master-thesis/doc/plan.org
2019-03-27 13:49:39 +01:00

1490 lines
99 KiB
Org Mode
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

* Time table / log
| When? | What? | Notes |
| 2019-02-21 | Kick-Off | x |
| | Finish all admin points | x |
| | Know when/how to coordinate | x |
| 2019-02-21 | Clarifications Ueli Maurer (Mentor) | x |
| | Write mail / phone | x |
| 2019-02-22 | Have all papers handed in | |
| | | |
| 2019-02-22 | Have rough definition of tasks | x |
| | | |
| 2019-02-23 | python2 / ipaddress is buggy | x |
| | p4utils is python2 only support | |
| | bmpy_utils is not installable with pip | |
| | python2 / latest ipaddress==1.0.22 still has the bug | |
| | ipaddress.ip_network("2001:db8:61::/64") | |
| | IPv6Network(u'3230:3031:3a64:6238:3a36:313a:3a2f:3634/128') | |
| | | |
| | egress routing | x |
| | | |
| 2019-02-24 | non reliable neighbor entries / flushing addresses puts into failed | |
| | | |
| | | |
| 2019-02-28 | Meet Laurent #2 | |
| | - Status | |
| | * Setup base code | |
| | * Parser for all protocols (udp,tcp,icmp,icmp6) | |
| | * Started with icmp translation | |
| | * Investigating into IPv6 based checksums | |
| | * Reading into various RFCs, NDP, MLD | |
| | * Reading about multicast / trying to figure out dynamic membership | |
| | | |
| | - Challenges | |
| | * Some issues with python2 (ipaddr) - slowing down | x |
| | https://github.com/phihag/ipaddress/issues/46 | |
| | * Forwarded and received icmp6 packets are not "accepted" | |
| | | |
| | - Questions | |
| | * Multicast: in controller | x |
| | * Re-using code (lee howard) -> ok & mention | x |
| | * A lot of redundant code / different tables / repeating: use if's | x |
| | * 65k parsing is insane | x |
| | | |
| | - Next steps: | |
| | * Supporting MLD | |
| | * Save stuff in the controller | |
| | * checkout ipaddr bug / status | |
| | * Variable length / icmp6 in the controller | |
| | * Go simple... | |
| | * Meeting Edgar & Alexander week after | |
| | * Summary on Slack | |
| | * 1130 meeting now | |
| | | |
| | | |
| 2019-03-01 | Feature list / priority list / roadmap clear | x |
| | Joining P4 Slack | |
| | | |
| 2019-03-03 | icmp6 revised: | |
| | - add address to table for forwarding to controller | x |
| | - select correct format for forwarding | |
| | - decode in controller | |
| | - send back to switch | |
| | - test with host | |
| | | |
| 2019-03-06 | Meet Laurent #3 | |
| | - Checksum's in scapy | x |
| | - Python2 ipaddress fix (import future) | x |
| | - Added custom package format / additional information in packet | x |
| | - (partial) NDP working in controller | x |
| | - P4 checksum_with_payload | x |
| | - Reading scapy / inet6 | x |
| | - Further checksum tests -> required everywhere in IPv6 | x |
| | - icmp6 echo request working in controller | x |
| | - Hosts can ping6 the switch | x |
| | - Ran into P4 casting bug: https://github.com/p4lang/p4c/issues/1765 | x |
| | -> seems to be more than just casting bug | x |
| | - Default route for ipv6 hosts | x |
| | | |
| | Next target: | |
| | - Focus on enabling the "Internet" with ICMP6 translation | x |
| | | |
| | Next steps: | |
| | - Investigate again into checksumming with payload in P4 | x |
| | - Answering icmp6 echo request *in* in the switch | x |
| | - Translate icmp6 to icmp | x |
| | - Translate icmp to icmp6 | |
| | - Multiple branches: | x |
| | * Work on checksumming / p4 | x |
| | * Work on metadata passing / p4 | x |
| | * Work on static mapping (w/ incorrect checksum) 1:1 | |
| | * v1model/ | |
| | | |
| | Notes: | |
| | * Edgar back on Friday // check tofino checksumming | |
| | * Bugs mentioning in thesis | |
| | * Maybe run static mapping on tofino / p4_14 | |
| | * Tofino p4_16: alpha compiler | |
| | * Send recap / mail next week | |
| | * week after 1130 Thursday | |
| | | |
| 2019-03-07 | ICMP6 checksumming works!!! | x |
| | -> more fields needed to be included! | |
| | | |
| 2019-03-13 | Tried/trying to get vagrant VM or P4* running on the notebook | |
| | | |
| 2019-03-14 | NAT64 static rewrite | |
| | - table support | |
| | - checksum not yet ported for translations | |
| | - how to get mask from lpm table match? | |
| | - how to get network from lpm match? | |
| | - Create p4lang/p4-spec bug | |
| | https://github.com/p4lang/p4-spec/issues/745 | |
| | | |
| 2019-03-21 | Meet Laurent #4 - post poned - sick | |
| | https://github.com/p4lang/p4-spec/issues/660 sizeof() missing | |
| | | |
| | - Need to introduce new headers | |
| | - Might need deeper parsing for icmp6_ns | |
| | - Need hwaddr in icmp6_na | |
| | - Need to find out how to handle imcp6 options after target address | |
| | | |
| 2019-03-23 | Parsing down to link layer option | |
| | Parsing on wrong field detected by unset fields in wireshark | |
| | Correcting parser->leads to incorrect checksum | |
| | - NDP is answered to, but icmp6 echo request isn't -> extend table | |
| | | |
| | Problem with multiple LPM keys in table | |
| | - logical problem, overlapping length matches | |
| | - priority / ordering would be helpful | |
| | | |
| | | |
| 2019-03-25 | | |
| | Writing down double LPM problem | |
| | Removing source network support, documenting limitation | |
| | Rewriting code to use multiple NAT64 destinations | |
| | New test.py v6_static_mapping tests | |
| | | |
| | Again checksum errors in NDP answer | |
| | Added debug code to send table ID towards controller | |
| | | |
| 2019-03-26 | | |
| | Find out where packet is stuck | |
| | | |
| 2019-03-28 | Meet Laurent #4 | |
| | - Router solicitation for finding router on startup! | |
| | - test.py for TDD | |
| | - Parsing icmp6 is not enough - one layer deeper | |
| | | |
| | | |
| 2019-03-30 | NAT64 1:1 table ICMP, ICMPv6 working | |
| | Will need some switch local ip addresses | |
| | | |
| | | |
| 2019-04-12 | NAT64 1:1 table TCP/UDP working | |
| | | |
| | | |
| 2019-03-29 | Jool SIIT / range / offset support https://www.jool.mx/en/run-vanilla.html | |
| | Jool EAMT support https://www.jool.mx/en/run-eam.html | |
| | Bidirectional support | |
| | Will need IPv6 embedding suport https://tools.ietf.org/html/rfc6052 | |
| | | |
| 2019-04-05 | NAT64 prefix based IPv6->IPv4 conversion [tayga] | |
| | Use case: IPv6 hosts send to specific /96 | |
| | | |
| 2019-04-19 | NAT64 dynamic pool implementation: n:m ipv6 to ipv4 mapping | |
| | And n:1 stateful mappings https://www.jool.mx/en/run-nat64.html | |
| | Needs active controller | |
| | Needs timeout / leases | |
| | | |
| 2019-05-10 | Benmarking results between P4, Jool, Tayga | |
| | Real hardware of advantage | |
| | | |
| | | |
| | | |
| | | |
| 2019-08-01 | Latest start writing documentation | |
| 2019-08-21 | hand in thesis | |
* Topics / Tasks
** Thesis implementation
*** DONE Setup test VM for P4: 2a0a:e5c0:2:12:400:f0ff:fea9:c3e3
*** DONE Get feature list of jool
*** DONE Get feature list of tayga
*** DONE Setup P4 base / structure
*** DONE Create minimal controller for populating tables
*** DONE Checkout / review egress settings
*** DONE Create Basis to translate ipv6 --> ipv4 with a (freely programmable) prefix; test ping6_switch
**** DONE Insert prefix into switch: v6_networks
**** DONE Support multiple ipv6 source networks: need new table w/ 2 keys! -> not at the moment
**** DONE Write test.py to generate correct destination packets
>>> a = ipaddress.ip_network("2001:db8::/32")
>>> b = ipaddress.ip_address("10.0.0.1")
>>> a[int(b)]
IPv6Address('2001:db8::a00:1')
**** DONE Using test.py, new NDP packets been seen, bur zero icmp on the outgoing side
p4@ubuntu:~/master-thesis/p4app$ python test.py --method v6_static_mapping --debug
INFO:main:Trying to reach 10.0.0.1 (64:ff9b::a00:1) from h1
sudo: unable to resolve host ubuntu
PING 64:ff9b::a00:1(64:ff9b::a00:1) 56 data bytes
--- 64:ff9b::a00:1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
p4@ubuntu:~/master-thesis/p4app$
