Ad-Hoc Networking in Linux with Avahi

Download Ad-Hoc Networking in Linux with Avahi

Post on 20-May-2015

5.029 views

Category:

Technology

1 download

Embed Size (px)

DESCRIPTION

Presentation on Ad-Hoc Networking in Linux with Avahi given at CaLUGHow to implement mDNS technology (like Apple's Bonjour) in Linux using Avahi

TRANSCRIPT

  • 1. Linux Ad-HOC Networking Home Networks are Fun Again Chris Gragsone [email_address] ERIS RESEARCH

2. What is Local-Link?

  • Any grouping of hosts without requiring a router or gateway and are directly reachable
  • Local Area Networks
  • Workgroups
  • Peer Networks
  • Ad-Hoc Networks
  • Broadcast Domains

3. LAN Protocols

  • Golden Age LAN Protocols
  • NetBeui (Windows Native)
  • Appletalk (Mac Native)
  • IPX/SPX (Novell)
  • TCP/IP Local-Link Protocols
  • UPnP (Windows Native)
  • Zeroconf (Mac Native Bonjour)
  • SLP (Smells Like PNovell)

4. Why Local-Link?

  • Same reasons LANs were fun
  • GAMES!!!
  • Printers
  • Entertainment and Home Automation
  • Ad-Hoc and Disposable Networks
  • Digital Living Network Alliance

5. Why Local-Link? (cont.)

  • UPnP SOHO/Firewalls devices
  • Zeroconf Network Printers

6. Local-Link Architecture APPLICATION DISCOVERY NAMING APPLICATION TRANSPORT NETWORK DATA-LINK UPnP TCP/IP Local-Link Zeroconf DNS-SD mDNS APIPA UPnP APIPA SLP ADDRESSING SLP SSDP 7. Primum non Nocere

  • MUST NOT cause harm to the network
  • Zeroconf protocols are designed to operate nicely or in concert with managed networks.
  • Each layer is la cart, operating entirely ad-hoc, hybrid with managed infrastructure, or disabled.

8. Addressing Layer

  • Automatic Private IP AssignmentRFC 3927 (169.254/16 Prefix)
  • Selects a random host IP falling inside the Private IP range.
  • Checks that the IP is unused via an Arp request
  • Sends a Claiming-ARP to clean stale caches

9. Addressing Layer (Cont.) New host connects to the local network. Attempts a DHCP request No DHCP Sever present to respond. DHCP Request time out. 10. Addressing Layer (Cont.) New host connects to the local network. Attempts a DHCP request Another host on the network answers the ARP request. New host now knows that IP address is taken. Host selects a random IP address in the 169.254.0.0/16 range. Performs an ARP request 11. Addressing Layer (Cont.) New host connects to the local network. Attempts a DHCP request No one replies after multiple ARP requests. New host has assurances that the IP is available. Host selects a random IP address in the 169.254.0.0/16 range. Performs an ARP request Host selects a new IP address in the 169.254.0.0/16 range. Performs an ARP request for the new IP 12. Addressing Layer New host connects to the local network. Attempts a DHCP request Host selects a random IP address in the 169.254.0.0/16 range. Performs an ARP request Host selects a new IP address in the 169.254.0.0/16 range. Performs an ARP request for the new IP Host assigns itself the IP address. Begins answering ARP requests. 13. AutoIP with Avahi!

  • avahi-autoipd DINTERFACE stand-alone or plugin for a DHCP client, where it can be used as fallback solution if no DHCP server is found

14. Naming Layer

  • Why? IP Addresses arent user-friendly, or in APIPA even significant.
  • What? Use .local or .home TLDs to replace IP addresses
  • How? Magicerr, Multicast-DNS (mDNS)

15. Naming Layer (Cont.)

  • mDNS
  • Will attempt to resolve over centralized DNS servers if possible
  • Failing that a DNS request will be sent to a multicast address on UDP 5353

16. Naming Layer (Cont.)

  • Name Request
  • Node will attempt to resolve the name it wants, waiting for an answer.If the name is available, it will send out an mDNS answer.
  • Nodes will cache mDNS replies to save bandwidth and will answer requests for hosts that are temporarily unavailable.

