diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html index 2699346c..4a384509 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html @@ -11619,9 +11619,9 @@ table ip6 filter { type filter hook input priority 1; icmpv6 type echo-request counter packets 0 bytes 0 accept ip6 hoplimit 1 icmpv6 type -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept ip6 hoplimit 255 icmpv6 type -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept } } \end_layout @@ -1272,7 +1270,6 @@ In Skripts oder an Ihrer Kommandozeile müssen Sie die < und > weglassen \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -1286,7 +1283,6 @@ Kommandos, die nicht als Root-Benutzer ausgeführt werden, beginnen mit $, \end_layout \begin_layout Code - $ whoami \end_layout @@ -1295,7 +1291,6 @@ Befehle, die mit Root-Rechten ausgeführt werden, beginnen mit #, z.B. \end_layout \begin_layout Code - # whoami \end_layout @@ -1485,72 +1480,58 @@ Der erste IPv6 Netzwerk Code wurde dem Linux Kernel 2.1.8 im November 1996 \end_layout \begin_layout Code - diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code - ¬ linux/include/linux/in6.h \end_layout \begin_layout Code - --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code - +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code - @@ -0,0 +1,99 @@ \end_layout \begin_layout Code - +/* \end_layout \begin_layout Code - + * Types and definitions for AF_INET6 \end_layout \begin_layout Code - + * Linux INET6 implementation \end_layout \begin_layout Code - + * + * Authors: \end_layout \begin_layout Code - + * Pedro Roque <******> \end_layout \begin_layout Code - + * \end_layout \begin_layout Code - + * Source: \end_layout \begin_layout Code - + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code - + * \end_layout @@ -1672,7 +1653,6 @@ Wie gesagt, IPv6 Adressen sind 128 bit lang. \end_layout \begin_layout Code - 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1696,7 +1676,6 @@ nibble \end_layout \begin_layout Code - 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1719,7 +1698,6 @@ e Werte) entfernt: \end_layout \begin_layout Code - 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1730,7 +1708,6 @@ Eine gültige Adresse (s.u. \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1741,12 +1718,10 @@ Der Vereinfachung halber können führende Nullen jedes 16 bit-Blocks weggelasse \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code - ¬ 2001:0db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1769,7 +1744,6 @@ Eine Sequenz von 16 bit-Blöcken, die nur Nullen enthaltet, kann durch ein \end_layout \begin_layout Code - 2001:0db8:100:f101:0:0:0:1 -> 2001:0db8:100:f101::1 \end_layout @@ -1779,7 +1753,6 @@ Die höchstmögliche Reduktion sieht man bei der IPv6 Localhost Adresse: \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1804,12 +1777,10 @@ h ein Aprilscherz. \end_layout \begin_layout Code - # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code - Itu&-ZQ82s>J%s99FJXT \end_layout @@ -2022,7 +1993,6 @@ Dies ist eine spezielle Adresse für das Loopback Interface, vergleichbar \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2032,7 +2002,6 @@ bzw. \end_layout \begin_layout Code - ::1 \end_layout @@ -2068,7 +2037,6 @@ any \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2077,7 +2045,6 @@ oder: \end_layout \begin_layout Code - :: \end_layout @@ -2123,7 +2090,6 @@ Diese Adressen sind mit einer speziellen Präfixlänge von 96 definiert (a.b.c.d \end_layout \begin_layout Code - 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2132,7 +2098,6 @@ oder in komprimiertem Format: \end_layout \begin_layout Code - ::ffff:a.b.c.d/96 \end_layout @@ -2143,7 +2108,6 @@ Die IPv4 Adresse 1.2.3.4. \end_layout \begin_layout Code - ::ffff:1.2.3.4 \end_layout @@ -2172,7 +2136,6 @@ reference "tunneling-6to4" \end_layout \begin_layout Code - 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2181,7 +2144,6 @@ oder in komprimierter Form: \end_layout \begin_layout Code - ::a.b.c.d/96 \end_layout @@ -2266,22 +2228,18 @@ x \end_layout \begin_layout Code - fe8x: <- zurzeit als einziger in Benutzung \end_layout \begin_layout Code - fe9x: \end_layout \begin_layout Code - feax: \end_layout \begin_layout Code - febx: \end_layout @@ -2321,22 +2279,18 @@ Die Adresse beginnt mit: \end_layout \begin_layout Code - fecx: <- meistens genutzt. \end_layout \begin_layout Code - fedx: \end_layout \begin_layout Code - feex: \end_layout \begin_layout Code - fefx: \end_layout @@ -2424,12 +2378,10 @@ Die Adresse beginnt mit: \end_layout \begin_layout Code - fcxx: \end_layout \begin_layout Code - fdxx: <- zurzeit als einziger in Benutzung \end_layout @@ -2457,7 +2409,6 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code - fd0f:8b72:ac90::/48 \end_layout @@ -2486,12 +2437,10 @@ Die Adresse beginnt mit (x sind hexadezimale Zeichen) \end_layout \begin_layout Code - 2xxx: \end_layout \begin_layout Code - 3xxx: \end_layout @@ -2523,7 +2472,6 @@ Diese globalen Adressen waren die Ersten definierten und auch benutzen Adressen. \end_layout \begin_layout Code - 3ffe: \end_layout @@ -2532,7 +2480,6 @@ Beispiel: \end_layout \begin_layout Code - 3ffe:ffff:100:f102::1 \end_layout @@ -2542,7 +2489,6 @@ Eine spezielle 6bone Test-Adresse, die niemals weltweit einmalig ist, beginnt \end_layout \begin_layout Code - 3ffe:ffff: \end_layout @@ -2601,7 +2547,6 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code - 2002: \end_layout @@ -2611,7 +2556,6 @@ z.B. \end_layout \begin_layout Code - 2002:c0a8:0101:5::1 \end_layout @@ -2620,12 +2564,10 @@ Ein kleines Shell-Kommando kann aus einer IPv4 eine 6to4 Adresse erstellen: \end_layout \begin_layout Code - ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code - ¬ | tr "." " "` $sla \end_layout @@ -2659,7 +2601,6 @@ Diese Adressen werden an Internet Service Provider (ISP) delegiert und beginnen \end_layout \begin_layout Code - 2001: \end_layout @@ -2702,12 +2643,10 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code - 3ffe:ffff::/32 \end_layout \begin_layout Code - 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2732,7 +2671,6 @@ Sie beginnen immer mit (xx ist hierbei der Wert der Reichweite) \end_layout \begin_layout Code - ffxy: \end_layout @@ -2828,7 +2766,6 @@ Ein Beispiel für diese Adresse könnte sein: \end_layout \begin_layout Code - ff02::1:ff00:1234 \end_layout @@ -2897,7 +2834,6 @@ Die Subnet-Router Anycast Adresse ist ein einfaches Beispiel für eine Anycast \end_layout \begin_layout Code - 2001:0db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2907,7 +2843,6 @@ Die Subnet-Router Anycast Adresse wird durch komplette Streichung des Suffixes \end_layout \begin_layout Code - 2001:0db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2947,7 +2882,6 @@ Als Beispiel hat hier ein NIC folgende MAC-Adresse (48 bit): \end_layout \begin_layout Code - 00:10:a4:01:23:45 \end_layout @@ -2967,7 +2901,6 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code - 0210:a4ff:fe01:2345 \end_layout @@ -2979,7 +2912,6 @@ Mit einem gegebenen Präfix wird daraus die schon oben gezeigte IPv6-Adresse: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -3037,7 +2969,6 @@ Bei Servern ist es wahrscheinlich leichter, sich einfachere Adressen zu \end_layout \begin_layout Code - 2001:0db8:100:f101::1 \end_layout @@ -3135,7 +3066,6 @@ Ein Beispiel: \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -3149,7 +3079,6 @@ Netzwerk: \end_layout \begin_layout Code - 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -3158,7 +3087,6 @@ Netzmaske: \end_layout \begin_layout Code - ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3178,12 +3106,10 @@ Wenn z.B. \end_layout \begin_layout Code - 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code - 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3193,12 +3119,10 @@ Die gezeigten Zieladressen der IPv6 Pakete werden über die entsprechenden \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code - 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -3258,7 +3182,6 @@ Um zu überprüfen, ob ihr aktueller Kernel IPv6 unterstützt, sollten sie \end_layout \begin_layout Code - /proc/net/if_inet6 \end_layout @@ -3268,7 +3191,6 @@ Einen kleinen automatischen Test können Sie wie folgt durchführen: \end_layout \begin_layout Code - # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3288,7 +3210,6 @@ Mit folgenden Befehl können Sie versuchen, das Modul zu laden: \end_layout \begin_layout Code - # modprobe ipv6 \end_layout @@ -3299,7 +3220,6 @@ Wenn dieser Befehl positiv verläuft, dann sollten Sie das Modul mit folgendem \end_layout \begin_layout Code - # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3325,7 +3245,6 @@ Es ist möglich das IPv6 Modul bei Bedarf automatisch zu laden. \end_layout \begin_layout Code - alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -3335,7 +3254,6 @@ Mit der folgenden Zeile ist es auch möglich, das automatische Laden des \end_layout \begin_layout Code - alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3593,12 +3511,10 @@ Automatische Überprüfung: \end_layout \begin_layout Code - # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code - ¬ IPv6-ready" \end_layout @@ -3612,7 +3528,6 @@ route \end_layout \begin_layout Code - # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3631,7 +3546,6 @@ Alexey N.Kuznetsov (gegenwärtig ein Betreuer des Linux Network Codes) erstellte \end_layout \begin_layout Code - # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3697,17 +3611,14 @@ Anwendung \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 [-I ] \end_layout @@ -3719,7 +3630,6 @@ Einige Implementierungen unterstützen auch % Definition zusätzlich \end_layout \begin_layout Code - # ping6 % \end_layout @@ -3728,17 +3638,14 @@ Beispiel \end_layout \begin_layout Code - # ping6 -c 1 ::1 \end_layout \begin_layout Code - PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3747,17 +3654,14 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - --- ::1 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code - round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3790,12 +3694,10 @@ Wenn link-lokale Adressen für ein IPv6 ping verwendet werden, dann hat der \end_layout \begin_layout Code - # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - connect: Invalid argument \end_layout @@ -3804,22 +3706,18 @@ In diesem Fall müssen Sie das Interface zusätzlich spezifizieren: \end_layout \begin_layout Code - # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code - PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3828,17 +3726,14 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code - ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3849,7 +3744,6 @@ Beispiel für % Notation: \end_layout \begin_layout Code - # ping6 -c 1 fe80::2e0:18ff:fe90:9205%eth0 \end_layout @@ -3863,22 +3757,18 @@ Ein interessanter Mechanismus zum Aufspüren eines IPv6 aktiven Hosts am \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code - PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code - 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3890,7 +3780,6 @@ Beispiel für % Notation: \end_layout \begin_layout Code - # ping6 ff02::1%eth0 \end_layout @@ -3918,51 +3807,42 @@ Dieses Programm ist normal im Paket iputils enthalten. \end_layout \begin_layout Code - # traceroute6 www.6bone.net \end_layout \begin_layout Code - traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code - ¬ hops max, 16 byte packets \end_layout \begin_layout Code - 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code - 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code - 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code - 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code - 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code - 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -4002,52 +3882,42 @@ iputils \end_layout \begin_layout Code - # tracepath6 www.6bone.net \end_layout \begin_layout Code - 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code - 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code - 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code - 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code - 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code - 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code - 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code - 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code - Resume: pmtu 1280 \end_layout @@ -4140,32 +4010,26 @@ IPv6 ping zur Adresse \end_layout \begin_layout Code - # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on eth0 \end_layout \begin_layout Code - 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code - ¬ request (len 64, hlim 64) \end_layout \begin_layout Code - 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code - ¬ reply (len 64, hlim 64) \end_layout @@ -4184,52 +4048,42 @@ IPv6 ping zur Adresse \end_layout \begin_layout Code - # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on ppp0 \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4315,7 +4169,6 @@ Jeder DNS-Server (Domain Name System) sollte aufgrund der Sicherheitsupdates \end_layout \begin_layout Code - # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4324,20 +4177,17 @@ Die Ausgabe des Tests sollte etwa wie folgt sein: \end_layout \begin_layout Code - www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code - tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code - ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4351,30 +4201,25 @@ IPv6 kompatible Clients sind verfügbar. \end_layout \begin_layout Code - $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code - Trying 3ffe:400:100::1... \end_layout \begin_layout Code - Connected to 3ffe:400:100::1. \end_layout \begin_layout Code - Escape character is '^]'. \end_layout \begin_layout Code - HEAD / HTTP/1.0 \end_layout @@ -4383,47 +4228,38 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code - HTTP/1.1 200 OK \end_layout \begin_layout Code - Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code - GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code - Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code - ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code - Accept-Ranges: bytes \end_layout \begin_layout Code - Content-Length: 2637 \end_layout \begin_layout Code - Connection: close \end_layout \begin_layout Code - Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4432,7 +4268,6 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code - Connection closed by foreign host. \end_layout @@ -4474,17 +4309,14 @@ he Verhaltensweisen: \end_layout \begin_layout Code - $ ssh -6 ::1 \end_layout \begin_layout Code - user@::1's password: ****** \end_layout \begin_layout Code - [user@ipv6host user]$ \end_layout @@ -5034,12 +4866,10 @@ Gebrauch: \end_layout \begin_layout Code - # ip link set dev up \end_layout \begin_layout Code - # ip link set dev down \end_layout @@ -5052,12 +4882,10 @@ Beispiel: \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout @@ -5071,12 +4899,10 @@ Gebrauch: \end_layout \begin_layout Code - # /sbin/ifconfig up \end_layout \begin_layout Code - # /sbin/ifconfig down \end_layout @@ -5085,12 +4911,10 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 up \end_layout \begin_layout Code - # /sbin/ifconfig eth0 down \end_layout @@ -5145,7 +4969,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev \end_layout @@ -5154,27 +4977,22 @@ Beispiel für einen statisch konfigurierten Host: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: \end_layout @@ -5261,22 +5070,18 @@ en (die Ausgabe wurde mit grep gefiltert) \end_layout \begin_layout Code - # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code - inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code - inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code - inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5299,7 +5104,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 addr add / dev \end_layout @@ -5308,7 +5112,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5322,7 +5125,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 add / \end_layout @@ -5331,7 +5133,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -5355,7 +5156,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 addr del / dev \end_layout @@ -5364,7 +5164,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5378,7 +5177,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 del / \end_layout @@ -5387,7 +5185,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -5441,7 +5238,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route show [dev ] \end_layout @@ -5451,27 +5247,22 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code - 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5485,7 +5276,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -5496,42 +5286,34 @@ Sie sehen hier mehrere IPv6 Routen mit unterschiedlichen Adressen eines \end_layout \begin_layout Code - # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code - 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code - ¬ addresses \end_layout \begin_layout Code - ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -5554,12 +5336,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route add / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5568,7 +5348,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2001:0db8:0:f101::1 \end_layout @@ -5582,12 +5361,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5606,7 +5383,6 @@ Im folgenden Beispiel wird eine Route für alle Adressen (default) über das \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1 \end_layout @@ -5631,12 +5407,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route del / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5645,7 +5419,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route del default via 2001:0db8:0:f101::1 \end_layout @@ -5659,13 +5432,11 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code - ¬ ] \end_layout @@ -5674,7 +5445,6 @@ Beispiel zum entfernen der im obigen Beispiel hinzugefügten Route: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1 \end_layout @@ -5698,12 +5468,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route add / dev \end_layout \begin_layout Code - ¬ metric 1 \end_layout @@ -5712,7 +5480,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route add default dev eth0 metric 1 \end_layout @@ -5755,7 +5522,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / dev \end_layout @@ -5764,7 +5530,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/route -A inet6 add default dev eth0 \end_layout @@ -5787,7 +5552,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route del / dev \end_layout @@ -5796,7 +5560,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route del default dev eth0 \end_layout @@ -5810,7 +5573,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / dev \end_layout @@ -5820,7 +5582,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default dev eth0 \end_layout @@ -5860,17 +5621,14 @@ Ein client kann eine Default Route (z.B. \end_layout \begin_layout Code - # ip -6 route show | grep ^default \end_layout \begin_layout Code - default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code - ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5967,7 +5725,6 @@ Mit dem folgenden Befehl können Sie die gelernten oder konfigurierten IPv6 \end_layout \begin_layout Code - # ip -6 neigh show [dev ] \end_layout @@ -5976,12 +5733,10 @@ Das folgende Beispiel zeigt einen Nachbar, einen erreichbaren Router: \end_layout \begin_layout Code - # ip -6 neigh show \end_layout \begin_layout Code - fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -6006,7 +5761,6 @@ Mit folgendem Befehl können Sie einen Eintrag manuell hinzufügen: \end_layout \begin_layout Code - # ip -6 neigh add lladdr dev \end_layout @@ -6015,7 +5769,6 @@ Beispiel: \end_layout \begin_layout Code - # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -6028,7 +5781,6 @@ Sie können einen Eintrag auch löschen: \end_layout \begin_layout Code - # ip -6 neigh del lladdr dev \end_layout @@ -6037,7 +5789,6 @@ Beispiel: \end_layout \begin_layout Code - # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -6067,28 +5818,23 @@ help \end_layout \begin_layout Code - # ip -6 neigh help \end_layout \begin_layout Code - Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code - [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code - | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code - ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -6294,27 +6040,22 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code - | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code - | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code - | 0x2002 | | | | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6546,7 +6287,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -6555,17 +6295,14 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show \end_layout \begin_layout Code - sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code - sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6578,7 +6315,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -6588,7 +6324,6 @@ Beispiel (Ausgabe wurde derart gefiltert, dass nur Tunnels über das virtuelle \end_layout \begin_layout Code - # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6597,27 +6332,22 @@ W*$" \end_layout \begin_layout Code - ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code - 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6695,12 +6425,10 @@ ert 0 ist): \end_layout \begin_layout Code - # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -6709,22 +6437,18 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6733,22 +6457,18 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6757,22 +6477,18 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6795,7 +6511,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6804,17 +6519,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit1 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6823,17 +6535,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit2 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6842,17 +6551,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit3 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6881,7 +6587,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6890,32 +6595,26 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6945,7 +6644,6 @@ Entfernen eines Tunnel-Devices: \end_layout \begin_layout Code - # /sbin/ip tunnel del \end_layout @@ -6954,17 +6652,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code - # /sbin/ip link set sit1 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit1 \end_layout @@ -6973,17 +6668,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code - # /sbin/ip link set sit2 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit2 \end_layout @@ -6992,17 +6684,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code - # /sbin/ip link set sit3 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit3 \end_layout @@ -7023,12 +6712,10 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code - # /sbin/ifconfig sit3 down \end_layout @@ -7037,12 +6724,10 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code - # /sbin/ifconfig sit2 down \end_layout @@ -7051,12 +6736,10 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code - # /sbin/ifconfig sit1 down \end_layout @@ -7065,7 +6748,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7087,32 +6769,26 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -7121,7 +6797,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7182,7 +6857,6 @@ Angenommen, Ihre IPv4 Adresse ist: \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -7191,7 +6865,6 @@ Dann ist das daraus resultierende 6to4 Präfix: \end_layout \begin_layout Code - 2002:0102:0304:: \end_layout @@ -7210,7 +6883,6 @@ pe Suffix kann benutzt werden) das Suffix \end_layout \begin_layout Code - 2002:0102:0304::1 \end_layout @@ -7219,7 +6891,6 @@ Zum automatischen Erstellen der Adresse können Sie folgenden Befehl nutzen: \end_layout \begin_layout Code - ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -7241,12 +6912,10 @@ Erstellen eines neues Tunnel-Device: \end_layout \begin_layout Code - # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code - ¬ \end_layout @@ -7255,7 +6924,6 @@ Interface aktivieren: \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 up \end_layout @@ -7265,7 +6933,6 @@ Eine lokale 6to4 Adresse am Interface hinzufügen (Hinweis: Präfix-Länge \end_layout \begin_layout Code - # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -7275,7 +6942,6 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung \end_layout \begin_layout Code - # /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -7296,7 +6962,6 @@ ip \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -7316,7 +6981,6 @@ Das allgemeine Tunnel Interface sit0 aktivieren: \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -7325,7 +6989,6 @@ Dem Interface eine lokale 6to4 Adresse hinzufügen: \end_layout \begin_layout Code - # /sbin/ifconfig sit0 add /16 \end_layout @@ -7335,7 +6998,6 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0 \end_layout @@ -7352,7 +7014,6 @@ Entfernen aller Routen über dieses bestimmten Tunnel Devices: \end_layout \begin_layout Code - # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -7361,7 +7022,6 @@ Interface deaktivieren: \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 down \end_layout @@ -7370,7 +7030,6 @@ Ein erstelltes Tunnel Device entfernen: \end_layout \begin_layout Code - # /sbin/ip tunnel del tun6to4 \end_layout @@ -7384,7 +7043,6 @@ Entfernen der (Standard-) Route über ein 6to4 Tunnel Device: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0 \end_layout @@ -7393,7 +7051,6 @@ Eine 6to4 Adresse des Interfaces entfernen: \end_layout \begin_layout Code - # /sbin/ifconfig sit0 del /16 \end_layout @@ -7403,7 +7060,6 @@ Ein allgemeines Tunnel Device deaktivieren (aber Achtung, eventuell ist \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7451,7 +7107,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -7462,18 +7117,15 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code - ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code - ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -7499,7 +7151,6 @@ Anwendung für die Erzeugung einer 4over6 Tunnel-Schnittstelle (welche danach \end_layout \begin_layout Code - # /sbin/ip tunnel add mode ip4ip6 remote local \end_layout @@ -7511,18 +7162,15 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -7531,18 +7179,15 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -7551,18 +7196,15 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -7579,7 +7221,6 @@ Anwendung für das Löschen einer Tunnel-Schnittstelle: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del \end_layout @@ -7590,17 +7231,14 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -7609,17 +7247,14 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -7628,17 +7263,14 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -7718,7 +7350,6 @@ Das /proc-Dateisystem muss im Kernel aktiviert sein. \end_layout \begin_layout Code - CONFIG_PROC_FS=y \end_layout @@ -7728,12 +7359,10 @@ Das /proc-Dateisystem muss zuerst gemountet sein. \end_layout \begin_layout Code - # mount | grep "type proc" \end_layout \begin_layout Code - none on /proc type proc (rw) \end_layout @@ -7765,12 +7394,10 @@ cat \end_layout \begin_layout Code - # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code - 0 \end_layout @@ -7792,7 +7419,6 @@ echo \end_layout \begin_layout Code - # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -7841,7 +7467,6 @@ Das sysctl-Interface muss im Kernel aktiviert sein. \end_layout \begin_layout Code - CONFIG_SYSCTL=y \end_layout @@ -7854,12 +7479,10 @@ Der Wert eines Eintrags kann nun angezeigt werden: \end_layout \begin_layout Code - # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7873,12 +7496,10 @@ Ein neuer Wert kann wie folgt zugewiesen werden (wenn der Eintrag beschreibbar \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7898,12 +7519,10 @@ Anmerkung: Verwenden Sie beim setzen eines Wertes keine Leerzeichen vor \end_layout \begin_layout Code - # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code - net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -8386,12 +8005,10 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code - ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code - ¬ seq=426, pid=0 \end_layout @@ -8867,27 +8484,22 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code - # cat /proc/net/if_inet6 \end_layout \begin_layout Code - 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code - +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code - | | | | | | \end_layout \begin_layout Code - 1 2 3 4 5 6 \end_layout @@ -8981,27 +8593,22 @@ net/ipv6/route.c \end_layout \begin_layout Code - # cat /proc/net/ipv6_route \end_layout \begin_layout Code - 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code - +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code - | | | | \end_layout \begin_layout Code - 1 2 3 4 \end_layout @@ -9010,22 +8617,18 @@ net/ipv6/route.c \end_layout \begin_layout Code - ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code - ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code - ¬ | | | | | | \end_layout \begin_layout Code - ¬ 5 6 7 8 9 10 \end_layout @@ -9085,27 +8688,22 @@ Statistiken über verwendete IPv6 Sockets. \end_layout \begin_layout Code - # cat /proc/net/sockstat6 \end_layout \begin_layout Code - TCP6: inuse 7 \end_layout \begin_layout Code - UDP6: inuse 2 \end_layout \begin_layout Code - RAW6: inuse 1 \end_layout \begin_layout Code - FRAG6: inuse 0 memory 0 \end_layout @@ -9299,375 +8897,307 @@ Beispiel: \end_layout \begin_layout Code - # netstat -nlptu \end_layout \begin_layout Code - Active Internet connections (only servers) \end_layout \begin_layout Code - Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code - ¬ PID/Program name \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 22433/lpd Waiting \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1746/smbd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 3551/X \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18735/junkbuster \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code - ¬ 1410/sshd \end_layout \begin_layout Code - tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code - ¬ 13237/sshd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - udp 0 0 :::53 :::* \end_layout \begin_layout Code - ¬ 30734/named \end_layout @@ -9700,32 +9230,26 @@ Router Advertisement \end_layout \begin_layout Code - 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code - ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code - ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code - ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code - ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code - ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -9778,12 +9302,10 @@ Router Anfrage \end_layout \begin_layout Code - 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code - ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -9852,12 +9374,10 @@ fe80:212:34ff:fe12:3456 \end_layout \begin_layout Code - 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -9875,18 +9395,15 @@ Der Knoten will seine globale Adresse \end_layout \begin_layout Code - 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9904,18 +9421,15 @@ Der Knoten will seine globale Adresse \end_layout \begin_layout Code - 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code - ¬ 255) \end_layout @@ -9937,18 +9451,15 @@ Der Knoten möchte Pakete an die Adresse \end_layout \begin_layout Code - 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code - ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9965,12 +9476,10 @@ fe80::10 \end_layout \begin_layout Code - 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code - ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -10098,7 +9607,6 @@ Sie können überprüfen, ob Ihre Distribution eine permanente IPv6 Konfiguratio \end_layout \begin_layout Code - /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -10107,13 +9615,11 @@ Automatischer Test: \end_layout \begin_layout Code - # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code - ¬ IPv6 script library exists" \end_layout @@ -10125,17 +9631,14 @@ Die Versionsnummer der Library ist von Interesse, wenn Sie Features vermissen \end_layout \begin_layout Code - # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code - ¬ getversion_ipv6_functions \end_layout \begin_layout Code - 20011124 \end_layout @@ -10179,12 +9682,10 @@ Kurze Anleitung zum aktivieren von IPv6 bei RHL 7.1, 7.2, 7.3, ... \end_layout \begin_layout Code - # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code - alias net-pf-10 off \end_layout @@ -10202,7 +9703,6 @@ twork \end_layout \begin_layout Code - NETWORKING_IPV6=yes \end_layout @@ -10212,7 +9712,6 @@ Rebooten bzw. \end_layout \begin_layout Code - # service network restart \end_layout @@ -10221,12 +9720,10 @@ Nun sollte das IPv6 Modul geladen sein \end_layout \begin_layout Code - # modprobe -c | grep ipv6 \end_layout \begin_layout Code - alias net-pf-10 ipv6 \end_layout @@ -10295,7 +9792,6 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende \end_layout \begin_layout Code - IP6ADDR="/" \end_layout @@ -10331,7 +9827,6 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende \end_layout \begin_layout Code - IPADDR="/" \end_layout @@ -10386,54 +9881,44 @@ Konfiguriere die Schnittstelle (hier im Beispiel: eth0). \end_layout \begin_layout Code - iface eth0 inet6 static \end_layout \begin_layout Code - pre-up modprobe ipv6 \end_layout \begin_layout Code - address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code - # To suppress completely autoconfiguration: \end_layout \begin_layout Code - # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code - netmask 64 \end_layout \begin_layout Code - # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code - # It is magically \end_layout \begin_layout Code - # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code - #gateway 2001:0db8:1234:5::1 \end_layout @@ -10444,7 +9929,6 @@ Danach rebooten oder folgendes Kommando ausführen \end_layout \begin_layout Code - # ifup --force eth0 \end_layout @@ -10521,22 +10005,18 @@ Beispiel: \end_layout \begin_layout Code - # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code - inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code - valid_lft forever preferred_lft forever \end_layout @@ -11112,7 +10592,6 @@ Wechseln Sie in das Source-Verzeichnis: \end_layout \begin_layout Code - # cd /path/to/src \end_layout @@ -11121,12 +10600,10 @@ Entpacken sie die Kernel-Quellen und vergeben diesen einen neuen Namen \end_layout \begin_layout Code - # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code - # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -11135,7 +10612,6 @@ Entpacken Sie die iptables Quellen \end_layout \begin_layout Code - # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -11148,7 +10624,6 @@ Wechseln Sie in das iptables Verzeichnis \end_layout \begin_layout Code - # cd iptables-version \end_layout @@ -11157,7 +10632,6 @@ Fügen Sie relevante Patches hinzu \end_layout \begin_layout Code - # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11168,7 +10642,6 @@ Fügen Sie zusätzliche IPv6 relevante IPv6 Patches hinzu (die nach wie vor \end_layout \begin_layout Code - # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11207,12 +10680,10 @@ REJECT.patch.ipv6 \end_layout \begin_layout Code - # make print-extensions \end_layout \begin_layout Code - Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -11225,7 +10696,6 @@ Wechseln Sie zu den Kernel-Quellen \end_layout \begin_layout Code - # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -11234,12 +10704,10 @@ Editieren Sie das Makefile \end_layout \begin_layout Code - - EXTRAVERSION = \end_layout \begin_layout Code - + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -11248,99 +10716,80 @@ Starten Sie configure und aktivieren Sie IPv6 relevante Optionen \end_layout \begin_layout Code - Code maturity level options \end_layout \begin_layout Code - Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code - Networking options \end_layout \begin_layout Code - Network packet filtering: yes \end_layout \begin_layout Code - The IPv6 protocol: module \end_layout \begin_layout Code - IPv6: Netfilter Configuration \end_layout \begin_layout Code - IP6 tables support: module \end_layout \begin_layout Code - All new options like following: \end_layout \begin_layout Code - limit match support: module \end_layout \begin_layout Code - MAC address match support: module \end_layout \begin_layout Code - Multiple port match support: module \end_layout \begin_layout Code - Owner match support: module \end_layout \begin_layout Code - netfilter MARK match support: module \end_layout \begin_layout Code - Aggregated address check: module \end_layout \begin_layout Code - Packet filtering: module \end_layout \begin_layout Code - REJECT target support: module \end_layout \begin_layout Code - LOG target support: module \end_layout \begin_layout Code - Packet mangling: module \end_layout \begin_layout Code - MARK target support: module \end_layout @@ -11366,7 +10815,6 @@ Benennen sie das ältere Verzeichnis um \end_layout \begin_layout Code - # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -11375,7 +10823,6 @@ Erstellen Sie einen neuen symbolischen Link \end_layout \begin_layout Code - # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -11384,7 +10831,6 @@ Erstellen Sie ein neues SRPMS \end_layout \begin_layout Code - # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -11406,7 +10852,6 @@ Freshen \end_layout \begin_layout Code - # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11423,7 +10868,6 @@ install \end_layout \begin_layout Code - # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11442,7 +10886,6 @@ nodeps \end_layout \begin_layout Code - # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11452,7 +10895,6 @@ Damit iptables die Libraries finden kann, ist es eventuell notwendig, einen \end_layout \begin_layout Code - # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -11469,7 +10911,6 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde): \end_layout \begin_layout Code - # modprobe ip6_tables \end_layout @@ -11478,12 +10919,10 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde): \end_layout \begin_layout Code - # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code - ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -11500,7 +10939,6 @@ Kurze Auflistung: \end_layout \begin_layout Code - # ip6tables -L \end_layout @@ -11509,7 +10947,6 @@ Erweiterte Auflistung: \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L \end_layout @@ -11518,7 +10955,6 @@ Auflistung angegebener Filter \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -11527,12 +10963,10 @@ Hinzufügen einer Log-Regel zum Input-Filter mit Optionen \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code - ¬ --log-level 7 \end_layout @@ -11541,7 +10975,6 @@ Hinzufügen einer Drop-Regel zum Input-Filter \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -11550,7 +10983,6 @@ Löschen einer Regel mit Hilfe der Regelnummer \end_layout \begin_layout Code - # ip6tables --table filter --delete INPUT 1 \end_layout @@ -11569,7 +11001,6 @@ Seit Kernel-Version 2.6.20 ist die Auswertung des IPv6-Verbindungsstatus gut \end_layout \begin_layout Code - # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -11587,7 +11018,6 @@ Eingehender ICMPv6 Verkehr durch Tunnel erlauben \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11596,7 +11026,6 @@ Ausgehenden ICMPv6 Verkehr durch Tunnel erlauben \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11605,7 +11034,6 @@ Neuere Kernel erlauben das Spezifizieren des ICMPv6-Typs: \end_layout \begin_layout Code - # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -11624,12 +11052,10 @@ n Patitionen entgegenzuwirken. \end_layout \begin_layout Code - # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code - ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -11648,12 +11074,10 @@ Eingehende SSH Verbindungen werden von der Adresse 2001:0db8:100::1/128 \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code - ¬ --dport 22 -j ACCEPT \end_layout @@ -11668,12 +11092,10 @@ nicht mehr notwendig, wenn der IPv6-Verbindungsstatus ausgewertet wird! \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code - ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -11691,7 +11113,6 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten am interface ppp0 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11700,7 +11121,6 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten am interface ppp0 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11715,7 +11135,6 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -11725,7 +11144,6 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -11749,7 +11167,6 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu diesem Host \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -11758,7 +11175,6 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu Hosts hinter diesem Router \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -11791,7 +11207,6 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten ausgehender Anfragen \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11801,7 +11216,6 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten auf Anfragen von hinter \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11830,7 +11244,6 @@ system-config-firewall \end_layout \begin_layout Code - Datei: /etc/sysconfig/ip6tables \end_layout @@ -11839,87 +11252,70 @@ Datei: /etc/sysconfig/ip6tables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11931,7 +11327,6 @@ Zwecks der Vollständigkeit ist hier auch die entsprechende Konfiguration \end_layout \begin_layout Code - Datei: /etc/sysconfig/iptables \end_layout @@ -11940,88 +11335,71 @@ Datei: /etc/sysconfig/iptables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -12044,12 +11422,10 @@ Aktivieren von IPv4 & IPv6 Firewalling \end_layout \begin_layout Code - # service iptables start \end_layout \begin_layout Code - # service ip6tables start \end_layout @@ -12060,12 +11436,10 @@ Aktivieren des automatischen Starts nach dem Reboot \end_layout \begin_layout Code - # chkconfig iptables on \end_layout \begin_layout Code - # chkconfig ip6tables on \end_layout @@ -12079,578 +11453,472 @@ Folgende Zeilen zeigen ein umfangreicheres Setup. \end_layout \begin_layout Code - # ip6tables -n -v -L \end_layout \begin_layout Code - Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain ext2int (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain int2ext (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -12688,7 +11956,6 @@ Wie bei IPv4 können Systeme hinter einem Router versteckt werden mit Hilfe \end_layout \begin_layout Code - # ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE \end_layout @@ -12706,7 +11973,6 @@ Eine dedizierte öffentliche IPv6-Adresse kann zu einer internen IPv6-Adresse \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout @@ -12725,7 +11991,6 @@ Ein dedizierter Port kann zu einem internen System weitergeleitet werden, \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti nation [fec0::1234]:80 \end_layout @@ -12779,22 +12044,18 @@ Laden der Kernel-Module \end_layout \begin_layout Code - # modprobe nf_tables \end_layout \begin_layout Code - # modprobe nf_tables_ipv4 \end_layout \begin_layout Code - # modprobe nf_tables_ipv6 \end_layout \begin_layout Code - # modprobe nf_tables_inet \end_layout @@ -12805,17 +12066,14 @@ Erzeugen der Filter-Tabellen \end_layout \begin_layout Code - # nft add table ip filter \end_layout \begin_layout Code - # nft add table ip6 filter \end_layout \begin_layout Code - # nft add table inet filter \end_layout @@ -12826,21 +12084,18 @@ Erzeugen einer input chain in jeder Filter-Tabelle \end_layout \begin_layout Code - # nft add chain ip filter input { type filter hook input priority 1 \backslash ; } \end_layout \begin_layout Code - # nft add chain ip6 filter input { type filter hook input priority 1 \backslash ; } \end_layout \begin_layout Code - # nft add chain inet filter input { type filter hook input priority 0 \backslash ; } @@ -12866,7 +12121,6 @@ Tabelle gehören \end_layout \begin_layout Code - # nft add rule inet filter input ct state established,related counter accept \end_layout @@ -12878,13 +12132,11 @@ Erlauben von IPv4 und IPv6 ICMP echo-request (aka ping) \end_layout \begin_layout Code - # nft add rule ip filter input icmp type { echo-request } counter accept \end_layout \begin_layout Code - # nft add rule ip6 filter input icmpv6 type echo-request counter accept \end_layout @@ -12897,32 +12149,26 @@ Erlauben einiger wichtiger IPv6 ICMP Pakete, ohne Zähler, dafür mit Hop-Limit- \end_layout \begin_layout Code - # nft add rule ip6 filter input icmpv6 type \end_layout \begin_layout Code - ¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } \end_layout \begin_layout Code - ¬ ip6 hoplimit 1 accept \end_layout \begin_layout Code - # nft add rule ip6 filter input icmpv6 type \end_layout \begin_layout Code - ¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } \end_layout \begin_layout Code - ¬ ip6 hoplimit 255 accept \end_layout @@ -12942,7 +12188,6 @@ inet \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -12967,37 +12212,30 @@ Tabelle für IPv4 Filter \end_layout \begin_layout Code - # nft list table ip filter \end_layout \begin_layout Code - table ip filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 1; \end_layout \begin_layout Code - icmp type { echo-request} counter packets 0 bytes 0 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13008,57 +12246,46 @@ Tabelle für IPv6 Filter \end_layout \begin_layout Code - # nft list table ip6 filter \end_layout \begin_layout Code - table ip6 filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 1; \end_layout \begin_layout Code - icmpv6 type echo-request counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip6 hoplimit 1 icmpv6 type \end_layout \begin_layout Code - -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - ip6 hoplimit 255 icmpv6 type \end_layout \begin_layout Code - -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13069,43 +12296,35 @@ Tabelle für IP unabhängigen Filter \end_layout \begin_layout Code - # nft list table inet filter \end_layout \begin_layout Code - table inet filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 44 bytes 2288 accept \end_layout \begin_layout Code - tcp dport ssh ct state new tcp flags & (syn | ack) == syn counter packets 0 bytes 0 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13217,12 +12436,10 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # nc6 ::1 daytime \end_layout \begin_layout Code - 13 JUL 2002 11:22:22 CEST \end_layout @@ -13244,53 +12461,43 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code - # nmap -6 -sT ::1 \end_layout \begin_layout Code - Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code - Interesting ports on localhost6 (::1): \end_layout \begin_layout Code - (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code - Port State Service \end_layout \begin_layout Code - 22/tcp open ssh \end_layout \begin_layout Code - 53/tcp open domain \end_layout \begin_layout Code - 515/tcp open printer \end_layout \begin_layout Code - 2401/tcp open cvspserver \end_layout \begin_layout Code - Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -13313,32 +12520,26 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code - ::1 2401 unassigned unknown \end_layout \begin_layout Code - ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code - ::1 515 printer spooler (lpd) \end_layout \begin_layout Code - ::1 6010 unassigned unknown \end_layout \begin_layout Code - ::1 53 domain Domain Name Server \end_layout @@ -13709,27 +12910,22 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Transport-Modus \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -13744,37 +12940,30 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Tunnel-Modus \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -13844,22 +13033,18 @@ Datei: /etc/racoon/racoon.conf \end_layout \begin_layout Code - # Racoon IKE daemon configuration file. \end_layout \begin_layout Code - # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code - path include "/etc/racoon"; \end_layout \begin_layout Code - path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -13868,22 +13053,18 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code - listen \end_layout \begin_layout Code - { \end_layout \begin_layout Code - isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code - } \end_layout @@ -13892,62 +13073,50 @@ listen \end_layout \begin_layout Code - remote 2001:db8:2:2::2 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exchange_mode main; \end_layout \begin_layout Code - lifetime time 24 hour; \end_layout \begin_layout Code - proposal \end_layout \begin_layout Code - { \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - hash_algorithm md5; \end_layout \begin_layout Code - authentication_method pre_shared_key; \end_layout \begin_layout Code - dh_group 2; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13956,42 +13125,34 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code - # gateway-to-gateway \end_layout \begin_layout Code - sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -14000,37 +13161,30 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -14047,12 +13201,10 @@ Datei: /etc/racoon/psk.txt \end_layout \begin_layout Code - # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code - # format is: 'identifier' 'key' \end_layout @@ -14061,7 +13213,6 @@ Datei: /etc/racoon/psk.txt \end_layout \begin_layout Code - 2001:db8:2:2::2 verysecret \end_layout @@ -14089,100 +13240,81 @@ Zum Schluss muss der Daemon gestartet werden. \end_layout \begin_layout Code - # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code - Foreground mode. \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net ) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code - ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code - ¬ queued due to no phase1 found. \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code - ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -14203,12 +13335,10 @@ tcpdump \end_layout \begin_layout Code - 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code - 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -14233,117 +13363,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code - A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code - A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -14448,22 +13555,18 @@ Datei: /etc/ipsec.conf \end_layout \begin_layout Code - # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code - # \end_layout \begin_layout Code - # Manual: ipsec.conf.5 \end_layout \begin_layout Code - version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -14472,27 +13575,22 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code - # basic configuration \end_layout \begin_layout Code - config setup \end_layout \begin_layout Code - # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code - # klipsdebug=none \end_layout \begin_layout Code - # plutodebug="control parsing" \end_layout @@ -14501,12 +13599,10 @@ config setup \end_layout \begin_layout Code - #Disable Opportunistic Encryption \end_layout \begin_layout Code - include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -14515,68 +13611,55 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code - conn ipv6-p1-p2 \end_layout \begin_layout Code - connaddrfamily=ipv6 # Important for IPv6, but no longer needed since StrongSwan 4 \end_layout \begin_layout Code - left=2001:db8:1:1::1 \end_layout \begin_layout Code - right=2001:db8:2:2::2 \end_layout \begin_layout Code - authby=secret \end_layout \begin_layout Code - esp=aes128-sha1 \end_layout \begin_layout Code - ike=aes128-sha-modp1024 \end_layout \begin_layout Code - type=transport \end_layout \begin_layout Code - #type=tunnel \end_layout \begin_layout Code - compress=no \end_layout \begin_layout Code - #compress=yes \end_layout \begin_layout Code - auto=add \end_layout \begin_layout Code - #auto=up \end_layout @@ -14597,7 +13680,6 @@ Datei: /etc/ipsec.secrets \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -14624,7 +13706,6 @@ Wenn die Installation von Openswan erfolgreich war, sollte ein initscript \end_layout \begin_layout Code - # /etc/rc.d/init.d/ipsec start \end_layout @@ -14644,42 +13725,34 @@ IPsec SA established \end_layout \begin_layout Code - # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code - 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code - 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code - 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code - 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code - ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -14699,117 +13772,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code - A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code - A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -14834,12 +13884,10 @@ ip \end_layout \begin_layout Code - # ip xfrm policy \end_layout \begin_layout Code - ... \end_layout @@ -14848,12 +13896,10 @@ ip \end_layout \begin_layout Code - # ip xfrm state \end_layout \begin_layout Code - ... \end_layout @@ -14903,39 +13949,32 @@ Vernünftig funktionierendes QoS ist nur an der ausgehenden Schnittstelle \end_layout \begin_layout Code - ------------------->------- \end_layout \begin_layout Code - Queue 1 \backslash \end_layout \begin_layout Code - --->--- ---->--------->--------->------------------- \end_layout \begin_layout Code - Dicke Leitung Queue 2 Queue 1 / Queue 2 / Queue 3 Dünne Leitung \end_layout \begin_layout Code - --->---- ---->--------->--------->------------------- \end_layout \begin_layout Code - Queue 3 / \end_layout \begin_layout Code - ------------------->------- \end_layout @@ -15017,7 +14056,6 @@ Definition einer root qdisc mit einer Bandbreite von 1000 MBit/s an eth1 \end_layout \begin_layout Code - # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -15034,7 +14072,6 @@ Definition einer Klasse 1:1 mit 1 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -15046,7 +14083,6 @@ Definition einer Klasse 1:2 mit 50 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -15058,7 +14094,6 @@ Definition einer Klasse 1:3 mit 10 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -15070,7 +14105,6 @@ Definition einer Klasse 1:4 mit 200 kBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -15100,7 +14134,6 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -15120,7 +14153,6 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -15136,7 +14168,6 @@ match ip6 flowlabel 0x12345 0x3ffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -15153,7 +14184,6 @@ handle 32 fw \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -15165,7 +14195,6 @@ Die letzte Filterdefinition benötigt auch einen Eintrag in ip6tables um \end_layout \begin_layout Code - # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -15183,17 +14212,14 @@ Starten auf Serverseite in separaten Konsolen: \end_layout \begin_layout Code - # iperf -V -s -p 5001 \end_layout \begin_layout Code - # iperf -V -s -p 5002 \end_layout \begin_layout Code - # iperf -V -s -p 5003 \end_layout @@ -15204,35 +14230,29 @@ Starten auf Clientseite und Vergleichen der Ergebnisse: \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5001 (erwartet: 1 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5001 (erwartet: 50 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5002 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5002 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5003 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5003 (erwartet: 200 kBit/s) \end_layout @@ -15316,22 +14336,18 @@ Folgende Optionen müssen geändert werden, damit IPv6 aktiviert wird \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { any; }; \end_layout \begin_layout Code - }; \end_layout @@ -15341,59 +14357,48 @@ Nach einem Neustart (des Dienstes) sollte z.B. \end_layout \begin_layout Code - # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code - ¬ # incoming TCP requests \end_layout \begin_layout Code - udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code - udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP request to any IPv6 \end_layout @@ -15402,7 +14407,6 @@ Ein kleiner Test sieht wie folgt aus: \end_layout \begin_layout Code - # dig localhost @::1 \end_layout @@ -15419,22 +14423,18 @@ Folgende Optionen müssen geändert werden, damit IPv6 deaktiviert wird: \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - }; \end_layout @@ -15449,67 +14449,54 @@ ACLs mit IPv6 Adressen sind realisierbar und sollten wann immer möglich \end_layout \begin_layout Code - acl internal-net { \end_layout \begin_layout Code - 127.0.0.1; \end_layout \begin_layout Code - 1.2.3.0/24; \end_layout \begin_layout Code - 2001:0db8:100::/56; \end_layout \begin_layout Code - ::1/128; \end_layout \begin_layout Code - ::ffff:1.2.3.4/128; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - acl ns-internal-net { \end_layout \begin_layout Code - 1.2.3.4; \end_layout \begin_layout Code - 1.2.3.5; \end_layout \begin_layout Code - 2001:0db8:100::4/128; \end_layout \begin_layout Code - 2001:0db8:100::5/128; \end_layout \begin_layout Code - }; \end_layout @@ -15521,32 +14508,26 @@ Diese ACLs können für Client-Anfragen und Zonentransfers zu Secondary Nameserv \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - allow-query { internal-net; }; \end_layout \begin_layout Code - allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code - }; \end_layout @@ -15572,7 +14553,6 @@ Diese Option ist nicht verpflichtend, ev. \end_layout \begin_layout Code - query-source-v6 address port ; \end_layout @@ -15593,7 +14573,6 @@ Die Transfer source Adresse wird für ausgehende Zonentransfers verwendet: \end_layout \begin_layout Code - transfer-source-v6 [port port]; \end_layout @@ -15606,7 +14585,6 @@ Die Notify source Adresse wird für ausgehende notify Mitteilungen verwendet: \end_layout \begin_layout Code - notify-source-v6 [port port]; \end_layout @@ -15763,27 +14741,22 @@ Eine IPv6 Verbindung kann durch Angabe eines dedizierten Server, der abgefragt \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -15792,7 +14765,6 @@ Aliases: \end_layout \begin_layout Code - Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -15802,17 +14774,14 @@ Ein entsprechender Log-Eintrag sieht wie folgt aus: \end_layout \begin_layout Code - Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code - ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code - query denied \end_layout @@ -15831,27 +14800,22 @@ Eine erfolgreiche IPv6 Verbindung sieht wie folgt aus: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -15860,14 +14824,12 @@ Aliases: \end_layout \begin_layout Code - www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code - 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -15912,52 +14874,42 @@ Wenn Sie nun einen "eingebauten" Service wie z.B. \end_layout \begin_layout Code - # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code - --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code - +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code - @@ -10,5 +10,5 @@ \end_layout \begin_layout Code - protocol = tcp \end_layout \begin_layout Code - user = root \end_layout \begin_layout Code - wait = no \end_layout \begin_layout Code - - disable = yes \end_layout \begin_layout Code - + disable = no \end_layout \begin_layout Code - } \end_layout @@ -15967,27 +14919,22 @@ dann sollten Sie nach einem Neustart des xinetd-Dienstes z.B. \end_layout \begin_layout Code - # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code - ¬ daytime/tcp \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -16048,27 +14995,22 @@ Virtueller Host mit IPv6 Adresse \end_layout \begin_layout Code - Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -16077,32 +15019,26 @@ Virtueller Host mit IPv4 und IPv6 Adresse \end_layout \begin_layout Code - Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code - Listen 1.2.3.4:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -16111,24 +15047,20 @@ Das Ergebnis sollten nach einen Neustart des Dienstes etwa Folgendes sein: \end_layout \begin_layout Code - # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -16235,52 +15167,42 @@ Die Konfigurationsdatei des radvd ist normalerweise die Datei /etc/radvd.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code - AdvOnLink on; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16289,28 +15211,23 @@ Als Ergebnis auf der Client-Seite ergibt sich hieraus: \end_layout \begin_layout Code - # ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -16337,67 +15254,54 @@ Seit der Version 0.6.2pl3 wird die automatische (Neu)-Erstellung des Präfixes \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code - AdvOnLink off; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - Base6to4Interface ppp0; \end_layout \begin_layout Code - AdvPreferredLifetime 20; \end_layout \begin_layout Code - AdvValidLifetime 30; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16407,28 +15311,23 @@ Das Ergebnis auf Clientseite ist (unter der Annahme, dass ppp0 die lokale \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -16447,7 +15346,6 @@ Achtung: wenn keine spezielle 6to4-Unterstützung der initscripts benutzt \end_layout \begin_layout Code - # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -16477,107 +15375,86 @@ radvdump \end_layout \begin_layout Code - # radvdump \end_layout \begin_layout Code - Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code - AdvCurHopLimit: 64 \end_layout \begin_layout Code - AdvManagedFlag: off \end_layout \begin_layout Code - AdvOtherConfigFlag: off \end_layout \begin_layout Code - AdvHomeAgentFlag: off \end_layout \begin_layout Code - AdvReachableTime: 0 \end_layout \begin_layout Code - AdvRetransTimer: 0 \end_layout \begin_layout Code - Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 30 \end_layout \begin_layout Code - AdvPreferredLifetime: 20 \end_layout \begin_layout Code - AdvOnLink: off \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 2592000 \end_layout \begin_layout Code - AdvPreferredLifetime: 604800 \end_layout \begin_layout Code - AdvOnLink: on \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -16643,67 +15520,54 @@ Die Konfigurationsdatei des dhcp6s ist normalerweise /etc/dhcp6s.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - server-preference 255; \end_layout \begin_layout Code - renew-time 60; \end_layout \begin_layout Code - rebind-time 90; \end_layout \begin_layout Code - prefer-life-time 130; \end_layout \begin_layout Code - valid-life-time 200; \end_layout \begin_layout Code - allow rapid-commit; \end_layout \begin_layout Code - option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code - link AAA { \end_layout \begin_layout Code - range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code - prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16727,22 +15591,18 @@ Die Konfigurationsdatei von dhcp6c ist normalerweise /etc/dhcp6c.