Title
Section 2
Section 2.1~
3回ICMPパケットを送信する
ping -c 3 8.8.8.8
ip address show
No. : eth 名 : MTU
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
Pingのパケット解析
sudo tcpdump -tn -i any icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
IP 172.31.25.41 > 8.8.8.8: ICMP echo request, id 28470, seq 1, length 64
IP 8.8.8.8 > 172.31.25.41: ICMP echo reply, id 28470, seq 1, length 64
IP 172.31.25.41 > 8.8.8.8: ICMP echo request, id 28470, seq 2, length 64
IP 8.8.8.8 > 172.31.25.41: ICMP echo reply, id 28470, seq 2, length 64
IP 172.31.25.41 > 8.8.8.8: ICMP echo request, id 28470, seq 3, length 64
IP 8.8.8.8 > 172.31.25.41: ICMP echo reply, id 28470, seq 3, length 64
ICMP echo と ICMP Reply が確認できる
IPv4 Header + ICMP Header 32bit ずつ記載
- Version : IHL : Type of Service : Total Length Payload 全体の長さが入っている
- Identification : Flags : Fragment Offset
- TTL : Protocol : Header Checksum Protocol 部分に、Payload のデータ構造を決める情報が入っている。今回だとICMPを表す1
- Src IP
- DestIP
- Options : Padding
- Payload (ICMP Header)
- Type : Code : Checksum
- Identifier : Sequence Number
- Data(Payload)
Section 2.6
traceroute -n 8.8.8.8
traceroute で毎回違う IP が出る場合、経路上の別コンポーネントを通っていると言える
sudo traceroute -n -q 1 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 54.150.128.53 4.781 ms
2 100.65.26.112 6.533 ms
sudo traceroute -n -q 1 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 54.150.128.13 4.764 ms
2 100.65.26.240 3.569 ms
sudo traceroute -n -q 5 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 54.150.128.13 36.843 ms 54.150.128.7 7.401 ms 54.150.128.57 5.753 ms 54.150.128.15 1.108 ms 54.150.128.57 5.270 ms
Section 2.7
Route Table
ip route show
default via 172.31.16.1 dev eth0
169.254.169.254 dev eth0
172.31.16.0/20 dev eth0 proto kernel scope link src 172.31.25.41
宛先 + NextHop : 宛先が一致するパケットをNextHopへ投げる 宛先が一致しない場合は、 default : デフォルトルートの NextHopに投げる
dev / via の違い NextHopの指定方法
- dev : デバイス名
- via : IP
Section3
Network Namespace Docker とかでも使われている重要な機能
sudo ip netns add helloworld
sudo ip netns list
helloworld
sudo ip netns exec helloworld ip address show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
その後の操作が、全部NameSpace 上になる
sudo ip netns exec helloworld bash
network namespace 同士の接続は v eth (virtual Eth)を使用する
sudo ip netns add ns1
sudo ip netns add ns2
sudo ip link add ns1-veth0 type veth peer name ns2-veth0
ip link show
3: ns2-veth0@ns1-veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether e2:4f:ef:6c:5d:c2 brd ff:ff:ff:ff:ff:ff
4: ns1-veth0@ns2-veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 8e:6b:96:ce:15:f9 brd ff:ff:ff:ff:ff:ff
ちゃんとペアになっている 作成した veth を それぞれのnamespaces に所属させる
sudo ip link set ns1-veth0 netns ns1
sudo ip link set ns2-veth0 netns ns2
各 namespaces で確認
sudo ip netns exec ns1 ip link show
sudo ip netns exec ns2 ip link show
IPを付与
sudo ip netns exec ns1 ip address add 192.0.2.1/24 dev ns1-veth0
sudo ip netns exec ns2 ip address add 192.0.2.2/24 dev ns2-veth0
eth ステータスを down から up に
sudo ip netns exec ns1 ip link set ns1-veth0 up
sudo ip netns exec ns2 ip link set ns2-veth0 up
検証 ns1 から ns2 へ ping
sudo ip netns exec ns1 ping -c 3 192.0.2.2
Section 3.4
既存のNameSpaceの削除
sudo ip --all netns delete
sudo ip netns add ns1
Veth追加 ルーターのデフォルトテーブル追加 カーネルパラメータで forwardを1に
Section 3.5
複数 Router の登録 ns1 — router1 —- router2 — ns2
router 1 / router 2 にルートテーブルが必要
- router 1 からみて、ns2 は接続されてない→ ns2 のセグメントはrouter2 へ流すテーブルが必要
手動設定→大変 自動設定したい →ルーティング情報の交換
- BGP
- OSPF
Section 4 Ethernet : Layer 2
- データ単位 : Frame
- IP パケットは 複数 Frame に積み替えられながら運ばれる
- MAC Address で宛先を識別
- IP を持たないようなレベルの機器移動
tcpdumpで確認
ns1 → ns2 へping
sudo ip netns exec ns1 ping -c 3 198.51.100.1 -I 192.0.2.1
PING 198.51.100.1 (198.51.100.1) from 192.0.2.1 : 56(84) bytes of data.
