Operating System Term Paper By: Afzaal Ahmad

Operating System Term Paper

By: Afzaal Ahmad

It was proposed by internetworking protocol next generation (IPnG) which is used for the standard of IP address protocols used worldwide. IPv6 was introduced after implementation of IPv4 there were some limitations, drawbacks on the basis of which new version of IP was introduced which fulfills almost all the requirements and answers the questions previously unanswered.

Following is the description of what were the main deficiencies in IPv4

1. 
   Limited addresses which is 32bit
   
2. 
   It does not provide real time audio and video transmission.
   
3. 
   No security check mechanism or security header was present in IPv4.
   

1. 
   IP header is the main part of a packet which has enclosed information in it so, IPv6 has improved header format. We can
   

2. 
   Flow label is included in IPv6 for this 0,1,2 bits are reserved which are used for the special handling of data which has high, low priority bit set.
   
3. 
   IPsec is the IP-layer security protocols, ESP (Encapsulating Security Payload) and AH is the header (Authentication Header), which are defined for both IPv4 and IPv6. These protocols allow receivers to detect and discard packets that have been modified by some external source e.g. hacked by someone or by transmission errors. Unfortunately NATs work by modifying packets in transit
   

1. 
   Unicast: it identifies a special host (single system) on a network for which the data (packet) has been sent.
   
2. 
   Anycast: It defines a group of computers that have same prefix i.e. a group of computers share same prefix.
   
3. 
   Multicast: sharing of systems to same physical network is not necessary. Data packets sent should be broadcasted and delivered to all.
   

Some of the advantages of IPv6 are as follows.

1. 
   It has large address spaces which are 128 bits long.
   
2. 
   It has improved header format with additional functionalities.
   
3. 
   Allowance for extensions which enables the updates when there is advancement in technology; it should be compatible in advance circumstances.
   
4. 
   Supports for resource applications this functionality is achieved by flow label which enables the source to request for special handling of packets which supports real time traffic like audio and video.
   
5. 
   Flow priority helps to prevent from congestion by removing the low priority packets.
   
6. 
   Encryption and authentication provides integrity.
   
7. 
   Fragmentation is done in source field only because here router routes the packet.
   
8. 
   Qos (Quality of Service)
   
9. 
   Mobility
   

Networking is the key area of functionality in Linux and almost in all other operating systems. It supports all advance internet protocols one of which is discussed briefly above. In Linux kernel networking is implemented in three layers which are as follows

1. 
   Socket interface
   
2. 
   Protocol drivers
   
3. 
   Network device drivers
   

The most important set of protocols is the TCP/IP protocol on the top of which other important protocols are built which are UDP, TCP, ICMP.

Now test IPv6 protocol stack support for linux operating system via ipv6 module. The ipv6 module has IPv6 protocol stack for linux operating system. If above cat command fails it is for sure that the IPv6 module is not loaded in the kernel. The command is lsmod | grep ipv6

int test_in_network_v6 (const struct in6_addr * network,

const struct in6_addr * mask,

const struct in6_addr * addr) {

unsigned int i;

for (i=0; i

if ( ((((int *) ip

)[i] & ((int *) mask)[i])) !=

(((int *) network)[i] & ((int *) mask)[i]))

return 0;

return 1;

}

Protocol.c

const struct inet6_protocol rcu *inet6_protos[MAX_INET_PROTOS] read_mostly;
int inet6_add_protocol(const struct inet6_protocol *prot, unsigned char protocol)

{

int hash = protocol & (MAX_INET_PROTOS - 1);

NULL, prot) ? 0 : -1; }

EXPORT_SYMBOL(inet6_add_protocol);
Inet is internet protocol version 6 family it is a collection of protocols layered at the top of the transport layer it provides support for SOCK_STREAM,

SOCK_DGRAM etc

#define SECURITY_VALID_HOOKS

(1 << NF_INET_LOCAL_IN) | \

(1 << NF_INET_FORWARD) | \

(1 << NF_INET_LOCAL_OUT)

static const struct xt_table

.name = "security",

.valid_hooks=SECURITY_VALID_HOOKS,

.me = THIS_MODULE,

.af = NFPROTO_IPV6,

priority = NF_IP6_PRI_SECURITY };

hook is the technique of inserting code into a system call in order to modify it. The typical hook works by replacing the function pointer to the call with its own then once it is done doing its processing it will then call the original function pointer.

NF_INET_LOCAL_IN

If the packet is destined for this box

NF_INET_LOCAL_FORWARD

If the packet is destined for another interface.

