab
  19. .B /net/esp
  20. .B /net/gre
  21. .B /net/icmp
  22. .B /net/il
  23. .B /net/ipmux
  24. .B /net/rudp
  25. .B /net/tcp
  26. .B /net/udp
  27. .B /net/tcp/clone
  28. .B /net/tcp/stats
  29. .BI /net/tcp/ n
  30. .BI /net/tcp/ n /data
  31. .BI /net/tcp/ n /ctl
  32. .BI /net/tcp/ n /local
  33. .BI /net/tcp/ n /remote
  34. .BI /net/tcp/ n /status
  35. .BI /net/tcp/ n /listen
  36. \&...
  37. .fi
  38. .SH DESCRIPTION
  39. The IP device provides the interface to Internet protocol stacks.
  40. .I Spec
  41. is an integer from 0 to 15 identifying a stack.
  42. Each stack is physically independent of all others:
  43. the only information transfer between them is via programs that
  44. mount multiple stacks.
  45. Normally a system uses only one stack.
  46. However multiple stacks can be used for debugging
  47. new IP networks or implementing firewalls or proxy
  48. services.
  49. .PP
  50. All addresses used are 16-byte IPv6 addresses. Though
  51. we currently implement only IPv4, the IPv6 format is intended to
  52. prepare the way for an IPv6 implementation. IPv4 addresses
  53. are a subset of the IPv6 addresses and both standard
  54. .SM ASCII
  55. formats
  56. are accepted. In binary, all v4 addresses start with the
  57. 12 bytes:
  58. .EX
  59. 00 00 00 00 00 00 00 00 00 00 ff ff
  60. .EE
  61. .SS "Configuring interfaces
  62. .PP
  63. Each stack may have multiple interfaces and each interface
  64. may have multiple addresses.
  65. The
  66. .B /net/ipifc
  67. directory contains a
  68. .B clone
  69. file, a
  70. .B stats
  71. file, and numbered subdirectories for each physical interface.
  72. .PP
  73. Opening the
  74. .B clone
  75. file reserves an interface.
  76. The file descriptor returned from the
  77. .IR open (2)
  78. will point to the control file,
  79. .BR ctl ,
  80. of the newly allocated interface.
  81. Reading
  82. .B ctl
  83. returns a text string representing the number of the interface.
  84. Writing
  85. .B ctl
  86. alters aspects of the interface.
  87. The possible
  88. .I ctl
  89. messages are:
  90. .TP
  91. .BI "bind ether " path
  92. Treat the device mounted at
  93. .I path
  94. as an Ethernet medium carrying IP and ARP packets
  95. and associate it with this interface.
  96. The kernel will
  97. .IR dial (2)
  98. .IR path !0x800
  99. and
  100. .IR path !0x806
  101. and use the two connections for IP and
  102. ARP respectively.
  103. .TP
  104. .B "bind pkt
  105. Treat this interface as a packet interface. Assume
  106. a user program will read and write the
  107. .I data
  108. file to receive and transmit IP packets to the kernel.
  109. This is used by programs such as
  110. .IR ppp (8)
  111. to mediate IP packet transfer between the kernel and
  112. a PPP encoded device.
  113. .TP
  114. .BI "bind netdev " path
  115. Treat this interface as a packet interface.
  116. The kernel will open
  117. .I path
  118. and read and write the resulting file descriptor
  119. to receive and transmit IP packets.
  120. .TP
  121. .BI "bind loopback "
  122. Treat this interface as a local loopback. Anything
  123. written to it will be looped back.
  124. .TP
  125. .B "unbind
  126. Disassociate the physical device from an IP interface.
  127. .TP
  128. .BI add\ "local mask remote mtu " proxy
  129. Add a local IP address to the interface. The
  130. .IR mask ,
  131. .IR remote ,
  132. .IR mtu ,
  133. and
  134. .B proxy
  135. arguments are all optional. The default mask is
  136. the class mask for the local address. The default
  137. remote address is
  138. .I local
  139. ANDed with
  140. .IR mask .