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - send rapid-commit; \end_layout \begin_layout Code - request domain-name-servers; \end_layout \begin_layout Code - }; \end_layout @@ -16766,7 +15626,6 @@ Starten des Servers, z.B. \end_layout \begin_layout Code - # service dhcp6s start \end_layout @@ -16784,12 +15643,10 @@ Starten des Clients im Vordergrund, z.B. \end_layout \begin_layout Code - # dhcp6c -f eth0 \end_layout \begin_layout Code - ... \end_layout @@ -16813,7 +15670,6 @@ Der Server hat einen Vordergrund und zwei Debug-Schalter (von denen beide \end_layout \begin_layout Code - # dhcp6c -d -D -f eth0 \end_layout @@ -16831,7 +15687,6 @@ Mit einem IPv6 Ping an die DHCP Multicast-Adresse kann getestet werden, \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1:2 \end_layout @@ -16842,58 +15697,47 @@ Der Client hat einen Vordergrund und zwei Debug-Schalter, hier ein Beispiel: \end_layout \begin_layout Code - # dhcp6c -d -f eth0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code - Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -16960,32 +15804,26 @@ Erstellen einer eigenen Konfigurationsdatei /etc/dhcp/dhcpd6.conf für den \end_layout \begin_layout Code - default-lease-time 600; \end_layout \begin_layout Code - max-lease-time 7200; \end_layout \begin_layout Code - log-facility local7; \end_layout \begin_layout Code - subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients \end_layout \begin_layout Code - range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout @@ -16994,12 +15832,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients requesting a temporary address \end_layout \begin_layout Code - range6 2001:db8:0:1::/64 temporary; \end_layout @@ -17008,17 +15844,14 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Additional options \end_layout \begin_layout Code - option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code - option dhcp6.domain-search "domain.example"; \end_layout @@ -17027,12 +15860,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Prefix range for delegation to sub-routers \end_layout \begin_layout Code - prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout @@ -17041,33 +15872,27 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Example for a fixed host address \end_layout \begin_layout Code - host specialclient { \end_layout \begin_layout Code - host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code - fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -17106,7 +15931,6 @@ dhcp6c \end_layout \begin_layout Code - # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -17132,56 +15956,46 @@ Starte den Server im Vordergrund: \end_layout \begin_layout Code - # /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth1 \end_layout \begin_layout Code - Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code - Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code - All rights reserved. \end_layout \begin_layout Code - For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code - Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code - Wrote 0 leases to leases file. \end_layout \begin_layout Code - Bound to *:547 \end_layout \begin_layout Code - Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code - Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -17224,62 +16038,50 @@ Erstellen der Konfigurationsdatei /etc/dibbler/server.conf . \end_layout \begin_layout Code - log-level 8 \end_layout \begin_layout Code - log-mode short \end_layout \begin_layout Code - preference 0 \end_layout \begin_layout Code - iface "eth1" { \end_layout \begin_layout Code - prefered-lifetime 3600 \end_layout \begin_layout Code - valid-lifetime 7200 \end_layout \begin_layout Code - class { \end_layout \begin_layout Code - pool 2001:db8:0:1::/64 \end_layout \begin_layout Code - } \end_layout \begin_layout Code - option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code - option domain domain.example \end_layout \begin_layout Code - } \end_layout @@ -17302,148 +16104,124 @@ Start Server im Vorgergrund: \end_layout \begin_layout Code - # dibbler-server run \end_layout \begin_layout Code - | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code - | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code - | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code - | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code - 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code - 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code - 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code - 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code - 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code - 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code - 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code - 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code - 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code - 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code - 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code - 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -17508,7 +16286,6 @@ s.allow sowie /etc/hosts.deny. \end_layout \begin_layout Code - $ man hosts.allow \end_layout @@ -17523,13 +16300,11 @@ In dieser Datei wird ein Dienst pro Zeile eingetragen, der positiv gefiltert \end_layout \begin_layout Code - sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code - daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -17550,7 +16325,6 @@ In dieser Datei werden alle Einträge negativ gefiltert. \end_layout \begin_layout Code - ALL: ALL \end_layout @@ -17562,12 +16336,10 @@ Sie können bei Bedarf obige Standardzeile auch durch Folgende ersetzen, \end_layout \begin_layout Code - ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code - | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -17590,22 +16362,18 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code - Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -17616,27 +16384,22 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code - Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code - Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code - ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -17650,22 +16413,18 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code - Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -17675,22 +16434,18 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem auf zwei Ports hörenden \end_layout \begin_layout Code - Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ port 33381 ssh2 \end_layout \begin_layout Code - Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -17726,7 +16481,6 @@ listen \end_layout \begin_layout Code - listen_ipv6=yes \end_layout @@ -17761,27 +16515,22 @@ Editiere die Konfigurationsdatei, üblicherweise /etc/proftpd.conf, allerdings \end_layout \begin_layout Code - \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Bind 2001:0DB8::1 \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - \end_layout diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf index 3c63ca42..10c6fb44 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml index b9dcddb4..768a347e 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml @@ -2028,9 +2028,9 @@ table ip6 filter { type filter hook input priority 1; icmpv6 type echo-request counter packets 0 bytes 0 accept ip6 hoplimit 1 icmpv6 type -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept ip6 hoplimit 255 icmpv6 type -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept } } ]]>Tabelle für IP unabhängigen Filter diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html index 78e24e50..f62cbedc 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html @@ -11736,9 +11736,9 @@ table ip6 filter { type filter hook input priority 1; icmpv6 type echo-request counter packets 0 bytes 0 accept ip6 hoplimit 1 icmpv6 type -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept ip6 hoplimit 255 icmpv6 type -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept } } \end_layout @@ -1298,7 +1296,6 @@ For real use on your system command line or in scripts this has to be replaced \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -1311,7 +1308,6 @@ Commands executable as non-root user begin with $, e.g. \end_layout \begin_layout Code - $ whoami \end_layout @@ -1320,7 +1316,6 @@ Commands executable as root user begin with #, e.g. \end_layout \begin_layout Code - # whoami \end_layout @@ -1515,72 +1510,58 @@ The first IPv6 related network code was added to the Linux kernel 2.1.8 in \end_layout \begin_layout Code - diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code - ¬ linux/include/linux/in6.h \end_layout \begin_layout Code - --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code - +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code - @@ -0,0 +1,99 @@ \end_layout \begin_layout Code - +/* \end_layout \begin_layout Code - + * Types and definitions for AF_INET6 \end_layout \begin_layout Code - + * Linux INET6 implementation \end_layout \begin_layout Code - + * + * Authors: \end_layout \begin_layout Code - + * Pedro Roque <******> \end_layout \begin_layout Code - + * \end_layout \begin_layout Code - + * Source: \end_layout \begin_layout Code - + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code - + * \end_layout @@ -1689,7 +1670,6 @@ As previously mentioned, IPv6 addresses are 128 bits long. \end_layout \begin_layout Code - 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1712,7 +1692,6 @@ nibble \end_layout \begin_layout Code - 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1730,7 +1709,6 @@ This representation is still not very convenient (possible mix-up or loss \end_layout \begin_layout Code - 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1740,7 +1718,6 @@ A usable address (see address types later) is e.g.: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1751,12 +1728,10 @@ For simplifications, leading zeros of each 16 bit block can be omitted: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code - ¬ 2001:db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1782,7 +1757,6 @@ ion. \end_layout \begin_layout Code - 2001:0db8:100:f101:0:0:0:1 -> 2001:db8:100:f101::1 \end_layout @@ -1792,7 +1766,6 @@ The biggest reduction is seen by the IPv6 localhost address: \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1816,12 +1789,10 @@ target "http://www.faqs.org/rfcs/rfc1924.html" \end_layout \begin_layout Code - # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code - 9R}vSQZ1W=9A_Q74Lz&R \end_layout @@ -2032,7 +2003,6 @@ This is a special address for the loopback interface, similiar to IPv4 with \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2041,7 +2011,6 @@ or compressed: \end_layout \begin_layout Code - ::1 \end_layout @@ -2077,7 +2046,6 @@ any \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2086,7 +2054,6 @@ or: \end_layout \begin_layout Code - :: \end_layout @@ -2122,7 +2089,6 @@ These addresses are defined with a special prefix of length 96 (a.b.c.d is \end_layout \begin_layout Code - 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2131,7 +2097,6 @@ or in compressed format \end_layout \begin_layout Code - ::ffff:a.b.c.d/96 \end_layout @@ -2140,7 +2105,6 @@ For example, the IPv4 address 1.2.3.4 looks like this: \end_layout \begin_layout Code - ::ffff:1.2.3.4 \end_layout @@ -2169,7 +2133,6 @@ reference "tunneling-6to4" \end_layout \begin_layout Code - 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2178,7 +2141,6 @@ or in compressed format \end_layout \begin_layout Code - ::a.b.c.d/96 \end_layout @@ -2259,22 +2221,18 @@ x \end_layout \begin_layout Code - fe8x: <- currently the only one in use \end_layout \begin_layout Code - fe9x: \end_layout \begin_layout Code - feax: \end_layout \begin_layout Code - febx: \end_layout @@ -2320,22 +2278,18 @@ It begins with: \end_layout \begin_layout Code - fecx: <- most commonly used \end_layout \begin_layout Code - fedx: \end_layout \begin_layout Code - feex: \end_layout \begin_layout Code - fefx: \end_layout @@ -2410,12 +2364,10 @@ It begins with: \end_layout \begin_layout Code - fcxx: \end_layout \begin_layout Code - fdxx: <- currently the only one in use \end_layout @@ -2438,7 +2390,6 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code - fd0f:8b72:ac90::/48 \end_layout @@ -2470,12 +2421,10 @@ x \end_layout \begin_layout Code - 2xxx: \end_layout \begin_layout Code - 3xxx: \end_layout @@ -2506,7 +2455,6 @@ These were the first global addresses which were defined and in use. \end_layout \begin_layout Code - 3ffe: \end_layout @@ -2515,7 +2463,6 @@ Example: \end_layout \begin_layout Code - 3ffe:ffff:100:f102::1 \end_layout @@ -2525,7 +2472,6 @@ A special 6bone test address which will never be globally unique begins \end_layout \begin_layout Code - 3ffe:ffff: \end_layout @@ -2577,7 +2523,6 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code - 2002: \end_layout @@ -2586,7 +2531,6 @@ For example, representing 192.168.1.1/5: \end_layout \begin_layout Code - 2002:c0a8:0101:5::1 \end_layout @@ -2596,12 +2540,10 @@ A small shell command line can help you generating such address out of a \end_layout \begin_layout Code - ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code - ¬ | tr "." " "` $sla \end_layout @@ -2635,7 +2577,6 @@ These addresses are delegated to Internet service providers (ISP) and begin \end_layout \begin_layout Code - 2001: \end_layout @@ -2674,12 +2615,10 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code - 3fff:ffff::/32 \end_layout \begin_layout Code - 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2708,7 +2647,6 @@ xx \end_layout \begin_layout Code - ffxy: \end_layout @@ -2797,7 +2735,6 @@ An example of this address looks like \end_layout \begin_layout Code - ff02::1:ff00:1234 \end_layout @@ -2854,7 +2791,6 @@ A simple example for an anycast address is the subnet-router anycast address. \end_layout \begin_layout Code - 2001:db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2864,7 +2800,6 @@ The subnet-router anycast address will be created blanking the suffix (least \end_layout \begin_layout Code - 2001:db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2904,7 +2839,6 @@ E.g. \end_layout \begin_layout Code - 00:10:a4:01:23:45 \end_layout @@ -2922,7 +2856,6 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code - 0210:a4ff:fe01:2345 \end_layout @@ -2932,7 +2865,6 @@ With a given prefix, the result is the IPv6 address shown in example above: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -2985,7 +2917,6 @@ For servers, it's probably easier to remember simpler addresses, this can \end_layout \begin_layout Code - 2001:0db8:100:f101::1 \end_layout @@ -3077,7 +3008,6 @@ An example: \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -3091,7 +3021,6 @@ Network: \end_layout \begin_layout Code - 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -3100,7 +3029,6 @@ Netmask: \end_layout \begin_layout Code - ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3119,12 +3047,10 @@ For example if a routing table shows following entries (list is not complete): \end_layout \begin_layout Code - 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code - 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3134,12 +3060,10 @@ Shown destination addresses of IPv6 packets will be routed through shown \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code - 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -3203,7 +3127,6 @@ To check, whether your current running kernel supports IPv6, take a look \end_layout \begin_layout Code - /proc/net/if_inet6 \end_layout @@ -3213,7 +3136,6 @@ A short automatical test looks like: \end_layout \begin_layout Code - # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3232,7 +3154,6 @@ You can try to load the IPv6 module executing \end_layout \begin_layout Code - # modprobe ipv6 \end_layout @@ -3243,7 +3164,6 @@ If this is successful, this module should be listed, testable with following \end_layout \begin_layout Code - # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3268,7 +3188,6 @@ Its possible to automatically load the IPv6 module on demand. \end_layout \begin_layout Code - alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -3278,7 +3197,6 @@ It's also possible to disable automatically loading of the IPv6 module using \end_layout \begin_layout Code - alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3536,12 +3454,10 @@ Auto-magically check: \end_layout \begin_layout Code - # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code - ¬ IPv6-ready" \end_layout @@ -3555,7 +3471,6 @@ route \end_layout \begin_layout Code - # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3574,7 +3489,6 @@ Alexey N. \end_layout \begin_layout Code - # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3638,17 +3552,14 @@ Usage \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 [-I ] \end_layout @@ -3658,7 +3569,6 @@ Some implementation also support % suffix instead of using -I , \end_layout \begin_layout Code - # ping6 % \end_layout @@ -3667,17 +3577,14 @@ Example \end_layout \begin_layout Code - # ping6 -c 1 ::1 \end_layout \begin_layout Code - PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3686,17 +3593,14 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - --- ::1 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code - round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3727,12 +3631,10 @@ Using link-local addresses for an IPv6 ping, the kernel does not know through \end_layout \begin_layout Code - # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - connect: Invalid argument \end_layout @@ -3741,22 +3643,18 @@ In this case you have to specify the interface additionally like shown here: \end_layout \begin_layout Code - # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code - PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3765,17 +3663,14 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code - ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3784,7 +3679,6 @@ Example for % notation: \end_layout \begin_layout Code - # ping6 -c 1 fe80::2e0:18ff:fe90:9205%eth0 \end_layout @@ -3798,22 +3692,18 @@ An interesting mechanism to detect IPv6-active hosts on a link is to ping6 \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code - PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code - 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3823,7 +3713,6 @@ Example for % notation: \end_layout \begin_layout Code - # ping6 ff02::1%eth0 \end_layout @@ -3854,51 +3743,42 @@ iputils \end_layout \begin_layout Code - # traceroute6 www.6bone.net \end_layout \begin_layout Code - traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code - ¬ hops max, 16 byte packets \end_layout \begin_layout Code - 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code - 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code - 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code - 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code - 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code - 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3940,52 +3820,42 @@ iputils \end_layout \begin_layout Code - # tracepath6 www.6bone.net \end_layout \begin_layout Code - 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code - 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code - 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code - 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code - 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code - 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code - 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code - 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code - Resume: pmtu 1280 \end_layout @@ -4074,32 +3944,26 @@ IPv6 ping to \end_layout \begin_layout Code - # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on eth0 \end_layout \begin_layout Code - 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code - ¬ request (len 64, hlim 64) \end_layout \begin_layout Code - 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code - ¬ reply (len 64, hlim 64) \end_layout @@ -4116,52 +3980,42 @@ IPv6 ping to \end_layout \begin_layout Code - # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on ppp0 \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4245,7 +4099,6 @@ Because of security updates in the last years every Domain Name System (DNS) \end_layout \begin_layout Code - # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4254,20 +4107,17 @@ and should show something like following: \end_layout \begin_layout Code - www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code - tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code - ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4281,30 +4131,25 @@ IPv6-ready telnet clients are available. \end_layout \begin_layout Code - $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code - Trying 3ffe:400:100::1... \end_layout \begin_layout Code - Connected to 3ffe:400:100::1. \end_layout \begin_layout Code - Escape character is '^]'. \end_layout \begin_layout Code - HEAD / HTTP/1.0 \end_layout @@ -4313,47 +4158,38 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code - HTTP/1.1 200 OK \end_layout \begin_layout Code - Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code - GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code - Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code - ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code - Accept-Ranges: bytes \end_layout \begin_layout Code - Content-Length: 2637 \end_layout \begin_layout Code - Connection: close \end_layout \begin_layout Code - Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4362,7 +4198,6 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code - Connection closed by foreign host. \end_layout @@ -4403,17 +4238,14 @@ Current versions of openssh are IPv6-ready. \end_layout \begin_layout Code - $ ssh -6 ::1 \end_layout \begin_layout Code - user@::1's password: ****** \end_layout \begin_layout Code - [user@ipv6host user]$ \end_layout @@ -4960,12 +4792,10 @@ Usage: \end_layout \begin_layout Code - # ip link set dev up \end_layout \begin_layout Code - # ip link set dev down \end_layout @@ -4978,12 +4808,10 @@ Example: \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout @@ -4997,12 +4825,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig up \end_layout \begin_layout Code - # /sbin/ifconfig down \end_layout @@ -5011,12 +4837,10 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 up \end_layout \begin_layout Code - # /sbin/ifconfig eth0 down \end_layout @@ -5067,7 +4891,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev \end_layout @@ -5076,27 +4899,22 @@ Example for a static configured host: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: \end_layout @@ -5168,22 +4977,18 @@ Example (output filtered with grep to display only IPv6 addresses). \end_layout \begin_layout Code - # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code - inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code - inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code - inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5205,7 +5010,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr add / dev \end_layout @@ -5214,7 +5018,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5228,7 +5031,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 add / \end_layout @@ -5237,7 +5039,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -5260,7 +5061,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr del / dev \end_layout @@ -5269,7 +5069,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5283,7 +5082,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 del / \end_layout @@ -5292,7 +5090,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -5345,7 +5142,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route show [dev ] \end_layout @@ -5355,27 +5151,22 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code - 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5389,7 +5180,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -5401,42 +5191,34 @@ Example (output is filtered for interface eth0). \end_layout \begin_layout Code - # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code - 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code - ¬ addresses \end_layout \begin_layout Code - ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -5459,12 +5241,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5473,7 +5253,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2001:0db8:0:f101::1 \end_layout @@ -5487,12 +5266,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5510,7 +5287,6 @@ Following shown example adds a default route through gateway \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1 \end_layout @@ -5534,12 +5310,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5548,7 +5322,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route del default via 2001:0db8:0:f101::1 \end_layout @@ -5562,12 +5335,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code - ¬ ] \end_layout @@ -5576,7 +5347,6 @@ Example for removing upper added route again: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1 \end_layout @@ -5599,12 +5369,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / dev \end_layout \begin_layout Code - ¬ metric 1 \end_layout @@ -5613,7 +5381,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route add default dev eth0 metric 1 \end_layout @@ -5656,7 +5423,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / dev \end_layout @@ -5665,7 +5431,6 @@ Example: \end_layout \begin_layout Code - # /sbin/route -A inet6 add default dev eth0 \end_layout @@ -5688,7 +5453,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / dev \end_layout @@ -5697,7 +5461,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route del default dev eth0 \end_layout @@ -5711,7 +5474,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / dev \end_layout @@ -5721,7 +5483,6 @@ Example: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default dev eth0 \end_layout @@ -5760,17 +5521,14 @@ Client can setup a default route like prefix \end_layout \begin_layout Code - # ip -6 route show | grep ^default \end_layout \begin_layout Code - default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code - ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5852,7 +5610,6 @@ With following command you can display the learnt or configured IPv6 neighbors \end_layout \begin_layout Code - # ip -6 neigh show [dev ] \end_layout @@ -5861,12 +5618,10 @@ The following example shows one neighbor, which is a reachable router \end_layout \begin_layout Code - # ip -6 neigh show \end_layout \begin_layout Code - fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -5891,7 +5646,6 @@ With following command you are able to manually add an entry \end_layout \begin_layout Code - # ip -6 neigh add lladdr dev \end_layout @@ -5900,7 +5654,6 @@ Example: \end_layout \begin_layout Code - # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5913,7 +5666,6 @@ Like adding also an entry can be deleted: \end_layout \begin_layout Code - # ip -6 neigh del lladdr dev \end_layout @@ -5922,7 +5674,6 @@ Example: \end_layout \begin_layout Code - # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5952,28 +5703,23 @@ help \end_layout \begin_layout Code - # ip -6 neigh help \end_layout \begin_layout Code - Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code - [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code - | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code - ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -6163,27 +5909,22 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code - | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code - | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code - | 0x2002 | | | | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6394,7 +6135,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -6403,17 +6143,14 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show \end_layout \begin_layout Code - sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code - sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6426,7 +6163,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -6436,7 +6172,6 @@ Example (output is filtered to display only tunnels through virtual interface \end_layout \begin_layout Code - # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6445,27 +6180,22 @@ W*$" \end_layout \begin_layout Code - ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code - 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6531,12 +6261,10 @@ Usage for creating a tunnel device (but it's not up afterward, also a TTL \end_layout \begin_layout Code - # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -6545,22 +6273,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6569,22 +6293,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6593,22 +6313,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6629,7 +6345,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6638,17 +6353,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit1 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6657,17 +6369,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit2 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6676,17 +6385,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit3 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6712,7 +6418,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6721,32 +6426,26 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6775,7 +6474,6 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code - # /sbin/ip tunnel del \end_layout @@ -6784,17 +6482,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code - # /sbin/ip link set sit1 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit1 \end_layout @@ -6803,17 +6498,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code - # /sbin/ip link set sit2 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit2 \end_layout @@ -6822,17 +6514,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code - # /sbin/ip link set sit3 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit3 \end_layout @@ -6851,12 +6540,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code - # /sbin/ifconfig sit3 down \end_layout @@ -6865,12 +6552,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code - # /sbin/ifconfig sit2 down \end_layout @@ -6879,12 +6564,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code - # /sbin/ifconfig sit1 down \end_layout @@ -6893,7 +6576,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6915,32 +6597,26 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6949,7 +6625,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7008,7 +6683,6 @@ Assuming your IPv4 address is \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -7017,7 +6691,6 @@ the generated 6to4 prefix will be \end_layout \begin_layout Code - 2002:0102:0304:: \end_layout @@ -7036,7 +6709,6 @@ Local 6to4 gateways should (but it's not a must, you can choose an arbitrary \end_layout \begin_layout Code - 2002:0102:0304::1 \end_layout @@ -7046,7 +6718,6 @@ Use e.g. \end_layout \begin_layout Code - ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -7068,12 +6739,10 @@ Create a new tunnel device \end_layout \begin_layout Code - # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code - ¬ \end_layout @@ -7082,7 +6751,6 @@ Bring interface up \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 up \end_layout @@ -7091,7 +6759,6 @@ Add local 6to4 address to interface (note: prefix length 16 is important!) \end_layout \begin_layout Code - # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -7101,7 +6768,6 @@ Add (default) route to the global IPv6 network using the all-6to4-routers \end_layout \begin_layout Code - # /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -7120,7 +6786,6 @@ ip \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -7147,7 +6812,6 @@ Bring generic tunnel interface sit0 up \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -7156,7 +6820,6 @@ Add local 6to4 address to interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 add /16 \end_layout @@ -7166,7 +6829,6 @@ Add (default) route to the global IPv6 network using the all-6to4-relays \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0 \end_layout @@ -7183,7 +6845,6 @@ Remove all routes through this dedicated tunnel device \end_layout \begin_layout Code - # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -7192,7 +6853,6 @@ Shut down interface \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 down \end_layout @@ -7201,7 +6861,6 @@ Remove created tunnel device \end_layout \begin_layout Code - # /sbin/ip tunnel del tun6to4 \end_layout @@ -7238,7 +6897,6 @@ Remove (default) route through the 6to4 tunnel interface \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0 \end_layout @@ -7247,7 +6905,6 @@ Remove local 6to4 address to interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 del /16 \end_layout @@ -7257,7 +6914,6 @@ Shut down generic tunnel device (take care about this, perhaps it's still \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7297,7 +6953,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -7306,28 +6961,23 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code - ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 \end_layout \begin_layout Code - ¬ flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code - ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 \end_layout \begin_layout Code - ¬ hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -7344,12 +6994,10 @@ Usage for creating a 4over6 tunnel device (but it's not up afterward) \end_layout \begin_layout Code - # /sbin/ip tunnel add mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -7358,22 +7006,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -7382,22 +7026,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -7406,22 +7046,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -7434,7 +7070,6 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del \end_layout @@ -7443,17 +7078,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -7462,17 +7094,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -7481,17 +7110,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -7584,7 +7210,6 @@ The /proc-filesystem had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code - CONFIG_PROC_FS=y \end_layout @@ -7593,12 +7218,10 @@ The /proc-filesystem was mounted before, which can be tested using \end_layout \begin_layout Code - # mount | grep "type proc" \end_layout \begin_layout Code - none on /proc type proc (rw) \end_layout @@ -7629,12 +7252,10 @@ cat \end_layout \begin_layout Code - # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code - 0 \end_layout @@ -7655,7 +7276,6 @@ echo \end_layout \begin_layout Code - # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -7711,7 +7331,6 @@ The sysctl-interface had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code - CONFIG_SYSCTL=y \end_layout @@ -7724,12 +7343,10 @@ The value of an entry can be retrieved now: \end_layout \begin_layout Code - # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7742,12 +7359,10 @@ A new value can be set (if entry is writable): \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7765,12 +7380,10 @@ Note: Don't use spaces around the \end_layout \begin_layout Code - # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code - net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -8238,12 +7851,10 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code - ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code - ¬ seq=426, pid=0 \end_layout @@ -8715,27 +8326,22 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code - # cat /proc/net/if_inet6 \end_layout \begin_layout Code - 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code - +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code - | | | | | | \end_layout \begin_layout Code - 1 2 3 4 5 6 \end_layout @@ -8826,27 +8432,22 @@ net/ipv6/route.c \end_layout \begin_layout Code - # cat /proc/net/ipv6_route \end_layout \begin_layout Code - 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code - +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code - | | | | \end_layout \begin_layout Code - 1 2 3 4 \end_layout @@ -8855,22 +8456,18 @@ net/ipv6/route.c \end_layout \begin_layout Code - ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code - ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code - ¬ | | | | | | \end_layout \begin_layout Code - ¬ 5 6 7 8 9 10 \end_layout @@ -8930,27 +8527,22 @@ Statistics about used IPv6 sockets. \end_layout \begin_layout Code - # cat /proc/net/sockstat6 \end_layout \begin_layout Code - TCP6: inuse 7 \end_layout \begin_layout Code - UDP6: inuse 2 \end_layout \begin_layout Code - RAW6: inuse 1 \end_layout \begin_layout Code - FRAG6: inuse 0 memory 0 \end_layout @@ -9132,375 +8724,307 @@ Example: \end_layout \begin_layout Code - # netstat -nlptu \end_layout \begin_layout Code - Active Internet connections (only servers) \end_layout \begin_layout Code - Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code - ¬ PID/Program name \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 22433/lpd Waiting \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1746/smbd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 3551/X \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18735/junkbuster \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code - ¬ 1410/sshd \end_layout \begin_layout Code - tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code - ¬ 13237/sshd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - udp 0 0 :::53 :::* \end_layout \begin_layout Code - ¬ 30734/named \end_layout @@ -9532,32 +9056,26 @@ Router advertisement \end_layout \begin_layout Code - 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code - ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code - ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code - ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code - ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code - ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -9610,12 +9128,10 @@ Router solicitation \end_layout \begin_layout Code - 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code - ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -9683,12 +9199,10 @@ fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -9705,18 +9219,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9733,18 +9244,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code - ¬ 255) \end_layout @@ -9765,18 +9273,15 @@ Node wants to send packages to \end_layout \begin_layout Code - 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code - ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9793,12 +9298,10 @@ fe80::10 \end_layout \begin_layout Code - 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code - ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -9920,7 +9423,6 @@ You can test, whether your Linux distribution contain support for persistent \end_layout \begin_layout Code - /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -9929,13 +9431,11 @@ Auto-magically test: \end_layout \begin_layout Code - # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code - ¬ IPv6 script library exists" \end_layout @@ -9945,17 +9445,14 @@ The version of the library is important if you miss some features. \end_layout \begin_layout Code - # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code - ¬ getversion_ipv6_functions \end_layout \begin_layout Code - 20011124 \end_layout @@ -9994,12 +9491,10 @@ Check whether running system has already IPv6 module loaded \end_layout \begin_layout Code - # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code - alias net-pf-10 off \end_layout @@ -10017,7 +9512,6 @@ off \end_layout \begin_layout Code - NETWORKING_IPV6=yes \end_layout @@ -10026,7 +9520,6 @@ Reboot or restart networking using \end_layout \begin_layout Code - # service network restart \end_layout @@ -10035,12 +9528,10 @@ Now IPv6 module should be loaded \end_layout \begin_layout Code - # modprobe -c | grep ipv6 \end_layout \begin_layout Code - alias net-pf-10 ipv6 \end_layout @@ -10100,7 +9591,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IP6ADDR="/" \end_layout @@ -10126,7 +9616,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IPADDR="/" \end_layout @@ -10167,54 +9656,44 @@ Configure your interface. \end_layout \begin_layout Code - iface eth0 inet6 static \end_layout \begin_layout Code - pre-up modprobe ipv6 \end_layout \begin_layout Code - address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code - # To suppress completely autoconfiguration: \end_layout \begin_layout Code - # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code - netmask 64 \end_layout \begin_layout Code - # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code - # It is magically \end_layout \begin_layout Code - # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code - #gateway 2001:0db8:1234:5::1 \end_layout @@ -10223,7 +9702,6 @@ And you reboot or you just \end_layout \begin_layout Code - # ifup --force eth0 \end_layout @@ -10294,22 +9772,18 @@ Example: \end_layout \begin_layout Code - # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code - inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code - valid_lft forever preferred_lft forever \end_layout @@ -10820,7 +10294,6 @@ Change to source directory: \end_layout \begin_layout Code - # cd /path/to/src \end_layout @@ -10829,12 +10302,10 @@ Unpack and rename kernel sources \end_layout \begin_layout Code - # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code - # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -10843,7 +10314,6 @@ Unpack iptables sources \end_layout \begin_layout Code - # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -10856,7 +10326,6 @@ Change to iptables directory \end_layout \begin_layout Code - # cd iptables-version \end_layout @@ -10865,7 +10334,6 @@ Apply pending patches \end_layout \begin_layout Code - # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10876,7 +10344,6 @@ Apply additional IPv6 related patches (still not in the vanilla kernel included) \end_layout \begin_layout Code - # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10915,12 +10382,10 @@ Check IPv6 extensions \end_layout \begin_layout Code - # make print-extensions \end_layout \begin_layout Code - Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -10933,7 +10398,6 @@ Change to kernel sources \end_layout \begin_layout Code - # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -10942,12 +10406,10 @@ Edit Makefile \end_layout \begin_layout Code - - EXTRAVERSION = \end_layout \begin_layout Code - + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -10956,99 +10418,80 @@ Run configure, enable IPv6 related \end_layout \begin_layout Code - Code maturity level options \end_layout \begin_layout Code - Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code - Networking options \end_layout \begin_layout Code - Network packet filtering: yes \end_layout \begin_layout Code - The IPv6 protocol: module \end_layout \begin_layout Code - IPv6: Netfilter Configuration \end_layout \begin_layout Code - IP6 tables support: module \end_layout \begin_layout Code - All new options like following: \end_layout \begin_layout Code - limit match support: module \end_layout \begin_layout Code - MAC address match support: module \end_layout \begin_layout Code - Multiple port match support: module \end_layout \begin_layout Code - Owner match support: module \end_layout \begin_layout Code - netfilter MARK match support: module \end_layout \begin_layout Code - Aggregated address check: module \end_layout \begin_layout Code - Packet