diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html index fac0a12c..c3e46f1e 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html @@ -58,10 +58,10 @@ COLSPAN="3" >Revision 0.63Revision 0.642009-02-142009-05-28Revised by: PBRevision 0.62Revision 0.632008-11-092009-02-14Revised by: PB
17.1. Common information
18.2. Preparation
18.3. Usage
19.1. Node security
19.2. Access limitations
20.1. Modes of using encryption and authentication
20.2. Support in kernel (ESP and AH)
20.3. Automatic key exchange (IKE)
20.4. Additional informations:
22.6. ISC Dynamic Host Configuration Server (dhcpd)
22.7. DHCP Server Dibbler
22.8. tcp_wrapper
22.7. 22.9. vsftpd
22.8. 22.10. proftpd
22.9. 22.11. Other daemons
23.2. Other programming languages
25.4. IPv6 Infrastructure
26. Revision history / Credits / The End
26.3. The End
Dibbler by Tomasz Mrugalski <thomson at klub dot com dot pl>

by Tomasz Mrugalski <thomson at klub dot com dot pl> (Hints for configuration)

  • Hints for configuration)

  • ISC DHCP (Hints for configuration)

    • 17.1. Common information

    17.1.1. Node Mobility

    17.1.2. Network Mobility

    17.1.3. Links

    18.1.1. More information

    18.2. Preparation

    18.2.1. Get sources

    18.2.2. Extract sources

    18.2.3. Apply latest iptables/IPv6-related patches to kernel source

    18.2.4. Configure, build and install new kernel

    18.2.5. Rebuild and install binaries of iptables

    18.3. Usage

    18.3.1. Check for support

    18.3.2. Learn how to use ip6tables

    18.3.2.1. List all IPv6 netfilter entries

    18.3.2.2. List specified filter

    18.3.2.3. Insert a log rule at the input filter with options

    18.3.2.4. Insert a drop rule at the input filter

    18.3.2.5. Delete a rule by number

    18.3.2.6. Enable connection tracking

    18.3.2.7. Allow ICMPv6

    18.3.2.8. Rate-limiting

    18.3.2.9. Allow incoming SSH

    18.3.2.10. Enable tunneled IPv6-in-IPv4

    18.3.2.11. Protection against incoming TCP connection requests

    18.3.2.12. Protection against incoming UDP connection requests

    18.3.3. Examples

    18.3.3.1. Simple example for Fedora

    18.3.3.2. Sophisticated example

    19.1. Node security

    19.2. Access limitations

    19.3.1. Legal issues

    19.3.2. Security auditing using IPv6-enabled netcat

    19.3.3. Security auditing using IPv6-enabled nmap

    19.3.4. Security auditing using IPv6-enabled strobe

    19.3.5. Audit results

    20.1. Modes of using encryption and authentication

    20.1.1. Transport mode

    20.1.2. Tunnel mode

    20.2. Support in kernel (ESP and AH)

    20.2.1. Support in vanilla Linux kernel 2.4.x

    20.2.2. Support in vanilla Linux kernel 2.6.x

    20.3. Automatic key exchange (IKE)

    20.3.1. IKE daemon “racoon”

    20.3.1.1. Manipulation of the IPsec SA/SP database with the tool “setkey”

    20.3.1.2. Configuration of the IKE daemon “racoon”

    20.3.1.3. Running IPsec with IKE daemon “racoon”

    20.3.2. IKE daemon “pluto”

    20.3.2.1. Configuration of the IKE daemon “pluto”

    20.3.2.2. Running IPsec with IKE daemon “pluto”

    20.4. Additional informations:

    22.1.1. Listening on IPv6 addresses

    22.1.1.1. Enable BIND named for listening on IPv6 address

    22.1.1.2. Disable BIND named for listening on IPv6 address

    22.1.2. IPv6 enabled Access Control Lists (ACL)

    22.1.3. Sending queries with dedicated IPv6 address

    22.1.4. Per zone defined dedicated IPv6 addresses

    22.1.4.1. Transfer source address

    22.1.4.2. Notify source address

    22.1.5. IPv6 DNS zone files examples

    22.1.6. Serving IPv6 related DNS data

    22.1.6.1. Current best practice

    22.1.7. Checking IPv6-enabled connect

    22.1.7.1. IPv6 connect, but denied by ACL

    22.1.7.2. Successful IPv6 connect

    22.3.1. Listening on IPv6 addresses

    22.3.1.1. Virtual host listen on an IPv6 address only

    22.3.1.2. Virtual host listen on an IPv6 and on an IPv4 address

    22.3.1.3. Additional notes

    22.4.1. Configuring radvd

    22.4.1.1. Simple configuration

    22.4.1.2. Special 6to4 configuration

    22.4.2. Debugging

    You can specify more information than by using radvd. The are most similar to IPv4 DHCP server.

