Linux Network Configuration-3

Nov. 20th, 2015 05:07 pm
oio11: (Default)
[personal profile] oio11
inetd/xinetd: Network Socket Listener Daemons:
The network listening daemons listen and respond to all network socket connections made on the TCP/IP ports assigned to it. The ports are defined by the file /etc/services. When a connection is made, the listener will attempt to invoke the assigned program and pipe the data to it. This simplified matters by allowing the assigned program to read from stdin instead of making its own sockets connection. The listener handles the network socket connection. Two network listening and management daemons have been used in Red Hat Linux distributions:
  • inetd: Red Hat 6.x and older
  • xinetd: Red Hat 7.0-9.0, Fedora
inetd:
Configuration file: /etc/inetd.conf
Entries in this file consist of a single line made up of the following fields: 

        service socket-type protocol wait user server cmdline
  • service: The name assigned to the service. Matches the name given in the file /etc/services
  • socket-type:
    • stream: connection protocols (TCP)
    • dgram: datagram protocols (UDP)
    • raw
    • rdm
    • seqpacket
  • protocol: Transport protocol name which matches a name in the file /etc/protocols. i.e. udp, icmp, tcp, rpc/udp, rpc/tcp, ip, ipv6
  • wait: Applies only to datagram protocols (UDP).
    • wait[.max]: One server for the specified port at any time (RPC)
    • nowait[.max]: Continue to listen and launch new services if a new connection is made. (multi-threaded)
    Max refers to the maximum number of server instances spawned in 60 seconds. (default=40)
  • user[.group]: login id of the user the process is executed under. Often nobody, root or a special restricted id for that service.
  • server: Full path name of the server program to be executed.
  • cmdline: Command line to be passed to the server. This includes argument 0 (argv[0]), that is the command name. This field is empty for internal services. Example of internal TCP services: echo, discard, chargen (character generator), daytime (human readable time), and time (machine readable time). (see RFC)
Sample File: /etc/inetd.conf

#echo   stream  tcp     nowait  root    internal
#echo   dgram   udp     wait    root    internal

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  in.ftpd -l -a
#pop-3   stream  tcp     nowait  root    /usr/sbin/tcpd ipop3d
#swat      stream  tcp     nowait.400      root /usr/sbin/swat swat
A line may be commented out by using a '#' as the first character in the line. This will turn the service off. The maximum length of a line is 1022 characters.
The inet daemon must be restarted to pick up the changes made to the file:
/etc/rc.d/init.d/inetd restart
For more information see the man pages "inetd" and "inetd.conf".
xinetd: Extended Internet Services Daemon:
Xinetd has access control mechanisms, logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, redirect services to different ports and network interfaces (NIC) or even to a different server, chroot a service etc... and thus a worthy upgrade from inetd.
Use the command chkconfig --list to view all system services and their state. It will also list all network services controlled by xinetd and their respective state under the title "xinetd based services". (Works for xinetd (RH7.0+) but not inetd)
The xinetd network daemon uses PAM also called network wrappers which invoke the /etc/hosts.allow and /etc/hosts.deny files.
Configuration file: /etc/xinetd.conf which in turn uses configuration files found in the directory /etc/xinetd.d/.
To turn a network service on or off:
  • Edit the file /etc/xinetd.d/service-name
    Set the disable value:
    disable = yes
    or
    disable = no
    Restart the xinetd process using the signal:
    • SIGUSR1 (kill -SIGUSR1 process-id) - Soft reconfiguration does not terminate existing connections. (Important if you are connected remotely)
    • SIGUSR2 - Hard reconfiguration stops and restarts the xinetd process.
    (Note: Using the HUP signal will terminate the process.)
    OR
  • Use the chkconfig command: chkconfig service-name on
    (or off)
    This command will also restart the xinetd process to pick up the new configuration.
The file contains entries of the form:

      service service-name
      {
         attribute  assignment-operator value value ...
         ...
      {
Where:
  • attribute:
    • disable:
      • yes
      • no
    • type:
      • RPC
      • INTERNAL:
      • UNLISTED: Not found in /etc/rpc or /etc/services
    • id: By default the service id is the same as the service name.
    • socket_type:
      • stream: TCP
      • dgram: UDP
      • raw: Direct IP access
      • seqpacket: service that requires reliable sequential datagram transmission
    • flags: Combination of: REUSE, INTERCEPT, NORETRY, IDONLY, NAMEINARGS, NODELAY, DISABLE, KEEPALIVE, NOLIBWRAP.
      See the xinetd man page for details.
    • protocol: Transport protocol name which matches a name in the file /etc/protocols.
    • wait:
      • no: multi-threaded
      • yes: single-threaded - One server for the specified port at any time (RPC)
    • user: See file : /etc/passwd
    • group: See file : /etc/group
    • server: Program to execute and receive data stream from socket. (Fully qualified name - full path name of program)
    • server_args: Unlike inetd, arg[0] or the name of the service is not passed.
    • only_from: IP address, factorized address, netmask range, hostname or network name from file /etc/networks.
    • no_access: Deny from ... (inverse of only_from)
    • access_times
    • port: See file /etc/services
    Also: log_type, log_on_success, log_on_failure (Log options: += PID,HOST,USERID,EXIT,DURATION,ATTEMPT and RECORD), rpc_version, rpc_number, env, passenv, redirect, bind, interface, banner, banner_success, banner_fail, per_source, cps, max_load, groups, enabled, include, includedir, rlimit_as, rlimit_cpu, rlimit_data, rlimit_rss, rlimit_stack.
    The best source of information is the man page and its many examples.
  • assignment-operator:
    • =
    • +=: add a value to the set of values
    • -=: delete a value from the set of values
Then restart the daemon: /etc/rc.d/init.d/xinetd restart
Example from man page: Limit telnet sessions to 8 Mbytes of memory and a total 20 CPU seconds for child processes.

service telnet
{
      socket_type         = stream
      wait                = no
      nice                = 10
      user                = root
      server              = /usr/etc/in.telnetd
      rlimit_as           = 8M
      rlimit_cpu          = 20
}
[Pitfall] Red Hat 7.1 with updates as of 07/06/2001 required that I restart the xinetd services before FTP would work properly even though xinetd had started without failure during the boot sequence. I have no explanation as to why this occurs or how to fix it other than to restart xinetd: /etc/rc.d/init.d/xinetd restart.
Man Pages:
For more info see:
Remote commands: rcp, rsh, rlogin, rwho, ...
Most of the original Unix remote commands have been superceded by secure shell equivalents. Instead of telnet, rsh or rlogin, one should use the encrypted connection ssh.
  • telnet - user interface to the TELNET protocol
  • rlogin - remote login
  • rsh - remote shell to execute a command and return results
  • uux - Remote command execution over UUCP
  • rcp - remote file copy
  • uucp - Unix to Unix copy
    uuxqt - UUCP execution daemon
    uucico - UUCP file transfer daemon
    cu - Call up another system (cu is an old legacy command which is reported to not work very well)
See the YoLinux.com secure shell tutorial for use of ssh, rssh, scp and sftp
RWHO: Remote Who daemon - rwhod
The "rwho" command is used to display users logged into computers on your LAN.
By default, Red Hat Linux has the network interface to the rwhod disabled. Thus if one issues the command "rwho", you will only see who is logged into the system you are logged into and not remote systems on the network. This is a safe approach for internet servers as it reduces the exposure of a service which could be exploited by hackers. If you wish to use rwhod on a local private and firewall protected network, here is how:
Allow broadcast capabilities. Edit /etc/init.d/rwhod
change from: daemon rwhod
to: daemon rwhod -b
Start service:
  • Set service to start with system boot: chkconfig --level 345 rwhod on
  • Start rwhod service: service rwhod start
    (or: service rwhod restart)
Man pages:
  • rwho: who is logged in on local network machines
  • rwhod: system status server
  • who: show who is logged on to the same system
RPC: Remote Procedure Calls (Portmapper)
Portmapper is a network service required to support RPC's. Many services such as NFS (file sharing services) and NIS (Network Information Services) require portmapper.
An RPC server makes available a collection of procedures (programs) that a client system may call and then receive the returned results. The list of services available is listed in /etc/rpc on the server. The message communication is in a machine independent form called XDR (External Data Representation format).
List RPC services supported: [root]# rpcinfo -p localhost
Starting portmap server:
  • /etc/rc.d/init.d/portmap start
  • service portmap start (Red Hat/Fedora)
Man Pages:
  • portmap - DARPA port to RPC program number mapper
  • rpcinfo - report RPC information
  • pmap_dump - print a list of all registered RPC programs
  • pmap_set - set the list of registered RPC programs
  • /etc/rpc - rpc program number data base
PAM: Network Wrappers:
Pluggable Authentication Modules for Linux (TCP Wrappers)
This system allows or denies network access. One can reject or allow specific IP addresses or subnets to access your system.
File: /etc/hosts.allow

   in.ftpd:208.188.34.105
This specifically allows the given IP address to ftp to your system. One can also specify an entire domain. i.e. .name-of-domain.com
Note the beginning ".".
File: /etc/hosts.deny