filtering: module \end_layout \begin_layout Code - REJECT target support: module \end_layout \begin_layout Code - LOG target support: module \end_layout \begin_layout Code - Packet mangling: module \end_layout \begin_layout Code - MARK target support: module \end_layout @@ -11075,7 +10518,6 @@ Rename older directory \end_layout \begin_layout Code - # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -11084,7 +10526,6 @@ Create a new softlink \end_layout \begin_layout Code - # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -11093,7 +10534,6 @@ Rebuild SRPMS \end_layout \begin_layout Code - # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -11107,7 +10547,6 @@ On RH 7.1 systems, normally, already an older version is installed, therefore \end_layout \begin_layout Code - # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11116,7 +10555,6 @@ If not already installed, use "install" \end_layout \begin_layout Code - # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11127,7 +10565,6 @@ ts don't fit. \end_layout \begin_layout Code - # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11137,7 +10574,6 @@ Perhaps it's necessary to create a softlink for iptables libraries where \end_layout \begin_layout Code - # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -11154,7 +10590,6 @@ Load module, if so compiled \end_layout \begin_layout Code - # modprobe ip6_tables \end_layout @@ -11163,12 +10598,10 @@ Check for capability \end_layout \begin_layout Code - # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code - ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -11185,7 +10618,6 @@ Short \end_layout \begin_layout Code - # ip6tables -L \end_layout @@ -11194,7 +10626,6 @@ Extended \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L \end_layout @@ -11203,7 +10634,6 @@ List specified filter \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -11212,12 +10642,10 @@ Insert a log rule at the input filter with options \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code - ¬ --log-level 7 \end_layout @@ -11226,7 +10654,6 @@ Insert a drop rule at the input filter \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -11235,7 +10662,6 @@ Delete a rule by number \end_layout \begin_layout Code - # ip6tables --table filter --delete INPUT 1 \end_layout @@ -11249,7 +10675,6 @@ Since kernel version 2.6.20 IPv6 connection tracking is well supported and \end_layout \begin_layout Code - # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -11267,7 +10692,6 @@ Accept incoming ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11276,7 +10700,6 @@ Allow outgoing ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11285,7 +10708,6 @@ Newer kernels allow specifying of ICMPv6 types: \end_layout \begin_layout Code - # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -11303,12 +10725,10 @@ Because it can happen (author already saw it to times) that an ICMPv6 storm \end_layout \begin_layout Code - # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code - ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -11326,12 +10746,10 @@ Allow incoming SSH from 2001:0db8:100::1/128 \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code - ¬ --dport 22 -j ACCEPT \end_layout @@ -11344,12 +10762,10 @@ no longer needed if connection tracking is used! \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code - ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -11371,7 +10787,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11380,7 +10795,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11394,7 +10808,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 from tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -11403,7 +10816,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 to tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -11426,7 +10838,6 @@ Block incoming TCP connection requests to this host \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -11435,7 +10846,6 @@ Block incoming TCP connection requests to hosts behind this router \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -11468,7 +10878,6 @@ Block incoming UDP packets which cannot be responses of outgoing requests \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11478,7 +10887,6 @@ Block incoming UDP packets which cannot be responses of forwarded requests \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11506,7 +10914,6 @@ tracking \end_layout \begin_layout Code - File: /etc/sysconfig/ip6tables \end_layout @@ -11515,87 +10922,70 @@ File: /etc/sysconfig/ip6tables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11604,7 +10994,6 @@ For completeness also the IPv4 configuration is shown here: \end_layout \begin_layout Code - File: /etc/sysconfig/iptables \end_layout @@ -11613,88 +11002,71 @@ File: /etc/sysconfig/iptables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11711,12 +11083,10 @@ Activate IPv4 & IPv6 firewalling \end_layout \begin_layout Code - # service iptables start \end_layout \begin_layout Code - # service ip6tables start \end_layout @@ -11725,12 +11095,10 @@ Enable automatic start after reboot \end_layout \begin_layout Code - # chkconfig iptables on \end_layout \begin_layout Code - # chkconfig ip6tables on \end_layout @@ -11749,578 +11117,472 @@ but still stateless filter \end_layout \begin_layout Code - # ip6tables -n -v -L \end_layout \begin_layout Code - Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain ext2int (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain int2ext (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -12350,7 +11612,6 @@ Like in IPv4 clients behind a router can be hided by using IPv6 masquerading \end_layout \begin_layout Code - # ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE \end_layout @@ -12364,7 +11625,6 @@ A dedicated public IPv6 address can be forwarded to an internal IPv6 address, \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout @@ -12378,7 +11638,6 @@ A dedicated specified port can be forwarded to an internal system, e.g. \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti nation [fec0::1234]:80 \end_layout @@ -12418,22 +11677,18 @@ Load kernel modules \end_layout \begin_layout Code - # modprobe nf_tables \end_layout \begin_layout Code - # modprobe nf_tables_ipv4 \end_layout \begin_layout Code - # modprobe nf_tables_ipv6 \end_layout \begin_layout Code - # modprobe nf_tables_inet \end_layout @@ -12442,17 +11697,14 @@ Create filter tables \end_layout \begin_layout Code - # nft add table ip filter \end_layout \begin_layout Code - # nft add table ip6 filter \end_layout \begin_layout Code - # nft add table inet filter \end_layout @@ -12461,21 +11713,18 @@ Create input chain in each filter table \end_layout \begin_layout Code - # nft add chain ip filter input { type filter hook input priority 1 \backslash ; } \end_layout \begin_layout Code - # nft add chain ip6 filter input { type filter hook input priority 1 \backslash ; } \end_layout \begin_layout Code - # nft add chain inet filter input { type filter hook input priority 0 \backslash ; } @@ -12494,7 +11743,6 @@ Allow packets which are related to existing connection tracking entries \end_layout \begin_layout Code - # nft add rule inet filter input ct state established,related counter accept \end_layout @@ -12504,13 +11752,11 @@ Allow IPv4 and IPv6 ICMP echo-request (aka ping) \end_layout \begin_layout Code - # nft add rule ip filter input icmp type { echo-request } counter accept \end_layout \begin_layout Code - # nft add rule ip6 filter input icmpv6 type echo-request counter accept \end_layout @@ -12521,32 +11767,26 @@ Allow some important IPv6 ICMP traffic, without counter, but checking hop-limit \end_layout \begin_layout Code - # nft add rule ip6 filter input icmpv6 type \end_layout \begin_layout Code - ¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } \end_layout \begin_layout Code - ¬ ip6 hoplimit 1 accept \end_layout \begin_layout Code - # nft add rule ip6 filter input icmpv6 type \end_layout \begin_layout Code - ¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } \end_layout \begin_layout Code - ¬ ip6 hoplimit 255 accept \end_layout @@ -12564,7 +11804,6 @@ inet \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -12585,37 +11824,30 @@ Table for IPv4 filter \end_layout \begin_layout Code - # nft list table ip filter \end_layout \begin_layout Code - table ip filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 1; \end_layout \begin_layout Code - icmp type { echo-request} counter packets 0 bytes 0 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -12624,57 +11856,46 @@ Table for IPv6 filter \end_layout \begin_layout Code - # nft list table ip6 filter \end_layout \begin_layout Code - table ip6 filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 1; \end_layout \begin_layout Code - icmpv6 type echo-request counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip6 hoplimit 1 icmpv6 type \end_layout \begin_layout Code - -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - ip6 hoplimit 255 icmpv6 type \end_layout \begin_layout Code - -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -12683,43 +11904,35 @@ Table for IP version aware filter \end_layout \begin_layout Code - # nft list table inet filter \end_layout \begin_layout Code - table inet filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 44 bytes 2288 accept \end_layout \begin_layout Code - tcp dport ssh ct state new tcp flags & (syn | ack) == syn counter packets 0 bytes 0 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -12827,12 +12040,10 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # nc6 ::1 daytime \end_layout \begin_layout Code - 13 JUL 2002 11:22:22 CEST \end_layout @@ -12854,53 +12065,43 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code - # nmap -6 -sT ::1 \end_layout \begin_layout Code - Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code - Interesting ports on localhost6 (::1): \end_layout \begin_layout Code - (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code - Port State Service \end_layout \begin_layout Code - 22/tcp open ssh \end_layout \begin_layout Code - 53/tcp open domain \end_layout \begin_layout Code - 515/tcp open printer \end_layout \begin_layout Code - 2401/tcp open cvspserver \end_layout \begin_layout Code - Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -12923,32 +12124,26 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code - ::1 2401 unassigned unknown \end_layout \begin_layout Code - ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code - ::1 515 printer spooler (lpd) \end_layout \begin_layout Code - ::1 6010 unassigned unknown \end_layout \begin_layout Code - ::1 53 domain Domain Name Server \end_layout @@ -13243,27 +12438,22 @@ Example for an end-to-end encrypted connection in transport mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -13276,37 +12466,30 @@ Example for a end-to-end encrypted connection in tunnel mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -13368,22 +12551,18 @@ File: /etc/racoon/racoon.conf \end_layout \begin_layout Code - # Racoon IKE daemon configuration file. \end_layout \begin_layout Code - # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code - path include "/etc/racoon"; \end_layout \begin_layout Code - path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -13392,22 +12571,18 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code - listen \end_layout \begin_layout Code - { \end_layout \begin_layout Code - isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code - } \end_layout @@ -13416,62 +12591,50 @@ listen \end_layout \begin_layout Code - remote 2001:db8:2:2::2 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exchange_mode main; \end_layout \begin_layout Code - lifetime time 24 hour; \end_layout \begin_layout Code - proposal \end_layout \begin_layout Code - { \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - hash_algorithm md5; \end_layout \begin_layout Code - authentication_method pre_shared_key; \end_layout \begin_layout Code - dh_group 2; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13480,42 +12643,34 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code - # gateway-to-gateway \end_layout \begin_layout Code - sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -13524,37 +12679,30 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -13567,12 +12715,10 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code - # format is: 'identifier' 'key' \end_layout @@ -13581,7 +12727,6 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - 2001:db8:2:2::2 verysecret \end_layout @@ -13605,104 +12750,84 @@ At least the daemon needs to be started. \end_layout \begin_layout Code - # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code - Foreground mode. \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 \end_layout \begin_layout Code - ¬ (http://ipsec-tools.sourceforge.net) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code - ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code - ¬ queued due to no phase1 found. \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code - ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -13720,12 +12845,10 @@ tcpdump \end_layout \begin_layout Code - 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code - 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -13746,117 +12869,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code - A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code - A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -13949,22 +13049,18 @@ File: /etc/ipsec.conf \end_layout \begin_layout Code - # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code - # \end_layout \begin_layout Code - # Manual: ipsec.conf.5 \end_layout \begin_layout Code - version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -13973,27 +13069,22 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code - # basic configuration \end_layout \begin_layout Code - config setup \end_layout \begin_layout Code - # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code - # klipsdebug=none \end_layout \begin_layout Code - # plutodebug="control parsing" \end_layout @@ -14002,12 +13093,10 @@ config setup \end_layout \begin_layout Code - #Disable Opportunistic Encryption \end_layout \begin_layout Code - include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -14016,68 +13105,55 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code - conn ipv6-p1-p2 \end_layout \begin_layout Code - connaddrfamily=ipv6 # Important for IPv6, but no longer needed since StrongSwan 4 \end_layout \begin_layout Code - left=2001:db8:1:1::1 \end_layout \begin_layout Code - right=2001:db8:2:2::2 \end_layout \begin_layout Code - authby=secret \end_layout \begin_layout Code - esp=aes128-sha1 \end_layout \begin_layout Code - ike=aes128-sha-modp1024 \end_layout \begin_layout Code - type=transport \end_layout \begin_layout Code - #type=tunnel \end_layout \begin_layout Code - compress=no \end_layout \begin_layout Code - #compress=yes \end_layout \begin_layout Code - auto=add \end_layout \begin_layout Code - #auto=up \end_layout @@ -14094,7 +13170,6 @@ File: /etc/ipsec.secrets \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -14116,7 +13191,6 @@ If installation of Openswan was successfully, an initscript should exist \end_layout \begin_layout Code - # /etc/rc.d/init.d/ipsec start \end_layout @@ -14134,42 +13208,34 @@ IPsec SA established \end_layout \begin_layout Code - # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code - 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code - 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code - 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code - 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code - ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -14187,117 +13253,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code - A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code - A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -14319,12 +13362,10 @@ ip \end_layout \begin_layout Code - # ip xfrm policy \end_layout \begin_layout Code - ... \end_layout @@ -14333,12 +13374,10 @@ ip \end_layout \begin_layout Code - # ip xfrm state \end_layout \begin_layout Code - ... \end_layout @@ -14385,39 +13424,32 @@ Proper working QoS is only possible on the outgoing interface of a router \end_layout \begin_layout Code - -------------->------- \end_layout \begin_layout Code - Queue 1 \backslash \end_layout \begin_layout Code - --->--- ---->--------->--------->--------------- \end_layout \begin_layout Code - Big pipe Queue 2 Queue 1 / Queue 2 / Queue 3 Thin Pipe \end_layout \begin_layout Code - --->---- ---->--------->--------->--------------- \end_layout \begin_layout Code - Queue 3 / \end_layout \begin_layout Code - -------------->------- \end_layout @@ -14486,7 +13518,6 @@ Define root qdisc with a bandwidth of 1000 MBit/s on eth1 \end_layout \begin_layout Code - # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -14499,7 +13530,6 @@ Define a class 1:1 with 1 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -14509,7 +13539,6 @@ Define a class 1:2 with 50 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -14519,7 +13548,6 @@ Define a class 1:3 with 10 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -14529,7 +13557,6 @@ Define a class 1:4 with 200 kBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -14555,7 +13582,6 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -14573,7 +13599,6 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -14587,7 +13612,6 @@ match ip6 flowlabel 12345 0x3ffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -14601,7 +13625,6 @@ handle 32 fw \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -14611,7 +13634,6 @@ The last filter definition requires an entry in the ip6tables to mark a \end_layout \begin_layout Code - # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -14625,17 +13647,14 @@ Start on server side each one one separate console: \end_layout \begin_layout Code - # iperf -V -s -p 5001 \end_layout \begin_layout Code - # iperf -V -s -p 5002 \end_layout \begin_layout Code - # iperf -V -s -p 5003 \end_layout @@ -14644,35 +13663,29 @@ Start on client side and compare results: \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5001 (expected: 1 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5001 (expected: 50 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5003 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5003 (expected: 200 kBit/s) \end_layout @@ -14748,22 +13761,18 @@ To enable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { any; }; \end_layout \begin_layout Code - }; \end_layout @@ -14772,59 +13781,48 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code - ¬ # incoming TCP requests \end_layout \begin_layout Code - udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code - udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP request to any IPv6 \end_layout @@ -14833,7 +13831,6 @@ And a simple test looks like \end_layout \begin_layout Code - # dig localhost @::1 \end_layout @@ -14850,22 +13847,18 @@ To disable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - }; \end_layout @@ -14879,67 +13872,54 @@ IPv6 enabled ACLs are possible and should be used whenever it's possible. \end_layout \begin_layout Code - acl internal-net { \end_layout \begin_layout Code - 127.0.0.1; \end_layout \begin_layout Code - 1.2.3.0/24; \end_layout \begin_layout Code - 2001:0db8:100::/56; \end_layout \begin_layout Code - ::1/128; \end_layout \begin_layout Code - ::ffff:1.2.3.4/128; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - acl ns-internal-net { \end_layout \begin_layout Code - 1.2.3.4; \end_layout \begin_layout Code - 1.2.3.5; \end_layout \begin_layout Code - 2001:0db8:100::4/128; \end_layout \begin_layout Code - 2001:0db8:100::5/128; \end_layout \begin_layout Code - }; \end_layout @@ -14951,32 +13931,26 @@ This ACLs can be used e.g. \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - allow-query { internal-net; }; \end_layout \begin_layout Code - allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code - }; \end_layout @@ -15001,7 +13975,6 @@ This option is not required, but perhaps needed: \end_layout \begin_layout Code - query-source-v6 address port ; \end_layout @@ -15022,7 +13995,6 @@ Transfer source address is used for outgoing zone transfers: \end_layout \begin_layout Code - transfer-source-v6 [port port]; \end_layout @@ -15035,7 +14007,6 @@ Notify source address is used for outgoing notify messages: \end_layout \begin_layout Code - notify-source-v6 [port port]; \end_layout @@ -15188,27 +14159,22 @@ Specifying a dedicated server for the query, an IPv6 connect can be forced: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -15217,7 +14183,6 @@ Aliases: \end_layout \begin_layout Code - Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -15227,17 +14192,14 @@ Related log entry looks like following: \end_layout \begin_layout Code - Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code - ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code - query denied \end_layout @@ -15255,27 +14217,22 @@ A successful IPv6 connect looks like following: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -15284,14 +14241,12 @@ Aliases: \end_layout \begin_layout Code - www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code - 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -15335,52 +14290,42 @@ If you enable a built-in service like e.g. \end_layout \begin_layout Code - # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code - --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code - +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code - @@ -10,5 +10,5 @@ \end_layout \begin_layout Code - protocol = tcp \end_layout \begin_layout Code - user = root \end_layout \begin_layout Code - wait = no \end_layout \begin_layout Code - - disable = yes \end_layout \begin_layout Code - + disable = no \end_layout \begin_layout Code - } \end_layout @@ -15389,27 +14334,22 @@ After restarting the xinetd you should get a positive result like: \end_layout \begin_layout Code - # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code - ¬ daytime/tcp \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -15464,27 +14404,22 @@ Virtual host listen on an IPv6 address only \end_layout \begin_layout Code - Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -15493,32 +14428,26 @@ Virtual host listen on an IPv6 and on an IPv4 address \end_layout \begin_layout Code - Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code - Listen 1.2.3.4:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -15527,24 +14456,20 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -15644,52 +14569,42 @@ Radvd's config file is normally /etc/radvd.