diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html index c98e1434..8277b451 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html @@ -1213,9 +1213,9 @@ NAME="GENERAL-ORIGINAL-SOURCE" >

Die originale englische Version dieses HOWTOs wurde mit LyX Version 1.6.1 auf einem Fedora 10 Linux System mit SGML-Template (DocBook book) erstellt. Alle Dateien sind unter TLDP-CVS / users / Peter-Bieringergithub / tLDP / LDP / users / Peter-Bieringer verfügbar.

Auch die deutsche Version wurde mit LyX erstellt und befindet sich ebenfalls im angegebenen CVS-Verzeichnis.

\end_layout @@ -1277,6 +1282,7 @@ In Skripts oder an Ihrer Kommandozeile müssen Sie die < und > weglassen \end_layout \begin_layout Code + 1.2.3.4 \end_layout @@ -1290,6 +1296,7 @@ Kommandos, die nicht als Root-Benutzer ausgeführt werden, beginnen mit $, \end_layout \begin_layout Code + $ whoami \end_layout @@ -1298,6 +1305,7 @@ Befehle, die mit Root-Rechten ausgeführt werden, beginnen mit #, z.B. \end_layout \begin_layout Code + # whoami \end_layout @@ -1487,58 +1495,72 @@ Der erste IPv6 Netzwerk Code wurde dem Linux Kernel 2.1.8 im November 1996 \end_layout \begin_layout Code + diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code + ¬ linux/include/linux/in6.h \end_layout \begin_layout Code + --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code + +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code + @@ -0,0 +1,99 @@ \end_layout \begin_layout Code + +/* \end_layout \begin_layout Code + + * Types and definitions for AF_INET6 \end_layout \begin_layout Code + + * Linux INET6 implementation \end_layout \begin_layout Code + + * + * Authors: \end_layout \begin_layout Code + + * Pedro Roque <******> \end_layout \begin_layout Code + + * \end_layout \begin_layout Code + + * Source: \end_layout \begin_layout Code + + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code + + * \end_layout @@ -1660,6 +1682,7 @@ Wie gesagt, IPv6 Adressen sind 128 bit lang. \end_layout \begin_layout Code + 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1683,6 +1706,7 @@ nibble \end_layout \begin_layout Code + 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1705,6 +1729,7 @@ e Werte) entfernt: \end_layout \begin_layout Code + 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1715,6 +1740,7 @@ Eine gültige Adresse (s.u. \end_layout \begin_layout Code + 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1725,10 +1751,12 @@ Der Vereinfachung halber können führende Nullen jedes 16 bit-Blocks weggelasse \end_layout \begin_layout Code + 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code + ¬ 2001:0db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1751,6 +1779,7 @@ Eine Sequenz von 16 bit-Blöcken, die nur Nullen enthaltet, kann durch ein \end_layout \begin_layout Code + 2001:0db8:100:f101:0:0:0:1 -> 2001:0db8:100:f101::1 \end_layout @@ -1760,6 +1789,7 @@ Die höchstmögliche Reduktion sieht man bei der IPv6 Localhost Adresse: \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1784,10 +1814,12 @@ h ein Aprilscherz. \end_layout \begin_layout Code + # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code + Itu&-ZQ82s>J%s99FJXT \end_layout @@ -2000,6 +2032,7 @@ Dies ist eine spezielle Adresse für das Loopback Interface, vergleichbar \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2009,6 +2042,7 @@ bzw. \end_layout \begin_layout Code + ::1 \end_layout @@ -2044,6 +2078,7 @@ any \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2052,6 +2087,7 @@ oder: \end_layout \begin_layout Code + :: \end_layout @@ -2097,6 +2133,7 @@ Diese Adressen sind mit einer speziellen Präfixlänge von 96 definiert (a.b.c.d \end_layout \begin_layout Code + 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2105,6 +2142,7 @@ oder in komprimiertem Format: \end_layout \begin_layout Code + ::ffff:a.b.c.d/96 \end_layout @@ -2115,6 +2153,7 @@ Die IPv4 Adresse 1.2.3.4. \end_layout \begin_layout Code + ::ffff:1.2.3.4 \end_layout @@ -2143,6 +2182,7 @@ reference "tunneling-6to4" \end_layout \begin_layout Code + 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2151,6 +2191,7 @@ oder in komprimierter Form: \end_layout \begin_layout Code + ::a.b.c.d/96 \end_layout @@ -2235,18 +2276,22 @@ x \end_layout \begin_layout Code + fe8x: <- zurzeit als einziger in Benutzung \end_layout \begin_layout Code + fe9x: \end_layout \begin_layout Code + feax: \end_layout \begin_layout Code + febx: \end_layout @@ -2286,18 +2331,22 @@ Die Adresse beginnt mit: \end_layout \begin_layout Code + fecx: <- meistens genutzt. \end_layout \begin_layout Code + fedx: \end_layout \begin_layout Code + feex: \end_layout \begin_layout Code + fefx: \end_layout @@ -2385,10 +2434,12 @@ Die Adresse beginnt mit: \end_layout \begin_layout Code + fcxx: \end_layout \begin_layout Code + fdxx: <- zurzeit als einziger in Benutzung \end_layout @@ -2416,6 +2467,7 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code + fd0f:8b72:ac90::/48 \end_layout @@ -2444,10 +2496,12 @@ Die Adresse beginnt mit (x sind hexadezimale Zeichen) \end_layout \begin_layout Code + 2xxx: \end_layout \begin_layout Code + 3xxx: \end_layout @@ -2479,6 +2533,7 @@ Diese globalen Adressen waren die Ersten definierten und auch benutzen Adressen. \end_layout \begin_layout Code + 3ffe: \end_layout @@ -2487,6 +2542,7 @@ Beispiel: \end_layout \begin_layout Code + 3ffe:ffff:100:f102::1 \end_layout @@ -2496,6 +2552,7 @@ Eine spezielle 6bone Test-Adresse, die niemals weltweit einmalig ist, beginnt \end_layout \begin_layout Code + 3ffe:ffff: \end_layout @@ -2554,6 +2611,7 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code + 2002: \end_layout @@ -2563,6 +2621,7 @@ z.B. \end_layout \begin_layout Code + 2002:c0a8:0101:5::1 \end_layout @@ -2571,10 +2630,12 @@ Ein kleines Shell-Kommando kann aus einer IPv4 eine 6to4 Adresse erstellen: \end_layout \begin_layout Code + ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code + ¬ | tr "." " "` $sla \end_layout @@ -2608,6 +2669,7 @@ Diese Adressen werden an Internet Service Provider (ISP) delegiert und beginnen \end_layout \begin_layout Code + 2001: \end_layout @@ -2650,10 +2712,12 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code + 3ffe:ffff::/32 \end_layout \begin_layout Code + 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2678,6 +2742,7 @@ Sie beginnen immer mit (xx ist hierbei der Wert der Reichweite) \end_layout \begin_layout Code + ffxy: \end_layout @@ -2773,6 +2838,7 @@ Ein Beispiel für diese Adresse könnte sein: \end_layout \begin_layout Code + ff02::1:ff00:1234 \end_layout @@ -2841,6 +2907,7 @@ Die Subnet-Router Anycast Adresse ist ein einfaches Beispiel für eine Anycast \end_layout \begin_layout Code + 2001:0db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2850,6 +2917,7 @@ Die Subnet-Router Anycast Adresse wird durch komplette Streichung des Suffixes \end_layout \begin_layout Code + 2001:0db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2889,6 +2957,7 @@ Als Beispiel hat hier ein NIC folgende MAC-Adresse (48 bit): \end_layout \begin_layout Code + 00:10:a4:01:23:45 \end_layout @@ -2908,6 +2977,7 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code + 0210:a4ff:fe01:2345 \end_layout @@ -2919,6 +2989,7 @@ Mit einem gegebenen Präfix wird daraus die schon oben gezeigte IPv6-Adresse: \end_layout \begin_layout Code + 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -2976,6 +3047,7 @@ Bei Servern ist es wahrscheinlich leichter, sich einfachere Adressen zu \end_layout \begin_layout Code + 2001:0db8:100:f101::1 \end_layout @@ -3073,6 +3145,7 @@ Ein Beispiel: \end_layout \begin_layout Code + 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -3086,6 +3159,7 @@ Netzwerk: \end_layout \begin_layout Code + 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -3094,6 +3168,7 @@ Netzmaske: \end_layout \begin_layout Code + ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3113,10 +3188,12 @@ Wenn z.B. \end_layout \begin_layout Code + 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code + 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3126,10 +3203,12 @@ Die gezeigten Zieladressen der IPv6 Pakete werden über die entsprechenden \end_layout \begin_layout Code + 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code + 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -3189,6 +3268,7 @@ Um zu überprüfen, ob ihr aktueller Kernel IPv6 unterstützt, sollten sie \end_layout \begin_layout Code + /proc/net/if_inet6 \end_layout @@ -3198,6 +3278,7 @@ Einen kleinen automatischen Test können Sie wie folgt durchführen: \end_layout \begin_layout Code + # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3217,6 +3298,7 @@ Mit folgenden Befehl können Sie versuchen, das Modul zu laden: \end_layout \begin_layout Code + # modprobe ipv6 \end_layout @@ -3227,6 +3309,7 @@ Wenn dieser Befehl positiv verläuft, dann sollten Sie das Modul mit folgendem \end_layout \begin_layout Code + # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3252,6 +3335,7 @@ Es ist möglich das IPv6 Modul bei Bedarf automatisch zu laden. \end_layout \begin_layout Code + alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -3261,6 +3345,7 @@ Mit der folgenden Zeile ist es auch möglich, das automatische Laden des \end_layout \begin_layout Code + alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3518,10 +3603,12 @@ Automatische Überprüfung: \end_layout \begin_layout Code + # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code + ¬ IPv6-ready" \end_layout @@ -3535,6 +3622,7 @@ route \end_layout \begin_layout Code + # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3553,6 +3641,7 @@ Alexey N.Kuznetsov (gegenwärtig ein Betreuer des Linux Network Codes) erstellte \end_layout \begin_layout Code + # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3618,14 +3707,17 @@ Anwendung \end_layout \begin_layout Code + # ping6 \end_layout \begin_layout Code + # ping6 \end_layout \begin_layout Code + # ping6 [-I ] \end_layout @@ -3637,6 +3729,7 @@ Einige Implementierungen unterstützen auch % Definition zusätzlich \end_layout \begin_layout Code + # ping6 % \end_layout @@ -3645,14 +3738,17 @@ Beispiel \end_layout \begin_layout Code + # ping6 -c 1 ::1 \end_layout \begin_layout Code + PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code + 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3661,14 +3757,17 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code + --- ::1 ping statistics --- \end_layout \begin_layout Code + 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code + round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3701,10 +3800,12 @@ Wenn link-lokale Adressen für ein IPv6 ping verwendet werden, dann hat der \end_layout \begin_layout Code + # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code + connect: Invalid argument \end_layout @@ -3713,18 +3814,22 @@ In diesem Fall müssen Sie das Interface zusätzlich spezifizieren: \end_layout \begin_layout Code + # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code + PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code + ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code + 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3733,14 +3838,17 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code + --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code + 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code + ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3751,6 +3859,7 @@ Beispiel für % Notation: \end_layout \begin_layout Code + # ping6 -c 1 fe80::2e0:18ff:fe90:9205%eth0 \end_layout @@ -3764,18 +3873,22 @@ Ein interessanter Mechanismus zum Aufspüren eines IPv6 aktiven Hosts am \end_layout \begin_layout Code + # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code + PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code + 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code + 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3787,6 +3900,7 @@ Beispiel für % Notation: \end_layout \begin_layout Code + # ping6 ff02::1%eth0 \end_layout @@ -3814,42 +3928,51 @@ Dieses Programm ist normal im Paket iputils enthalten. \end_layout \begin_layout Code + # traceroute6 www.6bone.net \end_layout \begin_layout Code + traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code + ¬ hops max, 16 byte packets \end_layout \begin_layout Code + 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code + 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code + 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code + 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code + 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code + 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3889,42 +4012,52 @@ iputils \end_layout \begin_layout Code + # tracepath6 www.6bone.net \end_layout \begin_layout Code + 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code + 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code + 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code + 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code + 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code + 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code + 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code + 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code + Resume: pmtu 1280 \end_layout @@ -4017,26 +4150,32 @@ IPv6 ping zur Adresse \end_layout \begin_layout Code + # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code + tcpdump: listening on eth0 \end_layout \begin_layout Code + 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code + ¬ request (len 64, hlim 64) \end_layout \begin_layout Code + 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code + ¬ reply (len 64, hlim 64) \end_layout @@ -4055,42 +4194,52 @@ IPv6 ping zur Adresse \end_layout \begin_layout Code + # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code + tcpdump: listening on ppp0 \end_layout \begin_layout Code + 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code + ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code + 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code + ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code + 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code + ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code + 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code + ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4176,6 +4325,7 @@ Jeder DNS-Server (Domain Name System) sollte aufgrund der Sicherheitsupdates \end_layout \begin_layout Code + # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4184,17 +4334,20 @@ Die Ausgabe des Tests sollte etwa wie folgt sein: \end_layout \begin_layout Code + www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code + tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code + ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4208,25 +4361,30 @@ IPv6 kompatible Clients sind verfügbar. \end_layout \begin_layout Code + $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code + Trying 3ffe:400:100::1... \end_layout \begin_layout Code + Connected to 3ffe:400:100::1. \end_layout \begin_layout Code + Escape character is '^]'. \end_layout \begin_layout Code + HEAD / HTTP/1.0 \end_layout @@ -4235,38 +4393,47 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code + HTTP/1.1 200 OK \end_layout \begin_layout Code + Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code + GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code + Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code + ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code + Accept-Ranges: bytes \end_layout \begin_layout Code + Content-Length: 2637 \end_layout \begin_layout Code + Connection: close \end_layout \begin_layout Code + Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4275,6 +4442,7 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code + Connection closed by foreign host. \end_layout @@ -4316,14 +4484,17 @@ he Verhaltensweisen: \end_layout \begin_layout Code + $ ssh -6 ::1 \end_layout \begin_layout Code + user@::1's password: ****** \end_layout \begin_layout Code + [user@ipv6host user]$ \end_layout @@ -4873,10 +5044,12 @@ Gebrauch: \end_layout \begin_layout Code + # ip link set dev up \end_layout \begin_layout Code + # ip link set dev down \end_layout @@ -4889,10 +5062,12 @@ Beispiel: \end_layout \begin_layout Code + # ip link set dev eth0 up \end_layout \begin_layout Code + # ip link set dev eth0 down \end_layout @@ -4906,10 +5081,12 @@ Gebrauch: \end_layout \begin_layout Code + # /sbin/ifconfig up \end_layout \begin_layout Code + # /sbin/ifconfig down \end_layout @@ -4918,10 +5095,12 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 up \end_layout \begin_layout Code + # /sbin/ifconfig eth0 down \end_layout @@ -4976,6 +5155,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 addr show dev \end_layout @@ -4984,22 +5164,27 @@ Beispiel für einen statisch konfigurierten Host: \end_layout \begin_layout Code + # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code + 2: eth0: \end_layout @@ -5077,18 +5271,22 @@ en (die Ausgabe wurde mit grep gefiltert) \end_layout \begin_layout Code + # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code + inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code + inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code + inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5111,6 +5309,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 addr add / dev \end_layout @@ -5119,6 +5318,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5132,6 +5332,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ifconfig inet6 add / \end_layout @@ -5140,6 +5341,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -5163,6 +5365,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 addr del / dev \end_layout @@ -5171,6 +5374,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5184,6 +5388,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ifconfig inet6 del / \end_layout @@ -5192,6 +5397,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -5274,6 +5480,7 @@ eth0 \end_layout \begin_layout Code + # sysctl -w net.ipv6.conf.eth0.use_tempaddr=2 \end_layout @@ -5284,10 +5491,12 @@ Zur Aktivierung ist der Restart des Interfaces notwendig \end_layout \begin_layout Code + # ip link set dev eth0 down \end_layout \begin_layout Code + # ip link set dev eth0 up \end_layout @@ -5299,32 +5508,39 @@ Nach Empfang eines Router Advertisement sollte das Interface eine entsprechende \end_layout \begin_layout Code + # ip -6 addr show dev eth0 \end_layout \begin_layout Code + 2: eth0: mtu 1500 qlen 1000 \end_layout \begin_layout Code + inet6 2001:db8:0:1:8992:3c03:d6e2:ed72/64 scope global secondary dynamic <- pseudo-random IID \end_layout \begin_layout Code + valid_lft 604711sec preferred_lft 86311sec \end_layout \begin_layout Code + inet6 2001:db8:0:1::224:21ff:fe01:2345/64 scope global <- IID based on MAC \end_layout \begin_layout Code + valid_lft 604711sec preferred_lft 86311sec \end_layout \begin_layout Code + ... \end_layout @@ -5343,6 +5559,7 @@ Für \end_layout \begin_layout Code + net.ipv6.conf.eth0.use_tempaddr=2 \end_layout @@ -5355,10 +5572,12 @@ Achtung: das Interface muss zu diesem Zeitpunkt bereits existieren. \end_layout \begin_layout Code + net.ipv6.conf.all.use_tempaddr=2 \end_layout \begin_layout Code + net.ipv6.conf.default.use_tempaddr=2 \end_layout @@ -5371,6 +5590,7 @@ Die Änderungen in /etc/sysctl.conf können im laufenden Betrieb geändert werde \end_layout \begin_layout Code + # sysctl -p \end_layout @@ -5401,14 +5621,17 @@ Prüfen existierender Interfaces mit: \end_layout \begin_layout Code + # nmcli connection \end_layout \begin_layout Code + NAME UUID TYPE DEVICE \end_layout \begin_layout Code + ens4v1 d0fc2b2e-5fa0-4675-96b5-b723ca5c46db 802-3-ethernet ens4v1 \end_layout @@ -5419,10 +5642,12 @@ Menge von IPv6-Adressen mit Privacy Extension: \end_layout \begin_layout Code + # ip -o addr show dev ens4v1 | grep temporary | wc -l \end_layout \begin_layout Code + 0 \end_layout @@ -5433,10 +5658,12 @@ Aktuelle Einstellung der IPv6 Privacy Extension für ein Interface: \end_layout \begin_layout Code + # nmcli connection show ens4v1 |grep ip6-privacy \end_layout \begin_layout Code + ipv6.ip6-privacy: -1 (unknown) \end_layout @@ -5447,10 +5674,12 @@ Aktivieren der IPv6 Privacy Extension und Restart des Interfaces; \end_layout \begin_layout Code + # nmcli connection modify ens4v1 ipv6.ip6-privacy 2 \end_layout \begin_layout Code + # nmcli connection down ens4v1; nmcli connection up ens4v1 \end_layout @@ -5461,10 +5690,12 @@ Neuer Wert der IPv6 Privacy Extension prüfen: \end_layout \begin_layout Code + # nmcli connection show ens4v1 |grep ip6-privacy \end_layout \begin_layout Code + ipv6.ip6-privacy: 2 (active, prefer temporary IP) \end_layout @@ -5476,10 +5707,12 @@ Nun sollten auch IPv6 Privacy Extension Adressen automatisch konfiguriert \end_layout \begin_layout Code + # ip -o addr show dev ens4v1 | grep temporary | wc -l \end_layout \begin_layout Code + 2 \end_layout @@ -5564,6 +5797,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 route show [dev ] \end_layout @@ -5573,22 +5807,27 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code + 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5602,6 +5841,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/route -A inet6 \end_layout @@ -5612,34 +5852,42 @@ Sie sehen hier mehrere IPv6 Routen mit unterschiedlichen Adressen eines \end_layout \begin_layout Code + # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code + 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code + ¬ address \end_layout \begin_layout Code + fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code + ¬ address \end_layout \begin_layout Code + ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code + ¬ addresses \end_layout \begin_layout Code + ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -5662,10 +5910,12 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 route add / via \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -5674,6 +5924,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ip -6 route add default via 2001:0db8:0:f101::1 \end_layout @@ -5687,10 +5938,12 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -5709,6 +5962,7 @@ Im folgenden Beispiel wird eine Route für alle Adressen (default) über das \end_layout \begin_layout Code + # /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1 \end_layout @@ -5733,10 +5987,12 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 route del / via \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -5745,6 +6001,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ip -6 route del default via 2001:0db8:0:f101::1 \end_layout @@ -5758,11 +6015,13 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code + ¬ ] \end_layout @@ -5771,6 +6030,7 @@ Beispiel zum entfernen der im obigen Beispiel hinzugefügten Route: \end_layout \begin_layout Code + # /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1 \end_layout @@ -5794,10 +6054,12 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 route add / dev \end_layout \begin_layout Code + ¬ metric 1 \end_layout @@ -5806,6 +6068,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ip -6 route add default dev eth0 metric 1 \end_layout @@ -5848,6 +6111,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/route -A inet6 add / dev \end_layout @@ -5856,6 +6120,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/route -A inet6 add default dev eth0 \end_layout @@ -5878,6 +6143,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 route del / dev \end_layout @@ -5886,6 +6152,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ip -6 route del default dev eth0 \end_layout @@ -5899,6 +6166,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/route -A inet6 del / dev \end_layout @@ -5908,6 +6176,7 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/route -A inet6 del default dev eth0 \end_layout @@ -5947,14 +6216,17 @@ Ein client kann eine Default Route (z.B. \end_layout \begin_layout Code + # ip -6 route show | grep ^default \end_layout \begin_layout Code + default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code + ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -6051,6 +6323,7 @@ Mit dem folgenden Befehl können Sie die gelernten oder konfigurierten IPv6 \end_layout \begin_layout Code + # ip -6 neigh show [dev ] \end_layout @@ -6059,10 +6332,12 @@ Das folgende Beispiel zeigt einen Nachbar, einen erreichbaren Router: \end_layout \begin_layout Code + # ip -6 neigh show \end_layout \begin_layout Code + fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -6087,6 +6362,7 @@ Mit folgendem Befehl können Sie einen Eintrag manuell hinzufügen: \end_layout \begin_layout Code + # ip -6 neigh add lladdr dev \end_layout @@ -6095,6 +6371,7 @@ Beispiel: \end_layout \begin_layout Code + # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -6107,6 +6384,7 @@ Sie können einen Eintrag auch löschen: \end_layout \begin_layout Code + # ip -6 neigh del lladdr dev \end_layout @@ -6115,6 +6393,7 @@ Beispiel: \end_layout \begin_layout Code + # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -6144,23 +6423,28 @@ help \end_layout \begin_layout Code + # ip -6 neigh help \end_layout \begin_layout Code + Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code + [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code + | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code + ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -6366,22 +6650,27 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code + | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code + +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code + | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code + | 0x2002 | | | | \end_layout \begin_layout Code + +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6613,6 +6902,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show [] \end_layout @@ -6621,14 +6911,17 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show \end_layout \begin_layout Code + sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code + sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6641,6 +6934,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/route -A inet6 \end_layout @@ -6650,6 +6944,7 @@ Beispiel (Ausgabe wurde derart gefiltert, dass nur Tunnels über das virtuelle \end_layout \begin_layout Code + # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6658,22 +6953,27 @@ W*$" \end_layout \begin_layout Code + ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code + 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code + 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code + fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code + ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6751,10 +7051,12 @@ ert 0 ist): \end_layout \begin_layout Code + # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code + ¬ local \end_layout @@ -6763,18 +7065,22 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6783,18 +7089,22 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6803,18 +7113,22 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6837,6 +7151,7 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -6845,14 +7160,17 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit1 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6861,14 +7179,17 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit2 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6877,14 +7198,17 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit3 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6913,6 +7237,7 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -6921,26 +7246,32 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout @@ -6970,6 +7301,7 @@ Entfernen eines Tunnel-Devices: \end_layout \begin_layout Code + # /sbin/ip tunnel del \end_layout @@ -6978,14 +7310,17 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code + # /sbin/ip link set sit1 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit1 \end_layout @@ -6994,14 +7329,17 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code + # /sbin/ip link set sit2 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit2 \end_layout @@ -7010,14 +7348,17 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code + # /sbin/ip link set sit3 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit3 \end_layout @@ -7038,10 +7379,12 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code + # /sbin/ifconfig sit3 down \end_layout @@ -7050,10 +7393,12 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code + # /sbin/ifconfig sit2 down \end_layout @@ -7062,10 +7407,12 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code + # /sbin/ifconfig sit1 down \end_layout @@ -7074,6 +7421,7 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -7095,26 +7443,32 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout @@ -7123,6 +7477,7 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -7183,6 +7538,7 @@ Angenommen, Ihre IPv4 Adresse ist: \end_layout \begin_layout Code + 1.2.3.4 \end_layout @@ -7191,6 +7547,7 @@ Dann ist das daraus resultierende 6to4 Präfix: \end_layout \begin_layout Code + 2002:0102:0304:: \end_layout @@ -7209,6 +7566,7 @@ pe Suffix kann benutzt werden) das Suffix \end_layout \begin_layout Code + 2002:0102:0304::1 \end_layout @@ -7217,6 +7575,7 @@ Zum automatischen Erstellen der Adresse können Sie folgenden Befehl nutzen: \end_layout \begin_layout Code + ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -7238,10 +7597,12 @@ Erstellen eines neues Tunnel-Device: \end_layout \begin_layout Code + # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code + ¬ \end_layout @@ -7250,6 +7611,7 @@ Interface aktivieren: \end_layout \begin_layout Code + # /sbin/ip link set dev tun6to4 up \end_layout @@ -7259,6 +7621,7 @@ Eine lokale 6to4 Adresse am Interface hinzufügen (Hinweis: Präfix-Länge \end_layout \begin_layout Code + # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -7268,6 +7631,7 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung \end_layout \begin_layout Code + # /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -7288,6 +7652,7 @@ ip \end_layout \begin_layout Code + # /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -7307,6 +7672,7 @@ Das allgemeine Tunnel Interface sit0 aktivieren: \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -7315,6 +7681,7 @@ Dem Interface eine lokale 6to4 Adresse hinzufügen: \end_layout \begin_layout Code + # /sbin/ifconfig sit0 add /16 \end_layout @@ -7324,6 +7691,7 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung \end_layout \begin_layout Code + # /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0 \end_layout @@ -7340,6 +7708,7 @@ Entfernen aller Routen über dieses bestimmten Tunnel Devices: \end_layout \begin_layout Code + # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -7348,6 +7717,7 @@ Interface deaktivieren: \end_layout \begin_layout Code + # /sbin/ip link set dev tun6to4 down \end_layout @@ -7356,6 +7726,7 @@ Ein erstelltes Tunnel Device entfernen: \end_layout \begin_layout Code + # /sbin/ip tunnel del tun6to4 \end_layout @@ -7369,6 +7740,7 @@ Entfernen der (Standard-) Route über ein 6to4 Tunnel Device: \end_layout \begin_layout Code + # /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0 \end_layout @@ -7377,6 +7749,7 @@ Eine 6to4 Adresse des Interfaces entfernen: \end_layout \begin_layout Code + # /sbin/ifconfig sit0 del /16 \end_layout @@ -7386,6 +7759,7 @@ Ein allgemeines Tunnel Device deaktivieren (aber Achtung, eventuell ist \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -7433,6 +7807,7 @@ Anwendung: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show [] \end_layout @@ -7443,15 +7818,18 @@ Beispiel: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code + ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code + ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -7477,6 +7855,7 @@ Anwendung für die Erzeugung einer 4over6 Tunnel-Schnittstelle (welche danach \end_layout \begin_layout Code + # /sbin/ip tunnel add mode ip4ip6 remote local \end_layout @@ -7488,15 +7867,18 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote local \end_layout \begin_layout Code + # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -7505,15 +7887,18 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote local \end_layout \begin_layout Code + # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -7522,15 +7907,18 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote local \end_layout \begin_layout Code + # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -7547,6 +7935,7 @@ Anwendung für das Löschen einer Tunnel-Schnittstelle: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del \end_layout @@ -7557,14 +7946,17 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code + # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -7573,14 +7965,17 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code + # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -7589,14 +7984,17 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code + # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -7676,6 +8074,7 @@ Das /proc-Dateisystem muss im Kernel aktiviert sein. \end_layout \begin_layout Code + CONFIG_PROC_FS=y \end_layout @@ -7685,10 +8084,12 @@ Das /proc-Dateisystem muss zuerst gemountet sein. \end_layout \begin_layout Code + # mount | grep "type proc" \end_layout \begin_layout Code + none on /proc type proc (rw) \end_layout @@ -7720,10 +8121,12 @@ cat \end_layout \begin_layout Code + # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code + 0 \end_layout @@ -7745,6 +8148,7 @@ echo \end_layout \begin_layout Code + # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -7793,6 +8197,7 @@ Das sysctl-Interface muss im Kernel aktiviert sein. \end_layout \begin_layout Code + CONFIG_SYSCTL=y \end_layout @@ -7805,10 +8210,12 @@ Der Wert eines Eintrags kann nun angezeigt werden: \end_layout \begin_layout Code + # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code + net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7822,10 +8229,12 @@ Ein neuer Wert kann wie folgt zugewiesen werden (wenn der Eintrag beschreibbar \end_layout \begin_layout Code + # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code + net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7845,10 +8254,12 @@ Anmerkung: Verwenden Sie beim setzen eines Wertes keine Leerzeichen vor \end_layout \begin_layout Code + # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code + net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -8331,10 +8742,12 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code + ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code + ¬ seq=426, pid=0 \end_layout @@ -8810,22 +9223,27 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code + # cat /proc/net/if_inet6 \end_layout \begin_layout Code + 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code + +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code + | | | | | | \end_layout \begin_layout Code + 1 2 3 4 5 6 \end_layout @@ -8919,22 +9337,27 @@ net/ipv6/route.c \end_layout \begin_layout Code + # cat /proc/net/ipv6_route \end_layout \begin_layout Code + 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code + +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code + | | | | \end_layout \begin_layout Code + 1 2 3 4 \end_layout @@ -8943,18 +9366,22 @@ net/ipv6/route.c \end_layout \begin_layout Code + ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code + ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code + ¬ | | | | | | \end_layout \begin_layout Code + ¬ 5 6 7 8 9 10 \end_layout @@ -9014,22 +9441,27 @@ Statistiken über verwendete IPv6 Sockets. \end_layout \begin_layout Code + # cat /proc/net/sockstat6 \end_layout \begin_layout Code + TCP6: inuse 7 \end_layout \begin_layout Code + UDP6: inuse 2 \end_layout \begin_layout Code + RAW6: inuse 1 \end_layout \begin_layout Code + FRAG6: inuse 0 memory 0 \end_layout @@ -9273,14 +9705,17 @@ Ein Hostname im DNS, der mehr als eine IPv6-Adresse zurückgibt, z.B. \end_layout \begin_layout Code + $ dig +short aaaa st1.bieringer.de \end_layout \begin_layout Code + 2001:4dd0:ff00:834::2 \end_layout \begin_layout Code + 2a01:238:423d:8800:85b3:9e6b:3019:8909 \end_layout @@ -9297,30 +9732,37 @@ Lookup via DNS (mit /etc/hosts klappt es nicht) \end_layout \begin_layout Code + precedence ::1/128 50 # default \end_layout \begin_layout Code + precedence ::/0 40 # default \end_layout \begin_layout Code + precedence 2002::/16 30 # default \end_layout \begin_layout Code + precedence ::/96 20 # default \end_layout \begin_layout Code + precedence ::ffff:0:0/96 10 # default \end_layout \begin_layout Code + precedence 2001:4dd0:ff00:834::/64 80 # dst-A \end_layout \begin_layout Code + precedence 2a01:238:423d:8800::/64 90 # dst-B \end_layout @@ -9331,24 +9773,29 @@ Für Tests kann dann ein Telnet-Client benutzt werden: \end_layout \begin_layout Code + $ telnet st1.bieringer.de \end_layout \begin_layout Code + Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code + ... \end_layout @@ -9359,10 +9806,12 @@ Wenn nun die precedence geändert wird in der Konfiguration: \end_layout \begin_layout Code + precedence 2001:4dd0:ff00:834::/64 90 # dst-A ex 80 \end_layout \begin_layout Code + precedence 2a01:238:423d:8800::/64 80 # dst-B ex 90 \end_layout @@ -9373,24 +9822,29 @@ Dann ändert sich die Reihenfolge entsprechend \end_layout \begin_layout Code + $ telnet st1.bieringer.de \end_layout \begin_layout Code + Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code + ... \end_layout @@ -9453,38 +9907,47 @@ ip addrlabel \end_layout \begin_layout Code + # ip addrlabel \end_layout \begin_layout Code + prefix ::1/128 label 0 \end_layout \begin_layout Code + prefix ::/96 label 3 \end_layout \begin_layout Code + prefix ::ffff:0.0.0.0/96 label 4 \end_layout \begin_layout Code + prefix 2001::/32 label 6 \end_layout \begin_layout Code + prefix 2001:10::/28 label 7 \end_layout \begin_layout Code + prefix 2002::/16 label 2 \end_layout \begin_layout Code + prefix fc00::/7 label 5 \end_layout \begin_layout Code + prefix ::/0 label 1 \end_layout @@ -9496,15 +9959,18 @@ Das System ist multihomed (hier an einem Interface), der Router verteilt \end_layout \begin_layout Code + # ip -6 addr show dev eth1 | grep -w inet6 |grep -w global \end_layout \begin_layout Code + inet6 2001:6f8:12d8:2:5054:ff:fefb:6582/64 scope global dynamic (src-A) \end_layout \begin_layout Code + inet6 2001:6f8:900:8cbc:5054:ff:fefb:6582/64 scope global dynamic (src-B) \end_layout @@ -9516,24 +9982,29 @@ Eine Verbindung zum Server zeigt nun: \end_layout \begin_layout Code + $ telnet st1.bieringer.de \end_layout \begin_layout Code + Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code + ... \end_layout @@ -9552,11 +10023,13 @@ tcp and dst port 23 \end_layout \begin_layout Code + IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37762 > 2001:4dd0:ff00:834::2.telnet: (src-A -> dst-A) \end_layout \begin_layout Code + IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.45754 > 2a01:238:423d:8800:85b3:9e6b:3019:8 909.telnet: (src-A -> dst-B) \end_layout @@ -9576,18 +10049,22 @@ ip addrlabel \end_layout \begin_layout Code + # ip addrlabel add prefix 2001:6f8:12d8:2::/64 label 200 \end_layout \begin_layout Code + # ip addrlabel add prefix 2001:6f8:900:8cbc::/64 label 300 \end_layout \begin_layout Code + # ip addrlabel add prefix 2001:4dd0:ff00:834::/64 label 200 \end_layout \begin_layout Code + # ip addrlabel add prefix 2a01:238:423d:8800::/64 label 300 \end_layout @@ -9606,54 +10083,67 @@ resultiert: \end_layout \begin_layout Code + # ip addrlabel \end_layout \begin_layout Code + prefix ::1/128 label 0 \end_layout \begin_layout Code + prefix ::/96 label 3 \end_layout \begin_layout Code + prefix ::ffff:0.0.0.0/96 label 4 \end_layout \begin_layout Code + prefix 2a01:238:423d:8800::/64 label 300 # dst-B \end_layout \begin_layout Code + prefix 2001:4dd0:ff00:834::/64 label 200 # dst-A \end_layout \begin_layout Code + prefix 2001:6f8:900:8cbc::/64 label 300 # src-B \end_layout \begin_layout Code + prefix 2001:6f8:12d8:2::/64 label 200 # src-A \end_layout \begin_layout Code + prefix 2001::/32 label 6 \end_layout \begin_layout Code + prefix 2001:10::/28 label 7 \end_layout \begin_layout Code + prefix 2002::/16 label 2 \end_layout \begin_layout Code + prefix fc00::/7 label 5 \end_layout \begin_layout Code + prefix ::/0 label 1 \end_layout @@ -9664,24 +10154,29 @@ Und dann nochmal eine Verbindung zum Server versucht wird \end_layout \begin_layout Code + $ telnet st1.bieringer.de \end_layout \begin_layout Code + Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code + ... \end_layout @@ -9700,11 +10195,13 @@ tcp and dst port 23 \end_layout \begin_layout Code + IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37765 > 2001:4dd0:ff00:834::2.telnet: (src-A -> dst-A) \end_layout \begin_layout Code + IP6 2001:6f8:900:8cbc:5054:ff:fefb:6582.39632 > 2a01:238:423d:8800:85b3:9e6b:3019 :8909.telnet: (src-B -> dst-B) \end_layout @@ -9789,307 +10286,375 @@ Beispiel: \end_layout \begin_layout Code + # netstat -nlptu \end_layout \begin_layout Code + Active Internet connections (only servers) \end_layout \begin_layout Code + Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code + ¬ PID/Program name \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1258/rpc.statd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1502/rpc.mountd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 22433/lpd Waiting \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1746/smbd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1230/portmap \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 3551/X \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 18735/junkbuster \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code + ¬ 1410/sshd \end_layout \begin_layout Code + tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code + ¬ 13237/sshd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1258/rpc.statd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code + ¬ - \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1502/rpc.mountd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code + ¬ - \end_layout \begin_layout Code + udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1530/dhcpd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1530/dhcpd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1230/portmap \end_layout \begin_layout Code + udp 0 0 :::53 :::* \end_layout \begin_layout Code + ¬ 30734/named \end_layout @@ -10122,26 +10687,32 @@ Router Advertisement \end_layout \begin_layout Code + 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code + ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code + ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code + ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code + ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code + ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -10194,10 +10765,12 @@ Router Anfrage \end_layout \begin_layout Code + 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code + ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -10266,10 +10839,12 @@ fe80:212:34ff:fe12:3456 \end_layout \begin_layout Code + 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -10287,15 +10862,18 @@ Der Knoten will seine globale Adresse \end_layout \begin_layout Code + 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code + ¬ hlim 255) \end_layout @@ -10313,15 +10891,18 @@ Der Knoten will seine globale Adresse \end_layout \begin_layout Code + 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code + ¬ 255) \end_layout @@ -10343,15 +10924,18 @@ Der Knoten möchte Pakete an die Adresse \end_layout \begin_layout Code + 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code + ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code + ¬ hlim 255) \end_layout @@ -10368,10 +10952,12 @@ fe80::10 \end_layout \begin_layout Code + 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code + ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -10499,6 +11085,7 @@ Sie können überprüfen, ob Ihre Distribution eine permanente IPv6 Konfiguratio \end_layout \begin_layout Code + /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -10507,11 +11094,13 @@ Automatischer Test: \end_layout \begin_layout Code + # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code + ¬ IPv6 script library exists" \end_layout @@ -10523,14 +11112,17 @@ Die Versionsnummer der Library ist von Interesse, wenn Sie Features vermissen \end_layout \begin_layout Code + # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code + ¬ getversion_ipv6_functions \end_layout \begin_layout Code + 20011124 \end_layout @@ -10574,10 +11166,12 @@ Kurze Anleitung zum aktivieren von IPv6 bei RHL 7.1, 7.2, 7.3, ... \end_layout \begin_layout Code + # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code + alias net-pf-10 off \end_layout @@ -10595,6 +11189,7 @@ twork \end_layout \begin_layout Code + NETWORKING_IPV6=yes \end_layout @@ -10604,6 +11199,7 @@ Rebooten bzw. \end_layout \begin_layout Code + # service network restart \end_layout @@ -10612,10 +11208,12 @@ Nun sollte das IPv6 Modul geladen sein \end_layout \begin_layout Code + # modprobe -c | grep ipv6 \end_layout \begin_layout Code + alias net-pf-10 ipv6 \end_layout @@ -10684,6 +11282,7 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende \end_layout \begin_layout Code + IP6ADDR="/" \end_layout @@ -10719,6 +11318,7 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende \end_layout \begin_layout Code + IPADDR="/" \end_layout @@ -10773,44 +11373,54 @@ Konfiguriere die Schnittstelle (hier im Beispiel: eth0). \end_layout \begin_layout Code + iface eth0 inet6 static \end_layout \begin_layout Code + pre-up modprobe ipv6 \end_layout \begin_layout Code + address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code + # To suppress completely autoconfiguration: \end_layout \begin_layout Code + # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code + netmask 64 \end_layout \begin_layout Code + # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code + # It is magically \end_layout \begin_layout Code + # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code + #gateway 2001:0db8:1234:5::1 \end_layout @@ -10821,6 +11431,7 @@ Danach rebooten oder folgendes Kommando ausführen \end_layout \begin_layout Code + # ifup --force eth0 \end_layout @@ -10897,18 +11508,22 @@ Beispiel: \end_layout \begin_layout Code + # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code + 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code + inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code + valid_lft forever preferred_lft forever \end_layout @@ -11484,6 +12099,7 @@ Wechseln Sie in das Source-Verzeichnis: \end_layout \begin_layout Code + # cd /path/to/src \end_layout @@ -11492,10 +12108,12 @@ Entpacken sie die Kernel-Quellen und vergeben diesen einen neuen Namen \end_layout \begin_layout Code + # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code + # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -11504,6 +12122,7 @@ Entpacken Sie die iptables Quellen \end_layout \begin_layout Code + # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -11516,6 +12135,7 @@ Wechseln Sie in das iptables Verzeichnis \end_layout \begin_layout Code + # cd iptables-version \end_layout @@ -11524,6 +12144,7 @@ Fügen Sie relevante Patches hinzu \end_layout \begin_layout Code + # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11534,6 +12155,7 @@ Fügen Sie zusätzliche IPv6 relevante IPv6 Patches hinzu (die nach wie vor \end_layout \begin_layout Code + # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11572,10 +12194,12 @@ REJECT.patch.ipv6 \end_layout \begin_layout Code + # make print-extensions \end_layout \begin_layout Code + Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -11588,6 +12212,7 @@ Wechseln Sie zu den Kernel-Quellen \end_layout \begin_layout Code + # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -11596,10 +12221,12 @@ Editieren Sie das Makefile \end_layout \begin_layout Code + - EXTRAVERSION = \end_layout \begin_layout Code + + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -11608,80 +12235,99 @@ Starten Sie configure und aktivieren Sie IPv6 relevante Optionen \end_layout \begin_layout Code + Code maturity level options \end_layout \begin_layout Code + Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code + Networking options \end_layout \begin_layout Code + Network packet filtering: yes \end_layout \begin_layout Code + The IPv6 protocol: module \end_layout \begin_layout Code + IPv6: Netfilter Configuration \end_layout \begin_layout Code + IP6 tables support: module \end_layout \begin_layout Code + All new options like following: \end_layout \begin_layout Code + limit match support: module \end_layout \begin_layout Code + MAC address match support: module \end_layout \begin_layout Code + Multiple port match support: module \end_layout \begin_layout Code + Owner match support: module \end_layout \begin_layout Code + netfilter MARK match support: module \end_layout \begin_layout Code + Aggregated address check: module \end_layout \begin_layout Code + Packet filtering: module \end_layout \begin_layout Code + REJECT target support: module \end_layout \begin_layout Code + LOG target support: module \end_layout \begin_layout Code + Packet mangling: module \end_layout \begin_layout Code + MARK target support: module \end_layout @@ -11707,6 +12353,7 @@ Benennen sie das ältere Verzeichnis um \end_layout \begin_layout Code + # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -11715,6 +12362,7 @@ Erstellen Sie einen neuen symbolischen Link \end_layout \begin_layout Code + # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -11723,6 +12371,7 @@ Erstellen Sie ein neues SRPMS \end_layout \begin_layout Code + # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -11744,6 +12393,7 @@ Freshen \end_layout \begin_layout Code + # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11760,6 +12410,7 @@ install \end_layout \begin_layout Code + # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11778,6 +12429,7 @@ nodeps \end_layout \begin_layout Code + # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11787,6 +12439,7 @@ Damit iptables die Libraries finden kann, ist es eventuell notwendig, einen \end_layout \begin_layout Code + # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -11803,6 +12456,7 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde): \end_layout \begin_layout Code + # modprobe ip6_tables \end_layout @@ -11811,10 +12465,12 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde): \end_layout \begin_layout Code + # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code + ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -11831,6 +12487,7 @@ Kurze Auflistung: \end_layout \begin_layout Code + # ip6tables -L \end_layout @@ -11839,6 +12496,7 @@ Erweiterte Auflistung: \end_layout \begin_layout Code + # ip6tables -n -v --line-numbers -L \end_layout @@ -11847,6 +12505,7 @@ Auflistung angegebener Filter \end_layout \begin_layout Code + # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -11855,10 +12514,12 @@ Hinzufügen einer Log-Regel zum Input-Filter mit Optionen \end_layout \begin_layout Code + # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code + ¬ --log-level 7 \end_layout @@ -11867,6 +12528,7 @@ Hinzufügen einer Drop-Regel zum Input-Filter \end_layout \begin_layout Code + # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -11875,6 +12537,7 @@ Löschen einer Regel mit Hilfe der Regelnummer \end_layout \begin_layout Code + # ip6tables --table filter --delete INPUT 1 \end_layout @@ -11893,6 +12556,7 @@ Seit Kernel-Version 2.6.20 ist die Auswertung des IPv6-Verbindungsstatus gut \end_layout \begin_layout Code + # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -11910,6 +12574,7 @@ Eingehender ICMPv6 Verkehr durch Tunnel erlauben \end_layout \begin_layout Code + # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11918,6 +12583,7 @@ Ausgehenden ICMPv6 Verkehr durch Tunnel erlauben \end_layout \begin_layout Code + # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11926,6 +12592,7 @@ Neuere Kernel erlauben das Spezifizieren des ICMPv6-Typs: \end_layout \begin_layout Code + # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -11944,10 +12611,12 @@ n Patitionen entgegenzuwirken. \end_layout \begin_layout Code + # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code + ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -11966,10 +12635,12 @@ Eingehende SSH Verbindungen werden von der Adresse 2001:0db8:100::1/128 \end_layout \begin_layout Code + # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code + ¬ --dport 22 -j ACCEPT \end_layout @@ -11984,10 +12655,12 @@ nicht mehr notwendig, wenn der IPv6-Verbindungsstatus ausgewertet wird! \end_layout \begin_layout Code + # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code + ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -12005,6 +12678,7 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten am interface ppp0 \end_layout \begin_layout Code + # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -12013,6 +12687,7 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten am interface ppp0 \end_layout \begin_layout Code + # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -12027,6 +12702,7 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf \end_layout \begin_layout Code + # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -12036,6 +12712,7 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf \end_layout \begin_layout Code + # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -12059,6 +12736,7 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu diesem Host \end_layout \begin_layout Code + # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -12067,6 +12745,7 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu Hosts hinter diesem Router \end_layout \begin_layout Code + # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -12099,6 +12778,7 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten ausgehender Anfragen \end_layout \begin_layout Code + # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -12108,6 +12788,7 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten auf Anfragen von hinter \end_layout \begin_layout Code + # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -12136,6 +12817,7 @@ system-config-firewall \end_layout \begin_layout Code + Datei: /etc/sysconfig/ip6tables \end_layout @@ -12144,70 +12826,87 @@ Datei: /etc/sysconfig/ip6tables \end_layout \begin_layout Code + *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code + :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code + :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code + :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code + -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code + COMMIT \end_layout @@ -12219,6 +12918,7 @@ Zwecks der Vollständigkeit ist hier auch die entsprechende Konfiguration \end_layout \begin_layout Code + Datei: /etc/sysconfig/iptables \end_layout @@ -12227,71 +12927,88 @@ Datei: /etc/sysconfig/iptables \end_layout \begin_layout Code + *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code + :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code + :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code + :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code + -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code + COMMIT \end_layout @@ -12314,10 +13031,12 @@ Aktivieren von IPv4 & IPv6 Firewalling \end_layout \begin_layout Code + # service iptables start \end_layout \begin_layout Code + # service ip6tables start \end_layout @@ -12328,10 +13047,12 @@ Aktivieren des automatischen Starts nach dem Reboot \end_layout \begin_layout Code + # chkconfig iptables on \end_layout \begin_layout Code + # chkconfig ip6tables on \end_layout @@ -12345,472 +13066,578 @@ Folgende Zeilen zeigen ein umfangreicheres Setup. \end_layout \begin_layout Code + # ip6tables -n -v -L \end_layout \begin_layout Code + Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code + 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code + 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code + 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code + 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain ext2int (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code + 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain extIN (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain extOUT (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code + ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code + ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain int2ext (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code + 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain intIN (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code + ¬ fe80::/ffc0:: \end_layout \begin_layout Code + 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain intOUT (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code + ¬ fe80::/ffc0:: \end_layout \begin_layout Code + 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -12848,6 +13675,7 @@ Wie bei IPv4 können Systeme hinter einem Router versteckt werden mit Hilfe \end_layout \begin_layout Code + # ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE \end_layout @@ -12865,6 +13693,7 @@ Eine dedizierte öffentliche IPv6-Adresse kann zu einer internen IPv6-Adresse \end_layout \begin_layout Code + # ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout @@ -12883,6 +13712,7 @@ Ein dedizierter Port kann zu einem internen System weitergeleitet werden, \end_layout \begin_layout Code + # ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti nation [fec0::1234]:80 \end_layout @@ -12936,18 +13766,22 @@ Laden der Kernel-Module: \end_layout \begin_layout Code + # modprobe nf_tables \end_layout \begin_layout Code + # modprobe nf_tables_ipv4 \end_layout \begin_layout Code + # modprobe nf_tables_ipv6 \end_layout \begin_layout Code + # modprobe nf_tables_inet \end_layout @@ -12958,10 +13792,12 @@ Löschen der Regeln in iptables and ip6tables um Interferenzen zu vermeiden: \end_layout \begin_layout Code + # iptables -F \end_layout \begin_layout Code + # ip6tables -F \end_layout @@ -12972,6 +13808,7 @@ Erzeugen der Filter-Tabelle: \end_layout \begin_layout Code + # nft add table inet filter \end_layout @@ -12982,6 +13819,7 @@ Erzeugen einer input chain in der Filter-Tabelle: \end_layout \begin_layout Code + # nft add chain inet filter input { type filter hook input priority 0 \backslash ; } @@ -13007,6 +13845,7 @@ Tabelle gehören \end_layout \begin_layout Code + # nft add rule inet filter input ct state established,related counter accept \end_layout @@ -13018,11 +13857,13 @@ Erlauben von IPv4 und IPv6 ICMP echo-request (aka ping) \end_layout \begin_layout Code + # nft add rule inet filter input meta nfproto ipv4 icmp type { echo-request } counter accept \end_layout \begin_layout Code + # nft add rule inet filter input meta nfproto ipv6 icmpv6 type echo-request counter accept \end_layout @@ -13035,19 +13876,23 @@ Erlauben einiger wichtiger IPv6 ICMP Pakete, ohne Zähler, dafür mit Hop-Limit- \end_layout \begin_layout Code + # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code + ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 1 accept \end_layout \begin_layout Code + # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code + ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 255 counter accept \end_layout @@ -13059,6 +13904,7 @@ Erlauben von eingehenden SSH-Verbindungen für IPv4 und IPv6 \end_layout \begin_layout Code + # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -13077,14 +13923,17 @@ Reject/drop anderer Pakete \end_layout \begin_layout Code + # nft add rule inet filter input tcp dport 0-65535 reject \end_layout \begin_layout Code + # nft add rule inet filter input udp dport 0-65535 counter drop \end_layout \begin_layout Code + # nft add rule inet filter input counter drop \end_layout @@ -13101,63 +13950,77 @@ Tabelle für IP unabhängigen Filter \end_layout \begin_layout Code + table inet filter { \end_layout \begin_layout Code + chain input { \end_layout \begin_layout Code + type filter hook input priority 0; \end_layout \begin_layout Code + ct state established,related counter packets 0 bytes 0 accept \end_layout \begin_layout Code + ip protocol icmp icmp type { echo-request} counter packets 0 bytes 0 accept \end_layout \begin_layout Code + ip6 nexthdr ipv6-icmp icmpv6 type echo-request counter packets 0 bytes 0 accept \end_layout \begin_layout Code + ip6 nexthdr ipv6-icmp ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code + ip6 nexthdr ipv6-icmp ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code + tcp dport ssh ct state new tcp flags & (syn | ack) == syn counter packets 0 bytes 0 accept \end_layout \begin_layout Code + tcp dport >= 0 tcp dport <= 65535 counter packets 0 bytes 0 reject \end_layout \begin_layout Code + udp dport >= 0 udp dport <= 65535 counter packets 0 bytes 0 drop \end_layout \begin_layout Code + log prefix counter packets 0 bytes 0 drop \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -13174,6 +14037,7 @@ Für Logging wird ein zusätzliches Kernelmodul benötigt: \end_layout \begin_layout Code + # modprobe xt_LOG \end_layout @@ -13202,6 +14066,7 @@ Für erste Tests mit der Log-Option kann es nützlich sein, das Loggens für \end_layout \begin_layout Code + #*.emerg :omusrmsg:* \end_layout @@ -13212,6 +14077,7 @@ Regel von oben, welche SSH auf Port 22 erlaubt, nun mit Logging: \end_layout \begin_layout Code + # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -13293,114 +14159,141 @@ mark xxxx \end_layout \begin_layout Code + # for table in ip ip6 inet; do nft list table $table filter; done \end_layout \begin_layout Code + table ip filter { \end_layout \begin_layout Code + chain input { \end_layout \begin_layout Code + type filter hook input priority 0; \end_layout \begin_layout Code + ct state established,related counter packets 241 bytes 25193 accept \end_layout \begin_layout Code + counter packets 2 bytes 120 mark 0x00000100 accept \end_layout \begin_layout Code + icmp type { echo-request} counter packets 0 bytes 0 meta mark set 0x00000100 accept \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout \begin_layout Code + table ip6 filter { \end_layout \begin_layout Code + chain input { \end_layout \begin_layout Code + type filter hook input priority 0; \end_layout \begin_layout Code + ct state established,related counter packets 14 bytes 4077 accept \end_layout \begin_layout Code + counter packets 4 bytes 408 mark 0x00000100 accept \end_layout \begin_layout Code + icmpv6 type echo-request counter packets 1 bytes 104 meta mark set 0x00000100 \end_layout \begin_layout Code + icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} counter packets 2 bytes 224 meta mark set 0x00000100 accept \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout \begin_layout Code + table inet filter { \end_layout \begin_layout Code + chain input { \end_layout \begin_layout Code + type filter hook input priority 0; \end_layout \begin_layout Code + ct state established,related counter packets 307 bytes 31974 accept \end_layout \begin_layout Code + counter packets 6 bytes 528 mark 0x00000100 accept \end_layout \begin_layout Code + tcp dport ssh ct state new tcp flags & (syn | ack) == syn log prefix "inet/input/accept: " meta mark set 0x00000100 counter packets 3 bytes 200 accept \end_layout \begin_layout Code + log prefix "inet/input/reject: " counter packets 0 bytes 0 reject \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -13512,10 +14405,12 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code + # nc6 ::1 daytime \end_layout \begin_layout Code + 13 JUL 2002 11:22:22 CEST \end_layout @@ -13537,43 +14432,53 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code + # nmap -6 -sT ::1 \end_layout \begin_layout Code + Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code + Interesting ports on localhost6 (::1): \end_layout \begin_layout Code + (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code + Port State Service \end_layout \begin_layout Code + 22/tcp open ssh \end_layout \begin_layout Code + 53/tcp open domain \end_layout \begin_layout Code + 515/tcp open printer \end_layout \begin_layout Code + 2401/tcp open cvspserver \end_layout \begin_layout Code + Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -13596,26 +14501,32 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code + # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code + ::1 2401 unassigned unknown \end_layout \begin_layout Code + ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code + ::1 515 printer spooler (lpd) \end_layout \begin_layout Code + ::1 6010 unassigned unknown \end_layout \begin_layout Code + ::1 53 domain Domain Name Server \end_layout @@ -13986,22 +14897,27 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Transport-Modus \end_layout \begin_layout Code + #!/sbin/setkey -f \end_layout \begin_layout Code + flush; \end_layout \begin_layout Code + spdflush; \end_layout \begin_layout Code + spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code + spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -14016,30 +14932,37 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Tunnel-Modus \end_layout \begin_layout Code + #!/sbin/setkey -f \end_layout \begin_layout Code + flush; \end_layout \begin_layout Code + spdflush; \end_layout \begin_layout Code + spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code + ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code + spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code + ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -14109,18 +15032,22 @@ Datei: /etc/racoon/racoon.conf \end_layout \begin_layout Code + # Racoon IKE daemon configuration file. \end_layout \begin_layout Code + # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code + path include "/etc/racoon"; \end_layout \begin_layout Code + path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -14129,18 +15056,22 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code + listen \end_layout \begin_layout Code + { \end_layout \begin_layout Code + isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code + } \end_layout @@ -14149,50 +15080,62 @@ listen \end_layout \begin_layout Code + remote 2001:db8:2:2::2 \end_layout \begin_layout Code + { \end_layout \begin_layout Code + exchange_mode main; \end_layout \begin_layout Code + lifetime time 24 hour; \end_layout \begin_layout Code + proposal \end_layout \begin_layout Code + { \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + hash_algorithm md5; \end_layout \begin_layout Code + authentication_method pre_shared_key; \end_layout \begin_layout Code + dh_group 2; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -14201,34 +15144,42 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code + # gateway-to-gateway \end_layout \begin_layout Code + sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code + { \end_layout \begin_layout Code + lifetime time 1 hour; \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + authentication_algorithm hmac_md5; \end_layout \begin_layout Code + compression_algorithm deflate; \end_layout \begin_layout Code + } \end_layout @@ -14237,30 +15188,37 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code + sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code + { \end_layout \begin_layout Code + lifetime time 1 hour; \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + authentication_algorithm hmac_md5; \end_layout \begin_layout Code + compression_algorithm deflate; \end_layout \begin_layout Code + } \end_layout @@ -14277,10 +15235,12 @@ Datei: /etc/racoon/psk.txt \end_layout \begin_layout Code + # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code + # format is: 'identifier' 'key' \end_layout @@ -14289,6 +15249,7 @@ Datei: /etc/racoon/psk.txt \end_layout \begin_layout Code + 2001:db8:2:2::2 verysecret \end_layout @@ -14316,81 +15277,100 @@ Zum Schluss muss der Daemon gestartet werden. \end_layout \begin_layout Code + # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code + Foreground mode. \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net ) \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code + ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code + ¬ queued due to no phase1 found. \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code + ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code + 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code + ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code + 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code + ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code + 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code + ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code + 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code + ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -14411,10 +15391,12 @@ tcpdump \end_layout \begin_layout Code + 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code + 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -14439,94 +15421,117 @@ setkey \end_layout \begin_layout Code + # setkey -D \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code + esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code + E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code + A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code + seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code + diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code + 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code + esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code + E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code + A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code + seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code + diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -14631,18 +15636,22 @@ Datei: /etc/ipsec.conf \end_layout \begin_layout Code + # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code + # \end_layout \begin_layout Code + # Manual: ipsec.conf.5 \end_layout \begin_layout Code + version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -14651,22 +15660,27 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code + # basic configuration \end_layout \begin_layout Code + config setup \end_layout \begin_layout Code + # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code + # klipsdebug=none \end_layout \begin_layout Code + # plutodebug="control parsing" \end_layout @@ -14675,10 +15689,12 @@ config setup \end_layout \begin_layout Code + #Disable Opportunistic Encryption \end_layout \begin_layout Code + include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -14687,55 +15703,68 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code + conn ipv6-p1-p2 \end_layout \begin_layout Code + connaddrfamily=ipv6 # Important for IPv6, but no longer needed since StrongSwan 4 \end_layout \begin_layout Code + left=2001:db8:1:1::1 \end_layout \begin_layout Code + right=2001:db8:2:2::2 \end_layout \begin_layout Code + authby=secret \end_layout \begin_layout Code + esp=aes128-sha1 \end_layout \begin_layout Code + ike=aes128-sha-modp1024 \end_layout \begin_layout Code + type=transport \end_layout \begin_layout Code + #type=tunnel \end_layout \begin_layout Code + compress=no \end_layout \begin_layout Code + #compress=yes \end_layout \begin_layout Code + auto=add \end_layout \begin_layout Code + #auto=up \end_layout @@ -14756,6 +15785,7 @@ Datei: /etc/ipsec.secrets \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -14782,6 +15812,7 @@ Wenn die Installation von Openswan erfolgreich war, sollte ein initscript \end_layout \begin_layout Code + # /etc/rc.d/init.d/ipsec start \end_layout @@ -14801,34 +15832,42 @@ IPsec SA established \end_layout \begin_layout Code + # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code + 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code + 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code + 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code + 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code + 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code + 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code + ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -14848,94 +15887,117 @@ setkey \end_layout \begin_layout Code + # setkey -D \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code + esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code + E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code + A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code + seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code + diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code + 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code + esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code + E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code + A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code + seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code + diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -14960,10 +16022,12 @@ ip \end_layout \begin_layout Code + # ip xfrm policy \end_layout \begin_layout Code + ... \end_layout @@ -14972,10 +16036,12 @@ ip \end_layout \begin_layout Code + # ip xfrm state \end_layout \begin_layout Code + ... \end_layout @@ -15025,32 +16091,39 @@ Vernünftig funktionierendes QoS ist nur an der ausgehenden Schnittstelle \end_layout \begin_layout Code + ------------------->------- \end_layout \begin_layout Code + Queue 1 \backslash \end_layout \begin_layout Code + --->--- ---->--------->--------->------------------- \end_layout \begin_layout Code + Dicke Leitung Queue 2 Queue 1 / Queue 2 / Queue 3 Dünne Leitung \end_layout \begin_layout Code + --->---- ---->--------->--------->------------------- \end_layout \begin_layout Code + Queue 3 / \end_layout \begin_layout Code + ------------------->------- \end_layout @@ -15132,6 +16205,7 @@ Definition einer root qdisc mit einer Bandbreite von 1000 MBit/s an eth1 \end_layout \begin_layout Code + # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -15148,6 +16222,7 @@ Definition einer Klasse 1:1 mit 1 MBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -15159,6 +16234,7 @@ Definition einer Klasse 1:2 mit 50 MBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -15170,6 +16246,7 @@ Definition einer Klasse 1:3 mit 10 MBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -15181,6 +16258,7 @@ Definition einer Klasse 1:4 mit 200 kBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -15210,6 +16288,7 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -15229,6 +16308,7 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -15244,6 +16324,7 @@ match ip6 flowlabel 0x12345 0x3ffff \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -15260,6 +16341,7 @@ handle 32 fw \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -15271,6 +16353,7 @@ Die letzte Filterdefinition benötigt auch einen Eintrag in ip6tables um \end_layout \begin_layout Code + # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -15288,14 +16371,17 @@ Starten auf Serverseite in separaten Konsolen: \end_layout \begin_layout Code + # iperf -V -s -p 5001 \end_layout \begin_layout Code + # iperf -V -s -p 5002 \end_layout \begin_layout Code + # iperf -V -s -p 5003 \end_layout @@ -15306,29 +16392,35 @@ Starten auf Clientseite und Vergleichen der Ergebnisse: \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv4 -p 5001 (erwartet: 1 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv6 -p 5001 (erwartet: 50 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv4 -p 5002 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv6 -p 5002 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv4 -p 5003 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv6 -p 5003 (erwartet: 200 kBit/s) \end_layout @@ -15412,18 +16504,22 @@ Folgende Optionen müssen geändert werden, damit IPv6 aktiviert wird \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # sure other options here, too \end_layout \begin_layout Code + listen-on-v6 { any; }; \end_layout \begin_layout Code + }; \end_layout @@ -15433,48 +16529,59 @@ Nach einem Neustart (des Dienstes) sollte z.B. \end_layout \begin_layout Code + # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code + tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code + ¬ # incoming TCP requests \end_layout \begin_layout Code + udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code + udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code + udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP request to any IPv6 \end_layout @@ -15483,6 +16590,7 @@ Ein kleiner Test sieht wie folgt aus: \end_layout \begin_layout Code + # dig localhost @::1 \end_layout @@ -15499,18 +16607,22 @@ Folgende Optionen müssen geändert werden, damit IPv6 deaktiviert wird: \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # sure other options here, too \end_layout \begin_layout Code + listen-on-v6 { none; }; \end_layout \begin_layout Code + }; \end_layout @@ -15525,54 +16637,67 @@ ACLs mit IPv6 Adressen sind realisierbar und sollten wann immer möglich \end_layout \begin_layout Code + acl internal-net { \end_layout \begin_layout Code + 127.0.0.1; \end_layout \begin_layout Code + 1.2.3.0/24; \end_layout \begin_layout Code + 2001:0db8:100::/56; \end_layout \begin_layout Code + ::1/128; \end_layout \begin_layout Code + ::ffff:1.2.3.4/128; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + acl ns-internal-net { \end_layout \begin_layout Code + 1.2.3.4; \end_layout \begin_layout Code + 1.2.3.5; \end_layout \begin_layout Code + 2001:0db8:100::4/128; \end_layout \begin_layout Code + 2001:0db8:100::5/128; \end_layout \begin_layout Code + }; \end_layout @@ -15584,26 +16709,32 @@ Diese ACLs können für Client-Anfragen und Zonentransfers zu Secondary Nameserv \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # sure other options here, too \end_layout \begin_layout Code + listen-on-v6 { none; }; \end_layout \begin_layout Code + allow-query { internal-net; }; \end_layout \begin_layout Code + allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code + }; \end_layout @@ -15629,6 +16760,7 @@ Diese Option ist nicht verpflichtend, ev. \end_layout \begin_layout Code + query-source-v6 address port ; \end_layout @@ -15649,6 +16781,7 @@ Die Transfer source Adresse wird für ausgehende Zonentransfers verwendet: \end_layout \begin_layout Code + transfer-source-v6 [port port]; \end_layout @@ -15661,6 +16794,7 @@ Die Notify source Adresse wird für ausgehende notify Mitteilungen verwendet: \end_layout \begin_layout Code + notify-source-v6 [port port]; \end_layout @@ -15817,22 +16951,27 @@ Eine IPv6 Verbindung kann durch Angabe eines dedizierten Server, der abgefragt \end_layout \begin_layout Code + $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Using domain server: \end_layout \begin_layout Code + Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code + Aliases: \end_layout @@ -15841,6 +16980,7 @@ Aliases: \end_layout \begin_layout Code + Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -15850,14 +16990,17 @@ Ein entsprechender Log-Eintrag sieht wie folgt aus: \end_layout \begin_layout Code + Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code + ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code + query denied \end_layout @@ -15876,22 +17019,27 @@ Eine erfolgreiche IPv6 Verbindung sieht wie folgt aus: \end_layout \begin_layout Code + $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Using domain server: \end_layout \begin_layout Code + Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code + Aliases: \end_layout @@ -15900,12 +17048,14 @@ Aliases: \end_layout \begin_layout Code + www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code + 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -15950,42 +17100,52 @@ Wenn Sie nun einen "eingebauten" Service wie z.B. \end_layout \begin_layout Code + # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code + --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code + +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code + @@ -10,5 +10,5 @@ \end_layout \begin_layout Code + protocol = tcp \end_layout \begin_layout Code + user = root \end_layout \begin_layout Code + wait = no \end_layout \begin_layout Code + - disable = yes \end_layout \begin_layout Code + + disable = no \end_layout \begin_layout Code + } \end_layout @@ -15995,22 +17155,27 @@ dann sollten Sie nach einem Neustart des xinetd-Dienstes z.B. \end_layout \begin_layout Code + # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code + tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code + ¬ daytime/tcp \end_layout \begin_layout Code + tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -16071,22 +17236,27 @@ Virtueller Host mit IPv6 Adresse \end_layout \begin_layout Code + Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code + \end_layout \begin_layout Code + ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code + # ...sure more config lines \end_layout \begin_layout Code + \end_layout @@ -16095,26 +17265,32 @@ Virtueller Host mit IPv4 und IPv6 Adresse \end_layout \begin_layout Code + Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code + Listen 1.2.3.4:80 \end_layout \begin_layout Code + \end_layout \begin_layout Code + ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code + # ...sure more config lines \end_layout \begin_layout Code + \end_layout @@ -16123,20 +17299,24 @@ Das Ergebnis sollten nach einen Neustart des Dienstes etwa Folgendes sein: \end_layout \begin_layout Code + # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code + tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code + tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code + tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -16243,42 +17423,52 @@ Die Konfigurationsdatei des radvd ist normalerweise die Datei /etc/radvd.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + AdvSendAdvert on; \end_layout \begin_layout Code + MinRtrAdvInterval 3; \end_layout \begin_layout Code + MaxRtrAdvInterval 10; \end_layout \begin_layout Code + prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code + AdvOnLink on; \end_layout \begin_layout Code + AdvAutonomous on; \end_layout \begin_layout Code + AdvRouterAddr on; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -16287,23 +17477,28 @@ Als Ergebnis auf der Client-Seite ergibt sich hieraus: \end_layout \begin_layout Code + # ip -6 addr show eth0 \end_layout \begin_layout Code + 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code + inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code + valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code + inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -16330,54 +17525,67 @@ Seit der Version 0.6.2pl3 wird die automatische (Neu)-Erstellung des Präfixes \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + AdvSendAdvert on; \end_layout \begin_layout Code + MinRtrAdvInterval 3; \end_layout \begin_layout Code + MaxRtrAdvInterval 10; \end_layout \begin_layout Code + prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code + AdvOnLink off; \end_layout \begin_layout Code + AdvAutonomous on; \end_layout \begin_layout Code + AdvRouterAddr on; \end_layout \begin_layout Code + Base6to4Interface ppp0; \end_layout \begin_layout Code + AdvPreferredLifetime 20; \end_layout \begin_layout Code + AdvValidLifetime 30; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -16387,23 +17595,28 @@ Das Ergebnis auf Clientseite ist (unter der Annahme, dass ppp0 die lokale \end_layout \begin_layout Code + # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code + 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code + inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code + valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code + inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -16422,6 +17635,7 @@ Achtung: wenn keine spezielle 6to4-Unterstützung der initscripts benutzt \end_layout \begin_layout Code + # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -16451,86 +17665,107 @@ radvdump \end_layout \begin_layout Code + # radvdump \end_layout \begin_layout Code + Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code + AdvCurHopLimit: 64 \end_layout \begin_layout Code + AdvManagedFlag: off \end_layout \begin_layout Code + AdvOtherConfigFlag: off \end_layout \begin_layout Code + AdvHomeAgentFlag: off \end_layout \begin_layout Code + AdvReachableTime: 0 \end_layout \begin_layout Code + AdvRetransTimer: 0 \end_layout \begin_layout Code + Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code + AdvValidLifetime: 30 \end_layout \begin_layout Code + AdvPreferredLifetime: 20 \end_layout \begin_layout Code + AdvOnLink: off \end_layout \begin_layout Code + AdvAutonomous: on \end_layout \begin_layout Code + AdvRouterAddr: on \end_layout \begin_layout Code + Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code + AdvValidLifetime: 2592000 \end_layout \begin_layout Code + AdvPreferredLifetime: 604800 \end_layout \begin_layout Code + AdvOnLink: on \end_layout \begin_layout Code + AdvAutonomous: on \end_layout \begin_layout Code + AdvRouterAddr: on \end_layout \begin_layout Code + AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -16596,54 +17831,67 @@ Die Konfigurationsdatei des dhcp6s ist normalerweise /etc/dhcp6s.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + server-preference 255; \end_layout \begin_layout Code + renew-time 60; \end_layout \begin_layout Code + rebind-time 90; \end_layout \begin_layout Code + prefer-life-time 130; \end_layout \begin_layout Code + valid-life-time 200; \end_layout \begin_layout Code + allow rapid-commit; \end_layout \begin_layout Code + option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code + link AAA { \end_layout \begin_layout Code + range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code + prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -16667,18 +17915,22 @@ Die Konfigurationsdatei von dhcp6c ist normalerweise /etc/dhcp6c.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + send rapid-commit; \end_layout \begin_layout Code + request domain-name-servers; \end_layout \begin_layout Code + }; \end_layout @@ -16702,6 +17954,7 @@ Starten des Servers, z.B. \end_layout \begin_layout Code + # service dhcp6s start \end_layout @@ -16719,10 +17972,12 @@ Starten des Clients im Vordergrund, z.B. \end_layout \begin_layout Code + # dhcp6c -f eth0 \end_layout \begin_layout Code + ... \end_layout @@ -16746,6 +18001,7 @@ Der Server hat einen Vordergrund und zwei Debug-Schalter (von denen beide \end_layout \begin_layout Code + # dhcp6c -d -D -f eth0 \end_layout @@ -16763,6 +18019,7 @@ Mit einem IPv6 Ping an die DHCP Multicast-Adresse kann getestet werden, \end_layout \begin_layout Code + # ping6 -I eth0 ff02::1:2 \end_layout @@ -16773,47 +18030,58 @@ Der Client hat einen Vordergrund und zwei Debug-Schalter, hier ein Beispiel: \end_layout \begin_layout Code + # dhcp6c -d -f eth0 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code + Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code + Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code + Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -16880,26 +18148,32 @@ Erstellen einer eigenen Konfigurationsdatei /etc/dhcp/dhcpd6.conf für den \end_layout \begin_layout Code + default-lease-time 600; \end_layout \begin_layout Code + max-lease-time 7200; \end_layout \begin_layout Code + log-facility local7; \end_layout \begin_layout Code + subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Range for clients \end_layout \begin_layout Code + range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout @@ -16908,10 +18182,12 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Range for clients requesting a temporary address \end_layout \begin_layout Code + range6 2001:db8:0:1::/64 temporary; \end_layout @@ -16920,14 +18196,17 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Additional options \end_layout \begin_layout Code + option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code + option dhcp6.domain-search "domain.example"; \end_layout @@ -16936,10 +18215,12 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Prefix range for delegation to sub-routers \end_layout \begin_layout Code + prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout @@ -16948,27 +18229,33 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Example for a fixed host address \end_layout \begin_layout Code + host specialclient { \end_layout \begin_layout Code + host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code + fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -17007,6 +18294,7 @@ dhcp6c \end_layout \begin_layout Code + # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -17032,46 +18320,56 @@ Starte den Server im Vordergrund: \end_layout \begin_layout Code + # /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth1 \end_layout \begin_layout Code + Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code + Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code + All rights reserved. \end_layout \begin_layout Code + For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code + Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code + Wrote 0 leases to leases file. \end_layout \begin_layout Code + Bound to *:547 \end_layout \begin_layout Code + Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code + Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -17114,50 +18412,62 @@ Erstellen der Konfigurationsdatei /etc/dibbler/server.conf . \end_layout \begin_layout Code + log-level 8 \end_layout \begin_layout Code + log-mode short \end_layout \begin_layout Code + preference 0 \end_layout \begin_layout Code + iface "eth1" { \end_layout \begin_layout Code + prefered-lifetime 3600 \end_layout \begin_layout Code + valid-lifetime 7200 \end_layout \begin_layout Code + class { \end_layout \begin_layout Code + pool 2001:db8:0:1::/64 \end_layout \begin_layout Code + } \end_layout \begin_layout Code + option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code + option domain domain.example \end_layout \begin_layout Code + } \end_layout @@ -17180,124 +18490,148 @@ Start Server im Vorgergrund: \end_layout \begin_layout Code + # dibbler-server run \end_layout \begin_layout Code + | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code + | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code + | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code + | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code + 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code + 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code + 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code + 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code + 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code + 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code + 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code + 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code + 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code + 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code + 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code + 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -17362,6 +18696,7 @@ s.allow sowie /etc/hosts.deny. \end_layout \begin_layout Code + $ man hosts.allow \end_layout @@ -17376,11 +18711,13 @@ In dieser Datei wird ein Dienst pro Zeile eingetragen, der positiv gefiltert \end_layout \begin_layout Code + sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code + daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -17401,6 +18738,7 @@ In dieser Datei werden alle Einträge negativ gefiltert. \end_layout \begin_layout Code + ALL: ALL \end_layout @@ -17412,10 +18750,12 @@ Sie können bei Bedarf obige Standardzeile auch durch Folgende ersetzen, \end_layout \begin_layout Code + ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code + | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -17438,18 +18778,22 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code + Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code + ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code + Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code + from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -17460,22 +18804,27 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code + Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code + ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code + Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code + from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code + ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -17489,18 +18838,22 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code + Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code + ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code + Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code + from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -17510,18 +18863,22 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem auf zwei Ports hörenden \end_layout \begin_layout Code + Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code + ¬ port 33381 ssh2 \end_layout \begin_layout Code + Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code + from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -17557,6 +18914,7 @@ listen \end_layout \begin_layout Code + listen_ipv6=yes \end_layout @@ -17591,22 +18949,27 @@ Editiere die Konfigurationsdatei, üblicherweise /etc/proftpd.conf, allerdings \end_layout \begin_layout Code + \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Bind 2001:0DB8::1 \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + \end_layout diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf index a3581949..48257f8b 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml index b0078d07..e166ea60 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml @@ -95,7 +95,7 @@ Deutsche Übersetzung Copyright © 2002-2003 Georg Käfer, weitergeführt von Pe Technisches <!-- anchor id="general-original-source" -->Originalquelle dieses HOWTOs -Die originale englische Version dieses HOWTOs wurde mit LyX Version 1.6.1 auf einem Fedora 10 Linux System mit SGML-Template (DocBook book) erstellt. Alle Dateien sind unter TLDP-CVS / users / Peter-Bieringer verfügbar. +Die originale englische Version dieses HOWTOs wurde mit LyX Version 1.6.1 auf einem Fedora 10 Linux System mit SGML-Template (DocBook book) erstellt. Alle Dateien sind unter github / tLDP / LDP / users / Peter-Bieringer verfügbar. Auch die deutsche Version wurde mit LyX erstellt und befindet sich ebenfalls im angegebenen CVS-Verzeichnis. Zeilenumbruch in Code-Beispielen Der Zeilenumbruch wird mit Hilfe eines selbst geschriebenen Tools “lyxcodelinewrapper.pl” erstellt; Sie finden das Skript am CVS unter: TLDP-CVS / users / Peter-Bieringer. diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.html index fe699729..4f52f822 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.html @@ -1108,10 +1108,10 @@ NAME="GENERAL-ORIGINAL-SOURCE" >1.5.1. Le document original de cet HOWTO

Cet HOWTO est actuellement rédigé avec la version 1.2.0 de LyX sur un système Linux Red Hat 7.3 avec un patron SGML (livre DocBook). Il est disponible en vue des contributions à l'URLCet HOWTO est actuellement rédigé avec la version 1.2.0 de LyX sur un système Linux Red Hat 7.3 avec un patron SGML (livre DocBook). Il est disponible en vue des contributions à l'URL TLDP-CVS / users / Peter-Bieringergithub / tLDP / LDP / users / Peter-Bieringer.

