Linux Ad-HOC Networking Home Networks are Fun Again Chris Gragsone [email_address] ERIS RESEARCH
What is Local-Link? <ul><li>Any grouping of hosts without requiring a router or gateway and are directly reachable </li></...
LAN Protocols <ul><li>Golden Age LAN Protocols </li></ul><ul><li>NetBeui (Windows Native) </li></ul><ul><li>Appletalk (Mac...
Why Local-Link? <ul><li>Same reasons LAN’s were fun </li></ul><ul><li>GAMES!!! </li></ul><ul><li>Printers </li></ul><ul><l...
Why Local-Link? (cont.) <ul><li>UPnP – SOHO/Firewalls devices </li></ul><ul><li>Zeroconf – Network Printers </li></ul>
Local-Link Architecture APPLICATION DISCOVERY NAMING APPLICATION TRANSPORT NETWORK DATA-LINK UPnP TCP/IP Local-Link Zeroco...
Primum non Nocere <ul><li>MUST NOT cause harm to the network </li></ul><ul><li>Zeroconf protocols are designed to operate ...
Addressing Layer <ul><li>Automatic Private IP Assignment  RFC 3927 – (169.254/16 Prefix) </li></ul><ul><li>Selects a rando...
Addressing Layer (Cont.) New host connects to the local network. Attempts a DHCP request No DHCP Sever present to respond....
Addressing Layer (Cont.) New host connects to the local network. Attempts a DHCP request Another host on the network answe...
Addressing Layer (Cont.) New host connects to the local network. Attempts a DHCP request No one replies after multiple ARP...
Addressing Layer New host connects to the local network. Attempts a DHCP request Host selects a random IP address in the 1...
AutoIP with Avahi! <ul><li>avahi-autoipd –D  INTERFACE stand-alone or plugin for a DHCP client, where it can be used as fa...
Naming Layer <ul><li>Why? IP Addresses aren’t user-friendly, or in APIPA even significant. </li></ul><ul><li>What? Use .lo...
Naming Layer (Cont.) <ul><li>mDNS </li></ul><ul><li>Will attempt to resolve over centralized DNS servers if possible </li>...
Naming Layer (Cont.) <ul><li>Name Request </li></ul><ul><li>Node will attempt to resolve the name it wants, waiting for an...
Naming Layer (Cont.) alice.laptop wants to know who charlie.mac is. alice.laptop doesn’t have a DNS server in its configur...
Naming Layer (Cont.) alice.laptop wants to know who charlie.mac is. alice.laptop doesn’t have a DNS server in its configur...
Naming Layer (Cont.) bob.laptop wants to know who charlie.mac is. bob.laptop sends a request to 224.0.0.251:5353 udp.
Naming Layer (Cont.) bob.laptop wants to know who charlie.mac is. bob.laptop sends a request to 224.0.0.251:5353 udp. Sadl...
Naming Layer (Cont.) bob.laptop wants to know who charlie.mac is. bob.laptop sends a request to 224.0.0.251:5353 udp. Sadl...
Naming Layer (Cont.) <ul><li>Common Issue… </li></ul><ul><li>If alice and bob are in two different ip assignments (ie. 10....
mDNS with Avahi! <ul><li>mDNS With Avahi! </li></ul><ul><li>Avahi-daemon Launch and go for mDNS and DNS-SD </li></ul><ul><...
mDNS with Avahi! (Cont.) <ul><li>/etc/avahi/hosts Useful for publishing static addresses for   other hosts Formatted like ...
mDNS with Avahi (Cont.) <ul><li>Avahi-resolve --name  HOST-NAME   </li></ul><ul><li>Avahi-resolve --address  ADDRESS </li>...
Discovery Layer <ul><li>Why? </li></ul><ul><li>Imagine never needing to Portscan :D </li></ul><ul><li>Port numbers are bor...
Discovery Layer (Cont.) <ul><li>DNS-Service Discovery (DNS-SD) </li></ul><ul><li>Service discovery, mDNS style </li></ul><...
DNS-SD with Avahi <ul><li>Avahi-daemon Launch and go for mDNS and DNS-SD /etc/avahi/avahi-daemon.conf  </li></ul><ul><li>/...
DNS-SD with Avahi (Cont.) <ul><li>Avahi-browse </li></ul><ul><li>Avahi-discover </li></ul><ul><li>diagnostics tools </li><...
Bookmarks via DNS-SD <ul><li>Broadcasting Bookmarks via DNS-SD </li></ul>
Bookmarks via DNS-SD (Cont.) <ul><li>To see the bookmarks: avahi-bookmarks then goto  http://localhost:8080/ </li></ul>
Application Layer <ul><li>Universal Plug and Play (UPnP) </li></ul><ul><li>XML-SOAP </li></ul><ul><li>Standard Multi-Vendo...
Implementations <ul><li>UPnP </li></ul><ul><li>Bonjour, formally known as  Rendezvous (Mac and Windows) </li></ul><ul><li>...
Security Concerns <ul><li>Denial of Service Prevent people from obtaining IP addresses or Host names </li></ul><ul><li>Spo...
Security Concerns <ul><li>OpenPGP or X.509 certificates? </li></ul><ul><li>Signed by trusted computing? </li></ul><ul><li>...
Questions? <ul><li>More Resources </li></ul><ul><li>RFC 2608 Service Location Protocol </li></ul><ul><li>RFC 3927 Dynamic ...
This presentation can be found at ERISresearch.org ERIS Research Internet Society <ul><li>This work is licensed under the ...
Upcoming SlideShare
Loading in …5
×

