Ad-Hoc Networking in Linux with Avahi
-
Upload
sinchume -
Category
Technology
-
view
5.054 -
download
3
description
Transcript of Ad-Hoc Networking in Linux with Avahi
![Page 2: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/2.jpg)
What is Local-Link?
Any grouping of hosts without requiring a router or gateway and are directly reachable
• Local Area Networks• Workgroups• Peer Networks• Ad-Hoc Networks• Broadcast Domains
![Page 3: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/3.jpg)
LAN Protocols
Golden Age LAN Protocols• NetBeui (Windows Native)• Appletalk (Mac Native)• IPX/SPX (Novell)
TCP/IP Local-Link Protocols• UPnP (Windows Native)• Zeroconf (Mac Native “Bonjour”)• SLP (Smells Like P…Novell)
![Page 4: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/4.jpg)
Why Local-Link?
Same reasons LAN’s were fun
GAMES!!!PrintersEntertainment and Home AutomationAd-Hoc and Disposable NetworksDigital Living Network Alliance
![Page 5: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/5.jpg)
Why Local-Link? (cont.)
UPnP – SOHO/Firewalls devicesZeroconf – Network Printers
![Page 6: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/6.jpg)
Local-Link Architecture
APPLICATION
DISCOVERY
NAMING
APPLICATION
TRANSPORT
NETWORK
DATA-LINK
UPnP
TCP/IP Local-Link Zeroconf
DNS-SD
mDNS
APIPA
UPnP
APIPA
SLP
ADDRESSING
SLPSSDP
![Page 7: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/7.jpg)
Primum non Nocere
MUST NOT cause harm to the network
Zeroconf protocols are designed to operate nicely or in concert with managed networks.
Each layer is “á la cart,” operating entirely ad-hoc, hybrid with managed infrastructure, or disabled.
![Page 8: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/8.jpg)
Addressing Layer
Automatic Private IP Assignment RFC 3927 – (169.254/16 Prefix)
Selects a random host IP falling inside the Private IP range.
Checks that the IP is unused via an Arp request
Sends a Claiming-ARP to clean stale caches
![Page 9: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/9.jpg)
Addressing Layer (Cont.)
New host connects to the local network.Attempts a DHCP request
No DHCP Sever present to respond.DHCP Request time out.
![Page 10: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/10.jpg)
Addressing Layer (Cont.)
New host connects to the local network.Attempts a DHCP request
Another host on the network answers the ARP request.New host now knows that IP address is taken.
Host selects a random IP address in the 169.254.0.0/16 range.Performs an ARP request
![Page 11: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/11.jpg)
Addressing Layer (Cont.)
New host connects to the local network.Attempts a DHCP request
No one replies after multiple ARP requests.New host has assurances that the IP is available.
Host selects a random IP address in the 169.254.0.0/16 range.Performs an ARP request
Host selects a new IP address in the 169.254.0.0/16 range.Performs an ARP request for the new IP
![Page 12: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/12.jpg)
Addressing Layer
New host connects to the local network.Attempts a DHCP request
Host selects a random IP address in the 169.254.0.0/16 range.Performs an ARP request
Host selects a new IP address in the 169.254.0.0/16 range.Performs an ARP request for the new IP
Host assigns itself the IP address.Begins answering ARP requests.
![Page 13: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/13.jpg)
AutoIP with Avahi!
avahi-autoipd –D INTERFACEstand-alone or plugin for a DHCP client, where it can be used as fallback solution if no DHCP server is found
![Page 14: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/14.jpg)
Naming Layer
Why?IP Addresses aren’t user-friendly, or in APIPA even significant.
What?Use .local or .home TLD’s to replace IP addresses
How?Magic…err, Multicast-DNS (mDNS)
![Page 15: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/15.jpg)
Naming Layer (Cont.)
mDNS
Will attempt to resolve over centralized DNS servers if possible
Failing that a DNS request will be sent to a multicast address on UDP 5353
![Page 16: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/16.jpg)
Naming Layer (Cont.)
Name Request
Node will attempt to resolve the name it wants, waiting for an answer. If the name is available, it will send out an mDNS answer.
Nodes will cache mDNS replies to save bandwidth and will answer requests for hosts that are temporarily unavailable.
![Page 17: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/17.jpg)
Naming Layer (Cont.)
alice.laptop wants to know who charlie.mac is.alice.laptop doesn’t have a DNS server in its configuration.
If alice.laptop was making a request to charlie.local,then normal DNS would automatically be skipped.
alice.laptop sends a request to 224.0.0.251:5353 udp.
While everyone on the network receives the request,only charlie.mac currently knows his address.
![Page 18: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/18.jpg)
Naming Layer (Cont.)
alice.laptop wants to know who charlie.mac is.alice.laptop doesn’t have a DNS server in its configuration.
If alice.laptop was making a request to charlie.local,then normal DNS would automatically be skipped.
alice.laptop sends a request to 224.0.0.251:5353 udp.