   ALL:ALL
This generally denies any access.
File: /etc/inetd.conf

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  in.ftpd -l -a
The inet daemon accepts the incoming network stream and assigns it to the PAM TCP wrapper, /usr/sbin/tcpd, which accepts or denies the network connection as defined by /etc/hosts.allow and /etc/hosts.deny and then passes it along to ftp. This is logged to /var/log/secure
Advanced PAM: More specific access can be assigned and controlled by controlling the level of authentication required for access.
Files reflect the inet service name. Rules and modules are stacked to achieve the level of security desired.
See the files in /etc/pam.d/... (some systems use /etc/pam.conf)
The format: service type control module-path module-arguments
  • auth - (type) Password is required for the user
    • nullok - Null or non-existent password is acceptable
    • shadow - encrypted passwords kept in /etc/shadow
  • account - (type) Verifies password. Can track and force password changes.
  • password - (type) Controls password update
    • retry=3 - Sets the number of login attempts
    • minlen=8 - Set minimum length of password
  • session - (type) Controls monitoring
Modules:
  • /lib/security/pam_pwdb.so - password database module
  • /lib/security/pam_shells.so -
  • /lib/security/pam_cracklib.so - checks is password is crackable
  • /lib/security/pam_listfile.so
After re-configuration, restart the inet daemon: killall -HUP inetd
For more info see:
ICMP:
ICMP is the network protocol used by the ping and traceroute commands.
ICMP redirect packets are sent from the router to the host to inform the host of a better route. To enable ICMP redirect, add the following line to /etc/sysctl.conf :

net.ipv4.conf.all.accept_redirects = 1
Add the following to the file: /etc/rc.d/rc.local

for f in /proc/sys/net/ipv4/conf/*/accept_redirects
do
   echo 1 > $f 
done
Command to view Kernel IP routing cache: /sbin/route -Cn
NOTE: This may leave you vulnerable to hackers as attackers may alter your routes.
Blocking ICMP and look invisible to ping:
The following firewall rules will drop ICMP requests.
Iptables: 

iptables -A OUTPUT -p icmp -d 0/0 -j DROP
Ipchains: 

ipchains -A output -p icmp -d 0/0 -j DENY
OR drop all incoming pings: 

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
This is sometimes necessary to look invisible to DOS (Denial Of Service) attackers who use ping to watch your machine and launch an attack when it's presence is detected
Traffic Control (TC) and TC New Generation (TCNG):

TC:

Install:
  • Ubuntu/Debian: apt-get install iproute
  • Red Hat/CentOS/Fedora: yum install iproute
Description:
The Linux Kernel is capable of controlling bandwidth peaks, traffic prioritization and scheduling and if necessary, dropping excess traffic, all using the traffic control command "tc" to manage a set of queues (default queue: pfifo_fast).
Bandwidth control is called traffic shaping. This is often done to avoid exceeding the bandwidth when sending traffic to a particular device such as a wireless modem during peak network bursts.
Traffic prioritization includes reordering network packets so that certain traffic is guarenteed to be sent by a given time.
Packet dropping can be performed on ingress and egress packets to achieve a desired bandwidth.
Examples: limit data rate to 4 Mbps so that data rate does not exceed the capability of a wireless networking device:
  • tc class add dev eth1 parent 1:0 classid 1:1 htb rate 4.0mbit prio 0
    Create main class 1:1 with the assigned datarate 4 Mbit/sec
  • tc filter add dev eth1 parent 1:0 prio 0 protocol ip u32 match ip dst 192.168.1.20/32 match ip protocol ip 0xffff flowid 1:10
    Create filter assigned to class 1:0 and 1:1
Man Pages: The command is "tc". The rest of the man pages describe specific uses of the command.
  • tc - show or manipulate network traffic control settings
  • tc-cbq - CBQ - Class Based Queueing - contains shaping elements as well as prioritizing capabilities.
    tc qdisc ... dev dev ( parent classid | root) [ handle major: ] cbq [ allot bytes ] avpkt bytes bandwidth rate [ cell bytes ] [ ewma log ] [ mpu bytes ]
    tc class ... dev dev parent major:[minor] [ classid major:minor ] cbq allot bytes [ bandwidth rate ] [ rate rate ] prio priority [ weight weight ] [ minburst packets ] [ maxburst packets ] [ ewma log ] [ cell bytes ] avpkt bytes [ mpu bytes ] [ bounded isolated ] [ split handle & defmap defmap ] [ estimator interval timeconstant ]
  • tc-htb - Hierarchy Token Bucket (simple replacement for CBQ)
    tc qdisc ... dev dev ( parent classid | root) [ handle major: ] htb [ default minor-id ]
    tc class ... dev dev parent major:[minor] [ classid major:minor ] htb rate rate [ ceil rate ] burst bytes [ cburst bytes ] [ prio priority ]
  • tc-drr - deficit round robin scheduler - flexible replacement for Stochastic Fairness Queuing
    tc qdisc ... add drr [ quantum bytes ]
  • tc-sfq - Stochastic Fairness Queueing
    tc qdisc ... divisor hashtablesize limit packets perturb seconds quanтАРtum bytes
  • tc-hfsc - HFSC - Hierarchical Fair Service Curve's control
    tc qdisc add ... hfsc [ default CLASSID ]
    tc class add ... hfsc [ [ rt SC ] [ ls SC ] | [ sc SC ] ] [ ul SC ]
  • tc-choke - CHOose and KEep scheduler - classless qdisc designed to both identify and penalize flows that monopolize the queue. CHOKe is a variation of RED, and the configuration is the same as RED
    tc qdisc ... choke limit bytes min bytes max bytes avpkt bytes burst packets [ ecn ] [ bandwidth rate ] probability chance
  • tc-red - Random Early Detection - classless qdisc to drop packets gracefully
    tc qdisc ... red limit bytes min bytes max bytes avpkt bytes burst packets [ ecn ] [ bandwidth rate ] probability chance
  • tc-tbf - tbf - Token Bucket Filter - Traffic shaper to ensure that the configured rate is not exceeded
    tc qdisc ... tbf rate rate burst bytes/cell ( latency ms | limit bytes) [ mpu bytes [ peakrate rate mtu bytes/cell ] ]
  • tc-pfifo / tc-bfifo - The pfifo and bfifo qdiscs are low overhead First In, First Out queues.
    • pfifo - Packet limited First In, First Out queue:
      tc qdisc ... add pfifo [ limit packets ]
    • bfifo - Byte limited First In, First Out queue
      tc qdisc ... add bfifo [ limit bytes ]
  • tc-pfifo_fast - default qdisc of each interface - three-band first in, first out queue
  • tc-stab - Generic size table manipulations
    tc qdisc add ... stab [ mtu BYTES ] [ tsize SLOTS ] [ mpu BYTES ] [ overhead BYTES ] [ linklayer TYPE ] ...

TCNG:

Install:
Ubuntu/Debian: apt-get install tcng
Man Pages:
  • tcng - Traffic Control New Generation - show or manipulate network traffic control settings
Network Monitoring Tools:
  • tcpdump - dump traffic on a network. See discussion below.
    Command line option Description
    -c Exit after receiving count packets.
    -C Specify size of output dump files.
    -i Specify interface if multiple exist. Lowest used by default. i.e. eth0
    -w file-name Write the raw packets to file rather than parsing and printing them out.
    They can later be printed with the -r option.
    -n Improve speed by not performing DNS lookups. Report IP addresses.
    -t Don't print a timestamp on each dump line.

    Filter expressions:
    primitive Description
    host host-name If host has multiple IP's, all will be checked.
    net network-number Network number.
    net network-number mask mask Network number and netmask specified.
    port port-number Port number specified.
    tcp Sniff TCP packets.
    udp Sniff UDP packets.
    icmp Sniff icmp packets.
    Examples:
    • tcpdump tcp port 80 and host server-1
    • tcpdump ip host server-1 and not server-2
  • iptraf - Interactive Colorful IP LAN Monitor
  • nmap - Network exploration tool and security scanner
    • List pingable nodes on network: nmap -sP 192.168.0.0/24
      Scans network for IP addresses 192.168.0.0 to 192.168.0.255 using ping.
  • Ethereal - Network protocol analyzer. Examine data from a live network.
    RPM's required:
    • ethereal-x.x.xx-x.i386.rpm
    • ucd-snmp-x.x-xx.i386.rpm
    • ucd-snmp-utils-x.x-xx.i386.rpm
    • Also: gtk+, glib, glibc, XFree86-libs-x.x.x-x (base install)
    There is an error in the ethereal package because it does not show the snmp libraries as a dependencies, but you can deduce this from the errors that you get if the ucd-snmp libraries are not installed.
  • EtherApe - Graphical network monitor for Unix modeled after etherman. This is a great network discovery program with cool graphics.
  • Gkrellm - Network and system monitor. Good for monitoring your workstation.
  • IPTraf - ncurses-based IP LAN monitor.
  • Cheops - Network discovery, location, diagnosis and management. Cheops can identify all of the computers that are on your network, their IP address, their DNS name, the operating system they are running. Cheops can run a port scan on any system on your network.
  • ntop - Shows network usage in a way similar to what top does for processes. Monitors how much data is being sent and received on your network.
  • MRTG - Multi Router Traffic Grapher - Monitor network traffic load using SNMP and generate an HTML/GIF report. (See sample output)
  • dnsad - IP traffic capture. Export to Cisco Netflow for network analysis reporting.
  • Big Brother - Monitoring ans services availability.
  • OpenNMS.org - Network Management using SNMP.
  • Nagios - host, service and network monitoring
  • Angel network monitor