Ad-Hoc Networking in Linux with Avahi

6,218 views

Published on

Presentation on Ad-Hoc Networking in Linux with Avahi given at CaLUG

How to implement mDNS technology (like Apple's Bonjour) in Linux using Avahi

Published in: Technology

Ad-Hoc Networking in Linux with Avahi

  1. 1. Linux Ad-HOC Networking Home Networks are Fun Again Chris Gragsone [email_address] ERIS RESEARCH
  2. 2. What is Local-Link? <ul><li>Any grouping of hosts without requiring a router or gateway and are directly reachable </li></ul><ul><li>Local Area Networks </li></ul><ul><li>Workgroups </li></ul><ul><li>Peer Networks </li></ul><ul><li>Ad-Hoc Networks </li></ul><ul><li>Broadcast Domains </li></ul>
  3. 3. LAN Protocols <ul><li>Golden Age LAN Protocols </li></ul><ul><li>NetBeui (Windows Native) </li></ul><ul><li>Appletalk (Mac Native) </li></ul><ul><li>IPX/SPX (Novell) </li></ul><ul><li>TCP/IP Local-Link Protocols </li></ul><ul><li>UPnP (Windows Native) </li></ul><ul><li>Zeroconf (Mac Native “Bonjour”) </li></ul><ul><li>SLP (Smells Like P…Novell) </li></ul>
  4. 4. Why Local-Link? <ul><li>Same reasons LAN’s were fun </li></ul><ul><li>GAMES!!! </li></ul><ul><li>Printers </li></ul><ul><li>Entertainment and Home Automation </li></ul><ul><li>Ad-Hoc and Disposable Networks </li></ul><ul><li>Digital Living Network Alliance </li></ul>
  5. 5. Why Local-Link? (cont.) <ul><li>UPnP – SOHO/Firewalls devices </li></ul><ul><li>Zeroconf – Network Printers </li></ul>
  6. 6. Local-Link Architecture APPLICATION DISCOVERY NAMING APPLICATION TRANSPORT NETWORK DATA-LINK UPnP TCP/IP Local-Link Zeroconf DNS-SD mDNS APIPA UPnP APIPA SLP ADDRESSING SLP SSDP
  7. 7. Primum non Nocere <ul><li>MUST NOT cause harm to the network </li></ul><ul><li>Zeroconf protocols are designed to operate nicely or in concert with managed networks. </li></ul><ul><li>Each layer is “á la cart,” operating entirely ad-hoc, hybrid with managed infrastructure, or disabled. </li></ul>
  8. 8. Addressing Layer <ul><li>Automatic Private IP Assignment RFC 3927 – (169.254/16 Prefix) </li></ul><ul><li>Selects a random host IP falling inside the Private IP range. </li></ul><ul><li>Checks that the IP is unused via an Arp request </li></ul><ul><li>Sends a Claiming-ARP to clean stale caches </li></ul>
  9. 9. Addressing Layer (Cont.) New host connects to the local network. Attempts a DHCP request No DHCP Sever present to respond. DHCP Request time out.
  10. 10. Addressing Layer (Cont.) New host connects to the local network. Attempts a DHCP request Another host on the network answers the ARP request. New host now knows that IP address is taken. Host selects a random IP address in the 169.254.0.0/16 range. Performs an ARP request
  11. 11. Addressing Layer (Cont.) New host connects to the local network. Attempts a DHCP request No one replies after multiple ARP requests. New host has assurances that the IP is available. Host selects a random IP address in the 169.254.0.0/16 range. Performs an ARP request Host selects a new IP address in the 169.254.0.0/16 range. Performs an ARP request for the new IP
  12. 12. Addressing Layer New host connects to the local network. Attempts a DHCP request Host selects a random IP address in the 169.254.0.0/16 range. Performs an ARP request Host selects a new IP address in the 169.254.0.0/16 range. Performs an ARP request for the new IP Host assigns itself the IP address. Begins answering ARP requests.
