Mobile IPv6 for Darwin (MacOS X)

$Id: mip6.html,v 1.33 2011/06/23 07:45:38 t-momose Exp $

What's new

2008/03/22 Updated to 10.4.11 of Intel based version.
2007/09/05 Added a description about boot kernel selection with com.apple.Boot.plist.

Introduction

This is a port of our Mobile IPv6 stack called SHISA to darwin. And it works on MacOS X. (Actually, I checked it on only MacOS X not pure darwin system.)

Current status

Very basic protocols for MN and CN work. It should work as a HA, but not confirmed.

<MN> Dectecting network attachment. (but not confirmed returning home)
<MN> Sending binding update messages to HA, receiving binding ack. messages from HA. These packets are protected by IPsec.
<MN> Sending data packets with encapsulation via HA, Receiving encapsulated packetes from HA
<MN> <CN> Process RR procedure and route optimized packets.

Also, there remain lots of restrictions listed as followed. These will be fixed in near future.

only MN and CN functions works (HA is not confirmed)
not confirmed IPsec tunnel mode
may not work on multiprocessor. (it might be freezed.)
Other NEMO stuff aren't confirmed at all.

License

I don't claim any license of this work. All the license terms are belong to the original holder. i.e., The source codes came from Apple have APSL, the codes from Shisa have WIDE project license(almost same as BSD's one).

Requirement

MacOS X 10.4.11 for Intel or MacOS X 10.4.9 for PowerPC
developpers kit
Environment and skills to build a xnu kernel.
Network environment able to access cvs.kame.net via cvs.

Procedure

CAUTION!! This is very dangerous because it touchs kernel codes and must change the kernel. Plesae backup your system before change the kernel. It may break your system.
I assume no responsibility whatsoever for any damages resulting from the use of this code.

The procedure to get Mobile IPv6 functinaliy onto darwin is little bit complicated. Because I guess distributing binary would be prohibited and I'm not even certain to distribute all of xnu sources.

I believe it's ok to redistribute modified source code and even binary form in terms of APSL Section 2.1, 2.2 and 2.3. But I'm not quite sure my recognition is right or not. License terms are difficult to me...

Check out kame source tree.(I'm sorry I don't prepare any tarballs of darwin yet) This is a regular sequnce to aquire kame source tree as described kame/INSTALL.anoncvs.

% cd $somewhere
% cvs -d :pserver:anoncvs@anoncvs.kame.net:/cvsroot/kame login ; see the above link to know the password
% cvs -d :pserver:anoncvs@anoncvs.kame.net:/cvsroot/kame co -P kame/Makefile kame/Makefile.inc
% cd kame
% bsdmake TARGET=darwin tree