  141. The default mtu is 1514 for Ethernet and 4096 for packet
  142. media.
  143. .IR Proxy ,
  144. if specified, means that this machine should answer
  145. ARP requests for the remote address.
  146. .IR Ppp (8)
  147. does this to make remote machines appear
  148. to be connected to the local Ethernet.
  149. .TP
  150. .BI remove\ "local mask"
  151. Remove a local IP address from an interface.
  152. .TP
  153. .BI mtu\ n
  154. Set the maximum transfer unit for this device to
  155. .IR n .
  156. The mtu is the maximum size of the packet including any
  157. medium-specific headers.
  158. .TP
  159. .BI reassemble
  160. Reassemble IP fragments before forwarding to this interface
  161. .TP
  162. .BI iprouting\ n
  163. Allow
  164. .RI ( n is missing
  165. or non-zero) or disallow
  166. .RI ( n
  167. is 0) forwarding packets between this interface and
  168. others.
  169. .TP
  170. .BI addmulti\ addr
  171. Treat the multicast
  172. .I addr
  173. on this interface as a local address.
  174. .TP
  175. .BI remmulti\ addr
  176. Remove the multicast address
  177. .I addr
  178. from this interface.
  179. .PP
  180. Reading the interface's
  181. .I status
  182. file returns information about the interface, one line for each
  183. local address on that interface. The first line
  184. has 9 white-space-separated fields: device, mtu, local address,
  185. mask, remote or network address, packets in, packets out, input errors,
  186. output errors. Each subsequent line contains all but the device and mtu.
  187. See
  188. .B readipifc
  189. in
  190. .IR ip (2).
  191. .SS "Routing
  192. .PP
  193. The file
  194. .I iproute
  195. controls information about IP routing.
  196. When read, it returns one line per routing entry.
  197. Each line contains six white-space-separated fields:
  198. target address, target mask, address of next hop, flags,
  199. tag, and interface number.
  200. The entry used for routing an IP packet is the one with
  201. the longest mask for which destination address ANDed with
  202. target mask equals the target address.
  203. The one character flags are:
  204. .TP
  205. .B 4
  206. IPv4 route
  207. .TP
  208. .B 6
  209. IPv6 route
  210. .TP
  211. .B i
  212. local interface
  213. .TP
  214. .B b
  215. broadcast address
  216. .TP
  217. .B u
  218. local unicast address
  219. .TP
  220. .B m
  221. multicast route
  222. .TP
  223. .B p
  224. point-to-point route
  225. .PP
  226. The tag is an arbitrary, up to 4 character, string. It is normally used to
  227. indicate what routing protocol originated the route.
  228. .PP
  229. Writing to
  230. .B /net/iproute
  231. changes the route table. The messages are:
  232. .TP
  233. .B flush
  234. Remove all routes.
  235. .TP
  236. .BI tag\ string
  237. Associate the tag,
  238. .IR string ,
  239. with all subsequent routes added via this file descriptor.
  240. .TP
  241. .BI add\ "target mask nexthop"
  242. Add the route to the table. If one already exists with the
  243. same target and mask, replace it.
  244. .TP
  245. .BI remove\ "target mask"
  246. Remove a route with a matching target and mask.
  247. .SS "Address resolution
  248. .PP
  249. The file
  250. .B /net/arp
  251. controls information about address resolution.
  252. The kernel automatically updates the ARP information for Ethernet
  253. interfaces.
  254. When read, the file returns one line per address containing the
  255. type of medium, the status of the entry (OK, WAIT), the IP
  256. address, and the medium address.
  257. Writing to
  258. .B /net/arp
  259. administers the ARP information. The control messages are:
  260. .TP
  261. .B flush
  262. Remove all entries.
  263. .TP
  264. .BI add\ "type IP-addr Media-addr"
  265. Add an entry or replace an existing one for the
  266. same IP address.
