Overview

This book contains everything you need to make your application program support IPv6. IPv6 socket APIs (RFC2553) are fully described with real-world examples. It covers security, a great concern these days. To secure the Internet infrastructure, every developer has to take a security stance - to audit every line of code, to use proper API and write correct and secure code as much as possible. To achieve this goal, the examples presented in this book are implemented with a security stance. Also, the book leads you...
See more details below
IPv6 Network Programming

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$70.95
BN.com price

Overview

This book contains everything you need to make your application program support IPv6. IPv6 socket APIs (RFC2553) are fully described with real-world examples. It covers security, a great concern these days. To secure the Internet infrastructure, every developer has to take a security stance - to audit every line of code, to use proper API and write correct and secure code as much as possible. To achieve this goal, the examples presented in this book are implemented with a security stance. Also, the book leads you to write secure programs. For instance, the book recommends against the use of some of the IPv6 standard APIs - unfortunately, there are some IPv6 APIs that are inherently insecure, so the book tries to avoid (and discourage) the use of such APIs. Another key issue is portability. The examples in the book should be applicable to any of UNIX based operating systems, MacOS X, and Windows XP.

* Covers the new protocol just adopted by the Dept of Defense for future systems
* Deals with security concerns, including spam and email, by presenting the best programming standards
* Fully describes IPv6 socket APIs (RFC2553) using real-world examples
* Allows for portability to UNIX-based operating systems, MacOS X, and Windows XP
Read More Show Less

Product Details

  • ISBN-13: 9780080478791
  • Publisher: Elsevier Science
  • Publication date: 11/16/2004
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 376
  • File size: 3 MB

Meet the Author

He has been contributing to IPv6 protocol design, implementation and deployment through activities at KAME project, where IPv6 stack is developed and maintained for 4.4BSD-variants.

Read More Show Less

Read an Excerpt

IPv6 Network Programming


By Jun-ichiro itojun Hagino

DIGITAL PRESS

Copyright © 2005 Elsevier Inc.
All right reserved.

ISBN: 978-0-08-047879-1


Chapter One

Introduction

I.I A History of IPv6 and Its Key Features

In 1992, the IETF (http://www.ietf.org/) became aware of a global shortage of IPv4 addresses and technical obstacles in deploying new protocols due to limitations imposed by IPv4. An IPng (IP next generation) effort was started to solve these issues. The discussion is outlined in several RFCs, starting with RFC 1550. After a large amount of discussion, in 1995, IPv6 (IP version 6) was picked as the final IPng proposal. The IPv6 base specification is specified in RFC 1883 and revised in RFC 2460.

In a single sentence, IPv6 is a reengineering effort against IP technology. Key features are as follows.

1.1.1 Larger IP Address Space

IPv4 uses only 2^32 bits for IP address space, which allows only (theoretically) 4 billion nodes to be identified on the Internet. Four billion may look like a large number; however, it is less than the world's population. Moreover, due to the allocation (in)efficiency, it is not possible to use up all 4 billion addresses.

IPv6 allows 2^128 bits for IP address space, (theoretically) allowing 340,282,366,920,938,463,463,374,607,431,768,211,456 (340 undecillion) nodes to be uniquely identified on the Internet. Larger address space allows true end-to-end communication, without NAT or other short-term workarounds against IPv4 address shortage. (In these days, NAT has been a headache to new protocol deployment and scalability issues, and we really need to decommission NATs for the Internet to grow further.)

1.1.2 Deploy More Recent Technologies

After IPv4 was specified 20 years ago, we saw many technical improvements in networking. IPv6 covers a number of those improvements in its base specification, allowing people to assume that these features are available everywhere, anytime. Recent technologies include, but are not limited to, the following:

* Autoconfiguration—With IPv4, DHCP is optional. A novice user can get into trouble if visiting an offsite without a DHCP server. With IPv6, the stateless host autoconfiguration mechanism is mandatory. This is much simpler to use and manage than IPv4 DHCP. RFC 2462 has the specification for it.

* Security—With IPv4, IPsec is optional and you need to ask the peer if it supports IPsec. With IPv6, IPsec support is mandatory. By mandating IPsec, we can assume that you can secure your IP communication whenever you talk to IPv6 peers.

* Friendly to traffic engineering technologies—IPv6 was designed to allow better support for traffic engineering such as diffserv or RSVP. We do not have single standard for traffic engineeringyet; so the lPv6 base specification reserves a 24-bit space in the header field for those technologies and is able to adapt to coming standards better than IPv4.

* Multicast—Multicast support is mandatory in IPv6; it was optional in IPv4. The IPv6 base specifications extensivelyuse multicast on the directlyconnected link. It is still questionable how widelywe will be able to deploy multicast (such as nationwide multicast infrastructure), though.