\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x00\n\xff\xfe\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x87\x00\x08+\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=ICMP6_GENERAL ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x00\n\xff\xfe\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x87\x00\x08+\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:reassambled=<Ether dst=00:00:0a:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=2001:db8::42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x82b res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:INCOMING: <Ether dst=00:00:0a:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x02\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x00\n\xff\xfe\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x87\x00\x08+\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=ICMP6_GENERAL ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x00\n\xff\xfe\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x87\x00\x08+\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:reassambled=<Ether dst=00:00:0a:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=2001:db8::42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x82b res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:INCOMING: <Ether dst=00:00:0a:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x02\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x00\n\xff\xfe\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x87\x00\x08+\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=ICMP6_GENERAL ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x00\n\xff\xfe\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x87\x00\x08+\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:reassambled=<Ether dst=00:00:0a:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=2001:db8::42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x82b res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
**** DONE Debug why neighbor discover does not work anymore
***** log
p4@ubuntu:~$ mx h1 tcpdump -lni any
sudo: unable to resolve host ubuntu
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
19:57:53.258805 IP6 fe80::200:aff:fe00:1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8::42, length 32
19:57:54.256924 IP6 2001:db8::1 > 2001:db8::1: ICMP6, destination unreachable, unreachable address 64:ff9b::a00:1, length 112
EBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x00\n\xff\xfe\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x007\xdf\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x00\n\xff\xfe\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x007\xdf\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x37df res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
INFO:main:Doing neighbor solicitation
DEBUG:main:OUTGOING: <Ether dst=00:00:0a:00:00:01 src=00:00:0a:00:00:42 type=0x86dd |<IPv6 nh=ICMPv6 hlim=255 src=2001:db8::42 dst=fe80::200:aff:fe00:1 |<ICMPv6ND_NA cksum=None R=0 S=1 tgt=2001:db8::42 |<ICMPv6NDOptDstLLAddr lladdr=00:00:0a:00:00:42 |>>>>
DEBUG:main:INCOMING: <Ether dst=00:00:0a:00:00:01
src=00:00:0a:00:00:42 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32
nh=ICMPv6 hlim=255 src=2001:db8::42
dst=fe80::200:aff:fe00:1 |<ICMPv6ND_NA type=Neighbor Advertisement
code=0 cksum=0xa5e9 R=0 S=1 O=1 res=0x0
tgt=2001:db8::42 |<ICMPv6NDOptDstLLAddr type=2 len=1
lladdr=00:00:0a:00:00:42 |>>>>
After removing noise:
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x37df res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x37df res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x13a7 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x13a7 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x13a7 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
***** Do we have routing for fe80::/10? Probably not. Shouldn't we see it in the controller then?
***** NDP is controller only!
**** DONE Finish NDP in switch
***** DONE Need to set R/S/O bits
***** DONE Need to parse R/S/O bits
**** DONE Maybe merge v6_address and v6_networks - /128 is the same
**** DONE Implement address learning? -> not at the moment
**** DONE Not sure whether we should react on router solicitation -> not at the moment
- Using static routes -> should do the job
**** DONE Implement the calculation
Currently offset + ip address
**** DONE Sketch the flow for session handling for icmp6 w/o packet loss
- switch receives icmp6 packet for known prefix
- controller needs to create session entry (?)
Not sure what I meant to do here - closing.
**** DONE Create table entry for mapping v4->v6 [net]
**** DONE Create table entry for mapping v6->v4 [net]
*** TODO Implement ICMP <-> ICMP6 translation
**** 2019-02-28 / icmp testing / first NDP steps
***** pinging in router mode: nothing shown in the controller, multicast forwarded -> "ok"
root@ubuntu:~/master-thesis/p4app# ping6 -c1 2001:db8:61::42
PING 2001:db8:61::42(2001:db8:61::42) 56 data bytes
From 2001:db8:61::1 icmp_seq=1 Destination unreachable: Address unreachable
--- 2001:db8:61::42 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
root@ubuntu:~/master-thesis/p4app#
sudo: unable to resolve host ubuntu
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:47:07.191569 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
09:47:08.190331 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
09:47:09.190279 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
***** DONE special rule for ff02::1:ff00:42
Semi works, replies are there, but host still retries:
p4@ubuntu:~/master-thesis$ h=1; mx h$h tcpdump -lni h$h-eth0
sudo: unable to resolve host ubuntu
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:58:04.786979 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
09:58:04.793560 IP6 2001:db8:61::42 > 2001:db8:61::1: ICMP6, neighbor advertisement, tgt is 2001:db8:61::42, length 32
09:58:05.786311 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
09:58:05.790506 IP6 2001:db8:61::42 > 2001:db8:61::1: ICMP6, neighbor advertisement, tgt is 2001:db8:61::42, length 32
09:58:06.786254 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
09:58:06.792325 IP6 2001:db8:61::42 > 2001:db8:61::1: ICMP6, neighbor advertisement, tgt is 2001:db8:61::42, length 32
Maybe checksums?
**** DONE Parse icmp
**** DONE Parse icmpv6
**** DONE Add (static) egress configuration
**** DONE Calculate ICMP6 checksums in controller
***** Need to include the payload!?!!
**** DONE Implement minimal neighbor discovery in controller
***** DONE For the switch
****** DONE Register IPv6 address in table
****** DONE Parse ICMPv6 up to neighbor solicitation -> no: checksum problem
****** DONE Use NDP (Neighbor Solicitation (NDP) , Neighbor Advertisement (NDP)) -> no: controller
****** Approach 2: use cpu header, forward information to controller
****** DONE Fix the ip address match/mapping: 42 -> 2a -> use hex originally
****** DONE Find out why wrong type is used -> overlapping with NDP
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
p=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=DEBUG ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:Debug purpose only
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
p=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=DEBUG ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:Debug purpose only
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
p=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=DEBUG ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:Debug purpose only
****** Disable debug by default -> gives correct packets
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:Doing neighbor solicitation
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:Doing neighbor solicitation
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:Doing neighbor solicitation
***** DONE For other nodes -> multicast
***** TODO Maybe implement link local addresses (missing at the moment)
****** ff02::/??
****** rfc4861
"Neighbor Solicitation messages are multicast to the solicited-node
multicast address of the target address."
****** DONE multicasting / groups
******* create a group ("node") that contains "all other" ports
******* create a multicast group with an ID
******* associate the "node" with the multicast group ID
***** If destination is within ff02::1:ff00:0/104, multicast
**** DONE Make switch answer icmp6 echo request for
**** DONE Introduce mixed mode: switch: icmp6 echo reply, controller: NDP
***** DONE try 1: reply seen, but checksum is incorrect
***** DONE try 2: analysing tagya checksumming code
static uint16_t ip6_checksum(struct ip6 *ip6, uint32_t data_len, uint8_t proto)
{
uint32_t sum = 0;
uint16_t *p;
int i;
for (i = 0, p = ip6->src.s6_addr16; i < 16; ++i)
sum += *p++;
sum += htonl(data_len) >> 16;
sum += htonl(data_len) & 0xffff;
sum += htons(proto);
while (sum > 0xffff)
sum = (sum & 0xffff) + (sum >> 16);
return ~sum;
}
static uint16_t convert_cksum(struct ip6 *ip6, struct ip4 *ip4)
{
uint32_t sum = 0;
uint16_t *p;
int i;
sum += ~ip4->src.s_addr >> 16;
sum += ~ip4->src.s_addr & 0xffff;
sum += ~ip4->dest.s_addr >> 16;
sum += ~ip4->dest.s_addr & 0xffff;
for (i = 0, p = ip6->src.s6_addr16; i < 16; ++i)
sum += *p++;
while (sum > 0xffff)
sum = (sum & 0xffff) + (sum >> 16);
return sum;
}
...
