-
Notifications
You must be signed in to change notification settings - Fork 42
How to set up
If you still don't have a kernel with XIA stack and package xiaconf installed, please go to page How to install.
Not all operations below require administrative rights, but for simplicity, the text assumes that you are logged in as root.
Notice that for each principal there two routing tables: local and main. Table local holds all XIDs that are hosted on the machine, whereas table main holds all other XIDs.
Important. the XIA stack is often compiled as kernel modules, so, before you evoke a principal, make sure that you have the principal loaded. See section Installing to see how to load principals, and how to automatically load them during the boot. Forgetting to do this, will lead to errors such as RTNETLINK answers : Unknown error 134.
XIP's DST Table, or simply DST for short, is a routing cache table that maps all four edges of the last node of an address to methods that can route that address. DST is how Linux XIA implements fast-path routing since a DST entry has all information necessary to fully forward a packet.
Although XIA stack automatically maintains its DST, developers may want to dump or flush DST for debugging/testing purposes. The following example shows how to inspect DST's content, and flush it:
# xip dst show to 0: ad-ffffff830b595ed20e706088301b516de8c8cf15 1: nat-0000000000000000000000000000000000000000 2: nat-0000000000000000000000000000000000000000 3: nat-0000000000000000000000000000000000000000 input, key_hash=0xc05c7062, chosen_edge=0 passthrough/sink_action=XDA_DIG/XDA_ERROR flags [] to 0: hid-7ac27f90663ef36da12cfcc37c9a6bb6b85dec96 1: nat-0000000000000000000000000000000000000000 2: nat-0000000000000000000000000000000000000000 3: nat-0000000000000000000000000000000000000000 output, key_hash=0xcdc40576, chosen_edge=0 passthrough/sink_action=XDA_METHOD/XDA_METHOD flags [] to 0: hid-75ad3b8cc86c9356224b83f18bdb4465aac0f6d8 1: nat-0000000000000000000000000000000000000000 2: nat-0000000000000000000000000000000000000000 3: nat-0000000000000000000000000000000000000000 input, key_hash=0x1854f67e, chosen_edge=0 passthrough/sink_action=XDA_DIG/XDA_ERROR flags [] # xip dst flush # xip dst show
In order to add AD ffffff830b595ed20e706088301b516de8c8cf15 and AD eeeeee830b595ed20e706088301b516de8c8cf15 as local ADs, issue the following commands:
# xip ad addlocal ffffff830b595ed20e706088301b516de8c8cf15 # xip ad addlocal eeeeee830b595ed20e706088301b516de8c8cf15
To show the just added local ADs:
# xip ad show locals to ad-eeeeee830b595ed20e706088301b516de8c8cf15 flags [] to ad-ffffff830b595ed20e706088301b516de8c8cf15 flags []
To remove AD eeeeee830b595ed20e706088301b516de8c8cf15, use the following command:
# xip ad dellocal eeeeee830b595ed20e706088301b516de8c8cf15
The command below adds destination AD e6c604830b595ed20e706088301b516de8c8cf15 to main table such that packets destined to this AD will be forwarded to hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701.
# xip ad addroute e6c604830b595ed20e706088301b516de8c8cf15 \ gw hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701
The command to list all table main is as follows:
# xip ad show routes to ad-e6c604830b595ed20e706088301b516de8c8cf15 gw hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701 flags []
The command below undoes the previous xip ad addroute.