64 bytes from 198.51.100.1: icmp_seq=1 ttl=254 time=0.049 ms
64 bytes from 198.51.100.1: icmp_seq=2 ttl=254 time=0.043 ms
64 bytes from 198.51.100.1: icmp_seq=3 ttl=254 time=0.046 ms
sudo ip netns exec ns1 tcpdump -tnel -i ns1-veth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ns1-veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
a6:18:00:08:c9:32 > 5a:c1:3d:f6:9a:3d, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 24484, seq 1, length 64
5a:c1:3d:f6:9a:3d > a6:18:00:08:c9:32, ethertype IPv4 (0x0800), length 98: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 24484, seq 1, length 64
a6:18:00:08:c9:32 > 5a:c1:3d:f6:9a:3d, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 24484, seq 2, length 64
5a:c1:3d:f6:9a:3d > a6:18:00:08:c9:32, ethertype IPv4 (0x0800), length 98: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 24484, seq 2, length 64
a6:18:00:08:c9:32 > 5a:c1:3d:f6:9a:3d, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 24484, seq 3, length 64
5a:c1:3d:f6:9a:3d > a6:18:00:08:c9:32, ethertype IPv4 (0x0800), length 98: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 24484, seq 3, length 64
IPに対応するMACアドレスの解決 : ARP
4.3 ARPの確認
sudo ip netns exec ns1 ip neigh flush all
sudo ip netns exec ns1 ip neigh
192.0.2.254 dev ns1-veth0 lladdr 5a:c1:3d:f6:9a:3d STALE
sudo ip netns exec ns1 tcpdump -tnel -i ns1-veth0 icmp or arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ns1-veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
a6:18:00:08:c9:32 > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.254 tell 192.0.2.1, length 28
5a:c1:3d:f6:9a:3d > a6:18:00:08:c9:32, ethertype ARP (0x0806), length 42: Reply 192.0.2.254 is-at 5a:c1:3d:f6:9a:3d, length 28
a6:18:00:08:c9:32 > 5a:c1:3d:f6:9a:3d, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 25791, seq 1, length 64
Broadcast : ff:ff:ff:ff:ff:ff: ブロードキャストアドレス宛にリクエスト ARP echo と ARP reploy
Packet の積み替え
wget -O - https://raw.githubusercontent.com/momijiame/linux-tcpip-book/2nd-edition/scripts/double-segment.sh | bash
+ sudo ip netns exec ns1 ip link set dev ns1-veth0 address 00:00:5E:00:53:11
+ sudo ip netns exec router ip link set dev gw-veth0 address 00:00:5E:00:53:12
+ sudo ip netns exec router ip link set dev gw-veth1 address 00:00:5E:00:53:21
+ sudo ip netns exec ns2 ip link set dev ns2-veth0 address 00:00:5E:00:53:22
Mac Address の確認
sudo ip netns exec router tcpdump -tnel -i gw-veth0 icmp or arp
sudo ip netns exec router tcpdump -tnel -i gw-veth1 icmp or arp
コマンド
sudo ip netns exec ns1 ping -c 3 198.51.100.1 -I 192.0.2.1
- 192.0.2.1 : ルーター
- 198.51.100.1 : 宛先
00:00:5e:00:53:11 からブロードキャスト 192.0.2.254(ルーター)はどのMACアドレスか? 00:00:5e:00:53:12 が自分であると回答
sudo ip netns exec router tcpdump -tnel -i gw-veth0 icmp or arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on gw-veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:00:5e:00:53:11 > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.254 tell 192.0.2.1, length 28
