diff options
Diffstat (limited to 'static/freebsd/man4/send.4 3.html')
| -rw-r--r-- | static/freebsd/man4/send.4 3.html | 203 |
1 files changed, 0 insertions, 203 deletions
diff --git a/static/freebsd/man4/send.4 3.html b/static/freebsd/man4/send.4 3.html deleted file mode 100644 index d166f2e1..00000000 --- a/static/freebsd/man4/send.4 3.html +++ /dev/null @@ -1,203 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">SEND(4)</td> - <td class="head-vol">Device Drivers Manual</td> - <td class="head-rtitle">SEND(4)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">send</code> — <span class="Nd">Kernel side - support for Secure Neighbor Discovery (SeND)</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">sys/socket.h</a>></code> - <br/> - <code class="In">#include <<a class="In">netinet/in.h</a>></code> - <br/> - <code class="In">#include <<a class="In">netinet6/send.h</a>></code></p> -<p class="Pp"><var class="Ft">int</var> - <br/> - <code class="Fn">socket</code>(<var class="Fa" style="white-space: nowrap;">PF_INET6</var>, - <var class="Fa" style="white-space: nowrap;">SOCK_RAW</var>, - <var class="Fa" style="white-space: nowrap;">IPPROTO_SEND</var>);</p> -<p class="Pp">To load the driver as a module at boot time, place the following - line in <a class="Xr">loader.conf(5)</a>:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>send_load="YES"</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover - other nodes on the link, to determine their link-layer addresses to find - routers, and to maintain reachability information about the paths to active - members. NDP is vulnerable to various attacks [RFC3756]. Secure Neighbor - Discovery is a set of extensions to NDP that counter threats to NDP - [RFC3971].</p> -<p class="Pp">Kernel side support for SeND consists of a kernel module with - hooks that divert relevant packets (Neighbor Solicitations, Neighbor - Advertisements, Router Solicitations, Router Advertisements and Redirects) - from the NDP stack, send them to user space on a dedicated socket and - reinject them back for further processing. Hooks are triggered only if the - <code class="Nm">send</code> module is loaded.</p> -<p class="Pp">The native SeND socket is similar to a raw IP socket, but with its - own, internal pseudo-protocol (IPPROTO_SEND). Struct sockaddr_send is - defined in - <code class="In"><<a class="In">netinet6/send.h</a>></code>. It - defines the total length of the structure, the address family, packet's - incoming or outgoing direction from the interface's point of view, and the - interface index.</p> -<div class="Bd Pp Li"> -<pre>struct sockaddr_send { - unsigned char send_len; /* total length */ - sa_family_t send_family; /* address family */ - int send_direction; - int send_ifidx; - char send_zero[8]; -};</pre> -</div> -<p class="Pp">The address family is always <var class="Va">AF_INET6</var>. The - <var class="Va">send_direction</var> variable denotes the direction of the - packet from the interface's point of view and has either the value - <code class="Dv">SND_IN</code> or <code class="Dv">SND_OUT</code>. The - <var class="Va">send_ifidx</var> variable is the interface index of the - receiving or sending interface. The <var class="Va">send_zero</var> variable - is padding and must always be zero.</p> -<p class="Pp">In case that no user space application is connected to the send - socket, processing continues normally as if the module was not loaded.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="INPUT_HOOK"><a class="permalink" href="#INPUT_HOOK">INPUT - HOOK</a></h1> -<p class="Pp">The input hook is named after the input path of the incoming or - outgoing NDP packets, on the way from the wire, through the nd6 stack, to - user space. Relevant packets are identified by adding an mbuf_tag (see - <a class="Xr">mbuf_tags(9)</a>) to the <a class="Xr">mbuf(9)</a>, if the - <code class="Nm">send</code> module is loaded. It is then passed on to the - kernel-userland interface for either cryptographic protection or validation - by the SeND application. The hook takes an argument that describes the - direction of the packet, both in case of incoming and outgoing packets. - <code class="Dv">SND_IN</code> is the direction of the incoming packets that - are usually protected by the SeND options and then sent to user space for - cryptographic validation. <code class="Dv">SND_OUT</code> is the outgoing - direction. It describes both reply and locally originated outgoing packets - that are sent to user space for the addition of SeND options.