# xip ad delroute e6c604830b595ed20e706088301b516de8c8cf15
One needs to generate HIDs in order to set addresses to a machine. The command xip shown below generate an HID and save it to "/etc/xia/hid/prv/xia1":
# xip hid new xia1
Notice that "#" means the shell is running with root privileges. The content of the generated file is shown below:
# cat /etc/xia/hid/prv/xia1 -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAt50XdeQveCXm9YmmIcts0eRrwGAYDhzMjBys9U5TqX+vH4sH JhSM7AO/n9RIWwXMvxHbGJkwao4Zshzm2wGbtThS+8QipXeweV03cBM3+udNx8gY pGYT7F/OlMWGDyrB5F19fUZ8LSyn7N0hlV0GpFh3R6qbDXcsJ4NDpEHgGWaXIt+e KxQTdJnP9B4vpEe72U+Oy/1ZNHvG4EW2TK+u5O3hQJtH2jeuzdcVzNl6024NJn5z LXl+I0IWJoLLR6F7Sx49gT0PQ6+OZq/QrcnAkzKKupfFrTKhDMluaxOYIzd5ahqf 2uhADqABLL8YBEBS0gN6rXLkCP7GukpFUp2cAwIDAQABAoIBAQCdCiqqlgNTi3dB wfzpIodr7SWLX6SzTUZU/6GeHOPJMH+jRtFSbHkq0vntxS4tS4SWVrtBCqQyPl8T y0xXO8Tk9ctjsZjAVOIGqwdjP8y9N19641TQJs4beMXC0D2cc0FqA9v0bXh/WpY1 K9wxV2L65P7/uJbsqWSGVupfbkgw7+4ahCM6IhrlOLrGFYmLHmL/GXH9wDrSox9t uTs5o4pknjw4GqM8c+pPnZ/achA1FQOzOdPhbFCXuVMVBk67pg8MoEG1OcTfM4ij mR5l6CAxXm16oWY9n0F3V19UKKaVOMOID7GV/xjDxxKabNa/XYLrDTpe3AoxtfU+ I9tN1/8hAoGBAOVFIE+xyqsnbdLOBE/ObWMwTxsdsO2P/UhGVlVR57KnirI9W5wP N4wgTfjcJNPgid6R7cTh9fDcMcAKOx0QFUiodmJhLDPXR+3Z9krePz1VJMmqLXv8 x+/SzMAkx/nZBIj4iP+MBOioYtTcs44yQ56b9N5GjiKfZfS/2t59Ca4vAoGBAM0F SfVZM2ON/bbRzsFEzKKWRjca+BuKDOPXxZNaCkOiIwBvWaJMIMA2IZ99CZb3sMB5 NbmNTHsLkm8AAwvDJ2Dl2fAuruilRggZ17+UuPE2pJYSqth7bjjqOMqAf+1wlaj9 o47/+3GMDlbj6jX3PGWLGPHO1O4SU5Fz3M6Abi5tAoGAOCbVAg/GVmLix/WDItSo /9kOFtMPyS8x1mi7rkvQFnZoRr02WaN0dFJZJnEsZ+QfgC53cHfzF1mmqaUX00dk HxZ7YB7yh4PbbwqqAq4qCOh4iRev6iUABuG3GfwoKi4XqUBNtWDituS+x+mB5Hq1 CvyhXWskVqB5hRcUENfI7isCgYBSWZF/bzjpABus11FI6C2aEOpbMAYAac8LpZvC uCPvTqzoe9FxE0sEabnPqhW0AgGJDia6RTs3IUrMMyEGFHk4vppvkxDGebxLfLXg SgiPOveZIB5nngyD5/CvxjWcVeCHZHnR8pg435zS4fEthAVKdDisx/tXNR1EC1nh yEx5cQKBgGaxMOuLiP1AySqnnfQsTfnf50sMuugECesGjdJy8/zJ73RsLOAw+9sf JcvjyALY0SEQB8vA7W75v79Ok+IsCHo1ULbv9gf4KMjyrJBBqYaRcEpo5AqqjHcf A0t9saPql6VKrPT+IWZXJ7zhBUmMv8hllXDg/FCK/2JOVCZW6JRi -----END RSA PRIVATE KEY-----
Notice that the content will be different every time it is generated. The content of the file is just the HID's private key in PEM format.
In some occasions, one may want to pass an address to another machine. This can be done as follows:
# xip hid getpub xia1 hid-e6c604830b595ed20e706088301b516de8c8cf15 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt50XdeQveCXm9YmmIcts 0eRrwGAYDhzMjBys9U5TqX+vH4sHJhSM7AO/n9RIWwXMvxHbGJkwao4Zshzm2wGb tThS+8QipXeweV03cBM3+udNx8gYpGYT7F/OlMWGDyrB5F19fUZ8LSyn7N0hlV0G pFh3R6qbDXcsJ4NDpEHgGWaXIt+eKxQTdJnP9B4vpEe72U+Oy/1ZNHvG4EW2TK+u 5O3hQJtH2jeuzdcVzNl6024NJn5zLXl+I0IWJoLLR6F7Sx49gT0PQ6+OZq/QrcnA kzKKupfFrTKhDMluaxOYIzd5ahqf2uhADqABLL8YBEBS0gN6rXLkCP7GukpFUp2c AwIDAQAB -----END PUBLIC KEY-----
To save it as a file, just redirect the output with '>'. Notice that the output has the public key, not the private key, so the content can be openly published, but cannot be used to assign an address to a machine.