  267. .TP
  268. .BI del\ "IP-addr"
  269. Delete an individual entry.
  270. .PP
  271. ARP entries do not time out. The ARP table is a
  272. cache with an LRU replacement policy. The IP stack
  273. listens for all ARP requests and, if the requester is in
  274. the table, the entry is updated.
  275. Also, whenever a new address is configured onto an
  276. Ethernet, an ARP request is sent to help
  277. update the table on other systems.
  278. .PP
  279. Currently, the only medium type is
  280. .BR ether .
  281. .SS "Debugging and stack information
  282. .PP
  283. If any process is holding
  284. .B /net/log
  285. open, the IP stack queues debugging information to it.
  286. This is intended primarily for debugging the IP stack.
  287. The information provided is implementation-defined;
  288. see the source for details. Generally, what is returned is error messages
  289. about bad packets.
  290. .PP
  291. Writing to
  292. .B /net/log
  293. controls debugging. The control messages
  294. are:
  295. .TP
  296. .BI set\ arglist
  297. .I Arglist
  298. is a space-separated list of items for which to enable debugging.
  299. The possible items are:
  300. .BR ppp ,
  301. .BR ip ,
  302. .BR fs ,
  303. .BR tcp ,
  304. .BR il ,
  305. .BR icmp ,
  306. .BR udb ,
  307. .BR compress ,
  308. .BR ilmsg ,
  309. .BR gre ,
  310. .BR tcpmsg ,
  311. .BR udpmsg ,
  312. .BR ipmsg ,
  313. and
  314. .BR esp .
  315. .TP
  316. .BI clear\ arglist
  317. .I Arglist
  318. is a space-separated list of items for which to disable debugging.
  319. .TP
  320. .BI only\ addr
  321. If
  322. .I addr
  323. is non-zero, restrict debugging to only those
  324. packets whose source or destination is that
  325. address.
  326. .PP
  327. The file
  328. .B /net/ndb
  329. can be read or written by
  330. programs. It is normally used by
  331. .IR ipconfig (8)
  332. to leave configuration information for other programs
  333. such as
  334. .B dns
  335. and
  336. .B cs
  337. (see
  338. .IR ndb (8)).
  339. .B /net/ndb
  340. may contain up tp 1024 bytes.
  341. .PP
  342. The file
  343. .B /net/ipselftab
  344. is a read-only file containing all the IP addresses
  345. considered local. Each line in the file contains
  346. three white-space-separated fields: IP address, usage count,
  347. and flags. The usage count is the number of interfaces to which
  348. the address applies. The flags are the same as for routing
  349. entries.
  350. .SS "Protocol directories
  351. .PP
  352. The
  353. .I ip
  354. device
  355. supports IP as well as several protocols that run over it:
  356. TCP, IL, UDP, GRE, ESP, ICMP, and RUDP.
  357. TCP and UDP provide the standard Internet
  358. protocols for reliable stream and unreliable datagram
  359. communication.
  360. IL provides a reliable datagram service for communication
  361. between Plan 9 machines.
  362. GRE is a general encapsulation protocol.
  363. ESP is the encapsulation protocol for IPSEC.
  364. ICMP is IP's catch-all control protocol used to send
  365. low level error messages and to implement
  366. .IR ping (8).
  367. RUDP is a locally developed reliable datagram protocol based on
  368. UDP.
  369. .PP
  370. Each protocol is a subdirectory of the IP stack.
  371. The top level directory of each protocol contains a
  372. .B clone
  373. file, a
  374. .B stats
  375. file, and subdirectories numbered from zero to the number of connections
  376. opened for this protocol.
  377. .PP
  378. Opening the
  379. .B clone
  380. file reserves a connection. The file descriptor returned from the
  381. .IR open (2)
  382. will point to the control file,
  383. .BR ctl ,
  384. of the newly allocated connection.
  385. Reading
  386. .B ctl
  387. returns a text
  388. string representing the number of the
  389. connection.
  390. Connections may be used either to listen for incoming calls
  391. or to initiate calls to other machines.