Building kernel
1. Prepare the darwin kernel. fetch the source code equivalent to your Mac's architecture.
  - For Power PC of 10.4.9: xnu-792.17.14.tar.gz
  - For Intel of 10.4.11(darwin 9.11): xnu-792.25.20.tar.gz
  Expand it under $(kame)/darwin.
  for PowerPC:
```
% cd darwin
% tar xfz xnu-792.17.14.tar.gz
% mv xnu-792.17.14 xnu
```
  for Intel:
```
% cd darwin
% tar xfz xnu-792.25.20.tar.gz
% mv xnu-792.25.20 xnu
```
2. Acuire the patch for the xnu
  This patch might be updated occasinaly.
  - for PowerPC: mip6-xnu-20070430-ppc.patch
  - for Intel: mip6-xnu-20080322-intel.patch
  These patches intend to provide MIP6 capability on Darwin. However, they include several fixes that have no relations to MIP6 functionality such as:
  - Drop routing header type0 packets. Packets which includes routing header type0 are regarded harmful and a serious security problem. (The fix is not included for intel patch because it is already done in 10.4.10)
  - Ndp(8) with '-p' and '-r' prints appropriate values. The original one prints just a error message. It may prevent to shoot a problem when unappropriate ND messages are on the wires. Plese see here for more details.
3. Apply the patch. During the patching, some cautions may occurs. But proceed them as is because the files caused the cautions are deleted on the next step.
```
% cd xnu
% patch -p1 < ${thePatch}
```
4. Delete unneeded files (they are shared with kame)
```
% rm bsd/net/net_osdep.[ch] bsd/netinet/icmp6.h bsd/netinet6/dest6.c
```
5. Build the kernel. (but don't forget you have to prepare building kernel environment)
  if you don't have several commands to be needed for compilation of xnu kernel, acquire and install them as follows. It should work on ppc Mac as well.
```
% curl -O http://www.macosforge.org/files/kernel-tools-8J2135.root.tar.gz
% sudo tar xzf kernel-tools-8J2135.root.tar.gz -C /
```
```
% cd ../..
% pwd
$somewhere/kame
% bsdmake TARGET=darwin prepare
% cd darwin/xnu
% source SETUP/setup.csh ; In case of csh
% sudo gcc_select 3.3 ; If you didn't it ever. It doesn't need to do this in case of Intel
% make
```
  Now, you got the new kernel at BUILD/obj/RELEASE_PPC/mach_kernel. Install the kernel as you like. I always install the kernel as follows to be safety in case of PPC. And note the permission, ower and group of the new kernel must be same as orginila ones.
```
% sudo cp BUILD/obj/RELEASE_PPC/mach_kernel /mach_kernel.test
% chmod 644 /mach_kernel.test
% sudo chown root /mach_kernel.test
% sudo chgrp wheel /mach_kernel.test
% nvram -p
% sudo nvram boot-file="hd:9,\mach_kernel.test"
```
  The value 'hd:9,\mach_kernel.test' is for my environment. It depends on your environment.
  FYI: kswap.sh described here is useful to change boot kernel.
  In case of Intel Mac, there is no standard way to change boot up kernel. The only way to install your own kernel is replace the original kernel itself.
```
% sudo chmod /mach_kernel /mach_kernel.original
% sudo cp BUILD/obj/RELEASE_I386/mach_kernel /mach_kernel
% sudo chown root /mach_kernel
% sudo chgrp wheel /mach_kernel
```
  But note that you cannot recover the system other than reinstall if the booting system have failed. The only way to recover the system without reinstall is followed:
  1. boot the mac with Target disk mode (boot with [T]key)
  2. connect the mac to another Mac via firewire.
  3. The disk of the mac would appear
  4. restore /mach_kernel with /mach_kernel.orig by hand
  5. reboot.
  EDIT: In addition the above ways, you have another way to specify boot kernel. After copy your kernel to /, edit /Library/Preferences/SystemConfiguration/com.apple.Boot.plist as follows
```
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Kernel</key>
        <string>your installed kernel</string>
        <key>Kernel Flags</key>
        <string></string>
        <key>Boot Graphics</key>
        <string>Yes</string>
</dict>
</plist>
```
  Leave other part as is other than red colored value. With this way, you don't need to touch the original kernel as Intel Mac did.
Building userland
- ifconfig
  1. Acquire network_cmds-245.12.tar.gz from the darwin source and a patch for ifconfig.
  2. Expand the archive under $kame/darwin, and apply the patch under network_cmds-x.x directory.
```
% pwd
$somewhere/kame/darwin
% tar xfz network_cmds-245.12.tar.gz
% cd network_cmds-245.12
% patch < $somewhere/ifconfig.diff
% cd ifconfig.tproj
% sudo make install
```
- shisad
```
% pwd
$somewhere/kame/darwin

% sudo bsdmake install
```
With these installation process, all userland programs for darwin will be installed into /usr/local/v6/*.

Now, you got a Mobile IPv6 capable Mac. Operations are quite same as an usual SHISA on other BSDs. Please refer README (pdf), 20041211 Newletter: SHISA; The new KAME Mobile IPv6 / NEMO stack (kame.net) and 20050707 KAME/SHISA Howto Newsletter (kame.net)
Currently, there is no smart and nice looking tools like other mac apps have.
In my case, I'm using following script to kick MIP6 MN function.

% cat startmn
#!/bin/sh

/usr/local/v6/sbin/ifconfig mip0 inet6 <Your Home Address> prefixlen 64 home
/usr/local/v6/sbin/mnd -n -c /usr/local/src/kame/darwin/usr.sbin/shisad/mnd.conf.sample mip0
/usr/local/v6/sbin/cnd -n
/usr/local/v6/sbin/babymdd -h mip0 
% sudo startmn

Enjoy Mobile IPv6 on your Mac ! And any reports and feedbacks are welcome.

Known Problems

Cause kernel panic when a bluetooth device is attached.
Safari stops acquiring web pages in some cases.

Acknowledgement

Thanks to Romain Kuntz for reviewing and feedback of the procedure.

History of this page

2008/03/22 Updated to 10.4.11 of Intel based version.
2007/11/19 Updated to 10.4.10 of Intel based version.
2007/09/05 Added a description about boot kernel selection with com.apple.Boot.plist.
2007/07/08 Updated to 10.4.9 of Intel based version.
2007/04/30 Updated to 10.4.9 of PPC based version. The intel edition is not updated.
2007/02/05 Now, it works on Intel Mac!
2006/12/17 Support IPsec transport mode. With this support, BU/BA are protected by IPsec. Tunnel mode to protect HoTI and HoT is not confirmed yet.
2006/11/11 Changed support version to 10.4.8 (darwin 8.8)
2006/10/11 Added a description of permissions of kernel
2006/10/09 Updated mip6-xnu patch
2006/09/07 Fixed a bug that you can't compile latest shisad
2006/08/19 First release

MOMOSE Tsuyoshi