    After a proper configuration, the daemon reacts on received ICMPv6 multicast packets sent by a client to address ff02::16

    After a proper configuration, the daemon reacts on received ICMPv6 multicast packets sent by a client to address ff02::1:2

    22.5.1. Configuration of the DHCPv6 server (dhcp6s)

    22.5.1.1. Simple configuration

    22.5.2. Configuration of the DHCPv6 client (dhcp6c)

    22.5.2.1. Simple configuration

    22.5.3. Usage

    22.5.3.1. dhcpv6_server

    22.5.3.2. dhcpv6_client

    # # dhcp6c -f eth0
    # dhcp6c -f eth0

    22.5.4. Debugging

    22.5.4.1. dhcpv6_server

    22.5.4.2. dhcpv6_client

    As general debugging for test whether the IPv6 DHCP server is reable on the link use an IPv6 ping to the DHCP multicast address:

    # ping6 -i eth0 ff02::1:2

    The client has one foreground and two debug toggles, here is an example:

    22.6. ISC Dynamic Host Configuration Server (dhcpd)

    ISC DHCP supports IPv6 since version 4.x.

    22.6.1. Configuration of the ISC DHCP server for IPv6 (dhcpd)

    Note that currently, the ISC DHCP server can only serve IPv4 or IPv6, means you have to start the daemon twice (for IPv6 with option “-6”) to support both protocols.

    22.6.1.1. Simple configuration

    Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 part of the dhcpd. Note, that the router requires to have a interface configured with an IPv6 address out of the defined subnet.

    default-lease-time 600;
+max-lease-time 7200; 
+log-facility local7; 
+subnet6 2001:db8:0:1::/64 {
+        range6 2001:db8:0:1::129 2001:db8:0:1::254;
+        option dhcp6.name-servers fec0:0:0:1::1;
+        option dhcp6.domain-search "domain.example";
+}

    22.6.2. Usage

    22.6.2.1. dhcpd

    Start server in foreground:

    # /usr/sbin/dhcpd -6 -f -cf /etc/dhcp/dhcpd.conf eth1 
+Internet Systems Consortium DHCP Server 4.1.0 
+Copyright 2004-2008 Internet Systems Consortium. 
+All rights reserved. 
+For info, please visit http://www.isc.org/sw/dhcp/ 
+Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file 
+Wrote 0 leases to leases file. 
+Bound to *:547 
+Listening on Socket/5/eth1/2001:db8:0:1::/64 
+Sending on   Socket/5/eth1/2001:db8:0:1::/64

    22.7. DHCP Server Dibbler

    Dibbler is also a DHCP server

    22.7.1. Configuration of the Dibbler DHCP server for IPv6

    22.7.1.1. Simple configuration

    Create a dedicated configuration file /etc/dibbler/server.conf . Note, that the router requires to have a interface configured with an IPv6 address out of the defined subnet.

    log-level 8 
+log-mode short 
+preference 0 
+iface "eth1" {
+ // also ranges can be defines, instead of exact values  t1 1800-2000  t2 2700-3000
+  prefered-lifetime 3600
+  valid-lifetime 7200
+  class {
+    pool 2001:6f8:12d8:1::/64
+  }
+  option dns-server fec0:0:0:1::1
+  option domain domain.example
+}

    22.7.2. Usage

    22.7.2.1. dibbler-server

    Start server in foreground:

    # dibbler-server run 
+| Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) 
+| Authors : Tomasz Mrugalski<thomson(at)klub.com.pl>,Marek Senderski<msend(at)o2.pl> 
+| Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. 
+| Homepage: http://klub.com.pl/dhcpv6/ 
+2009.05.28 10:18:48 Server Notice    My pid (1789) is stored in /var/lib/dibbler/server.pid 
+2009.05.28 10:18:48 Server Notice    Detected iface eth0/3, MAC=54:52:00:01:23:45. 
+2009.05.28 10:18:48 Server Notice    Detected iface eth1/2, MAC=54:52:00:67:89:ab. 
+2009.05.28 10:18:48 Server Notice    Detected iface lo/1, MAC=00:00:00:00:00:00. 
+2009.05.28 10:18:48 Server Debug     Skipping database loading. 
+2009.05.28 10:18:48 Server Debug     Cache:server-cache.xml file: parsing started, expecting 0 entries. 
+2009.05.28 10:18:48 Server Notice    Parsing /etc/dibbler/server.conf config file... 
+18:48 Server Debug     Setting 0 generic option(s). 
+18:48 Server Debug     0 per-client configurations (exceptions) added. 
+18:48 Server Debug     Parsing /etc/dibbler/server.conf done. 
+18:48 Server Info      0 client class(es) defined. 
+18:48 Server Debug     1 interface(s) specified in /etc/dibbler/server.conf 
+18:48 Server Info      Mapping allow, deny list to class 0:0 allow/deny entries in total. 
+18:48 Server Info      Interface eth1/2 configuration has been loaded. 
+18:48 Server Notice    Running in stateful mode. 
+18:48 Server Info      My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. 
+18:48 Server Notice    Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. 
+18:48 Server Debug     Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. 
+18:48 Server Notice    Accepting connections. Next event in 4294967295 second(s).