NF_INET_LOCAL_OUT

Packets coming from a local process.

tunnel.c

list is for storing the tunnels in use

struct ip6_tnl __rcu *tnls_r_l[HASH_SIZE];

struct ip6_tnl __rcu **tnls[2];

There is the hash size hardcoded with 1 and 2 in tnls variable.

struct ip6_tnl {

struct ip6_tnl __rcu *next;

struct net_device *dev;

struct ip6_tnl_parm parms;

struct flowi fl

struct dst_entry *dst_cache;

};

In above code lines there is next tunnel in the list than a network device associated with this tunnel, tunnel configuration parameters and cache destination.

unsigned long rx_packets;

unsigned long rx_bytes;

unsigned long tx_packets;

unsigned long tx_bytes;} __attribute((aligned(4*sizeof(unsigned long))));

in above code rx packets are used for receive pacets (incoming packets) and tx is used for transmitted packets (outgoing)

free_percpu(dev->tstats);

free_netdev(dev);}

in above piece of code we are freeing a device when it has finished its transportation of packets from sender and receiver .

#define IS_VLAN_IP(skb) \

(vlan_proto(skb) == htons(ETH_P_IP) && \

brnf_filter_vlan_tagged)

The htons function converts the unsigned short integer host short from host byte order to network byte order.

static struct xt_match iprange_mt_reg[] __read_mostly = {

{

.name = "iprange",

.family = NFPROTO_IPV4,

.match = iprange_mt4,

.matchsize = sizeof(struct xt_iprange_mtinfo),

.me = THIS_MODULE,

},

{

.revision = 1,

.family = NFPROTO_IPV6,

.match = iprange_mt6,

.matchsize = sizeof(struct xt_iprange_mtinfo),

.me = THIS_MODULE,

},

};

SUMARRY OF IPv6 Benefits:

1. 
   Expanded addressing capabilities
   
2. 
   Structured hierarchy to manage routing table growth
   
3. 
   Server less auto configuration and reconfiguration
   
4. 
   Streamlined header format and flow identification
   
5. 
   Improved support for options / extensions
   

The Internet Engineering Task Force (IETF) has been actively developing MIP for both IPv4 and IPv6 since the 1990s. The Mobile IPv6 (MIPv6) standard advanced from due to additional functionalities. Since then, optimizing and securing MIPv6 has become an active standardization and development area. IP mobility means the ability to handle movements that are made by person. Movement in the context of MIP is an event that causes a machine to change its IP address. It is a movement from one IP subnet to another.

MIP deals with movement by changing identity from location to location. MIP provides each Mobile Node (MN) with two addresses: a permanent (long-term) address that works as its identity, called the Home Address (HA), and a temporary (short-term) address that identifies location called the Care-of Address (CoA). The HA remains fixed, while the CoA freely changes according to the location of the node. MIP provides a mechanism to map between the two addresses dynamically. A moving machine (Mobile Node) changes its CoA each time it moves from one subnet to another, but it maintains its HoA and uses it to provide any node communicating with it, called a Correspondent Node (CN) with a stable destination address.

The mapping between the HoA and the CoA is called binding and is the concept of underlying MIP. The message that establishes the binding is called a Binding Update (BU). A table that tracks bindings is called a Binding Cache (BC). Sending Binding Updates and maintaining Binding Caches is the essence of MIP. All other aspects of the MIP protocol are to scale, secure, optimize and generally enhance the way bindings are established and used.

At its home network the MN uses its address (HA) in the standard fashion. MIPv6 checks upon movement detection. When the MN notices that its current default router has disappeared so it can no longer hear the router's advertisements and that a new router is now detected which concludes that it has “moved” and it will use the new prefix which is subnet ID to configure a new address (CoA) that belongs to the new subnet. It then sends a BU to a special router on the home link called the Home Agent (HA) telling it that the HA it “owns” is now bound to that new CoA. The HA records the mapping between the HoA and the CoA in its BC. Adding an entry to the BC is called registration

MIPL consists of two components: a kernel-space component, in the form of a kernel patch, and a user-space component, in the form of a Mobility Daemon (mip6d). The daemon implements most of the functionality. It discovers location, detects movement, sends and processes BUs and maintains the BC. The MIPL patch adds, for example, support for the Mobility Header protocol (MH), which is the IPv6 extension header that transports BUs and Binding Acknowledgments (BAs) and other binding-related messages.

1. 
   NET_KEY, NET_KEY_MIGRATE add Internet Key Exchange (IKE) support that is needed for dynamically configuring IPsec. IPsec can be used optionally to secure MIPv6.
   
2. 
   IPV6_MIP6: this adds support for the Mobility Header (MH) protocol and can attach the headers on demand.
   
3. 
   IPV6_MULTIPLE_TABLES: this adds support for policy routing
   
4. 
   IPV6_SUBTREES: this adds source routing support, which is needed for sending traffic directly to the Mobile Node (without passing through the Home Network)
   
5. 
   IPV6_TUNNEL: IPv6 in IPv6 tunnel, which is needed for the HA to MN communication.