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code - AdvOnLink on; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -15698,28 +14613,23 @@ This results on client side in \end_layout \begin_layout Code - # ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -15742,67 +14652,54 @@ Version since 0.6.2pl3 support the automatic (re)-generation of the prefix \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code - AdvOnLink off; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - Base6to4Interface ppp0; \end_layout \begin_layout Code - AdvPreferredLifetime 20; \end_layout \begin_layout Code - AdvValidLifetime 30; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -15812,28 +14709,23 @@ This results on client side in (assuming, ppp0 has currently 1.2.3.4 as local \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -15850,7 +14742,6 @@ Additional note: if you do not used special 6to4 support in initscripts, \end_layout \begin_layout Code - # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -15877,107 +14768,86 @@ radvdump \end_layout \begin_layout Code - # radvdump \end_layout \begin_layout Code - Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code - AdvCurHopLimit: 64 \end_layout \begin_layout Code - AdvManagedFlag: off \end_layout \begin_layout Code - AdvOtherConfigFlag: off \end_layout \begin_layout Code - AdvHomeAgentFlag: off \end_layout \begin_layout Code - AdvReachableTime: 0 \end_layout \begin_layout Code - AdvRetransTimer: 0 \end_layout \begin_layout Code - Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 30 \end_layout \begin_layout Code - AdvPreferredLifetime: 20 \end_layout \begin_layout Code - AdvOnLink: off \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 2592000 \end_layout \begin_layout Code - AdvPreferredLifetime: 604800 \end_layout \begin_layout Code - AdvOnLink: on \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -16029,67 +14899,54 @@ dhcp6s's config file is normally /etc/dhcp6s.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - server-preference 255; \end_layout \begin_layout Code - renew-time 60; \end_layout \begin_layout Code - rebind-time 90; \end_layout \begin_layout Code - prefer-life-time 130; \end_layout \begin_layout Code - valid-life-time 200; \end_layout \begin_layout Code - allow rapid-commit; \end_layout \begin_layout Code - option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code - link AAA { \end_layout \begin_layout Code - range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code - prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16107,22 +14964,18 @@ dhcp6c's config file is normally /etc/dhcp6c.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - send rapid-commit; \end_layout \begin_layout Code - request domain-name-servers; \end_layout \begin_layout Code - }; \end_layout @@ -16139,7 +14992,6 @@ Start server, e.g. \end_layout \begin_layout Code - # service dhcp6s start \end_layout @@ -16152,7 +15004,6 @@ Start client in foreground, e.g. \end_layout \begin_layout Code - # dhcp6c -f eth0 \end_layout @@ -16170,7 +15021,6 @@ The server has one foreground and two debug toggles (both should be used \end_layout \begin_layout Code - # dhcp6s -d -D -f eth0 \end_layout @@ -16184,7 +15034,6 @@ As general debugging for test whether the IPv6 DHCP server is reable on \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1:2 \end_layout @@ -16193,63 +15042,51 @@ The client has one foreground and two debug toggles, here is an example: \end_layout \begin_layout Code - # dhcp6c -d -f eth0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not \end_layout \begin_layout Code - ¬ in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code - Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -16300,32 +15137,26 @@ Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 \end_layout \begin_layout Code - default-lease-time 600; \end_layout \begin_layout Code - max-lease-time 7200; \end_layout \begin_layout Code - log-facility local7; \end_layout \begin_layout Code - subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients \end_layout \begin_layout Code - range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout @@ -16334,12 +15165,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients requesting a temporary address \end_layout \begin_layout Code - range6 2001:db8:0:1::/64 temporary; \end_layout @@ -16348,17 +15177,14 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Additional options \end_layout \begin_layout Code - option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code - option dhcp6.domain-search "domain.example"; \end_layout @@ -16367,12 +15193,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Prefix range for delegation to sub-routers \end_layout \begin_layout Code - prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout @@ -16381,33 +15205,27 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Example for a fixed host address \end_layout \begin_layout Code - host specialclient { \end_layout \begin_layout Code - host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code - fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -16443,7 +15261,6 @@ dhcp6c \end_layout \begin_layout Code - # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -16463,56 +15280,46 @@ Start server in foreground: \end_layout \begin_layout Code - # /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth1 \end_layout \begin_layout Code - Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code - Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code - All rights reserved. \end_layout \begin_layout Code - For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code - Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code - Wrote 0 leases to leases file. \end_layout \begin_layout Code - Bound to *:547 \end_layout \begin_layout Code - Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code - Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -16545,68 +15352,55 @@ Create a dedicated configuration file /etc/dibbler/server.conf . \end_layout \begin_layout Code - log-level 8 \end_layout \begin_layout Code - log-mode short \end_layout \begin_layout Code - preference 0 \end_layout \begin_layout Code - iface "eth1" { \end_layout \begin_layout Code - // also ranges can be defines, instead of exact values t1 1800-2000 t2 2700-3000 \end_layout \begin_layout Code - prefered-lifetime 3600 \end_layout \begin_layout Code - valid-lifetime 7200 \end_layout \begin_layout Code - class { \end_layout \begin_layout Code - pool 2001:6f8:12d8:1::/64 \end_layout \begin_layout Code - } \end_layout \begin_layout Code - option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code - option domain domain.example \end_layout \begin_layout Code - } \end_layout @@ -16623,148 +15417,124 @@ Start server in foreground: \end_layout \begin_layout Code - # dibbler-server run \end_layout \begin_layout Code - | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code - | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code - | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code - | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code - 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code - 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code - 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code - 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code - 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code - 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code - 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code - 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code - 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code - 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code - 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code - 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -16826,7 +15596,6 @@ tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny \end_layout \begin_layout Code - $ man hosts.allow \end_layout @@ -16840,13 +15609,11 @@ In this file, each service which should be positive filtered (means connects \end_layout \begin_layout Code - sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code - daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -16867,7 +15634,6 @@ This file contains all negative filter entries and should normally deny \end_layout \begin_layout Code - ALL: ALL \end_layout @@ -16879,12 +15645,10 @@ If this node is a more sensible one you can replace the standard line above \end_layout \begin_layout Code - ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code - | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -16907,22 +15671,18 @@ A refused connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -16932,27 +15692,22 @@ A refused connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code - Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code - ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -16966,22 +15721,18 @@ A permitted connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -16991,22 +15742,18 @@ A permitted connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ port 33381 ssh2 \end_layout \begin_layout Code - Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -17030,7 +15777,6 @@ Edit the configuration file, ususally /etc/vsftpd/vsftpd.conf, and adjust \end_layout \begin_layout Code - listen_ipv6=yes \end_layout @@ -17058,27 +15804,22 @@ Edit the configuration file, ususally /etc/proftpd.conf, but take care, not \end_layout \begin_layout Code - \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Bind 2001:0DB8::1 \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - \end_layout @@ -17278,37 +16019,30 @@ struct sockaddr_in \end_layout \begin_layout Code - struct sockaddr_in \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin_family; \end_layout \begin_layout Code - in_port_t sin_port; \end_layout \begin_layout Code - struct in_addr sin_addr; \end_layout \begin_layout Code - /* Plus some padding for alignment */ \end_layout \begin_layout Code - }; \end_layout @@ -17360,42 +16094,34 @@ struct sockaddr_in6 \end_layout \begin_layout Code - struct sockaddr_in6 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin6_family; \end_layout \begin_layout Code - in_port_t sin6_port; \end_layout \begin_layout Code - uint32_t sin6_flowinfo; \end_layout \begin_layout Code - struct in6_addr sin6_addr; \end_layout \begin_layout Code - uint32_t sin6_scope_id; \end_layout \begin_layout Code - }; \end_layout @@ -17509,7 +16235,6 @@ fe80::1%eth1 \end_layout \begin_layout Code - Host A (fe80::1) ---- eth0 ---- Host B ---- eth1 ---- Host C (fe80::1) \end_layout @@ -17618,32 +16343,26 @@ recvfrom(2) \end_layout \begin_layout Code - ssize_t recvfrom( int s, \end_layout \begin_layout Code - void *buf, \end_layout \begin_layout Code - size_t len, \end_layout \begin_layout Code - int flags, \end_layout \begin_layout Code - struct sockaddr *from, \end_layout \begin_layout Code - socklen_t *fromlen ); \end_layout @@ -17669,104 +16388,84 @@ struct sockaddr_storage \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read a message from a remote peer, and return a buffer pointer to \end_layout \begin_layout Code - ** the caller. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** 's' is the file descriptor for the socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char *rcvMsg( int s ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - static char bfr[ 1025 ]; /* Where the msg is stored. */ \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct sockaddr_storage ss; /* Where the peer adr goes. */ \end_layout \begin_layout Code - socklen_t sslen; \end_layout \begin_layout Code - sslen = sizeof( ss ); \end_layout \begin_layout Code - count = recvfrom( s, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ) - 1, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - (struct sockaddr*) &ss, \end_layout \begin_layout Code - &sslen ); \end_layout \begin_layout Code - bfr[ count ] = ' \backslash 0'; /* Null-terminates the message. @@ -17774,12 +16473,10 @@ char *rcvMsg( int s ) \end_layout \begin_layout Code - return bfr; \end_layout \begin_layout Code - } /* End rcvMsg() */ \end_layout @@ -17846,22 +16543,18 @@ getaddrinfo(3) \end_layout \begin_layout Code - int getaddrinfo( const char *node, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - const struct addrinfo *hints, \end_layout \begin_layout Code - struct addrinfo **res ); \end_layout @@ -17920,57 +16613,46 @@ struct addrinfo \end_layout \begin_layout Code - struct addrinfo \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int ai_flags; \end_layout \begin_layout Code - int ai_family; \end_layout \begin_layout Code - int ai_socktype; \end_layout \begin_layout Code - int ai_protocol; \end_layout \begin_layout Code - socklen_t ai_addrlen; \end_layout \begin_layout Code - struct sockaddr *ai_addr; \end_layout \begin_layout Code - char *ai_canonname; \end_layout \begin_layout Code - struct addrinfo *ai_next; \end_layout \begin_layout Code - }; \end_layout @@ -18379,37 +17061,30 @@ struct sockaddr \end_layout \begin_layout Code - int getnameinfo( const struct sockaddr *sa, \end_layout \begin_layout Code - socklen_t salen, \end_layout \begin_layout Code - char *host, \end_layout \begin_layout Code - size_t hostlen, \end_layout \begin_layout Code - char *serv, \end_layout \begin_layout Code - size_t servlen, \end_layout \begin_layout Code - int flags ); \end_layout @@ -18508,7 +17183,6 @@ For security reasons that this author won't pretend to understand, "IPv4 \end_layout \begin_layout Code - ::ffff:192.0.2.1 \end_layout @@ -18579,22 +17253,18 @@ It is possible to assign a hostname to an IPv6 network address in \end_layout \begin_layout Code - ::1 localhost \end_layout \begin_layout Code - 127.0.0.1 localhost \end_layout \begin_layout Code - fe80::2c0:8cff:fe01:2345 pt141 \end_layout \begin_layout Code - 192.0.2.1 pt141 \end_layout @@ -18699,7 +17369,6 @@ The server code is found in file tod6d.c (time-of-day IPv6 daemon). \end_layout \begin_layout Code - tod6d [-v] [service] \end_layout @@ -18726,314 +17395,257 @@ The server handles both TCP and UDP requests on the network. \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6d.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' server. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer, \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration & error codes. */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) et al. */ \end_layout \begin_layout Code - #include /* sockaddr_in & sockaddr_in6 definition. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation & memory functions. */ \end_layout \begin_layout Code - #include /* poll(2) and related definitions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), bind(2), etc). */ \end_layout \begin_layout Code - #include /* time(2) & ctime(3). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file descriptor. */ \end_layout \begin_layout Code - #define MAXCONNQLEN 3 /* Max nbr of connection requests to queue. */ \end_layout \begin_layout Code - #define MAXTCPSCKTS 2 /* One TCP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define MAXUDPSCKTS 2 /* One UDP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define VALIDOPTS "v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Simple boolean type definition. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ); \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static char hostBfr[ NI_MAXHOST ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name w/o dir prefix. */ \end_layout \begin_layout Code - static char servBfr[ NI_MAXSERV ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode indication. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro for command syntax violations. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "Usage: %s [-v] [service] \backslash n", @@ -19042,44 +17654,37 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash \end_layout \begin_layout Code - exit( 127 ); \backslash \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Macro to terminate the program if a system call error occurs. The system \end_layout \begin_layout Code - ** call must be one of the usual type that returns -1 on error. This macro is \end_layout \begin_layout Code - ** a modified version of a macro authored by Dr. V. Vinge, SDSU Dept. @@ -19087,66 +17692,56 @@ n", \end_layout \begin_layout Code - ** Computer Science (retired)... best professor I ever had. I hear he writes \end_layout \begin_layout Code - ** great science fiction in addition to robust code, too. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define CHK(expr) \backslash \end_layout \begin_layout Code - do \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - if ( (expr) == -1 ) \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "%s (line %d): System call ERROR - %s. \backslash n", @@ -19155,35 +17750,30 @@ n", \end_layout \begin_layout Code - pgmName, \backslash \end_layout \begin_layout Code - __LINE__, \backslash \end_layout \begin_layout Code - strerror( errno ) ); \backslash \end_layout \begin_layout Code - exit( 1 ); \backslash \end_layout \begin_layout Code - } /* End IF system call failed. */ \backslash @@ -19191,436 +17781,352 @@ n", \end_layout \begin_layout Code - } while ( false ) \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Set up a time-of-day server and handle network requests. This server \end_layout \begin_layout Code - * handles both TCP and UDP requests. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc and argv parameters to a main() function. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This is a daemon program and never returns. However, in the degenerate \end_layout \begin_layout Code - * case where no sockets are created, the function returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - int tSckt[ MAXTCPSCKTS ]; /* Array of TCP socket descriptors. */ \end_layout \begin_layout Code - size_t tScktSize = MAXTCPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - int uSckt[ MAXUDPSCKTS ]; /* Array of UDP socket descriptors. */ \end_layout \begin_layout Code - size_t uScktSize = MAXUDPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName + 1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) >= 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line arguments. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: break; \end_layout \begin_layout Code - case 1: service = argv[ optind ]; break; \end_layout \begin_layout Code - default: USAGE; \end_layout \begin_layout Code - } /* End SWITCH on number of command line arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open both a TCP and UDP socket, for both IPv4 & IPv6, on which to receive \end_layout \begin_layout Code - ** service requests. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( openSckt( service, "tcp", tSckt, &tScktSize ) < 0 ) || \end_layout \begin_layout Code - ( openSckt( service, "udp", uSckt, &uScktSize ) < 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Run the time-of-day server. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( tScktSize > 0 ) || ( uScktSize > 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - tod( tSckt, /* tod() never returns. */ \end_layout \begin_layout Code - tScktSize, \end_layout \begin_layout Code - uSckt, \end_layout \begin_layout Code - uScktSize ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Since tod() never returns, execution only gets here if no sockets were \end_layout \begin_layout Code - ** created. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: No sockets opened... terminating. \backslash @@ -19628,354 +18134,286 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Open passive (server) sockets for the indicated inet service & protocol. \end_layout \begin_layout Code - * Notice in the last sentence that "sockets" is plural. During the interim \end_layout \begin_layout Code - * transition period while everyone is switching over to IPv6, the server \end_layout \begin_layout Code - * application has to open two sockets on which to listen for connections... \end_layout \begin_layout Code - * one for IPv4 traffic and one for IPv6 traffic. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * service - Pointer to a character string representing the well-known port \end_layout \begin_layout Code - * on which to listen (can be a service name or a decimal number). \end_layout \begin_layout Code - * protocol - Pointer to a character string representing the transport layer \end_layout \begin_layout Code - * protocol (only "tcp" or "udp" are valid). \end_layout \begin_layout Code - * desc - Pointer to an array into which the socket descriptors are \end_layout \begin_layout Code - * placed when opened. \end_layout \begin_layout Code - * descSize - This is a value-result parameter. On input, it contains the \end_layout \begin_layout Code - * max number of descriptors that can be put into 'desc' (i.e. the \end_layout \begin_layout Code - * number of elements in the array). Upon return, it will contain \end_layout \begin_layout Code - * the number of descriptors actually opened. Any unused slots in \end_layout \begin_layout Code - * 'desc' are set to INVALID_DESC. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * 0 on success, -1 on error. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints = { .ai_flags = AI_PASSIVE, /* Server mode. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - .ai_family = PF_UNSPEC }; /* IPv4 or IPv6. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - size_t maxDescs = *descSize; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize output parameters. When the loop completes, *descSize is 0. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( *descSize > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ --( *descSize ) ] = INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Check which protocol is selected (only TCP and UDP are valid). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( strcmp( protocol, "tcp" ) == 0 ) /* TCP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else if ( strcmp( protocol, "udp" ) == 0 ) /* UDP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else /* Invalid protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown transport " \end_layout \begin_layout Code - "layer protocol \backslash "%s @@ -19986,235 +18424,191 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - protocol ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the service's well-known port number. Notice that NULL is being \end_layout \begin_layout Code - ** passed for the 'node' parameter, and that the AI_PASSIVE flag is set in \end_layout \begin_layout Code - ** 'hints'. Thus, the program is requesting passive address information. \end_layout \begin_layout Code - ** The network address is initialized to :: (all zeros) for IPv6 records, or \end_layout \begin_layout Code - ** 0.0.0.0 for IPv4 records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( NULL, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** For each of the address records returned, attempt to set up a passive \end_layout \begin_layout Code - ** socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead; \end_layout \begin_layout Code - ( ai != NULL ) && ( *descSize < maxDescs ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the current address info. Start with the protocol- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Setting up a passive socket based on the " \end_layout \begin_layout Code - "following address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -20222,7 +18616,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -20230,629 +18623,512 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Now display the protocol-specific formatted socket address. Note \end_layout \begin_layout Code - ** that the program is requesting that getnameinfo(3) convert the \end_layout \begin_layout Code - ** host & service into numeric strings. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket using the info in the addrinfo structure. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( desc[ *descSize ] = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Here is the code that prevents "IPv4 mapped addresses", as discussed \end_layout \begin_layout Code - ** in Section 22.1.3.1. If an IPv6 socket was just created, then set the \end_layout \begin_layout Code - ** IPV6_V6ONLY socket option. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - #if defined( IPV6_V6ONLY ) \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Disable IPv4 mapped addresses. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - int v6Only = 1; \end_layout \begin_layout Code - CHK( setsockopt( desc[ *descSize ], \end_layout \begin_layout Code - IPPROTO_IPV6, \end_layout \begin_layout Code - IPV6_V6ONLY, \end_layout \begin_layout Code - &v6Only, \end_layout \begin_layout Code - sizeof( v6Only ) ) ); \end_layout \begin_layout Code - #else \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPV6_V6ONLY is not defined, so the socket option can't be set and \end_layout \begin_layout Code - ** thus IPv4 mapped addresses can't be disabled. Print a warning \end_layout \begin_layout Code - ** message and close the socket. Design note: If the \end_layout \begin_layout Code - ** #if...#else...#endif construct were removed, then this program \end_layout \begin_layout Code - ** would not compile (because IPV6_V6ONLY isn't defined). That's an \end_layout \begin_layout Code - ** acceptable approach; IPv4 mapped addresses are certainly disabled \end_layout \begin_layout Code - ** if the program can't build! However, since this program is also \end_layout \begin_layout Code - ** designed to work for IPv4 sockets as well as IPv6, I decided to \end_layout \begin_layout Code - ** allow the program to compile when IPV6_V6ONLY is not defined, and \end_layout \begin_layout Code - ** turn it into a run-time warning rather than a compile-time error. \end_layout \begin_layout Code - ** IPv4 mapped addresses are still disabled because _all_ IPv6 traffic \end_layout \begin_layout Code - ** is disabled (all IPv6 sockets are closed here), but at least this \end_layout \begin_layout Code - ** way the server can still service IPv4 network traffic. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Cannot set IPV6_V6ONLY socket " \end_layout \begin_layout Code - "option. Closing IPv6 %s socket. \backslash @@ -20860,690 +19136,556 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_protocol == IPPROTO_TCP ? "TCP" : "UDP" ); \end_layout \begin_layout Code - CHK( close( desc[ *descSize ] ) ); \end_layout \begin_layout Code - continue; /* Go to top of FOR loop w/o updating *descSize! */ \end_layout \begin_layout Code - #endif /* IPV6_V6ONLY */ \end_layout \begin_layout Code - } /* End IF this is an IPv6 socket. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Bind the socket. Again, the info from the addrinfo structure is used. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( bind( desc[ *descSize ], \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** If this is a TCP socket, put the socket into passive listening mode \end_layout \begin_layout Code - ** (listen is only valid on connection-oriented sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_socktype == SOCK_STREAM ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - CHK( listen( desc[ *descSize ], \end_layout \begin_layout Code - MAXCONNQLEN ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Socket set up okay. Bump index to next descriptor array element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - *descSize += 1; \end_layout \begin_layout Code - } /* End FOR each address info structure returned. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Dummy check for unused address records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose && ( ai != NULL ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Some address records were " \end_layout \begin_layout Code - "not processed due to insufficient array space. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__ ); \end_layout \begin_layout Code - } /* End IF verbose and some address records remain unprocessed. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Listen on a set of sockets and send the current time-of-day to any \end_layout \begin_layout Code - * clients. This function never returns. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * tSckt - Array of TCP socket descriptors on which to listen. \end_layout \begin_layout Code - * tScktSize - Size of the tSckt array (nbr of elements). \end_layout \begin_layout Code - * uSckt - Array of UDP socket descriptors on which to listen. \end_layout \begin_layout Code - * uScktSize - Size of the uSckt array (nbr of elements). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ 256 ]; \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct pollfd *desc; \end_layout \begin_layout Code - size_t descSize = tScktSize + uScktSize; \end_layout \begin_layout Code - int idx; \end_layout \begin_layout Code - int newSckt; \end_layout \begin_layout Code - struct sockaddr *sadr; \end_layout \begin_layout Code - socklen_t sadrLen; \end_layout \begin_layout Code - struct sockaddr_storage sockStor; \end_layout \begin_layout Code - int status; \end_layout \begin_layout Code - size_t timeLen; \end_layout \begin_layout Code - char *timeStr; \end_layout \begin_layout Code - time_t timeVal; \end_layout \begin_layout Code - ssize_t wBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Allocate memory for the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - desc = malloc( descSize * sizeof( struct pollfd ) ); \end_layout \begin_layout Code - if ( desc == NULL ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - strerror( ENOMEM ) ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ idx ].fd = idx < tScktSize ? tSckt[ idx ] \end_layout \begin_layout Code - : uSckt[ idx - tScktSize ]; \end_layout \begin_layout Code - desc[ idx ].events = POLLIN; \end_layout \begin_layout Code - desc[ idx ].revents = 0; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Main time-of-day server loop. Handles both TCP & UDP requests. This is \end_layout \begin_layout Code - ** an interative server, and all requests are handled directly within the \end_layout \begin_layout Code - ** main loop. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( true ) /* Do forever. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Wait for activity on one of the sockets. The DO..WHILE construct is \end_layout \begin_layout Code - ** used to restart the system call in the event the process is \end_layout \begin_layout Code - ** interrupted by a signal. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - status = poll( desc, \end_layout \begin_layout Code - descSize, \end_layout \begin_layout Code - -1 /* Wait indefinitely for input. */ ); \end_layout \begin_layout Code - } while ( ( status < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( status ); /* Check for a bona fide system call error. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the current time. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - timeVal = time( NULL ); \end_layout \begin_layout Code - timeStr = ctime( &timeVal ); \end_layout \begin_layout Code - timeLen = strlen( timeStr ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Indicate that there is new network activity. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char *s = malloc( timeLen+1 ); \end_layout \begin_layout Code - strcpy( s, timeStr ); \end_layout \begin_layout Code - s[ timeLen-1 ] = ' \backslash 0'; /* Overwrite ' @@ -21553,913 +19695,743 @@ n' in date string. \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: New network activity on %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - s ); \end_layout \begin_layout Code - free( s ); \end_layout \begin_layout Code - } /* End IF verbose. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process sockets with input available. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( desc[ idx ].revents ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: /* No activity on this socket; try the next. */ \end_layout \begin_layout Code - continue; \end_layout \begin_layout Code - case POLLIN: /* Network activity. Go process it. */ \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - default: /* Invalid poll events. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Invalid poll event (0x%02X). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - desc[ idx ].revents ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on returned poll events. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine if this is a TCP request or UDP request. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( idx < tScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** TCP connection requested. Accept it. Notice the use of \end_layout \begin_layout Code - ** the sockaddr_storage data type. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( newSckt = accept( desc[ idx ].fd, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - CHK( shutdown( newSckt, /* Server never recv's anything. */ \end_layout \begin_layout Code - SHUT_RD ) ); \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Begin with \end_layout \begin_layout Code - ** the address-independent fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Sockaddr info for new TCP client: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Notice that we're switching on an address family now, not a \end_layout \begin_layout Code - ** protocol family. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the TOD to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = write( newSckt, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes ); \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - CHK( close( newSckt ) ); \end_layout \begin_layout Code - } /* End IF this was a TCP connection request. */ \end_layout \begin_layout Code - else \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This is a UDP socket, and a datagram is available. The funny \end_layout \begin_layout Code - ** thing about UDP requests is that this server doesn't require any \end_layout \begin_layout Code - ** client input; but it can't send the TOD unless it knows a client \end_layout \begin_layout Code - ** wants the data, and the only way that can occur with UDP is if \end_layout \begin_layout Code - ** the server receives a datagram from the client. Thus, the \end_layout \begin_layout Code - ** server must receive _something_, but the content of the datagram \end_layout \begin_layout Code - ** is irrelevant. Read in the datagram. Again note the use of \end_layout \begin_layout Code - ** sockaddr_storage to receive the address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( count = recvfrom( desc[ idx ].fd, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ), \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display whatever was received on stdout. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - ssize_t rBytes = count; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: UDP datagram received (%d bytes). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - count ); \end_layout \begin_layout Code - while ( count > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fputc( bfr[ rBytes - count-- ], \end_layout \begin_layout Code - stdout ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - if ( bfr[ rBytes-1 ] != ' \backslash n' ) \end_layout \begin_layout Code - fputc( ' \backslash n', stdout ); /* Newline also flushes stdout. @@ -22467,493 +20439,403 @@ n', stdout ); /* Newline also flushes stdout. \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Address- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Remote client's sockaddr info: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 address. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 address. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the time-of-day to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = sendto( desc[ idx ].fd, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, /* Address & address length */ \end_layout \begin_layout Code - sadrLen ); /* received in recvfrom(). */ \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - } /* End ELSE a UDP datagram is available. */ \end_layout \begin_layout Code - desc[ idx ].revents = 0; /* Clear the returned poll events. */ \end_layout \begin_layout Code - } /* End FOR each socket descriptor. */ \end_layout \begin_layout Code - } /* End WHILE forever. */ \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -22968,7 +20850,6 @@ The TCP client code is found in file tod6tc.c (time-of-day IPv6 TCP client). \end_layout \begin_layout Code - tod6tc [-v] [-s scope_id] [host [service]] \end_layout @@ -23009,265 +20890,216 @@ The TCP client source code contained in tod6tc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6tc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' TCP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -23275,7 +21107,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -23283,7 +21114,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -23291,7 +21121,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -23300,7 +21129,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -23308,7 +21136,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -23316,24 +21143,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -23341,669 +21164,540 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connection could not be established. \backslash @@ -24011,646 +21705,524 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a TCP connection to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to set up the connection. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a connection could not be \end_layout \begin_layout Code - * established. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; /* Connection-oriented byte stream. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; /* TCP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -24658,7 +22230,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -24666,751 +22237,608 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Connect to the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** The client never sends anything, so shut down the write side of the \end_layout \begin_layout Code - ** connection. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "shutdown", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - shutdown( sckt, SHUT_WR ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -25418,23 +22846,19 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - } while ( inBytes > 0 ); \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -25451,7 +22875,6 @@ The UDP client code is found in file tod6uc.c (time-of-day IPv6 UDP client). \end_layout \begin_layout Code - tod6uc [-v] [-s scope_id] [host [service]] \end_layout @@ -25492,265 +22915,216 @@ The UDP client source code contained in tod6uc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6uc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' UDP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), recvfrom(2), sendto(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -25758,7 +23132,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -25766,7 +23139,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -25774,7 +23146,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -25783,7 +23154,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -25791,7 +23161,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -25799,24 +23168,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -25824,1316 +23189,1065 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connectionless socket could " \end_layout \begin_layout Code - "not be set up. \backslash n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a UDP socket to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to exchange datagrams. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a socket could not be initialized. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; /* Connectionless communication. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; /* UDP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -27141,7 +24255,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -27149,748 +24262,606 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the target destination for the remote host on this socket. That \end_layout \begin_layout Code - ** is, this socket only communicates with the specified host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send a datagram to the server to wake it up. The content isn't \end_layout \begin_layout Code - ** important, but something must be sent to let it know we want the TOD. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "write", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - write( sckt, "Are you there?", 14 ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -27898,18 +24869,15 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf index 3f61c903..062138e0 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml index 3548b37b..470c5350 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml @@ -2035,9 +2035,9 @@ table ip6 filter { type filter hook input priority 1; icmpv6 type echo-request counter packets 0 bytes 0 accept ip6 hoplimit 1 icmpv6 type -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept ip6 hoplimit 255 icmpv6 type -¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept +¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept } } ]]>Table for IP version aware filter