static int xlate_payload_4to6(struct pkt *p, struct ip6 *ip6)
{
uint16_t *tck;
uint16_t cksum;
if (p->ip4->flags_offset & htons(IP4_F_MASK))
return 0;
switch (p->data_proto) {
case 1:
cksum = ip6_checksum(ip6, htons(p->ip4->length) -
p->header_len, 58);
cksum = ones_add(p->icmp->cksum, cksum);
if (p->icmp->type == 8) {
p->icmp->type = 128;
p->icmp->cksum = ones_add(cksum, ~(128 - 8));
} else {
p->icmp->type = 129;
p->icmp->cksum = ones_add(cksum, ~(129 - 0));
}
return 0;
**** DONE Add default route for v6 hosts
p4@ubuntu:~/master-thesis$ mx h1 ip -6 r
sudo: unable to resolve host ubuntu
2001:db8::/64 dev h1-eth0 proto kernel metric 256 pref medium
fe80::/64 dev h1-eth0 proto kernel metric 256 pref medium
default via 2001:db8::42 dev h1-eth0 metric 1024 pref medium
p4@ubuntu:~/master-thesis$
**** TODO ping6ing an emulated ipv6 host / Translate icmp <-> icmp6: test v6_static_mapping
***** DONE try1: only packets on h1 + controller -> wrong checksum 2019-03-25
+ filename=static_nat64-2019-03-25-1121-h1.pcap
+ intf=h1-eth0
+ mx h1 tcpdump -ni h1-eth0 -w static_nat64-2019-03-25-1121-h1.pcap
tcpdump: listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C10 packets captured
10 packets received by filter
0 packets dropped by kernel
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x37df res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x37df res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x13a7 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x13a7 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x13a7 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
That looks like NDP is not working again. Why: checksum seems to be
incorrect according to wireshark. Why? Checksum is the SAME as in the
request -> probably not updated. After inserting marker: it's clear
that the checksum code DOES NOT work on the task field!
Problem: task field might be overriden for controller use in different
table -> need different task field!
***** TODO try2: checksum ok, but no packets on h3
****** DONE Setup a default rule for the IPv4 world to debug on controller
Still not seeing the converted packet, however seeing icmp6_ns packets
which should not be there:
table entry for ns:
ff:02:00:00:00:00:00:00:00:00:00:01:ff:00:00:42/128
debug packet seen in controller:
DEBUG:main:v6 reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x37df res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:v6 reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x37df res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:v6 reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x13a7 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:v6 reassambled=<Ether dst=00:00:0a:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=920946 plen=64 nh=ICMPv6 hlim=64 src=2001:db8::1 dst=2001:db8:1::a00:1 |<ICMPv6EchoRequest type=Echo Request code=0 cksum=0xf981 id=0x5f7c seq=0x1 data='N\xc6\x98\\\x00\x00\x00\x00\x12\x1b\t\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567' |>>>
debugging MIGHT come from nat64 table!
**** DONE Add table name support in debug messages
**** DONE Why getting IPv6 packets in
INFO:main:unhandled reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x37df res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> from table TABLE_V6_NETWORKS
INFO:main:unhandled reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x37df res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> from table TABLE_V6_NETWORKS
INFO:main:unhandled reassambled=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x13a7 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> from table TABLE_NAT64
INFO:main:unhandled reassambled=<Ether dst=00:00:0a:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=920946 plen=64 nh=ICMPv6 hlim=64 src=2001:db8::1 dst=2001:db8:1::a00:1 |<ICMPv6EchoRequest type=Echo Request code=0 cksum=0x3d1a id=0xade seq=0x1 data='\x1f\x92\x9a\\\x00\x00\x00\x00WU\x02\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567' |>>> from table TABLE_V4_NETWORKS
**** TODO Solve logic problem: Valid headers
- If ipv6 header is valid && nat64 will be made and afterwards v4 egress needs to be applied
- If ipv4 header is valid && nat46 will be made and afterwards v6 egress needs to be applied
**** TODO Check translated fields
***** DONE source correctly translated to 10.1.1.1
***** DONE destination correctly translated to 10.0.0.1 -> pings h3
***** DONE egress is correct, comes out at h3
***** TODO protocol 58 is wrong -> should be 1
**** TODO transform protocol specific: icmp6 -> icmp
**** TODO transform protocol specific: icmp -> icmp6
**** TODO Make switch answer IPv4 icmp echo request for
**** TODO Add / check default route for v4 hosts
*** TODO Get p4 VM / vagrant running
**** DONE install libvirtd-daemon
**** DONE install ebtables
**** DONE install dnsmasq
*** TODO Get p4c & co. running on the notebook
**** DONE mininet via packages
**** DONE p4c
(virtualenv-with-site) [17:43] line:build% make install
[ 0%] Built target update_includes
[ 0%] Built target linkgraphs
[ 0%] Built target linkbmv2
[ 0%] Built target linkp4cebpf
[ 0%] Built target linkp4test
[ 1%] Built target p4c_driver
[ 4%] Built target p4ctoolkit
[ 12%] Built target irgenerator
[ 14%] Generating IR class files
[ 14%] Built target genIR
[ 18%] Built target ir
[ 18%] Built target mkv1dirs
[ 18%] Built target mkp4dirs
[ 45%] Built target frontend
[ 51%] Built target midend
[ 51%] Built target mkP4configdir
[ 64%] Built target controlplane
[ 68%] Built target bmv2backend
[ 75%] Built target p4c-bm2-psa
[ 81%] Built target p4c-bm2-ss
[ 84%] Built target p4c-ebpf
[ 87%] Built target p4test
[ 90%] Built target p4c-graphs
[ 93%] Built target gtest
[100%] Built target gtestp4c
Install the project...
-- Install configuration: "RELEASE"
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4include
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4include/p4d2model.p4
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4include/v1model.p4
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4include/core.p4
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4include/psa.p4
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/bin/p4c
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4c_src
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4c_src/driver.py
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4c_src/util.py
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4c_src/config.py
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4c_src/__init__.py
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4c_src/main.py
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4c_src/p4c.bmv2.cfg
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4c_src/p4c.ebpf.cfg
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/bin/p4c-bm2-ss
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/bin/p4c-bm2-psa
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/bin/p4c-ebpf
-- Up-to-date: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4include
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/share/p4c/p4include/ebpf_model.p4
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/bin/p4test
-- Installing: /home/nico/vcs/master-thesis/support/p4c-installation/bin/p4c-graphs
(virtualenv-with-site) [0:42] line:build% ls /home/nico/vcs/master-thesis/support/p4c-installation/bin/
p4c p4c-bm2-psa p4c-bm2-ss p4c-ebpf p4c-graphs p4test
(virtualenv-with-site) [0:42] line:build%
**** TODO install behavioral-model
**** TODO Debug / reread the virtualbox script from the lecture
**** TODO Get p4c installed / running
https://github.com/p4lang/p4c
***** log
[16:31] line:p4c% git submodule update --init --recursive
root@line:~# apt install bison \
> build-essential \
> cmake \
> flex \
> g++ \
> libboost-dev \
> libboost-graph-dev \
> libboost-iostreams1.58-dev \
> libfl-dev \
> libgc-dev \
> libgmp-dev \
> pkg-config \
> python-ipaddr \
> python-pip \
> python-setuptools \
> tcpdump
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package libboost-iostreams1.58-dev is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'libboost-iostreams1.58-dev' has no installation candidate
root@line:~# apt install libpcap-dev libelf-dev llvm clang iproute2 net-tools
[16:33] line:p4c% . ~/vcs/master-thesis/support/virtualenv2/bin/activate
(virtualenv2) [16:35] line:p4c% pip install tenjin \
pyroute2 \
ply==3.8 \
scapy==2.4.0
***** Using newer version of libboost-iostreams1.58-dev
***** buidling
(virtualenv2) [16:36] line:p4c% mkdir build && \
cd build && \
cmake .. '-DCMAKE_CXX_FLAGS:STRING=-O3'
***** missing protobuf
(virtualenv2) [16:36] line:p4c% mkdir build && \
cd build && \
cmake .. '-DCMAKE_CXX_FLAGS:STRING=-O3'
cd build && \
cmake .. '-DCMAKE_CXX_FLAGS:STRING=-O3'-- The C compiler identification is GNU 8.3.0
-- The CXX compiler identification is GNU 8.3.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found PythonInterp: /home/nico/vcs/master-thesis/support/virtualenv2/bin/python (found version "2.7.16")
-- Found FLEX: /usr/bin/flex (found version "2.6.4")
-- Found BISON: /usr/bin/bison (found suitable version "3.3.2", minimum required is "3.0.2")
CMake Error at /usr/share/cmake-3.13/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find Protobuf (missing: Protobuf_INCLUDE_DIR) (Required is at
least version "3.0.0")
Call Stack (most recent call first):
/usr/share/cmake-3.13/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake-3.13/Modules/FindProtobuf.cmake:595 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
CMakeLists.txt:81 (find_package)
-- Configuring incomplete, errors occurred!