    22.6. tcp_wrapper22.8. tcp_wrapper

    tcp_wrapper is a library which can help you to protect service against misuse.

    22.6.1. Filtering capabilities22.8.1. Filtering capabilities

    You can use tcp_wrapper for

    22.6.2. Which program uses tcp_wrapper22.8.2. Which program uses tcp_wrapper

    Following are known:

    22.6.3. Usage22.8.3. Usage

    tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny. For more information see

    22.6.3.1. Example for /etc/hosts.allow22.8.3.1. Example for /etc/hosts.allow

    In this file, each service which should be positive filtered (means connects are accepted) need a line.

    22.6.3.2. Example for /etc/hosts.deny22.8.3.2. Example for /etc/hosts.deny

    This file contains all negative filter entries and should normally deny the rest using

    22.6.4. Logging22.8.4. Logging

    Depending on the entry in the syslog daemon configuration file /etc/syslog.conf the tcp_wrapper logs normally into /var/log/secure.

    22.6.4.1. Refused connection22.8.4.1. Refused connection

    A refused connection via IPv4 to an xinetd covered daytime service produces a line like following example

    22.6.4.2. Permitted connection22.8.4.2. Permitted connection

    A permitted connection via IPv4 to an xinetd covered daytime service produces a line like following example

    22.7. vsftpd22.9. vsftpd

    22.7.1. Listening on IPv6 addresses22.9.1. Listening on IPv6 addresses

    Edit the configuration file, ususally /etc/vsftpd/vsftpd.conf, and adjust the listen option like

    22.8. proftpd22.10. proftpd

    22.8.1. Listening on IPv6 addresses22.10.1. Listening on IPv6 addresses

    Edit the configuration file, ususally /etc/proftpd.conf, but take care, not 100% logical in virtual host setup

    22.9. Other daemons22.11. Other daemons

    Nowadays it's mostly simple, look for either a command line option or a configuration value to enable IPv6 listening. See manual page of the daemon or check related FAQs. It can happen that you can bind a daemon only to the IPv6-“any”-address (::) and not to bind to a dedicated IPv6 address, because the lack of support (depends on that what the programmer has implemented so far...).

    23.1.1. Address Structures

    23.1.1.1. IPv4 sockaddr_in

    23.1.1.2. IPv6 sockaddr_in6

    23.1.1.3. Generic Addresses

    23.1.2. Lookup Functions

    23.1.3. Quirks Encountered

    23.1.3.1. IPv4 Mapped Addresses

    23.1.3.2. Cannot Specify the Scope Identifier in /etc/hosts

    23.1.3.3. Client & Server Residing on the Same Machine

    23.1.4. Putting It All Together (A Client-Server Programming Example)

    Porting applications to IPv6 HowTo. For the record, the source code presented here is original, developed from scratch, and any similarity between it and any other publicly available 'daytime' example is purely coincidental.]. The source code presented in this section was developed and tested on a RedHat Linux release using the 2.6 kernel (2.6.9 to be specific). Readers may use the source code freely, so long as proper credit is attributed; but of course the standard disclaimer must be given first:

    23.1.4.1. 'Daytime' Server Code

    23.1.4.2. 'Daytime' TCP Client Code

    23.1.4.3. 'Daytime' UDP Client Code

    23.2. Other programming languages

    23.2.1. JAVA

    23.2.2. Perl

    25.1.1. Printed Books (English)

    25.1.1.1. Cisco

    25.1.1.2. General

    25.1.2. Articles, eBooks, Online Reviews (mixed)

    25.1.4. Others

    25.2.1. 2004

    25.3.2. Latest news and URLs to other documents

    25.3.3. Protocol references

    25.3.3.1. IPv6-related Request For Comments (RFCs)

    25.3.3.2. Current drafts of working groups

    25.3.3.3. Others

    25.3.4. More information

    25.3.4.1. Linux related

    25.3.4.2. Linux related per distribution

    25.3.4.3. General

    25.3.5. By countries

    25.3.5.1. Europe

    25.3.5.2. Austria

    25.3.5.3. Australia

    25.3.5.4. Belgium

    25.3.5.5. Brasil

    25.3.5.6. China

    25.3.5.7. Czech

    25.3.5.8. Germany

    25.3.5.9. France

    25.3.5.10. Italy

    25.3.5.11. Japan

    25.3.5.12. Korea

    25.3.5.13. Mexico

    25.3.5.14. Netherland

    25.3.5.15. Portugal

    25.3.5.16. Russia

    25.3.5.17. Switzerland

    25.3.5.18. United Kingdom

    25.3.6. By operating systems

    25.3.6.1. *BSD

    25.3.6.2. Cisco IOS

    25.3.6.3. HPUX

    25.3.6.4. IBM

    25.3.6.5. Microsoft

    25.3.6.6. Solaris

    25.3.6.7. Sumitoma

    25.3.6.8. ZebOS

    25.3.8. Application lists

    25.3.8.1. Analyzer tools

    25.3.8.2. IPv6 Products

    25.4. IPv6 Infrastructure

    25.4.1. Statistics

    25.4.2. Internet Exchanges

    25.4.4.4. Radio Stations, Music Streams

    25.6.1. Testing tools

    25.6.2. Information retrievement

    25.6.3. IPv6 Looking Glasses

    25.6.4. Helper applications

    Chapter 26. Revision history / Credits / The End

    26.1.1. Releases 0.x

    0.64

    2009-05-28/PB: extend DHCP server examples (ISC DHCP, Dibbler)