While everyone on the network receives the request,only charlie.mac currently knows his address.
Once charlie.mac replies to 224.0.0.251.5353Then everyone else caches the responce
![Page 19: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/19.jpg)
Naming Layer (Cont.)
bob.laptop wants to know who charlie.mac is.bob.laptop sends a request to 224.0.0.251:5353 udp.
![Page 20: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/20.jpg)
Naming Layer (Cont.)
bob.laptop wants to know who charlie.mac is.bob.laptop sends a request to 224.0.0.251:5353 udp.
Sadly, charlie.mac is currently rebooting
![Page 21: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/21.jpg)
Naming Layer (Cont.)
bob.laptop wants to know who charlie.mac is.bob.laptop sends a request to 224.0.0.251:5353 udp.
Sadly, charlie.mac is currently rebooting
Luckily, dave.pc has it stored in cache
![Page 22: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/22.jpg)
Naming Layer (Cont.)
Common Issue…If alice and bob are in two different ip assignments (ie. 10.0.0.0/8 and 169.254.0.0/16), but on the same broadcast domain. They’ll be able to resolve each other, but unable to connect unless there is a router handling the relationship.
![Page 23: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/23.jpg)
mDNS with Avahi!
mDNS With Avahi!
Avahi-daemonLaunch and go for mDNS and DNS-SD
/etc/avahi/avahi-daemon.confworks out of the box as expectedfun things start here…
![Page 24: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/24.jpg)
mDNS with Avahi! (Cont.)
/etc/avahi/hostsUseful for publishing static addresses for other hostsFormatted like /etc/hostsremember to suffix entries with .local
avahi-publish -a HOST-NAME ADDRESSshort term static address publishing
avahi-set-host-name HOST-NAMErename your host for a short term
![Page 25: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/25.jpg)
mDNS with Avahi (Cont.)
Avahi-resolve --name HOST-NAME Avahi-resolve --address ADDRESS
diagnostics toolsif applications are working as expect, then
you won’t need to run these.
![Page 26: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/26.jpg)
Discovery Layer
Why?• Imagine never needing to Portscan :D• Port numbers are boring• Network Awareness, I want to know if the
network I’m on has a web server…How?• DNS-SD• SSDP• SLP
![Page 27: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/27.jpg)
Discovery Layer (Cont.)
DNS-Service Discovery (DNS-SD)
Service discovery, mDNS styleraison d'être of Zeroconf
![Page 28: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/28.jpg)
DNS-SD with Avahi
Avahi-daemonLaunch and go for mDNS and DNS-SD/etc/avahi/avahi-daemon.conf
/etc/avahi/services/*.serviceuseful for publishing static servicesXML files
avahi-publish -s NAME SERVICE-TYPE PORT short term static service announcements
![Page 29: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/29.jpg)
DNS-SD with Avahi (Cont.)
Avahi-browseAvahi-discover
diagnostics toolsif applications are working as expect, then
you won’t need to run these.
![Page 30: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/30.jpg)
Bookmarks via DNS-SD
Broadcasting Bookmarks via DNS-SD
![Page 31: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/31.jpg)
Bookmarks via DNS-SD (Cont.)
To see the bookmarks:avahi-bookmarksthen goto http://localhost:8080/
![Page 32: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/32.jpg)
Application Layer
Universal Plug and Play (UPnP)XML-SOAPStandard Multi-Vendor Language
![Page 33: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/33.jpg)
Implementations
• UPnP
• Bonjour, formally known as Rendezvous(Mac and Windows)
• Avahi (FOSS)– Avahi-autoipd– Avahi-deamon– Avahi-discover– Avahi-utils
![Page 34: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/34.jpg)
Security Concerns
• Denial of ServicePrevent people from obtaining IP addresses or Host names
• SpoofingHost name spoofing, Address spoofing, just as easy as ARP spoofing.
• Man in the Middle attacks
• Open-Disclosure of Assets• Expects others to be playing nice
![Page 35: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/35.jpg)
Security Concerns
OpenPGP or X.509 certificates?Signed by trusted computing?
I <3 Trusted computing
![Page 36: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/36.jpg)
Questions?
More Resources
• RFC 2608Service Location Protocol
• RFC 3927Dynamic Configuration ofIPv4 Link-Local Addresses
• http://www.zeroconf.org/• http://www.multicastdns.org/• http://www.dns-sd.org/• http://www.upnp.org/• http://developer.apple.com/networking/bonjour/
![Page 37: Ad-Hoc Networking in Linux with Avahi](https://reader033.fdocuments.in/reader033/viewer/2022061616/555c2467d8b42a09438b4b5b/html5/thumbnails/37.jpg)
This presentation can be found at ERISresearch.org
ERIS Research
Internet Society
This work is licensed under the Creative Commons Attribution-Noncommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/us/ or send a letter to
Creative Commons171 Second StreetSuite 300San FranciscoCalifornia, 94105, USA.