Using tcpdump to monitor the network:

[root]# ifconfig eth0 promisc          - Put nic into promiscuous mode to sniff traffic.
[root]# tcpdump -n host not XXX.XXX.XXX.XXX | more    - Sniff net but ignore IP which is your remote session.
[root]# ifconfig eth0 -promisc         - Pull nic out of promiscuous mode.
Network Intrusion and Hacker Detection Systems:
SNORT: Monitor the network, performing real-time traffic analysis and packet logging on IP networks for the detection of an attack or probe.
  • InterSect Alliance - Intrusion analysis. Identifies malicious or unauthorized access attempts.
ARP: Address Resolution Protocol
Ethernet hosts use the Address Resolution Protocol (ARP) to convert a 32-bit internet IP addresses into a 48-bit Ethernet MAC address used by network hardware. (See: RFC 826) ARP broadcasts are sent to all hosts on the subnet by the data transmitting host to see who replies. The broadcast is ignored by all except the intended receiver which recognizes the IP address as its own. The MAC addresses are remembered (ARP cache) for future network communications. Computers on the subnet typically keep a cache of ARP responses (typically 20 min but can store permanent information for diskless nodes). ARP broadcasts are passed on by hubs and switches but are blocked by routers.
Reverse ARP (See: RFC 903) is a bootstrap protocol which allows a client to broadcast requesting a server to reply with its IP address.
View ARP tables:
  • Shows other systems on your network (including IP address conflicts): /sbin/arp -a
  • Show ARP table Linux style: /sbin/arp -e
  • List ARP table: cat /proc/net/arp
Note that the use of a switch instead of a hub will limit your view of other hosts. Typically all you will see in the arp table is your router or gateway.
Set/Configure ARP tables:
  • Add a host's IP address: /sbin/arp -s hostname XX:XX:XX:XX:XX:XX pub
  • Delete a host from the table: /sbin/arp -d hostname
    This can be used to remove a duplicate IP or force a new interface to provide info.
Man pages:
ARP is something that simply works. No Linux system configuration is necessary. It's all part of the ethernet and IP protocol. The aforementioned information is just part of the Linux culture of full visibility into what is going on.
TCP vs UDP:
Transmission Control Protocol (TCP) is a network transport Internet Protocol (IP) typically used for its bi-directional communications reliability. TCP is a protocol which first establishes a connection and then transmits data over that connection. Replies of acknowledgement are sent to each end of the connection to communicate the fact that the transmitted data was valid to determine if the data should be re-sent. The TCP header is 24 bytes of information including the source and destination port, the packet sequence information, checksum and various flags indicating the purpose of the packet. TCP is a streaming protocol where a numbered set of packets are sent over the network and available to the system in-order. This makes TCP appropriate for file transfer and web content delivery.
User Datagram Protocol (UDP) is a protocol which supports a single packet of data with no response, verification or acknowledgement. A checksum is included in the UDP packet header but the protocol does not arrange for retransmission upon error. It is a faster communications method as it does not require the overhead of a connection, reliability or packet order. Each packet is independent of the other and typically used for data no larger than the maximum UDP packet size of 64 Kb (65507 bytes) for the 8 byte header and data, but typically much smaller.
IPv4 Packet Headers:

TCP:

Source Port
16 bits
(0 - 65535)		 Destination Port
16 bits
(0 - 65535)
Sequence Number
32 bits
(0 - 4294967295) Increments from 1, zero to clear.
Acknowledgement Number
32 bits
(0 - 4294967295)
Data
Offset		 Res N
S		 C
W
R		 E
C
E		 U
R
G		 A
C
K		 P
S
H		 R
S
T		 S
Y
N		 F
I
N		 Window
16 bits
Checksum
16 bits		 Urgent Pointer
(If URG is set)
16 bits
Options Padding
Flags:
  • SYN: signifies first packet sent when opening a connection
  • ACK: After SYN packet is sent, ACK is set to 1
  • RST: Request to reset the connection
  • FIN: Last packet - transmission done

UDP:

