From 96d6e1b69bee30918ae4e89bec86b138e8b2cb14 Mon Sep 17 00:00:00 2001 From: pbldp <> Date: Sat, 10 May 2014 08:40:25 +0000 Subject: [PATCH] update last change date --- .../Peter-Bieringer/Linux+IPv6-HOWTO.de.html | 2 +- .../Peter-Bieringer/Linux+IPv6-HOWTO.de.lyx | 1270 +------ .../Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf | Bin 522747 -> 522734 bytes .../Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml | 2 +- .../Peter-Bieringer/Linux+IPv6-HOWTO.html | 2 +- .../Peter-Bieringer/Linux+IPv6-HOWTO.lyx | 3054 +---------------- .../Peter-Bieringer/Linux+IPv6-HOWTO.pdf | Bin 586774 -> 586777 bytes .../Peter-Bieringer/Linux+IPv6-HOWTO.sgml | 2 +- 8 files changed, 6 insertions(+), 4326 deletions(-) diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html index 7d44782c..1e1fe90e 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html @@ -62,7 +62,7 @@ ALIGN="LEFT" >Version 0.66wip.de.12014-05-022014-05-10Geändert durch: PB 0.66wip.de.1 2014-05-02 0.66wip.de.1 2014-05-10 PB \end_layout @@ -463,7 +463,6 @@ CVS-Information: \end_layout \begin_layout Code - CVS-ID: $Id$ \end_layout @@ -1260,7 +1259,6 @@ In allgemeinen Beispielen können Sie öfters lesen: \end_layout \begin_layout Code - \end_layout @@ -1272,7 +1270,6 @@ In Skripts oder an Ihrer Kommandozeile müssen Sie die < und > weglassen \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -1286,7 +1283,6 @@ Kommandos, die nicht als Root-Benutzer ausgeführt werden, beginnen mit $, \end_layout \begin_layout Code - $ whoami \end_layout @@ -1295,7 +1291,6 @@ Befehle, die mit Root-Rechten ausgeführt werden, beginnen mit #, z.B. \end_layout \begin_layout Code - # whoami \end_layout @@ -1485,72 +1480,58 @@ Der erste IPv6 Netzwerk Code wurde dem Linux Kernel 2.1.8 im November 1996 \end_layout \begin_layout Code - diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code - ¬ linux/include/linux/in6.h \end_layout \begin_layout Code - --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code - +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code - @@ -0,0 +1,99 @@ \end_layout \begin_layout Code - +/* \end_layout \begin_layout Code - + * Types and definitions for AF_INET6 \end_layout \begin_layout Code - + * Linux INET6 implementation \end_layout \begin_layout Code - + * + * Authors: \end_layout \begin_layout Code - + * Pedro Roque <******> \end_layout \begin_layout Code - + * \end_layout \begin_layout Code - + * Source: \end_layout \begin_layout Code - + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code - + * \end_layout @@ -1672,7 +1653,6 @@ Wie gesagt, IPv6 Adressen sind 128 bit lang. \end_layout \begin_layout Code - 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1696,7 +1676,6 @@ nibble \end_layout \begin_layout Code - 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1719,7 +1698,6 @@ e Werte) entfernt: \end_layout \begin_layout Code - 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1730,7 +1708,6 @@ Eine gültige Adresse (s.u. \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1741,12 +1718,10 @@ Der Vereinfachung halber können führende Nullen jedes 16 bit-Blocks weggelasse \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code - ¬ 2001:0db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1769,7 +1744,6 @@ Eine Sequenz von 16 bit-Blöcken, die nur Nullen enthaltet, kann durch ein \end_layout \begin_layout Code - 2001:0db8:100:f101:0:0:0:1 -> 2001:0db8:100:f101::1 \end_layout @@ -1779,7 +1753,6 @@ Die höchstmögliche Reduktion sieht man bei der IPv6 Localhost Adresse: \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1804,12 +1777,10 @@ h ein Aprilscherz. \end_layout \begin_layout Code - # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code - Itu&-ZQ82s>J%s99FJXT \end_layout @@ -2022,7 +1993,6 @@ Dies ist eine spezielle Adresse für das Loopback Interface, vergleichbar \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2032,7 +2002,6 @@ bzw. \end_layout \begin_layout Code - ::1 \end_layout @@ -2068,7 +2037,6 @@ any \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2077,7 +2045,6 @@ oder: \end_layout \begin_layout Code - :: \end_layout @@ -2123,7 +2090,6 @@ Diese Adressen sind mit einer speziellen Präfixlänge von 96 definiert (a.b.c.d \end_layout \begin_layout Code - 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2132,7 +2098,6 @@ oder in komprimiertem Format: \end_layout \begin_layout Code - ::ffff:a.b.c.d/96 \end_layout @@ -2143,7 +2108,6 @@ Die IPv4 Adresse 1.2.3.4. \end_layout \begin_layout Code - ::ffff:1.2.3.4 \end_layout @@ -2172,7 +2136,6 @@ reference "tunneling-6to4" \end_layout \begin_layout Code - 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2181,7 +2144,6 @@ oder in komprimierter Form: \end_layout \begin_layout Code - ::a.b.c.d/96 \end_layout @@ -2266,22 +2228,18 @@ x \end_layout \begin_layout Code - fe8x: <- zurzeit als einziger in Benutzung \end_layout \begin_layout Code - fe9x: \end_layout \begin_layout Code - feax: \end_layout \begin_layout Code - febx: \end_layout @@ -2321,22 +2279,18 @@ Die Adresse beginnt mit: \end_layout \begin_layout Code - fecx: <- meistens genutzt. \end_layout \begin_layout Code - fedx: \end_layout \begin_layout Code - feex: \end_layout \begin_layout Code - fefx: \end_layout @@ -2424,12 +2378,10 @@ Die Adresse beginnt mit: \end_layout \begin_layout Code - fcxx: \end_layout \begin_layout Code - fdxx: <- zurzeit als einziger in Benutzung \end_layout @@ -2457,7 +2409,6 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code - fd0f:8b72:ac90::/48 \end_layout @@ -2486,12 +2437,10 @@ Die Adresse beginnt mit (x sind hexadezimale Zeichen) \end_layout \begin_layout Code - 2xxx: \end_layout \begin_layout Code - 3xxx: \end_layout @@ -2523,7 +2472,6 @@ Diese globalen Adressen waren die Ersten definierten und auch benutzen Adressen. \end_layout \begin_layout Code - 3ffe: \end_layout @@ -2532,7 +2480,6 @@ Beispiel: \end_layout \begin_layout Code - 3ffe:ffff:100:f102::1 \end_layout @@ -2542,7 +2489,6 @@ Eine spezielle 6bone Test-Adresse, die niemals weltweit einmalig ist, beginnt \end_layout \begin_layout Code - 3ffe:ffff: \end_layout @@ -2601,7 +2547,6 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code - 2002: \end_layout @@ -2611,7 +2556,6 @@ z.B. \end_layout \begin_layout Code - 2002:c0a8:0101:5::1 \end_layout @@ -2620,12 +2564,10 @@ Ein kleines Shell-Kommando kann aus einer IPv4 eine 6to4 Adresse erstellen: \end_layout \begin_layout Code - ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code - ¬ | tr "." " "` $sla \end_layout @@ -2659,7 +2601,6 @@ Diese Adressen werden an Internet Service Provider (ISP) delegiert und beginnen \end_layout \begin_layout Code - 2001: \end_layout @@ -2702,12 +2643,10 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code - 3ffe:ffff::/32 \end_layout \begin_layout Code - 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2732,7 +2671,6 @@ Sie beginnen immer mit (xx ist hierbei der Wert der Reichweite) \end_layout \begin_layout Code - ffxy: \end_layout @@ -2828,7 +2766,6 @@ Ein Beispiel für diese Adresse könnte sein: \end_layout \begin_layout Code - ff02::1:ff00:1234 \end_layout @@ -2897,7 +2834,6 @@ Die Subnet-Router Anycast Adresse ist ein einfaches Beispiel für eine Anycast \end_layout \begin_layout Code - 2001:0db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2907,7 +2843,6 @@ Die Subnet-Router Anycast Adresse wird durch komplette Streichung des Suffixes \end_layout \begin_layout Code - 2001:0db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2947,7 +2882,6 @@ Als Beispiel hat hier ein NIC folgende MAC-Adresse (48 bit): \end_layout \begin_layout Code - 00:10:a4:01:23:45 \end_layout @@ -2967,7 +2901,6 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code - 0210:a4ff:fe01:2345 \end_layout @@ -2979,7 +2912,6 @@ Mit einem gegebenen Präfix wird daraus die schon oben gezeigte IPv6-Adresse: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -3037,7 +2969,6 @@ Bei Servern ist es wahrscheinlich leichter, sich einfachere Adressen zu \end_layout \begin_layout Code - 2001:0db8:100:f101::1 \end_layout @@ -3135,7 +3066,6 @@ Ein Beispiel: \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -3149,7 +3079,6 @@ Netzwerk: \end_layout \begin_layout Code - 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -3158,7 +3087,6 @@ Netzmaske: \end_layout \begin_layout Code - ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3178,12 +3106,10 @@ Wenn z.B. \end_layout \begin_layout Code - 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code - 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3193,12 +3119,10 @@ Die gezeigten Zieladressen der IPv6 Pakete werden über die entsprechenden \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code - 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -3258,7 +3182,6 @@ Um zu überprüfen, ob ihr aktueller Kernel IPv6 unterstützt, sollten sie \end_layout \begin_layout Code - /proc/net/if_inet6 \end_layout @@ -3268,7 +3191,6 @@ Einen kleinen automatischen Test können Sie wie folgt durchführen: \end_layout \begin_layout Code - # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3288,7 +3210,6 @@ Mit folgenden Befehl können Sie versuchen, das Modul zu laden: \end_layout \begin_layout Code - # modprobe ipv6 \end_layout @@ -3299,7 +3220,6 @@ Wenn dieser Befehl positiv verläuft, dann sollten Sie das Modul mit folgendem \end_layout \begin_layout Code - # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3325,7 +3245,6 @@ Es ist möglich das IPv6 Modul bei Bedarf automatisch zu laden. \end_layout \begin_layout Code - alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -3335,7 +3254,6 @@ Mit der folgenden Zeile ist es auch möglich, das automatische Laden des \end_layout \begin_layout Code - alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3593,12 +3511,10 @@ Automatische Überprüfung: \end_layout \begin_layout Code - # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code - ¬ IPv6-ready" \end_layout @@ -3612,7 +3528,6 @@ route \end_layout \begin_layout Code - # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3631,7 +3546,6 @@ Alexey N.Kuznetsov (gegenwärtig ein Betreuer des Linux Network Codes) erstellte \end_layout \begin_layout Code - # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3697,17 +3611,14 @@ Anwendung \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 [-I ] \end_layout @@ -3719,7 +3630,6 @@ Einige Implementierungen unterstützen auch % Definition zusätzlich \end_layout \begin_layout Code - # ping6 % \end_layout @@ -3728,17 +3638,14 @@ Beispiel \end_layout \begin_layout Code - # ping6 -c 1 ::1 \end_layout \begin_layout Code - PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3747,17 +3654,14 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - --- ::1 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code - round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3790,12 +3694,10 @@ Wenn link-lokale Adressen für ein IPv6 ping verwendet werden, dann hat der \end_layout \begin_layout Code - # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - connect: Invalid argument \end_layout @@ -3804,22 +3706,18 @@ In diesem Fall müssen Sie das Interface zusätzlich spezifizieren: \end_layout \begin_layout Code - # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code - PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3828,17 +3726,14 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code - ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3849,7 +3744,6 @@ Beispiel für % Notation: \end_layout \begin_layout Code - # ping6 -c 1 fe80::2e0:18ff:fe90:9205%eth0 \end_layout @@ -3863,22 +3757,18 @@ Ein interessanter Mechanismus zum Aufspüren eines IPv6 aktiven Hosts am \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code - PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code - 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3890,7 +3780,6 @@ Beispiel für % Notation: \end_layout \begin_layout Code - # ping6 ff02::1%eth0 \end_layout @@ -3918,51 +3807,42 @@ Dieses Programm ist normal im Paket iputils enthalten. \end_layout \begin_layout Code - # traceroute6 www.6bone.net \end_layout \begin_layout Code - traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code - ¬ hops max, 16 byte packets \end_layout \begin_layout Code - 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code - 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code - 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code - 