An address can be assigned to a machine as follows:
# xip hid addaddr xia1
The following command shows all assigned HIDs:
# xip hid showaddrs to hid-7ac27f90663ef36da12cfcc37c9a6bb6b85dec96 flags []
The following sequence of commands shows how to remove an HID:
# xip hid new xia2 # xip hid addaddr xia2 # xip hid showaddrs to hid-772a66684976473f1a781086fb51521f2eaa4044 flags [] to hid-7ac27f90663ef36da12cfcc37c9a6bb6b85dec96 flags [] # xip hid deladdr xia2 # xip hid showaddrs to hid-7ac27f90663ef36da12cfcc37c9a6bb6b85dec96 flags []
Neighborhood Watch Protocol (NWP) automatically manages a machine's HID neighbors, so there is no real need for using the commands in this section. These commands are mainly intended for troubleshooting.
A neighbor can be added to a machine as follows:
# xip hid addneigh 7ac27f90663ef36da12cfcc37c9a6bb6b85dec96 \ lladdr 00:90:f5:ba:71:5f dev eth0
The following command shows all added neighbors:
# xip hid showneighs to hid-7ac27f90663ef36da12cfcc37c9a6bb6b85dec96 lladdr: 00:90:f5:ba:71:5f dev: eth0 flags []
The following sequence of commands shows how to remove a neighbor:
# xip hid addneigh 12347f90663ef36da12cfcc37c9a6bb6b85dec96 \ lladdr DE:AD:f5:ba:BE:EF dev eth0 # xip hid showneighs to hid-12347f90663ef36da12cfcc37c9a6bb6b85dec96 lladdr: de:ad:f5:ba:be:ef dev: eth0 flags [] to hid-7ac27f90663ef36da12cfcc37c9a6bb6b85dec96 lladdr: 00:90:f5:ba:71:5f dev: eth0 flags [] # xip hid delneigh 12347f90663ef36da12cfcc37c9a6bb6b85dec96 \ lladdr DE:AD:f5:ba:BE:EF dev eth0 # xip hid showneighs to hid-7ac27f90663ef36da12cfcc37c9a6bb6b85dec96 lladdr: 00:90:f5:ba:71:5f dev: eth0 flags []
The LPM principal allows users to add prefixes to the routing table using either hexadecimal format or IPv4 address format.
In order to add LPM ffffff830b595ed20e706088301b516de8c8cf15 with a prefix length of all 160 bits as a local LPM, issue the following command (note the "0x" must be prepended to the identifier):
# xip lpm addlocal 0xffffff830b595ed20e706088301b516de8c8cf15 160
To make only some of these bits part of the prefix length, change the last parameter. For example, to make the prefix length 50, issue this command:
# xip lpm addlocal 0xffffff830b595ed20e706088301b516de8c8cf15 50
If the identifier does not contain all 40 hexadecimal digits, it will be padded with zeroes. For example, to add a prefix for fff0000000000000000000000000000000000000 of length 160, issue this command:
# xip lpm addlocal 0xfff 160
IPv4 addresses can also be used as identifiers. To add an entry for the IPv4 address 192.168.0.10 with a prefix length of 24, issue this command:
# xip lpm addlocal 192.168.0.10 24
To show the just added local ADs, issue the following command (note that the prefix length is printed after the XID):
# xip lpm show locals to lpm-ffffff830b595ed20e706088301b516de8c8cf15/160 flags [] to lpm-ffffff830b595ed20e706088301b516de8c8cf15/50 flags [] to lpm-fff0000000000000000000000000000000000000/160 flags [] to lpm-c0a8000a00000000000000000000000000000000/24 flags []
To remove LPM ffffff830b595ed20e706088301b516de8c8cf15 with prefix length 50, use the following command:
# xip lpm dellocal 0xffffff830b595ed20e706088301b516de8c8cf15 50
The command below adds destination LPM ffffff830b595ed20e706088301b516de8c8cf15 with a prefix length of 50 to the main table such that packets that match this LPM will be forwarded to hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701.
# xip lpm addroute 0xffffff830b595ed20e706088301b516de8c8cf15 50 \ gw hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701
As with adding local entries, zero padding is added if the given hexadecimal ID is not 40 digits, and users can also add main entries using IPv4 addresses.
The command to list all LPMs in the main table is as follows:
# xip lpm show routes to lpm-ffffff830b595ed20e706088301b516de8c8cf15/50 gw hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701 flags []
The command below undoes the previous xip lpm addroute.