* Better supportfor ad hoc networking—Scoped addresses allow better support for ad hoc (or "zeroconf') networking. IPv6 supports anycast addresses, which can also contribute to service discoveries.

1.1.3 A Cure to Routing Table Growth

The IPv4 backbone routing table size has been a big headache to ISPs and backbone operators. The IPv6 addressing specification restricts the number of backbone routing entries by advocating route aggregation. With the current IPv6 addressing specification, we will see only 8,192 routes in the default-free zone.

1.1.4 Simplified Header Structures

IPv6 has simpler packet header structures than IPv4. It will allow vendors to implement hardware acceleration for IPv6 routers easier.

1.1.5 Allows Flexible Protocol Extensions

IPv6 allows more flexible protocol extensions than IPv4 by introducing a protocol header chain. Even though IPv6 allows flexible protocol extensions, IPv6 does not impose overhead to intermediate routers. It is achieved by splitting headers into two flavors: the headers intermediate routers need to examine and the headers the final destination will examine. This also eases hardware acceleration for IPv6 touters.

1.1.6 Smooth Transition from IPv4

There were a number of transition considerations made during the IPv6 discussions. Also, there is a large number of transition mechanisms available. You can pick the most suitable one for your network during the transition period.

1.1.7 Follows the Key Design Principles of IPv4

IPv4 was a very successful design, as proven by the large-scale global deployment. IPv6 is a new version of IP, and it follows many of the design features that made IPv4 very successful. This will also allow smooth transition from IPv4 to IPv6.

1.1.8 And More

There are number of good books available about IPv6. Be sure to check these ifyou are interested.

1.2 Transition from IPv4-Only Internet to IPv41v6 Dual Stack Internet

Today, most of the nodes on the Internet use IPv4. We will need to gradually introduce IPv6 to the Internet and hopefullymake all nodes on the Internet IPv6-capable.

To do this, the IETF has carefullydesigned IPv6 migration to be seamless. This is achieved by the following two key technologies:

* Dual stack

* Tunneling

With these technologies, we can transition to IPv6 even though IPv4 and IPv6 are not compatible (IPv4-only devices and IPv6-only devices cannot talk with each other directly). We will go into the details soon.

It is expected that we will have a long period oflPv4/v6 dual stack Internet, due to the wide deployment of IPv4 devices. For instance, some of the existing devices, such as IPv4-capable game machines, may not be able to be upgraded to IPv6.

Therefore, in this book, we would like to focus on the issues regarding the transition from IPv4-only Internet to IPv4/v6 dual stack Internet and the changes in socket API programming.

1.2.1 Dual stack

At least in the early stage of IPv6 deployment, IPv6-capable nodes are assumed to be IPv4-capable. They are called "IPv4/v6 dual stack nodes" or "dual stack nodes." Dual stack nodes will use IPv4 to communicate with IPv4 nodes, and use IPv6 to communicate with IPv6 nodes. It is just like a bilingual person he or she will use English when talking to people in the States, and will use Japanese when talking to Japanese people.

The determination of protocol version is automatic, based on available DNS records. Because this is based on DNS, and normal users would use fully qualified domain name (FQDN) in email addresses and URLs, the transition from IPv4 to IPv6 is invisible to normal users. For instance, assume that we have a dual stack node, and we are to access http://www.example.com/. A dual stack node will behave as follows:

* If www.example.com resolves to an IPv4 address, connect to the IPv4 address. In such a case, the DNS database record for www.example.com will be as follows:

www.example.com. IN A i0.i.i.i

* If www.example.comresolves to an IPv6 address, connect to the IPv6 address.

www.example.com. IN AAAA 3ffe:501:ffff::1234

* If www.example.com resolves to multiple IPv4/v6 addresses, IPv6 addresses will be tried first, and then IPv4 addresses will be tried. For example, with the following DNS records, we will try connecting to 3fie:501 :ffff::1234, then 3ffe:501:ffff::5678, and finally 10.1.1.1.

www.example.com. IN AAAA 3ffe:501:ffff::1234 www.example.com. IN AAAA 3ffe:501:ffff::5678 www.example.com. IN A 10.1.1.1

Since we assume that IPv6 nodes will be able to use IPv4 as well, the Internet will be filled with IPv4/v6 dual stack nodes in the near future, and the use of IPv6 will become dominant.

1.2.2 Tunneling

Even when we have IPv4/v6 dual stack nodes at two locations (e.g., home and office), it may be possible that the intermediate network (ISPs) are not IPv6-ready yet. To circumvent this situation, RFC 2893 defines ways to encapsulate an IPv6 packet into an IPv4 packet. The encapsulated packet will travel IPv4 Internet with no trouble, and then decapsulate at the other end. We call this technology "IPv6-over-IPv4 tunneling."