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code - 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code - 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -4002,52 +3882,42 @@ iputils \end_layout \begin_layout Code - # tracepath6 www.6bone.net \end_layout \begin_layout Code - 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code - 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code - 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code - 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code - 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code - 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code - 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code - 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code - Resume: pmtu 1280 \end_layout @@ -4140,32 +4010,26 @@ IPv6 ping zur Adresse \end_layout \begin_layout Code - # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on eth0 \end_layout \begin_layout Code - 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code - ¬ request (len 64, hlim 64) \end_layout \begin_layout Code - 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code - ¬ reply (len 64, hlim 64) \end_layout @@ -4184,52 +4048,42 @@ IPv6 ping zur Adresse \end_layout \begin_layout Code - # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on ppp0 \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4315,7 +4169,6 @@ Jeder DNS-Server (Domain Name System) sollte aufgrund der Sicherheitsupdates \end_layout \begin_layout Code - # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4324,20 +4177,17 @@ Die Ausgabe des Tests sollte etwa wie folgt sein: \end_layout \begin_layout Code - www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code - tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code - ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4351,30 +4201,25 @@ IPv6 kompatible Clients sind verfügbar. \end_layout \begin_layout Code - $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code - Trying 3ffe:400:100::1... \end_layout \begin_layout Code - Connected to 3ffe:400:100::1. \end_layout \begin_layout Code - Escape character is '^]'. \end_layout \begin_layout Code - HEAD / HTTP/1.0 \end_layout @@ -4383,47 +4228,38 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code - HTTP/1.1 200 OK \end_layout \begin_layout Code - Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code - GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code - Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code - ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code - Accept-Ranges: bytes \end_layout \begin_layout Code - Content-Length: 2637 \end_layout \begin_layout Code - Connection: close \end_layout \begin_layout Code - Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4432,7 +4268,6 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code - Connection closed by foreign host. \end_layout @@ -4474,17 +4309,14 @@ he Verhaltensweisen: \end_layout \begin_layout Code - $ ssh -6 ::1 \end_layout \begin_layout Code - user@::1's password: ****** \end_layout \begin_layout Code - [user@ipv6host user]$ \end_layout @@ -5034,12 +4866,10 @@ Gebrauch: \end_layout \begin_layout Code - # ip link set dev up \end_layout \begin_layout Code - # ip link set dev down \end_layout @@ -5052,12 +4882,10 @@ Beispiel: \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout @@ -5071,12 +4899,10 @@ Gebrauch: \end_layout \begin_layout Code - # /sbin/ifconfig up \end_layout \begin_layout Code - # /sbin/ifconfig down \end_layout @@ -5085,12 +4911,10 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 up \end_layout \begin_layout Code - # /sbin/ifconfig eth0 down \end_layout @@ -5145,7 +4969,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev \end_layout @@ -5154,27 +4977,22 @@ Beispiel für einen statisch konfigurierten Host: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: \end_layout @@ -5261,22 +5070,18 @@ en (die Ausgabe wurde mit grep gefiltert) \end_layout \begin_layout Code - # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code - inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code - inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code - inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5299,7 +5104,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 addr add / dev \end_layout @@ -5308,7 +5112,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5322,7 +5125,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 add / \end_layout @@ -5331,7 +5133,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -5355,7 +5156,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 addr del / dev \end_layout @@ -5364,7 +5164,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5378,7 +5177,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 del / \end_layout @@ -5387,7 +5185,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -5441,7 +5238,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route show [dev ] \end_layout @@ -5451,27 +5247,22 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code - 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5485,7 +5276,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -5496,42 +5286,34 @@ Sie sehen hier mehrere IPv6 Routen mit unterschiedlichen Adressen eines \end_layout \begin_layout Code - # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code - 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code - ¬ addresses \end_layout \begin_layout Code - ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -5554,12 +5336,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route add / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5568,7 +5348,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2001:0db8:0:f101::1 \end_layout @@ -5582,12 +5361,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5606,7 +5383,6 @@ Im folgenden Beispiel wird eine Route für alle Adressen (default) über das \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1 \end_layout @@ -5631,12 +5407,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route del / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5645,7 +5419,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route del default via 2001:0db8:0:f101::1 \end_layout @@ -5659,13 +5432,11 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code - ¬ ] \end_layout @@ -5674,7 +5445,6 @@ Beispiel zum entfernen der im obigen Beispiel hinzugefügten Route: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1 \end_layout @@ -5698,12 +5468,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route add / dev \end_layout \begin_layout Code - ¬ metric 1 \end_layout @@ -5712,7 +5480,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route add default dev eth0 metric 1 \end_layout @@ -5755,7 +5522,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / dev \end_layout @@ -5764,7 +5530,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/route -A inet6 add default dev eth0 \end_layout @@ -5787,7 +5552,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route del / dev \end_layout @@ -5796,7 +5560,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route del default dev eth0 \end_layout @@ -5810,7 +5573,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / dev \end_layout @@ -5820,7 +5582,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default dev eth0 \end_layout @@ -5860,17 +5621,14 @@ Ein client kann eine Default Route (z.B. \end_layout \begin_layout Code - # ip -6 route show | grep ^default \end_layout \begin_layout Code - default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code - ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5967,7 +5725,6 @@ Mit dem folgenden Befehl können Sie die gelernten oder konfigurierten IPv6 \end_layout \begin_layout Code - # ip -6 neigh show [dev ] \end_layout @@ -5976,12 +5733,10 @@ Das folgende Beispiel zeigt einen Nachbar, einen erreichbaren Router: \end_layout \begin_layout Code - # ip -6 neigh show \end_layout \begin_layout Code - fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -6006,7 +5761,6 @@ Mit folgendem Befehl können Sie einen Eintrag manuell hinzufügen: \end_layout \begin_layout Code - # ip -6 neigh add lladdr dev \end_layout @@ -6015,7 +5769,6 @@ Beispiel: \end_layout \begin_layout Code - # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -6028,7 +5781,6 @@ Sie können einen Eintrag auch löschen: \end_layout \begin_layout Code - # ip -6 neigh del lladdr dev \end_layout @@ -6037,7 +5789,6 @@ Beispiel: \end_layout \begin_layout Code - # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -6067,28 +5818,23 @@ help \end_layout \begin_layout Code - # ip -6 neigh help \end_layout \begin_layout Code - Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code - [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code - | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code - ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -6294,27 +6040,22 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code - | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code - | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code - | 0x2002 | | | | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6546,7 +6287,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -6555,17 +6295,14 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show \end_layout \begin_layout Code - sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code - sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6578,7 +6315,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -6588,7 +6324,6 @@ Beispiel (Ausgabe wurde derart gefiltert, dass nur Tunnels über das virtuelle \end_layout \begin_layout Code - # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6597,27 +6332,22 @@ W*$" \end_layout \begin_layout Code - ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code - 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6695,12 +6425,10 @@ ert 0 ist): \end_layout \begin_layout Code - # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -6709,22 +6437,18 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6733,22 +6457,18 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6757,22 +6477,18 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6795,7 +6511,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6804,17 +6519,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit1 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6823,17 +6535,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit2 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6842,17 +6551,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit3 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6881,7 +6587,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6890,32 +6595,26 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6945,7 +6644,6 @@ Entfernen eines Tunnel-Devices: \end_layout \begin_layout Code - # /sbin/ip tunnel del \end_layout @@ -6954,17 +6652,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code - # /sbin/ip link set sit1 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit1 \end_layout @@ -6973,17 +6668,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code - # /sbin/ip link set sit2 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit2 \end_layout @@ -6992,17 +6684,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code - # /sbin/ip link set sit3 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit3 \end_layout @@ -7023,12 +6712,10 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code - # /sbin/ifconfig sit3 down \end_layout @@ -7037,12 +6724,10 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code - # /sbin/ifconfig sit2 down \end_layout @@ -7051,12 +6736,10 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code - # /sbin/ifconfig sit1 down \end_layout @@ -7065,7 +6748,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7087,32 +6769,26 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -7121,7 +6797,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7182,7 +6857,6 @@ Angenommen, Ihre IPv4 Adresse ist: \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -7191,7 +6865,6 @@ Dann ist das daraus resultierende 6to4 Präfix: \end_layout \begin_layout Code - 2002:0102:0304:: \end_layout @@ -7210,7 +6883,6 @@ pe Suffix kann benutzt werden) das Suffix \end_layout \begin_layout Code - 2002:0102:0304::1 \end_layout @@ -7219,7 +6891,6 @@ Zum automatischen Erstellen der Adresse können Sie folgenden Befehl nutzen: \end_layout \begin_layout