    0.63

    26.2.2. Other credits

    26.2.2.1. Document technique related

    26.3. The End

    \ No newline at end of file diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx index 31c3754e..1942fdca 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx @@ -1,4 +1,4 @@ -#LyX 1.6.1 created this file. For more info see http://www.lyx.org/ +#LyX 1.6.2 created this file. For more info see http://www.lyx.org/ \lyxformat 345 \begin_document \begin_header @@ -84,7 +84,7 @@ status open \begin_layout Plain Layout - 0.63 2009-02-14 PB + 0.64 2009-05-28 PB \end_layout @@ -99,7 +99,7 @@ status open \begin_layout Plain Layout - 0.62 2008-11-09 PB + 0.63 2009-02-14 PB \end_layout @@ -9535,7 +9535,15 @@ target "http://klub.com.pl/dhcpv6/" \end_inset - by Tomasz Mrugalski + by Tomasz Mrugalski ( +\begin_inset CommandInset ref +LatexCommand ref +name "Hints for configuration" +reference "hints-daemons-dibbler" + +\end_inset + +) \end_layout \begin_layout Itemize @@ -9557,6 +9565,25 @@ reference "hints-daemons-dhcpv6" ) \end_layout +\begin_layout Itemize +\begin_inset CommandInset href +LatexCommand href +name "ISC DHCP" +target "http://www.isc.org/software/dhcp" + +\end_inset + + ( +\begin_inset CommandInset ref +LatexCommand ref +name "Hints for configuration" +reference "hints-daemons-isc-dhcp" + +\end_inset + +) +\end_layout + \begin_layout Chapter \begin_inset CommandInset label LatexCommand label @@ -13920,7 +13947,7 @@ You can specify more information than by using radvd. \begin_layout Standard After a proper configuration, the daemon reacts on received ICMPv6 multicast - packets sent by a client to address ff02::16 + packets sent by a client to address ff02::1:2 \end_layout \begin_layout Subsection @@ -14042,7 +14069,7 @@ Start client in foreground, e.g. \end_layout \begin_layout Code -# # dhcp6c -f eth0 +# dhcp6c -f eth0 \end_layout \begin_layout Subsection @@ -14123,6 +14150,361 @@ Oct/03/2005 17:18:17 renew time 60, rebind time 9 Note that the netlink error messages have no impact. \end_layout +\begin_layout Standard +As general debugging for test whether the IPv6 DHCP server is reable on + the link use an IPv6 ping to the DHCP multicast address: +\end_layout + +\begin_layout Code +# ping6 -i eth0 ff02::1:2 +\end_layout + +\begin_layout Section +\begin_inset CommandInset label +LatexCommand label +name "hints-daemons-isc-dhcp" + +\end_inset + +ISC Dynamic Host Configuration Server (dhcpd) +\end_layout + +\begin_layout Standard +ISC DHCP supports IPv6 since version 4.x. +\end_layout + +\begin_layout Subsection +Configuration of the ISC DHCP server for IPv6 (dhcpd) +\end_layout + +\begin_layout Standard +Note that currently, the ISC DHCP server can only serve IPv4 or IPv6, means + you have to start the daemon twice (for IPv6 with option +\begin_inset Quotes sld +\end_inset + +-6 +\begin_inset Quotes srd +\end_inset + +) to support both protocols. +\end_layout + +\begin_layout Subsubsection +Simple configuration +\end_layout + +\begin_layout Standard +Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 + part of the dhcpd. + Note, that the router requires to have a interface configured with an IPv6 + address out of the defined subnet. +\end_layout + +\begin_layout Code +default-lease-time 600; +\end_layout + +\begin_layout Code +max-lease-time 7200; +\end_layout + +\begin_layout Code +log-facility local7; +\end_layout + +\begin_layout Code +subnet6 2001:db8:0:1::/64 { +\end_layout + +\begin_layout Code + range6 2001:db8:0:1::129 2001:db8:0:1::254; +\end_layout + +\begin_layout Code + option dhcp6.name-servers fec0:0:0:1::1; +\end_layout + +\begin_layout Code + option dhcp6.domain-search "domain.example"; +\end_layout + +\begin_layout Code +} +\end_layout + +\begin_layout Subsection +Usage +\end_layout + +\begin_layout Subsubsection +dhcpd +\end_layout + +\begin_layout Standard +Start server in foreground: +\end_layout + +\begin_layout Code +# /usr/sbin/dhcpd -6 -f -cf /etc/dhcp/dhcpd.conf eth1 +\end_layout + +\begin_layout Code +Internet Systems Consortium DHCP Server 4.1.0 +\end_layout + +\begin_layout Code +Copyright 2004-2008 Internet Systems Consortium. + +\end_layout + +\begin_layout Code +All rights reserved. + +\end_layout + +\begin_layout Code +For info, please visit http://www.isc.org/sw/dhcp/ +\end_layout + +\begin_layout Code +Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not + specified in the config file +\end_layout + +\begin_layout Code +Wrote 0 leases to leases file. + +\end_layout + +\begin_layout Code +Bound to *:547 +\end_layout + +\begin_layout Code +Listening on Socket/5/eth1/2001:db8:0:1::/64 +\end_layout + +\begin_layout Code +Sending on Socket/5/eth1/2001:db8:0:1::/64 +\end_layout + +\begin_layout Section +\begin_inset CommandInset label +LatexCommand label +name "hints-daemons-dibbler" + +\end_inset + +DHCP Server Dibbler +\end_layout + +\begin_layout Standard +Dibbler is also a DHCP server +\end_layout + +\begin_layout Subsection +Configuration of the Dibbler DHCP server for IPv6 +\end_layout + +\begin_layout Subsubsection +Simple configuration +\end_layout + +\begin_layout Standard +Create a dedicated configuration file /etc/dibbler/server.conf . + Note, that the router requires to have a interface configured with an IPv6 + address out of the defined subnet. +\end_layout + +\begin_layout Code +log-level 8 +\end_layout + +\begin_layout Code +log-mode short +\end_layout + +\begin_layout Code +preference 0 +\end_layout + +\begin_layout Code +iface "eth1" { +\end_layout + +\begin_layout Code + // also ranges can be defines, instead of exact values t1 1800-2000 t2 + 2700-3000 +\end_layout + +\begin_layout Code + prefered-lifetime 3600 +\end_layout + +\begin_layout Code + valid-lifetime 7200 +\end_layout + +\begin_layout Code + class { +\end_layout + +\begin_layout Code + pool 2001:6f8:12d8:1::/64 +\end_layout + +\begin_layout Code + } +\end_layout + +\begin_layout Code + option dns-server fec0:0:0:1::1 +\end_layout + +\begin_layout Code + option domain domain.example +\end_layout + +\begin_layout Code +} +\end_layout + +\begin_layout Subsection +Usage +\end_layout + +\begin_layout Subsubsection +dibbler-server +\end_layout + +\begin_layout Standard +Start server in foreground: +\end_layout + +\begin_layout Code +# dibbler-server run +\end_layout + +\begin_layout Code +| Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) +\end_layout + +\begin_layout Code +| Authors : Tomasz Mrugalski,Marek Senderski +\end_layout + +\begin_layout Code +| Licence : GNU GPL v2 only. + Developed at Gdansk University of Technology. + +\end_layout + +\begin_layout Code +| Homepage: http://klub.com.pl/dhcpv6/ +\end_layout + +\begin_layout Code +2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s +erver.pid +\end_layout + +\begin_layout Code +2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. + +\end_layout + +\begin_layout Code +2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. + +\end_layout + +\begin_layout Code +2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. + +\end_layout + +\begin_layout Code +2009.05.28 10:18:48 Server Debug Skipping database loading. + +\end_layout + +\begin_layout Code +2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, + expecting 0 entries. + +\end_layout + +\begin_layout Code +2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config + file... + +\end_layout + +\begin_layout Code +18:48 Server Debug Setting 0 generic option(s). + +\end_layout + +\begin_layout Code +18:48 Server Debug 0 per-client configurations (exceptions) added. + +\end_layout + +\begin_layout Code +18:48 Server Debug Parsing /etc/dibbler/server.conf done. + +\end_layout + +\begin_layout Code +18:48 Server Info 0 client class(es) defined. + +\end_layout + +\begin_layout Code +18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf + +\end_layout + +\begin_layout Code +18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny + entries in total. + +\end_layout + +\begin_layout Code +18:48 Server Info Interface eth1/2 configuration has been loaded. + +\end_layout + +\begin_layout Code +18:48 Server Notice Running in stateful mode. + +\end_layout + +\begin_layout Code +18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. + +\end_layout + +\begin_layout Code +18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) + interface. + +\end_layout + +\begin_layout Code +18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size + is 87 bytes, so maximum 12052 address-client pair(s) may be cached. + +\end_layout + +\begin_layout Code +18:48 Server Notice Accepting connections. + Next event in 4294967295 second(s). +\end_layout + \begin_layout Section \begin_inset CommandInset label LatexCommand label @@ -27726,6 +28108,10 @@ Versions x.y.z are work-in-progress and published as LyX and SGML file on Releases 0.x \end_layout +\begin_layout Description +0.64 2009-05-28/PB: extend DHCP server examples (ISC DHCP, Dibbler) +\end_layout + \begin_layout Description 0.63 2009-02-14/PB: Fix FSF address, major update on 4in6 tunnels, add new section for address resolving, add some URLs, remove broken URLs diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf index 2bc90e83..ecb7c14b 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml index 5952de0f..105e6313 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml @@ -6,15 +6,15 @@ ]> - Linux IPv6 HOWTO (en) PeterBieringer
    pb at bieringer dot de
     + 0.64 2009-05-28 PB 0.63 2009-02-14 PB - 0.62 2008-11-09 PB 0.60 2007-05-31 PB 0.51 2006-11-08 PB @@ -1585,7 +1585,7 @@ In versions 8.x they completly change their configuration setup. to be filled. See radvd daemon autoconfiguration below. Dynamic Host Configuration Protocol v6 (DHCPv6) After a long time discussing issues, finally RFC 3315 / Dynamic Host Configuration Protocol for IPv6 (DHCPv6) was finished. At time updating this part (10/2005) currently two implementations are available: -Dibbler by Tomasz Mrugalski <thomson at klub dot com dot pl>DHCPv6 on Sourceforge (Hints for configuration) +Dibbler by Tomasz Mrugalski <thomson at klub dot com dot pl> (Hints for configuration)DHCPv6 on Sourceforge (Hints for configuration)ISC DHCP (Hints for configuration) <!-- anchor id="chapter-mobility" -->Mobility Common information @@ -2452,7 +2452,7 @@ Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) <!-- anchor id="hints-daemons-dhcpv6." -->Dynamic Host Configuration v6 Server (dhcp6s) DHCPv6 can be used for stateful configurations. The daemon itself need not necessary run on the Linux default IPv6 gateway router. You can specify more information than by using radvd. The are most similar to IPv4 DHCP server. -After a proper configuration, the daemon reacts on received ICMPv6 multicast packets sent by a client to address ff02::16 +After a proper configuration, the daemon reacts on received ICMPv6 multicast packets sent by a client to address ff02::1:2 Configuration of the DHCPv6 server (dhcp6s) Simple configuration @@ -2488,7 +2488,7 @@ Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) ]]> dhcpv6_client Start client in foreground, e.g. - Debugging @@ -2497,7 +2497,9 @@ Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) dhcpv6_client -The client has one foreground and two debug toggles, here is an example: +As general debugging for test whether the IPv6 DHCP server is reable on the link use an IPv6 ping to the DHCP multicast address: +The client has one foreground and two debug toggles, here is an example: Note that the netlink error messages have no impact. +]]>Note that the netlink error messages have no impact. +<!-- anchor id="hints-daemons-isc-dhcp" -->ISC Dynamic Host Configuration Server (dhcpd) +ISC DHCP supports IPv6 since version 4.x. +Configuration of the ISC DHCP server for IPv6 (dhcpd) +Note that currently, the ISC DHCP server can only serve IPv4 or IPv6, means you have to start the daemon twice (for IPv6 with option “-6”) to support both protocols. +Simple configuration +Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 part of the dhcpd. Note, that the router requires to have a interface configured with an IPv6 address out of the defined subnet. + +Usage + +dhcpd +Start server in foreground: + +<!-- anchor id="hints-daemons-dibbler" -->DHCP Server Dibbler +Dibbler is also a DHCP server +Configuration of the Dibbler DHCP server for IPv6 + +Simple configuration +Create a dedicated configuration file /etc/dibbler/server.conf . Note, that the router requires to have a interface configured with an IPv6 address out of the defined subnet. + +Usage + +dibbler-server +Start server in foreground: +,Marek Senderski +| Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. +| Homepage: http://klub.com.pl/dhcpv6/ +2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/server.pid +2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. +2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. +2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. +2009.05.28 10:18:48 Server Debug Skipping database loading. +2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. +2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... +18:48 Server Debug Setting 0 generic option(s). +18:48 Server Debug 0 per-client configurations (exceptions) added. +18:48 Server Debug Parsing /etc/dibbler/server.conf done. +18:48 Server Info 0 client class(es) defined. +18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf +18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. +18:48 Server Info Interface eth1/2 configuration has been loaded. +18:48 Server Notice Running in stateful mode. +18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. +18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. +18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. +18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). +]]> <!