Source Port
16 bits
(0 - 65535)		 Destination Port
16 bits
(0 - 65535)
Length
(entire datagram: header and data)
16 bits
(8 - 65535)		 Checksum
(If not used - all zeros)
16 bits
Configuring Linux For Network Multicast:
Regular network exchanges of data are peer to peer unicast transactions. An HTTP request to a web server (TCP/IP), email SNMP (TCP/IP), DNS (UDP), FTP (TCP/IP), ... are all peer to peer unicast transactions. If one wants to transmit a video, audio or data stream to multiple nodes with one transmission stream instead of multiple individual peer to peer connections, one for each node, one may use multicasting to reduce network load. Note that multicast and a network broadcast are different and that multicast is a UDP broadcast only. Multicast messages are only "heard" by the nodes on the network that have "joined the multicast group" which are those that are interested in the information.
The Linux kernel is Level-2 Multicast-Compliant. It meets all requirements to send, receive and act as a router for multicast datagrams. For a process to receive multicast datagrams it has to request the kernel to join the multicast group and bind the port receiving the datagrams. When a process is no longer interested in the multicast group, a request is made to the kernel to leave the group. It is the kernel/host which joins the multicast group and not the process. Kernel configuration requires "CONFIG_IP_MULTICAST=y". In order for the Linux kernel to support multicast routing, set the following in the kernel config:
  • CONFIG_IP_MULTICAST=y
  • CONFIG_IP_ROUTER=y
  • CONFIG_IP_MROUTE=y
  • CONFIG_NET_IPIP=y
The default Red Hat / Fedora kernels are compiled to support multicast.
Note that on multihomed systems (more than one IP address/network card), only one device can be configured to handle multicast.
Class D networks with a range of IP addresses from 224.0.0.0 to 239.255.255.255 (See Network Classes above) have typically been reserved for multicast.
Useful commands:
Command Description
cat /proc/net/igmp List multicast group to which the host is subscribed. Use "Internet Group Management Protocol".
(See /usr/src/linux/net/core/igmp.c)
cat /proc/net/dev_mcast List multicast interfaces.
(See /usr/src/linux/net/core/dev_mcast.c)
ping 224.0.0.1 All hosts configured for multicast will respond with their IP addresses
ping 224.0.0.2 All routers configured for multicast will respond
ping 224.0.0.3 All PIM routers configured for multicast will respond
ping 224.0.0.4 All DVMRP routers configured for multicast will respond
ping 224.0.0.5 All OSPF routers configured for multicast will respond
Multicast Application Programming:
Multicast transmissions are achieved through proper routing, router configuration (if communicating through subnets) and programatically with the use of the following "C" function library calls:
Function Call Description
setsockopt(int sockfd, int level, int optname, const void* optval, socklen_t optlen) Pass information to the Kernel.
getsockopt(int sockfd, int level, int optname, void *optval, socklen_t *optlen) Retrieve information broadcast using multicast.
Where optname is:
OptionValueDescription
IP_MULTICAST_IF32Specify ethernet interface to use:

struct in_addr interface_addr;
setsockopt (socket, IPPROTO_IP, IP_MULTICAST_IF, &interface_addr, sizeof(interface_addr));
Can use setsockopt() with option INADDR_ANY to reset the configuration.
IP_MULTICAST_TTL33Time To Live (TTL) value sets how many router hops are allowed.
Restrict to local network:

u_char ttl = 1;
setsockopt(socket, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl));
Values of ttl are 0 to 255
IP_MULTICAST_LOOP34Data sent is looped back to the same host.
Enable:

uchar loop = 1
setsockopt(socket, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, sizeof(loop));
where loop=0 to disable loopback
IP_ADD_MEMBERSHIP35Specify multicast group. Include file linux/in.h set struct ip_mreq
  • ip_mreq.imr_multiaddr: IP multicast address
  • ip_mreq.imr_interface: local IP interface address (can be INADDR_ANY)

setsockopt (socket, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
Add as many groups as needed.
IP_DROP_MEMBERSHIP36Closing the socket will drop membership or: 