See also "/home/nico/vcs/master-thesis/support/p4c/build/CMakeFiles/CMakeOutput.log".
See also "/home/nico/vcs/master-thesis/support/p4c/build/CMakeFiles/CMakeError.log".
(virtualenv2) [16:36] line:build% apt search protobuf
(virtualenv2) [16:38] line:build% sudo apt install python-protobuf protobuf-compiler
(virtualenv2) [16:38] line:build% cmake .. '-DCMAKE_CXX_FLAGS:STRING=-O3'
-- Found Protobuf: /usr/lib/x86_64-linux-gnu/libprotobuf.a;-lpthread (found suitable version "3.6.1", minimum required is "3.0.0")
-- Boost version: 1.67.0
-- Found the following Boost libraries:
-- iostreams
-- regex
-- Found LibGc: /usr/lib/x86_64-linux-gnu/libgccpp.so (found suitable version "7.6.4", minimum required is "7.2.0")
-- Found Threads: TRUE
-- Found LibGmp: /usr/lib/x86_64-linux-gnu/libgmpxx.so
-- Looking for clock_gettime in rt
-- Looking for clock_gettime in rt - found
-- Looking for execinfo.h
-- Looking for execinfo.h - found
-- Looking for ucontext.h
-- Looking for ucontext.h - found
-- Looking for C++ include cxxabi.h
-- Looking for C++ include cxxabi.h - found
-- Looking for memchr
-- Looking for memchr - found
-- Looking for pipe2
-- Looking for pipe2 - found
-- Looking for GC_print_stats
-- Looking for GC_print_stats - found
-- Found PY_difflib: /usr/lib/python2.7/difflib.pyc
-- Found PY_shutil: /usr/lib/python2.7/shutil.pyc
-- Found PY_tempfile: /usr/lib/python2.7/tempfile.pyc
-- Found PY_subprocess: /usr/lib/python2.7/subprocess.pyc
-- Found PY_re: /home/nico/vcs/master-thesis/support/virtualenv2/lib/python2.7/re.pyc
-- Could NOT find Doxygen (missing: DOXYGEN_EXECUTABLE)
-- Program 'simple_switch_CLI' (https://github.com/p4lang/behavioral-model.git) not found;
Searched .
Will not run BMv2 tests. (missing: SIMPLE_SWITCH SIMPLE_SWITCH_CLI)
-- Program 'psa_switch_CLI' (https://github.com/p4lang/behavioral-model.git) not found;
Searched .
Will not run PSA BMv2 tests. (missing: PSA_SWITCH PSA_SWITCH_CLI)
-- Performing Test _HAVE_OPTION_Wall_
-- Performing Test _HAVE_OPTION_Wall_ - Success
-- Performing Test _HAVE_OPTION_Wextra_
-- Performing Test _HAVE_OPTION_Wextra_ - Success
-- Performing Test _HAVE_OPTION_Wnooverloadedvirtual_
-- Performing Test _HAVE_OPTION_Wnooverloadedvirtual_ - Success
-- Performing Test _HAVE_OPTION_Wnodeprecated_
-- Performing Test _HAVE_OPTION_Wnodeprecated_ - Success
-- Using the GNU gold linker.
-- Available extensions
CMake Warning at backends/bmv2/CMakeLists.txt:193 (MESSAGE):
BMv2 simple switch is not available, not adding v1model BMv2 tests
CMake Warning at backends/bmv2/CMakeLists.txt:199 (MESSAGE):
BMv2 PSA switch is not available, not adding PSA BMv2 tests
-- Found LLVM 7.0.1
-- Added 14 tests to 'ebpf-kernel' (0 xfails)
-- Added 14 tests to 'ebpf-bcc' (0 xfails)
-- Added 14 tests to 'ebpf' (0 xfails)
-- Added 161 tests to 'p4' (0 xfails)
-- Added 506 tests to 'p4' (4 xfails)
-- Added 204 tests to 'p14_to_16' (0 xfails)
-- CTest parallel: -j 8
-- Configuring done
-- Generating done
-- Build files have been written to: /home/nico/vcs/master-thesis/support/p4c/build
***** testing in build directory: works
/home/nico/vcs/master-thesis/support/p4c/build
***** Changing install path
CMAKE_INSTALL_PREFIX
cmake .. '-DCMAKE_CXX_FLAGS:STRING=-O3' -DCMAKE_INSTALL_PREFIX=/home/nico/vcs/master-thesis/support/p4c-installation
**** TODO Get p4utils running (?)
**** log of python, p4app, p4c installation
[16:16] line:support% virtualenv virtualenv2
Running virtualenv with interpreter /usr/bin/python2
New python executable in /home/nico/vcs/master-thesis/support/virtualenv2/bin/python2
Also creating executable in /home/nico/vcs/master-thesis/support/virtualenv2/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
[16:16] line:support%
[16:18] line:p4-utils-nsg% . ~/vcs/master-thesis/support/virtualenv2/bin/activate
(virtualenv2) [16:19] line:p4-utils-nsg% which pip
/home/nico/vcs/master-thesis/support/virtualenv2/bin/pip
(virtualenv2) [16:19] line:p4-utils-nsg%
***** pip install -e .
****** Missing python development headers
copying psutil/tests/test_memory_leaks.py -> build/lib.linux-x86_64-2.7/psutil/tests
running build_ext
building 'psutil._psutil_linux' extension
creating build/temp.linux-x86_64-2.7
creating build/temp.linux-x86_64-2.7/psutil
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-UboFgi/python2.7-2.7.16~rc1=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=561 -DPSUTIL_LINUX=1 -I/usr/include/python2.7 -c psutil/_psutil_common.c -o build/temp.linux-x86_64-2.7/psutil/_psutil_common.o
psutil/_psutil_common.c:9:10: fatal error: Python.h: No such file or directory
#include <Python.h>
^~~~~~~~~~
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
root@line:~# apt install python2-dev
****** installing, but missing mininet.net
(virtualenv2) [16:21] line:p4-utils-nsg% pip install -e "."
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Obtaining file:///home/nico/vcs/master-thesis/support/p4-utils-nsg
Requirement already satisfied: setuptools in /home/nico/vcs/master-thesis/support/virtualenv2/lib/python2.7/site-packages (from p4utils==0.2) (40.8.0)
Requirement already satisfied: networkx in /home/nico/vcs/master-thesis/support/virtualenv2/lib/python2.7/site-packages (from p4utils==0.2) (2.2)
Requirement already satisfied: ipaddress in /home/nico/vcs/master-thesis/support/virtualenv2/lib/python2.7/site-packages (from p4utils==0.2) (1.0.22)
Requirement already satisfied: scapy in /home/nico/vcs/master-thesis/support/virtualenv2/lib/python2.7/site-packages (from p4utils==0.2) (2.4.2)
Requirement already satisfied: psutil in /home/nico/vcs/master-thesis/support/virtualenv2/lib/python2.7/site-packages (from p4utils==0.2) (5.6.1)
Requirement already satisfied: decorator>=4.3.0 in /home/nico/vcs/master-thesis/support/virtualenv2/lib/python2.7/site-packages (from networkx->p4utils==0.2) (4.3.2)
Installing collected packages: p4utils
Found existing installation: p4utils 0.2
Not uninstalling p4utils at /home/nico/vcs/master-thesis/support/p4-utils-nsg, outside environment /home/nico/vcs/master-thesis/support/virtualenv2
Can't uninstall 'p4utils'. No files were found to uninstall.