-- anchor id="hints-daemons-tcpwrapper" -->tcp_wrapper tcp_wrapper is a library which can help you to protect service against misuse. Filtering capabilities @@ -4840,7 +4921,7 @@ Publisher: MarketResearch.com; ISBN B00006334Y; (November 1, 2001) Versions x.y.z are work-in-progress and published as LyX and SGML file on CVS. Because Deep Space 6 mirrors these SGML files and generate independend from TLDP public versions, this versions will show up there and also on its mirrors. Releases 0.x -0.632009-02-14/PB: Fix FSF address, major update on 4in6 tunnels, add new section for address resolving, add some URLs, remove broken URLs0.622008-11-09/PB: Adjust URL to Turkish howto, add some HIP related URLs, remove broken URLs0.61.12007-11-11/PB: fix broken description of shortcut BIND0.612007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update.0.60.22007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail)0.60.12007-06-16/PB: speling fixes (credits to Larry W. Burton)0.602007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes0.522007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes0.512006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich)0.50.22006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto)0.50.12006-09-23/PB: add some URLs0.502006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing0.49.52006-08-23/PB: fix/remove broken URLs0.49.42006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones.0.49.32006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter0.49.22006-08-20/PB: update and cleanup of maillist entries0.49.12006-06-13/PB: major update of mobility section (contributed by Benjamin Thery)0.492005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel)0.48.12005-01-15/PB: minor fixes0.482005-01-11/PB: grammar check and minor review of IPv6 IPsec section0.47.12005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs0.472004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation0.46.42004-07-19/PB: minor fixes0.46.32004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation0.46.22004-05-22/PB: minor fixes0.46.12004-04-18/PB: minor fixes0.462004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates0.45.12004-01-12/PB: add note about the official example address space0.452004-01-11/PB: minor fixes, add/fix some URLs, some extensions0.44.22003-10-30/PB: fix some copy&paste text bugs0.44.12003-10-19/PB: add note about start of Italian translation0.442003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache20.43.42003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs0.43.32003-06-19/PB: fix typos0.43.22003-06-11/PB: fix URL0.43.12003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec0.432003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation0.422003-05-09/PB: minor fixes, announce French translation0.41.42003-05-02/PB: Remove a broken URL, update some others.0.41.32003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation0.41.22003-04-13/PB: Fix some typos, add a note about a French translation is in progress0.41.12003-03-31/PB: Remove a broken URL, fix another0.412003-03-22/PB: Add URL of German translation0.40.22003-02-27/PB: Fix a misaddressed URL0.40.12003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations0.402003-02-10/PB: Announcing available German version0.39.22003-02-10/GK: Minor syntax and spelling fixes0.39.12003-01-09/PB: fix an URL (draft adopted to an RFC)0.392003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul)0.38.12003-01-09/PB: a minor fix0.382003-01-06/PB: minor fixes0.37.12003-01-05/PB: minor updates0.372002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections0.36.12002-12-20/PB: Minor fixes0.362002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes0.352002-12-11/PB: Some fixes and extensions0.34.12002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs)0.342002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books0.332002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example0.322002-11-03/PB: Add information about Taiwanese translation0.31.12002-10-06/PB: Add another maillist0.312002-09-29/PB: Extend information in proc-filesystem entries0.302002-09-27/PB: Add some maillists0.292002-09-18/PB: Update statement about nmap (triggered by Fyodor)0.28.12002-09-16/PB: Add note about ping6 to multicast addresses, add some labels0.282002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle0.272002-08-10/PB: Some minor updates0.26.22002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters0.26.12002-07-13/PB: Update nmap/IPv6 information0.262002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only0.25.22002-07-11/PB: Minor spelling fixes0.25.12002-06-23/PB: Minor spelling and other fixes0.252002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX0.242002-05-02/PB: Add entries in URL list, minor spelling fixes0.232002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL0.222002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists0.212002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.42002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.32002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan0.20.22002-02-05/PB: Add mipl to maillist table0.20.12002-01-31/PB: Add a hint how to generate 6to4 addresses0.202002-01-30/PB: Add a hint about default route problem, some minor updates0.19.22002-01-29/PB: Add many new URLs0.19.12002-01-27/PB: Add some forgotten URLs0.192002-01-25/PB: Add two German books, fix quote entinities in exported SGML code0.18.22002-01-23/PB: Add a FAQ on the program chapter0.18.12002-01-23/PB: Move “the end” to the end, add USAGI to maillists0.182002-01-22/PB: Fix bugs in explanation of multicast address types0.17.22002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document0.17.12002-01-20/PB: Add a reference, fix URL text in