  392. .PP
  393. A connection is controlled by writing text strings to the associated
  394. .B ctl
  395. file.
  396. After a connection has been established data may be read from
  397. and written to
  398. .BR data .
  399. A connection can be actively established using the
  400. .B connect
  401. message (see also
  402. .IR dial (2)).
  403. A connection can be established passively by first
  404. using an
  405. .B announce
  406. message (see
  407. .IR dial (2))
  408. to bind to a local port and then
  409. opening the
  410. .B listen
  411. file (see
  412. .IR dial (2))
  413. to receive incoming calls.
  414. .PP
  415. The following control messages are supported:
  416. .TP
  417. .BI connect\ ipaddress ! port "!r " local
  418. Establish a connection to the remote address
  419. .I ipaddress
  420. and remote port
  421. .IR port .
  422. If
  423. .I local
  424. is specified, it is used as the local port number.
  425. If
  426. .I local
  427. is not specified but
  428. .B !r
  429. is, the system will allocate
  430. a restricted port number (less than 1024) for the connection to allow communication
  431. with Unix
  432. .B login
  433. and
  434. .B exec
  435. services.
  436. Otherwise a free port number starting at 5000 is chosen.
  437. The connect fails if the combination of local and remote address/port pairs
  438. are already assigned to another port.
  439. .TP
  440. .BI announce\ X
  441. .I X
  442. is a decimal port number or
  443. .LR * .
  444. Set the local port
  445. number to
  446. .I X
  447. and accept calls to
  448. .IR X .
  449. If
  450. .I X
  451. is
  452. .LR * ,
  453. accept
  454. calls for any port that no process has explicitly announced.
  455. The local IP address cannot be set.
  456. .B Announce
  457. fails if the connection is already announced or connected.
  458. .TP
  459. .BI bind\ X
  460. .I X
  461. is a decimal port number or
  462. .LR * .
  463. Set the local port number to
  464. .IR X .
  465. This exists to support emulation
  466. of BSD sockets by the APE libraries (see
  467. .IR pcc (1))
  468. and is not otherwise used.
  469. .TP
  470. .BI backlog\ n
  471. Set the maximum number of unanswered (queued) incoming
  472. connections to an announced port to
  473. .IR n .
  474. By default
  475. .I n
  476. is set to five. If more than
  477. .I n
  478. connections are pending,
  479. further requests for a service will be rejected.
  480. .TP
  481. .BI ttl\ n
  482. Set the time to live IP field in outgoing packets to
  483. .IR n .
  484. .TP
  485. .BI tos\ n
  486. Set the service type IP field in outgoing packets to
  487. .IR n .
  488. .PP
  489. Port numbers must be in the range 1 to 32767.
  490. .PP
  491. Several files report the status of a
  492. connection.
  493. The
  494. .B remote
  495. and
  496. .B local
  497. files contain the IP address and port number for the remote and local side of the
  498. connection. The
  499. .B status
  500. file contains protocol-dependent information to help debug network connections.
  501. On receiving and error or EOF reading or writing the
  502. .B data
  503. file, the
  504. .B err
  505. file contains the reason for error.
  506. .PP
  507. A process may accept incoming connections by
  508. .IR open (2)ing
  509. the
  510. .B listen
  511. file.
  512. The
  513. .B open
  514. will block until a new connection request arrives.
  515. Then
  516. .B open
  517. will return an open file descriptor which points to the control file of the
  518. newly accepted connection.
  519. This procedure will accept all calls for the
  520. given protocol.
  521. See
  522. .IR dial (2).
  523. .SS TCP
  524. .PP
  525. TCP connections are reliable point-to-point byte streams; there are no
  526. message delimiters.
  527. A connection is determined by the address and port numbers of the two
  528. ends.
  529. TCP
  530. .B ctl
  531. files support the following additional messages:
  532. .TP
  533. .B hangup
  534. close down a TCP connection
  535. .TP
  536. .BI keepalive \ n
  537. turn on keep alive messages.
