forked from sho7650/ndppd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
134 lines (95 loc) · 5.28 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
ndppd - NDP Proxy Daemon
Version 0.2.5
------------------------------------------------------------------------
1. Legal
------------------------------------------------------------------------
ndppd - NDP Proxy Daemon
Copyright (C) 2011-2016 Daniel Adolfsson <daniel@priv.nu>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
------------------------------------------------------------------------
2. About 'ndppd'
------------------------------------------------------------------------
'ndppd', or NDP Proxy Daemon, is a daemon that proxies NDP (Neighbor
Discovery Protocol) messages between interfaces.
The Neighbor Discovery Protocol (NDP) is a protocol in the Internet
Protocol Suite used with Internet Protocol Version 6 (IPv6). It
operates in the Link Layer of the Internet model (RFC 1122) and is
responsible for address autoconfiguration of nodes, discovery of
other nodes on the link, determining the Link Layer addresses
of other nodes, duplicate address detection, finding available
routers and Domain Name System (DNS) servers, address prefix
discovery, and maintaining reachability information about the paths
to other active neighbor nodes (RFC 4861). (Wikipedia)
'ndppd' currently only supports Neighbor Solicitation Messages and
Neighbor Advertisement Messages.
Before an IPv6 packet can be sent to a host, that host's link-layer
address must first be discovered. This is done by sending a Neighbor
Solicitation message containing the requested target IPv6 address
to a specific multicast address. If a host have configured a
matching IP, that host will then respond with a Neighbor
Advertisement message, and provide it's link-layer address.
Let's say you want to route some IPs to another interface, and
your ISP isn't truly routing your subnet to your host. It means
that your host will have respond to Neighbor Solicitation messages
for IPs it haven't configured in order to be able to route them.
Linux have a limited support for proxying Neighbor Solicitation
messages by simply answering to any messages where the target IP
can be found in the host's neighbor proxy table. To make this work
you need to enable "proxy_ndp", and then add each single host to the
neighbor proxy table by typing something like:
ip -6 neigh add proxy <ip> dev <if>
Unfortunately, it doesn't support listing proxies, and as I said,
only individual IPs are supported. No subnets.
'ndppd' solves this by listening for Neighbor Solicitation messages
on an interface, then query the internal interfaces for that target
IP before finally sending a Neighbor Advertisement message.
You can create rules to query one interface for one subnet, and
another interface for another. 'ndppd' can even respond directly to
Neighbor Solicitation messages without querying anything, should you
need that.
------------------------------------------------------------------------
3. Dependencies
------------------------------------------------------------------------
As of version 0.2.2, libconfuse is no longer needed.
------------------------------------------------------------------------
4. Compiling
------------------------------------------------------------------------
First, make sure you have g++ and make installed.
It should be as easy as:
make all && make install
If you want to enable debugging, you can type:
make DEBUG=1 all
Note that this version of the binary is much bigger, and the daemon
produces a lot of messages.
------------------------------------------------------------------------
5. Usage
------------------------------------------------------------------------
Read through 'ndppd.conf-dist' for guidelines and examples how to
configure the daemon.
Usage: ndppd [-d] [-c <config>] [-p <pidfile>]
-p <pidfile>
Create a pidfile at the specified location.
-c <config>
Read configuration from the specified location, instead of
the default which is /etc/ndppd.conf.
-d Daemonize the process, putting it in the background.
Also enables syslogging.
-v Increase logging verbosity. Can be used several times in
order to increase even further.
------------------------------------------------------------------------
5. Website and contact
------------------------------------------------------------------------
Contact : Daniel Adolfsson <daniel@priv.nu>
Website : https://github.com/DanielAdolfsson/ndppd
Git : git://github.com/DanielAdolfsson/ndppd.git
If you want to report a bug, you can either send me a mail directly,
or submit an issue on github.com.