Running setup.py develop for p4utils
Successfully installed p4utils
(virtualenv2) [16:21] line:p4-utils-nsg%
**** log Try2: using virtualenv that uses site packages for using mininet
[17:13] line:support% virtualenv --system-site-packages virtualenv-with-site
Running virtualenv with interpreter /usr/bin/python2
New python executable in /home/nico/vcs/master-thesis/support/virtualenv-with-site/bin/python2
Also creating executable in /home/nico/vcs/master-thesis/support/virtualenv-with-site/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
[17:23] line:support% . ./virtualenv-with-site/bin/activate
(virtualenv-with-site) [17:23] line:support%
(virtualenv-with-site) [17:23] line:p4-utils-nsg% pip install -e .
(virtualenv-with-site) [17:23] line:p4-utils-nsg% pip install -e .
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Obtaining file:///home/nico/vcs/master-thesis/support/p4-utils-nsg
Requirement already satisfied: setuptools in /home/nico/vcs/master-thesis/support/virtualenv-with-site/lib/python2.7/site-packages (from p4utils==0.2) (40.8.0)
Collecting networkx (from p4utils==0.2)
Requirement already satisfied: ipaddress in /usr/lib/python2.7/dist-packages (from p4utils==0.2) (1.0.17)
Requirement already satisfied: scapy in /usr/lib/python2.7/dist-packages (from p4utils==0.2) (2.4.0)
Collecting psutil (from p4utils==0.2)
Collecting decorator>=4.3.0 (from networkx->p4utils==0.2)
Using cached https://files.pythonhosted.org/packages/f1/cd/7c8240007e9716b14679bc217a1baefa4432aa30394f7e2ec40a52b1a708/decorator-4.3.2-py2.py3-none-any.whl
Installing collected packages: decorator, networkx, psutil, p4utils
Running setup.py develop for p4utils
Successfully installed decorator-4.3.2 networkx-2.2 p4utils psutil-5.6.1
(virtualenv-with-site) [17:23] line:p4-utils-nsg% which p4run
/home/nico/vcs/master-thesis/support/virtualenv-with-site/bin/p4run
(virtualenv-with-site) [17:24] line:p4-utils-nsg%
p4c --target bmv2 --arch v1model --std p4-16 "../p4src/static-mapping.p4" -o "/home/nico/vcs/master-thesis/p4src"
../p4src/static-mapping.p4(80): [--Wwarn=unused] warning: Table ndp_answer is not used; removing
table ndp_answer {
^^^^^^^^^^
../p4src/static-mapping.p4(96): [--Wwarn=unused] warning: Table port2mcast is not used; removing
table port2mcast {
^^^^^^^^^^
../p4src/static-mapping.p4(111): [--Wwarn=unused] warning: Table addr2mcast is not used; removing
table addr2mcast {
^^^^^^^^^^
../p4src/static-mapping.p4(128): [--Wwarn=unused] warning: Table ndp is not used; removing
table ndp {
^^^
Switch port mapping:
s1: 1:h1 2:h2 3:h3 4:h4 5:sw-cpu
**** Trying local vagrant VM
***** libvirtd missing user
root@line:~# libvirtd
2019-03-12 16:39:14.556+0000: 20235: info : libvirt version: 5.0.0, package: 1 (Guido Günther <agx@sigxcpu.org> Wed, 16 Jan 2019 10:31:33 +0100)
2019-03-12 16:39:14.556+0000: 20235: info : hostname: line
2019-03-12 16:39:14.556+0000: 20235: error : virGetUserID:1038 : invalid argument: Failed to parse user 'libvirt-qemu'
2019-03-12 16:39:14.556+0000: 20235: error : virStateInitialize:662 : Initialization of QEMU state driver failed: invalid argument: Failed to parse user 'libvirt-qemu'
2019-03-12 16:39:14.556+0000: 20235: error : daemonRunStateInit:799 : Driver state initialization failed
root@line:~# useradd -m libvirt-qemu
root@line:~#
root@line:~# strace -fF -e open libvirtd
strace: deprecated option -F ignored
strace: Process 20602 attached
strace: Process 20603 attached
strace: Process 20604 attached
strace: Process 20605 attached
strace: Process 20606 attached
strace: Process 20607 attached
strace: Process 20608 attached
strace: Process 20609 attached
strace: Process 20610 attached
strace: Process 20611 attached
strace: Process 20612 attached
strace: Process 20613 attached
strace: Process 20614 attached
strace: Process 20615 attached
strace: Process 20616 attached
strace: Process 20617 attached
strace: Process 20618 attached
[pid 20618] +++ exited with 0 +++
[pid 20601] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20618, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20619 attached
[pid 20619] +++ exited with 0 +++
[pid 20601] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20619, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20620 attached
strace: Process 20621 attached
strace: Process 20622 attached
[pid 20622] +++ exited with 0 +++
[pid 20601] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20622, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20623 attached
[pid 20623] +++ exited with 0 +++
[pid 20621] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20623, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20624 attached
[pid 20624] +++ exited with 0 +++
[pid 20601] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20624, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20625 attached
[pid 20625] +++ exited with 0 +++
[pid 20617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20625, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20626 attached
[pid 20626] +++ exited with 0 +++
[pid 20601] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20626, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20627 attached
[pid 20627] +++ exited with 0 +++
[pid 20617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20627, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20628 attached
[pid 20621] +++ exited with 0 +++
strace: Process 20629 attached
strace: Process 20630 attached
strace: Process 20631 attached
strace: Process 20632 attached
strace: Process 20633 attached
[pid 20631] +++ exited with 0 +++
[pid 20633] +++ exited with 1 +++
[pid 20630] +++ exited with 0 +++
[pid 20628] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20630, si_uid=1001, si_status=0, si_utime=0, si_stime=0} ---
[pid 20632] +++ exited with 1 +++
[pid 20629] +++ exited with 1 +++
[pid 20628] +++ exited with 1 +++
[pid 20601] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20628, si_uid=1001, si_status=1, si_utime=1, si_stime=0} ---
2019-03-12 16:40:53.098+0000: 20617: info : libvirt version: 5.0.0, package: 1 (Guido Günther <agx@sigxcpu.org> Wed, 16 Jan 2019 10:31:33 +0100)
2019-03-12 16:40:53.098+0000: 20617: info : hostname: line
2019-03-12 16:40:53.098+0000: 20617: error : virQEMUCapsNewForBinaryInternal:4681 : internal error: Failed to probe QEMU binary with QMP: qemu-system-i386: cannot create PID file: Cannot open pid file: Permission denied
2019-03-12 16:40:53.098+0000: 20617: warning : virQEMUCapsLogProbeFailure:4628 : Failed to probe capabilities for /usr/bin/qemu-system-i386: internal error: Failed to probe QEMU binary with QMP: qemu-system-i386: cannot create PID file: Cannot open pid file: Permission denied
strace: Process 20634 attached
strace: Process 20635 attached
strace: Process 20636 attached
strace: Process 20637 attached
strace: Process 20638 attached
strace: Process 20639 attached
[pid 20637] +++ exited with 0 +++
[pid 20639] +++ exited with 1 +++
[pid 20636] +++ exited with 0 +++
[pid 20634] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20636, si_uid=1001, si_status=0, si_utime=0, si_stime=0} ---
[pid 20638] +++ exited with 1 +++
[pid 20635] +++ exited with 1 +++
[pid 20634] +++ exited with 1 +++
[pid 20617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20634, si_uid=1001, si_status=1, si_utime=1, si_stime=0} ---
2019-03-12 16:40:53.145+0000: 20617: error : virQEMUCapsNewForBinaryInternal:4681 : internal error: Failed to probe QEMU binary with QMP: qemu-system-x86_64: cannot create PID file: Cannot open pid file: Permission denied
2019-03-12 16:40:53.145+0000: 20617: warning : virQEMUCapsLogProbeFailure:4628 : Failed to probe capabilities for /usr/bin/qemu-system-x86_64: internal error: Failed to probe QEMU binary with QMP: qemu-system-x86_64: cannot create PID file: Cannot open pid file: Permission denied
strace: Process 20640 attached
[pid 20640] +++ exited with 0 +++
[pid 20617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20640, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20641 attached
[pid 20641] +++ exited with 0 +++
[pid 20617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20641, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
strace: Process 20642 attached
[pid 20642] +++ exited with 2 +++
[pid 20601] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20642, si_uid=0, si_status=2, si_utime=0, si_stime=0} ---
strace: Process 20643 attached
[pid 20643] +++ exited with 0 +++
[pid 20617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20643, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid 20617] +++ exited with 0 +++
[pid 20601] --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
^Cstrace: Process 20601 detached
strace: Process 20602 detached
strace: Process 20603 detached
strace: Process 20604 detached
strace: Process 20605 detached
strace: Process 20606 detached
strace: Process 20607 detached
strace: Process 20608 detached
strace: Process 20609 detached
strace: Process 20610 detached
strace: Process 20611 detached
strace: Process 20612 detached
strace: Process 20613 detached
strace: Process 20614 detached
strace: Process 20615 detached
strace: Process 20616 detached
strace: Process 20620 detached
**** Creating network
**** Adding hosts:
h1 h2 h3 h4
**** Adding switches:
Cannot find required executable simple_switch.