struct ip_mreq mreq;
setsockopt (socket, IPPROTO_IP, IP_DROP_MEMBERSHIP, &mreq, sizeof(mreq));
IP_UNBLOCK_SOURCE37Unblock a previously blocked source for a given multicast group.
IP_BLOCK_SOURCE38Block IPv4 multicast packets that have a source address that matches the given IPv4 source address.
IP_ADD_SOURCE_MEMBERSHIP39Join IPv4 multicast group on an IPv4 interface and specify the IPv4 source-filter address. Set these values by using the SETSOCKOPT API.
IP_DROP_SOURCE_MEMBERSHIP40Drop multicast group.
IP_MSFILTER41
MCAST_JOIN_GROUP42Join a multicast group and set the IPv4 or IPv6 multicast address and the local interface.
MCAST_BLOCK_SOURCE43
MCAST_UNBLOCK_SOURCE44
MCAST_LEAVE_GROUP45Leave a multicast group.
MCAST_JOIN_SOURCE_GROUP46
MCAST_LEAVE_SOURCE_GROUP47
MCAST_MSFILTER48
IP_MULTICAST_ALL49
For more on multicast programming see: Multicast Howto.
The multicast application will specify the multicast group, loopback interface, TTL (network time to live or router hops), network interface and the multicast group to add or drop.
Add route to support multicast:
  • /sbin/ifconfig eth0 multicast
  • route -n add -net 224.0.0.0 netmask 240.0.0.0 dev eth0
  • /sbin/ip route show (show the route you just created)
Note that if adding a route to forward packets through a router, that the router MUST be configured to forward multicast packets. Many routers do not support forwarding of multicast packets or have a default configuration which does not. The internet by default does not forward multicast packets.
Multicast Packet Forwarding and Routing:
Linux can be configured to forward packets and act as a simple router between two networks. The prior section on "Enable Forwarding" shows how Linux can be configured to forward regular TCP and UDP packets. This does not include multicast packets.
Multicasting begins with an application requesting multicast group membership. It is this request that tells a muliticast router to enable forwarding on the interface that the request arrived on -- no request, no routing. The request must be processed by a multicasting router. Multicast packets can be forwarded and routed by running multicast routing software on the system.
Routing softwareProtocolsDescription
XorpPIMRouting of IPv4 and IPv6 network protocols including UDP multicast
SmcRoutePIMSimple static routing of UDP multicast
mroutedDVMRPDVMRP (Distance Vector Multicast Protocol) is a depricated protocol thus making this software obsolete.
pimdPIM
PIM-SM: PIM Sparse Mode
PIM-DM: PIM Dense Mode		Supports PIM (Protocol Independent Multicast) routing protocol.
ZebraPIM
BGP-4
RIP
OSPFv2i, etc		Zebra is a routing application supporting a full range of routing protocols.
Serial Line IP:
Linux can support Internet Protocol (IP) protocol over serial device interfaces. Over long distances this is typically supported using a modem over telephone lines (POTS: Plain Old Telephone Service) or satellite communications.
PPP: Point-to-Point Protocol
This is the most common form of IP over serial line and is the most common technique used by telephone dial-up ISPs. The following tutorials use a Hayes command set compatible modem.
PPTP: Point-to-Point Tunneling Protocol
SLIP: Serial Line IP (older than PPP and less capable)
Devices:
InterfacesDescription
sl0sl1sl2sl3SLIP interfaces. Linux kernel supports up to four.
COM1COM2COM3COM4Serial Ports (RS-232 hardware)
/dev/ttyS0/dev/ttyS1/dev/ttyS2/dev/ttyS3Serial devices (dial in)
(virtual terminal consoles)
/dev/cua0/dev/cua1/dev/cua2/dev/cua3Serial devices (dial out)
4444Interface major numbers (dial in)
5555Interface major numbers (dial out)
64656667Interface minor numbers
The command ls -l /dev/ttyS* /dev/cua* will show the device major and minor numbers.
The major and minor numbers are used when creating a SPLIP interface:
Example:
  • mknod -m 666 /dev/cua1 c 5 65
  • chown root.uucp /dev/cua1
SLIP configuration:
  • Configure /etc/resolve.conf
    (See notes above in this tutorial)
  • Attach network interface to serial line on COM2: /sbin/slattach -p slip -s 19200 /dev/ttyS1 &
  • Assign local and remote IP: /sbin/ifconfig sl0 192.168.1.10 pointopoint 192.168.1.40 up
    Assign local IP (192.168.1.10) and connect to remote server (192.168.1.40)
    Alternate example: /sbin/route add plip1 192.168.1.10 pointopoint 192.168.1.40
  • Add route: /sbin/route add default dev sl0 &
Also see Dialup IP (DIP)
PLIP: Parallel Line IP
Point to point serial links (rather than broadcast networks line ethernet), can also be supported over parallel printer ports.
An IP network at 10 to 20 kBps over parallel printer ports lp0 or lp1 are much faster than serial. Linux supports mode 0 PLIP transferring half bytes of data at a time. Requires "NULL Printer" or "Turbo Laplink" printer connection. See kernel source drivers/net/Space.c.
InterfaceI/O PortIRQ
plip00x3BC7
plip10x3787
plip20x2785
PLIP Configuration:
  • ifconfig plip1 192.168.1.10 pointopoint 192.168.1.40
    connect host 192.168.1.10 to remote host 192.168.1.40
  • route add default gw 192.168.1.40