17. Naming Layer (Cont.) alice.laptop wants to know who charlie.mac is. alice.laptop doesnt have a DNS server in its configuration. If alice.laptop was making a request to charlie.local, then normal DNS would automatically be skipped. alice.laptop sends a request to 224.0.0.251:5353 udp. While everyone on the network receives the request, only charlie.mac currently knows his address. 18. Naming Layer (Cont.) alice.laptop wants to know who charlie.mac is. alice.laptop doesnt have a DNS server in its configuration. If alice.laptop was making a request to charlie.local, then normal DNS would automatically be skipped. alice.laptop sends a request to 224.0.0.251:5353 udp. While everyone on the network receives the request, only charlie.mac currently knows his address. Once charlie.mac replies to 224.0.0.251.5353 Then everyone else caches the responce 19. Naming Layer (Cont.) bob.laptop wants to know who charlie.mac is. bob.laptop sends a request to 224.0.0.251:5353 udp. 20. Naming Layer (Cont.) bob.laptop wants to know who charlie.mac is. bob.laptop sends a request to 224.0.0.251:5353 udp. Sadly, charlie.mac is currently rebooting 21. Naming Layer (Cont.) bob.laptop wants to know who charlie.mac is. bob.laptop sends a request to 224.0.0.251:5353 udp. Sadly, charlie.mac is currently rebooting Luckily, dave.pc has it stored in cache 22. Naming Layer (Cont.)

  • Common Issue
  • If alice and bob are in two different ip assignments (ie. 10.0.0.0/8 and 169.254.0.0/16), but on the same broadcast domain.Theyll be able to resolve each other, but unable to connect unless there is a router handling the relationship.

23. mDNS with Avahi!

  • mDNS With Avahi!
  • Avahi-daemon Launch and go for mDNS and DNS-SD
  • /etc/avahi/avahi-daemon.conf works out of the box as expected fun things start here

24. mDNS with Avahi! (Cont.)

  • /etc/avahi/hosts Useful for publishing static addresses for other hosts Formatted like /etc/hosts remember to suffix entries with .local
  • avahi-publish -aHOST-NAME ADDRESS short term static address publishing
  • avahi-set-host-nameHOST-NAME rename your host for a short term

25. mDNS with Avahi (Cont.)

  • Avahi-resolve --nameHOST-NAME
  • Avahi-resolve --addressADDRESS
  • diagnostics tools
  • if applications are working as expect, then you wont need to run these.

26. Discovery Layer

  • Why?
  • Imagine never needing to Portscan :D
  • Port numbers are boring
  • Network Awareness, I want to know if the network Im on has a web server
  • How?
  • DNS-SD
  • SSDP
  • SLP

27. Discovery Layer (Cont.)

  • DNS-Service Discovery (DNS-SD)
  • Service discovery, mDNS style
  • raison d'tre of Zeroconf

28. DNS-SD with Avahi

  • Avahi-daemon Launch and go for mDNS and DNS-SD /etc/avahi/avahi-daemon.conf
  • /etc/avahi/services/*.service useful for publishing static services XML files
  • avahi-publish -sNAME SERVICE-TYPE PORT short term static service announcements

29. DNS-SD with Avahi (Cont.)

  • Avahi-browse
  • Avahi-discover
  • diagnostics tools
  • if applications are working as expect, then you wont need to run these.

30. Bookmarks via DNS-SD

  • Broadcasting Bookmarks via DNS-SD

31. Bookmarks via DNS-SD (Cont.)

  • To see the bookmarks: avahi-bookmarks then gotohttp://localhost:8080/

32. Application Layer

  • Universal Plug and Play (UPnP)
  • XML-SOAP
  • Standard Multi-Vendor Language

33. Implementations

  • UPnP
  • Bonjour, formally known asRendezvous (Mac and Windows)
  • Avahi (FOSS)
    • Avahi-autoipd
    • Avahi-deamon
    • Avahi-discover
    • Avahi-utils

34. Security Concerns

  • Denial of Service Prevent people from obtaining IP addresses or Host names
  • Spoofing Host name spoofing, Address spoofing, just as easy as ARP spoofing.
  • Man in the Middle attacks
  • Open-Disclosure of Assets
  • Expects others to be playing nice

35. Security Concerns

  • OpenPGP or X.509 certificates?
  • Signed by trusted computing?
  • I