  13. 13. AutoIP with Avahi! <ul><li>avahi-autoipd –D INTERFACE stand-alone or plugin for a DHCP client, where it can be used as fallback solution if no DHCP server is found </li></ul>
  14. 14. Naming Layer <ul><li>Why? IP Addresses aren’t user-friendly, or in APIPA even significant. </li></ul><ul><li>What? Use .local or .home TLD’s to replace IP addresses </li></ul><ul><li>How? Magic…err, Multicast-DNS (mDNS) </li></ul>
  15. 15. Naming Layer (Cont.) <ul><li>mDNS </li></ul><ul><li>Will attempt to resolve over centralized DNS servers if possible </li></ul><ul><li>Failing that a DNS request will be sent to a multicast address on UDP 5353 </li></ul>
  16. 16. Naming Layer (Cont.) <ul><li>Name Request </li></ul><ul><li>Node will attempt to resolve the name it wants, waiting for an answer. If the name is available, it will send out an mDNS answer. </li></ul><ul><li>Nodes will cache mDNS replies to save bandwidth and will answer requests for hosts that are temporarily unavailable. </li></ul>
  17. 17. Naming Layer (Cont.) alice.laptop wants to know who charlie.mac is. alice.laptop doesn’t have a DNS server in its configuration. If alice.laptop was making a request to charlie.local, then normal DNS would automatically be skipped. alice.laptop sends a request to 224.0.0.251:5353 udp. While everyone on the network receives the request, only charlie.mac currently knows his address.
  18. 18. Naming Layer (Cont.) alice.laptop wants to know who charlie.mac is. alice.laptop doesn’t have a DNS server in its configuration. If alice.laptop was making a request to charlie.local, then normal DNS would automatically be skipped. alice.laptop sends a request to 224.0.0.251:5353 udp. While everyone on the network receives the request, only charlie.mac currently knows his address. Once charlie.mac replies to 224.0.0.251.5353 Then everyone else caches the responce
  19. 19. Naming Layer (Cont.) bob.laptop wants to know who charlie.mac is. bob.laptop sends a request to 224.0.0.251:5353 udp.
  20. 20. Naming Layer (Cont.) bob.laptop wants to know who charlie.mac is. bob.laptop sends a request to 224.0.0.251:5353 udp. Sadly, charlie.mac is currently rebooting
  21. 21. Naming Layer (Cont.) bob.laptop wants to know who charlie.mac is. bob.laptop sends a request to 224.0.0.251:5353 udp. Sadly, charlie.mac is currently rebooting Luckily, dave.pc has it stored in cache
  22. 22. Naming Layer (Cont.) <ul><li>Common Issue… </li></ul><ul><li>If alice and bob are in two different ip assignments (ie. 10.0.0.0/8 and 169.254.0.0/16), but on the same broadcast domain. They’ll be able to resolve each other, but unable to connect unless there is a router handling the relationship. </li></ul>
  23. 23. mDNS with Avahi! <ul><li>mDNS With Avahi! </li></ul><ul><li>Avahi-daemon Launch and go for mDNS and DNS-SD </li></ul><ul><li>/etc/avahi/avahi-daemon.conf works out of the box as expected fun things start here… </li></ul>
  24. 24. mDNS with Avahi! (Cont.) <ul><li>/etc/avahi/hosts Useful for publishing static addresses for other hosts Formatted like /etc/hosts remember to suffix entries with .local </li></ul><ul><li>avahi-publish -a HOST-NAME ADDRESS short term static address publishing </li></ul><ul><li>avahi-set-host-name HOST-NAME rename your host for a short term </li></ul>
