douglas-larocca / slitch Goto Github PK

slitch -- experimental low-level networking in Common Lisp
============================================================

This package implements some low-level networking, based on reading
and writing ethernet frames via the operating system. Currently it
supports some subset of ARP, IP, ICMP, UDP, and TCP.

The current implementation uses CMUCL's FFI (Alien) to access Linux
'tap' devices, which are like virtual ethernet cards implemented in
software. The operating system views the tap device just like a
network card. When it writes to the tunnel, the packets arrive in the
lisp program, and when the lisp program writes packets to the tunnel,
the operating systems receives them as if they came from a real
network card.

We configure the host machine to route packets for a virtual network
address into the tunnel, so that normal programs (ping etc) can talk
to the lisp program.

Prerequisites
============================================================

* CMU Common Lisp (I use 18e on Debian)

  You also need the "mk-defsystem" package (a Lisp version of "make"),
  which is already included with some copies (e.g. Debian's), or can
  be found in CLOCC.

* Linux, with support for tunnel devices via the "tun" module. If you
  have this available, you should be able to successfully run "insmod
  tun" as root to load it. You can also check if the file /dev/net/tun
  exists.

  If you don't have tuntap, it's easy to compile and install as a
  kernel module. See
  /usr/src/linux/Documentation/networking/tuntap.txt for details.

  Note: To avoid running Slitch as root, you should 'chmod'
  /dev/net/tun to be read-write by other users.

Setup and Compilation
============================================================

We do all of this in the src/ directory.

Step 1: Edit "netlib.system" so that +slitch-source-directory+ points to
        the right path for your machine.

Step 2: Optionally edit tcpip.lisp to change the IP address that the
        program will use. By default it uses 192.168.43.10 - this
        should be fine unless it collides with something on your
        network.

Step 3: Compilation. First start a lisp, probably by typing "lisp" in
        the shell. Now we load the "make file":

	  (load "netlib.system")

	(If you get an error, it's probably because you don't have the
        mk-defsystem package installed properly.)
	Now compile with:

	  (mk:operate-on-system :netlib :compile)

Starting the program
============================================================

Note on instructions: The Lisp must run as a user that has read-write
access to /dev/net/tun, and the shell commands must be run as root.

Step 1: Start lisp.

Step 2: Load the system in the lisp:

          (load "netlib.system")
	  (mk:operate-on-system :netlib :load)

Step 3: Start Lisp program:

          (tcpip:start)

        It will now run in the background, handling packets as they
        arrive.

Step 4: Setup the operating system interface to the tunnel.

        The 'tap' device created by (tcpip:start) is named
        "lisp0", so your host machine should now have a network
        interface by that name. If you write 'ifconfig -a', the output
        should include a section like this:

	  lisp0     Link encap:Ethernet  HWaddr 00:FF:30:C7:2C:A0  
		    BROADCAST MULTICAST  MTU:1500  Metric:1
		    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
		    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
		    collisions:0 txqueuelen:100 
		    RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

        This is the virtual network interface connected to the Lisp
        process. To communicate with Lisp, we only need to configure
        an IP address for 'lisp0' in the same subnet that the Lisp
        process is using (192.168.43.0/24 by default):

	  # ifconfig lisp0 192.168.128.1 up

Using it!
============================================================

If you successfully followed the previous steps, you now have a
virtual network with two machines: your Linux host (192.168.43.1) and
your Lisp process (192.168.43.10). The simplest way to check that this
is working is to ping the Lisp process:

  $ ping 192.168.43.10
  PING 192.168.43.10 (192.168.43.10): 56 data bytes
  64 bytes from 192.168.43.10: icmp_seq=0 ttl=64 time=0.8 ms
  64 bytes from 192.168.43.10: icmp_seq=1 ttl=64 time=0.8 ms
  64 bytes from 192.168.43.10: icmp_seq=2 ttl=64 time=0.8 ms

(NB: To avoid typing the IP address all the time, you can add an entry
for the Lisp address to your /etc/hosts file.)

You can also make low-level observations of any packets being
exchanged using the tcpdump program:

  # tcpdump -n -i lisp0
  tcpdump: listening on lisp0
  13:05:59.800584 arp who-has 192.168.43.10 tell 192.168.43.1
  13:05:59.801197 arp reply 192.168.43.10 is-at 0:ff:d7:c2:4e:4
  13:05:59.801209 192.168.43.1 > 192.168.43.10: icmp: echo request (DF)
  13:05:59.802277 192.168.43.10 > 192.168.43.1: icmp: echo reply

From inside Lisp, there are also some Unixish utility functions you
can use:

  * (netstat)
  lisp0  UP    Type:TAP  HWaddr 00:FF:D7:C2:4E:04
	 Inet addr:192.168.43.10/255.255.255.0  Bcast:192.168.43.255
	 RX bytes:6708 (6.7KiB)  TX bytes:126 (126 b)>
  * (routes)
  Destination      Gateway          Netmask          Interface
  192.168.43.0     0.0.0.0          255.255.255.0    lisp0
  0.0.0.0          192.168.43.1     0.0.0.0          lisp0

Note that Lisp's routing table has 192.168.43.1 as the default
gateway. If you configure this address on your host machine's lisp0
interface (as in the example) and enable ip-forwarding, then your host
machine can act as a router between the Lisp process and the internet.

That's as far as this introduction goes. The rest is in the code!

--
Luke Gorrie <[email protected]>