\end_layout @@ -1270,6 +1275,7 @@ Pour une utilisation réelle sur votre système, en ligne de commande ou dans \end_layout \begin_layout Code + 1.2.3.4 \end_layout @@ -1287,6 +1293,7 @@ Les commandes exécutables en tant qu'utilisateur non-root commencent avec \end_layout \begin_layout Code + $ whoami \end_layout @@ -1296,6 +1303,7 @@ Les commandes exécutables en tant qu'utilisateur root commencent avec un \end_layout \begin_layout Code + # whoami \end_layout @@ -1512,58 +1520,72 @@ Le premier code réseau relatif à IPv6 a été ajouté au noyau Linux 2.1.8 en \end_layout \begin_layout Code + diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code + ¬ linux/include/linux/in6.h \end_layout \begin_layout Code + --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code + +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code + @@ -0,0 +1,99 @@ \end_layout \begin_layout Code + +/* \end_layout \begin_layout Code + + * Types and definitions for AF_INET6 \end_layout \begin_layout Code + + * Linux INET6 implementation \end_layout \begin_layout Code + + * + * Authors: \end_layout \begin_layout Code + + * Pedro Roque <******> \end_layout \begin_layout Code + + * \end_layout \begin_layout Code + + * Source: \end_layout \begin_layout Code + + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code + + * \end_layout @@ -1668,6 +1690,7 @@ Comme cela a été mentionné précédemment, les adresses IPv6 ont une longueur \end_layout \begin_layout Code + 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1683,6 +1706,7 @@ De tels nombres ne sont vraiment pas des adresses pouvant être mémorisées. \end_layout \begin_layout Code + 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1697,6 +1721,7 @@ Cette représentation est encore peu praticable (possibilité de confusion \end_layout \begin_layout Code + 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1707,6 +1732,7 @@ Une adresse utilisable (nous verrons les différents types d'adresse plus \end_layout \begin_layout Code + 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1716,10 +1742,12 @@ Dans un but de simplification, les zéros non significatifs de chaque bloc \end_layout \begin_layout Code + 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code + ¬ 3ffe:ffff:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1745,6 +1773,7 @@ Une séquence de blocs de 16 bits ne comprenant que des zéros peut être rempla \end_layout \begin_layout Code + 3ffe:ffff:100:f101:0:0:0:1 -> 3ffe:ffff:100:f101::1 \end_layout @@ -1755,6 +1784,7 @@ La plus importante réduction qui peut être observée est celle de l'adresse \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1777,10 +1807,12 @@ target "http://www.faqs.org/rfcs/rfc1924.html" \end_layout \begin_layout Code + # ipv6calc --addr_to_base85 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code + Itu&-ZQ82s>J%s99FJXT \end_layout @@ -1999,6 +2031,7 @@ loopback \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2007,6 +2040,7 @@ ou compressée: \end_layout \begin_layout Code + ::1 \end_layout @@ -2050,6 +2084,7 @@ any \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2058,6 +2093,7 @@ ou: \end_layout \begin_layout Code + :: \end_layout @@ -2095,6 +2131,7 @@ Ces adresses sont définies par un préfixe spécial d'une longueur de 96 (a.b.c \end_layout \begin_layout Code + 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2103,6 +2140,7 @@ ou en format compressé: \end_layout \begin_layout Code + ::ffff:a.b.c.d/96 \end_layout @@ -2111,6 +2149,7 @@ Par exemple, l'adresse IPv4 1.2.3.4 ressemble à ceci: \end_layout \begin_layout Code + ::ffff:1.2.3.4 \end_layout @@ -2139,6 +2178,7 @@ reference "tunneling-6to4" \end_layout \begin_layout Code + 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2147,6 +2187,7 @@ ou en format compressé: \end_layout \begin_layout Code + ::a.b.c.d/96 \end_layout @@ -2238,18 +2279,22 @@ x \end_layout \begin_layout Code + fe8x: <- actuellement le seul en usage. \end_layout \begin_layout Code + fe9x: \end_layout \begin_layout Code + feax: \end_layout \begin_layout Code + febx: \end_layout @@ -2291,18 +2336,22 @@ Il commence par: \end_layout \begin_layout Code + fecx: <- le plus couramment utilisé. \end_layout \begin_layout Code + fedx: \end_layout \begin_layout Code + feex: \end_layout \begin_layout Code + fefx: \end_layout @@ -2401,10 +2450,12 @@ x \end_layout \begin_layout Code + 2xxx: \end_layout \begin_layout Code + 3xxx: \end_layout @@ -2436,6 +2487,7 @@ Elles ont été les premières adresses globales à être définies et mises en \end_layout \begin_layout Code + 3ffe: \end_layout @@ -2444,6 +2496,7 @@ Exemple: \end_layout \begin_layout Code + 3ffe:ffff:100:f102::1 \end_layout @@ -2453,6 +2506,7 @@ Une adresse spéciale de test 6bone, qui ne sera jamais globalement unique, \end_layout \begin_layout Code + 3ffe:ffff: \end_layout @@ -2505,6 +2559,7 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code + 2002: \end_layout @@ -2513,6 +2568,7 @@ Par exemple, pour représenter 92.168.1.1/5: \end_layout \begin_layout Code + 2002:c0a8:0101:5::1 \end_layout @@ -2522,10 +2578,12 @@ Une petite ligne de commande peut vous aider à générer une telle adresse \end_layout \begin_layout Code + ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code + ¬ | tr "." " "` $sla \end_layout @@ -2559,6 +2617,7 @@ Ces adresses sont déléguées aux Fournisseurs d'Accès à Internet (FAI) et \end_layout \begin_layout Code + 2001: \end_layout @@ -2597,10 +2656,12 @@ tion: \end_layout \begin_layout Code + 3ffe:ffff::/32 \end_layout \begin_layout Code + 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2627,6 +2688,7 @@ Elles commencent par (xx est la valeur de la portée) \end_layout \begin_layout Code + ffxy: \end_layout @@ -2717,6 +2779,7 @@ Un exemple de cette adresse ressemble à ceci \end_layout \begin_layout Code + ff02::1:ff00:1234 \end_layout @@ -2776,6 +2839,7 @@ Un simple exemple d'une adresse anycast est celle d'un routeur de sous-réseau. \end_layout \begin_layout Code + 3ffe:ffff:100:f101:210:a4ff:fee3:9566/64 <- L'adresse du noeud \end_layout @@ -2785,6 +2849,7 @@ L'adresse anycast de routeur de sous-réseau sera créée en laissant totalement \end_layout \begin_layout Code + 3ffe:ffff:100:f101::/64 <- l'adresse anycast de routeur de sous-réseau \end_layout @@ -2834,6 +2899,7 @@ Considérons à nouveau le premier exemple: \end_layout \begin_layout Code + 3ffe:ffff:100:f101:210:a4ff:fee3:9566 \end_layout @@ -2843,6 +2909,7 @@ ici, \end_layout \begin_layout Code + 210:a4ff:fee3:9566 \end_layout @@ -2852,6 +2919,7 @@ est la partie hôte calculée à partir de l'adresse MAC de la NIC \end_layout \begin_layout Code + 00:10:A4:E3:95:66 \end_layout @@ -2936,6 +3004,7 @@ Pour les serveurs, il est probablement plus aisé de se rappeler d'adresses \end_layout \begin_layout Code + 3ffe:ffff:100:f101::1 \end_layout @@ -3041,6 +3110,7 @@ Un exemple: \end_layout \begin_layout Code + 3ffe:ffff:100:1:2:3:4:5/48 \end_layout @@ -3054,6 +3124,7 @@ le réseau: \end_layout \begin_layout Code + 3ffe:ffff:0100:0000:0000:0000:0000:0000 \end_layout @@ -3062,6 +3133,7 @@ le masque de réseau: \end_layout \begin_layout Code + ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3086,10 +3158,12 @@ Par exemple, si une table de routage affiche les entrées suivantes (la liste \end_layout \begin_layout Code + 3ffe:ffff:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code + 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3099,11 +3173,13 @@ Ci-dessous, les adresses de destination des paquets IPv6 dont le trafic \end_layout \begin_layout Code + 3ffe:ffff:100:1:2:3:4:5/48 -> trafic routé au travers du périphérique sit1 \end_layout \begin_layout Code + 3ffe:ffff:200:1:2:3:4:5/48 -> trafic routé au travers du périphérique tun6to4 \end_layout @@ -3175,6 +3251,7 @@ Afin de vérifier si oui ou non votre actuel noyau supporte IPv6, jetez un \end_layout \begin_layout Code + /proc/net/if_inet6 \end_layout @@ -3184,6 +3261,7 @@ Un bref test automatique ressemble à: \end_layout \begin_layout Code + # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3202,6 +3280,7 @@ Vous pouvez tenter de charger le module IPv6 en exécutant \end_layout \begin_layout Code + # modprobe ipv6 \end_layout @@ -3212,6 +3291,7 @@ Si c'est un succès, la présence de ce module sera testée comme par magie \end_layout \begin_layout Code + # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3242,6 +3322,7 @@ ules): \end_layout \begin_layout Code + alias net-pf-10 ipv6 # chargement automatique du module IPv6 à la demande \end_layout @@ -3251,6 +3332,7 @@ Il est aussi possible de mettre hors service le chargement automatique du \end_layout \begin_layout Code + alias net-pf-10 off # rend indisponible le chargement automatique du module IPv6 \end_layout @@ -3492,11 +3574,13 @@ Vérification magique: \end_layout \begin_layout Code + # /sbin/ifconfig -? 2>& 1 | grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code + ¬ IPv6-ready" \end_layout @@ -3506,6 +3590,7 @@ La même vérification peut être réalisée pour route: \end_layout \begin_layout Code + # /sbin/route -? 2>& 1 | grep -qw 'inet6' && echo "utility 'route' is IPv6-ready " \end_layout @@ -3526,6 +3611,7 @@ Alexey N. \end_layout \begin_layout Code + # /sbin/ip 2>&1 | grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3622,14 +3708,17 @@ Usage \end_layout \begin_layout Code + # ping6 \end_layout \begin_layout Code + # ping6 \end_layout \begin_layout Code + # ping6 [-I ] \end_layout @@ -3638,14 +3727,17 @@ Exemple \end_layout \begin_layout Code + # ping6 -c 1 ::1 \end_layout \begin_layout Code + PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code + 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3654,14 +3746,17 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code + --- ::1 ping statistics --- \end_layout \begin_layout Code + 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code + round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3695,10 +3790,12 @@ En spécifiant uniquement une adresse lien-local à ping IPv6, le noyau ne \end_layout \begin_layout Code + # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code + connect: Invalid argument \end_layout @@ -3707,18 +3804,22 @@ Dans ce cas vous devez en plus spécifier l'interface comme ci-dessous: \end_layout \begin_layout Code + # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code + PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code + ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code + 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3727,14 +3828,17 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code + --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code + 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code + ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3752,18 +3856,22 @@ all-node \end_layout \begin_layout Code + # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code + PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:012356 eth0: 56 data bytes \end_layout \begin_layout Code + 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code + 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3799,42 +3907,51 @@ iputils \end_layout \begin_layout Code + # traceroute6 www.6bone.net \end_layout \begin_layout Code + traceroute to 6bone.net (3ffe:b00:c18:1::10) from 3ffe:ffff:0000:f101::2, 30 \end_layout \begin_layout Code + ¬ hops max, 16 byte packets \end_layout \begin_layout Code + 1 localipv6gateway (3ffe:ffff:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code + 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code + 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code + 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code + 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code + 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3870,42 +3987,52 @@ iputils \end_layout \begin_layout Code + # tracepath6 www.6bone.net \end_layout \begin_layout Code + 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code + 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code + 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code + 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code + 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code + 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code + 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code + 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code + Resume: pmtu 1280 \end_layout @@ -3997,26 +4124,32 @@ Ping IPv6 vers \end_layout \begin_layout Code + # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code + tcpdump: listening on eth0 \end_layout \begin_layout Code + 3ffe:ffff:100:f101:2e0:18ff:fe90:9205 > 3ffe:ffff:100:f101::1: icmp6: echo \end_layout \begin_layout Code + ¬ request (len 64, hlim 64) \end_layout \begin_layout Code + 3ffe:ffff:100:f101::1 > 3ffe:ffff:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code + ¬ reply (len 64, hlim 64) \end_layout @@ -4034,42 +4167,52 @@ Ping IPv6 vers \end_layout \begin_layout Code + # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code + tcpdump: listening on ppp0 \end_layout \begin_layout Code + 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request \end_layout \begin_layout Code + ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code + 5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code + ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code + 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request \end_layout \begin_layout Code + ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code + 5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code + ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4145,6 +4288,7 @@ A cause des mises à jour de sécurité ces dernières années, tout serveur \end_layout \begin_layout Code + # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4153,12 +4297,14 @@ et cela devrait affiché quelque chose comme ce qui suit: \end_layout \begin_layout Code + www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code + tolot.join.uni-muenster.de. has AAAA address 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4173,25 +4319,30 @@ Des clients telnet prêts pour IPv6 sont disponibles. \end_layout \begin_layout Code + $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code + Trying 3ffe:400:100::1... \end_layout \begin_layout Code + Connected to 3ffe:400:100::1. \end_layout \begin_layout Code + Escape character is '^]'. \end_layout \begin_layout Code + HEAD / HTTP/1.0 \end_layout @@ -4200,38 +4351,47 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code + HTTP/1.1 200 OK \end_layout \begin_layout Code + Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code + GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code + Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code + ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code + Accept-Ranges: bytes \end_layout \begin_layout Code + Content-Length: 2637 \end_layout \begin_layout Code + Connection: close \end_layout \begin_layout Code + Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4240,6 +4400,7 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code + Connection closed by foreign host. \end_layout @@ -4293,14 +4454,17 @@ Les versions actuelles d'openssh sont prêtes pour IPv6. \end_layout \begin_layout Code + $ ssh -6 ::1 \end_layout \begin_layout Code + user@::1's password: ****** \end_layout \begin_layout Code + [user@ipv6host user]$ \end_layout @@ -4783,10 +4947,12 @@ Usage: \end_layout \begin_layout Code + # ip link set dev up \end_layout \begin_layout Code + # ip link set dev down \end_layout @@ -4799,10 +4965,12 @@ Exemple: \end_layout \begin_layout Code + # ip link set dev eth0 up \end_layout \begin_layout Code + # ip link set dev eth0 down \end_layout @@ -4816,10 +4984,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/ifconfig up \end_layout \begin_layout Code + # /sbin/ifconfig down \end_layout @@ -4828,10 +4998,12 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 up \end_layout \begin_layout Code + # /sbin/ifconfig eth0 down \end_layout @@ -4871,6 +5043,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 addr show dev \end_layout @@ -4879,22 +5052,27 @@ Exemple pour un hôte configuré statiquement: \end_layout \begin_layout Code + # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code + 2: eth0: \end_layout @@ -4959,18 +5146,22 @@ Exemple (la sortie est filtrée avec grep pour n'afficher que les adresses \end_layout \begin_layout Code + # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code + inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code + inet6 addr: 3ffe:ffff:0:f101::1/64 Scope:Global \end_layout \begin_layout Code + inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -4999,6 +5190,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 addr add / dev \end_layout @@ -5008,6 +5200,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ip -6 addr add 3ffe:ffff:0:f101::1/64 dev eth0 \end_layout @@ -5021,6 +5214,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ifconfig inet6 add / \end_layout @@ -5029,6 +5223,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 inet6 add 3ffe:ffff:0:f101::1/64 \end_layout @@ -5055,6 +5250,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 addr del / dev \end_layout @@ -5064,6 +5260,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ip -6 addr del 3ffe:ffff:0:f101::1/64 dev eth0 \end_layout @@ -5077,6 +5274,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ifconfig inet6 del / \end_layout @@ -5085,6 +5283,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 inet6 del 3ffe:ffff:0:f101::1/64 \end_layout @@ -5125,6 +5324,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route show [dev ] \end_layout @@ -5134,22 +5334,27 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code + 3ffe:ffff:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5163,6 +5368,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 \end_layout @@ -5174,37 +5380,45 @@ Exemple (la sortie est filtrée sur l'interface eth0). \end_layout \begin_layout Code + # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code + 3ffe:ffff:0:f101 ::/64 :: UA 256 0 0 eth0 <- Route de l'interface de portée globale \end_layout \begin_layout Code + ¬ address \end_layout \begin_layout Code + fe80::/10 :: UA 256 0 0 eth0 <- Route de l'interface de portée lien-local \end_layout \begin_layout Code + ¬ address \end_layout \begin_layout Code + ff00::/8 :: UA 256 0 0 eth0 <- Route de l'interface destiné à tout le trafic multicast \end_layout \begin_layout Code + ¬ addresses \end_layout \begin_layout Code + ::/0 :: UDA 256 0 0 eth0 <- Route automatique par défaut \end_layout @@ -5227,10 +5441,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route add / via \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -5243,6 +5459,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ip -6 route add 2000::/3 via 3ffe:ffff:0:f101::1 \end_layout @@ -5256,10 +5473,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -5278,6 +5497,7 @@ Suivre l'exemple montré ajoute une route à toutes les adresses globales \end_layout \begin_layout Code + # /sbin/route -A inet6 add 2000::/3 gw 3ffe:ffff:0:f101::1 \end_layout @@ -5301,10 +5521,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route del / via \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -5313,6 +5535,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ip -6 route del 2000::/3 via 3ffe:ffff:0:f101::1 \end_layout @@ -5326,6 +5549,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 del / [dev ] \end_layout @@ -5334,6 +5558,7 @@ Exemple pour de nouveau ôter la route précédemment ajoutée: \end_layout \begin_layout Code + # /sbin/route -A inet6 del 2000::/3 gw 3ffe:ffff:0:f101::1 \end_layout @@ -5355,10 +5580,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route add / dev \end_layout \begin_layout Code + ¬ metric 1 \end_layout @@ -5367,6 +5594,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ip -6 route add 2000::/3 dev eth0 metric 1 \end_layout @@ -5413,6 +5641,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 add / dev \end_layout @@ -5421,6 +5650,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/route -A inet6 add 2000::/3 dev eth0 \end_layout @@ -5442,6 +5672,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route del / dev \end_layout @@ -5450,6 +5681,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ip -6 route del 2000::/3 dev eth0 \end_layout @@ -5463,6 +5695,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 del / dev \end_layout @@ -5472,6 +5705,7 @@ Exemple: \end_layout \begin_layout Code + # /sbin/route -A inet6 del 2000::/3 dev eth0 \end_layout @@ -5511,14 +5745,17 @@ Les clients peuvent installer une route par défaut avec pour préfixe \end_layout \begin_layout Code + # ip -6 route show | grep ^default \end_layout \begin_layout Code + default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code + ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5626,6 +5863,7 @@ Avec la commande qui suit vous pouvez afficher les voisins IPv6 appris ou \end_layout \begin_layout Code + # ip -6 neigh show [dev ] \end_layout @@ -5634,10 +5872,12 @@ L'exemple suivant montre un voisin, qui est un routeur pouvant être atteint \end_layout \begin_layout Code + # ip -6 neigh show \end_layout \begin_layout Code + fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -5654,6 +5894,7 @@ La commande suivante vous permet d'ajouter manuellement une entrée \end_layout \begin_layout Code + # ip -6 neigh add lladdr dev \end_layout @@ -5663,6 +5904,7 @@ Exemple: \end_layout \begin_layout Code + # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5675,6 +5917,7 @@ De même qu'une entrée peut être ajoutée, une entrée peut être détruite: \end_layout \begin_layout Code + # ip -6 neigh del lladdr dev \end_layout @@ -5684,6 +5927,7 @@ Exemple: \end_layout \begin_layout Code + # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5705,23 +5949,28 @@ ip \end_layout \begin_layout Code + # ip -6 neigh help \end_layout \begin_layout Code + Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code + [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code + | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code + ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -5863,22 +6112,27 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code + | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code + +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code + | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code + | 0x2002 | | | | \end_layout \begin_layout Code + +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6007,6 +6261,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show [] \end_layout @@ -6015,14 +6270,17 @@ Exemple: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show \end_layout \begin_layout Code + sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code + sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6035,6 +6293,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 \end_layout @@ -6044,6 +6303,7 @@ Exemple (la sortie est filtrée afin de ne laisser apparaître que les tunnels \end_layout \begin_layout Code + # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6052,22 +6312,27 @@ W*$" \end_layout \begin_layout Code + ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code + 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code + 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code + fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code + ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6135,10 +6400,12 @@ Usage en vue de créer un périphérique de tunnelage (mais il n'est pas monté \end_layout \begin_layout Code + # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code + ¬ local \end_layout @@ -6147,18 +6414,22 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6167,18 +6438,22 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6187,18 +6462,22 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6220,6 +6499,7 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -6228,14 +6508,17 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit1 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6244,14 +6527,17 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit2 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6260,14 +6546,17 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit3 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6296,6 +6585,7 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -6304,26 +6594,32 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout @@ -6352,6 +6648,7 @@ Pour ôter un périphérique de tunnelage: \end_layout \begin_layout Code + # /sbin/ip tunnel del \end_layout @@ -6360,14 +6657,17 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code + # /sbin/ip link set sit1 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit1 \end_layout @@ -6376,14 +6676,17 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code + # /sbin/ip link set sit2 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit2 \end_layout @@ -6392,14 +6695,17 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code + # /sbin/ip link set sit3 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit3 \end_layout @@ -6420,10 +6726,12 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code + # /sbin/ifconfig sit3 down \end_layout @@ -6432,10 +6740,12 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code + # /sbin/ifconfig sit2 down \end_layout @@ -6444,10 +6754,12 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code + # /sbin/ifconfig sit1 down \end_layout @@ -6456,6 +6768,7 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -6477,26 +6790,32 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout @@ -6505,6 +6824,7 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -6566,6 +6886,7 @@ En considérant que votre adresse IPv4 soit \end_layout \begin_layout Code + 1.2.3.4 \end_layout @@ -6574,6 +6895,7 @@ le préfixe 6to4 généré sera \end_layout \begin_layout Code + 2002:0102:0304:: \end_layout @@ -6592,6 +6914,7 @@ Les passerelles locales 6to4 devraient (mais cela n'est pas une nécessité, \end_layout \begin_layout Code + 2002:0102:0304::1 \end_layout @@ -6600,6 +6923,7 @@ Utiliser par exemple ce qui suit pour une génération automatique: \end_layout \begin_layout Code + ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -6622,6 +6946,7 @@ Créez un nouveau périphérique tunnel \end_layout \begin_layout Code + # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout @@ -6631,6 +6956,7 @@ Montez l'interface \end_layout \begin_layout Code + # /sbin/ip link set dev tun6to4 up \end_layout @@ -6640,6 +6966,7 @@ Ajouter une adresse 6to4 locale à l'interface (note: la longueur du préfixe, \end_layout \begin_layout Code + # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -6653,6 +6980,7 @@ all-6to4-routers \end_layout \begin_layout Code + # /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -6671,6 +6999,7 @@ ip \end_layout \begin_layout Code + # /sbin/ip -6 route add 2000::/3 via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -6697,6 +7026,7 @@ Monter l'interface de tunnelage générique sit0 \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -6705,6 +7035,7 @@ Ajouter une adresse 6to4 locale à une interface \end_layout \begin_layout Code + # /sbin/ifconfig sit0 add /16 \end_layout @@ -6718,6 +7049,7 @@ all-6to4-relays \end_layout \begin_layout Code + # /sbin/route -A inet6 add 2000::/3 gw ::192.88.99.1 dev sit0 \end_layout @@ -6734,6 +7066,7 @@ Utiliser "ip" et un périphérique de tunnelage dédié \end_layout \begin_layout Code + # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -6742,6 +7075,7 @@ Démonter l'interface \end_layout \begin_layout Code + # /sbin/ip link set dev tun6to4 down \end_layout @@ -6750,6 +7084,7 @@ Démonter l'interface \end_layout \begin_layout Code + # /sbin/ip tunnel del tun6to4 \end_layout @@ -6786,6 +7121,7 @@ sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 del 2000::/3 gw ::192.88.99.1 dev sit0 \end_layout @@ -6794,6 +7130,7 @@ sit0 \end_layout \begin_layout Code + # /sbin/ifconfig sit0 del /16 \end_layout @@ -6803,6 +7140,7 @@ Démontage d'un périphérique de tunnelage générique (prenez garde, peut-êtr \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -6898,6 +7236,7 @@ Le système de fichiers /proc doit être rendu disponible dans le noyau, ce \end_layout \begin_layout Code + CONFIG_PROC_FS=y \end_layout @@ -6907,10 +7246,12 @@ Le système de fichiers /proc doit être auparavant monté, ce qui peut être \end_layout \begin_layout Code + # mount | grep "type proc" \end_layout \begin_layout Code + none on /proc type proc (rw) \end_layout @@ -6933,10 +7274,12 @@ La valeur de l'entrée peut être récupérée en utilisant "cat": \end_layout \begin_layout Code + # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code + 0 \end_layout @@ -6950,6 +7293,7 @@ Une nouvelle valeur peut être fixée (si l'entrée est en écriture) en utilisa \end_layout \begin_layout Code + # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -6999,6 +7343,7 @@ L'interface sysctl doit être disponible dans le noyau, ce qui signifie qu'à \end_layout \begin_layout Code + CONFIG_SYSCTL=y \end_layout @@ -7011,10 +7356,12 @@ La valeur de l'entrée peut maintenant être récupérée: \end_layout \begin_layout Code + # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code + net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7027,10 +7374,12 @@ Une nouvelle valeur peut être fixée (si l'entrée est en écriture): \end_layout \begin_layout Code + # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code + net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7042,10 +7391,12 @@ Note: n'utilisez pas d'espaces autour du signe "=" lorsque vous fixez les \end_layout \begin_layout Code + # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code + net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -7536,6 +7887,7 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code + ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), seq=426, pid=0 \end_layout @@ -8011,22 +8363,27 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code + # cat /proc/net/if_inet6 \end_layout \begin_layout Code + 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code + +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code + | | | | | | \end_layout \begin_layout Code + 1 2 3 4 5 6 \end_layout @@ -8104,22 +8461,27 @@ net/ipv6/route.c \end_layout \begin_layout Code + # cat /proc/net/ipv6_route \end_layout \begin_layout Code + 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code + +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code + | | | | \end_layout \begin_layout Code + 1 2 3 4 \end_layout @@ -8128,18 +8490,22 @@ net/ipv6/route.c \end_layout \begin_layout Code + ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code + ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code + ¬ | | | | | | \end_layout \begin_layout Code + ¬ 5 6 7 8 9 10 \end_layout @@ -8200,22 +8566,27 @@ Statistiques à propos de l'utilisation des sockets IPv6. \end_layout \begin_layout Code + # cat /proc/net/sockstat6 \end_layout \begin_layout Code + TCP6: inuse 7 \end_layout \begin_layout Code + UDP6: inuse 2 \end_layout \begin_layout Code + RAW6: inuse 1 \end_layout \begin_layout Code + FRAG6: inuse 0 memory 0 \end_layout @@ -8352,307 +8723,375 @@ Exemple: \end_layout \begin_layout Code + # netstat -nlptu \end_layout \begin_layout Code + Active Internet connections (only servers) \end_layout \begin_layout Code + Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code + ¬ PID/Program name \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1258/rpc.statd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1502/rpc.mountd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 22433/lpd Waiting \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1746/smbd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1230/portmap \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 3551/X \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 18735/junkbuster \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code + ¬ 1410/sshd \end_layout \begin_layout Code + tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code + ¬ 13237/sshd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1258/rpc.statd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code + ¬ - \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1502/rpc.mountd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code + ¬ - \end_layout \begin_layout Code + udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1530/dhcpd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1530/dhcpd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1230/portmap \end_layout \begin_layout Code + udp 0 0 :::53 :::* \end_layout \begin_layout Code + ¬ 30734/named \end_layout @@ -8684,26 +9123,32 @@ Une annonce de routeur \end_layout \begin_layout Code + 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code + ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code + ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code + ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code + ¬ preffered_ltime=604800, prefix=3ffe:ffff:0:1::/64)(src lladdr: \end_layout \begin_layout Code + ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -8761,10 +9206,12 @@ Une sollicitation de routeur \end_layout \begin_layout Code + 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code + ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -8843,10 +9290,12 @@ fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code + 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -8864,15 +9313,18 @@ Le noeud veut configurer son adresse globale \end_layout \begin_layout Code + 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code + ¬ hlim 255) \end_layout @@ -8890,15 +9342,18 @@ Le noeud veut configurer son adresse globale \end_layout \begin_layout Code + 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ 3ffe:ffff:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code + ¬ 255) \end_layout @@ -8921,15 +9376,18 @@ Un noeud veut émettre des paquets à \end_layout \begin_layout Code + 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code + ¬ neighbor sol: who has 3ffe:ffff:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code + ¬ hlim 255) \end_layout @@ -8946,10 +9404,12 @@ fe80::10 \end_layout \begin_layout Code + 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code + ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -9064,6 +9524,7 @@ Vous pouvez tester si votre distribution Linux contient le support pour \end_layout \begin_layout Code + /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -9072,11 +9533,13 @@ Un test magique: \end_layout \begin_layout Code + # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code + ¬ IPv6 script library exists" \end_layout @@ -9088,14 +9551,17 @@ La version de la bibliothèque est importante s'il vous manque certaines \end_layout \begin_layout Code + # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code + ¬ getversion_ipv6_functions \end_layout \begin_layout Code + 20011124 \end_layout @@ -9135,10 +9601,12 @@ Vérifiez si votre système a déjà le module IPv6 chargé \end_layout \begin_layout Code + # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code + alias net-pf-10 off \end_layout @@ -9156,6 +9624,7 @@ rk, ajoutez la nouvelle ligne \end_layout \begin_layout Code + NETWORKING_IPV6=yes \end_layout @@ -9164,6 +9633,7 @@ Redémarrez la machine, ou simplement le réseau par \end_layout \begin_layout Code + # service network restart \end_layout @@ -9172,10 +9642,12 @@ Maintenant le module IPv6 devrait être chargé \end_layout \begin_layout Code + # modprobe -c | grep ipv6 \end_layout \begin_layout Code + alias net-pf-10 ipv6 \end_layout @@ -9236,6 +9708,7 @@ Editez le fichier /etc/sysconfig/network/ifcfg- et fixez \end_layout \begin_layout Code + IP6ADDR="/" \end_layout @@ -9261,6 +9734,7 @@ Editez le fichier /etc/sysconfig/network/ifcfg- et fixez \end_layout \begin_layout Code + IPADDR="/" \end_layout @@ -9310,43 +9784,53 @@ Configurez votre interface. \end_layout \begin_layout Code + iface eth0 inet6 static \end_layout \begin_layout Code + pre-up modprobe ipv6 \end_layout \begin_layout Code + address 3ffe:ffff:1234:5::1:1 \end_layout \begin_layout Code + # Pour rendre complètement indisponible l'auto-configuration: \end_layout \begin_layout Code + # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code + netmask 64 \end_layout \begin_layout Code + # Le routeur est auto-configuré, et n'a pas d'adresse fixe. \end_layout \begin_layout Code + # Il est déterminé comme par magie \end_layout \begin_layout Code + # (/proc/sys/net/ipv6/conf/all/accept_ra). Sinon: \end_layout \begin_layout Code + # gateway 3ffe:ffff:1234:5::1 \end_layout @@ -9355,6 +9839,7 @@ Puis vous rebootez, ou alors vous faites juste \end_layout \begin_layout Code + # ifup --force eth0 \end_layout @@ -9420,18 +9905,22 @@ Exemple: \end_layout \begin_layout Code + # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code + 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code + inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code + valid_lft forever preferred_lft forever \end_layout @@ -10019,6 +10508,7 @@ Déplacez-vous dans le répertoire des sources: \end_layout \begin_layout Code + # cd /chemin/vers/les/sources \end_layout @@ -10027,10 +10517,12 @@ Décompactez et renommez les sources du noyau \end_layout \begin_layout Code + # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code + # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -10039,6 +10531,7 @@ Décompactez les sources d'iptables \end_layout \begin_layout Code + # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -10051,6 +10544,7 @@ Déplacez-vous dans le répertoire iptables \end_layout \begin_layout Code + # cd iptables-version \end_layout @@ -10059,6 +10553,7 @@ Appliquez les patchs en attente \end_layout \begin_layout Code + # make pending-patches KERNEL_DIR=/chemin/vers/les/sources/linux-version-iptable s-version+IPv6/ \end_layout @@ -10069,6 +10564,7 @@ Appliquez les patchs additionnels relatifs à IPv6 (pas encore inclus dans \end_layout \begin_layout Code + # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10107,10 +10603,12 @@ Vérifier la présence des extensions IPv6 \end_layout \begin_layout Code + # make print-extensions \end_layout \begin_layout Code + Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -10123,6 +10621,7 @@ Déplacez-vous dans les sources du noyau \end_layout \begin_layout Code + # cd /chemin/vers/les/sources/linux-version-iptables-version/ \end_layout @@ -10131,10 +10630,12 @@ Editez Makefile \end_layout \begin_layout Code + - EXTRAVERSION = \end_layout \begin_layout Code + + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -10143,80 +10644,99 @@ Lancez configure, avec IPv6 de disponible \end_layout \begin_layout Code + Code maturity level options \end_layout \begin_layout Code + Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code + Networking options \end_layout \begin_layout Code + Network packet filtering: yes \end_layout \begin_layout Code + The IPv6 protocol: module \end_layout \begin_layout Code + IPv6: Netfilter Configuration \end_layout \begin_layout Code + IP6 tables support: module \end_layout \begin_layout Code + All new options like following: \end_layout \begin_layout Code + limit match support: module \end_layout \begin_layout Code + MAC address match support: module \end_layout \begin_layout Code + Multiple port match support: module \end_layout \begin_layout Code + Owner match support: module \end_layout \begin_layout Code + netfilter MARK match support: module \end_layout \begin_layout Code + Aggregated address check: module \end_layout \begin_layout Code + Packet filtering: module \end_layout \begin_layout Code + REJECT target support: module \end_layout \begin_layout Code + LOG target support: module \end_layout \begin_layout Code + Packet mangling: module \end_layout \begin_layout Code + MARK target support: module \end_layout @@ -10242,6 +10762,7 @@ Renommez l'ancien répertoire \end_layout \begin_layout Code + # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -10250,6 +10771,7 @@ Créez un nouveau lien symbolique \end_layout \begin_layout Code + # ln -s /chemin/vers/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -10258,6 +10780,7 @@ Reconstruisez le SRPM \end_layout \begin_layout Code + # rpm --rebuild /chemin/vers/SRPM/iptables-version-release.src.rpm \end_layout @@ -10271,6 +10794,7 @@ Sur les systèmes RH 7.1, normalement, une ancienne version est installée, \end_layout \begin_layout Code + # rpm -Fhv /chemin/vers/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10279,6 +10803,7 @@ Si elle n'était pas installée, utiliser "install" \end_layout \begin_layout Code + # rpm -ihv /chemin/vers/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10289,6 +10814,7 @@ nt les pré-requis ne correspondent pas. \end_layout \begin_layout Code + # rpm -ihv --nodeps /chemin/vers/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10299,6 +10825,7 @@ Il sera peut-être nécessaire de créer un lien symbolique vers le lieu où \end_layout \begin_layout Code + # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -10315,6 +10842,7 @@ Chargez le module, s'il est compilé \end_layout \begin_layout Code + # modprobe ip6_tables \end_layout @@ -10323,10 +10851,12 @@ Vérifiez si le noyau courant prend en charge iptables \end_layout \begin_layout Code + # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code + ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -10343,6 +10873,7 @@ de façon abrégée \end_layout \begin_layout Code + # ip6tables -L \end_layout @@ -10351,6 +10882,7 @@ de façon détaillée \end_layout \begin_layout Code + # ip6tables -n -v --line-numbers -L \end_layout @@ -10359,6 +10891,7 @@ Lister un filtre spécifique \end_layout \begin_layout Code + # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -10367,10 +10900,12 @@ Insérer une règle de journal au filtre entrant, avec des options \end_layout \begin_layout Code + # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code + ¬ --log-level 7 \end_layout @@ -10383,6 +10918,7 @@ drop rule \end_layout \begin_layout Code + # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -10391,6 +10927,7 @@ Détruire une règle par son numéro \end_layout \begin_layout Code + # ip6tables --table filter --delete INPUT 1 \end_layout @@ -10408,6 +10945,7 @@ Accepter le trafic ICMPv6 entrant dans les tunnels \end_layout \begin_layout Code + # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -10416,6 +10954,7 @@ Autoriser le trafic ICMPv6 sortant des tunnels \end_layout \begin_layout Code + # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -10424,6 +10963,7 @@ Les nouveaux noyaux permettent de spécifier les types ICMPv6: \end_layout \begin_layout Code + # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -10442,10 +10982,12 @@ Il peut arriver (l'auteur l'a déjà vu) qu'un engorgement ICMPv6 se produise, \end_layout \begin_layout Code + # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code + ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -10463,10 +11005,12 @@ Autoriser le trafic entrant SSH provenant de 3ffe:ffff:100::1/128 \end_layout \begin_layout Code + # ip6tables -A INPUT -i sit+ -p tcp -s 3ffe:ffff:100::1/128 --sport 512:65535 \end_layout \begin_layout Code + ¬ --dport 22 -j ACCEPT \end_layout @@ -10476,10 +11020,12 @@ Autoriser les paquets réponse (pour le moment, la traque du trafic IPv6 \end_layout \begin_layout Code + # ip6tables -A OUTPUT -o sit+ -p tcp -d 3ffe:ffff:100::1/128 --dport 512:65535 \end_layout \begin_layout Code + ¬ --sport 22 ! --syn j ACCEPT \end_layout @@ -10501,6 +11047,7 @@ Accepter le trafic entrant IPv6-in-IPv4 sur l'interface ppp0 \end_layout \begin_layout Code + # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -10509,6 +11056,7 @@ Permettre au trafic IPv6-in-IPv4 de sortir par l'interface ppp0 \end_layout \begin_layout Code + # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -10523,6 +11071,7 @@ Accepter le trafic entrant IPv6-in-IPv4 sur l'interface ppp0 et provenant \end_layout \begin_layout Code + # iptables -A INPUT -i ppp0 -p ipv6 -s 1.2.3.4 -j ACCEPT \end_layout @@ -10532,6 +11081,7 @@ Autoriser le trafic sortant IPv6-in-IPv4 vers l'interface ppp0 pour l'extrémit \end_layout \begin_layout Code + # iptables -A OUTPUT -o ppp0 -p ipv6 -d 1.2.3.4 -j ACCEPT \end_layout @@ -10554,6 +11104,7 @@ Bloquer les requêtes de connexion entrante TCP vers cet hôte \end_layout \begin_layout Code + # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -10563,6 +11114,7 @@ Bloquer les requêtes de connexion entrante TCP allant vers les hôtes placés \end_layout \begin_layout Code + # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -10595,6 +11147,7 @@ Bloquer les paquets entrants UDP qui ne peuvent être des réponses de requêtes \end_layout \begin_layout Code + # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -10604,6 +11157,7 @@ Bloquer les paquets entrants UDP qui ne peuvent être des réponses de requêtes \end_layout \begin_layout Code + # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -10617,472 +11171,578 @@ Les lignes qui suivent montrent en exemple une installation plus sophistiquée. \end_layout \begin_layout Code + # ip6tables -n -v -L \end_layout \begin_layout Code + Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code + 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code + 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code + 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code + 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain ext2int (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code + 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain extIN (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain extOUT (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code + ¬ 3ffe:ffff:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code + ¬ 3ffe:ffff:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain int2ext (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code + 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain intIN (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code + ¬ fe80::/ffc0:: \end_layout \begin_layout Code + 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain intOUT (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code + ¬ fe80::/ffc0:: \end_layout \begin_layout Code + 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -11198,10 +11858,12 @@ etc \end_layout \begin_layout Code + # nc6 ::1 daytime \end_layout \begin_layout Code + 13 JUL 2002 11:22:22 CEST \end_layout @@ -11223,43 +11885,53 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code + # nmap -6 -sT ::1 \end_layout \begin_layout Code + Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code + Interesting ports on localhost6 (::1): \end_layout \begin_layout Code + (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code + Port State Service \end_layout \begin_layout Code + 22/tcp open ssh \end_layout \begin_layout Code + 53/tcp open domain \end_layout \begin_layout Code + 515/tcp open printer \end_layout \begin_layout Code + 2401/tcp open cvspserver \end_layout \begin_layout Code + Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -11282,26 +11954,32 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code + # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code + ::1 2401 unassigned unknown \end_layout \begin_layout Code + ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code + ::1 515 printer spooler (lpd) \end_layout \begin_layout Code + ::1 6010 unassigned unknown \end_layout \begin_layout Code + ::1 53 domain Domain Name Server \end_layout @@ -11623,22 +12301,27 @@ Exemple d'une connexion encryptée de boute-en-bout en mode transport \end_layout \begin_layout Code + #!/sbin/setkey -f \end_layout \begin_layout Code + flush; \end_layout \begin_layout Code + spdflush; \end_layout \begin_layout Code + spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code + spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -11651,30 +12334,37 @@ Exemple d'une connexion encryptée de boute-en-bout en mode tunnel \end_layout \begin_layout Code + #!