如何安裝 SEND 0.2 on Fedora6

SEND project : http://www.docomolabs-usa.com/lab_opensource.html

DoCoMo's SEND is implemented completely in user space, so it is portable and lends itself to experimentation. It currently runs on Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4).

[@more@]

 We have tested SEND on a number of 2.6.x kernels, on a number of
major distributions: Fedora Core 2 – 4, Ubuntu 5.10, and SUSE 10.0.
It should work on any distribution running a correctly configured
2.6.x kernel.

Your kernel must have the following enabled:
• CONFIG_NETFILTER
• CONFIG_IPV6
• CONFIG_IP6_NF_QUEUE
• CONFIG_IP6_NF_IPTABLES
• CONFIG_IP6_NF_FILTER
• CONFIG_PROC_FS

還好 Fedora 6 都有支援不需重編 kernel

Additionally, you need to ensure that the netfilter iptables user
space utilities are installed (check for the ip6tables command), and
that you have the netfilter libipq development library and headers
installed. Check your distribution's package repository, or download
the source from http://www.netfilter.org/.

SEND on Linux uses netfilter's IP queuing mechanism to capture and
reinject packets. Before sendd runs, you need to ensure that the
appropriate netfilter rules are in place. After installation, you
will find the scripts “sendd” and “snd_upd_fw” in /etc/init.d. You
should use /etc/init.d/sendd to start sendd by default. If you want
to run sendd directly from the command line, add the necessary rules
with /etc/init.d/snd_upd_fw add. When done, you can remove the rules
with /etc/init.d/snd_upd_fw del.

/etc/init.d/snd_upd_fw add

用來設定 ip6tables 的規則，讓 Neighbor Discovery 的封包先進到 Queue 裡面

1. 安裝相關的套件
2. 編輯 Makefile.config
    make
    make install
3. 設定 SEND

裝完後有三個執行檔

sendd	The SEND daemon
cgatool	Tool for configuring CGAs
ipexttool	Tool for configuring PKIX IP certificate extensions

1. 安裝相關的套件

‧ libcrypto 0.9.7 or greater, library and development headers
‧ GNU make
‧ GCC (tested with 3.3.2 – 4.0.0)
‧ lex
‧ yacc
‧ optional: libreadline, ncurses libraries and development headers.

# yum install iptables-devel ip6tables-devel readline readline-devel ncurses ncurses-devel

2. 編輯 Makefile.config

OS=linux prefix=/usr/local/send-0.2 DEBUG_POLICY= DEBUG #會把錯誤訊息顯示出來，不然要到 /var/log/messages 看

make 完 沒有錯的話就成功了
再來 make install 會因為 find_ip6tables.sh 無法執行而失敗

# make # chmod +x sendd/os/find_ip6tables.sh # make install

3. 設定 SEND

   3.1. Generate CGA parameters and a CGA

   3.2. Configure sendd. 

# ../sbin/cgatool --gen -R 1024 -k mykey.pem -p fe80:: -o myder1 -s 1 # ../sbin/cgatool -g -k mykey.pem -o myder2 -p fe80:: -s 1

params.conf

# Some (somewhat nonsensical) examples named default {         snd_cga_params /usr/local/send-0.2/etc/myder;         snd_cga_priv /usr/local/send-0.2/etc/mykey.pem;         snd_cga_sec 1; } address fe80::207e:78a7:edca:c81e {         use default;         interface eth1; }

sendd.conf

# # Non-optional # # The path of the file containing this host's CGA parameters # configuration file # <no default> snd_cga_params=/usr/local/send-0.2/etc/params.conf # # Optional # snd_debugs=sendd:cert,sendd:proto

 

# modprobe ip6_queue # ip6tables -F # /etc/init.d/snd_upd_fw add # ../sbin/sendd -c sendd.conf -i eth1 -f