00:00:5e:00:53:12 > 00:00:5e:00:53:11, ethertype ARP (0x0806), length 42: Reply 192.0.2.254 is-at 00:00:5e:00:53:12, length 28
00:00:5e:00:53:11 > 00:00:5e:00:53:12, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 27071, seq 1, length 64
00:00:5e:00:53:12 > 00:00:5e:00:53:11, ethertype IPv4 (0x0800), length 98: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 27071, seq 1, length 64
00:00:5e:00:53:11 > 00:00:5e:00:53:12, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 27071, seq 2, length 64
00:00:5e:00:53:12 > 00:00:5e:00:53:11, ethertype IPv4 (0x0800), length 98: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 27071, seq 2, length 64
00:00:5e:00:53:11 > 00:00:5e:00:53:12, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 27071, seq 3, length 64
00:00:5e:00:53:12 > 00:00:5e:00:53:11, ethertype IPv4 (0x0800), length 98: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 27071, seq 3, length 64
00:00:5e:00:53:12 > 00:00:5e:00:53:11, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.254, length 28
00:00:5e:00:53:11 > 00:00:5e:00:53:12, ethertype ARP (0x0806), length 42: Reply 192.0.2.1 is-at 00:00:5e:00:53:11, length 28
00:00:5e:00:53:21(192.0.2.1) からブロードキャスト 198.51.100.1(ルーター)はどのMACアドレスか? 00:00:5e:00:53:22(198.51.100.1) が自分であると回答
sudo ip netns exec router tcpdump -tnel -i gw-veth1 icmp or arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on gw-veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
00:00:5e:00:53:21 > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 198.51.100.1 tell 198.51.100.254, length 28
00:00:5e:00:53:22 > 00:00:5e:00:53:21, ethertype ARP (0x0806), length 42: Reply 198.51.100.1 is-at 00:00:5e:00:53:22, length 28
00:00:5e:00:53:21 > 00:00:5e:00:53:22, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 27071, seq 1, length 64
00:00:5e:00:53:22 > 00:00:5e:00:53:21, ethertype IPv4 (0x0800), length 98: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 27071, seq 1, length 64
00:00:5e:00:53:21 > 00:00:5e:00:53:22, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 27071, seq 2, length 64
00:00:5e:00:53:22 > 00:00:5e:00:53:21, ethertype IPv4 (0x0800), length 98: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 27071, seq 2, length 64
00:00:5e:00:53:21 > 00:00:5e:00:53:22, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 27071, seq 3, length 64
00:00:5e:00:53:22 > 00:00:5e:00:53:21, ethertype IPv4 (0x0800), length 98: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 27071, seq 3, length 64
00:00:5e:00:53:22 > 00:00:5e:00:53:21, ethertype ARP (0x0806), length 42: Request who-has 198.51.100.254 tell 198.51.100.1, length 28
00:00:5e:00:53:21 > 00:00:5e:00:53:22, ethertype ARP (0x0806), length 42: Reply 198.51.100.254 is-at 00:00:5e:00:53:21, length 28
4.5 ブリッジ
ブリッジの作成 ip link add dev br0 type bridge
vethをブリッジへ接続 ip link set ns1-br0 master br0
このブリッジはスイッチングハブなので、 ARP をブロードキャストしない
Transport layer 4
サーバー側
nc -ulnv 127.0.0.1 54321
クライアント側
nc -u 127.0.0.1 54321
観測
sudo tcpdump -i lo -tnlA "udp and port 54321"
クライアント側で文字を送信すると、サーバーに送信され、tcpdumpにログが記録