# xip lpm delroute 0xffffff830b595ed20e706088301b516de8c8cf15 50
The Serval principal is no longer part of Linux XIA since March 9th, 2016.
Serval has two local tables, one for ServalIDs and another for FlowIDs, and both are kept through Socket API, so the command xip can only list the bounded sockets as in these examples:
# xip serval showsockets service local serval-007f4e38904e83634acc7e1340ef7665e3f1f57b socket state = CONNECTED flags [] local serval-007f4e38904e83634acc7e1340ef7665e3f1f57a socket state = LISTEN flags [] # xip serval showsockets flow local flowid-1a67a6bf1a2fe2e24cca494f014107495587f981 peer !serval-007f4e38904e83634acc7e1340ef7665e3f1f57b->0*** socket state = CONNECTED flags [] local flowid-1967a6bf1a2fe2e2505ee1a87860c4499f519a7a peer !serval-007f4e38904e83634acc7e1340ef7665e3f1f57a->0*** socket state = CONNECTED flags []
The command below adds destination Serval e6c604830b595ed20e706088301b516de8c8cf15 to main table such that packets destined to this ServalID will be forwarded to hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701.
# xip serval addroute service e6c604830b595ed20e706088301b516de8c8cf15 \ gw hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701
The command to list all ServalID main table is as follows:
# xip serval showroutes service to serval-e6c604830b595ed20e706088301b516de8c8cf15 gw hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701 flags []
The command below undoes the previous xip serval addroute service.
# xip serval delroute service e6c604830b595ed20e706088301b516de8c8cf15
The management of FlowID main table is done replacing "service" to "flow" in the previous commands.
There is only a local routing table for U4IDs; main U4IDs, or routes, are not recorded. This is because we need to be able to identify when there is a U4ID representing a local socket to be able to do encapsulation and decapsulation. However, the delivery of packets to other hosts is not the responsibility of XIA when using the U4ID principal. Forwarding packets to other hosts is done in the space of the IP stack; therefore, we do not need to keep U4ID route information in the XIA routing table.
Every local U4ID entry that is added to the routing table represents a tunnel destination for an XIP packet encapsulated in a UDP/IP packet. In other words, it represents a local listening UDP socket that is expecting an encapsulated XIP packet. To add a local U4ID entry, the following command can be used:
# xip u4id add 192.168.100.2 0x41d0
This will create a UDP socket on the IP address:port tuple of 192.168.100.2:0x41d0.
However, you can optionally specify that a local U4ID entry also represents the source of a tunnel, in addition to representing the destination of a tunnel:
# xip u4id add 192.168.100.2 0x41d0 -tunnel
In order for XIP packets to be encapsulated into UDP/IP packets and transmitted, one of the local U4ID entries must have been added with the "-tunnel" flag. Otherwise, there would be no tunnel source from which to send packets. There can only be one tunnel source a time.
By default, UDP checksumming is enabled for every tunnel socket created using the "-tunnel" flag. However, UDP checksumming can also be disabled:
# xip u4id add 192.168.100.2 0x41d0 -tunnel -disable_checksum
To remove an entry from the local U4ID table, use "del" instead of "add":
# xip u4id del 192.168.100.2 0x41d0
Any currently listening UDP sockets that are associated with local U4ID entries can be viewed using the "show" command of the xip u4id application. The command will also display whether the socket is the tunnel source socket and whether checksumming is enabled. For example:
# xip u4id show to u4id-c0a8640241d00000000000000000000000000000 using IP socket: 192.168.100.2:16848 tunnel socket: yes (checksumming enabled) flags []
XDP's local table is kept through Socket API, so the command xip can only list the bounded XDP sockets as in this example:
# xip xdp shows local xdp-007f4e38904e83634acc7e1340ef7665e3f1f57a flags []
If the socket above were connected, there would be a line to show its peer's full address.
The command below adds destination XDP e6c604830b595ed20e706088301b516de8c8cf15 to main table such that packets destined to this XDP will be forwarded to hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701.
# xip xdp addroute e6c604830b595ed20e706088301b516de8c8cf15 \ gw hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701
The command to list all main table is as follows:
# xip xdp showroutes to xdp-e6c604830b595ed20e706088301b516de8c8cf15 gw hid-0ef791a4543330d92fa9fb0f0e9c59c24c6df701 flags []
The command below undoes the previous xip xdp addroute.
# xip xdp delroute e6c604830b595ed20e706088301b516de8c8cf15
All grants that have generously supported the development of Linux XIA are listed on our Funding page.