  538. .IR N ,
  539. if given, is the milliseconds between keepalives
  540. (default 30000).
  541. .SS UDP
  542. .PP
  543. UDP connections carry unreliable and unordered datagrams. A read from
  544. .B data
  545. will return the next datagram, discarding anything
  546. that doesn't fit in the read buffer.
  547. A write is sent as a single datagram.
  548. .PP
  549. By default, a UDP connection is a point-to-point link.
  550. Either a
  551. .B connect
  552. establishes a local and remote address/port pair or
  553. after an
  554. .BR announce ,
  555. each datagram coming from a different remote address/port pair
  556. establishes a new incoming connection.
  557. However, many-to-one semantics is also possible.
  558. .PP
  559. If, after an
  560. .BR announce ,
  561. one of the following messages is written to
  562. .BR ctl ,
  563. then all messages sent to the announced port
  564. are received on the announced connection prefixed with the given structure.
  565. .TP
  566. .B headers4
  567. .EX
  568. typedef struct Udphdr4 Udphdr4;
  569. struct Udphdr
  570. {
  571. uchar raddr[4]; /* v4 remote address and port */
  572. uchar laddr[4]; /* v4 local address and port */
  573. uchar rport[2];
  574. uchar lport[2];
  575. };
  576. .EE
  577. .TP
  578. .B headers
  579. .EX
  580. typedef struct Udphdr Udphdr;
  581. struct Udphdr
  582. {
  583. uchar raddr[16]; /* v6 remote address and port */
  584. uchar laddr[16]; /* v6 local address and port */
  585. uchar rport[2];
  586. uchar lport[2];
  587. };
  588. .EE
  589. .PP
  590. The only difference in the two is the type of address, IPv4 or IPv6.
  591. Before a write, a user must prefix a similar structure to each message.
  592. The system overrides the user specified local port with the announced
  593. one. If the user specifies an address that isn't a unicast address in
  594. .BR /net/ipselftab ,
  595. that too is overridden.
  596. Since the prefixed structure is the same in read and write, it is relatively
  597. easy to write a server that responds to client requests by just copying new
  598. data into the message body and then writing back the same buffer that was
  599. written.
  600. .SS RUDP
  601. .PP
  602. RUDP is a reliable datagram protocol based on UDP.
  603. Packets are delivered in order.
  604. RUDP does not support
  605. .BR listen .
  606. One must use either
  607. .B connect
  608. or
  609. .B announce
  610. followed immediately by
  611. .B headers
  612. or
  613. .BR headers4 .
  614. .PP
  615. Unlike IL or TCP, the reboot of one end of a connection does
  616. not force a closing of the connection. Communications will
  617. resume when the rebooted machine resumes talking. Any unacknowledged
  618. packets queued before the reboot will be lost. A reboot can
  619. be detected by reading the
  620. .B err
  621. file. It will have the message
  622. .IP
  623. .BI hangup\ address ! port
  624. .PP
  625. where
  626. .I address
  627. and
  628. .I port
  629. are of the far side of the connection.
  630. Retransmitting a datagram more than 10 times
  631. is treated like a reboot:
  632. all queued messages are dropped, an error is queued to the
  633. .B err
  634. file, and the conversation resumes.
  635. .SS IL
  636. .PP
  637. IL is a reliable point-to-point datagram protocol. Like TCP, IL delivers datagrams
  638. reliably and in order. Also like TCP, a connection is
  639. determined by the address and port numbers of the two ends.
  640. Like UDP, each read and write transfers a single datagram.
  641. .PP
  642. IL is efficient for LANs but doesn't have the
  643. congestion control features needed for use through
  644. the Internet.
  645. .SS GRE
  646. .PP
  647. GRE is the encapsulation protocol used by PPTP.
  648. The kernel implements just enough of the protocol
  649. to multiplex it.
  650. .B Announce
  651. is not allowed in GRE, only
  652. .BR connect .