For example, imagine the following situation (see Figure 1.1):

* We have two networks: home and office.

* We have an IPv4/v6 dual stack host and router at both locations.

* However, we have IPv4-only connectivity to the upstream ISP.

In this case, we can configure an IPv6-over-IPv4 tunnel between X and Y. An IPv6 packet from A to B will be routed as follows (see Figure 1.2):

* The IPv6 packet will be transmitted from A to X, as is.

* X will encapsulate the packet into an IPv4 packet.

* The IPv4 packet will travel the IPv4 Internet, to Y.

* Y will decapsulate the packet and recover the original IPv6 packet.

* The packet will reach B.

From a programmer's point ofview, tunneling is transparent: It can be viewed as a simple IPv6 point-to-point link. Therefore, when writing IPv6-capable programs, you can ignore tunneling.

1.3 UNIX Socket Programming

This section briefly describes how UNIX systems abstract network accesses via socket interface. If you are familiar with UNIX sockets, you can skip this section. Also, the section does not try to be complete—for the complete description, you may want to check the reading material listed in the References.

With only a few exceptions, UNIX operating systems abstract system resources as files. For instance, the hard disk device is abstracted as a file such as/dev/rwd0c. Even physical memory on the machine is abstracted as a file,/dev/mem. You can open(2), read(2), write(2), or close(2) files, and files already opened by a process are identified by an integer file descriptor.

int fd; /* file descriptor */ char bur [128] ;

fd = open(~/tmp/foo ", O_RDONLY, if (fd < 0) { perror("open"); exit(l); /*NOTREACHED*/ } if (read(fd, buf, sizeof(buf)) < 0) { perror ("read") ; exit (i) ; /*NOTREACHED*/ } close (fd) ; exit(0) ;

Accesses to the network are also abstracted as special kinds of files, called sockets. Sockets are created by a socket(2) system call. Sockets are a special kind of file descriptor, so they are represented as an integer and can be terminated by using close(2). On a socket(2) call, you need to identify the following three parameters:

* Protocal family—AF_INET identifies IPv4.

* Type of socket—SOCK_STREAM means connetion-oriented socket model. SOCK_DGRAM means datagram-oriented socket model.

* Protocol type—such as IPPROTO_TCP or IPPROTO_UDP.

For the Internet protocol, there are two kinds of sockets: connection-oriented and connectionless sockets. Connection-oriented sockets abstract TCP connections, and connectionless sockets abstract communication over UDP. Type of socket and protocol type has to be consistent; SOCK_STREAM has to be used with IPPROTO_TCP.

Note: There are transport layer protocols other than TCP/UDP proposed in the IETF, such as SCTP or DCCP. They are also abstracted as connection-oriented or connectionless sockets.

int s; /* socket */

/* * AF_INET: protocol family for IPv4 * SOCK STREAM: connection-oriented socket * IPPROTO_TCP: use TCP on top of IPv4 */ s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) ; if (s < 0) { perror('~socket"); exit(l); /*NOTREACHED*/ } close(s);

While read(2) or write(2) is possible for sockets, we normally need to supply more information, such as peer's address, to get the data stream to reach the peer. There are additional system calls specificallyprovided for sockets, such as sendmsg(2), sendto(3), recvmsg(2), and recvfrom(3).

Since we need to identify the peer when accessing the network, we need to denote it either by:

* Using connect(2) to make the socket a connected socket. The peer's address will be kept in the system, and you can use read(2) or write(2) after connect(2).

* Using sendto(3) or sendmsg(2) to denote the peer every time you transmit data to the socket.

(Continues...)



Excerpted from IPv6 Network Programming by Jun-ichiro itojun Hagino Copyright © 2005 by Elsevier Inc.. Excerpted by permission of DIGITAL PRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Contents

Preface....................vii
About This Book....................ix
1 Introduction....................1
2 IPv6 Socket Programming....................13
3 Porting Applications to Support IPv6....................27
4 Tips in IPv6 Programming....................49
5 A Practical Example....................59
A Coming updates to IPv6 APIs....................81
B RFC2553 "Basic Socket Interface Extensions for IPv6"....................83
C RFC3493 "Basic Socket Interface Extensions for IPv6"....................125
D RFC2292 "Advanced Sockets API for IPv6"....................165
E RFC3542 "Advanced Sockets Application Program Interface (API) for IPv6"....................233
F IPv4-Mapped Address API Considered Harmful....................311
G IPv4-Mapped Addresses on the Wire Considered Harmful....................317
H Possible Abuse Against IPv6 Transition Technologies....................323
I An Extension of format for IPv6 Scoped Addresses....................333
J Protocol Independence Using the Sockets API....................345
References....................355
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)