  25. 25. mDNS with Avahi (Cont.) <ul><li>Avahi-resolve --name HOST-NAME </li></ul><ul><li>Avahi-resolve --address ADDRESS </li></ul><ul><li>diagnostics tools </li></ul><ul><li>if applications are working as expect, then you won’t need to run these. </li></ul>
  26. 26. Discovery Layer <ul><li>Why? </li></ul><ul><li>Imagine never needing to Portscan :D </li></ul><ul><li>Port numbers are boring </li></ul><ul><li>Network Awareness, I want to know if the network I’m on has a web server… </li></ul><ul><li>How? </li></ul><ul><li>DNS-SD </li></ul><ul><li>SSDP </li></ul><ul><li>SLP </li></ul>
  27. 27. Discovery Layer (Cont.) <ul><li>DNS-Service Discovery (DNS-SD) </li></ul><ul><li>Service discovery, mDNS style </li></ul><ul><li>raison d'être of Zeroconf </li></ul>
  28. 28. DNS-SD with Avahi <ul><li>Avahi-daemon Launch and go for mDNS and DNS-SD /etc/avahi/avahi-daemon.conf </li></ul><ul><li>/etc/avahi/services/*.service useful for publishing static services XML files </li></ul><ul><li>avahi-publish -s NAME SERVICE-TYPE PORT short term static service announcements </li></ul>
  29. 29. DNS-SD with Avahi (Cont.) <ul><li>Avahi-browse </li></ul><ul><li>Avahi-discover </li></ul><ul><li>diagnostics tools </li></ul><ul><li>if applications are working as expect, then you won’t need to run these. </li></ul>
  30. 30. Bookmarks via DNS-SD <ul><li>Broadcasting Bookmarks via DNS-SD </li></ul>
  31. 31. Bookmarks via DNS-SD (Cont.) <ul><li>To see the bookmarks: avahi-bookmarks then goto http://localhost:8080/ </li></ul>
  32. 32. Application Layer <ul><li>Universal Plug and Play (UPnP) </li></ul><ul><li>XML-SOAP </li></ul><ul><li>Standard Multi-Vendor Language </li></ul>
  33. 33. Implementations <ul><li>UPnP </li></ul><ul><li>Bonjour, formally known as Rendezvous (Mac and Windows) </li></ul><ul><li>Avahi (FOSS) </li></ul><ul><ul><li>Avahi-autoipd </li></ul></ul><ul><ul><li>Avahi-deamon </li></ul></ul><ul><ul><li>Avahi-discover </li></ul></ul><ul><ul><li>Avahi-utils </li></ul></ul>
  34. 34. Security Concerns <ul><li>Denial of Service Prevent people from obtaining IP addresses or Host names </li></ul><ul><li>Spoofing Host name spoofing, Address spoofing, just as easy as ARP spoofing. </li></ul><ul><li>Man in the Middle attacks </li></ul><ul><li>Open-Disclosure of Assets </li></ul><ul><li>Expects others to be playing nice </li></ul>
  35. 35. Security Concerns <ul><li>OpenPGP or X.509 certificates? </li></ul><ul><li>Signed by trusted computing? </li></ul><ul><li>I <3 Trusted computing </li></ul>
  36. 36. Questions? <ul><li>More Resources </li></ul><ul><li>RFC 2608 Service Location Protocol </li></ul><ul><li>RFC 3927 Dynamic Configuration of IPv4 Link-Local Addresses </li></ul><ul><li>http://www.zeroconf.org/ </li></ul><ul><li>http://www.multicastdns.org/ </li></ul><ul><li>http://www.dns-sd.org/ </li></ul><ul><li>http://www.upnp.org/ </li></ul><ul><li>http://developer.apple.com/networking/bonjour/ </li></ul>
  37. 37. This presentation can be found at ERISresearch.org ERIS Research Internet Society <ul><li>This work is licensed under the Creative Commons Attribution-Noncommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/us/ or send a letter to </li></ul><ul><ul><li>Creative Commons 171 Second Street Suite 300 San Francisco California, 94105, USA. </li></ul></ul>

×