Code - ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -7241,12 +6912,10 @@ Erstellen eines neues Tunnel-Device: \end_layout \begin_layout Code - # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code - ¬ \end_layout @@ -7255,7 +6924,6 @@ Interface aktivieren: \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 up \end_layout @@ -7265,7 +6933,6 @@ Eine lokale 6to4 Adresse am Interface hinzufügen (Hinweis: Präfix-Länge \end_layout \begin_layout Code - # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -7275,7 +6942,6 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung \end_layout \begin_layout Code - # /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -7296,7 +6962,6 @@ ip \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -7316,7 +6981,6 @@ Das allgemeine Tunnel Interface sit0 aktivieren: \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -7325,7 +6989,6 @@ Dem Interface eine lokale 6to4 Adresse hinzufügen: \end_layout \begin_layout Code - # /sbin/ifconfig sit0 add /16 \end_layout @@ -7335,7 +6998,6 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0 \end_layout @@ -7352,7 +7014,6 @@ Entfernen aller Routen über dieses bestimmten Tunnel Devices: \end_layout \begin_layout Code - # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -7361,7 +7022,6 @@ Interface deaktivieren: \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 down \end_layout @@ -7370,7 +7030,6 @@ Ein erstelltes Tunnel Device entfernen: \end_layout \begin_layout Code - # /sbin/ip tunnel del tun6to4 \end_layout @@ -7384,7 +7043,6 @@ Entfernen der (Standard-) Route über ein 6to4 Tunnel Device: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0 \end_layout @@ -7393,7 +7051,6 @@ Eine 6to4 Adresse des Interfaces entfernen: \end_layout \begin_layout Code - # /sbin/ifconfig sit0 del /16 \end_layout @@ -7403,7 +7060,6 @@ Ein allgemeines Tunnel Device deaktivieren (aber Achtung, eventuell ist \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7451,7 +7107,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -7462,18 +7117,15 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code - ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code - ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -7499,7 +7151,6 @@ Anwendung für die Erzeugung einer 4over6 Tunnel-Schnittstelle (welche danach \end_layout \begin_layout Code - # /sbin/ip tunnel add mode ip4ip6 remote local \end_layout @@ -7511,18 +7162,15 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -7531,18 +7179,15 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -7551,18 +7196,15 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -7579,7 +7221,6 @@ Anwendung für das Löschen einer Tunnel-Schnittstelle: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del \end_layout @@ -7590,17 +7231,14 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -7609,17 +7247,14 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -7628,17 +7263,14 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -7718,7 +7350,6 @@ Das /proc-Dateisystem muss im Kernel aktiviert sein. \end_layout \begin_layout Code - CONFIG_PROC_FS=y \end_layout @@ -7728,12 +7359,10 @@ Das /proc-Dateisystem muss zuerst gemountet sein. \end_layout \begin_layout Code - # mount | grep "type proc" \end_layout \begin_layout Code - none on /proc type proc (rw) \end_layout @@ -7765,12 +7394,10 @@ cat \end_layout \begin_layout Code - # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code - 0 \end_layout @@ -7792,7 +7419,6 @@ echo \end_layout \begin_layout Code - # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -7841,7 +7467,6 @@ Das sysctl-Interface muss im Kernel aktiviert sein. \end_layout \begin_layout Code - CONFIG_SYSCTL=y \end_layout @@ -7854,12 +7479,10 @@ Der Wert eines Eintrags kann nun angezeigt werden: \end_layout \begin_layout Code - # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7873,12 +7496,10 @@ Ein neuer Wert kann wie folgt zugewiesen werden (wenn der Eintrag beschreibbar \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7898,12 +7519,10 @@ Anmerkung: Verwenden Sie beim setzen eines Wertes keine Leerzeichen vor \end_layout \begin_layout Code - # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code - net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -8386,12 +8005,10 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code - ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code - ¬ seq=426, pid=0 \end_layout @@ -8867,27 +8484,22 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code - # cat /proc/net/if_inet6 \end_layout \begin_layout Code - 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code - +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code - | | | | | | \end_layout \begin_layout Code - 1 2 3 4 5 6 \end_layout @@ -8981,27 +8593,22 @@ net/ipv6/route.c \end_layout \begin_layout Code - # cat /proc/net/ipv6_route \end_layout \begin_layout Code - 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code - +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code - | | | | \end_layout \begin_layout Code - 1 2 3 4 \end_layout @@ -9010,22 +8617,18 @@ net/ipv6/route.c \end_layout \begin_layout Code - ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code - ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code - ¬ | | | | | | \end_layout \begin_layout Code - ¬ 5 6 7 8 9 10 \end_layout @@ -9085,27 +8688,22 @@ Statistiken über verwendete IPv6 Sockets. \end_layout \begin_layout Code - # cat /proc/net/sockstat6 \end_layout \begin_layout Code - TCP6: inuse 7 \end_layout \begin_layout Code - UDP6: inuse 2 \end_layout \begin_layout Code - RAW6: inuse 1 \end_layout \begin_layout Code - FRAG6: inuse 0 memory 0 \end_layout @@ -9299,375 +8897,307 @@ Beispiel: \end_layout \begin_layout Code - # netstat -nlptu \end_layout \begin_layout Code - Active Internet connections (only servers) \end_layout \begin_layout Code - Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code - ¬ PID/Program name \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 22433/lpd Waiting \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1746/smbd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 3551/X \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18735/junkbuster \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code - ¬ 1410/sshd \end_layout \begin_layout Code - tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code - ¬ 13237/sshd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - udp 0 0 :::53 :::* \end_layout \begin_layout Code - ¬ 30734/named \end_layout @@ -9700,32 +9230,26 @@ Router Advertisement \end_layout \begin_layout Code - 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code - ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code - ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code - ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code - ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code - ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -9778,12 +9302,10 @@ Router Anfrage \end_layout \begin_layout Code - 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code - ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -9852,12 +9374,10 @@ fe80:212:34ff:fe12:3456 \end_layout \begin_layout Code - 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -9875,18 +9395,15 @@ Der Knoten will seine globale Adresse \end_layout \begin_layout Code - 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9904,18 +9421,15 @@ Der Knoten will seine globale Adresse \end_layout \begin_layout Code - 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code - ¬ 255) \end_layout @@ -9937,18 +9451,15 @@ Der Knoten möchte Pakete an die Adresse \end_layout \begin_layout Code - 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code - ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9965,12 +9476,10 @@ fe80::10 \end_layout \begin_layout Code - 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code - ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -10098,7 +9607,6 @@ Sie können überprüfen, ob Ihre Distribution eine permanente IPv6 Konfiguratio \end_layout \begin_layout Code - /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -10107,13 +9615,11 @@ Automatischer Test: \end_layout \begin_layout Code - # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code - ¬ IPv6 script library exists" \end_layout @@ -10125,17 +9631,14 @@ Die Versionsnummer der Library ist von Interesse, wenn Sie Features vermissen \end_layout \begin_layout Code - # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code - ¬ getversion_ipv6_functions \end_layout \begin_layout Code - 20011124 \end_layout @@ -10179,12 +9682,10 @@ Kurze Anleitung zum aktivieren von IPv6 bei RHL 7.1, 7.2, 7.3, ... \end_layout \begin_layout Code - # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code - alias net-pf-10 off \end_layout @@ -10202,7 +9703,6 @@ twork \end_layout \begin_layout Code - NETWORKING_IPV6=yes \end_layout @@ -10212,7 +9712,6 @@ Rebooten bzw. \end_layout \begin_layout Code - # service network restart \end_layout @@ -10221,12 +9720,10 @@ Nun sollte das IPv6 Modul geladen sein \end_layout \begin_layout Code - # modprobe -c | grep ipv6 \end_layout \begin_layout Code - alias net-pf-10 ipv6 \end_layout @@ -10295,7 +9792,6 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende \end_layout \begin_layout Code - IP6ADDR="/" \end_layout @@ -10331,7 +9827,6 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende \end_layout \begin_layout Code - IPADDR="/" \end_layout @@ -10386,54 +9881,44 @@ Konfiguriere die Schnittstelle (hier im Beispiel: eth0). \end_layout \begin_layout Code - iface eth0 inet6 static \end_layout \begin_layout Code - pre-up modprobe ipv6 \end_layout \begin_layout Code - address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code - # To suppress completely autoconfiguration: \end_layout \begin_layout Code - # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code - netmask 64 \end_layout \begin_layout Code - # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code - # It is magically \end_layout \begin_layout Code - # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code - #gateway 2001:0db8:1234:5::1 \end_layout @@ -10444,7 +9929,6 @@ Danach rebooten oder folgendes Kommando ausführen \end_layout \begin_layout Code - # ifup --force eth0 \end_layout @@ -10521,22 +10005,18 @@ Beispiel: \end_layout \begin_layout Code - # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code - inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code - valid_lft forever preferred_lft forever \end_layout @@ -11112,7 +10592,6 @@ Wechseln Sie in das Source-Verzeichnis: \end_layout \begin_layout Code - # cd /path/to/src \end_layout @@ -11121,12 +10600,10 @@ Entpacken sie die Kernel-Quellen und vergeben diesen einen neuen Namen \end_layout \begin_layout Code - # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code - # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -11135,7 +10612,6 @@ Entpacken Sie die iptables Quellen \end_layout \begin_layout Code - # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -11148,7 +10624,6 @@ Wechseln Sie in das iptables Verzeichnis \end_layout \begin_layout Code - # cd iptables-version \end_layout @@ -11157,7 +10632,6 @@ Fügen Sie relevante Patches hinzu \end_layout \begin_layout Code - # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11168,7 +10642,6 @@ Fügen Sie zusätzliche IPv6 relevante IPv6 Patches hinzu (die nach wie vor \end_layout \begin_layout Code - # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11207,12 +10680,10 @@ REJECT.patch.ipv6 \end_layout \begin_layout Code - # make print-extensions \end_layout \begin_layout Code - Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -11225,7 +10696,6 @@ Wechseln Sie zu den Kernel-Quellen \end_layout \begin_layout Code - # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -11234,12 +10704,10 @@ Editieren Sie das Makefile \end_layout \begin_layout Code - - EXTRAVERSION = \end_layout \begin_layout Code - + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -11248,99 +10716,80 @@ Starten Sie configure und aktivieren Sie IPv6 relevante Optionen \end_layout \begin_layout Code - Code maturity level options \end_layout \begin_layout Code - Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code - Networking options \end_layout \begin_layout Code - Network packet filtering: yes \end_layout \begin_layout Code - The IPv6 protocol: module \end_layout \begin_layout