/sbin/setkey -f \end_layout \begin_layout Code + flush; \end_layout \begin_layout Code + spdflush; \end_layout \begin_layout Code + spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code + ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code + spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code + ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -11737,18 +12427,22 @@ Fichier: /etc/racoon/racoon.conf \end_layout \begin_layout Code + # Fichier de configuration du démon IKE racoon. \end_layout \begin_layout Code + # Voir 'man racoon.conf' pour une description du format et des entrées. \end_layout \begin_layout Code + path include "/etc/racoon"; \end_layout \begin_layout Code + path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -11757,70 +12451,87 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code + listen \end_layout \begin_layout Code + { \end_layout \begin_layout Code + isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + \end_layout \begin_layout Code + remote 2001:db8:2:2::2 \end_layout \begin_layout Code + { \end_layout \begin_layout Code + exchange_mode main; \end_layout \begin_layout Code + lifetime time 24 hour; \end_layout \begin_layout Code + proposal \end_layout \begin_layout Code + { \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + hash_algorithm md5; \end_layout \begin_layout Code + authentication_method pre_shared_key; \end_layout \begin_layout Code + dh_group 2; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -11829,34 +12540,42 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code + # De passerelle-à-passerelle \end_layout \begin_layout Code + sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code + { \end_layout \begin_layout Code + lifetime time 1 hour; \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + authentication_algorithm hmac_md5; \end_layout \begin_layout Code + compression_algorithm deflate; \end_layout \begin_layout Code + } \end_layout @@ -11865,30 +12584,37 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code + sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code + { \end_layout \begin_layout Code + lifetime time 1 hour; \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + authentication_algorithm hmac_md5; \end_layout \begin_layout Code + compression_algorithm deflate; \end_layout \begin_layout Code + } \end_layout @@ -11901,10 +12627,12 @@ Fichier: /etc/racoon/psk.txt \end_layout \begin_layout Code + # Fichier des clés pré-partagées utilisées pour l'authentification IKE \end_layout \begin_layout Code + # Le format est: 'identificateur' 'clé' \end_layout @@ -11913,6 +12641,7 @@ Fichier: /etc/racoon/psk.txt \end_layout \begin_layout Code + 2001:db8:2:2::2 absolumentsecret \end_layout @@ -11952,80 +12681,99 @@ Security Association \end_layout \begin_layout Code + # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code + Foreground mode. \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net ) \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code + ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code + ¬ queued due to no phase1 found. \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code + ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code + 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code + ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code + 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code + ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code + 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code + ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code + 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code + ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -12044,10 +12792,12 @@ tcpdump \end_layout \begin_layout Code + 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code + 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -12072,94 +12822,117 @@ setkey \end_layout \begin_layout Code + # setkey -D \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code + esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code + E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code + A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code + seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code + diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code + 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code + esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code + E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code + A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code + seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code + diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -12253,18 +13026,22 @@ Fichier: /etc/ipsec.conf \end_layout \begin_layout Code + # /etc/ipsec.conf - Fichier de configuration d'IPsec Openswan \end_layout \begin_layout Code + # \end_layout \begin_layout Code + # Manuel: ipsec.conf.5 \end_layout \begin_layout Code + version 2.0 # conforme à la seconde version de la spécification d'ipsec.conf \end_layout @@ -12273,23 +13050,28 @@ version 2.0 # conforme à la seconde version de la spécification d'ipsec.co \end_layout \begin_layout Code + # configuration de base \end_layout \begin_layout Code + config setup \end_layout \begin_layout Code + # Contrôles du déboguage / journalisation : "none" pour (presque) rien, "all" pour beaucoup. \end_layout \begin_layout Code + # klipsdebug=none \end_layout \begin_layout Code + # plutodebug="control parsing" \end_layout @@ -12298,10 +13080,12 @@ config setup \end_layout \begin_layout Code + #Rendre indisponible l'encryptage opportuniste \end_layout \begin_layout Code + include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -12310,54 +13094,67 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code + conn ipv6-p1-p2 \end_layout \begin_layout Code + connaddrfamily=ipv6 # Important pour IPv6! \end_layout \begin_layout Code + left=2001:db8:1:1::1 \end_layout \begin_layout Code + right=2001:db8:2:2::2 \end_layout \begin_layout Code + authby=secret \end_layout \begin_layout Code + esp=aes128-sha1 \end_layout \begin_layout Code + ike=aes128-sha-modp1024 \end_layout \begin_layout Code + type=transport \end_layout \begin_layout Code + #type=tunnel \end_layout \begin_layout Code + compress=no \end_layout \begin_layout Code + #compress=yes \end_layout \begin_layout Code + auto=add \end_layout \begin_layout Code + #auto=start \end_layout @@ -12374,6 +13171,7 @@ Fichier: /etc/ipsec.secrets \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "absolumentsecret" \end_layout @@ -12396,6 +13194,7 @@ on doit exister permettant le démarrage d'IPsec, lancez simplement (sur \end_layout \begin_layout Code + # /etc/rc.d/init.d/ipsec start \end_layout @@ -12413,34 +13212,42 @@ IPsec SA established \end_layout \begin_layout Code + # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code + 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code + 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code + 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code + 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code + 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code + 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code + ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -12458,94 +13265,117 @@ setkey \end_layout \begin_layout Code + # setkey -D \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code + esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code + E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code + A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code + seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code + diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code + 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code + esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code + E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code + A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code + seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code + diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -12567,10 +13397,12 @@ ip \end_layout \begin_layout Code + # ip xfrm policy \end_layout \begin_layout Code + ... \end_layout @@ -12579,10 +13411,12 @@ ip \end_layout \begin_layout Code + # ip xfrm state \end_layout \begin_layout Code + ... \end_layout @@ -12698,18 +13532,22 @@ Pour rendre disponible à named l'écoute IPv6, les options suivantes demandent \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # certainement que d'autres options sont aussi ici \end_layout \begin_layout Code + listen-on-v6 { any; }; \end_layout \begin_layout Code + }; \end_layout @@ -12718,48 +13556,59 @@ Il doit en résulter après redémarrage \end_layout \begin_layout Code + # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code + tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code + ¬ # incoming TCP requests \end_layout \begin_layout Code + udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code + udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code + udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP request to any IPv6 \end_layout @@ -12768,6 +13617,7 @@ Un test simple ressemble à \end_layout \begin_layout Code + # dig localhost @::1 \end_layout @@ -12785,18 +13635,22 @@ Pour rendre indisponible l'écoute IPv6, l'option suivante demande à être \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # certainement que d'autres options sont aussi ici \end_layout \begin_layout Code + listen-on-v6 { none; }; \end_layout \begin_layout Code + }; \end_layout @@ -12810,54 +13664,67 @@ Les ACL IPv6 sont disponibles et devraient être utilisées dès que possible. \end_layout \begin_layout Code + acl internal-net { \end_layout \begin_layout Code + 127.0.0.1; \end_layout \begin_layout Code + 1.2.3.0/24; \end_layout \begin_layout Code + 3ffe:ffff:100::/56; \end_layout \begin_layout Code + ::1/128; \end_layout \begin_layout Code + ::ffff:1.2.3.4/128; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + acl ns-internal-net { \end_layout \begin_layout Code + 1.2.3.4; \end_layout \begin_layout Code + 1.2.3.5; \end_layout \begin_layout Code + 3ffe:ffff:100::4/128; \end_layout \begin_layout Code + 3ffe:ffff:100::5/128; \end_layout \begin_layout Code + }; \end_layout @@ -12869,26 +13736,32 @@ Ces ACL peuvent être utilisées par exemple pour les requêtes des clients \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # certainement que d'autres options sont aussi ici \end_layout \begin_layout Code + listen-on-v6 { none; }; \end_layout \begin_layout Code + allow-query { internal-net; }; \end_layout \begin_layout Code + allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code + }; \end_layout @@ -12914,6 +13787,7 @@ Cette option n'est pas requise, mais peut être nécessaire: \end_layout \begin_layout Code + query-source-v6 address port ; \end_layout @@ -12935,6 +13809,7 @@ L'adresse de la source de transfert est utilisée pour aller chercher les \end_layout \begin_layout Code + transfer-source-v6 [port port]; \end_layout @@ -12948,6 +13823,7 @@ L'adresse de la source à notifier est utilisée pour les messages de notificati \end_layout \begin_layout Code + notify-source-v6 [port port]; \end_layout @@ -13115,22 +13991,27 @@ En spécifiant un serveur pour les requêtes, une connexion IPv6 peut être \end_layout \begin_layout Code + $ host -t aaaa www.6bone.net 3ffe:ffff:200:f101::1 \end_layout \begin_layout Code + Using domain server: \end_layout \begin_layout Code + Name: 3ffe:ffff:200:f101::1 \end_layout \begin_layout Code + Address: 3ffe:ffff:200:f101::1#53 \end_layout \begin_layout Code + Aliases: \end_layout @@ -13139,6 +14020,7 @@ Aliases: \end_layout \begin_layout Code + Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -13148,14 +14030,17 @@ L'entrée relative dans le journal ressemble à ce qui suit: \end_layout \begin_layout Code + Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code + ¬ 3ffe:ffff:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code + query denied \end_layout @@ -13174,22 +14059,27 @@ Une connexion IPv6 réussie ressemble à ce qui suit: \end_layout \begin_layout Code + $ host -t aaaa www.6bone.net 3ffe:ffff:200:f101::1 \end_layout \begin_layout Code + Using domain server: \end_layout \begin_layout Code + Name: 3ffe:ffff:200:f101::1 \end_layout \begin_layout Code + Address: 3ffe:ffff:200:f101::1#53 \end_layout \begin_layout Code + Aliases: \end_layout @@ -13198,12 +14088,14 @@ Aliases: \end_layout \begin_layout Code + www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code + 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -13251,42 +14143,52 @@ Si vous rendez disponible un service fourni avec xinetd, comme par exemple \end_layout \begin_layout Code + # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code + --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code + +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code + @@ -10,5 +10,5 @@ \end_layout \begin_layout Code + protocol = tcp \end_layout \begin_layout Code + user = root \end_layout \begin_layout Code + wait = no \end_layout \begin_layout Code + - disable = yes \end_layout \begin_layout Code + + disable = no \end_layout \begin_layout Code + } \end_layout @@ -13296,22 +14198,27 @@ vous devriez recevoir, après le redémarrage de xinetd, une réponse positive \end_layout \begin_layout Code + # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code + tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code + ¬ daytime/tcp \end_layout \begin_layout Code + tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -13369,22 +14276,27 @@ Un hôte virtuel écoute sur une adresse IPv6 uniquement \end_layout \begin_layout Code + Listen [3ffe:ffff:100::1]:80 \end_layout \begin_layout Code + \end_layout \begin_layout Code + ServerName ipv6seul.votredomaine.votretld \end_layout \begin_layout Code + # certainement des lignes de configuration en plus... \end_layout \begin_layout Code + \end_layout @@ -13393,26 +14305,32 @@ Un hôte virtuel écoute sur une adresse IPv6 et sur une adresse IPv4 \end_layout \begin_layout Code + Listen [3ffe:ffff:100::2]:80 \end_layout \begin_layout Code + Listen 1.2.3.4:80 \end_layout \begin_layout Code + \end_layout \begin_layout Code + ServerName ipv6etipv4.votredomaine.votretld \end_layout \begin_layout Code + # certainement des lignes de configuration en plus... \end_layout \begin_layout Code + \end_layout @@ -13421,20 +14339,24 @@ Il devrait en résulter après redémarrage \end_layout \begin_layout Code + # netstat -lnptu | grep "httpd2 \backslash W*$" \end_layout \begin_layout Code + tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code + tcp 0 0 3ffe:ffff:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code + tcp 0 0 3ffe:ffff:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -13541,42 +14463,52 @@ Le fichier de configuration de radvd est généralement /etc/radvd.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + AdvSendAdvert on; \end_layout \begin_layout Code + MinRtrAdvInterval 3; \end_layout \begin_layout Code + MaxRtrAdvInterval 10; \end_layout \begin_layout Code + prefix 3ffe:ffff:0100:f101::/64 { \end_layout \begin_layout Code + AdvOnLink on; \end_layout \begin_layout Code + AdvAutonomous on; \end_layout \begin_layout Code + AdvRouterAddr on; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -13585,23 +14517,28 @@ Ce qui a pour résultat côté client \end_layout \begin_layout Code + # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code + 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code + inet6 3ffe:ffff:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code + valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code + inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -13635,54 +14572,67 @@ dial-on-demand \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + AdvSendAdvert on; \end_layout \begin_layout Code + MinRtrAdvInterval 3; \end_layout \begin_layout Code + MaxRtrAdvInterval 10; \end_layout \begin_layout Code + prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code + AdvOnLink off; \end_layout \begin_layout Code + AdvAutonomous on; \end_layout \begin_layout Code + AdvRouterAddr on; \end_layout \begin_layout Code + Base6to4Interface ppp0; \end_layout \begin_layout Code + AdvPreferredLifetime 20; \end_layout \begin_layout Code + AdvValidLifetime 30; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -13692,23 +14642,28 @@ Il en résulte pour le client situé à l'intérieur (en considérant que ppp0 \end_layout \begin_layout Code + # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code + 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code + inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code + valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code + inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -13726,6 +14681,7 @@ Note additionnelle: si vous n'utilisez pas de support spécifique 6to4 dans \end_layout \begin_layout Code + # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -13757,86 +14713,107 @@ radvdump \end_layout \begin_layout Code + # radvdump \end_layout \begin_layout Code + Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code + AdvCurHopLimit: 64 \end_layout \begin_layout Code + AdvManagedFlag: off \end_layout \begin_layout Code + AdvOtherConfigFlag: off \end_layout \begin_layout Code + AdvHomeAgentFlag: off \end_layout \begin_layout Code + AdvReachableTime: 0 \end_layout \begin_layout Code + AdvRetransTimer: 0 \end_layout \begin_layout Code + Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code + AdvValidLifetime: 30 \end_layout \begin_layout Code + AdvPreferredLifetime: 20 \end_layout \begin_layout Code + AdvOnLink: off \end_layout \begin_layout Code + AdvAutonomous: on \end_layout \begin_layout Code + AdvRouterAddr: on \end_layout \begin_layout Code + Prefix 3ffe:ffff:100:f101::/64 \end_layout \begin_layout Code + AdvValidLifetime: 2592000 \end_layout \begin_layout Code + AdvPreferredLifetime: 604800 \end_layout \begin_layout Code + AdvOnLink: on \end_layout \begin_layout Code + AdvAutonomous: on \end_layout \begin_layout Code + AdvRouterAddr: on \end_layout \begin_layout Code + AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -13889,54 +14866,67 @@ Le fichier de configuration de dhcp6s est normalement /etc/dhcp6s.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + server-preference 255; \end_layout \begin_layout Code + renew-time 60; \end_layout \begin_layout Code + rebind-time 90; \end_layout \begin_layout Code + prefer-life-time 130; \end_layout \begin_layout Code + valid-life-time 200; \end_layout \begin_layout Code + allow rapid-commit; \end_layout \begin_layout Code + option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code + link AAA { \end_layout \begin_layout Code + range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code + prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -13954,18 +14944,22 @@ Le fichier de configuration de dhcp6c est normalement /etc/dhcp6c.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + send rapid-commit; \end_layout \begin_layout Code + request domain-name-servers; \end_layout \begin_layout Code + }; \end_layout @@ -13982,6 +14976,7 @@ Démarrage du serveur, \end_layout \begin_layout Code + # service dhcp6s start \end_layout @@ -13994,6 +14989,7 @@ Démarrage du client en premier plan, \end_layout \begin_layout Code + # dhcp6c -f eth0 \end_layout @@ -14012,6 +15008,7 @@ Le serveur a un drapeau pour passer en premier plan et deux pour le déboguage \end_layout \begin_layout Code + # dhcp6c -d -D -f eth0 \end_layout @@ -14025,47 +15022,58 @@ Le client a un drapeau pour passer en premier plan et deux pour le déboguage. \end_layout \begin_layout Code + # dhcp6c -d -f eth0 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code + Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code + Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len isnot in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code + Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -14133,6 +15141,7 @@ eny. \end_layout \begin_layout Code + $ man hosts.allow \end_layout @@ -14149,11 +15158,13 @@ i.e., \end_layout \begin_layout Code + sshd: 1.2.3. [3ffe:ffff:100:200::]/64 \end_layout \begin_layout Code + daytime-stream: 1.2.3. [3ffe:ffff:100:200::]/64 \end_layout @@ -14177,6 +15188,7 @@ Ce fichier contient toutes les entrées de filtre négative et devrait dénier \end_layout \begin_layout Code + ALL: ALL \end_layout @@ -14193,10 +15205,12 @@ a logwatch \end_layout \begin_layout Code + ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code + | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -14223,18 +15237,22 @@ via \end_layout \begin_layout Code + Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code + ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code + Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code + from=3ffe:ffff:100:200::212:34ff:fe12:3456 \end_layout @@ -14248,22 +15266,27 @@ IPv4 à sshd en double écoute produit des lignes telles que celles de l'exemple \end_layout \begin_layout Code + Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code + ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code + Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code + from 3ffe:ffff:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code + ¬ (3ffe:ffff:100:200::212:34ff:fe12:3456) \end_layout @@ -14281,18 +15304,22 @@ via \end_layout \begin_layout Code + Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code + ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code + Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code + from=3ffe:ffff:100:200::212:34ff:fe12:3456 \end_layout @@ -14306,18 +15333,22 @@ via \end_layout \begin_layout Code + Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code + ¬ port 33381 ssh2 \end_layout \begin_layout Code + Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code + from 3ffe:ffff:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -14349,6 +15380,7 @@ listen \end_layout \begin_layout Code + listen_ipv6=yes \end_layout @@ -14377,22 +15409,27 @@ Editer le fichier de configuration, couramment /etc/proftpd.conf, mais prenez \end_layout \begin_layout Code + \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Bind 2001:0DB8::1 \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + \end_layout diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.pdf index b6075cac..c6aa6261 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.sgml index 1a52efe4..4fef290e 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.sgml @@ -89,7 +89,7 @@ Un peu de technique <!-- anchor id="general-original-source" -->Le document original de cet HOWTO -Cet HOWTO est actuellement rédigé avec la version 1.2.0 de LyX sur un système Linux Red Hat 7.3 avec un patron SGML (livre DocBook). Il est disponible en vue des contributions à l'URLTLDP-CVS / users / Peter-Bieringer. +Cet HOWTO est actuellement rédigé avec la version 1.2.0 de LyX sur un système Linux Red Hat 7.3 avec un patron SGML (livre DocBook). Il est disponible en vue des contributions à l'URL github / tLDP / LDP / users / Peter-Bieringer. Modification des lignes de code propres à LyX Les modifications des lignes de code propres à LyX sont réalisées par un script “maison”, “lyxcodelinewrapper.pl”, que vous pouvez obtenir par CVS pour votre propre compte: TLDP-CVS / users / Peter-Bieringer (NdT: ces lignes ne gênent pas la génération au format SGML, mais celles aux formats PS et PDF à partir du SGML généré couramment, i.e. sans ce script). La génération du SGML diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html index 38edf066..eb2016f8 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html @@ -1338,9 +1338,9 @@ NAME="GENERAL-ORIGINAL-SOURCE" >

This HOWTO is currently written with LyX version 1.6.1 on a Fedora 10 Linux system with template SGML/XML (DocBook book). It's available on TLDP-CVS / users / Peter-Bieringergithub / tLDP / LDP / users / Peter-Bieringer for contribution.

\end_layout @@ -1304,7 +1303,6 @@ For real use on your system command line or in scripts this has to be replaced \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -1317,7 +1315,6 @@ Commands executable as non-root user begin with $, e.g. \end_layout \begin_layout Code - $ whoami \end_layout @@ -1326,7 +1323,6 @@ Commands executable as root user begin with #, e.g. \end_layout \begin_layout Code - # whoami \end_layout @@ -1521,72 +1517,58 @@ The first IPv6 related network code was added to the Linux kernel 2.1.8 in \end_layout \begin_layout Code - diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code - ¬ linux/include/linux/in6.h \end_layout \begin_layout Code - --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code - +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code - @@ -0,0 +1,99 @@ \end_layout \begin_layout Code - +/* \end_layout \begin_layout Code - + * Types and definitions for AF_INET6 \end_layout \begin_layout Code - + * Linux INET6 implementation \end_layout \begin_layout Code - + * + * Authors: \end_layout \begin_layout Code - + * Pedro Roque <******> \end_layout \begin_layout Code - + * \end_layout \begin_layout Code - + * Source: \end_layout \begin_layout Code - + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code - + * \end_layout @@ -1695,7 +1677,6 @@ As previously mentioned, IPv6 addresses are 128 bits long. \end_layout \begin_layout Code - 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1718,7 +1699,6 @@ nibble \end_layout \begin_layout Code - 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1736,7 +1716,6 @@ This representation is still not very convenient (possible mix-up or loss \end_layout \begin_layout Code - 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1746,7 +1725,6 @@ A usable address (see address types later) is e.g.: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1757,12 +1735,10 @@ For simplifications, leading zeros of each 16 bit block can be omitted: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code - ¬ 2001:db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1788,7 +1764,6 @@ ion. \end_layout \begin_layout Code - 2001:0db8:100:f101:0:0:0:1 -> 2001:db8:100:f101::1 \end_layout @@ -1798,7 +1773,6 @@ The biggest reduction is seen by the IPv6 localhost address: \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1822,12 +1796,10 @@ target "http://www.faqs.org/rfcs/rfc1924.html" \end_layout \begin_layout Code - # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code - 9R}vSQZ1W=9A_Q74Lz&R \end_layout @@ -2038,7 +2010,6 @@ This is a special address for the loopback interface, similiar to IPv4 with \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2047,7 +2018,6 @@ or compressed: \end_layout \begin_layout Code - ::1 \end_layout @@ -2083,7 +2053,6 @@ any \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2092,7 +2061,6 @@ or: \end_layout \begin_layout Code - :: \end_layout @@ -2128,7 +2096,6 @@ These addresses are defined with a special prefix of length 96 (a.b.c.d is \end_layout \begin_layout Code - 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2137,7 +2104,6 @@ or in compressed format \end_layout \begin_layout Code - ::ffff:a.b.c.d/96 \end_layout @@ -2146,7 +2112,6 @@ For example, the IPv4 address 1.2.3.4 looks like this: \end_layout \begin_layout Code - ::ffff:1.2.3.4 \end_layout @@ -2175,7 +2140,6 @@ reference "tunneling-6to4" \end_layout \begin_layout Code - 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2184,7 +2148,6 @@ or in compressed format \end_layout \begin_layout Code - ::a.b.c.d/96 \end_layout @@ -2265,22 +2228,18 @@ x \end_layout \begin_layout Code - fe8x: <- currently the only one in use \end_layout \begin_layout Code - fe9x: \end_layout \begin_layout Code - feax: \end_layout \begin_layout Code - febx: \end_layout @@ -2326,22 +2285,18 @@ It begins with: \end_layout \begin_layout Code - fecx: <- most commonly used \end_layout \begin_layout Code - fedx: \end_layout \begin_layout Code - feex: \end_layout \begin_layout Code - fefx: \end_layout @@ -2416,12 +2371,10 @@ It begins with: \end_layout \begin_layout Code - fcxx: \end_layout \begin_layout Code - fdxx: <- currently the only one in use \end_layout @@ -2444,7 +2397,6 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code - fd0f:8b72:ac90::/48 \end_layout @@ -2476,12 +2428,10 @@ x \end_layout \begin_layout Code - 2xxx: \end_layout \begin_layout Code - 3xxx: \end_layout @@ -2512,7 +2462,6 @@ These were the first global addresses which were defined and in use. \end_layout \begin_layout Code - 3ffe: \end_layout @@ -2521,7 +2470,6 @@ Example: \end_layout \begin_layout Code - 3ffe:ffff:100:f102::1 \end_layout @@ -2531,7 +2479,6 @@ A special 6bone test address which will never be globally unique begins \end_layout \begin_layout Code - 3ffe:ffff: \end_layout @@ -2583,7 +2530,6 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code - 2002: \end_layout @@ -2592,7 +2538,6 @@ For example, representing 192.168.1.1/5: \end_layout \begin_layout Code - 2002:c0a8:0101:5::1 \end_layout @@ -2602,12 +2547,10 @@ A small shell command line can help you generating such address out of a \end_layout \begin_layout Code - ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code - ¬ | tr "." " "` $sla \end_layout @@ -2641,7 +2584,6 @@ These addresses are delegated to Internet service providers (ISP) and begin \end_layout \begin_layout Code - 2001: \end_layout @@ -2680,12 +2622,10 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code - 3fff:ffff::/32 \end_layout \begin_layout Code - 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2714,7 +2654,6 @@ xx \end_layout \begin_layout Code - ffxy: \end_layout @@ -2803,7 +2742,6 @@ An example of this address looks like \end_layout \begin_layout Code - ff02::1:ff00:1234 \end_layout @@ -2860,7 +2798,6 @@ A simple example for an anycast address is the subnet-router anycast address. \end_layout \begin_layout Code - 2001:db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2870,7 +2807,6 @@ The subnet-router anycast address will be created blanking the suffix (least \end_layout \begin_layout Code - 2001:db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2910,7 +2846,6 @@ E.g. \end_layout \begin_layout Code - 00:10:a4:01:23:45 \end_layout @@ -2928,7 +2863,6 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code - 0210:a4ff:fe01:2345 \end_layout @@ -2938,7 +2872,6 @@ With a given prefix, the result is the IPv6 address shown in example above: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -2991,7 +2924,6 @@ For servers, it's probably easier to remember simpler addresses, this can \end_layout \begin_layout Code - 2001:0db8:100:f101::1 \end_layout @@ -3083,7 +3015,6 @@ An example: \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -3097,7 +3028,6 @@ Network: \end_layout \begin_layout Code - 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -3106,7 +3036,6 @@ Netmask: \end_layout \begin_layout Code - ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3125,12 +3054,10 @@ For example if a routing table shows following entries (list is not complete): \end_layout \begin_layout Code - 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code - 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3140,12 +3067,10 @@ Shown destination addresses of IPv6 packets will be routed through shown \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code - 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -3209,7 +3134,6 @@ To check, whether your current running kernel supports IPv6, take a look \end_layout \begin_layout Code - /proc/net/if_inet6 \end_layout @@ -3219,7 +3143,6 @@ A short automatical test looks like: \end_layout \begin_layout Code - # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3238,7 +3161,6 @@ You can try to load the IPv6 module executing \end_layout \begin_layout Code - # modprobe ipv6 \end_layout @@ -3249,7 +3171,6 @@ If this is successful, this module should be listed, testable with following \end_layout \begin_layout Code - # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3274,7 +3195,6 @@ Its possible to automatically load the IPv6 module on demand. \end_layout \begin_layout Code - alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -3284,7 +3204,6 @@ It's also possible to disable automatically loading of the IPv6 module using \end_layout \begin_layout Code - alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3542,12 +3461,10 @@ Auto-magically check: \end_layout \begin_layout Code - # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code - ¬ IPv6-ready" \end_layout @@ -3561,7 +3478,6 @@ route \end_layout \begin_layout Code - # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3580,7 +3496,6 @@ Alexey N. \end_layout \begin_layout Code - # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3644,17 +3559,14 @@ Usage \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 [-I ] \end_layout @@ -3664,7 +3576,6 @@ Some implementation also support % suffix instead of using -I , \end_layout \begin_layout Code - # ping6 % \end_layout @@ -3673,17 +3584,14 @@ Example \end_layout \begin_layout Code - # ping6 -c 1 ::1 \end_layout \begin_layout Code - PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3692,17 +3600,14 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - --- ::1 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code - round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3733,12 +3638,10 @@ Using link-local addresses for an IPv6 ping, the kernel does not know through \end_layout \begin_layout Code - # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - connect: Invalid argument \end_layout @@ -3747,22 +3650,18 @@ In this case you have to specify the interface additionally like shown here: \end_layout \begin_layout Code - # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code - PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3771,17 +3670,14 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code - ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3790,7 +3686,6 @@ Example for % notation: \end_layout \begin_layout Code - # ping6 -c 1 fe80::2e0:18ff:fe90:9205%eth0 \end_layout @@ -3804,22 +3699,18 @@ An interesting mechanism to detect IPv6-active hosts on a link is to ping6 \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code - PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code - 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3829,7 +3720,6 @@ Example for % notation: \end_layout \begin_layout Code - # ping6 ff02::1%eth0 \end_layout @@ -3860,51 +3750,42 @@ iputils \end_layout \begin_layout Code - # traceroute6 www.6bone.net \end_layout \begin_layout Code - traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code - ¬ hops max, 16 byte packets \end_layout \begin_layout Code - 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code - 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code - 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code - 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code - 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code - 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3946,52 +3827,42 @@ iputils \end_layout \begin_layout Code - # tracepath6 www.6bone.net \end_layout \begin_layout Code - 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code - 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code - 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code - 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code - 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code - 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code - 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code - 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code - Resume: pmtu 1280 \end_layout @@ -4080,32 +3951,26 @@ IPv6 ping to \end_layout \begin_layout Code - # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on eth0 \end_layout \begin_layout Code - 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code - ¬ request (len 64, hlim 64) \end_layout \begin_layout Code - 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code - ¬ reply (len 64, hlim 64) \end_layout @@ -4122,52 +3987,42 @@ IPv6 ping to \end_layout \begin_layout Code - # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on ppp0 \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4251,7 +4106,6 @@ Because of security updates in the last years every Domain Name System (DNS) \end_layout \begin_layout Code - # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4260,20 +4114,17 @@ and should show something like following: \end_layout \begin_layout Code - www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code - tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code - ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4287,30 +4138,25 @@ IPv6-ready telnet clients are available. \end_layout \begin_layout Code - $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code - Trying 3ffe:400:100::1... \end_layout \begin_layout Code - Connected to 3ffe:400:100::1. \end_layout \begin_layout Code - Escape character is '^]'. \end_layout \begin_layout Code - HEAD / HTTP/1.0 \end_layout @@ -4319,47 +4165,38 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code - HTTP/1.1 200 OK \end_layout \begin_layout Code - Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code - GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code - Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code - ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code - Accept-Ranges: bytes \end_layout \begin_layout Code - Content-Length: 2637 \end_layout \begin_layout Code - Connection: close \end_layout \begin_layout Code - Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4368,7 +4205,6 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code - Connection closed by foreign host. \end_layout @@ -4409,17 +4245,14 @@ Current versions of openssh are IPv6-ready. \end_layout \begin_layout Code - $ ssh -6 ::1 \end_layout \begin_layout Code - user@::1's password: ****** \end_layout \begin_layout Code - [user@ipv6host user]$ \end_layout @@ -4966,12 +4799,10 @@ Usage: \end_layout \begin_layout Code - # ip link set dev up \end_layout \begin_layout Code - # ip link set dev down \end_layout @@ -4984,12 +4815,10 @@ Example: \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout @@ -5003,12 +4832,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig up \end_layout \begin_layout Code - # /sbin/ifconfig down \end_layout @@ -5017,12 +4844,10 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 up \end_layout \begin_layout Code - # /sbin/ifconfig eth0 down \end_layout @@ -5073,7 +4898,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev \end_layout @@ -5082,27 +4906,22 @@ Example for a static configured host: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: \end_layout @@ -5174,22 +4984,18 @@ Example (output filtered with grep to display only IPv6 addresses). \end_layout \begin_layout Code - # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code - inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code - inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code - inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5211,7 +5017,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr add / dev \end_layout @@ -5220,7 +5025,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5234,7 +5038,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 add / \end_layout @@ -5243,7 +5046,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -5266,7 +5068,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr del / dev \end_layout @@ -5275,7 +5076,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5289,7 +5089,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 del / \end_layout @@ -5298,7 +5097,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -5368,7 +5166,6 @@ eth0 \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.eth0.use_tempaddr=2 \end_layout @@ -5377,12 +5174,10 @@ Afterwards, restart of the interface is necessary \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout @@ -5391,39 +5186,32 @@ Once a router advertisement is received, the result should look like following \end_layout \begin_layout Code - # ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen 1000 \end_layout \begin_layout Code - inet6 2001:db8:0:1:8992:3c03:d6e2:ed72/64 scope global secondary dynamic <- pseudo-random IID \end_layout \begin_layout Code - valid_lft 604711sec preferred_lft 86311sec \end_layout \begin_layout Code - inet6 2001:db8:0:1::224:21ff:fe01:2345/64 scope global <- IID based on MAC \end_layout \begin_layout Code - valid_lft 604711sec preferred_lft 86311sec \end_layout \begin_layout Code - ... \end_layout @@ -5437,7 +5225,6 @@ For permanent activation, either a special initscript value per interface \end_layout \begin_layout Code - net.ipv6.conf.eth0.use_tempaddr=2 \end_layout @@ -5449,12 +5236,10 @@ Note: interface must already exists with proper name when sysctl.conf is \end_layout \begin_layout Code - net.ipv6.conf.all.use_tempaddr=2 \end_layout \begin_layout Code - net.ipv6.conf.default.use_tempaddr=2 \end_layout @@ -5464,7 +5249,6 @@ Changed/added values in /etc/sysctl.conf can be activated during runtime, \end_layout \begin_layout Code - # sysctl -p \end_layout @@ -5487,17 +5271,14 @@ Check existing interfaces with: \end_layout \begin_layout Code - # nmcli connection \end_layout \begin_layout Code - NAME UUID TYPE DEVICE \end_layout \begin_layout Code - ens4v1 d0fc2b2e-5fa0-4675-96b5-b723ca5c46db 802-3-ethernet ens4v1 \end_layout @@ -5506,12 +5287,10 @@ Current amount of IPv6 privacy extension addresses can be checked with \end_layout \begin_layout Code - # ip -o addr show dev ens4v1 | grep temporary | wc -l \end_layout \begin_layout Code - 0 \end_layout @@ -5520,12 +5299,10 @@ Current IPv6 privacy extension settings can be checked with \end_layout \begin_layout Code - # nmcli connection show ens4v1 |grep ip6-privacy \end_layout \begin_layout Code - ipv6.ip6-privacy: -1 (unknown) \end_layout @@ -5534,12 +5311,10 @@ Enable IPv6 privacy extension and restart interface \end_layout \begin_layout Code - # nmcli connection modify ens4v1 ipv6.ip6-privacy 2 \end_layout \begin_layout Code - # nmcli connection down ens4v1; nmcli connection up ens4v1 \end_layout @@ -5548,12 +5323,10 @@ New IPv6 privacy extension settings can be checked with \end_layout \begin_layout Code - # nmcli connection show ens4v1 |grep ip6-privacy \end_layout \begin_layout Code - ipv6.ip6-privacy: 2 (active, prefer temporary IP) \end_layout @@ -5562,12 +5335,10 @@ Now IPv6 privacy extension addresses are configured on the interface \end_layout \begin_layout Code - # ip -o addr show dev ens4v1 | grep temporary | wc -l \end_layout \begin_layout Code - 2 \end_layout @@ -5645,7 +5416,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route show [dev ] \end_layout @@ -5655,27 +5425,22 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code - 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5689,7 +5454,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -5701,42 +5465,34 @@ Example (output is filtered for interface eth0). \end_layout \begin_layout Code - # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code - 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code - ¬ addresses \end_layout \begin_layout Code - ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -5759,12 +5515,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5773,7 +5527,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2001:0db8:0:f101::1 \end_layout @@ -5787,12 +5540,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5810,7 +5561,6 @@ Following shown example adds a default route through gateway \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1 \end_layout @@ -5834,12 +5584,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5848,7 +5596,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route del default via 2001:0db8:0:f101::1 \end_layout @@ -5862,12 +5609,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code - ¬ ] \end_layout @@ -5876,7 +5621,6 @@ Example for removing upper added route again: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1 \end_layout @@ -5899,12 +5643,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / dev \end_layout \begin_layout Code - ¬ metric 1 \end_layout @@ -5913,7 +5655,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route add default dev eth0 metric 1 \end_layout @@ -5956,7 +5697,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / dev \end_layout @@ -5965,7 +5705,6 @@ Example: \end_layout \begin_layout Code - # /sbin/route -A inet6 add default dev eth0 \end_layout @@ -5988,7 +5727,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / dev \end_layout @@ -5997,7 +5735,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route del default dev eth0 \end_layout @@ -6011,7 +5748,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / dev \end_layout @@ -6021,7 +5757,6 @@ Example: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default dev eth0 \end_layout @@ -6060,17 +5795,14 @@ Client can setup a default route like prefix \end_layout \begin_layout Code - # ip -6 route show | grep ^default \end_layout \begin_layout Code - default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code - ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -6152,7 +5884,6 @@ With following command you can display the learnt or configured IPv6 neighbors \end_layout \begin_layout Code - # ip -6 neigh show [dev ] \end_layout @@ -6161,12 +5892,10 @@ The following example shows one neighbor, which is a reachable router \end_layout \begin_layout Code - # ip -6 neigh show \end_layout \begin_layout Code - fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -6191,7 +5920,6 @@ With following command you are able to manually add an entry \end_layout \begin_layout Code - # ip -6 neigh add lladdr dev \end_layout @@ -6200,7 +5928,6 @@ Example: \end_layout \begin_layout Code - # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -6213,7 +5940,6 @@ Like adding also an entry can be deleted: \end_layout \begin_layout Code - # ip -6 neigh del lladdr dev \end_layout @@ -6222,7 +5948,6 @@ Example: \end_layout \begin_layout Code - # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -6252,28 +5977,23 @@ help \end_layout \begin_layout Code - # ip -6 neigh help \end_layout \begin_layout Code - Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code - [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code - | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code - ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -6463,27 +6183,22 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code - | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code - | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code - | 0x2002 | | | | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6694,7 +6409,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -6703,17 +6417,14 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show \end_layout \begin_layout Code - sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code - sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6726,7 +6437,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -6736,7 +6446,6 @@ Example (output is filtered to display only tunnels through virtual interface \end_layout \begin_layout Code - # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6745,27 +6454,22 @@ W*$" \end_layout \begin_layout Code - ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code - 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6831,12 +6535,10 @@ Usage for creating a tunnel device (but it's not up afterward, also a TTL \end_layout \begin_layout Code - # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -6845,22 +6547,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6869,22 +6567,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6893,22 +6587,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6929,7 +6619,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6938,17 +6627,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit1 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6957,17 +6643,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit2 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6976,17 +6659,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit3 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit3 \end_layout @@ -7012,7 +6692,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -7021,32 +6700,26 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -7075,7 +6748,6 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code - # /sbin/ip tunnel del \end_layout @@ -7084,17 +6756,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code - # /sbin/ip link set sit1 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit1 \end_layout @@ -7103,17 +6772,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code - # /sbin/ip link set sit2 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit2 \end_layout @@ -7122,17 +6788,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code - # /sbin/ip link set sit3 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit3 \end_layout @@ -7151,12 +6814,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code - # /sbin/ifconfig sit3 down \end_layout @@ -7165,12 +6826,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code - # /sbin/ifconfig sit2 down \end_layout @@ -7179,12 +6838,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code - # /sbin/ifconfig sit1 down \end_layout @@ -7193,7 +6850,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7215,32 +6871,26 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -7249,7 +6899,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7308,7 +6957,6 @@ Assuming your IPv4 address is \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -7317,7 +6965,6 @@ the generated 6to4 prefix will be \end_layout \begin_layout Code - 2002:0102:0304:: \end_layout @@ -7336,7 +6983,6 @@ Local 6to4 gateways should (but it's not a must, you can choose an arbitrary \end_layout \begin_layout Code - 2002:0102:0304::1 \end_layout @@ -7346,7 +6992,6 @@ Use e.g. \end_layout \begin_layout Code - ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -7368,12 +7013,10 @@ Create a new tunnel device \end_layout \begin_layout Code - # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code - ¬ \end_layout @@ -7382,7 +7025,6 @@ Bring interface up \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 up \end_layout @@ -7391,7 +7033,6 @@ Add local 6to4 address to interface (note: prefix length 16 is important!) \end_layout \begin_layout Code - # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -7401,7 +7042,6 @@ Add (default) route to the global IPv6 network using the all-6to4-routers \end_layout \begin_layout Code - # /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -7420,7 +7060,6 @@ ip \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -7447,7 +7086,6 @@ Bring generic tunnel interface sit0 up \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -7456,7 +7094,6 @@ Add local 6to4 address to interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 add /16 \end_layout @@ -7466,7 +7103,6 @@ Add (default) route to the global IPv6 network using the all-6to4-relays \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0 \end_layout @@ -7483,7 +7119,6 @@ Remove all routes through this dedicated tunnel device \end_layout \begin_layout Code - # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -7492,7 +7127,6 @@ Shut down interface \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 down \end_layout @@ -7501,7 +7135,6 @@ Remove created tunnel device \end_layout \begin_layout Code - # /sbin/ip tunnel del tun6to4 \end_layout @@ -7538,7 +7171,6 @@ Remove (default) route through the 6to4 tunnel interface \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0 \end_layout @@ -7547,7 +7179,6 @@ Remove local 6to4 address to interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 del /16 \end_layout @@ -7557,7 +7188,6 @@ Shut down generic tunnel device (take care about this, perhaps it's still \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7597,7 +7227,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -7606,28 +7235,23 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code - ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 \end_layout \begin_layout Code - ¬ flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code - ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 \end_layout \begin_layout Code - ¬ hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -7644,12 +7268,10 @@ Usage for creating a 4over6 tunnel device (but it's not up afterward) \end_layout \begin_layout Code - # /sbin/ip tunnel add mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -7658,22 +7280,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -7682,22 +7300,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -7706,22 +7320,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -7734,7 +7344,6 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del \end_layout @@ -7743,17 +7352,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -7762,17 +7368,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -7781,17 +7384,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -7884,7 +7484,6 @@ The /proc-filesystem had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code - CONFIG_PROC_FS=y \end_layout @@ -7893,12 +7492,10 @@ The /proc-filesystem was mounted before, which can be tested using \end_layout \begin_layout Code - # mount | grep "type proc" \end_layout \begin_layout Code - none on /proc type proc (rw) \end_layout @@ -7929,12 +7526,10 @@ cat \end_layout \begin_layout Code - # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code - 0 \end_layout @@ -7955,7 +7550,6 @@ echo \end_layout \begin_layout Code - # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -8011,7 +7605,6 @@ The sysctl-interface had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code - CONFIG_SYSCTL=y \end_layout @@ -8024,12 +7617,10 @@ The value of an entry can be retrieved now: \end_layout \begin_layout Code - # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 0 \end_layout @@ -8042,12 +7633,10 @@ A new value can be set (if entry is writable): \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 1 \end_layout @@ -8065,12 +7654,10 @@ Note: Don't use spaces around the \end_layout \begin_layout Code - # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code - net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -8538,12 +8125,10 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code - ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code - ¬ seq=426, pid=0 \end_layout @@ -9015,27 +8600,22 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code - # cat /proc/net/if_inet6 \end_layout \begin_layout Code - 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code - +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code - | | | | | | \end_layout \begin_layout Code - 1 2 3 4 5 6 \end_layout @@ -9126,27 +8706,22 @@ net/ipv6/route.c \end_layout \begin_layout Code - # cat /proc/net/ipv6_route \end_layout \begin_layout Code - 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code - +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code - | | | | \end_layout \begin_layout Code - 1 2 3 4 \end_layout @@ -9155,22 +8730,18 @@ net/ipv6/route.c \end_layout \begin_layout Code - ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code - ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code - ¬ | | | | | | \end_layout \begin_layout Code - ¬ 5 6 7 8 9 10 \end_layout @@ -9230,27 +8801,22 @@ Statistics about used IPv6 sockets. \end_layout \begin_layout Code - # cat /proc/net/sockstat6 \end_layout \begin_layout Code - TCP6: inuse 7 \end_layout \begin_layout Code - UDP6: inuse 2 \end_layout \begin_layout Code - RAW6: inuse 1 \end_layout \begin_layout Code - FRAG6: inuse 0 memory 0 \end_layout @@ -9460,17 +9026,14 @@ A host in DNS returning more than one IPv6 address, e.g. \end_layout \begin_layout Code - $ dig +short aaaa st1.bieringer.de \end_layout \begin_layout Code - 2001:4dd0:ff00:834::2 \end_layout \begin_layout Code - 2a01:238:423d:8800:85b3:9e6b:3019:8909 \end_layout @@ -9483,37 +9046,30 @@ Lookup via DNS (/etc/hosts won't work) \end_layout \begin_layout Code - precedence ::1/128 50 # default \end_layout \begin_layout Code - precedence ::/0 40 # default \end_layout \begin_layout Code - precedence 2002::/16 30 # default \end_layout \begin_layout Code - precedence ::/96 20 # default \end_layout \begin_layout Code - precedence ::ffff:0:0/96 10 # default \end_layout \begin_layout Code - precedence 2001:4dd0:ff00:834::/64 80 # dst-A \end_layout \begin_layout Code - precedence 2a01:238:423d:8800::/64 90 # dst-B \end_layout @@ -9523,29 +9079,24 @@ For tests use e.g. \end_layout \begin_layout Code - $ telnet st1.bieringer.de \end_layout \begin_layout Code - Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code - ... \end_layout @@ -9554,12 +9105,10 @@ If precedence is changed in configuration \end_layout \begin_layout Code - precedence 2001:4dd0:ff00:834::/64 90 # dst-A ex 80 \end_layout \begin_layout Code - precedence 2a01:238:423d:8800::/64 80 # dst-B ex 90 \end_layout @@ -9568,29 +9117,24 @@ The order is changed accordingly \end_layout \begin_layout Code - $ telnet st1.bieringer.de \end_layout \begin_layout Code - Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code - ... \end_layout @@ -9651,47 +9195,38 @@ ip addrlabel \end_layout \begin_layout Code - # ip addrlabel \end_layout \begin_layout Code - prefix ::1/128 label 0 \end_layout \begin_layout Code - prefix ::/96 label 3 \end_layout \begin_layout Code - prefix ::ffff:0.0.0.0/96 label 4 \end_layout \begin_layout Code - prefix 2001::/32 label 6 \end_layout \begin_layout Code - prefix 2001:10::/28 label 7 \end_layout \begin_layout Code - prefix 2002::/16 label 2 \end_layout \begin_layout Code - prefix fc00::/7 label 5 \end_layout \begin_layout Code - prefix ::/0 label 1 \end_layout @@ -9701,17 +9236,14 @@ System is multihomed (here on one interface), router provides 2 prefixes \end_layout \begin_layout Code - # ip -6 addr show dev eth1 | grep -w inet6 |grep -w global \end_layout \begin_layout Code - inet6 2001:6f8:12d8:2:5054:ff:fefb:6582/64 scope global dynamic \end_layout \begin_layout Code - inet6 2001:6f8:900:8cbc:5054:ff:fefb:6582/64 scope global dynamic \end_layout @@ -9720,29 +9252,24 @@ Connect now to server (shown above) \end_layout \begin_layout Code - $ telnet st1.bieringer.de \end_layout \begin_layout Code - Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code - ... \end_layout @@ -9759,13 +9286,11 @@ tcp and dst port 23 \end_layout \begin_layout Code - IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37762 > 2001:4dd0:ff00:834::2.telnet: (src-A -> dst-A) \end_layout \begin_layout Code - IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.45754 > 2a01:238:423d:8800:85b3:9e6b:3019:8 909.telnet: (src-A -> dst-B) \end_layout @@ -9783,22 +9308,18 @@ ip addrlabel \end_layout \begin_layout Code - # ip addrlabel add prefix 2001:6f8:12d8:2::/64 label 200 \end_layout \begin_layout Code - # ip addrlabel add prefix 2001:6f8:900:8cbc::/64 label 300 \end_layout \begin_layout Code - # ip addrlabel add prefix 2001:4dd0:ff00:834::/64 label 200 \end_layout \begin_layout Code - # ip addrlabel add prefix 2a01:238:423d:8800::/64 label 300 \end_layout @@ -9815,67 +9336,54 @@ ip addrlabel \end_layout \begin_layout Code - # ip addrlabel \end_layout \begin_layout Code - prefix ::1/128 label 0 \end_layout \begin_layout Code - prefix ::/96 label 3 \end_layout \begin_layout Code - prefix ::ffff:0.0.0.0/96 label 4 \end_layout \begin_layout Code - prefix 2a01:238:423d:8800::/64 label 300 # dst-B \end_layout \begin_layout Code - prefix 2001:4dd0:ff00:834::/64 label 200 # dst-A \end_layout \begin_layout Code - prefix 2001:6f8:900:8cbc::/64 label 300 # src-B \end_layout \begin_layout Code - prefix 2001:6f8:12d8:2::/64 label 200 # src-A \end_layout \begin_layout Code - prefix 2001::/32 label 6 \end_layout \begin_layout Code - prefix 2001:10::/28 label 7 \end_layout \begin_layout Code - prefix 2002::/16 label 2 \end_layout \begin_layout Code - prefix fc00::/7 label 5 \end_layout \begin_layout Code - prefix ::/0 label 1 \end_layout @@ -9884,29 +9392,24 @@ Connect now to server again \end_layout \begin_layout Code - $ telnet st1.bieringer.de \end_layout \begin_layout Code - Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code - ... \end_layout @@ -9924,13 +9427,11 @@ tcp and dst port 23 \end_layout \begin_layout Code - IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37765 > 2001:4dd0:ff00:834::2.telnet: (src-A -> dst-A) \end_layout \begin_layout Code - IP6 2001:6f8:900:8cbc:5054:ff:fefb:6582.39632 > 2a01:238:423d:8800:85b3:9e6b:3019 :8909.telnet: (src-B -> dst-B) \end_layout @@ -10013,375 +9514,307 @@ Example: \end_layout \begin_layout Code - # netstat -nlptu \end_layout \begin_layout Code - Active Internet connections (only servers) \end_layout \begin_layout Code - Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code - ¬ PID/Program name \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 22433/lpd Waiting \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1746/smbd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 3551/X \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18735/junkbuster \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code - ¬ 1410/sshd \end_layout \begin_layout Code - tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code - ¬ 13237/sshd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - udp 0 0 :::53 :::* \end_layout \begin_layout Code - ¬ 30734/named \end_layout @@ -10413,32 +9846,26 @@ Router advertisement \end_layout \begin_layout Code - 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code - ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code - ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code - ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code - ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code - ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -10491,12 +9918,10 @@ Router solicitation \end_layout \begin_layout Code - 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code - ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -10564,12 +9989,10 @@ fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -10586,18 +10009,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -10614,18 +10034,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code - ¬ 255) \end_layout @@ -10646,18 +10063,15 @@ Node wants to send packages to \end_layout \begin_layout Code - 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code - ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -10674,12 +10088,10 @@ fe80::10 \end_layout \begin_layout Code - 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code - ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -10801,7 +10213,6 @@ You can test, whether your Linux distribution contain support for persistent \end_layout \begin_layout Code - /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -10810,13 +10221,11 @@ Auto-magically test: \end_layout \begin_layout Code - # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code - ¬ IPv6 script library exists" \end_layout @@ -10826,17 +10235,14 @@ The version of the library is important if you miss some features. \end_layout \begin_layout Code - # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code - ¬ getversion_ipv6_functions \end_layout \begin_layout Code - 20011124 \end_layout @@ -10875,12 +10281,10 @@ Check whether running system has already IPv6 module loaded \end_layout \begin_layout Code - # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code - alias net-pf-10 off \end_layout @@ -10898,7 +10302,6 @@ off \end_layout \begin_layout Code - NETWORKING_IPV6=yes \end_layout @@ -10907,7 +10310,6 @@ Reboot or restart networking using \end_layout \begin_layout Code - # service network restart \end_layout @@ -10916,12 +10318,10 @@ Now IPv6 module should be loaded \end_layout \begin_layout Code - # modprobe -c | grep ipv6 \end_layout \begin_layout Code - alias net-pf-10 ipv6 \end_layout @@ -10981,7 +10381,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IP6ADDR="/" \end_layout @@ -11007,7 +10406,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IPADDR="/" \end_layout @@ -11048,54 +10446,44 @@ Configure your interface. \end_layout \begin_layout Code - iface eth0 inet6 static \end_layout \begin_layout Code - pre-up modprobe ipv6 \end_layout \begin_layout Code - address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code - # To suppress completely autoconfiguration: \end_layout \begin_layout Code - # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code - netmask 64 \end_layout \begin_layout Code - # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code - # It is magically \end_layout \begin_layout Code - # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code - #gateway 2001:0db8:1234:5::1 \end_layout @@ -11104,7 +10492,6 @@ And you reboot or you just \end_layout \begin_layout Code - # ifup --force eth0 \end_layout @@ -11175,22 +10562,18 @@ Example: \end_layout \begin_layout Code - # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code - inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code - valid_lft forever preferred_lft forever \end_layout @@ -11701,7 +11084,6 @@ Change to source directory: \end_layout \begin_layout Code - # cd /path/to/src \end_layout @@ -11710,12 +11092,10 @@ Unpack and rename kernel sources \end_layout \begin_layout Code - # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code - # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -11724,7 +11104,6 @@ Unpack iptables sources \end_layout \begin_layout Code - # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -11737,7 +11116,6 @@ Change to iptables directory \end_layout \begin_layout Code - # cd iptables-version \end_layout @@ -11746,7 +11124,6 @@ Apply pending patches \end_layout \begin_layout Code - # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11757,7 +11134,6 @@ Apply additional IPv6 related patches (still not in the vanilla kernel included) \end_layout \begin_layout Code - # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11796,12 +11172,10 @@ Check IPv6 extensions \end_layout \begin_layout Code - # make print-extensions \end_layout \begin_layout Code - Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -11814,7 +11188,6 @@ Change to kernel sources \end_layout \begin_layout Code - # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -11823,12 +11196,10 @@ Edit Makefile \end_layout \begin_layout Code - - EXTRAVERSION = \end_layout \begin_layout Code - + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -11837,99 +11208,80 @@ Run configure, enable IPv6 related \end_layout \begin_layout Code - Code maturity level options \end_layout \begin_layout Code - Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code - Networking options \end_layout \begin_layout Code - Network packet filtering: yes \end_layout \begin_layout Code - The IPv6 protocol: module \end_layout \begin_layout Code - IPv6: Netfilter Configuration \end_layout \begin_layout Code - IP6 tables support: module \end_layout \begin_layout Code - All new options like following: \end_layout \begin_layout Code - limit match support: module \end_layout \begin_layout Code - MAC address match support: module \end_layout \begin_layout Code - Multiple port match support: module \end_layout \begin_layout Code - Owner match support: module \end_layout \begin_layout Code - netfilter MARK match support: module \end_layout \begin_layout Code - Aggregated address check: module \end_layout \begin_layout Code - Packet filtering: module \end_layout \begin_layout Code - REJECT target support: module \end_layout \begin_layout Code - LOG target support: module \end_layout \begin_layout Code - Packet mangling: module \end_layout \begin_layout Code - MARK target support: module \end_layout @@ -11956,7 +11308,6 @@ Rename older directory \end_layout \begin_layout Code - # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -11965,7 +11316,6 @@ Create a new softlink \end_layout \begin_layout Code - # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -11974,7 +11324,6 @@ Rebuild SRPMS \end_layout \begin_layout Code - # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -11988,7 +11337,6 @@ On RH 7.1 systems, normally, already an older version is installed, therefore \end_layout \begin_layout Code - # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11997,7 +11345,6 @@ If not already installed, use "install" \end_layout \begin_layout Code - # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -12008,7 +11355,6 @@ ts don't fit. \end_layout \begin_layout Code - # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -12018,7 +11364,6 @@ Perhaps it's necessary to create a softlink for iptables libraries where \end_layout \begin_layout Code - # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -12035,7 +11380,6 @@ Load module, if so compiled \end_layout \begin_layout Code - # modprobe ip6_tables \end_layout @@ -12044,12 +11388,10 @@ Check for capability \end_layout \begin_layout Code - # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code - ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -12066,7 +11408,6 @@ Short \end_layout \begin_layout Code - # ip6tables -L \end_layout @@ -12075,7 +11416,6 @@ Extended \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L \end_layout @@ -12084,7 +11424,6 @@ List specified filter \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -12093,12 +11432,10 @@ Insert a log rule at the input filter with options \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code - ¬ --log-level 7 \end_layout @@ -12107,7 +11444,6 @@ Insert a drop rule at the input filter \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -12116,7 +11452,6 @@ Delete a rule by number \end_layout \begin_layout Code - # ip6tables --table filter --delete INPUT 1 \end_layout @@ -12130,7 +11465,6 @@ Since kernel version 2.6.20 IPv6 connection tracking is well supported and \end_layout \begin_layout Code - # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -12148,7 +11482,6 @@ Accept incoming ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -12157,7 +11490,6 @@ Allow outgoing ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -12166,7 +11498,6 @@ Newer kernels allow specifying of ICMPv6 types: \end_layout \begin_layout Code - # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -12184,12 +11515,10 @@ Because it can happen (author already saw it to times) that an ICMPv6 storm \end_layout \begin_layout Code - # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code - ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -12207,12 +11536,10 @@ Allow incoming SSH from 2001:0db8:100::1/128 \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code - ¬ --dport 22 -j ACCEPT \end_layout @@ -12225,12 +11552,10 @@ no longer needed if connection tracking is used! \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code - ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -12252,7 +11577,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -12261,7 +11585,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -12275,7 +11598,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 from tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -12284,7 +11606,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 to tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -12307,7 +11628,6 @@ Block incoming TCP connection requests to this host \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -12316,7 +11636,6 @@ Block incoming TCP connection requests to hosts behind this router \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -12349,7 +11668,6 @@ Block incoming UDP packets which cannot be responses of outgoing requests \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -12359,7 +11677,6 @@ Block incoming UDP packets which cannot be responses of forwarded requests \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -12387,7 +11704,6 @@ tracking \end_layout \begin_layout Code - File: /etc/sysconfig/ip6tables \end_layout @@ -12396,87 +11712,70 @@ File: /etc/sysconfig/ip6tables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -12485,7 +11784,6 @@ For completeness also the IPv4 configuration is shown here: \end_layout \begin_layout Code - File: /etc/sysconfig/iptables \end_layout @@ -12494,88 +11792,71 @@ File: /etc/sysconfig/iptables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -12592,12 +11873,10 @@ Activate IPv4 & IPv6 firewalling \end_layout \begin_layout Code - # service iptables start \end_layout \begin_layout Code - # service ip6tables start \end_layout @@ -12606,12 +11885,10 @@ Enable automatic start after reboot \end_layout \begin_layout Code - # chkconfig iptables on \end_layout \begin_layout Code - # chkconfig ip6tables on \end_layout @@ -12630,578 +11907,472 @@ but still stateless filter \end_layout \begin_layout Code - # ip6tables -n -v -L \end_layout \begin_layout Code - Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain ext2int (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain int2ext (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -13231,7 +12402,6 @@ Like in IPv4 clients behind a router can be hided by using IPv6 masquerading \end_layout \begin_layout Code - # ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE \end_layout @@ -13245,7 +12415,6 @@ A dedicated public IPv6 address can be forwarded to an internal IPv6 address, \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout @@ -13259,7 +12428,6 @@ A dedicated specified port can be forwarded to an internal system, e.g. \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti nation [fec0::1234]:80 \end_layout @@ -13304,12 +12472,10 @@ Take care if rules are contained in more than one table, because the tables \end_layout \begin_layout Code - IPv4-Packet --> table "ip" --> table "inet" --> further checks \end_layout \begin_layout Code - IPv6-Packet --> table "ip6" --> table "inet" --> further checks \end_layout @@ -13352,22 +12518,18 @@ Load kernel modules: \end_layout \begin_layout Code - # modprobe nf_tables \end_layout \begin_layout Code - # modprobe nf_tables_ipv4 \end_layout \begin_layout Code - # modprobe nf_tables_ipv6 \end_layout \begin_layout Code - # modprobe nf_tables_inet \end_layout @@ -13376,12 +12538,10 @@ Flush iptables and ip6tables to avoid interferences: \end_layout \begin_layout Code - # iptables -F \end_layout \begin_layout Code - # ip6tables -F \end_layout @@ -13390,7 +12550,6 @@ Create filter table: \end_layout \begin_layout Code - # nft add table inet filter \end_layout @@ -13399,7 +12558,6 @@ Create input chain: \end_layout \begin_layout Code - # nft add chain inet filter input { type filter hook input priority 0 \backslash ; } @@ -13426,7 +12584,6 @@ Allow packets which are related to existing connection tracking entries \end_layout \begin_layout Code - # nft add rule inet filter input ct state established,related counter accept \end_layout @@ -13435,13 +12592,11 @@ Allow IPv4 and IPv6 ICMP echo-request (aka ping) \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv4 icmp type { echo-request } counter accept \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv6 icmpv6 type echo-request counter accept \end_layout @@ -13452,23 +12607,19 @@ Allow some important IPv6 ICMP traffic, without counter, but checking hop-limit \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code - ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 1 accept \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code - ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 255 counter accept \end_layout @@ -13478,7 +12629,6 @@ Allow incoming SSH for IPv4 and IPv6 \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -13495,17 +12645,14 @@ Reject/drop others \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 0-65535 reject \end_layout \begin_layout Code - # nft add rule inet filter input udp dport 0-65535 counter drop \end_layout \begin_layout Code - # nft add rule inet filter input counter drop \end_layout @@ -13518,77 +12665,63 @@ Table for IP version aware filter \end_layout \begin_layout Code - table inet filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip protocol icmp icmp type { echo-request} counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip6 nexthdr ipv6-icmp icmpv6 type echo-request counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip6 nexthdr ipv6-icmp ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - ip6 nexthdr ipv6-icmp ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - tcp dport ssh ct state new tcp flags & (syn | ack) == syn counter packets 0 bytes 0 accept \end_layout \begin_layout Code - tcp dport >= 0 tcp dport <= 65535 counter packets 0 bytes 0 reject \end_layout \begin_layout Code - udp dport >= 0 udp dport <= 65535 counter packets 0 bytes 0 drop \end_layout \begin_layout Code - log prefix counter packets 0 bytes 0 drop \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13601,7 +12734,6 @@ To enable logging, an additonal kernel module must be loaded \end_layout \begin_layout Code - # modprobe xt_LOG \end_layout @@ -13626,7 +12758,6 @@ Fir initial test with logging it can be useful to disable kernel console \end_layout \begin_layout Code - #*.emerg :omusrmsg:* \end_layout @@ -13635,7 +12766,6 @@ Rule from above accepting SSH on port 22, but now with logging: \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -13703,141 +12833,114 @@ mark xxxx \end_layout \begin_layout Code - # for table in ip ip6 inet; do nft list table $table filter; done \end_layout \begin_layout Code - table ip filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 241 bytes 25193 accept \end_layout \begin_layout Code - counter packets 2 bytes 120 mark 0x00000100 accept \end_layout \begin_layout Code - icmp type { echo-request} counter packets 0 bytes 0 meta mark set 0x00000100 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout \begin_layout Code - table ip6 filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 14 bytes 4077 accept \end_layout \begin_layout Code - counter packets 4 bytes 408 mark 0x00000100 accept \end_layout \begin_layout Code - icmpv6 type echo-request counter packets 1 bytes 104 meta mark set 0x00000100 \end_layout \begin_layout Code - icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} counter packets 2 bytes 224 meta mark set 0x00000100 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout \begin_layout Code - table inet filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 307 bytes 31974 accept \end_layout \begin_layout Code - counter packets 6 bytes 528 mark 0x00000100 accept \end_layout \begin_layout Code - tcp dport ssh ct state new tcp flags & (syn | ack) == syn log prefix "inet/input/accept: " meta mark set 0x00000100 counter packets 3 bytes 200 accept \end_layout \begin_layout Code - log prefix "inet/input/reject: " counter packets 0 bytes 0 reject \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13945,12 +13048,10 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # nc6 ::1 daytime \end_layout \begin_layout Code - 13 JUL 2002 11:22:22 CEST \end_layout @@ -13972,53 +13073,43 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code - # nmap -6 -sT ::1 \end_layout \begin_layout Code - Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code - Interesting ports on localhost6 (::1): \end_layout \begin_layout Code - (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code - Port State Service \end_layout \begin_layout Code - 22/tcp open ssh \end_layout \begin_layout Code - 53/tcp open domain \end_layout \begin_layout Code - 515/tcp open printer \end_layout \begin_layout Code - 2401/tcp open cvspserver \end_layout \begin_layout Code - Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -14041,32 +13132,26 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code - ::1 2401 unassigned unknown \end_layout \begin_layout Code - ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code - ::1 515 printer spooler (lpd) \end_layout \begin_layout Code - ::1 6010 unassigned unknown \end_layout \begin_layout Code - ::1 53 domain Domain Name Server \end_layout @@ -14361,27 +13446,22 @@ Example for an end-to-end encrypted connection in transport mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -14394,37 +13474,30 @@ Example for a end-to-end encrypted connection in tunnel mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -14486,22 +13559,18 @@ File: /etc/racoon/racoon.conf \end_layout \begin_layout Code - # Racoon IKE daemon configuration file. \end_layout \begin_layout Code - # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code - path include "/etc/racoon"; \end_layout \begin_layout Code - path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -14510,22 +13579,18 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code - listen \end_layout \begin_layout Code - { \end_layout \begin_layout Code - isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code - } \end_layout @@ -14534,62 +13599,50 @@ listen \end_layout \begin_layout Code - remote 2001:db8:2:2::2 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exchange_mode main; \end_layout \begin_layout Code - lifetime time 24 hour; \end_layout \begin_layout Code - proposal \end_layout \begin_layout Code - { \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - hash_algorithm md5; \end_layout \begin_layout Code - authentication_method pre_shared_key; \end_layout \begin_layout Code - dh_group 2; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -14598,42 +13651,34 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code - # gateway-to-gateway \end_layout \begin_layout Code - sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -14642,37 +13687,30 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -14685,12 +13723,10 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code - # format is: 'identifier' 'key' \end_layout @@ -14699,7 +13735,6 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - 2001:db8:2:2::2 verysecret \end_layout @@ -14723,104 +13758,84 @@ At least the daemon needs to be started. \end_layout \begin_layout Code - # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code - Foreground mode. \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 \end_layout \begin_layout Code - ¬ (http://ipsec-tools.sourceforge.net) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code - ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code - ¬ queued due to no phase1 found. \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code - ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -14838,12 +13853,10 @@ tcpdump \end_layout \begin_layout Code - 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code - 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -14864,117 +13877,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code - A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code - A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -15067,22 +14057,18 @@ File: /etc/ipsec.conf \end_layout \begin_layout Code - # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code - # \end_layout \begin_layout Code - # Manual: ipsec.conf.5 \end_layout \begin_layout Code - version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -15091,27 +14077,22 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code - # basic configuration \end_layout \begin_layout Code - config setup \end_layout \begin_layout Code - # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code - # klipsdebug=none \end_layout \begin_layout Code - # plutodebug="control parsing" \end_layout @@ -15120,12 +14101,10 @@ config setup \end_layout \begin_layout Code - #Disable Opportunistic Encryption \end_layout \begin_layout Code - include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -15134,68 +14113,55 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code - conn ipv6-p1-p2 \end_layout \begin_layout Code - connaddrfamily=ipv6 # Important for IPv6, but no longer needed since StrongSwan 4 \end_layout \begin_layout Code - left=2001:db8:1:1::1 \end_layout \begin_layout Code - right=2001:db8:2:2::2 \end_layout \begin_layout Code - authby=secret \end_layout \begin_layout Code - esp=aes128-sha1 \end_layout \begin_layout Code - ike=aes128-sha-modp1024 \end_layout \begin_layout Code - type=transport \end_layout \begin_layout Code - #type=tunnel \end_layout \begin_layout Code - compress=no \end_layout \begin_layout Code - #compress=yes \end_layout \begin_layout Code - auto=add \end_layout \begin_layout Code - #auto=up \end_layout @@ -15212,7 +14178,6 @@ File: /etc/ipsec.secrets \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -15234,7 +14199,6 @@ If installation of Openswan was successfully, an initscript should exist \end_layout \begin_layout Code - # /etc/rc.d/init.d/ipsec start \end_layout @@ -15252,42 +14216,34 @@ IPsec SA established \end_layout \begin_layout Code - # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code - 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code - 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code - 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code - 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code - ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -15305,117 +14261,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code - A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code - A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -15437,12 +14370,10 @@ ip \end_layout \begin_layout Code - # ip xfrm policy \end_layout \begin_layout Code - ... \end_layout @@ -15451,12 +14382,10 @@ ip \end_layout \begin_layout Code - # ip xfrm state \end_layout \begin_layout Code - ... \end_layout @@ -15503,39 +14432,32 @@ Proper working QoS is only possible on the outgoing interface of a router \end_layout \begin_layout Code - -------------->------- \end_layout \begin_layout Code - Queue 1 \backslash \end_layout \begin_layout Code - --->--- ---->--------->--------->--------------- \end_layout \begin_layout Code - Big pipe Queue 2 Queue 1 / Queue 2 / Queue 3 Thin Pipe \end_layout \begin_layout Code - --->---- ---->--------->--------->--------------- \end_layout \begin_layout Code - Queue 3 / \end_layout \begin_layout Code - -------------->------- \end_layout @@ -15604,7 +14526,6 @@ Define root qdisc with a bandwidth of 1000 MBit/s on eth1 \end_layout \begin_layout Code - # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -15617,7 +14538,6 @@ Define a class 1:1 with 1 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -15627,7 +14547,6 @@ Define a class 1:2 with 50 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -15637,7 +14556,6 @@ Define a class 1:3 with 10 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -15647,7 +14565,6 @@ Define a class 1:4 with 200 kBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -15673,7 +14590,6 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -15691,7 +14607,6 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -15705,7 +14620,6 @@ match ip6 flowlabel 12345 0x3ffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -15719,7 +14633,6 @@ handle 32 fw \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -15729,7 +14642,6 @@ The last filter definition requires an entry in the ip6tables to mark a \end_layout \begin_layout Code - # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -15743,17 +14655,14 @@ Start on server side each one one separate console: \end_layout \begin_layout Code - # iperf -V -s -p 5001 \end_layout \begin_layout Code - # iperf -V -s -p 5002 \end_layout \begin_layout Code - # iperf -V -s -p 5003 \end_layout @@ -15762,35 +14671,29 @@ Start on client side and compare results: \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5001 (expected: 1 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5001 (expected: 50 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5003 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5003 (expected: 200 kBit/s) \end_layout @@ -15866,22 +14769,18 @@ To enable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { any; }; \end_layout \begin_layout Code - }; \end_layout @@ -15890,59 +14789,48 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code - ¬ # incoming TCP requests \end_layout \begin_layout Code - udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code - udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP request to any IPv6 \end_layout @@ -15951,7 +14839,6 @@ And a simple test looks like \end_layout \begin_layout Code - # dig localhost @::1 \end_layout @@ -15968,22 +14855,18 @@ To disable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - }; \end_layout @@ -15997,67 +14880,54 @@ IPv6 enabled ACLs are possible and should be used whenever it's possible. \end_layout \begin_layout Code - acl internal-net { \end_layout \begin_layout Code - 127.0.0.1; \end_layout \begin_layout Code - 1.2.3.0/24; \end_layout \begin_layout Code - 2001:0db8:100::/56; \end_layout \begin_layout Code - ::1/128; \end_layout \begin_layout Code - ::ffff:1.2.3.4/128; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - acl ns-internal-net { \end_layout \begin_layout Code - 1.2.3.4; \end_layout \begin_layout Code - 1.2.3.5; \end_layout \begin_layout Code - 2001:0db8:100::4/128; \end_layout \begin_layout Code - 2001:0db8:100::5/128; \end_layout \begin_layout Code - }; \end_layout @@ -16069,32 +14939,26 @@ This ACLs can be used e.g. \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - allow-query { internal-net; }; \end_layout \begin_layout Code - allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code - }; \end_layout @@ -16119,7 +14983,6 @@ This option is not required, but perhaps needed: \end_layout \begin_layout Code - query-source-v6 address port ; \end_layout @@ -16140,7 +15003,6 @@ Transfer source address is used for outgoing zone transfers: \end_layout \begin_layout Code - transfer-source-v6 [port port]; \end_layout @@ -16153,7 +15015,6 @@ Notify source address is used for outgoing notify messages: \end_layout \begin_layout Code - notify-source-v6 [port port]; \end_layout @@ -16306,27 +15167,22 @@ Specifying a dedicated server for the query, an IPv6 connect can be forced: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -16335,7 +15191,6 @@ Aliases: \end_layout \begin_layout Code - Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -16345,17 +15200,14 @@ Related log entry looks like following: \end_layout \begin_layout Code - Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code - ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code - query denied \end_layout @@ -16373,27 +15225,22 @@ A successful IPv6 connect looks like following: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -16402,14 +15249,12 @@ Aliases: \end_layout \begin_layout Code - www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code - 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -16453,52 +15298,42 @@ If you enable a built-in service like e.g. \end_layout \begin_layout Code - # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code - --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code - +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code - @@ -10,5 +10,5 @@ \end_layout \begin_layout Code - protocol = tcp \end_layout \begin_layout Code - user = root \end_layout \begin_layout Code - wait = no \end_layout \begin_layout Code - - disable = yes \end_layout \begin_layout Code - + disable = no \end_layout \begin_layout Code - } \end_layout @@ -16507,27 +15342,22 @@ After restarting the xinetd you should get a positive result like: \end_layout \begin_layout Code - # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code - ¬ daytime/tcp \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -16582,27 +15412,22 @@ Virtual host listen on an IPv6 address only \end_layout \begin_layout Code - Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -16611,32 +15436,26 @@ Virtual host listen on an IPv6 and on an IPv4 address \end_layout \begin_layout Code - Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code - Listen 1.2.3.4:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -16645,24 +15464,20 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -16762,52 +15577,42 @@ Radvd's config file is normally /etc/radvd.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code - AdvOnLink on; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16816,28 +15621,23 @@ This results on client side in \end_layout \begin_layout Code - # ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -16860,67 +15660,54 @@ Version since 0.6.2pl3 support the automatic (re)-generation of the prefix \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code - AdvOnLink off; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - Base6to4Interface ppp0; \end_layout \begin_layout Code - AdvPreferredLifetime 20; \end_layout \begin_layout Code - AdvValidLifetime 30; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16930,28 +15717,23 @@ This results on client side in (assuming, ppp0 has currently 1.2.3.4 as local \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -16968,7 +15750,6 @@ Additional note: if you do not used special 6to4 support in initscripts, \end_layout \begin_layout Code - # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -16995,107 +15776,86 @@ radvdump \end_layout \begin_layout Code - # radvdump \end_layout \begin_layout Code - Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code - AdvCurHopLimit: 64 \end_layout \begin_layout Code - AdvManagedFlag: off \end_layout \begin_layout Code - AdvOtherConfigFlag: off \end_layout \begin_layout Code - AdvHomeAgentFlag: off \end_layout \begin_layout Code - AdvReachableTime: 0 \end_layout \begin_layout Code - AdvRetransTimer: 0 \end_layout \begin_layout Code - Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 30 \end_layout \begin_layout Code - AdvPreferredLifetime: 20 \end_layout \begin_layout Code - AdvOnLink: off \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 2592000 \end_layout \begin_layout Code - AdvPreferredLifetime: 604800 \end_layout \begin_layout Code - AdvOnLink: on \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -17147,67 +15907,54 @@ dhcp6s's config file is normally /etc/dhcp6s.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - server-preference 255; \end_layout \begin_layout Code - renew-time 60; \end_layout \begin_layout Code - rebind-time 90; \end_layout \begin_layout Code - prefer-life-time 130; \end_layout \begin_layout Code - valid-life-time 200; \end_layout \begin_layout Code - allow rapid-commit; \end_layout \begin_layout Code - option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code - link AAA { \end_layout \begin_layout Code - range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code - prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -17225,22 +15972,18 @@ dhcp6c's config file is normally /etc/dhcp6c.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - send rapid-commit; \end_layout \begin_layout Code - request domain-name-servers; \end_layout \begin_layout Code - }; \end_layout @@ -17257,7 +16000,6 @@ Start server, e.g. \end_layout \begin_layout Code - # service dhcp6s start \end_layout @@ -17270,7 +16012,6 @@ Start client in foreground, e.g. \end_layout \begin_layout Code - # dhcp6c -f eth0 \end_layout @@ -17288,7 +16029,6 @@ The server has one foreground and two debug toggles (both should be used \end_layout \begin_layout Code - # dhcp6s -d -D -f eth0 \end_layout @@ -17302,7 +16042,6 @@ As general debugging for test whether the IPv6 DHCP server is reable on \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1:2 \end_layout @@ -17311,63 +16050,51 @@ The client has one foreground and two debug toggles, here is an example: \end_layout \begin_layout Code - # dhcp6c -d -f eth0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not \end_layout \begin_layout Code - ¬ in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code - Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -17418,32 +16145,26 @@ Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 \end_layout \begin_layout Code - default-lease-time 600; \end_layout \begin_layout Code - max-lease-time 7200; \end_layout \begin_layout Code - log-facility local7; \end_layout \begin_layout Code - subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients \end_layout \begin_layout Code - range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout @@ -17452,12 +16173,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients requesting a temporary address \end_layout \begin_layout Code - range6 2001:db8:0:1::/64 temporary; \end_layout @@ -17466,17 +16185,14 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Additional options \end_layout \begin_layout Code - option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code - option dhcp6.domain-search "domain.example"; \end_layout @@ -17485,12 +16201,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Prefix range for delegation to sub-routers \end_layout \begin_layout Code - prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout @@ -17499,33 +16213,27 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Example for a fixed host address \end_layout \begin_layout Code - host specialclient { \end_layout \begin_layout Code - host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code - fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -17561,7 +16269,6 @@ dhcp6c \end_layout \begin_layout Code - # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -17581,56 +16288,46 @@ Start server in foreground: \end_layout \begin_layout Code - # /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth1 \end_layout \begin_layout Code - Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code - Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code - All rights reserved. \end_layout \begin_layout Code - For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code - Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code - Wrote 0 leases to leases file. \end_layout \begin_layout Code - Bound to *:547 \end_layout \begin_layout Code - Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code - Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -17663,68 +16360,55 @@ Create a dedicated configuration file /etc/dibbler/server.conf . \end_layout \begin_layout Code - log-level 8 \end_layout \begin_layout Code - log-mode short \end_layout \begin_layout Code - preference 0 \end_layout \begin_layout Code - iface "eth1" { \end_layout \begin_layout Code - // also ranges can be defines, instead of exact values t1 1800-2000 t2 2700-3000 \end_layout \begin_layout Code - prefered-lifetime 3600 \end_layout \begin_layout Code - valid-lifetime 7200 \end_layout \begin_layout Code - class { \end_layout \begin_layout Code - pool 2001:6f8:12d8:1::/64 \end_layout \begin_layout Code - } \end_layout \begin_layout Code - option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code - option domain domain.example \end_layout \begin_layout Code - } \end_layout @@ -17741,148 +16425,124 @@ Start server in foreground: \end_layout \begin_layout Code - # dibbler-server run \end_layout \begin_layout Code - | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code - | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code - | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code - | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code - 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code - 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code - 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code - 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code - 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code - 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code - 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code - 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code - 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code - 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code - 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code - 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -17944,7 +16604,6 @@ tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny \end_layout \begin_layout Code - $ man hosts.allow \end_layout @@ -17958,13 +16617,11 @@ In this file, each service which should be positive filtered (means connects \end_layout \begin_layout Code - sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code - daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -17985,7 +16642,6 @@ This file contains all negative filter entries and should normally deny \end_layout \begin_layout Code - ALL: ALL \end_layout @@ -17997,12 +16653,10 @@ If this node is a more sensible one you can replace the standard line above \end_layout \begin_layout Code - ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code - | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -18025,22 +16679,18 @@ A refused connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -18050,27 +16700,22 @@ A refused connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code - Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code - ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -18084,22 +16729,18 @@ A permitted connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -18109,22 +16750,18 @@ A permitted connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ port 33381 ssh2 \end_layout \begin_layout Code - Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -18148,7 +16785,6 @@ Edit the configuration file, ususally /etc/vsftpd/vsftpd.conf, and adjust \end_layout \begin_layout Code - listen_ipv6=yes \end_layout @@ -18176,27 +16812,22 @@ Edit the configuration file, ususally /etc/proftpd.conf, but take care, not \end_layout \begin_layout Code - \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Bind 2001:0DB8::1 \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - \end_layout @@ -18396,37 +17027,30 @@ struct sockaddr_in \end_layout \begin_layout Code - struct sockaddr_in \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin_family; \end_layout \begin_layout Code - in_port_t sin_port; \end_layout \begin_layout Code - struct in_addr sin_addr; \end_layout \begin_layout Code - /* Plus some padding for alignment */ \end_layout \begin_layout Code - }; \end_layout @@ -18478,42 +17102,34 @@ struct sockaddr_in6 \end_layout \begin_layout Code - struct sockaddr_in6 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin6_family; \end_layout \begin_layout Code - in_port_t sin6_port; \end_layout \begin_layout Code - uint32_t sin6_flowinfo; \end_layout \begin_layout Code - struct in6_addr sin6_addr; \end_layout \begin_layout Code - uint32_t sin6_scope_id; \end_layout \begin_layout Code - }; \end_layout @@ -18627,7 +17243,6 @@ fe80::1%eth1 \end_layout \begin_layout Code - Host A (fe80::1) ---- eth0 ---- Host B ---- eth1 ---- Host C (fe80::1) \end_layout @@ -18736,32 +17351,26 @@ recvfrom(2) \end_layout \begin_layout Code - ssize_t recvfrom( int s, \end_layout \begin_layout Code - void *buf, \end_layout \begin_layout Code - size_t len, \end_layout \begin_layout Code - int flags, \end_layout \begin_layout Code - struct sockaddr *from, \end_layout \begin_layout Code - socklen_t *fromlen ); \end_layout @@ -18787,104 +17396,84 @@ struct sockaddr_storage \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read a message from a remote peer, and return a buffer pointer to \end_layout \begin_layout Code - ** the caller. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** 's' is the file descriptor for the socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char *rcvMsg( int s ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - static char bfr[ 1025 ]; /* Where the msg is stored. */ \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct sockaddr_storage ss; /* Where the peer adr goes. */ \end_layout \begin_layout Code - socklen_t sslen; \end_layout \begin_layout Code - sslen = sizeof( ss ); \end_layout \begin_layout Code - count = recvfrom( s, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ) - 1, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - (struct sockaddr*) &ss, \end_layout \begin_layout Code - &sslen ); \end_layout \begin_layout Code - bfr[ count ] = ' \backslash 0'; /* Null-terminates the message. @@ -18892,12 +17481,10 @@ char *rcvMsg( int s ) \end_layout \begin_layout Code - return bfr; \end_layout \begin_layout Code - } /* End rcvMsg() */ \end_layout @@ -18964,22 +17551,18 @@ getaddrinfo(3) \end_layout \begin_layout Code - int getaddrinfo( const char *node, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - const struct addrinfo *hints, \end_layout \begin_layout Code - struct addrinfo **res ); \end_layout @@ -19038,57 +17621,46 @@ struct addrinfo \end_layout \begin_layout Code - struct addrinfo \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int ai_flags; \end_layout \begin_layout Code - int ai_family; \end_layout \begin_layout Code - int ai_socktype; \end_layout \begin_layout Code - int ai_protocol; \end_layout \begin_layout Code - socklen_t ai_addrlen; \end_layout \begin_layout Code - struct sockaddr *ai_addr; \end_layout \begin_layout Code - char *ai_canonname; \end_layout \begin_layout Code - struct addrinfo *ai_next; \end_layout \begin_layout Code - }; \end_layout @@ -19497,37 +18069,30 @@ struct sockaddr \end_layout \begin_layout Code - int getnameinfo( const struct sockaddr *sa, \end_layout \begin_layout Code - socklen_t salen, \end_layout \begin_layout Code - char *host, \end_layout \begin_layout Code - size_t hostlen, \end_layout \begin_layout Code - char *serv, \end_layout \begin_layout Code - size_t servlen, \end_layout \begin_layout Code - int flags ); \end_layout @@ -19626,7 +18191,6 @@ For security reasons that this author won't pretend to understand, "IPv4 \end_layout \begin_layout Code - ::ffff:192.0.2.1 \end_layout @@ -19697,22 +18261,18 @@ It is possible to assign a hostname to an IPv6 network address in \end_layout \begin_layout Code - ::1 localhost \end_layout \begin_layout Code - 127.0.0.1 localhost \end_layout \begin_layout Code - fe80::2c0:8cff:fe01:2345 pt141 \end_layout \begin_layout Code - 192.0.2.1 pt141 \end_layout @@ -19817,7 +18377,6 @@ The server code is found in file tod6d.c (time-of-day IPv6 daemon). \end_layout \begin_layout Code - tod6d [-v] [service] \end_layout @@ -19844,314 +18403,257 @@ The server handles both TCP and UDP requests on the network. \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6d.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' server. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer, \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration & error codes. */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) et al. */ \end_layout \begin_layout Code - #include /* sockaddr_in & sockaddr_in6 definition. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation & memory functions. */ \end_layout \begin_layout Code - #include /* poll(2) and related definitions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), bind(2), etc). */ \end_layout \begin_layout Code - #include /* time(2) & ctime(3). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file descriptor. */ \end_layout \begin_layout Code - #define MAXCONNQLEN 3 /* Max nbr of connection requests to queue. */ \end_layout \begin_layout Code - #define MAXTCPSCKTS 2 /* One TCP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define MAXUDPSCKTS 2 /* One UDP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define VALIDOPTS "v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Simple boolean type definition. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ); \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static char hostBfr[ NI_MAXHOST ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name w/o dir prefix. */ \end_layout \begin_layout Code - static char servBfr[ NI_MAXSERV ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode indication. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro for command syntax violations. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "Usage: %s [-v] [service] \backslash n", @@ -20160,44 +18662,37 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash \end_layout \begin_layout Code - exit( 127 ); \backslash \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Macro to terminate the program if a system call error occurs. The system \end_layout \begin_layout Code - ** call must be one of the usual type that returns -1 on error. This macro is \end_layout \begin_layout Code - ** a modified version of a macro authored by Dr. V. Vinge, SDSU Dept. @@ -20205,66 +18700,56 @@ n", \end_layout \begin_layout Code - ** Computer Science (retired)... best professor I ever had. I hear he writes \end_layout \begin_layout Code - ** great science fiction in addition to robust code, too. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define CHK(expr) \backslash \end_layout \begin_layout Code - do \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - if ( (expr) == -1 ) \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "%s (line %d): System call ERROR - %s. \backslash n", @@ -20273,35 +18758,30 @@ n", \end_layout \begin_layout Code - pgmName, \backslash \end_layout \begin_layout Code - __LINE__, \backslash \end_layout \begin_layout Code - strerror( errno ) ); \backslash \end_layout \begin_layout Code - exit( 1 ); \backslash \end_layout \begin_layout Code - } /* End IF system call failed. */ \backslash @@ -20309,436 +18789,352 @@ n", \end_layout \begin_layout Code - } while ( false ) \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Set up a time-of-day server and handle network requests. This server \end_layout \begin_layout Code - * handles both TCP and UDP requests. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc and argv parameters to a main() function. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This is a daemon program and never returns. However, in the degenerate \end_layout \begin_layout Code - * case where no sockets are created, the function returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - int tSckt[ MAXTCPSCKTS ]; /* Array of TCP socket descriptors. */ \end_layout \begin_layout Code - size_t tScktSize = MAXTCPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - int uSckt[ MAXUDPSCKTS ]; /* Array of UDP socket descriptors. */ \end_layout \begin_layout Code - size_t uScktSize = MAXUDPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName + 1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) >= 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line arguments. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: break; \end_layout \begin_layout Code - case 1: service = argv[ optind ]; break; \end_layout \begin_layout Code - default: USAGE; \end_layout \begin_layout Code - } /* End SWITCH on number of command line arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open both a TCP and UDP socket, for both IPv4 & IPv6, on which to receive \end_layout \begin_layout Code - ** service requests. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( openSckt( service, "tcp", tSckt, &tScktSize ) < 0 ) || \end_layout \begin_layout Code - ( openSckt( service, "udp", uSckt, &uScktSize ) < 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Run the time-of-day server. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( tScktSize > 0 ) || ( uScktSize > 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - tod( tSckt, /* tod() never returns. */ \end_layout \begin_layout Code - tScktSize, \end_layout \begin_layout Code - uSckt, \end_layout \begin_layout Code - uScktSize ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Since tod() never returns, execution only gets here if no sockets were \end_layout \begin_layout Code - ** created. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: No sockets opened... terminating. \backslash @@ -20746,354 +19142,286 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Open passive (server) sockets for the indicated inet service & protocol. \end_layout \begin_layout Code - * Notice in the last sentence that "sockets" is plural. During the interim \end_layout \begin_layout Code - * transition period while everyone is switching over to IPv6, the server \end_layout \begin_layout Code - * application has to open two sockets on which to listen for connections... \end_layout \begin_layout Code - * one for IPv4 traffic and one for IPv6 traffic. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * service - Pointer to a character string representing the well-known port \end_layout \begin_layout Code - * on which to listen (can be a service name or a decimal number). \end_layout \begin_layout Code - * protocol - Pointer to a character string representing the transport layer \end_layout \begin_layout Code - * protocol (only "tcp" or "udp" are valid). \end_layout \begin_layout Code - * desc - Pointer to an array into which the socket descriptors are \end_layout \begin_layout Code - * placed when opened. \end_layout \begin_layout Code - * descSize - This is a value-result parameter. On input, it contains the \end_layout \begin_layout Code - * max number of descriptors that can be put into 'desc' (i.e. the \end_layout \begin_layout Code - * number of elements in the array). Upon return, it will contain \end_layout \begin_layout Code - * the number of descriptors actually opened. Any unused slots in \end_layout \begin_layout Code - * 'desc' are set to INVALID_DESC. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * 0 on success, -1 on error. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints = { .ai_flags = AI_PASSIVE, /* Server mode. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - .ai_family = PF_UNSPEC }; /* IPv4 or IPv6. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - size_t maxDescs = *descSize; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize output parameters. When the loop completes, *descSize is 0. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( *descSize > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ --( *descSize ) ] = INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Check which protocol is selected (only TCP and UDP are valid). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( strcmp( protocol, "tcp" ) == 0 ) /* TCP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else if ( strcmp( protocol, "udp" ) == 0 ) /* UDP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else /* Invalid protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown transport " \end_layout \begin_layout Code - "layer protocol \backslash "%s @@ -21104,235 +19432,191 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - protocol ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the service's well-known port number. Notice that NULL is being \end_layout \begin_layout Code - ** passed for the 'node' parameter, and that the AI_PASSIVE flag is set in \end_layout \begin_layout Code - ** 'hints'. Thus, the program is requesting passive address information. \end_layout \begin_layout Code - ** The network address is initialized to :: (all zeros) for IPv6 records, or \end_layout \begin_layout Code - ** 0.0.0.0 for IPv4 records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( NULL, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** For each of the address records returned, attempt to set up a passive \end_layout \begin_layout Code - ** socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead; \end_layout \begin_layout Code - ( ai != NULL ) && ( *descSize < maxDescs ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the current address info. Start with the protocol- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Setting up a passive socket based on the " \end_layout \begin_layout Code - "following address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -21340,7 +19624,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -21348,629 +19631,512 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Now display the protocol-specific formatted socket address. Note \end_layout \begin_layout Code - ** that the program is requesting that getnameinfo(3) convert the \end_layout \begin_layout Code - ** host & service into numeric strings. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket using the info in the addrinfo structure. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( desc[ *descSize ] = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Here is the code that prevents "IPv4 mapped addresses", as discussed \end_layout \begin_layout Code - ** in Section 22.1.3.1. If an IPv6 socket was just created, then set the \end_layout \begin_layout Code - ** IPV6_V6ONLY socket option. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - #if defined( IPV6_V6ONLY ) \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Disable IPv4 mapped addresses. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - int v6Only = 1; \end_layout \begin_layout Code - CHK( setsockopt( desc[ *descSize ], \end_layout \begin_layout Code - IPPROTO_IPV6, \end_layout \begin_layout Code - IPV6_V6ONLY, \end_layout \begin_layout Code - &v6Only, \end_layout \begin_layout Code - sizeof( v6Only ) ) ); \end_layout \begin_layout Code - #else \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPV6_V6ONLY is not defined, so the socket option can't be set and \end_layout \begin_layout Code - ** thus IPv4 mapped addresses can't be disabled. Print a warning \end_layout \begin_layout Code - ** message and close the socket. Design note: If the \end_layout \begin_layout Code - ** #if...#else...#endif construct were removed, then this program \end_layout \begin_layout Code - ** would not compile (because IPV6_V6ONLY isn't defined). That's an \end_layout \begin_layout Code - ** acceptable approach; IPv4 mapped addresses are certainly disabled \end_layout \begin_layout Code - ** if the program can't build! However, since this program is also \end_layout \begin_layout Code - ** designed to work for IPv4 sockets as well as IPv6, I decided to \end_layout \begin_layout Code - ** allow the program to compile when IPV6_V6ONLY is not defined, and \end_layout \begin_layout Code - ** turn it into a run-time warning rather than a compile-time error. \end_layout \begin_layout Code - ** IPv4 mapped addresses are still disabled because _all_ IPv6 traffic \end_layout \begin_layout Code - ** is disabled (all IPv6 sockets are closed here), but at least this \end_layout \begin_layout Code - ** way the server can still service IPv4 network traffic. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Cannot set IPV6_V6ONLY socket " \end_layout \begin_layout Code - "option. Closing IPv6 %s socket. \backslash @@ -21978,690 +20144,556 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_protocol == IPPROTO_TCP ? "TCP" : "UDP" ); \end_layout \begin_layout Code - CHK( close( desc[ *descSize ] ) ); \end_layout \begin_layout Code - continue; /* Go to top of FOR loop w/o updating *descSize! */ \end_layout \begin_layout Code - #endif /* IPV6_V6ONLY */ \end_layout \begin_layout Code - } /* End IF this is an IPv6 socket. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Bind the socket. Again, the info from the addrinfo structure is used. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( bind( desc[ *descSize ], \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** If this is a TCP socket, put the socket into passive listening mode \end_layout \begin_layout Code - ** (listen is only valid on connection-oriented sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_socktype == SOCK_STREAM ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - CHK( listen( desc[ *descSize ], \end_layout \begin_layout Code - MAXCONNQLEN ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Socket set up okay. Bump index to next descriptor array element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - *descSize += 1; \end_layout \begin_layout Code - } /* End FOR each address info structure returned. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Dummy check for unused address records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose && ( ai != NULL ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Some address records were " \end_layout \begin_layout Code - "not processed due to insufficient array space. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__ ); \end_layout \begin_layout Code - } /* End IF verbose and some address records remain unprocessed. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Listen on a set of sockets and send the current time-of-day to any \end_layout \begin_layout Code - * clients. This function never returns. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * tSckt - Array of TCP socket descriptors on which to listen. \end_layout \begin_layout Code - * tScktSize - Size of the tSckt array (nbr of elements). \end_layout \begin_layout Code - * uSckt - Array of UDP socket descriptors on which to listen. \end_layout \begin_layout Code - * uScktSize - Size of the uSckt array (nbr of elements). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ 256 ]; \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct pollfd *desc; \end_layout \begin_layout Code - size_t descSize = tScktSize + uScktSize; \end_layout \begin_layout Code - int idx; \end_layout \begin_layout Code - int newSckt; \end_layout \begin_layout Code - struct sockaddr *sadr; \end_layout \begin_layout Code - socklen_t sadrLen; \end_layout \begin_layout Code - struct sockaddr_storage sockStor; \end_layout \begin_layout Code - int status; \end_layout \begin_layout Code - size_t timeLen; \end_layout \begin_layout Code - char *timeStr; \end_layout \begin_layout Code - time_t timeVal; \end_layout \begin_layout Code - ssize_t wBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Allocate memory for the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - desc = malloc( descSize * sizeof( struct pollfd ) ); \end_layout \begin_layout Code - if ( desc == NULL ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - strerror( ENOMEM ) ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ idx ].fd = idx < tScktSize ? tSckt[ idx ] \end_layout \begin_layout Code - : uSckt[ idx - tScktSize ]; \end_layout \begin_layout Code - desc[ idx ].events = POLLIN; \end_layout \begin_layout Code - desc[ idx ].revents = 0; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Main time-of-day server loop. Handles both TCP & UDP requests. This is \end_layout \begin_layout Code - ** an interative server, and all requests are handled directly within the \end_layout \begin_layout Code - ** main loop. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( true ) /* Do forever. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Wait for activity on one of the sockets. The DO..WHILE construct is \end_layout \begin_layout Code - ** used to restart the system call in the event the process is \end_layout \begin_layout Code - ** interrupted by a signal. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - status = poll( desc, \end_layout \begin_layout Code - descSize, \end_layout \begin_layout Code - -1 /* Wait indefinitely for input. */ ); \end_layout \begin_layout Code - } while ( ( status < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( status ); /* Check for a bona fide system call error. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the current time. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - timeVal = time( NULL ); \end_layout \begin_layout Code - timeStr = ctime( &timeVal ); \end_layout \begin_layout Code - timeLen = strlen( timeStr ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Indicate that there is new network activity. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char *s = malloc( timeLen+1 ); \end_layout \begin_layout Code - strcpy( s, timeStr ); \end_layout \begin_layout Code - s[ timeLen-1 ] = ' \backslash 0'; /* Overwrite ' @@ -22671,913 +20703,743 @@ n' in date string. \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: New network activity on %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - s ); \end_layout \begin_layout Code - free( s ); \end_layout \begin_layout Code - } /* End IF verbose. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process sockets with input available. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( desc[ idx ].revents ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: /* No activity on this socket; try the next. */ \end_layout \begin_layout Code - continue; \end_layout \begin_layout Code - case POLLIN: /* Network activity. Go process it. */ \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - default: /* Invalid poll events. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Invalid poll event (0x%02X). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - desc[ idx ].revents ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on returned poll events. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine if this is a TCP request or UDP request. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( idx < tScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** TCP connection requested. Accept it. Notice the use of \end_layout \begin_layout Code - ** the sockaddr_storage data type. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( newSckt = accept( desc[ idx ].fd, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - CHK( shutdown( newSckt, /* Server never recv's anything. */ \end_layout \begin_layout Code - SHUT_RD ) ); \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Begin with \end_layout \begin_layout Code - ** the address-independent fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Sockaddr info for new TCP client: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Notice that we're switching on an address family now, not a \end_layout \begin_layout Code - ** protocol family. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the TOD to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = write( newSckt, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes ); \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - CHK( close( newSckt ) ); \end_layout \begin_layout Code - } /* End IF this was a TCP connection request. */ \end_layout \begin_layout Code - else \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This is a UDP socket, and a datagram is available. The funny \end_layout \begin_layout Code - ** thing about UDP requests is that this server doesn't require any \end_layout \begin_layout Code - ** client input; but it can't send the TOD unless it knows a client \end_layout \begin_layout Code - ** wants the data, and the only way that can occur with UDP is if \end_layout \begin_layout Code - ** the server receives a datagram from the client. Thus, the \end_layout \begin_layout Code - ** server must receive _something_, but the content of the datagram \end_layout \begin_layout Code - ** is irrelevant. Read in the datagram. Again note the use of \end_layout \begin_layout Code - ** sockaddr_storage to receive the address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( count = recvfrom( desc[ idx ].fd, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ), \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display whatever was received on stdout. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - ssize_t rBytes = count; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: UDP datagram received (%d bytes). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - count ); \end_layout \begin_layout Code - while ( count > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fputc( bfr[ rBytes - count-- ], \end_layout \begin_layout Code - stdout ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - if ( bfr[ rBytes-1 ] != ' \backslash n' ) \end_layout \begin_layout Code - fputc( ' \backslash n', stdout ); /* Newline also flushes stdout. @@ -23585,493 +21447,403 @@ n', stdout ); /* Newline also flushes stdout. \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Address- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Remote client's sockaddr info: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 address. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 address. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the time-of-day to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = sendto( desc[ idx ].fd, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, /* Address & address length */ \end_layout \begin_layout Code - sadrLen ); /* received in recvfrom(). */ \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - } /* End ELSE a UDP datagram is available. */ \end_layout \begin_layout Code - desc[ idx ].revents = 0; /* Clear the returned poll events. */ \end_layout \begin_layout Code - } /* End FOR each socket descriptor. */ \end_layout \begin_layout Code - } /* End WHILE forever. */ \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -24086,7 +21858,6 @@ The TCP client code is found in file tod6tc.c (time-of-day IPv6 TCP client). \end_layout \begin_layout Code - tod6tc [-v] [-s scope_id] [host [service]] \end_layout @@ -24127,265 +21898,216 @@ The TCP client source code contained in tod6tc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6tc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' TCP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -24393,7 +22115,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -24401,7 +22122,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -24409,7 +22129,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -24418,7 +22137,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -24426,7 +22144,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -24434,24 +22151,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -24459,669 +22172,540 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connection could not be established. \backslash @@ -25129,646 +22713,524 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a TCP connection to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to set up the connection. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a connection could not be \end_layout \begin_layout Code - * established. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; /* Connection-oriented byte stream. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; /* TCP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -25776,7 +23238,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -25784,751 +23245,608 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Connect to the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** The client never sends anything, so shut down the write side of the \end_layout \begin_layout Code - ** connection. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "shutdown", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - shutdown( sckt, SHUT_WR ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -26536,23 +23854,19 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - } while ( inBytes > 0 ); \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -26569,7 +23883,6 @@ The UDP client code is found in file tod6uc.c (time-of-day IPv6 UDP client). \end_layout \begin_layout Code - tod6uc [-v] [-s scope_id] [host [service]] \end_layout @@ -26610,265 +23923,216 @@ The UDP client source code contained in tod6uc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6uc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' UDP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), recvfrom(2), sendto(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -26876,7 +24140,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -26884,7 +24147,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -26892,7 +24154,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -26901,7 +24162,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -26909,7 +24169,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -26917,24 +24176,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -26942,1316 +24197,1065 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connectionless socket could " \end_layout \begin_layout Code - "not be set up. \backslash n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a UDP socket to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to exchange datagrams. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a socket could not be initialized. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; /* Connectionless communication. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; /* UDP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -28259,7 +25263,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -28267,748 +25270,606 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the target destination for the remote host on this socket. That \end_layout \begin_layout Code - ** is, this socket only communicates with the specified host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send a datagram to the server to wake it up. The content isn't \end_layout \begin_layout Code - ** important, but something must be sent to let it know we want the TOD. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "write", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - write( sckt, "Are you there?", 14 ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -29016,18 +25877,15 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf index b5beb31c..8cbcc391 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.html index 7adc2c52..cd3d2e05 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.html @@ -1294,10 +1294,10 @@ NAME="GENERAL-ORIGINAL-SOURCE" >1.5.1. Fonte original deste HOWTO

Este HOWTO foi escrito usando LyX versão 1.6.1 em um sistema Linux Fedora 10 com o template SGML/XML (DocBook). Ele está disponível emEste HOWTO foi escrito usando LyX versão 1.6.1 em um sistema Linux Fedora 10 com o template SGML/XML (DocBook). Ele está disponível em TLDP-CVS / users / Peter-Bieringergithub / tLDP / LDP / users / Peter-Bieringer para contribuições.

\end_layout @@ -1185,6 +1186,7 @@ Para o uso real em seu sistema de linha de comando ou em scripts, isto deve \end_layout \begin_layout Code + 1.2.3.4 \end_layout @@ -1198,6 +1200,7 @@ Comandos executados no shell por usuários normais (não root) começam com \end_layout \begin_layout Code + $ whoami \end_layout @@ -1206,6 +1209,7 @@ Comandos executados pelo usuário root começam com # \end_layout \begin_layout Code + # whoami \end_layout @@ -1381,58 +1385,72 @@ O primeiro trecho de código de rede relacionado com o IPv6 foi adicionado \end_layout \begin_layout Code + diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code + ¬ linux/include/linux/in6.h \end_layout \begin_layout Code + --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code + +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code + @@ -0,0 +1,99 @@ \end_layout \begin_layout Code + +/* \end_layout \begin_layout Code + + * Types and definitions for AF_INET6 \end_layout \begin_layout Code + + * Linux INET6 implementation \end_layout \begin_layout Code + + * + * Authors: \end_layout \begin_layout Code + + * Pedro Roque <******> \end_layout \begin_layout Code + + * \end_layout \begin_layout Code + + * Source: \end_layout \begin_layout Code + + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code + + * \end_layout @@ -1537,6 +1555,7 @@ Como já mencionado antes, os endereços IPv6 possuem 128 bits de tamanho. \end_layout \begin_layout Code + 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1552,6 +1571,7 @@ Tais números não são endereços fáceis de serem memorizados. \end_layout \begin_layout Code + 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1566,6 +1586,7 @@ s de programação) foi removido: \end_layout \begin_layout Code + 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1575,6 +1596,7 @@ Um endereço utilizável seria: \end_layout \begin_layout Code + 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1584,10 +1606,12 @@ Para simplificar, os zeros iniciais de cada bloco de 16 bits pode ser omitido: \end_layout \begin_layout Code + 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code + ¬ 2001:db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1599,6 +1623,7 @@ Um bloco de 16 bits contendo somente zeros também pode ser omitida, sendo \end_layout \begin_layout Code + 2001:0db8:100:f101:0:0:0:1 -> 2001:db8:100:f101::1 \end_layout @@ -1608,6 +1633,7 @@ A maior redução possível é vista do endereço IPv6 de localhost: \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1628,10 +1654,12 @@ target "http://www.faqs.org/rfcs/rfc1924.html" \end_layout \begin_layout Code + # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code + 9R}vSQZ1W=9A_Q74Lz&R \end_layout @@ -1826,6 +1854,7 @@ Este é um endereço especial para a interface de loopback, similar ao 127.0.0.1 \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -1834,6 +1863,7 @@ ou em sua forma comprimida: \end_layout \begin_layout Code + ::1 \end_layout @@ -1853,6 +1883,7 @@ Este é um endereço especial, como "any" ou "0.0.0.0". \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -1861,6 +1892,7 @@ ou: \end_layout \begin_layout Code + :: \end_layout @@ -1897,6 +1929,7 @@ Estes endereços são definidos dentro de um prefixo especial, com o tamanho \end_layout \begin_layout Code + 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -1905,6 +1938,7 @@ ou em seu formato comprimido \end_layout \begin_layout Code + ::ffff:a.b.c.d/96 \end_layout @@ -1913,6 +1947,7 @@ por exemplo, o endereço IP 1.2.3.4 seria assim: \end_layout \begin_layout Code + ::ffff:1.2.3.4 \end_layout @@ -1941,6 +1976,7 @@ reference "tunneling-6to4" \end_layout \begin_layout Code + 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -1949,6 +1985,7 @@ ou em seu formato comprimido \end_layout \begin_layout Code + ::a.b.c.d/96 \end_layout @@ -2005,18 +2042,22 @@ Eles começam com (onde "x" é qualquer caractere hexadecimal, normalmente \end_layout \begin_layout Code + fe8x: <- atualmente é o único em uso \end_layout \begin_layout Code + fe9x: \end_layout \begin_layout Code + feax: \end_layout \begin_layout Code + febx: \end_layout @@ -2058,18 +2099,22 @@ Ele começa com: \end_layout \begin_layout Code + fecx: <- mais usado, mais comum \end_layout \begin_layout Code + fedx: \end_layout \begin_layout Code + feex: \end_layout \begin_layout Code + fefx: \end_layout @@ -2121,10 +2166,12 @@ Ele começa com: \end_layout \begin_layout Code + fcxx: \end_layout \begin_layout Code + fdxx: <- atualmente o único em uso \end_layout @@ -2147,6 +2194,7 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code + fd0f:8b72:ac90::/48 \end_layout @@ -2174,10 +2222,12 @@ Ele começa com (os caracteres "x" são hexadecimais) \end_layout \begin_layout Code + 2xxx: \end_layout \begin_layout Code + 3xxx: \end_layout @@ -2198,6 +2248,7 @@ Estes foram os primeiros endereços globais que foram definidos e usados. \end_layout \begin_layout Code + 3ffe: \end_layout @@ -2206,6 +2257,7 @@ Exemplo: \end_layout \begin_layout Code + 3ffe:ffff:100:f102::1 \end_layout @@ -2215,6 +2267,7 @@ Um endereço de teste especial para o 6bone que nunca seria globalmente único \end_layout \begin_layout Code + 3ffe:ffff: \end_layout @@ -2269,6 +2322,7 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code + 2002: \end_layout @@ -2277,6 +2331,7 @@ Por exemplo, este endereço 192.168.1.1/5 ficaria: \end_layout \begin_layout Code + 2002:c0a8:0101:5::1 \end_layout @@ -2286,10 +2341,12 @@ Um pequeno comando em shell poderia ajudar voce a gerar este endereço, baseado \end_layout \begin_layout Code + ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code + ¬ | tr "." " "` $sla \end_layout @@ -2322,6 +2379,7 @@ Este endereço é delegado pelo ISP e começa com \end_layout \begin_layout Code + 2001: \end_layout @@ -2362,10 +2420,12 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code + 3fff:ffff::/32 \end_layout \begin_layout Code + 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2388,6 +2448,7 @@ Eles sempre começam com (xx é o valor de escopo) \end_layout \begin_layout Code + ffxy: \end_layout @@ -2477,6 +2538,7 @@ Um exemplo deste endereço se parece com \end_layout \begin_layout Code + ff02::1:ff00:1234 \end_layout @@ -2520,6 +2582,7 @@ Um exemplo simples para um endereço unicast é o anycast subnet-router. \end_layout \begin_layout Code + 2001:db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2529,6 +2592,7 @@ O endereço unicast subnet-router será criado removendo o sufixo (os 64 bits \end_layout \begin_layout Code + 2001:db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2567,6 +2631,7 @@ Exemplo: uma placa de rede tem o seguinte endereço MAC (48 bit): \end_layout \begin_layout Code + 00:10:a4:01:23:45 \end_layout @@ -2584,6 +2649,7 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code + 0210:a4ff:fe01:2345 \end_layout @@ -2593,6 +2659,7 @@ Com um prefixo já fornecido, o resultado é o endereço IPv6 mostrado abaixo: \end_layout \begin_layout Code + 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -2651,6 +2718,7 @@ Para servidores, provavelmente é mais fácil se lembrar de endereços mais \end_layout \begin_layout Code + 2001:0db8:100:f101::1 \end_layout @@ -2729,6 +2797,7 @@ Exemplo: \end_layout \begin_layout Code + 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -2742,6 +2811,7 @@ Rede: \end_layout \begin_layout Code + 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -2750,6 +2820,7 @@ Máscara de rede: \end_layout \begin_layout Code + ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -2770,10 +2841,12 @@ Por exemplo, se uma tabela de rotas mostra as seguintes entradas (a lista \end_layout \begin_layout Code + 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code + 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -2783,10 +2856,12 @@ Os endereços de destino mostrados dos pacotes IPv6 serão roteados através \end_layout \begin_layout Code + 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code + 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -2846,6 +2921,7 @@ Para verificar se o seu kernel já está com o suporte a IPv6 habilitado, \end_layout \begin_layout Code + /proc/net/if_inet6 \end_layout @@ -2855,6 +2931,7 @@ Para quem gosta de scripts, é possível usar estes comandos: \end_layout \begin_layout Code + # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -2874,6 +2951,7 @@ Voce pode tentar carregar os módulos do IPv6 com o comando \end_layout \begin_layout Code + # modprobe ipv6 \end_layout @@ -2883,6 +2961,7 @@ Se a carga ocorreu sem problemas, verifique o status com estes comandos: \end_layout \begin_layout Code + # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -2907,6 +2986,7 @@ Carga automática do módulo \end_layout \begin_layout Code + alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -2916,6 +2996,7 @@ Também é possível desabilitar a carga do módulo automaticamente usando a \end_layout \begin_layout Code + alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3136,10 +3217,12 @@ Novamente, para quem gosta de scripts: \end_layout \begin_layout Code + # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code + ¬ IPv6-ready" \end_layout @@ -3149,6 +3232,7 @@ Verificando o route: \end_layout \begin_layout Code + # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3166,6 +3250,7 @@ Alexey N. \end_layout \begin_layout Code + # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3224,14 +3309,17 @@ Uso \end_layout \begin_layout Code + # ping6 \end_layout \begin_layout Code + # ping6 \end_layout \begin_layout Code + # ping6 [-I ] \end_layout @@ -3240,14 +3328,17 @@ Exemplo \end_layout \begin_layout Code + # ping6 -c 1 ::1 \end_layout \begin_layout Code + PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code + 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3256,14 +3347,17 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code + --- ::1 ping statistics --- \end_layout \begin_layout Code + 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code + round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3298,10 +3392,12 @@ Ao usar um endereço link-local para pingar alguém em IPv6 o kernel pode \end_layout \begin_layout Code + # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code + connect: Invalid argument \end_layout @@ -3311,18 +3407,22 @@ Neste caso, voce precisa especificar qual interface deve ser usada para \end_layout \begin_layout Code + # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code + PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code + ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code + 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3331,14 +3431,17 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code + --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code + 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code + ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3352,18 +3455,22 @@ Um mecanismo interessante para detectar hosts com endereço IPv6 é pingar \end_layout \begin_layout Code + # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code + PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code + 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code + 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3391,42 +3498,51 @@ Este programa geralmente está incluso no pacote iputils. \end_layout \begin_layout Code + # traceroute6 www.6bone.net \end_layout \begin_layout Code + traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code + ¬ hops max, 16 byte packets \end_layout \begin_layout Code + 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code + 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code + 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code + 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code + 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code + 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3456,42 +3572,52 @@ Este programa costuma estar incluído no pacote iputils. \end_layout \begin_layout Code + # tracepath6 www.6bone.net \end_layout \begin_layout Code + 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code + 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code + 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code + 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code + 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code + 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code + 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code + 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code + Resume: pmtu 1280 \end_layout @@ -3560,26 +3686,32 @@ Ping IPv6 para 2001:0db8:100:f101::1 nativo sobre um link local \end_layout \begin_layout Code + # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code + tcpdump: listening on eth0 \end_layout \begin_layout Code + 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code + ¬ request (len 64, hlim 64) \end_layout \begin_layout Code + 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code + ¬ reply (len 64, hlim 64) \end_layout @@ -3593,42 +3725,52 @@ Os endereços IPv4 1.2.3.4 e 5.6.7.8 são os tunnel endpoints (todos os endereç \end_layout \begin_layout Code + # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code + tcpdump: listening on ppp0 \end_layout \begin_layout Code + 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code + ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code + 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code + ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code + 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code + ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code + 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code + ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -3698,6 +3840,7 @@ Por causa dos updates de segurança aplicados nos últimos anos, o Servidor \end_layout \begin_layout Code + # host -t AAAA www.join.uni-muenster.de \end_layout @@ -3706,17 +3849,20 @@ e a resposta deve ser alguma coisa parecida com isso: \end_layout \begin_layout Code + www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code + tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code + ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -3730,25 +3876,30 @@ Cliente de telnet com suporte a IPv6 estão disponíveis. \end_layout \begin_layout Code + $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code + Trying 3ffe:400:100::1... \end_layout \begin_layout Code + Connected to 3ffe:400:100::1. \end_layout \begin_layout Code + Escape character is '^]'. \end_layout \begin_layout Code + HEAD / HTTP/1.0 \end_layout @@ -3757,38 +3908,47 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code + HTTP/1.1 200 OK \end_layout \begin_layout Code + Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code + GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code + Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code + ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code + Accept-Ranges: bytes \end_layout \begin_layout Code + Content-Length: 2637 \end_layout \begin_layout Code + Connection: close \end_layout \begin_layout Code + Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -3797,6 +3957,7 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code + Connection closed by foreign host. \end_layout @@ -3830,14 +3991,17 @@ As versões atuais do openssh já suportam IPv6. \end_layout \begin_layout Code + $ ssh -6 ::1 \end_layout \begin_layout Code + user@::1's password: ****** \end_layout \begin_layout Code + [user@ipv6host user]$ \end_layout @@ -4185,10 +4349,12 @@ Uso: \end_layout \begin_layout Code + # ip link set dev up \end_layout \begin_layout Code + # ip link set dev down \end_layout @@ -4201,10 +4367,12 @@ Exemplo: \end_layout \begin_layout Code + # ip link set dev eth0 up \end_layout \begin_layout Code + # ip link set dev eth0 down \end_layout @@ -4218,10 +4386,12 @@ Uso: \end_layout \begin_layout Code + # /sbin/ifconfig up \end_layout \begin_layout Code + # /sbin/ifconfig down \end_layout @@ -4230,10 +4400,12 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 up \end_layout \begin_layout Code + # /sbin/ifconfig eth0 down \end_layout @@ -4273,6 +4445,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 addr show dev \end_layout @@ -4281,22 +4454,27 @@ Exemplo para uma configuração de host estático: \end_layout \begin_layout Code + # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code + 2: eth0: \end_layout @@ -4361,18 +4548,22 @@ Exemplo (a saída foi filtrada com o grep para mostrar somente os endereços \end_layout \begin_layout Code + # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code + inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code + inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code + inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -4394,6 +4585,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 addr add / dev \end_layout @@ -4402,6 +4594,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -4415,6 +4608,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/ifconfig inet6 add / \end_layout @@ -4423,6 +4617,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -4446,6 +4641,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 addr del / dev \end_layout @@ -4454,6 +4650,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -4467,6 +4664,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/ifconfig inet6 del / \end_layout @@ -4475,6 +4673,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -4515,6 +4714,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 route show [dev ] \end_layout @@ -4524,22 +4724,27 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code + 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -4553,6 +4758,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/route -A inet6 \end_layout @@ -4563,34 +4769,42 @@ Exemplo (a saída foi filtrada para a interface eth0). \end_layout \begin_layout Code + # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code + 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code + ¬ address \end_layout \begin_layout Code + fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code + ¬ address \end_layout \begin_layout Code + ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code + ¬ addresses \end_layout \begin_layout Code + ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -4613,10 +4827,12 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 route add / via \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -4625,6 +4841,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ip -6 route add 2000::/3 via 2001:0db8:0:f101::1 \end_layout @@ -4638,10 +4855,12 @@ Uso: \end_layout \begin_layout Code + # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -4660,6 +4879,7 @@ Veja o exemplo abaixo, como adicionar uma rota para todos os endereços globais \end_layout \begin_layout Code + # /sbin/route -A inet6 add 2000::/3 gw 2001:0db8:0:f101::1 \end_layout @@ -4683,10 +4903,12 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 route del / via \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -4695,6 +4917,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ip -6 route del 2000::/3 via 2001:0db8:0:f101::1 \end_layout @@ -4708,10 +4931,12 @@ Uso: \end_layout \begin_layout Code + # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code + ¬ ] \end_layout @@ -4720,6 +4945,7 @@ Exemplo para remover a rota adicionada anteriormente (acima): \end_layout \begin_layout Code + # /sbin/route -A inet6 del 2000::/3 gw 2001:0db8:0:f101::1 \end_layout @@ -4742,10 +4968,12 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 route add / dev \end_layout \begin_layout Code + ¬ metric 1 \end_layout @@ -4754,6 +4982,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ip -6 route add 2000::/3 dev eth0 metric 1 \end_layout @@ -4772,6 +5001,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/route -A inet6 add / dev \end_layout @@ -4780,6 +5010,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/route -A inet6 add 2000::/3 dev eth0 \end_layout @@ -4801,6 +5032,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 route del / dev \end_layout @@ -4809,6 +5041,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ip -6 route del 2000::/3 dev eth0 \end_layout @@ -4822,6 +5055,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/route -A inet6 del / dev \end_layout @@ -4831,6 +5065,7 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/route -A inet6 del 2000::/3 dev eth0 \end_layout @@ -4862,14 +5097,17 @@ Um cliente pode configurar uma rota default prefixo "::/0", mas eles também \end_layout \begin_layout Code + # ip -6 route show | grep ^default \end_layout \begin_layout Code + default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code + ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -4921,6 +5159,7 @@ Com o comando abaixo voce pode verificar a tabela de vizinhos aprendida \end_layout \begin_layout Code + # ip -6 neigh show [dev ] \end_layout @@ -4929,10 +5168,12 @@ O exemplo a seguir mostra um vizinho, o qual é um router acessível \end_layout \begin_layout Code + # ip -6 neigh show \end_layout \begin_layout Code + fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -4949,6 +5190,7 @@ Com o comando abaixo, voce consegue adicionar uma entrada manualmente \end_layout \begin_layout Code + # ip -6 neigh add lladdr dev \end_layout @@ -4957,6 +5199,7 @@ Exemplo: \end_layout \begin_layout Code + # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -4969,6 +5212,7 @@ Similar à adição de uma entrada, uma entrada pode ser excluída \end_layout \begin_layout Code + # ip -6 neigh del lladdr dev \end_layout @@ -4977,6 +5221,7 @@ Exemplo: \end_layout \begin_layout Code + # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -4990,23 +5235,28 @@ A ferramenta "ip" não é tão documentada, mas é bem útil e forte. \end_layout \begin_layout Code + # ip -6 neigh help \end_layout \begin_layout Code + Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code + [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code + | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code + ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -5138,22 +5388,27 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code + | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code + +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code + | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code + | 0x2002 | | | | \end_layout \begin_layout Code + +---+------+-----------+--------+--------------------------------+ \end_layout @@ -5265,6 +5520,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show [] \end_layout @@ -5273,14 +5529,17 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show \end_layout \begin_layout Code + sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code + sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -5293,6 +5552,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/route -A inet6 \end_layout @@ -5302,6 +5562,7 @@ Exemplo (a saída está filtrada para mostrar somente os túneis através da \end_layout \begin_layout Code + # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -5310,22 +5571,27 @@ W*$" \end_layout \begin_layout Code + ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code + 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code + 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code + fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code + ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -5392,10 +5658,12 @@ Use-o para criar um dispositivo túnel (mas não depois, o TTL também deve \end_layout \begin_layout Code + # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code + ¬ local \end_layout @@ -5404,18 +5672,22 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -5424,18 +5696,22 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -5444,18 +5720,22 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -5477,6 +5757,7 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -5485,14 +5766,17 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit1 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit1 \end_layout @@ -5501,14 +5785,17 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit2 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit2 \end_layout @@ -5517,14 +5804,17 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit3 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit3 \end_layout @@ -5557,6 +5847,7 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -5565,26 +5856,32 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout @@ -5620,6 +5917,7 @@ Uso para remover um dispositivo túnel: \end_layout \begin_layout Code + # /sbin/ip tunnel del \end_layout @@ -5628,14 +5926,17 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code + # /sbin/ip link set sit1 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit1 \end_layout @@ -5644,14 +5945,17 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code + # /sbin/ip link set sit2 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit2 \end_layout @@ -5660,14 +5964,17 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code + # /sbin/ip link set sit3 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit3 \end_layout @@ -5686,10 +5993,12 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code + # /sbin/ifconfig sit3 down \end_layout @@ -5698,10 +6007,12 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code + # /sbin/ifconfig sit2 down \end_layout @@ -5710,10 +6021,12 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code + # /sbin/ifconfig sit1 down \end_layout @@ -5722,6 +6035,7 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -5743,26 +6057,32 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout @@ -5771,6 +6091,7 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -5829,6 +6150,7 @@ Assumindo que o seu endereço IPv4 seja este \end_layout \begin_layout Code + 1.2.3.4 \end_layout @@ -5837,6 +6159,7 @@ o prefixo 6to4 gerado será este \end_layout \begin_layout Code + 2002:0102:0304:: \end_layout @@ -5847,6 +6170,7 @@ Gateways locais 6to4 deveriam (mas não é uma regra fixa, pois voce pode \end_layout \begin_layout Code + 2002:0102:0304::1 \end_layout @@ -5855,6 +6179,7 @@ Por exemplo, use a seguinte automação: \end_layout \begin_layout Code + ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -5876,10 +6201,12 @@ Criando um dispositivo de túnel \end_layout \begin_layout Code + # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code + ¬ \end_layout @@ -5888,6 +6215,7 @@ Ativando a interface \end_layout \begin_layout Code + # /sbin/ip link set dev tun6to4 up \end_layout @@ -5897,6 +6225,7 @@ Adicionando o endereço local 6to4 na interface (nota: o tamanho do prefixo \end_layout \begin_layout Code + # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -5906,6 +6235,7 @@ Adicionando uma rota default para a rede global IPv6 usando o endereço anycast \end_layout \begin_layout Code + # /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -5916,6 +6246,7 @@ Adicionando uma rota default para a rede global IPv6 usando o endereço anycast \end_layout \begin_layout Code + # /sbin/ip -6 route add 2000::/3 via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -5934,6 +6265,7 @@ Ativando a interface genérica sit0 \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -5942,6 +6274,7 @@ Adicionando um endereço 6to4 na interface \end_layout \begin_layout Code + # /sbin/ifconfig sit0 add /16 \end_layout @@ -5951,6 +6284,7 @@ Adicionando uma rota default para a rede global IPv6 usando o endereço anycast \end_layout \begin_layout Code + # /sbin/route -A inet6 add 2000::/3 gw ::192.88.99.1 dev sit0 \end_layout @@ -5967,6 +6301,7 @@ Remova todas as rotas que utilizam este dispositivo \end_layout \begin_layout Code + # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -5975,6 +6310,7 @@ Desligue a interface \end_layout \begin_layout Code + # /sbin/ip link set dev tun6to4 down \end_layout @@ -5983,6 +6319,7 @@ Remova o dispositivo criado \end_layout \begin_layout Code + # /sbin/ip tunnel del tun6to4 \end_layout @@ -5995,6 +6332,7 @@ Remova as rotas default que usam esta interface \end_layout \begin_layout Code + # /sbin/route -A inet6 del 2000::/3 gw ::192.88.99.1 dev sit0 \end_layout @@ -6003,6 +6341,7 @@ Remova o endereço local 6to4 desta interface \end_layout \begin_layout Code + # /sbin/ifconfig sit0 del /16 \end_layout @@ -6012,6 +6351,7 @@ Desligue o dispositivo genérico de túnel (cuidado com isto, pois ela ainda \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -6052,6 +6392,7 @@ Uso: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show [] \end_layout @@ -6060,23 +6401,28 @@ Exemplo: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code + ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 \end_layout \begin_layout Code + ¬ flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code + ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 \end_layout \begin_layout Code + ¬ hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -6094,10 +6440,12 @@ Uso para criar um dispositivo de túnel 4over6 \end_layout \begin_layout Code + # /sbin/ip tunnel add mode ip4ip6 remote \end_layout \begin_layout Code + ¬ local \end_layout @@ -6106,18 +6454,22 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -6126,18 +6478,22 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -6146,18 +6502,22 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -6170,6 +6530,7 @@ Uso ara remover um dispositivo de túnel: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del \end_layout @@ -6178,14 +6539,17 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code + # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -6194,14 +6558,17 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code + # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -6210,14 +6577,17 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code + # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -6265,6 +6635,7 @@ O sistema de arquivos /proc deve estar habilitado no kernel , ou seja, a \end_layout \begin_layout Code + CONFIG_PROC_FS=y \end_layout @@ -6274,10 +6645,12 @@ O sistema de arquivos já deve estar montado, o que pode ser testado como \end_layout \begin_layout Code + # mount | grep "type proc" \end_layout \begin_layout Code + none on /proc type proc (rw) \end_layout @@ -6300,10 +6673,12 @@ O valor de uma entrada pode ser obtido com o comando "cat": \end_layout \begin_layout Code + # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code + 0 \end_layout @@ -6317,6 +6692,7 @@ Um novo valor pode ser definido (se a entrada aceitar a escrita) através \end_layout \begin_layout Code + # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -6342,6 +6718,7 @@ A interface do sysctl deve estar habilitada no kernel, então a seguinte \end_layout \begin_layout Code + CONFIG_SYSCTL=y \end_layout @@ -6354,10 +6731,12 @@ O valor de uma entrada pode ser obtida da seguinte maneira: \end_layout \begin_layout Code + # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code + net.ipv6.conf.all.forwarding = 0 \end_layout @@ -6370,10 +6749,12 @@ Um novo valor pode ser definido (se a entrada aceitar a escrita): \end_layout \begin_layout Code + # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code + net.ipv6.conf.all.forwarding = 1 \end_layout @@ -6383,10 +6764,12 @@ Nota: Não use espaços entre o sinal = para definir os valores. \end_layout \begin_layout Code + # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code + net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -6803,10 +7186,12 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code + ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code + ¬ seq=426, pid=0 \end_layout @@ -7254,22 +7639,27 @@ s). \end_layout \begin_layout Code + # cat /proc/net/if_inet6 \end_layout \begin_layout Code + 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code + +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code + | | | | | | \end_layout \begin_layout Code + 1 2 3 4 5 6 \end_layout @@ -7324,22 +7714,27 @@ Aqui toda a configuração de rotas em IPv6 é mostrada em um formato especialt. \end_layout \begin_layout Code + # cat /proc/net/ipv6_route \end_layout \begin_layout Code + 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code + +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code + | | | | \end_layout \begin_layout Code + 1 2 3 4 \end_layout @@ -7348,18 +7743,22 @@ Aqui toda a configuração de rotas em IPv6 é mostrada em um formato especialt. \end_layout \begin_layout Code + ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code + ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code + ¬ | | | | | | \end_layout \begin_layout Code + ¬ 5 6 7 8 9 10 \end_layout @@ -7420,22 +7819,27 @@ Estatísticas sobre o uso de sockets IPv6. \end_layout \begin_layout Code + # cat /proc/net/sockstat6 \end_layout \begin_layout Code + TCP6: inuse 7 \end_layout \begin_layout Code + UDP6: inuse 2 \end_layout \begin_layout Code + RAW6: inuse 1 \end_layout \begin_layout Code + FRAG6: inuse 0 memory 0 \end_layout @@ -7617,307 +8021,375 @@ Example: \end_layout \begin_layout Code + # netstat -nlptu \end_layout \begin_layout Code + Active Internet connections (only servers) \end_layout \begin_layout Code + Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code + ¬ PID/Program name \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1258/rpc.statd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1502/rpc.mountd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 22433/lpd Waiting \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1746/smbd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1230/portmap \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 3551/X \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 18735/junkbuster \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code + ¬ 1410/sshd \end_layout \begin_layout Code + tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code + ¬ 13237/sshd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1258/rpc.statd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code + ¬ - \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1502/rpc.mountd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code + ¬ - \end_layout \begin_layout Code + udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1530/dhcpd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1530/dhcpd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1230/portmap \end_layout \begin_layout Code + udp 0 0 :::53 :::* \end_layout \begin_layout Code + ¬ 30734/named \end_layout @@ -7949,26 +8421,32 @@ Router advertisement \end_layout \begin_layout Code + 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code + ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code + ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code + ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code + ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code + ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -8021,10 +8499,12 @@ Router solicitation \end_layout \begin_layout Code + 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code + ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -8092,10 +8572,12 @@ fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code + 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -8112,15 +8594,18 @@ Node wants to configure its global address \end_layout \begin_layout Code + 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code + ¬ hlim 255) \end_layout @@ -8137,15 +8622,18 @@ Node wants to configure its global address \end_layout \begin_layout Code + 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code + ¬ 255) \end_layout @@ -8166,15 +8654,18 @@ Node wants to send packages to \end_layout \begin_layout Code + 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code + ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code + ¬ hlim 255) \end_layout @@ -8191,10 +8682,12 @@ fe80::10 \end_layout \begin_layout Code + 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code + ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -8316,6 +8809,7 @@ You can test, whether your Linux distribution contain support for persistent \end_layout \begin_layout Code + /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -8324,11 +8818,13 @@ Auto-magically test: \end_layout \begin_layout Code + # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code + ¬ IPv6 script library exists" \end_layout @@ -8338,14 +8834,17 @@ The version of the library is important if you miss some features. \end_layout \begin_layout Code + # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code + ¬ getversion_ipv6_functions \end_layout \begin_layout Code + 20011124 \end_layout @@ -8384,10 +8883,12 @@ Check whether running system has already IPv6 module loaded \end_layout \begin_layout Code + # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code + alias net-pf-10 off \end_layout @@ -8405,6 +8906,7 @@ off \end_layout \begin_layout Code + NETWORKING_IPV6=yes \end_layout @@ -8413,6 +8915,7 @@ Reboot or restart networking using \end_layout \begin_layout Code + # service network restart \end_layout @@ -8421,10 +8924,12 @@ Now IPv6 module should be loaded \end_layout \begin_layout Code + # modprobe -c | grep ipv6 \end_layout \begin_layout Code + alias net-pf-10 ipv6 \end_layout @@ -8484,6 +8989,7 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code + IP6ADDR="/" \end_layout @@ -8509,6 +9015,7 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code + IPADDR="/" \end_layout @@ -8549,44 +9056,54 @@ Configure your