Please make sure that it is installed and available in your $PATH:
(/home/nico/vcs/master-thesis/support/virtualenv-with-site/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/nico/vcs/master-thesis/support/p4c/build/)
(virtualenv-with-site) root@line:/home/nico/vcs/master-thesis/p4app#
*** TODO Setup test VM [dual stack] for Jool:
*** TODO Setup test VM [dual stack] for tayga:
*** NAT64/NAT46 Features in jool and tayga
**** TODO Static 1:1 NAT46: translate from IPv4 to IPv6 with a table
***** TODO TCP
***** TODO UDP
***** TODO ICMP <-> ICMPv6
**** TODO Stateless Prefix based NAT64: IPv6 to IPv4 translation prefix based
***** Allows IPv6 hosts to reach the IPv4 Internet
**** See time table above
*** Additional features queue (to be discussed)
**** TODO Offset based translation (v4->v6) -> same as range (?)
**** TODO IP address learning (v6/v4) for real life switch? How do hosts find it?
** Thesis documentation
*** Motivation
TBD
*** Translation mechanisms
- v4 to v6 / vice versa
- Stateful / stateless
- static / dynamic
**** Explicit Address Mappings Table (EAMT)
Range based mapping tables
See https://www.jool.mx/en/eamt.html,
https://tools.ietf.org/html/rfc7757
*** Current state of the art tayga/jool
TBD
**** Tayga
- Single threaded
- Multi threaded work started due to initiative of ungleich /
Chrisrock [IPv6.chat]
**** Jool
- EAMT bidirectional only (!)
IPtables interaction
```
user@T:~# # Create a Jool iptables instance named "example."
user@T:~# # Also, establish that the IPv6 representation of any IPv4 address should be
user@T:~# # `2001:db8::<IPv4 address>`. (See sections below for examples.)
user@T:~# jool_siit instance add "example" --iptables --pool6 2001:db8::/96
user@T:~#
user@T:~# # Tell iptables which traffic should be handled by our newly-created instance:
user@T:~#
user@T:~# # IPv6: only packets from 2001:db8::198.51.100.8/125 to 2001:db8::192.0.2
user@T:~# ip6tables -t mangle -A PREROUTING \
> -s 2001:db8::198.51.100.8/125 -d 2001:db8::192.0.2.0/120 \
> -j JOOL_SIIT --instance "example"
user@T:~# # IPv4: Only packets from 192.0.2 to 198.51.100.8/29
user@T:~# iptables -t mangle -A PREROUTING \
> -s 192.0.2.0/24 -d 198.51.100.8/29 \
> -j JOOL_SIIT --instance "example"
```
5656
**** Cisco (?)
*** P4 based implementation
**** General
- IPv6 subnet 2001:db8::/32
- IPv6 hosts are in 2001:db8:6::/64
- IPv6 default router (::/0) is 2001:db8:6::42/64
- IPv4 mapped Internet "NAT64 prefix" 2001:db8:4444::/96 (should
go into a table)
- IPv4 hosts are in 10.0.4.0/24
- IPv6 in IPv4 mapped hosts are in 10.0.6.0/24
- IPv4 default router = 10.0.0.42
**** Neighbor discover protocol
***** Initial log
- Matching on prefix & ingress port, setting multicast
Being forwarded:
p4@ubuntu:~/master-thesis$ mx h1 tcpdump -ni h1-eth0
sudo: unable to resolve host ubuntu
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C14:59:22.871803 IP6 2001:db8:62::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:db8:62::2, length 32
14:59:23.863913 IP6 2001:db8:62::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:db8:62::2, length 32
14:59:24.864033 IP6 2001:db8:62::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:db8:62::2, length 32
3 packets captured
3 packets received by filter
0 packets dropped by kernel
But no answer yet!
root@ubuntu:~/master-thesis/p4app# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: h1-eth0@if123: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc netem state UP group default qlen 1000
link/ether 00:00:0a:00:00:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 2001:db8:62::2/64 scope global
valid_lft forever preferred_lft forever
inet6 2001:db8:61::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::200:aff:fe00:1/64 scope link
valid_lft forever preferred_lft forever
root@ubuntu:~/master-thesis/p4app#
Link local communication does not work:
root@ubuntu:~/master-thesis/p4app# ping6 -c1 fe80::200:aff:fe00:2%h1-eth0
PING fe80::200:aff:fe00:2%h1-eth0(fe80::200:aff:fe00:2) 56 data bytes
From fe80::200:aff:fe00:1 icmp_seq=1 Destination unreachable: Address unreachable
--- fe80::200:aff:fe00:2%h1-eth0 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
root@ubuntu:~/master-thesis/p4app#
Packet is received on the other host, but not answered. Why?
Real trace from my network:
18:48:17.008524 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > ff02::1:ffb7:e225: ICMP6, neighbor solicitation, who has 2a0a:e5c1:111:111:1016:3c5a:38b7:e225, length 32
18:48:18.015016 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > ff02::1:ffb7:e225: ICMP6, neighbor solicitation, who has 2a0a:e5c1:111:111:1016:3c5a:38b7:e225, length 32
18:48:18.031165 IP6 2a0a:e5c1:111:111:1016:3c5a:38b7:e225 > 2a0a:e5c1:111:111:eb7:ffdb:e245:f712: ICMP6, neighbor advertisement, tgt is 2a0a:e5c1:111:111:1016:3c5a:38b7:e225, length 32
18:48:18.031236 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > 2a0a:e5c1:111:111:1016:3c5a:38b7:e225: ICMP6, echo request, seq 1, length 64
18:48:18.031267 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > 2a0a:e5c1:111:111:1016:3c5a:38b7:e225: ICMP6, echo request, seq 2, length 64
18:48:18.131709 IP6 2a0a:e5c1:111:111:1016:3c5a:38b7:e225 > 2a0a:e5c1:111:111:eb7:ffdb:e245:f712: ICMP6, echo reply, seq 1, length 64
18:48:18.131732 IP6 2a0a:e5c1:111:111:1016:3c5a:38b7:e225 > 2a0a:e5c1:111:111:eb7:ffdb:e245:f712: ICMP6, echo reply, seq 2, length 64
root@ubuntu:~/master-thesis/p4app# cat /proc/sys/net/ipv6/conf/*/disable_ipv6
1
1
0
0
root@ubuntu:~/master-thesis/p4app#
root@ubuntu:~/master-thesis/p4app# ls -1 /proc/sys/net/ipv6/conf/*/disable_ipv6
/proc/sys/net/ipv6/conf/all/disable_ipv6
/proc/sys/net/ipv6/conf/default/disable_ipv6
/proc/sys/net/ipv6/conf/h1-eth0/disable_ipv6
/proc/sys/net/ipv6/conf/lo/disable_ipv6
root@ubuntu:~/master-thesis/p4app#
Works on mininet
mininet> h2 bash
root@line:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: h2-eth0@if93: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 32:0e:1e:bf:3c:4b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.0.2/8 brd 10.255.255.255 scope global h2-eth0
valid_lft forever preferred_lft forever
inet6 fe80::300e:1eff:febf:3c4b/64 scope link
valid_lft forever preferred_lft forever
root@line:~# ip addr add 2001:db8:61::42/64 dev h2-eth0
root@line:~# ^Dexit
mininet> h1 bash
root@line:~# ip addr add 2001:db8:61::42/64^[[D^[[D^?^?^?^?^?^?^?^?^?^?^?^C^C
root@line:~# ^Dexit
mininet> h1 ip addr add 2001:db8:61::2/64 dev h1-eth0
mininet> h2 ping6 -c2 2001:db8:61::2
PING 2001:db8:61::2(2001:db8:61::2) 56 data bytes
64 bytes from 2001:db8:61::2: icmp_seq=1 ttl=64 time=0.230 ms
64 bytes from 2001:db8:61::2: icmp_seq=2 ttl=64 time=0.138 ms
--- 2001:db8:61::2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1018ms
rtt min/avg/max/mdev = 0.138/0.184/0.230/0.046 ms
mininet>
mininet on VM also works
mininet> h1 ip addr add 2001:db8:61::1/64 dev h1-eth0
mininet> h2 ip addr add 2001:db8:61::2/64 dev h2-eth0
mininet> h2 ping6 -c2 2001:db8:61::2
PING 2001:db8:61::2(2001:db8:61::2) 56 data bytes
64 bytes from 2001:db8:61::2: icmp_seq=1 ttl=64 time=0.053 ms
64 bytes from 2001:db8:61::2: icmp_seq=2 ttl=64 time=0.082 ms
--- 2001:db8:61::2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.053/0.067/0.082/0.016 ms
mininet>
WORKING trace on mininet on the VM
19:38:49.852088 IP6 2001:db8:61::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:db8:61::1, length 32
19:38:49.852144 IP6 2001:db8:61::1 > 2001:db8:61::2: ICMP6, neighbor advertisement, tgt is 2001:db8:61::1, length 32
19:38:49.852163 IP6 2001:db8:61::2 > 2001:db8:61::1: ICMP6, echo request, seq 1, length 64
19:38:49.852176 IP6 2001:db8:61::1 > 2001:db8:61::2: ICMP6, echo reply, seq 1, length 64
checking ipv6 in p4-utils
p4@ubuntu:~/p4-utils$ grep -ri ipv6 .