online-test-tools0.172002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses0.162002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs.0.152002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document0.142002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements0.132002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions0.122002-01-03/PB: Merge review of David Ranch0.112002-01-02/PB: Spell checking and merge review of Pekka Savola0.102002-01-02/PB: First public release of chapter 1 +0.642009-05-28/PB: extend DHCP server examples (ISC DHCP, Dibbler)0.632009-02-14/PB: Fix FSF address, major update on 4in6 tunnels, add new section for address resolving, add some URLs, remove broken URLs0.622008-11-09/PB: Adjust URL to Turkish howto, add some HIP related URLs, remove broken URLs0.61.12007-11-11/PB: fix broken description of shortcut BIND0.612007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update.0.60.22007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail)0.60.12007-06-16/PB: speling fixes (credits to Larry W. Burton)0.602007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes0.522007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes0.512006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich)0.50.22006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto)0.50.12006-09-23/PB: add some URLs0.502006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing0.49.52006-08-23/PB: fix/remove broken URLs0.49.42006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones.0.49.32006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter0.49.22006-08-20/PB: update and cleanup of maillist entries0.49.12006-06-13/PB: major update of mobility section (contributed by Benjamin Thery)0.492005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel)0.48.12005-01-15/PB: minor fixes0.482005-01-11/PB: grammar check and minor review of IPv6 IPsec section0.47.12005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs0.472004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation0.46.42004-07-19/PB: minor fixes0.46.32004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation0.46.22004-05-22/PB: minor fixes0.46.12004-04-18/PB: minor fixes0.462004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates0.45.12004-01-12/PB: add note about the official example address space0.452004-01-11/PB: minor fixes, add/fix some URLs, some extensions0.44.22003-10-30/PB: fix some copy&paste text bugs0.44.12003-10-19/PB: add note about start of Italian translation0.442003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache20.43.42003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs0.43.32003-06-19/PB: fix typos0.43.22003-06-11/PB: fix URL0.43.12003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec0.432003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation0.422003-05-09/PB: minor fixes, announce French translation0.41.42003-05-02/PB: Remove a broken URL, update some others.0.41.32003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation0.41.22003-04-13/PB: Fix some typos, add a note about a French translation is in progress0.41.12003-03-31/PB: Remove a broken URL, fix another0.412003-03-22/PB: Add URL of German translation0.40.22003-02-27/PB: Fix a misaddressed URL0.40.12003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations0.402003-02-10/PB: Announcing available German version0.39.22003-02-10/GK: Minor syntax and spelling fixes0.39.12003-01-09/PB: fix an URL (draft adopted to an RFC)0.392003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul)0.38.12003-01-09/PB: a minor fix0.382003-01-06/PB: minor fixes0.37.12003-01-05/PB: minor updates0.372002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections0.36.12002-12-20/PB: Minor fixes0.362002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes0.352002-12-11/PB: Some fixes and extensions0.34.12002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs)0.342002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books0.332002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example0.322002-11-03/PB: Add information about Taiwanese translation0.31.12002-10-06/PB: Add another maillist0.312002-09-29/PB: Extend information in proc-filesystem entries0.302002-09-27/PB: Add some maillists0.292002-09-18/PB: Update statement about nmap (triggered by Fyodor)0.28.12002-09-16/PB: Add note about ping6 to multicast addresses, add some labels0.282002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle0.272002-08-10/PB: Some minor updates0.26.22002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters0.26.12002-07-13/PB: Update nmap/IPv6 information0.262002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only0.25.22002-07-11/PB: Minor spelling fixes0.25.12002-06-23/PB: Minor spelling and other fixes0.252002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX0.242002-05-02/PB: Add entries in URL list, minor spelling fixes0.232002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL0.222002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists0.212002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.42002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.32002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan0.20.22002-02-05/PB: Add mipl to maillist table0.20.12002-01-31/PB: Add a hint how to generate 6to4 addresses0.202002-01-30/PB: Add a hint about default route problem, some minor updates0.19.22002-01-29/PB: Add many new URLs0.19.12002-01-27/PB: Add some forgotten URLs0.192002-01-25/PB: Add two German books, fix quote entinities in exported SGML code0.18.22002-01-23/PB: Add a FAQ on the program chapter0.18.12002-01-23/PB: Move “the end” to the end, add USAGI to maillists0.182002-01-22/PB: Fix bugs in explanation of multicast address types0.17.22002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document0.17.12002-01-20/PB: Add a reference, fix URL text in online-test-tools0.172002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses0.162002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs.0.152002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document0.142002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements0.132002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions0.122002-01-03/PB: Merge review of David Ranch0.112002-01-02/PB: Spell checking and merge review of Pekka Savola0.102002-01-02/PB: First public release of chapter 1 <!-- anchor id="credits" -->Credits The quickest way to be added to this nice list is to send bug fixes, corrections, and/or updates to me ;-). If you want to do a major review, you can use the native LyX file (see original source) and send diffs against it, because diffs against SGML don't help too much.