  653. Since GRE has no port numbers, the port number in the connect
  654. is actually the 16 bit
  655. .B eproto
  656. field in the GRE header.
  657. .PP
  658. Reads and writes transfer a
  659. GRE datagram starting at the GRE header.
  660. On write, the kernel fills in the
  661. .B eproto
  662. field with the port number specified
  663. in the connect message.
  664. .SS ESP
  665. .PP
  666. ESP is the Encapsulating Security Payload (RFC 1827).
  667. It is used to set up an encrypted tunnel between machines.
  668. Like GRE, ESP has no port numbers. Instead, the
  669. port number in the
  670. .B connect
  671. message is the SPI (Security Association Identifier (sic)).
  672. IP packets are written to and read from
  673. .BR data .
  674. The kernel encrypts any packets written to
  675. .BR data ,
  676. appends a MAC, and prefixes an ESP header before
  677. sending to the other end of the tunnel.
  678. Received packets are checked against their MAC's,
  679. decrypted, and queued for reading from
  680. .BR data .
  681. The control messages are:
  682. .TP
  683. .BI esp\ "alg secret
  684. Encrypt with the algorithm,
  685. .IR alg ,
  686. using
  687. .I secret
  688. as the key.
  689. Possible algorithms are:
  690. .BR null ,
  691. .BR des_56_cbc ,
  692. and
  693. .BR rc4_128 .
  694. .TP
  695. .BI ah\ "alg secret
  696. Use the hash algorithm,
  697. .IR alg ,
  698. with
  699. .I secret
  700. as the key for generating the MAC.
  701. Possible algorithms are:
  702. .BR null ,
  703. .BR hmac_sha1_96 ,
  704. and
  705. .BR hmac_md5_96 .
  706. .TP
  707. .B header
  708. Turn on header mode. Every buffer read from
  709. .B data
  710. starts with 4 unsued bytes, and the first 4 bytes
  711. of every buffer written to
  712. .B data
  713. are ignored.
  714. .TP
  715. .B noheader
  716. Turn off header mode.
  717. .SS "IP packet filter
  718. .PP
  719. The directory
  720. .B /net/ipmux
  721. looks like another protocol directory.
  722. It is a packet filter built on top of IP. Each numbered
  723. subdirectory represents a different filter.
  724. The connect messages written to the
  725. .I ctl
  726. file describe the filter. Packets matching the filter can be read on the
  727. .B data
  728. file. Packets written to the
  729. .B data
  730. file are routed to an interface and transmitted.
  731. .PP
  732. A filter is a semicolon-separated list of
  733. relations. Each relation describes a portion
  734. of a packet to match. The possible relations are:
  735. .TP
  736. .BI proto= n
  737. the IP protocol number must be
  738. .IR n .
  739. .TP
  740. .BI dat[ n : m ]= expr
  741. bytes
  742. .I n
  743. through
  744. .I m
  745. following the IP packet must match
  746. .IR expr .
  747. .TP
  748. .BI ifc= expr
  749. the packet must have been received on an interface whose address
  750. matches
  751. .IR expr .
  752. .TP
  753. .BI src= expr
  754. The source address in the packet must match
  755. .IR expr .
  756. .TP
  757. .BI dst= expr
  758. The destination address in the packet must match
  759. .IR expr .
  760. .PP
  761. .I Expr
  762. is of the form:
  763. .TP
  764. .I \ value
  765. .TP
  766. .IB \ value | value | ...
  767. .TP
  768. .IB \ value & mask
  769. .TP
  770. .IB \ value | value & mask
  771. .PP
  772. If a mask is given, the relevant field is first ANDed with
  773. the mask. The result is compared against the value or list
  774. of values for a match. In the case of
  775. .BR ifc ,
  776. .BR dst ,
  777. and
  778. .B src
  779. the value is a dot-formatted IP address and the mask is a dot-formatted
  780. IP mask. In the case of
  781. .BR dat ,
  782. both value and mask are strings of 2 character hexadecimal digits representing
  783. 8 bit values.