interface. \end_layout \begin_layout Code + iface eth0 inet6 static \end_layout \begin_layout Code + pre-up modprobe ipv6 \end_layout \begin_layout Code + address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code + # To suppress completely autoconfiguration: \end_layout \begin_layout Code + # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code + netmask 64 \end_layout \begin_layout Code + # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code + # It is magically \end_layout \begin_layout Code + # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code + #gateway 2001:0db8:1234:5::1 \end_layout @@ -8595,6 +9112,7 @@ And you reboot or you just \end_layout \begin_layout Code + # ifup --force eth0 \end_layout @@ -8665,18 +9183,22 @@ Example: \end_layout \begin_layout Code + # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code + 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code + inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code + valid_lft forever preferred_lft forever \end_layout @@ -9178,6 +9700,7 @@ Change to source directory: \end_layout \begin_layout Code + # cd /path/to/src \end_layout @@ -9186,10 +9709,12 @@ Unpack and rename kernel sources \end_layout \begin_layout Code + # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code + # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -9198,6 +9723,7 @@ Unpack iptables sources \end_layout \begin_layout Code + # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -9210,6 +9736,7 @@ Change to iptables directory \end_layout \begin_layout Code + # cd iptables-version \end_layout @@ -9218,6 +9745,7 @@ Apply pending patches \end_layout \begin_layout Code + # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -9228,6 +9756,7 @@ Apply additional IPv6 related patches (still not in the vanilla kernel included) \end_layout \begin_layout Code + # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -9266,10 +9795,12 @@ Check IPv6 extensions \end_layout \begin_layout Code + # make print-extensions \end_layout \begin_layout Code + Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -9282,6 +9813,7 @@ Change to kernel sources \end_layout \begin_layout Code + # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -9290,10 +9822,12 @@ Edit Makefile \end_layout \begin_layout Code + - EXTRAVERSION = \end_layout \begin_layout Code + + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -9302,80 +9836,99 @@ Run configure, enable IPv6 related \end_layout \begin_layout Code + Code maturity level options \end_layout \begin_layout Code + Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code + Networking options \end_layout \begin_layout Code + Network packet filtering: yes \end_layout \begin_layout Code + The IPv6 protocol: module \end_layout \begin_layout Code + IPv6: Netfilter Configuration \end_layout \begin_layout Code + IP6 tables support: module \end_layout \begin_layout Code + All new options like following: \end_layout \begin_layout Code + limit match support: module \end_layout \begin_layout Code + MAC address match support: module \end_layout \begin_layout Code + Multiple port match support: module \end_layout \begin_layout Code + Owner match support: module \end_layout \begin_layout Code + netfilter MARK match support: module \end_layout \begin_layout Code + Aggregated address check: module \end_layout \begin_layout Code + Packet filtering: module \end_layout \begin_layout Code + REJECT target support: module \end_layout \begin_layout Code + LOG target support: module \end_layout \begin_layout Code + Packet mangling: module \end_layout \begin_layout Code + MARK target support: module \end_layout @@ -9402,6 +9955,7 @@ Rename older directory \end_layout \begin_layout Code + # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -9410,6 +9964,7 @@ Create a new softlink \end_layout \begin_layout Code + # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -9418,6 +9973,7 @@ Rebuild SRPMS \end_layout \begin_layout Code + # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -9431,6 +9987,7 @@ On RH 7.1 systems, normally, already an older version is installed, therefore \end_layout \begin_layout Code + # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -9439,6 +9996,7 @@ If not already installed, use "install" \end_layout \begin_layout Code + # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -9449,6 +10007,7 @@ ts don't fit. \end_layout \begin_layout Code + # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -9458,6 +10017,7 @@ Perhaps it's necessary to create a softlink for iptables libraries where \end_layout \begin_layout Code + # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -9474,6 +10034,7 @@ Load module, if so compiled \end_layout \begin_layout Code + # modprobe ip6_tables \end_layout @@ -9482,10 +10043,12 @@ Check for capability \end_layout \begin_layout Code + # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code + ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -9502,6 +10065,7 @@ Short \end_layout \begin_layout Code + # ip6tables -L \end_layout @@ -9510,6 +10074,7 @@ Extended \end_layout \begin_layout Code + # ip6tables -n -v --line-numbers -L \end_layout @@ -9518,6 +10083,7 @@ List specified filter \end_layout \begin_layout Code + # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -9526,10 +10092,12 @@ Insert a log rule at the input filter with options \end_layout \begin_layout Code + # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code + ¬ --log-level 7 \end_layout @@ -9538,6 +10106,7 @@ Insert a drop rule at the input filter \end_layout \begin_layout Code + # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -9546,6 +10115,7 @@ Delete a rule by number \end_layout \begin_layout Code + # ip6tables --table filter --delete INPUT 1 \end_layout @@ -9559,6 +10129,7 @@ Since kernel version 2.6.20 IPv6 connection tracking is well supported and \end_layout \begin_layout Code + # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -9576,6 +10147,7 @@ Accept incoming ICMPv6 through tunnels \end_layout \begin_layout Code + # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -9584,6 +10156,7 @@ Allow outgoing ICMPv6 through tunnels \end_layout \begin_layout Code + # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -9592,6 +10165,7 @@ Newer kernels allow specifying of ICMPv6 types: \end_layout \begin_layout Code + # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -9609,10 +10183,12 @@ Because it can happen (author already saw it to times) that an ICMPv6 storm \end_layout \begin_layout Code + # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code + ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -9630,10 +10206,12 @@ Allow incoming SSH from 2001:0db8:100::1/128 \end_layout \begin_layout Code + # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code + ¬ --dport 22 -j ACCEPT \end_layout @@ -9646,10 +10224,12 @@ no longer needed if connection tracking is used! \end_layout \begin_layout Code + # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code + ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -9671,6 +10251,7 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 \end_layout \begin_layout Code + # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -9679,6 +10260,7 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 \end_layout \begin_layout Code + # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -9692,6 +10274,7 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 from tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code + # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -9700,6 +10283,7 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 to tunnel endpoint 1.2.3.4 \end_layout \begin_layout Code + # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -9722,6 +10306,7 @@ Block incoming TCP connection requests to this host \end_layout \begin_layout Code + # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -9730,6 +10315,7 @@ Block incoming TCP connection requests to hosts behind this router \end_layout \begin_layout Code + # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -9762,6 +10348,7 @@ Block incoming UDP packets which cannot be responses of outgoing requests \end_layout \begin_layout Code + # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -9771,6 +10358,7 @@ Block incoming UDP packets which cannot be responses of forwarded requests \end_layout \begin_layout Code + # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -9798,6 +10386,7 @@ tracking \end_layout \begin_layout Code + File: /etc/sysconfig/ip6tables \end_layout @@ -9806,70 +10395,87 @@ File: /etc/sysconfig/ip6tables \end_layout \begin_layout Code + *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code + :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code + :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code + :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code + -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code + COMMIT \end_layout @@ -9878,6 +10484,7 @@ For completeness also the IPv4 configuration is shown here: \end_layout \begin_layout Code + File: /etc/sysconfig/iptables \end_layout @@ -9886,71 +10493,88 @@ File: /etc/sysconfig/iptables \end_layout \begin_layout Code + *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code + :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code + :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code + :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code + -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code + COMMIT \end_layout @@ -9967,10 +10591,12 @@ Activate IPv4 & IPv6 firewalling \end_layout \begin_layout Code + # service iptables start \end_layout \begin_layout Code + # service ip6tables start \end_layout @@ -9979,10 +10605,12 @@ Enable automatic start after reboot \end_layout \begin_layout Code + # chkconfig iptables on \end_layout \begin_layout Code + # chkconfig ip6tables on \end_layout @@ -10001,472 +10629,578 @@ but still stateless filter \end_layout \begin_layout Code + # ip6tables -n -v -L \end_layout \begin_layout Code + Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code + 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code + 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code + 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code + 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain ext2int (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code + 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain extIN (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain extOUT (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code + ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code + ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain int2ext (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code + 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain intIN (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code + ¬ fe80::/ffc0:: \end_layout \begin_layout Code + 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain intOUT (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code + ¬ fe80::/ffc0:: \end_layout \begin_layout Code + 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -10575,10 +11309,12 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code + # nc6 ::1 daytime \end_layout \begin_layout Code + 13 JUL 2002 11:22:22 CEST \end_layout @@ -10600,43 +11336,53 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code + # nmap -6 -sT ::1 \end_layout \begin_layout Code + Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code + Interesting ports on localhost6 (::1): \end_layout \begin_layout Code + (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code + Port State Service \end_layout \begin_layout Code + 22/tcp open ssh \end_layout \begin_layout Code + 53/tcp open domain \end_layout \begin_layout Code + 515/tcp open printer \end_layout \begin_layout Code + 2401/tcp open cvspserver \end_layout \begin_layout Code + Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -10659,26 +11405,32 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code + # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code + ::1 2401 unassigned unknown \end_layout \begin_layout Code + ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code + ::1 515 printer spooler (lpd) \end_layout \begin_layout Code + ::1 6010 unassigned unknown \end_layout \begin_layout Code + ::1 53 domain Domain Name Server \end_layout @@ -10942,22 +11694,27 @@ Example for an end-to-end encrypted connection in transport mode \end_layout \begin_layout Code + #!/sbin/setkey -f \end_layout \begin_layout Code + flush; \end_layout \begin_layout Code + spdflush; \end_layout \begin_layout Code + spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code + spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -10970,30 +11727,37 @@ Example for a end-to-end encrypted connection in tunnel mode \end_layout \begin_layout Code + #!/sbin/setkey -f \end_layout \begin_layout Code + flush; \end_layout \begin_layout Code + spdflush; \end_layout \begin_layout Code + spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code + ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code + spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code + ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -11055,18 +11819,22 @@ File: /etc/racoon/racoon.conf \end_layout \begin_layout Code + # Racoon IKE daemon configuration file. \end_layout \begin_layout Code + # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code + path include "/etc/racoon"; \end_layout \begin_layout Code + path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -11075,18 +11843,22 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code + listen \end_layout \begin_layout Code + { \end_layout \begin_layout Code + isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code + } \end_layout @@ -11095,50 +11867,62 @@ listen \end_layout \begin_layout Code + remote 2001:db8:2:2::2 \end_layout \begin_layout Code + { \end_layout \begin_layout Code + exchange_mode main; \end_layout \begin_layout Code + lifetime time 24 hour; \end_layout \begin_layout Code + proposal \end_layout \begin_layout Code + { \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + hash_algorithm md5; \end_layout \begin_layout Code + authentication_method pre_shared_key; \end_layout \begin_layout Code + dh_group 2; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -11147,34 +11931,42 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code + # gateway-to-gateway \end_layout \begin_layout Code + sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code + { \end_layout \begin_layout Code + lifetime time 1 hour; \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + authentication_algorithm hmac_md5; \end_layout \begin_layout Code + compression_algorithm deflate; \end_layout \begin_layout Code + } \end_layout @@ -11183,30 +11975,37 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code + sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code + { \end_layout \begin_layout Code + lifetime time 1 hour; \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + authentication_algorithm hmac_md5; \end_layout \begin_layout Code + compression_algorithm deflate; \end_layout \begin_layout Code + } \end_layout @@ -11219,10 +12018,12 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code + # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code + # format is: 'identifier' 'key' \end_layout @@ -11231,6 +12032,7 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code + 2001:db8:2:2::2 verysecret \end_layout @@ -11254,84 +12056,104 @@ At least the daemon needs to be started. \end_layout \begin_layout Code + # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code + Foreground mode. \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 \end_layout \begin_layout Code + ¬ (http://ipsec-tools.sourceforge.net) \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code + ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code + ¬ queued due to no phase1 found. \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code + ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code + 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code + ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code + 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code + ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code + 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code + ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code + 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code + ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -11349,10 +12171,12 @@ tcpdump \end_layout \begin_layout Code + 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code + 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -11373,94 +12197,117 @@ setkey \end_layout \begin_layout Code + # setkey -D \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code + esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code + E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code + A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code + seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code + diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code + 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code + esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code + E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code + A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code + seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code + diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -11553,18 +12400,22 @@ File: /etc/ipsec.conf \end_layout \begin_layout Code + # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code + # \end_layout \begin_layout Code + # Manual: ipsec.conf.5 \end_layout \begin_layout Code + version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -11573,22 +12424,27 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code + # basic configuration \end_layout \begin_layout Code + config setup \end_layout \begin_layout Code + # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code + # klipsdebug=none \end_layout \begin_layout Code + # plutodebug="control parsing" \end_layout @@ -11597,10 +12453,12 @@ config setup \end_layout \begin_layout Code + #Disable Opportunistic Encryption \end_layout \begin_layout Code + include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -11609,54 +12467,67 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code + conn ipv6-p1-p2 \end_layout \begin_layout Code + connaddrfamily=ipv6 # Important for IPv6! \end_layout \begin_layout Code + left=2001:db8:1:1::1 \end_layout \begin_layout Code + right=2001:db8:2:2::2 \end_layout \begin_layout Code + authby=secret \end_layout \begin_layout Code + esp=aes128-sha1 \end_layout \begin_layout Code + ike=aes128-sha-modp1024 \end_layout \begin_layout Code + type=transport \end_layout \begin_layout Code + #type=tunnel \end_layout \begin_layout Code + compress=no \end_layout \begin_layout Code + #compress=yes \end_layout \begin_layout Code + auto=add \end_layout \begin_layout Code + #auto=start \end_layout @@ -11673,6 +12544,7 @@ File: /etc/ipsec.secrets \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -11694,6 +12566,7 @@ If installation of Openswan was successfully, an initscript should exist \end_layout \begin_layout Code + # /etc/rc.d/init.d/ipsec start \end_layout @@ -11711,34 +12584,42 @@ IPsec SA established \end_layout \begin_layout Code + # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code + 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code + 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code + 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code + 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code + 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code + 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code + ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -11756,94 +12637,117 @@ setkey \end_layout \begin_layout Code + # setkey -D \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code + esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code + E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code + A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code + seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code + diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code + 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code + esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code + E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code + A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code + seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code + diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -11865,10 +12769,12 @@ ip \end_layout \begin_layout Code + # ip xfrm policy \end_layout \begin_layout Code + ... \end_layout @@ -11877,10 +12783,12 @@ ip \end_layout \begin_layout Code + # ip xfrm state \end_layout \begin_layout Code + ... \end_layout @@ -11927,32 +12835,39 @@ Proper working QoS is only possible on the outgoing interface of a router \end_layout \begin_layout Code + -------------->------- \end_layout \begin_layout Code + Queue 1 \backslash \end_layout \begin_layout Code + --->--- ---->--------->--------->--------------- \end_layout \begin_layout Code + Big pipe Queue 2 Queue 1 / Queue 2 / Queue 3 Thin Pipe \end_layout \begin_layout Code + --->---- ---->--------->--------->--------------- \end_layout \begin_layout Code + Queue 3 / \end_layout \begin_layout Code + -------------->------- \end_layout @@ -12021,6 +12936,7 @@ Define root qdisc with a bandwidth of 1000 MBit/s on eth1 \end_layout \begin_layout Code + # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -12033,6 +12949,7 @@ Define a class 1:1 with 1 MBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -12042,6 +12959,7 @@ Define a class 1:2 with 50 MBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -12051,6 +12969,7 @@ Define a class 1:3 with 10 MBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -12060,6 +12979,7 @@ Define a class 1:4 with 200 kBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -12085,6 +13005,7 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -12102,6 +13023,7 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -12115,6 +13037,7 @@ match ip6 flowlabel 12345 0x3ffff \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -12128,6 +13051,7 @@ handle 32 fw \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -12137,6 +13061,7 @@ The last filter definition requires an entry in the ip6tables to mark a \end_layout \begin_layout Code + # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -12150,14 +13075,17 @@ Start on server side each one one separate console: \end_layout \begin_layout Code + # iperf -V -s -p 5001 \end_layout \begin_layout Code + # iperf -V -s -p 5002 \end_layout \begin_layout Code + # iperf -V -s -p 5003 \end_layout @@ -12166,29 +13094,35 @@ Start on client side and compare results: \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv4 -p 5001 (expected: 1 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv6 -p 5001 (expected: 50 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv4 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv6 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv4 -p 5003 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv6 -p 5003 (expected: 200 kBit/s) \end_layout @@ -12264,18 +13198,22 @@ To enable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # sure other options here, too \end_layout \begin_layout Code + listen-on-v6 { any; }; \end_layout \begin_layout Code + }; \end_layout @@ -12284,48 +13222,59 @@ This should result after restart in e.g. \end_layout \begin_layout Code + # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code + tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code + ¬ # incoming TCP requests \end_layout \begin_layout Code + udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code + udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code + udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP request to any IPv6 \end_layout @@ -12334,6 +13283,7 @@ And a simple test looks like \end_layout \begin_layout Code + # dig localhost @::1 \end_layout @@ -12350,18 +13300,22 @@ To disable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # sure other options here, too \end_layout \begin_layout Code + listen-on-v6 { none; }; \end_layout \begin_layout Code + }; \end_layout @@ -12375,54 +13329,67 @@ IPv6 enabled ACLs are possible and should be used whenever it's possible. \end_layout \begin_layout Code + acl internal-net { \end_layout \begin_layout Code + 127.0.0.1; \end_layout \begin_layout Code + 1.2.3.0/24; \end_layout \begin_layout Code + 2001:0db8:100::/56; \end_layout \begin_layout Code + ::1/128; \end_layout \begin_layout Code + ::ffff:1.2.3.4/128; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + acl ns-internal-net { \end_layout \begin_layout Code + 1.2.3.4; \end_layout \begin_layout Code + 1.2.3.5; \end_layout \begin_layout Code + 2001:0db8:100::4/128; \end_layout \begin_layout Code + 2001:0db8:100::5/128; \end_layout \begin_layout Code + }; \end_layout @@ -12434,26 +13401,32 @@ This ACLs can be used e.g. \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # sure other options here, too \end_layout \begin_layout Code + listen-on-v6 { none; }; \end_layout \begin_layout Code + allow-query { internal-net; }; \end_layout \begin_layout Code + allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code + }; \end_layout @@ -12478,6 +13451,7 @@ This option is not required, but perhaps needed: \end_layout \begin_layout Code + query-source-v6 address port ; \end_layout @@ -12498,6 +13472,7 @@ Transfer source address is used for outgoing zone transfers: \end_layout \begin_layout Code + transfer-source-v6 [port port]; \end_layout @@ -12510,6 +13485,7 @@ Notify source address is used for outgoing notify messages: \end_layout \begin_layout Code + notify-source-v6 [port port]; \end_layout @@ -12662,22 +13638,27 @@ Specifying a dedicated server for the query, an IPv6 connect can be forced: \end_layout \begin_layout Code + $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Using domain server: \end_layout \begin_layout Code + Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code + Aliases: \end_layout @@ -12686,6 +13667,7 @@ Aliases: \end_layout \begin_layout Code + Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -12695,14 +13677,17 @@ Related log entry looks like following: \end_layout \begin_layout Code + Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code + ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code + query denied \end_layout @@ -12720,22 +13705,27 @@ A successful IPv6 connect looks like following: \end_layout \begin_layout Code + $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Using domain server: \end_layout \begin_layout Code + Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code + Aliases: \end_layout @@ -12744,12 +13734,14 @@ Aliases: \end_layout \begin_layout Code + www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code + 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -12793,42 +13785,52 @@ If you enable a built-in service like e.g. \end_layout \begin_layout Code + # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code + --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code + +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code + @@ -10,5 +10,5 @@ \end_layout \begin_layout Code + protocol = tcp \end_layout \begin_layout Code + user = root \end_layout \begin_layout Code + wait = no \end_layout \begin_layout Code + - disable = yes \end_layout \begin_layout Code + + disable = no \end_layout \begin_layout Code + } \end_layout @@ -12837,22 +13839,27 @@ After restarting the xinetd you should get a positive result like: \end_layout \begin_layout Code + # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code + tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code + ¬ daytime/tcp \end_layout \begin_layout Code + tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -12907,22 +13914,27 @@ Virtual host listen on an IPv6 address only \end_layout \begin_layout Code + Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code + \end_layout \begin_layout Code + ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code + # ...sure more config lines \end_layout \begin_layout Code + \end_layout @@ -12931,26 +13943,32 @@ Virtual host listen on an IPv6 and on an IPv4 address \end_layout \begin_layout Code + Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code + Listen 1.2.3.4:80 \end_layout \begin_layout Code + \end_layout \begin_layout Code + ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code + # ...sure more config lines \end_layout \begin_layout Code + \end_layout @@ -12959,20 +13977,24 @@ This should result after restart in e.g. \end_layout \begin_layout Code + # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code + tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code + tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code + tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -13072,42 +14094,52 @@ Radvd's config file is normally /etc/radvd.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + AdvSendAdvert on; \end_layout \begin_layout Code + MinRtrAdvInterval 3; \end_layout \begin_layout Code + MaxRtrAdvInterval 10; \end_layout \begin_layout Code + prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code + AdvOnLink on; \end_layout \begin_layout Code + AdvAutonomous on; \end_layout \begin_layout Code + AdvRouterAddr on; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -13116,23 +14148,28 @@ This results on client side in \end_layout \begin_layout Code + # ip -6 addr show eth0 \end_layout \begin_layout Code + 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code + inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code + valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code + inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -13155,54 +14192,67 @@ Version since 0.6.2pl3 support the automatic (re)-generation of the prefix \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + AdvSendAdvert on; \end_layout \begin_layout Code + MinRtrAdvInterval 3; \end_layout \begin_layout Code + MaxRtrAdvInterval 10; \end_layout \begin_layout Code + prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code + AdvOnLink off; \end_layout \begin_layout Code + AdvAutonomous on; \end_layout \begin_layout Code + AdvRouterAddr on; \end_layout \begin_layout Code + Base6to4Interface ppp0; \end_layout \begin_layout Code + AdvPreferredLifetime 20; \end_layout \begin_layout Code + AdvValidLifetime 30; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -13212,23 +14262,28 @@ This results on client side in (assuming, ppp0 has currently 1.2.3.4 as local \end_layout \begin_layout Code + # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code + 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code + inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code + valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code + inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -13245,6 +14300,7 @@ Additional note: if you do not used special 6to4 support in initscripts, \end_layout \begin_layout Code + # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -13271,86 +14327,107 @@ radvdump \end_layout \begin_layout Code + # radvdump \end_layout \begin_layout Code + Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code + AdvCurHopLimit: 64 \end_layout \begin_layout Code + AdvManagedFlag: off \end_layout \begin_layout Code + AdvOtherConfigFlag: off \end_layout \begin_layout Code + AdvHomeAgentFlag: off \end_layout \begin_layout Code + AdvReachableTime: 0 \end_layout \begin_layout Code + AdvRetransTimer: 0 \end_layout \begin_layout Code + Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code + AdvValidLifetime: 30 \end_layout \begin_layout Code + AdvPreferredLifetime: 20 \end_layout \begin_layout Code + AdvOnLink: off \end_layout \begin_layout Code + AdvAutonomous: on \end_layout \begin_layout Code + AdvRouterAddr: on \end_layout \begin_layout Code + Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code + AdvValidLifetime: 2592000 \end_layout \begin_layout Code + AdvPreferredLifetime: 604800 \end_layout \begin_layout Code + AdvOnLink: on \end_layout \begin_layout Code + AdvAutonomous: on \end_layout \begin_layout Code + AdvRouterAddr: on \end_layout \begin_layout Code + AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -13402,54 +14479,67 @@ dhcp6s's config file is normally /etc/dhcp6s.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + server-preference 255; \end_layout \begin_layout Code + renew-time 60; \end_layout \begin_layout Code + rebind-time 90; \end_layout \begin_layout Code + prefer-life-time 130; \end_layout \begin_layout Code + valid-life-time 200; \end_layout \begin_layout Code + allow rapid-commit; \end_layout \begin_layout Code + option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code + link AAA { \end_layout \begin_layout Code + range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code + prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -13467,18 +14557,22 @@ dhcp6c's config file is normally /etc/dhcp6c.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + send rapid-commit; \end_layout \begin_layout Code + request domain-name-servers; \end_layout \begin_layout Code + }; \end_layout @@ -13495,6 +14589,7 @@ Start server, e.g. \end_layout \begin_layout Code + # service dhcp6s start \end_layout @@ -13507,6 +14602,7 @@ Start client in foreground, e.g. \end_layout \begin_layout Code + # dhcp6c -f eth0 \end_layout @@ -13524,6 +14620,7 @@ The server has one foreground and two debug toggles (both should be used \end_layout \begin_layout Code + # dhcp6s -d -D -f eth0 \end_layout @@ -13537,6 +14634,7 @@ As general debugging for test whether the IPv6 DHCP server is reable on \end_layout \begin_layout Code + # ping6 -I eth0 ff02::1:2 \end_layout @@ -13545,51 +14643,63 @@ The client has one foreground and two debug toggles, here is an example: \end_layout \begin_layout Code + # dhcp6c -d -f eth0 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code + Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code + Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not \end_layout \begin_layout Code + ¬ in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code + Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -13640,71 +14750,88 @@ Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 \end_layout \begin_layout Code + default-lease-time 600; \end_layout \begin_layout Code + max-lease-time 7200; \end_layout \begin_layout Code + log-facility local7; \end_layout \begin_layout Code + subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Range for clients \end_layout \begin_layout Code + range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout \begin_layout Code + # Additional options \end_layout \begin_layout Code + option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code + option dhcp6.domain-search "domain.example"; \end_layout \begin_layout Code + # Prefix range for delegation to sub-routers \end_layout \begin_layout Code + prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout \begin_layout Code + # Example for a fixed host address \end_layout \begin_layout Code + host specialclient { \end_layout \begin_layout Code + host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code + fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -13740,6 +14867,7 @@ dhcp6c \end_layout \begin_layout Code + # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -13759,46 +14887,56 @@ Start server in foreground: \end_layout \begin_layout Code + # /usr/sbin/dhcpd -6 -f -cf /etc/dhcp/dhcpd.conf eth1 \end_layout \begin_layout Code + Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code + Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code + All rights reserved. \end_layout \begin_layout Code + For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code + Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code + Wrote 0 leases to leases file. \end_layout \begin_layout Code + Bound to *:547 \end_layout \begin_layout Code + Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code + Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -13831,55 +14969,68 @@ Create a dedicated configuration file /etc/dibbler/server.conf . \end_layout \begin_layout Code + log-level 8 \end_layout \begin_layout Code + log-mode short \end_layout \begin_layout Code + preference 0 \end_layout \begin_layout Code + iface "eth1" { \end_layout \begin_layout Code + // also ranges can be defines, instead of exact values t1 1800-2000 t2 2700-3000 \end_layout \begin_layout Code + prefered-lifetime 3600 \end_layout \begin_layout Code + valid-lifetime 7200 \end_layout \begin_layout Code + class { \end_layout \begin_layout Code + pool 2001:6f8:12d8:1::/64 \end_layout \begin_layout Code + } \end_layout \begin_layout Code + option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code + option domain domain.example \end_layout \begin_layout Code + } \end_layout @@ -13896,124 +15047,148 @@ Start server in foreground: \end_layout \begin_layout Code + # dibbler-server run \end_layout \begin_layout Code + | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code + | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code + | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code + | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code + 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code + 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code + 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code + 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code + 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code + 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code + 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code + 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code + 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code + 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code + 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code + 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -14075,6 +15250,7 @@ tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny \end_layout \begin_layout Code + $ man hosts.allow \end_layout @@ -14088,11 +15264,13 @@ In this file, each service which should be positive filtered (means connects \end_layout \begin_layout Code + sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code + daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -14113,6 +15291,7 @@ This file contains all negative filter entries and should normally deny \end_layout \begin_layout Code + ALL: ALL \end_layout @@ -14124,10 +15303,12 @@ If this node is a more sensible one you can replace the standard line above \end_layout \begin_layout Code + ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code + | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -14150,18 +15331,22 @@ A refused connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code + Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code + ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code + Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code + from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -14171,22 +15356,27 @@ A refused connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code + Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code + ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code + Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code + from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code + ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -14200,18 +15390,22 @@ A permitted connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code + Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code + ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code + Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code + from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -14221,18 +15415,22 @@ A permitted connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code + Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code + ¬ port 33381 ssh2 \end_layout \begin_layout Code + Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code + from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -14256,6 +15454,7 @@ Edit the configuration file, ususally /etc/vsftpd/vsftpd.conf, and adjust \end_layout \begin_layout Code + listen_ipv6=yes \end_layout @@ -14283,22 +15482,27 @@ Edit the configuration file, ususally /etc/proftpd.conf, but take care, not \end_layout \begin_layout Code + \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Bind 2001:0DB8::1 \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + \end_layout @@ -14498,30 +15702,37 @@ struct sockaddr_in \end_layout \begin_layout Code + struct sockaddr_in \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sa_family_t sin_family; \end_layout \begin_layout Code + in_port_t sin_port; \end_layout \begin_layout Code + struct in_addr sin_addr; \end_layout \begin_layout Code + /* Plus some padding for alignment */ \end_layout \begin_layout Code + }; \end_layout @@ -14573,34 +15784,42 @@ struct sockaddr_in6 \end_layout \begin_layout Code + struct sockaddr_in6 \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sa_family_t sin6_family; \end_layout \begin_layout Code + in_port_t sin6_port; \end_layout \begin_layout Code + uint32_t sin6_flowinfo; \end_layout \begin_layout Code + struct in6_addr sin6_addr; \end_layout \begin_layout Code + uint32_t sin6_scope_id; \end_layout \begin_layout Code + }; \end_layout @@ -14714,6 +15933,7 @@ fe80::1%eth1 \end_layout \begin_layout Code + Host A (fe80::1) ---- eth0 ---- Host B ---- eth1 ---- Host C (fe80::1) \end_layout @@ -14822,26 +16042,32 @@ recvfrom(2) \end_layout \begin_layout Code + ssize_t recvfrom( int s, \end_layout \begin_layout Code + void *buf, \end_layout \begin_layout Code + size_t len, \end_layout \begin_layout Code + int flags, \end_layout \begin_layout Code + struct sockaddr *from, \end_layout \begin_layout Code + socklen_t *fromlen ); \end_layout @@ -14867,84 +16093,104 @@ struct sockaddr_storage \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Read a message from a remote peer, and return a buffer pointer to \end_layout \begin_layout Code + ** the caller. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** 's' is the file descriptor for the socket. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + char *rcvMsg( int s ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + static char bfr[ 1025 ]; /* Where the msg is stored. */ \end_layout \begin_layout Code + ssize_t count; \end_layout \begin_layout Code + struct sockaddr_storage ss; /* Where the peer adr goes. */ \end_layout \begin_layout Code + socklen_t sslen; \end_layout \begin_layout Code + sslen = sizeof( ss ); \end_layout \begin_layout Code + count = recvfrom( s, \end_layout \begin_layout Code + bfr, \end_layout \begin_layout Code + sizeof( bfr ) - 1, \end_layout \begin_layout Code + 0, \end_layout \begin_layout Code + (struct sockaddr*) &ss, \end_layout \begin_layout Code + &sslen ); \end_layout \begin_layout Code + bfr[ count ] = ' \backslash 0'; /* Null-terminates the message. @@ -14952,10 +16198,12 @@ char *rcvMsg( int s ) \end_layout \begin_layout Code + return bfr; \end_layout \begin_layout Code + } /* End rcvMsg() */ \end_layout @@ -15022,18 +16270,22 @@ getaddrinfo(3) \end_layout \begin_layout Code + int getaddrinfo( const char *node, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + const struct addrinfo *hints, \end_layout \begin_layout Code + struct addrinfo **res ); \end_layout @@ -15092,46 +16344,57 @@ struct addrinfo \end_layout \begin_layout Code + struct addrinfo \end_layout \begin_layout Code + { \end_layout \begin_layout Code + int ai_flags; \end_layout \begin_layout Code + int ai_family; \end_layout \begin_layout Code + int ai_socktype; \end_layout \begin_layout Code + int ai_protocol; \end_layout \begin_layout Code + socklen_t ai_addrlen; \end_layout \begin_layout Code + struct sockaddr *ai_addr; \end_layout \begin_layout Code + char *ai_canonname; \end_layout \begin_layout Code + struct addrinfo *ai_next; \end_layout \begin_layout Code + }; \end_layout @@ -15540,30 +16803,37 @@ struct sockaddr \end_layout \begin_layout Code + int getnameinfo( const struct sockaddr *sa, \end_layout \begin_layout Code + socklen_t salen, \end_layout \begin_layout Code + char *host, \end_layout \begin_layout Code + size_t hostlen, \end_layout \begin_layout Code + char *serv, \end_layout \begin_layout Code + size_t servlen, \end_layout \begin_layout Code + int flags ); \end_layout @@ -15662,6 +16932,7 @@ For security reasons that this author won't pretend to understand, "IPv4 \end_layout \begin_layout Code + ::ffff:192.0.2.1 \end_layout @@ -15732,18 +17003,22 @@ It is possible to assign a hostname to an IPv6 network address in \end_layout \begin_layout Code + ::1 localhost \end_layout \begin_layout Code + 127.0.0.1 localhost \end_layout \begin_layout Code + fe80::2c0:8cff:fe01:2345 pt141 \end_layout \begin_layout Code + 192.0.2.1 pt141 \end_layout @@ -15848,6 +17123,7 @@ The server code is found in file tod6d.c (time-of-day IPv6 daemon). \end_layout \begin_layout Code + tod6d [-v] [service] \end_layout @@ -15874,257 +17150,314 @@ The server handles both TCP and UDP requests on the network. \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * File: tod6d.c \end_layout \begin_layout Code + * Description: Contains source code for an IPv6-capable 'daytime' server. \end_layout \begin_layout Code + * Author: John Wenker, Sr. Software Engineer, \end_layout \begin_layout Code + * Performance Technologies, San Diego, USA \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** System header files. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #include /* errno declaration & error codes. */ \end_layout \begin_layout Code + #include /* getaddrinfo(3) et al. */ \end_layout \begin_layout Code + #include /* sockaddr_in & sockaddr_in6 definition. */ \end_layout \begin_layout Code + #include /* printf(3) et al. */ \end_layout \begin_layout Code + #include /* exit(2). */ \end_layout \begin_layout Code + #include /* String manipulation & memory functions. */ \end_layout \begin_layout Code + #include /* poll(2) and related definitions. */ \end_layout \begin_layout Code + #include /* Socket functions (socket(2), bind(2), etc). */ \end_layout \begin_layout Code + #include /* time(2) & ctime(3). */ \end_layout \begin_layout Code + #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Constants. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code + #define INVALID_DESC -1 /* Invalid file descriptor. */ \end_layout \begin_layout Code + #define MAXCONNQLEN 3 /* Max nbr of connection requests to queue. */ \end_layout \begin_layout Code + #define MAXTCPSCKTS 2 /* One TCP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code + #define MAXUDPSCKTS 2 /* One UDP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code + #define VALIDOPTS "v" /* Valid command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Simple boolean type definition. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Prototypes for internal helper functions. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static int openSckt( const char *service, \end_layout \begin_layout Code + const char *protocol, \end_layout \begin_layout Code + int desc[ ], \end_layout \begin_layout Code + size_t *descSize ); \end_layout \begin_layout Code + static void tod( int tSckt[ ], \end_layout \begin_layout Code + size_t tScktSize, \end_layout \begin_layout Code + int uSckt[ ], \end_layout \begin_layout Code + size_t uScktSize ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Global (within this file only) data objects. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static char hostBfr[ NI_MAXHOST ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code + static const char *pgmName; /* Program name w/o dir prefix. */ \end_layout \begin_layout Code + static char servBfr[ NI_MAXSERV ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code + static boolean verbose = false; /* Verbose mode indication. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Usage macro for command syntax violations. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define USAGE \backslash \end_layout \begin_layout Code + { \backslash \end_layout \begin_layout Code + fprintf( stderr, \backslash \end_layout \begin_layout Code + "Usage: %s [-v] [service] \backslash n", @@ -16133,37 +17466,44 @@ n", \end_layout \begin_layout Code + pgmName ); \backslash \end_layout \begin_layout Code + exit( 127 ); \backslash \end_layout \begin_layout Code + } /* End USAGE macro. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Macro to terminate the program if a system call error occurs. The system \end_layout \begin_layout Code + ** call must be one of the usual type that returns -1 on error. This macro is \end_layout \begin_layout Code + ** a modified version of a macro authored by Dr. V. Vinge, SDSU Dept. @@ -16171,56 +17511,66 @@ n", \end_layout \begin_layout Code + ** Computer Science (retired)... best professor I ever had. I hear he writes \end_layout \begin_layout Code + ** great science fiction in addition to robust code, too. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define CHK(expr) \backslash \end_layout \begin_layout Code + do \backslash \end_layout \begin_layout Code + { \backslash \end_layout \begin_layout Code + if ( (expr) == -1 ) \backslash \end_layout \begin_layout Code + { \backslash \end_layout \begin_layout Code + fprintf( stderr, \backslash \end_layout \begin_layout Code + "%s (line %d): System call ERROR - %s. \backslash n", @@ -16229,30 +17579,35 @@ n", \end_layout \begin_layout Code + pgmName, \backslash \end_layout \begin_layout Code + __LINE__, \backslash \end_layout \begin_layout Code + strerror( errno ) ); \backslash \end_layout \begin_layout Code + exit( 1 ); \backslash \end_layout \begin_layout Code + } /* End IF system call failed. */ \backslash @@ -16260,352 +17615,436 @@ n", \end_layout \begin_layout Code + } while ( false ) \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: main \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Set up a time-of-day server and handle network requests. This server \end_layout \begin_layout Code + * handles both TCP and UDP requests. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * The usual argc and argv parameters to a main() function. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * This is a daemon program and never returns. However, in the degenerate \end_layout \begin_layout Code + * case where no sockets are created, the function returns zero. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + int main( int argc, \end_layout \begin_layout Code + char *argv[ ] ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + int opt; \end_layout \begin_layout Code + const char *service = DFLT_SERVICE; \end_layout \begin_layout Code + int tSckt[ MAXTCPSCKTS ]; /* Array of TCP socket descriptors. */ \end_layout \begin_layout Code + size_t tScktSize = MAXTCPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code + int uSckt[ MAXUDPSCKTS ]; /* Array of UDP socket descriptors. */ \end_layout \begin_layout Code + size_t uScktSize = MAXUDPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Set the program name (w/o directory prefix). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + pgmName = strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code + pgmName = pgmName == NULL ? argv[ 0 ] : pgmName + 1; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command options. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code + while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) >= 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + switch ( opt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 'v': /* Verbose mode. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + verbose = true; \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on command option. */ \end_layout \begin_layout Code + } /* End WHILE processing options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command line arguments. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + switch ( argc - optind ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 0: break; \end_layout \begin_layout Code + case 1: service = argv[ optind ]; break; \end_layout \begin_layout Code + default: USAGE; \end_layout \begin_layout Code + } /* End SWITCH on number of command line arguments. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Open both a TCP and UDP socket, for both IPv4 & IPv6, on which to receive \end_layout \begin_layout Code + ** service requests. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( openSckt( service, "tcp", tSckt, &tScktSize ) < 0 ) || \end_layout \begin_layout Code + ( openSckt( service, "udp", uSckt, &uScktSize ) < 0 ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Run the time-of-day server. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( tScktSize > 0 ) || ( uScktSize > 0 ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + tod( tSckt, /* tod() never returns. */ \end_layout \begin_layout Code + tScktSize, \end_layout \begin_layout Code + uSckt, \end_layout \begin_layout Code + uScktSize ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Since tod() never returns, execution only gets here if no sockets were \end_layout \begin_layout Code + ** created. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: No sockets opened... terminating. \backslash @@ -16613,286 +18052,354 @@ n", \end_layout \begin_layout Code + pgmName ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + return 0; \end_layout \begin_layout Code + } /* End main() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: openSckt \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Open passive (server) sockets for the indicated inet service & protocol. \end_layout \begin_layout Code + * Notice in the last sentence that "sockets" is plural. During the interim \end_layout \begin_layout Code + * transition period while everyone is switching over to IPv6, the server \end_layout \begin_layout Code + * application has to open two sockets on which to listen for connections... \end_layout \begin_layout Code + * one for IPv4 traffic and one for IPv6 traffic. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * service - Pointer to a character string representing the well-known port \end_layout \begin_layout Code + * on which to listen (can be a service name or a decimal number). \end_layout \begin_layout Code + * protocol - Pointer to a character string representing the transport layer \end_layout \begin_layout Code + * protocol (only "tcp" or "udp" are valid). \end_layout \begin_layout Code + * desc - Pointer to an array into which the socket descriptors are \end_layout \begin_layout Code + * placed when opened. \end_layout \begin_layout Code + * descSize - This is a value-result parameter. On input, it contains the \end_layout \begin_layout Code + * max number of descriptors that can be put into 'desc' (i.e. the \end_layout \begin_layout Code + * number of elements in the array). Upon return, it will contain \end_layout \begin_layout Code + * the number of descriptors actually opened. Any unused slots in \end_layout \begin_layout Code + * 'desc' are set to INVALID_DESC. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * 0 on success, -1 on error. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static int openSckt( const char *service, \end_layout \begin_layout Code + const char *protocol, \end_layout \begin_layout Code + int desc[ ], \end_layout \begin_layout Code + size_t *descSize ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct addrinfo *ai; \end_layout \begin_layout Code + int aiErr; \end_layout \begin_layout Code + struct addrinfo *aiHead; \end_layout \begin_layout Code + struct addrinfo hints = { .ai_flags = AI_PASSIVE, /* Server mode. \end_layout \begin_layout Code + ¬ */ \end_layout \begin_layout Code + .ai_family = PF_UNSPEC }; /* IPv4 or IPv6. \end_layout \begin_layout Code + ¬ */ \end_layout \begin_layout Code + size_t maxDescs = *descSize; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Initialize output parameters. When the loop completes, *descSize is 0. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + while ( *descSize > 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + desc[ --( *descSize ) ] = INVALID_DESC; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Check which protocol is selected (only TCP and UDP are valid). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( strcmp( protocol, "tcp" ) == 0 ) /* TCP protocol. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + hints.ai_socktype = SOCK_STREAM; \end_layout \begin_layout Code + hints.ai_protocol = IPPROTO_TCP; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + else if ( strcmp( protocol, "udp" ) == 0 ) /* UDP protocol. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + hints.ai_socktype = SOCK_DGRAM; \end_layout \begin_layout Code + hints.ai_protocol = IPPROTO_UDP; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + else /* Invalid protocol. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown transport " \end_layout \begin_layout Code + "layer protocol \backslash "%s @@ -16903,191 +18410,235 @@ n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + protocol ); \end_layout \begin_layout Code + return -1; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Look up the service's well-known port number. Notice that NULL is being \end_layout \begin_layout Code + ** passed for the 'node' parameter, and that the AI_PASSIVE flag is set in \end_layout \begin_layout Code + ** 'hints'. Thus, the program is requesting passive address information. \end_layout \begin_layout Code + ** The network address is initialized to :: (all zeros) for IPv6 records, or \end_layout \begin_layout Code + ** 0.0.0.0 for IPv4 records. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( aiErr = getaddrinfo( NULL, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + &hints, \end_layout \begin_layout Code + &aiHead ) ) != 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + gai_strerror( aiErr ) ); \end_layout \begin_layout Code + return -1; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** For each of the address records returned, attempt to set up a passive \end_layout \begin_layout Code + ** socket. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( ai = aiHead; \end_layout \begin_layout Code + ( ai != NULL ) && ( *descSize < maxDescs ); \end_layout \begin_layout Code + ai = ai->ai_next ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the current address info. Start with the protocol- \end_layout \begin_layout Code + ** independent fields first. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Setting up a passive socket based on the " \end_layout \begin_layout Code + "following address info: \backslash n" \end_layout \begin_layout Code + " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code + " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -17095,6 +18646,7 @@ n" \end_layout \begin_layout Code + " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -17102,512 +18654,629 @@ n" \end_layout \begin_layout Code + " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + ai->ai_flags, \end_layout \begin_layout Code + ai->ai_family, \end_layout \begin_layout Code + PF_INET, \end_layout \begin_layout Code + PF_INET6, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + SOCK_STREAM, \end_layout \begin_layout Code + SOCK_DGRAM, \end_layout \begin_layout Code + ai->ai_protocol, \end_layout \begin_layout Code + IPPROTO_TCP, \end_layout \begin_layout Code + IPPROTO_UDP, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Now display the protocol-specific formatted socket address. Note \end_layout \begin_layout Code + ** that the program is requesting that getnameinfo(3) convert the \end_layout \begin_layout Code + ** host & service into numeric strings. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + switch ( ai->ai_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in *p = (struct sockaddr_in*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + p->sin_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4. */ \end_layout \begin_layout Code + case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in6 *p = (struct sockaddr_in6*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + p->sin6_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + p->sin6_flowinfo, \end_layout \begin_layout Code + p->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6. */ \end_layout \begin_layout Code + default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + ai->ai_family ); \end_layout \begin_layout Code + freeaddrinfo( aiHead ); \end_layout \begin_layout Code + return -1; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code + } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Create a socket using the info in the addrinfo structure. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + CHK( desc[ *descSize ] = socket( ai->ai_family, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + ai->ai_protocol ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Here is the code that prevents "IPv4 mapped addresses", as discussed \end_layout \begin_layout Code + ** in Section 22.1.3.1. If an IPv6 socket was just created, then set the \end_layout \begin_layout Code + ** IPV6_V6ONLY socket option. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + #if defined( IPV6_V6ONLY ) \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Disable IPv4 mapped addresses. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + int v6Only = 1; \end_layout \begin_layout Code + CHK( setsockopt( desc[ *descSize ], \end_layout \begin_layout Code + IPPROTO_IPV6, \end_layout \begin_layout Code + IPV6_V6ONLY, \end_layout \begin_layout Code + &v6Only, \end_layout \begin_layout Code + sizeof( v6Only ) ) ); \end_layout \begin_layout Code + #else \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** IPV6_V6ONLY is not defined, so the socket option can't be set and \end_layout \begin_layout Code + ** thus IPv4 mapped addresses can't be disabled. Print a warning \end_layout \begin_layout Code + ** message and close the socket. Design note: If the \end_layout \begin_layout Code + ** #if...#else...#endif construct were removed, then this program \end_layout \begin_layout Code + ** would not compile (because IPV6_V6ONLY isn't defined). That's an \end_layout \begin_layout Code + ** acceptable approach; IPv4 mapped addresses are certainly disabled \end_layout \begin_layout Code + ** if the program can't build! However, since this program is also \end_layout \begin_layout Code + ** designed to work for IPv4 sockets as well as IPv6, I decided to \end_layout \begin_layout Code + ** allow the program to compile when IPV6_V6ONLY is not defined, and \end_layout \begin_layout Code + ** turn it into a run-time warning rather than a compile-time error. \end_layout \begin_layout Code + ** IPv4 mapped addresses are still disabled because _all_ IPv6 traffic \end_layout \begin_layout Code + ** is disabled (all IPv6 sockets are closed here), but at least this \end_layout \begin_layout Code + ** way the server can still service IPv4 network traffic. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): WARNING - Cannot set IPV6_V6ONLY socket " \end_layout \begin_layout Code + "option. Closing IPv6 %s socket. \backslash @@ -17615,556 +19284,690 @@ n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + ai->ai_protocol == IPPROTO_TCP ? "TCP" : "UDP" ); \end_layout \begin_layout Code + CHK( close( desc[ *descSize ] ) ); \end_layout \begin_layout Code + continue; /* Go to top of FOR loop w/o updating *descSize! */ \end_layout \begin_layout Code + #endif /* IPV6_V6ONLY */ \end_layout \begin_layout Code + } /* End IF this is an IPv6 socket. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Bind the socket. Again, the info from the addrinfo structure is used. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + CHK( bind( desc[ *descSize ], \end_layout \begin_layout Code + ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** If this is a TCP socket, put the socket into passive listening mode \end_layout \begin_layout Code + ** (listen is only valid on connection-oriented sockets). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ai->ai_socktype == SOCK_STREAM ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + CHK( listen( desc[ *descSize ], \end_layout \begin_layout Code + MAXCONNQLEN ) ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Socket set up okay. Bump index to next descriptor array element. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + *descSize += 1; \end_layout \begin_layout Code + } /* End FOR each address info structure returned. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Dummy check for unused address records. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose && ( ai != NULL ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): WARNING - Some address records were " \end_layout \begin_layout Code + "not processed due to insufficient array space. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__ ); \end_layout \begin_layout Code + } /* End IF verbose and some address records remain unprocessed. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Clean up. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + freeaddrinfo( aiHead ); \end_layout \begin_layout Code + return 0; \end_layout \begin_layout Code + } /* End openSckt() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: tod \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Listen on a set of sockets and send the current time-of-day to any \end_layout \begin_layout Code + * clients. This function never returns. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * tSckt - Array of TCP socket descriptors on which to listen. \end_layout \begin_layout Code + * tScktSize - Size of the tSckt array (nbr of elements). \end_layout \begin_layout Code + * uSckt - Array of UDP socket descriptors on which to listen. \end_layout \begin_layout Code + * uScktSize - Size of the uSckt array (nbr of elements). \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: None. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static void tod( int tSckt[ ], \end_layout \begin_layout Code + size_t tScktSize, \end_layout \begin_layout Code + int uSckt[ ], \end_layout \begin_layout Code + size_t uScktSize ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + char bfr[ 256 ]; \end_layout \begin_layout Code + ssize_t count; \end_layout \begin_layout Code + struct pollfd *desc; \end_layout \begin_layout Code + size_t descSize = tScktSize + uScktSize; \end_layout \begin_layout Code + int idx; \end_layout \begin_layout Code + int newSckt; \end_layout \begin_layout Code + struct sockaddr *sadr; \end_layout \begin_layout Code + socklen_t sadrLen; \end_layout \begin_layout Code + struct sockaddr_storage sockStor; \end_layout \begin_layout Code + int status; \end_layout \begin_layout Code + size_t timeLen; \end_layout \begin_layout Code + char *timeStr; \end_layout \begin_layout Code + time_t timeVal; \end_layout \begin_layout Code + ssize_t wBytes; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Allocate memory for the poll(2) array. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + desc = malloc( descSize * sizeof( struct pollfd ) ); \end_layout \begin_layout Code + if ( desc == NULL ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + strerror( ENOMEM ) ); \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Initialize the poll(2) array. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + desc[ idx ].fd = idx < tScktSize ? tSckt[ idx ] \end_layout \begin_layout Code + : uSckt[ idx - tScktSize ]; \end_layout \begin_layout Code + desc[ idx ].events = POLLIN; \end_layout \begin_layout Code + desc[ idx ].revents = 0; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Main time-of-day server loop. Handles both TCP & UDP requests. This is \end_layout \begin_layout Code + ** an interative server, and all requests are handled directly within the \end_layout \begin_layout Code + ** main loop. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + while ( true ) /* Do forever. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Wait for activity on one of the sockets. The DO..WHILE construct is \end_layout \begin_layout Code + ** used to restart the system call in the event the process is \end_layout \begin_layout Code + ** interrupted by a signal. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + do \end_layout \begin_layout Code + { \end_layout \begin_layout Code + status = poll( desc, \end_layout \begin_layout Code + descSize, \end_layout \begin_layout Code + -1 /* Wait indefinitely for input. */ ); \end_layout \begin_layout Code + } while ( ( status < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code + CHK( status ); /* Check for a bona fide system call error. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Get the current time. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + timeVal = time( NULL ); \end_layout \begin_layout Code + timeStr = ctime( &timeVal ); \end_layout \begin_layout Code + timeLen = strlen( timeStr ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Indicate that there is new network activity. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + char *s = malloc( timeLen+1 ); \end_layout \begin_layout Code + strcpy( s, timeStr ); \end_layout \begin_layout Code + s[ timeLen-1 ] = ' \backslash 0'; /* Overwrite ' @@ -18174,743 +19977,913 @@ n' in date string. \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: New network activity on %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + s ); \end_layout \begin_layout Code + free( s ); \end_layout \begin_layout Code + } /* End IF verbose. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process sockets with input available. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + switch ( desc[ idx ].revents ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 0: /* No activity on this socket; try the next. */ \end_layout \begin_layout Code + continue; \end_layout \begin_layout Code + case POLLIN: /* Network activity. Go process it. */ \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + default: /* Invalid poll events. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Invalid poll event (0x%02X). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + desc[ idx ].revents ); \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on returned poll events. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Determine if this is a TCP request or UDP request. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( idx < tScktSize ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** TCP connection requested. Accept it. Notice the use of \end_layout \begin_layout Code + ** the sockaddr_storage data type. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code + sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code + CHK( newSckt = accept( desc[ idx ].fd, \end_layout \begin_layout Code + sadr, \end_layout \begin_layout Code + &sadrLen ) ); \end_layout \begin_layout Code + CHK( shutdown( newSckt, /* Server never recv's anything. */ \end_layout \begin_layout Code + SHUT_RD ) ); \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the socket address of the remote client. Begin with \end_layout \begin_layout Code + ** the address-independent fields. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Sockaddr info for new TCP client: \backslash n" \end_layout \begin_layout Code + " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + sadr->sa_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + sadrLen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address-specific fields. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( sadr, \end_layout \begin_layout Code + sadrLen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Notice that we're switching on an address family now, not a \end_layout \begin_layout Code + ** protocol family. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + switch ( sadr->sa_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + p->sin_family, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4. */ \end_layout \begin_layout Code + case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + p->sin6_family, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + p->sin6_flowinfo, \end_layout \begin_layout Code + p->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6. */ \end_layout \begin_layout Code + default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code + "family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + sadr->sa_family ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code + } /* End SWITCH on address family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Send the TOD to the client. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + wBytes = timeLen; \end_layout \begin_layout Code + while ( wBytes > 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + do \end_layout \begin_layout Code + { \end_layout \begin_layout Code + count = write( newSckt, \end_layout \begin_layout Code + timeStr, \end_layout \begin_layout Code + wBytes ); \end_layout \begin_layout Code + } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code + CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code + wBytes -= count; \end_layout \begin_layout Code + } /* End WHILE there is data to send. */ \end_layout \begin_layout Code + CHK( close( newSckt ) ); \end_layout \begin_layout Code + } /* End IF this was a TCP connection request. */ \end_layout \begin_layout Code + else \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** This is a UDP socket, and a datagram is available. The funny \end_layout \begin_layout Code + ** thing about UDP requests is that this server doesn't require any \end_layout \begin_layout Code + ** client input; but it can't send the TOD unless it knows a client \end_layout \begin_layout Code + ** wants the data, and the only way that can occur with UDP is if \end_layout \begin_layout Code + ** the server receives a datagram from the client. Thus, the \end_layout \begin_layout Code + ** server must receive _something_, but the content of the datagram \end_layout \begin_layout Code + ** is irrelevant. Read in the datagram. Again note the use of \end_layout \begin_layout Code + ** sockaddr_storage to receive the address. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code + sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code + CHK( count = recvfrom( desc[ idx ].fd, \end_layout \begin_layout Code + bfr, \end_layout \begin_layout Code + sizeof( bfr ), \end_layout \begin_layout Code + 0, \end_layout \begin_layout Code + sadr, \end_layout \begin_layout Code + &sadrLen ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display whatever was received on stdout. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + ssize_t rBytes = count; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: UDP datagram received (%d bytes). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + count ); \end_layout \begin_layout Code + while ( count > 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fputc( bfr[ rBytes - count-- ], \end_layout \begin_layout Code + stdout ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + if ( bfr[ rBytes-1 ] != ' \backslash n' ) \end_layout \begin_layout Code + fputc( ' \backslash n', stdout ); /* Newline also flushes stdout. @@ -18918,403 +20891,493 @@ n', stdout ); /* Newline also flushes stdout. \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the socket address of the remote client. Address- \end_layout \begin_layout Code + ** independent fields first. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Remote client's sockaddr info: \backslash n" \end_layout \begin_layout Code + " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + sadr->sa_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + sadrLen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address-specific information. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( sadr, \end_layout \begin_layout Code + sadrLen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + switch ( sadr->sa_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + p->sin_family, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4 address. */ \end_layout \begin_layout Code + case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + p->sin6_family, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + p->sin6_flowinfo, \end_layout \begin_layout Code + p->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6 address. */ \end_layout \begin_layout Code + default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code + "family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + sadr->sa_family ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code + } /* End SWITCH on address family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Send the time-of-day to the client. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + wBytes = timeLen; \end_layout \begin_layout Code + while ( wBytes > 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + do \end_layout \begin_layout Code + { \end_layout \begin_layout Code + count = sendto( desc[ idx ].fd, \end_layout \begin_layout Code + timeStr, \end_layout \begin_layout Code + wBytes, \end_layout \begin_layout Code + 0, \end_layout \begin_layout Code + sadr, /* Address & address length */ \end_layout \begin_layout Code + sadrLen ); /* received in recvfrom(). */ \end_layout \begin_layout Code + } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code + CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code + wBytes -= count; \end_layout \begin_layout Code + } /* End WHILE there is data to send. */ \end_layout \begin_layout Code + } /* End ELSE a UDP datagram is available. */ \end_layout \begin_layout Code + desc[ idx ].revents = 0; /* Clear the returned poll events. */ \end_layout \begin_layout Code + } /* End FOR each socket descriptor. */ \end_layout \begin_layout Code + } /* End WHILE forever. */ \end_layout \begin_layout Code + } /* End tod() */ \end_layout @@ -19329,6 +21392,7 @@ The TCP client code is found in file tod6tc.c (time-of-day IPv6 TCP client). \end_layout \begin_layout Code + tod6tc [-v] [-s scope_id] [host [service]] \end_layout @@ -19369,216 +21433,265 @@ The TCP client source code contained in tod6tc.c follows: \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * File: tod6tc.c \end_layout \begin_layout Code + * Description: Contains source code for an IPv6-capable 'daytime' TCP client. \end_layout \begin_layout Code + * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code + * Performance Technologies, San Diego, USA \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** System header files. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #include /* errno declaration and error codes. */ \end_layout \begin_layout Code + #include /* if_nametoindex(3). */ \end_layout \begin_layout Code + #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code + #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code + #include /* printf(3) et al. */ \end_layout \begin_layout Code + #include /* exit(2). */ \end_layout \begin_layout Code + #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code + #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code + #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Constants & macros. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code + #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code + #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code + #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code + #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code + #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Type definitions (for convenience). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code + typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code + typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Prototypes for internal helper functions. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static int openSckt( const char *host, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + unsigned int scopeId ); \end_layout \begin_layout Code + static void tod( int sckt ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Global (within this file only) data objects. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code + static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Usage macro. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define USAGE \backslash @@ -19586,6 +21699,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + { \backslash @@ -19593,6 +21707,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + fprintf( stderr, \backslash @@ -19600,6 +21715,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -19608,6 +21724,7 @@ n", \end_layout \begin_layout Code + pgmName ); \backslash @@ -19615,6 +21732,7 @@ n", \end_layout \begin_layout Code + exit( 127 ); \backslash @@ -19622,20 +21740,24 @@ n", \end_layout \begin_layout Code + } /* End USAGE macro. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code + ** CHK() macro by Dr. V. Vinge (see server code). @@ -19643,540 +21765,669 @@ n", \end_layout \begin_layout Code + ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code + ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code + ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code + ** of the system call. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code + ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code + ** { \end_layout \begin_layout Code + ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code + ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code + ** } \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code + int lineNbr, \end_layout \begin_layout Code + int status ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + lineNbr, \end_layout \begin_layout Code + syscallName, \end_layout \begin_layout Code + strerror( errno ) ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code + } /* End SYSCALL() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: main \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code + * stdout. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * This function always returns zero. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + int main( int argc, \end_layout \begin_layout Code + char *argv[ ] ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + const char *host = DFLT_HOST; \end_layout \begin_layout Code + int opt; \end_layout \begin_layout Code + int sckt; \end_layout \begin_layout Code + unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code + const char *service = DFLT_SERVICE; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code + pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command line options. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code + while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + switch ( opt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code + if ( scopeId == 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + optarg ); \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 'v': /* Verbose mode. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + verbose = true; \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on command option. */ \end_layout \begin_layout Code + } /* End WHILE processing command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code + ** index of the first NON-option argv element. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + switch ( argc - optind ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + service = argv[ optind + 1 ]; \end_layout \begin_layout Code + /***** Fall through *****/ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + host = argv[ optind ]; \end_layout \begin_layout Code + /***** Fall through *****/ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 0: /* Use default host & service. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Open a connection to the indicated host/service. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code + ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code + ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code + ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code + ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code + ** command line. \end_layout \begin_layout Code + ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code + ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code + ** sockets). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( sckt = openSckt( host, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: Sorry... a connection could not be established. \backslash @@ -20184,524 +22435,646 @@ n", \end_layout \begin_layout Code + pgmName ); \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Get the remote time-of-day. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + tod( sckt ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Close the connection and terminate. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + (void) SYSCALL( "close", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + close( sckt ) ); \end_layout \begin_layout Code + return 0; \end_layout \begin_layout Code + } /* End main() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: openSckt \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Sets up a TCP connection to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code + * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code + * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code + * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code + * when either a connection has been established or all records in the list \end_layout \begin_layout Code + * have been processed. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code + * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code + * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code + * well-known port number. \end_layout \begin_layout Code + * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code + * network interface on which to set up the connection. This \end_layout \begin_layout Code + * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code + * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code + * network address is augmented with the scope ID). \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code + * address records have been processed and a connection could not be \end_layout \begin_layout Code + * established. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static int openSckt( const char *host, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + unsigned int scopeId ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct addrinfo *ai; \end_layout \begin_layout Code + int aiErr; \end_layout \begin_layout Code + struct addrinfo *aiHead; \end_layout \begin_layout Code + struct addrinfo hints; \end_layout \begin_layout Code + sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code + int sckt; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code + ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code + ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code + ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code + ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code + ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code + ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code + ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code + ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code + hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code + hints.ai_socktype = SOCK_STREAM; /* Connection-oriented byte stream. */ \end_layout \begin_layout Code + hints.ai_protocol = IPPROTO_TCP; /* TCP transport layer protocol only. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Look up the host/service information. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + &hints, \end_layout \begin_layout Code + &aiHead ) ) != 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + gai_strerror( aiErr ) ); \end_layout \begin_layout Code + return INVALID_DESC; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code + ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code + ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code + ai = ai->ai_next ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code + if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code + } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code + } /* End IPv6 kluge. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address info for the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Temporary character string buffers for host & service. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code + char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address information just fetched. Start with the \end_layout \begin_layout Code + ** common (protocol-independent) stuff first. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Address info: \backslash n" \end_layout \begin_layout Code + " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code + " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -20709,6 +23082,7 @@ n" \end_layout \begin_layout Code + " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -20716,608 +23090,751 @@ n" \end_layout \begin_layout Code + " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + ai->ai_flags, \end_layout \begin_layout Code + ai->ai_family, \end_layout \begin_layout Code + PF_INET, \end_layout \begin_layout Code + PF_INET6, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + SOCK_STREAM, \end_layout \begin_layout Code + SOCK_DGRAM, \end_layout \begin_layout Code + ai->ai_protocol, \end_layout \begin_layout Code + IPPROTO_TCP, \end_layout \begin_layout Code + IPPROTO_UDP, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the protocol-specific formatted address. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + switch ( ai->ai_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + pSadrIn->sin_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code + case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + pSadrIn6->sin6_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code + pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code + default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + ai->ai_family ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code + } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Create a socket. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "socket", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + sckt = socket( ai->ai_family, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + ai->ai_protocol ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sckt = INVALID_DESC; \end_layout \begin_layout Code + continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Connect to the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "connect", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + connect( sckt, \end_layout \begin_layout Code + ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code + sckt = INVALID_DESC; \end_layout \begin_layout Code + continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Clean up & return. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + freeaddrinfo( aiHead ); \end_layout \begin_layout Code + return sckt; \end_layout \begin_layout Code + } /* End openSckt() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: tod \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: None. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static void tod( int sckt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code + int inBytes; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** The client never sends anything, so shut down the write side of the \end_layout \begin_layout Code + ** connection. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "shutdown", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + shutdown( sckt, SHUT_WR ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + return; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Read the time-of-day from the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + do \end_layout \begin_layout Code + { \end_layout \begin_layout Code + if ( !SYSCALL( "read", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + inBytes = read( sckt, \end_layout \begin_layout Code + bfr, \end_layout \begin_layout Code + MAXBFRSIZE ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + return; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -21325,19 +23842,23 @@ static void tod( int sckt ) \end_layout \begin_layout Code + fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code + } while ( inBytes > 0 ); \end_layout \begin_layout Code + fflush( stdout ); \end_layout \begin_layout Code + } /* End tod() */ \end_layout @@ -21354,6 +23875,7 @@ The UDP client code is found in file tod6uc.c (time-of-day IPv6 UDP client). \end_layout \begin_layout Code + tod6uc [-v] [-s scope_id] [host [service]] \end_layout @@ -21394,216 +23916,265 @@ The UDP client source code contained in tod6uc.c follows: \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * File: tod6uc.c \end_layout \begin_layout Code + * Description: Contains source code for an IPv6-capable 'daytime' UDP client. \end_layout \begin_layout Code + * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code + * Performance Technologies, San Diego, USA \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** System header files. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #include /* errno declaration and error codes. */ \end_layout \begin_layout Code + #include /* if_nametoindex(3). */ \end_layout \begin_layout Code + #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code + #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code + #include /* printf(3) et al. */ \end_layout \begin_layout Code + #include /* exit(2). */ \end_layout \begin_layout Code + #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code + #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code + #include /* getopt(3), recvfrom(2), sendto(2), etc. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Constants & macros. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code + #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code + #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code + #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code + #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code + #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Type definitions (for convenience). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code + typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code + typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Prototypes for internal helper functions. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static int openSckt( const char *host, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + unsigned int scopeId ); \end_layout \begin_layout Code + static void tod( int sckt ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Global (within this file only) data objects. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code + static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Usage macro. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define USAGE \backslash @@ -21611,6 +24182,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + { \backslash @@ -21618,6 +24190,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + fprintf( stderr, \backslash @@ -21625,6 +24198,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -21633,6 +24207,7 @@ n", \end_layout \begin_layout Code + pgmName ); \backslash @@ -21640,6 +24215,7 @@ n", \end_layout \begin_layout Code + exit( 127 ); \backslash @@ -21647,20 +24223,24 @@ n", \end_layout \begin_layout Code + } /* End USAGE macro. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code + ** CHK() macro by Dr. V. Vinge (see server code). @@ -21668,1065 +24248,1316 @@ n", \end_layout \begin_layout Code + ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code + ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code + ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code + ** of the system call. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code + ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code + ** { \end_layout \begin_layout Code + ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code + ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code + ** } \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code + int lineNbr, \end_layout \begin_layout Code + int status ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + lineNbr, \end_layout \begin_layout Code + syscallName, \end_layout \begin_layout Code + strerror( errno ) ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code + } /* End SYSCALL() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: main \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code + * stdout. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * This function always returns zero. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + int main( int argc, \end_layout \begin_layout Code + char *argv[ ] ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + const char *host = DFLT_HOST; \end_layout \begin_layout Code + int opt; \end_layout \begin_layout Code + int sckt; \end_layout \begin_layout Code + unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code + const char *service = DFLT_SERVICE; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code + pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command line options. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code + while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + switch ( opt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code + if ( scopeId == 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + optarg ); \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 'v': /* Verbose mode. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + verbose = true; \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on command option. */ \end_layout \begin_layout Code + } /* End WHILE processing command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code + ** index of the first NON-option argv element. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + switch ( argc - optind ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + service = argv[ optind + 1 ]; \end_layout \begin_layout Code + /***** Fall through *****/ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + host = argv[ optind ]; \end_layout \begin_layout Code + /***** Fall through *****/ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 0: /* Use default host & service. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Open a connection to the indicated host/service. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code + ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code + ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code + ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code + ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code + ** command line. \end_layout \begin_layout Code + ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code + ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code + ** sockets). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( sckt = openSckt( host, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: Sorry... a connectionless socket could " \end_layout \begin_layout Code + "not be set up. \backslash n", \end_layout \begin_layout Code + pgmName ); \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Get the remote time-of-day. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + tod( sckt ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Close the connection and terminate. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + (void) SYSCALL( "close", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + close( sckt ) ); \end_layout \begin_layout Code + return 0; \end_layout \begin_layout Code + } /* End main() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: openSckt \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Sets up a UDP socket to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code + * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code + * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code + * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code + * when either a connection has been established or all records in the list \end_layout \begin_layout Code + * have been processed. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code + * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code + * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code + * well-known port number. \end_layout \begin_layout Code + * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code + * network interface on which to exchange datagrams. This \end_layout \begin_layout Code + * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code + * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code + * network address is augmented with the scope ID). \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code + * address records have been processed and a socket could not be initialized. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static int openSckt( const char *host, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + unsigned int scopeId ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct addrinfo *ai; \end_layout \begin_layout Code + int aiErr; \end_layout \begin_layout Code + struct addrinfo *aiHead; \end_layout \begin_layout Code + struct addrinfo hints; \end_layout \begin_layout Code + sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code + int sckt; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code + ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code + ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code + ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code + ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code + ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code + ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code + ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code + ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code + hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code + hints.ai_socktype = SOCK_DGRAM; /* Connectionless communication. */ \end_layout \begin_layout Code + hints.ai_protocol = IPPROTO_UDP; /* UDP transport layer protocol only. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Look up the host/service information. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + &hints, \end_layout \begin_layout Code + &aiHead ) ) != 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + gai_strerror( aiErr ) ); \end_layout \begin_layout Code + return INVALID_DESC; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code + ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code + ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code + ai = ai->ai_next ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code + if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code + } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code + } /* End IPv6 kluge. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address info for the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Temporary character string buffers for host & service. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code + char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address information just fetched. Start with the \end_layout \begin_layout Code + ** common (protocol-independent) stuff first. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Address info: \backslash n" \end_layout \begin_layout Code + " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code + " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -22734,6 +25565,7 @@ n" \end_layout \begin_layout Code + " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -22741,606 +25573,748 @@ n" \end_layout \begin_layout Code + " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + ai->ai_flags, \end_layout \begin_layout Code + ai->ai_family, \end_layout \begin_layout Code + PF_INET, \end_layout \begin_layout Code + PF_INET6, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + SOCK_STREAM, \end_layout \begin_layout Code + SOCK_DGRAM, \end_layout \begin_layout Code + ai->ai_protocol, \end_layout \begin_layout Code + IPPROTO_TCP, \end_layout \begin_layout Code + IPPROTO_UDP, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the protocol-specific formatted address. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + switch ( ai->ai_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + pSadrIn->sin_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code + case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + pSadrIn6->sin6_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code + pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code + default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + ai->ai_family ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code + } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Create a socket. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "socket", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + sckt = socket( ai->ai_family, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + ai->ai_protocol ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sckt = INVALID_DESC; \end_layout \begin_layout Code + continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Set the target destination for the remote host on this socket. That \end_layout \begin_layout Code + ** is, this socket only communicates with the specified host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "connect", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + connect( sckt, \end_layout \begin_layout Code + ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code + sckt = INVALID_DESC; \end_layout \begin_layout Code + continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Clean up & return. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + freeaddrinfo( aiHead ); \end_layout \begin_layout Code + return sckt; \end_layout \begin_layout Code + } /* End openSckt() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: tod \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: None. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static void tod( int sckt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code + int inBytes; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Send a datagram to the server to wake it up. The content isn't \end_layout \begin_layout Code + ** important, but something must be sent to let it know we want the TOD. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "write", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + write( sckt, "Are you there?", 14 ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + return; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Read the time-of-day from the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "read", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + inBytes = read( sckt, \end_layout \begin_layout Code + bfr, \end_layout \begin_layout Code + MAXBFRSIZE ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + return; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -23348,15 +26322,18 @@ static void tod( int sckt ) \end_layout \begin_layout Code + fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code + fflush( stdout ); \end_layout \begin_layout Code + } /* End tod() */ \end_layout diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.pdf index 328bcbdc..225f5932 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.sgml index 5c0a883f..2c9eb808 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.sgml @@ -103,7 +103,7 @@ Técnico <!-- anchor id="general-original-source" -->Fonte original deste HOWTO -Este HOWTO foi escrito usando LyX versão 1.6.1 em um sistema Linux Fedora 10 com o template SGML/XML (DocBook). Ele está disponível emTLDP-CVS / users / Peter-Bieringer para contribuições. +Este HOWTO foi escrito usando LyX versão 1.6.1 em um sistema Linux Fedora 10 com o template SGML/XML (DocBook). Ele está disponível em github / tLDP / LDP / users / Peter-Bieringer para contribuições. Divisor de linha de código Eu utilizei um utilitário divisor de linha de código (Code line wrapping - "lyxcodelinewrapper.pl") feito por mim mesmo, e ele está disponível para seu próprio uso emTLDP-CVS / users / Peter-Bieringer Geração de SGML diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml index 39ad8ba9..0c2e15a6 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml @@ -105,7 +105,7 @@ Technical <!-- anchor id="general-original-source" -->Original source of this HOWTO -This HOWTO is currently written with LyX version 1.6.1 on a Fedora 10 Linux system with template SGML/XML (DocBook book). It's available on TLDP-CVS / users / Peter-Bieringer for contribution. +This HOWTO is currently written with LyX version 1.6.1 on a Fedora 10 Linux system with template SGML/XML (DocBook book). It's available on github / tLDP / LDP / users / Peter-Bieringer for contribution. Code line wrapping Code line wrapping is done using selfmade utility “lyxcodelinewrapper.pl”, you can get it from CVS for your own usage: TLDP-CVS / users / Peter-Bieringer SGML generation