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="INCOMING_PACKETS"><a class="permalink" href="#INCOMING_PACKETS">INCOMING - PACKETS</a></h1> -<p class="Pp">The incoming ND packet from the wire:</p> -<div class="Bd Pp Li"> -<pre> kernelspace ( userspace - ) - incoming SeND/ND packet ( - | ) - v ( SND_IN ) ( - icmp6_input() -> send_input_hook ---> send socket ----+ - : ) | - : # # ( | - normal : # # ) v - processing : # send.ko # ( SeND application - path : # # ) | - : # # ( | - v ) | - icmp6/nd6_??_input() <- protocol switch <--- send socket <---+ - | structure (IPPPROTO_SEND) ) - | ( SND_IN ) ( - v ) - continue normal ND processing (</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="OUTGOING_PACKETS"><a class="permalink" href="#OUTGOING_PACKETS">OUTGOING - PACKETS</a></h1> -<p class="Pp">Outgoing ND packet (reply or locally triggered):</p> -<div class="Bd Pp Li"> -<pre> kernelspace ( userspace - ) - nd6_na_input() ( - +PACKET_TAG_ND_OUTGOING ) - | ) - | outgoing packet ( - | | ) - | v ( - | icmp6_redirect_output() ) - | nd6_ns_output() ( - | nd6_na_output() ) - | +PACKET_TAG_ND_OUTGOING ( - | | ) - | +-----------<- rip6_output() <----------)----- rtsol/rtadvd/.. - | | +PACKET_TAG_ND_OUTGOING ( - | v ) - | ip6_output() ( - | | ) - +-------->-+ ( - | ) - v ( SND_OUT ) ( - nd6_output_lle() -> send_input_hook ---> send socket ----+ - -PACKET_TAG_ND_OUTGOING ) | - : # # ( | - normal : # # ) v - processing : # send.ko # ( SeND application - path : # # ) | - : # # ( | - v ) | - (*ifp->if_output)() <- protocol switch <--- send socket <---+ - | structure (IPPPROTO_SEND) ) - | ( SND_OUT ) ( - v ) - continue with normal packet output (</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="ERRORS"><a class="permalink" href="#ERRORS">ERRORS</a></h1> -<p class="Pp">A socket operation may fail with one of the following errors - returned:</p> -<dl class="Bl-tag"> - <dt id="EEXIST">[<a class="permalink" href="#EEXIST"><code class="Er">EEXIST</code></a>]</dt> - <dd>Another user space SeND application is bound to the socket.</dd> - <dt id="ENOBUFS">[<a class="permalink" href="#ENOBUFS"><code class="Er">ENOBUFS</code></a>]</dt> - <dd>Shortage of space to receive the incoming (SeND-protected) or outgoing - (SeND-validated) packet from the SeND application.</dd> - <dt id="ENOSYS">[<a class="permalink" href="#ENOSYS"><code class="Er">ENOSYS</code></a>]</dt> - <dd>A packet received from user space and passed to the NDP stack for further - processing is neither Neighbor Solicitation, Neighbor Advertisement, - Router Solicitation, Router Advertisement nor Redirect.</dd> - <dt id="ENOENT">[<a class="permalink" href="#ENOENT"><code class="Er">ENOENT</code></a>]</dt> - <dd>Occurs if interface output routines fail to send the packet out of the - interface.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">recvfrom(2)</a>, <a class="Xr">sendto(2)</a>, - <a class="Xr">socket(2)</a>, <a class="Xr">loader.conf(5)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">send</code> module first appeared in - <span class="Ux">FreeBSD 9.0</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Ana Kukec</span> - <<a class="Mt" href="mailto:anchie@FreeBSD.org">anchie@FreeBSD.org</a>>, - University of Zagreb</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">Due to the lack of NDP locking, it is currently not possible to - unload the <code class="Nm">send</code> module.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">September 19, 2010</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> |