./p4utils/mininetlib/p4_mininet.py: # disable IPv6
./p4utils/mininetlib/p4_mininet.py: self.cmd("sysctl -w net.ipv6.conf.all.disable_ipv6=1")
./p4utils/mininetlib/p4_mininet.py: self.cmd("sysctl -w net.ipv6.conf.default.disable_ipv6=1")
./p4utils/mininetlib/p4_mininet.py: self.cmd("sysctl -w net.ipv6.conf.lo.disable_ipv6=1")
./p4utils/mininetlib/p4net.py: #remove Ipv6 for all the interfaces
./p4utils/mininetlib/p4net.py: cmd2 = "sysctl net.ipv6.conf.{0}.disable_ipv6=1"
./p4utils/mininetlib/p4net.py: #remove ipv6
Binary file ./p4utils/mininetlib/p4_mininet.pyc matches
Binary file ./p4utils/mininetlib/p4net.pyc matches
Binary file ./p4utils/utils/runtime_API.pyc matches
./p4utils/utils/runtime_API.py:class UIn_BadIPv6Error(UIn_Error):
./p4utils/utils/runtime_API.py:def ipv6Addr_to_bytes(addr):
./p4utils/utils/runtime_API.py: from ipaddr import IPv6Address
./p4utils/utils/runtime_API.py: ip = IPv6Address(addr)
./p4utils/utils/runtime_API.py: raise UIn_BadIPv6Error()
./p4utils/utils/runtime_API.py: raise UIn_BadIPv6Error()
./p4utils/utils/runtime_API.py: return ipv6Addr_to_bytes(input_str)
./p4utils/utils/runtime_API.py: except UIn_BadIPv6Error:
./p4utils/utils/runtime_API.py: raise UIn_BadParamError("Invalid IPv6 address")
p4@ubuntu:~/p4-utils$
Messages we see in the controller on startup
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=:: dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6d6d reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:01:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=Hop-by-Hop Option Header hlim=1 src=fe80::201:aff:fe00:2 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6604 reserved=0 records_number=1 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>] |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:1 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6607 reserved=0 records_number=1 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 |>] |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=:: dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6d6d reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:1 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6607 reserved=0 records_number=1 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 |>] |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:2 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x63ea reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:2 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72d res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:02 |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:2 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x63ea reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:2 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72d res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:02 |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:2 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72d res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:02 |>>>>
***** Ignored ICMPv6 packets
We are not using router advertisements, so we ignore RS packets
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
***** Double table entries due to collision
- NDP: last 24 bit
- Switch has same ending address in different networks -> equal
last 24 bit
- results in trying to add multicast address multiple times
Adding entry to exact match table v6_addresses
match key: EXACT-ff:02:00:00:00:00:00:00:00:00:00:01:ff:00:00:42
action: controller_reply
runtime data: 00:01
Invalid table operation (DUPLICATE_ENTRY)
Adding entry to exact match table v6_addresses
match key: EXACT-ff:02:00:00:00:00:00:00:00:00:00:01:ff:00:00:43
action: controller_reply
runtime data: 00:01
Invalid table operation (DUPLICATE_ENTRY)
Adding entry to exact match table v6_addresses
match key: EXACT-20:01:0d:b8:00:00:00:01:00:00:00:00:00:00:00:43
action: icmp6_echo_reply
runtime data:
Entry has been added with handle 5
***** General approach
- Need to react on our multicast group
- But also need to forward to other ports that subscribed to
that multicast group!
**** Static mappings
- likely need table(s)
- need tcp & udp translation
**** ICMPv6
***** General / Intro
Different lengths possible
[20:35] line:~% ping -6 -s 20 ::1
PING ::1(::1) 20 data bytes
28 bytes from ::1: icmp_seq=1 ttl=64 time=0.045 ms
28 bytes from ::1: icmp_seq=2 ttl=64 time=0.064 ms
^C
--- ::1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1018ms
rtt min/avg/max/mdev = 0.045/0.054/0.064/0.012 ms
[20:36] line:~% ping -6 -s 80 ::1
PING ::1(::1) 80 data bytes
88 bytes from ::1: icmp_seq=1 ttl=64 time=0.053 ms
88 bytes from ::1: icmp_seq=2 ttl=64 time=0.095 ms
^C
--- ::1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.053/0.074/0.095/0.021 ms
[20:36] line:~%
Different checksum in most packets.
root@ubuntu:~/master-thesis# ip -6 neigh show
root@ubuntu:~/master-thesis# ip -6 neigh add 2001:db8:61::42 dev h1-eth0 lladdr 00:00:0a:00:00:42
root@ubuntu:~/master-thesis# ip -6 neigh show
2001:db8:61::42 dev h1-eth0 lladdr 00:00:0a:00:00:42 PERMANENT
root@ubuntu:~/master-thesis#
root@ubuntu:~/master-thesis# tcpdump -ni h1-eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C20:22:43.944152 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 1, length 64
20:22:43.945992 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 1, length 64
20:22:44.952453 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 2, length 64
20:22:44.953995 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 2, length 64
4 packets captured
4 packets received by filter
0 packets dropped by kernel
root@ubuntu:~/master-thesis#
***** When pinging we see
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8:61::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd343 res=0 tgt=2001:db8:61::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8:61::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd343 res=0 tgt=2001:db8:61::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8:61::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd343 res=0 tgt=2001:db8:61::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
***** Hosts
****** Left side: IPv6
****** Right side: IPv4
***** Included in the header
***** DONE Supported feature: NDP NA/NS
- For resolving mac address
- Initially controller
- Ported into switch
***** DONE Supported feature: icmp6 echo reply
p4@ubuntu:~/master-thesis/p4app$ python test.py --method ping6_switch
PING 2001:db8::42(2001:db8::42) 56 data bytes
64 bytes from 2001:db8::42: icmp_seq=1 ttl=64 time=3.05 ms
--- 2001:db8::42 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.055/3.055/3.055/0.000 ms
p4@ubuntu:~/master-thesis/p4app$
**** Requirements
**** Static NAT64
Asymmetric maps: v6->v4 can match whole IPv4 Internet (/96)
But v4->v6 can only map sub range!
Using /24s (for convience) in IPv4
**** Development mode/loop
Code - commit - push - pull -
restart switch - check whether all tables are present (missing .apply())
restart controller - check whether tables are applied correctly (type conversion problems) -
start tcpdump - start test program - stop tcpdump - add
pcap to git repo - git add-commit-push - git pull - start wireshark -
debug packets - analyse code - goto 1
**** Setting up a system for working on P4 on devuan
***** Scripts in the wild
https://github.com/nsg-ethz/p4-learning/blob/master/vm/bin/update-p4c.sh
https://github.com/jafingerhut/p4-guide/blob/master/bin/install-p4dev-p4runtime.sh
https://github.com/nsg-ethz/p4-learning/tree/master/vm/bin
***** mininet
***** bmv2
[21:24] line:~% sudo apt install libthrift-dev
[21:26] line:~% sudo apt install thrift-compiler
libnanomsg-dev libjudy-dev
*** Performance comparison
*** Challenges / Limitations in P4
**** DONE cannot read key from table
***** log
Key and mask for matching destination is in table. We need this
information in the action. However this information is not exposed, so
we need to specify another parameter with the same information as in
the key(s).