    Specify remote host as the gateway.
On the remote host at the other end of the cable, the opposite must be specified:
  • ifconfig plip1 192.168.1.40 pointopoint 192.168.1.10
  • route add 192.168.1.10 gw 192.168.1.40
Serial port related man pages:
  • setserial - get/set Linux serial port information
    Typical configuration:
    • Interrupt detection: /sbin/setserial -W /dev/cua*
    • Configuration: /sbin/setserial /dev/cua1 auto_irq skip_test autoconfig
      or /sbin/setserial /dev/cua1 auto_irq skip_test autoconfig uart 16550
    • Display Configuration: /sbin/setserial -bg /dev/cua*
    • Enable hardware handshake: stty crtscts < /dev/cua1
      (verify: stty -s < /dev/cua1)
  • stty - change and print terminal line settings
  • tty - print the file name of the terminal connected to standard input
  • pppd - Point-to-Point Protocol Daemon
  • slattach - attach a network interface to a serial line
  • mknod - make block or character special files
Living in a MS/Windows World:
  • SMB4k: My favorite MS/Windows file share browser.
  • In Nautilus use the URL "smb:" to view MS/Windows servers. [tutorial]
See the YoLinux tutorial on integrating Linux into a Microsoft network.
Network Definitions:
  • IPv4: Most of the Internet servers and personal computers use Internet Protocol version 4 (IPv4). This uses 32 bits to assign a network address as defined by the four octets of an IP address up to 255.255.255.255. Which is the representation of four 8 bit numbers thus totaling 32 bits.
  • IPv6: Internet Protocol version 6 (IPv6) uses a 128 bit address and thus billions and billions of potential addresses. The protocol has also been upgraded to include new quality of service features and security. Currently Linux supports IPv6 but IPv4 is used when connecting your computer to the internet.
  • TCP/IP: (Transmission Control Protocol/Internet Protocol) uses a client - server model for communications. The protocol defines the data packets transmitted (packet header, data section), data integrity verification (error detection bytes), connection and acknowledgement protocol, and re-transmission.
  • TCP/IP time to live (TTL): This is a counting mechanism to determine how long a packet is valid before it reaches its destination. Each time a TCP/IP packet passes through a router it will decrement its TTL count. When the count reaches zero the packet is dropped by the router. This ensures that errant routing and looping aimless packets will not flood the network.
  • MAC Address: (media access control) is the network card address used for communication between other network devices on the subnet. This info is not routable. The ARP table maps TCP/IP address (global internet) to the local hardware on the local network. Use the command /sbin/ifconfig to view both the IP address and the MAC address. The MAC address uniquely identifies each node of a network and is used by the Ethernet protocol.
  • Full Duplex: Allows the simultaneous sending and receiving of packets. Most modern modems support full duplex.
  • Half Duplex: Allows the sending and receiving of packets in one direction at a time only.
  • OSI 7 Layer Model: The ISO (International Standards Organization) has defined the OSI (Open Systems Interconnection) model for current networking protocols.
    OSI Layer Description Linux Networking Use
    7 Application Layer.
    The top layer for communications applications like email and the web.    		 telnet, web browser, sendmail
    6 Presentation Layer.
    Syntax and format of data transfer.    		 SMTP, http
    5 Session Layer.
    4 Transport Layer.
    Connection, acknowledgement and data packet transmission.    		 TCP
    UDP
    3 Network Layer. IP
    ARP
    2 Data Link Layer.
    Error control, timing    		 Ethernet
    1 Physical Layer.
    Electrical characteristics of signal and NIC    		 Ethernet
  • Network Hub: Hardware to connect network devices together. The devices will all be on the same network and/or subnet. All network traffic is shared and can be sniffed by any other node connected to the same hub.
  • Network Switch: Like a hub but creates a private link between any two connected nodes when a network connection is established. This reduces the amount of network collisions and thus improves speed. Broadcast messages are still sent to all nodes.
Related Links:
Test Internet Bandwidth:
Man Pages:
  • icmp - Linux IPv4 ICMP kernel module
  • ifport - select the transceiver type for a network interface
  • usernetctl - allow a user to manipulate a network interface if permitted
  • ripquery - query RIP (Routing Information Protocol) gateways
  • gated - gateway routing daemon


http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworking.html
Tags:
  • Add Memory
  • Share This Entry

Profile

oio11: (Default)
oio11
Мой блог

October 2025

S M T W T F S
   1234
567891011
12131415161718
19202122 232425
262728293031 

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 3rd, 2026 11:13 pm
Powered by Dreamwidth Studios