  784. .PP
  785. A packet is delivered to only one filter.
  786. The filters are merged into a single comparison tree.
  787. If two filters match the same packet, the following
  788. rules apply in order (here '>' means is preferred to):
  789. .IP 1)
  790. protocol > data > source > destination > interface
  791. .IP 2)
  792. lower data offsets > higher data offsets
  793. .IP 3)
  794. longer matches > shorter matches
  795. .IP 4)
  796. older > younger
  797. .PP
  798. So far this has just been used to implement a version of
  799. OSPF in Inferno.
  800. .SS Statistics
  801. .PP
  802. The
  803. .B stats
  804. files are read only and contain statistics useful to network
  805. monitoring.
  806. .PP
  807. Reading
  808. .B /net/ipifc/stats
  809. returns a list of 19 tagged and new line separated fields representing:
  810. .EX
  811. .ft 1
  812. forwarding status (0 and 2 mean forwarding off, 1 means on)
  813. default TTL
  814. input packets
  815. input header errors
  816. input address errors
  817. packets forwarded
  818. input packets for unknown protocols
  819. input packets discarded
  820. input packets delivered to higher level protocols
  821. output packets
  822. output packets discarded
  823. output packets with no route
  824. timed out fragments in reassembly queue
  825. requested reassemblies
  826. successful reassemblies
  827. failed reassemblies
  828. successful fragmentations
  829. unsuccessful fragmentations
  830. fragments created
  831. .ft
  832. .EE
  833. .PP
  834. Reading
  835. .B /net/icmp/stats
  836. returns a list of 25 tagged and new line separated fields representing:
  837. .EX
  838. .ft 1
  839. messages received
  840. bad received messages
  841. unreachables received
  842. time exceededs received
  843. input parameter problems received
  844. source quenches received
  845. redirects received
  846. echo requests received
  847. echo replies received
  848. timestamps received
  849. timestamp replies received
  850. address mask requests received
  851. address mask replies received
  852. messages sent
  853. transmission errors
  854. unreachables sent
  855. time exceededs sent
  856. input parameter problems sent
  857. source quenches sent
  858. redirects sent
  859. echo requests sent
  860. echo replies sent
  861. timestamps sent
  862. timestamp replies sent
  863. address mask requests sent
  864. address mask replies sent
  865. .EE
  866. .PP
  867. Reading
  868. .B /net/tcp/stats
  869. returns a list of 11 tagged and new line separated fields representing:
  870. .EX
  871. .ft 1
  872. maximum number of connections
  873. total outgoing calls
  874. total incoming calls
  875. number of established connections to be reset
  876. number of currently established connections
  877. segments received
  878. segments sent
  879. segments retransmitted
  880. retransmit timeouts
  881. bad received segments
  882. transmission failures
  883. .EE
  884. .PP
  885. Reading
  886. .B /net/udp/stats
  887. returns a list of 4 tagged and new line separated fields representing:
  888. .EX
  889. .ft 1
  890. datagrams received
  891. datagrams received for bad ports
  892. malformed datagrams received
  893. datagrams sent
  894. .EE
  895. .PP
  896. Reading
  897. .B /net/il/stats
  898. returns a list of 7 tagged and new line separated fields representing:
  899. .EX
  900. .ft 1
  901. checksum errors
  902. header length errors
  903. out of order messages
  904. retransmitted messages
  905. duplicate messages
  906. duplicate bytes
  907. .EE
  908. .PP
  909. Reading
  910. .B /net/gre/stats
  911. returns a list of 1 tagged number representing:
  912. .EX
  913. .ft 1
  914. header length errors
  915. .EE
  916. .SH "SEE ALSO"
  917. .IR listen (8),
  918. .IR dial (2),
  919. .IR ndb (6)
  920. .SH SOURCE
  921. .B /sys/src/9/ip
  922. .SH BUGS
  923. .I Ipmux
  924. has not been heavily used and should be considered experimental.
  925. It may disappear in favor of a more traditional packet filter in the future.