Log from slack: (2019-03-14)
nico [1:55 PM]
If I use LPM for matching, can I easily get the network address from P4 or do I have to use a bitmask myself? In the latter case it is not exactly clear how to get the mask from the table
Nate Foster [1:58 PM]
You want to retrieve the address in the packet? In a table?
And do you want to do the retrieving from the data plane or the control plane? (edited)
nico [2:00 PM]
If I have a match in a table that matches on LPM, it can be any IP address in a network
For calculating the NAT64/NAT46 translation, I will need the base address, i.e. network address to do subtractions/additions
So it is fully data plane, what I would like to do
I'll commit sample code to show the use case more clearly
https://gitlab.ethz.ch/nicosc/master-thesis/blob/master/p4src/static-mapping.p4#L73
GitLab
p4src/static-mapping.p4 · master · nicosc / master-thesis
gitlab.ethz.ch
So the action nat64_static() is used in the table v6_networks.
In v6_networks I use a match on `hdr.ipv6.dst_addr: lpm;`
What I would like to be able is to get the network address ; I can do that manually, if I have the mask
I can also re-inject this parameter by another action argument, but I'd assume that I can somewhere read this out from the table / match
Nate Foster [2:15 PM]
To make sure I understand, in the data plane, you want to retrieve the address in the lpm pattern? (edited)
nico [2:16 PM]
I want to retrieve the key
Nate Foster [2:16 PM]
Wait. The value `hdr.ipv6.dst_addr` is the thing used in the match.
So you have that.
What you dont have is the IPv6 address and mask put into the table by the control plane.
I assume you want the latter, right?
nico [2:17 PM]
For example, if my matching key is 2001:db8::/32 and the real address is 2001:db8::f00, then I would like to retrieve 2001:db8:: and 32 from the table
exactly :slightly_smiling_face:
I can "fix" this by adding another argument, but it feels somewhat wrong to do that
Because the table already knows this information
Nate Foster [2:26 PM]
I cant think of a way other than the action parameter hack.
nico [2:26 PM]
Oh, ok
Is it because the information is "lost in hardware"?
Nate Foster [2:31 PM]
No youre right that most implementations have the value in memory. And one can imagine a different table API that allowed one to retrieve it in the data plane.
But unless I am missing something obvious, P4 hides it…
***** Result
Need to duplicate information
**** DONE ICMP6: checksum over payload
- variable length, up to 65k
Exists!
**** DONE Synchronisation with the controller
- Double data type definition -> might differ
- TYPE_CPU for ethernet
- Port ingress offset (9 vs. 16 bit)
**** Only one LPM key supported in tables (2019-03-23)
#+BEGIN_SRC
../p4src/static-mapping.p4(121): error: MyIngress.nat64, Multiple LPM keys in table
table nat64 {
^^^^^
Compilation Error
#+END_SRC
Code:
#+BEGIN_SRC
table nat64 {
key = {
hdr.ipv6.src_addr: lpm;
hdr.ipv6.dst_addr: lpm;
}
actions = {
controller_debug;
nat64_static;
NoAction;
}
size = NAT64_TABLE_SIZE;
default_action = controller_debug;
}
#+END_SRC
**** No table meta information for default actions (asked 2019-03-25)
Is there any meta information for "from which table was the action
called" available? My use case is having a debug action that sends
packets to the controller and I use it as a default_action in various
tables; however know I don't know anymore from which table the action
was called. Is there any kind of meta information which table called
me available?
I could work around this by using if(! .. .hit) { my_action(table_id)
}, but it would not work with using default_action = ...
*** Implementation limitations
**** No fragmentation support (yet)
**** No session handling (yet)
1:1 mappings. No (automatic) session.
**** IPv4 / IPv6 embedding
Currently offset based - probably not following the RFC!
**** No DNS64
has already been solved in a different domain - could even do
transparent / in network modification
**** Incomplete NDP
Very limited option support
**** NAT64 mappings not source network dependent
Only the destination network is matched for deciding on NAT64, as
priority based double LPM is not supported. This limits a prefix to be
used only in one network.
*** References / Follow up
**** RFC 2460 IPv6 (Checksum https://tools.ietf.org/html/rfc2460#section-8.1)
**** RFC 3810 MLD2 https://tools.ietf.org/html/rfc3810
**** RFC 4443 ICMPv6 https://tools.ietf.org/html/rfc4443
**** RFC 4861: https://tools.ietf.org/html/rfc4861 Neighbor discovery
**** RFC 6052: https://tools.ietf.org/html/rfc6052 IPv6 Addressing of IPv4/IPv6 Translators
**** RFC 6586 for deployment experiences using Stateful NAT64.
**** RFC 7757 Explicit Address Mappings for Stateless IP/ICMP Translation
**** EAMT/Jool: https://www.jool.mx/en/eamt.html
**** Solicited node multicast address https://en.wikipedia.org/wiki/Solicited-node_multicast_address
**** Scapy / IPv6: https://www.idsv6.de/Downloads/IPv6PacketCreationWithScapy.pdf
**** V1 model: https://github.com/p4lang/p4c/blob/master/p4include/v1model.p4
**** Cisco NAT64 https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/iadnat-stateful-nat64.pdf
** DONE Admin
*** DONE Clarify PDF / form with Denise Spicher: free form description
*** DONE Create task description to be handed in mystudies
*** DONE Create list of tasks / initial brainstorming
*** DONE Get OK from Ueli Maurer that thesis is valid in Information Security Area
*** DONE Find out how-when-whom-where to meet / define schedule
*** DONE Latex and/or org-mode for the thesis? org for starting
*** DONE Add initial milestones
**** 180d plan
**** 25w
*** DONE Proposal / task description
**** Task description for mystudies
***** High speed NAT64 with P4
Currently there are two main open source NAT64 solution available:
tayga and jool. The former is a single threaded, cpu bound user
space solution, the latter a custom Linux kernel module.
This thesis challenges this status quo by developing a P4 based
solution supporting all features of jool/tayga and comparing the
performance, security and adaptivity of the solutions.
- Milestone 1: Stateless NAT64/NAT46 translations in P4
- Milestone 2: Stateful (dynamic) NAT64/NAT46 translations
- Milestone 3: Hardware adaption
**** Original ideas
Proposal 1: Automating NAT64 with P4
In IPv6 only data centers IPv4 connectivity is still a business
requirement. Current state of the art methods include layer 7 proxying
or static assignments. both featuring static assignments.
A flexible, dynamic assignment of IPv4 addresses to IPv6 hosts, similar
to lease times in DHCPv4 and prefix delegations in DHCPv6 could reduce
the pressure on IPv4 addresses.
I would suggest the develop of a new protocol (likely UDP embedded) that
allows hosts to request on-network support for IPv4 addresses. As IPv4
addresses have to be treated as "expensive", an accounting metric has to
be introduced. While in the business world this is usually related to
money, in the network world IPv4 users could be paying the network by
(reduced) bandwidth.
If such a metric existed, devices attached to the network could also try
to negotiate and wait for using IPv4, when the price / penality for IPv4
is low (this might be very suitable for mail exchangers for instance).
Proposal 2: High speed NAT64 with P4
Currently there are two main open source NAT64 solution available:
tayga[0] and jool[1]. The former is a single threaded, cpu bound user
space solution, the latter a custom Linux kernel module.
I would like to challenge this status quo and develop a P4 based
solution supporting all features of jool/tayga and comparing the
performance and adaptivity of the solutions.
[0] http://www.litech.org/tayga/
[1] https://www.jool.mx/en/index.html
Proposal 3: Challenging the status quo with IPv10
The de facto standard in networking is to treat IPv4
and IPv6 as "impossible to combine". This proposal is
to challenge this notion with three different methods:
- Extensions to IPv4 to request remote IPv6 transport
- Extensions to IPv6 to request remote IPv4 transport
- Support in network equipment to handle the extensions
As the IPv4 header does not allow embedding IPv6 addresses due to size
limitations, embedding the destination address in a secondary header
might be necessary (possibly encapsulated in UDP).