Code - IPv6: Netfilter Configuration \end_layout \begin_layout Code - IP6 tables support: module \end_layout \begin_layout Code - All new options like following: \end_layout \begin_layout Code - limit match support: module \end_layout \begin_layout Code - MAC address match support: module \end_layout \begin_layout Code - Multiple port match support: module \end_layout \begin_layout Code - Owner match support: module \end_layout \begin_layout Code - netfilter MARK match support: module \end_layout \begin_layout Code - Aggregated address check: module \end_layout \begin_layout Code - Packet filtering: module \end_layout \begin_layout Code - REJECT target support: module \end_layout \begin_layout Code - LOG target support: module \end_layout \begin_layout Code - Packet mangling: module \end_layout \begin_layout Code - MARK target support: module \end_layout @@ -11366,7 +10815,6 @@ Benennen sie das ältere Verzeichnis um \end_layout \begin_layout Code - # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -11375,7 +10823,6 @@ Erstellen Sie einen neuen symbolischen Link \end_layout \begin_layout Code - # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -11384,7 +10831,6 @@ Erstellen Sie ein neues SRPMS \end_layout \begin_layout Code - # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -11406,7 +10852,6 @@ Freshen \end_layout \begin_layout Code - # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11423,7 +10868,6 @@ install \end_layout \begin_layout Code - # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11442,7 +10886,6 @@ nodeps \end_layout \begin_layout Code - # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11452,7 +10895,6 @@ Damit iptables die Libraries finden kann, ist es eventuell notwendig, einen \end_layout \begin_layout Code - # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -11469,7 +10911,6 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde): \end_layout \begin_layout Code - # modprobe ip6_tables \end_layout @@ -11478,12 +10919,10 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde): \end_layout \begin_layout Code - # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code - ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -11500,7 +10939,6 @@ Kurze Auflistung: \end_layout \begin_layout Code - # ip6tables -L \end_layout @@ -11509,7 +10947,6 @@ Erweiterte Auflistung: \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L \end_layout @@ -11518,7 +10955,6 @@ Auflistung angegebener Filter \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -11527,12 +10963,10 @@ Hinzufügen einer Log-Regel zum Input-Filter mit Optionen \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code - ¬ --log-level 7 \end_layout @@ -11541,7 +10975,6 @@ Hinzufügen einer Drop-Regel zum Input-Filter \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -11550,7 +10983,6 @@ Löschen einer Regel mit Hilfe der Regelnummer \end_layout \begin_layout Code - # ip6tables --table filter --delete INPUT 1 \end_layout @@ -11569,7 +11001,6 @@ Seit Kernel-Version 2.6.20 ist die Auswertung des IPv6-Verbindungsstatus gut \end_layout \begin_layout Code - # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -11587,7 +11018,6 @@ Eingehender ICMPv6 Verkehr durch Tunnel erlauben \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11596,7 +11026,6 @@ Ausgehenden ICMPv6 Verkehr durch Tunnel erlauben \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11605,7 +11034,6 @@ Neuere Kernel erlauben das Spezifizieren des ICMPv6-Typs: \end_layout \begin_layout Code - # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -11624,12 +11052,10 @@ n Patitionen entgegenzuwirken. \end_layout \begin_layout Code - # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code - ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -11648,12 +11074,10 @@ Eingehende SSH Verbindungen werden von der Adresse 2001:0db8:100::1/128 \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code - ¬ --dport 22 -j ACCEPT \end_layout @@ -11668,12 +11092,10 @@ nicht mehr notwendig, wenn der IPv6-Verbindungsstatus ausgewertet wird! \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code - ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -11691,7 +11113,6 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten am interface ppp0 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11700,7 +11121,6 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten am interface ppp0 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11715,7 +11135,6 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -11725,7 +11144,6 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -11749,7 +11167,6 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu diesem Host \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -11758,7 +11175,6 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu Hosts hinter diesem Router \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -11791,7 +11207,6 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten ausgehender Anfragen \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11801,7 +11216,6 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten auf Anfragen von hinter \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11830,7 +11244,6 @@ system-config-firewall \end_layout \begin_layout Code - Datei: /etc/sysconfig/ip6tables \end_layout @@ -11839,87 +11252,70 @@ Datei: /etc/sysconfig/ip6tables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11931,7 +11327,6 @@ Zwecks der Vollständigkeit ist hier auch die entsprechende Konfiguration \end_layout \begin_layout Code - Datei: /etc/sysconfig/iptables \end_layout @@ -11940,88 +11335,71 @@ Datei: /etc/sysconfig/iptables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -12044,12 +11422,10 @@ Aktivieren von IPv4 & IPv6 Firewalling \end_layout \begin_layout Code - # service iptables start \end_layout \begin_layout Code - # service ip6tables start \end_layout @@ -12060,12 +11436,10 @@ Aktivieren des automatischen Starts nach dem Reboot \end_layout \begin_layout Code - # chkconfig iptables on \end_layout \begin_layout Code - # chkconfig ip6tables on \end_layout @@ -12079,578 +11453,472 @@ Folgende Zeilen zeigen ein umfangreicheres Setup. \end_layout \begin_layout Code - # ip6tables -n -v -L \end_layout \begin_layout Code - Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain ext2int (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain int2ext (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -12688,7 +11956,6 @@ Wie bei IPv4 können Systeme hinter einem Router versteckt werden mit Hilfe \end_layout \begin_layout Code - # ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE \end_layout @@ -12706,7 +11973,6 @@ Eine dedizierte öffentliche IPv6-Adresse kann zu einer internen IPv6-Adresse \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout @@ -12725,7 +11991,6 @@ Ein dedizierter Port kann zu einem internen System weitergeleitet werden, \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti nation [fec0::1234]:80 \end_layout @@ -12779,22 +12044,18 @@ Laden der Kernel-Module: \end_layout \begin_layout Code - # modprobe nf_tables \end_layout \begin_layout Code - # modprobe nf_tables_ipv4 \end_layout \begin_layout Code - # modprobe nf_tables_ipv6 \end_layout \begin_layout Code - # modprobe nf_tables_inet \end_layout @@ -12805,12 +12066,10 @@ Löschen der Regeln in iptables and ip6tables um Interferenzen zu vermeiden: \end_layout \begin_layout Code - # iptables -F \end_layout \begin_layout Code - # ip6tables -F \end_layout @@ -12821,7 +12080,6 @@ Erzeugen der Filter-Tabelle: \end_layout \begin_layout Code - # nft add table inet filter \end_layout @@ -12832,7 +12090,6 @@ Erzeugen einer input chain in der Filter-Tabelle: \end_layout \begin_layout Code - # nft add chain inet filter input { type filter hook input priority 0 \backslash ; } @@ -12858,7 +12115,6 @@ Tabelle gehören \end_layout \begin_layout Code - # nft add rule inet filter input ct state established,related counter accept \end_layout @@ -12870,13 +12126,11 @@ Erlauben von IPv4 und IPv6 ICMP echo-request (aka ping) \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv4 icmp type { echo-request } counter accept \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv6 icmpv6 type echo-request counter accept \end_layout @@ -12889,23 +12143,19 @@ Erlauben einiger wichtiger IPv6 ICMP Pakete, ohne Zähler, dafür mit Hop-Limit- \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code - ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 1 accept \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code - ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 255 counter accept \end_layout @@ -12917,7 +12167,6 @@ Erlauben von eingehenden SSH-Verbindungen für IPv4 und IPv6 \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -12936,17 +12185,14 @@ Reject/drop anderer Pakete \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 0-65535 reject \end_layout \begin_layout Code - # nft add rule inet filter input udp dport 0-65535 counter drop \end_layout \begin_layout Code - # nft add rule inet filter input counter drop \end_layout @@ -12963,77 +12209,63 @@ Tabelle für IP unabhängigen Filter \end_layout \begin_layout Code - table inet filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip protocol icmp icmp type { echo-request} counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip6 nexthdr ipv6-icmp icmpv6 type echo-request counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip6 nexthdr ipv6-icmp ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - ip6 nexthdr ipv6-icmp ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - tcp dport ssh ct state new tcp flags & (syn | ack) == syn counter packets 0 bytes 0 accept \end_layout \begin_layout Code - tcp dport >= 0 tcp dport <= 65535 counter packets 0 bytes 0 reject \end_layout \begin_layout Code - udp dport >= 0 udp dport <= 65535 counter packets 0 bytes 0 drop \end_layout \begin_layout Code - log prefix counter packets 0 bytes 0 drop \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13050,7 +12282,6 @@ Für Logging wird ein zusätzliches Kernelmodul benötigt: \end_layout \begin_layout Code - # modprobe xt_LOG \end_layout @@ -13079,7 +12310,6 @@ Für erste Tests mit der Log-Option kann es nützlich sein, das Loggens für \end_layout \begin_layout Code - #*.emerg :omusrmsg:* \end_layout @@ -13090,7 +12320,6 @@ Regel von oben, welche SSH auf Port 22 erlaubt, nun mit Logging: \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -13172,141 +12401,114 @@ mark xxxx \end_layout \begin_layout Code - # for table in ip ip6 inet; do nft list table $table filter; done \end_layout \begin_layout Code - table ip filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 241 bytes 25193 accept \end_layout \begin_layout Code - counter packets 2 bytes 120 mark 0x00000100 accept \end_layout \begin_layout Code - icmp type { echo-request} counter packets 0 bytes 0 meta mark set 0x00000100 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout \begin_layout Code - table ip6 filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 14 bytes 4077 accept \end_layout \begin_layout Code - counter packets 4 bytes 408 mark 0x00000100 accept \end_layout \begin_layout Code - icmpv6 type echo-request counter packets 1 bytes 104 meta mark set 0x00000100 \end_layout \begin_layout Code - icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} counter packets 2 bytes 224 meta mark set 0x00000100 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout \begin_layout Code - table inet filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 307 bytes 31974 accept \end_layout \begin_layout Code - counter packets 6 bytes 528 mark 0x00000100 accept \end_layout \begin_layout Code - tcp dport ssh ct state new tcp flags & (syn | ack) == syn log prefix "inet/input/accept: " meta mark set 0x00000100 counter packets 3 bytes 200 accept \end_layout \begin_layout Code - log prefix "inet/input/reject: " counter packets 0 bytes 0 reject \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13418,12 +12620,10 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # nc6 ::1 daytime \end_layout \begin_layout Code - 13 JUL 2002 11:22:22 CEST \end_layout @@ -13445,53 +12645,43 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code - # nmap -6 -sT ::1 \end_layout \begin_layout Code - Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code - Interesting ports on localhost6 (::1): \end_layout \begin_layout Code - (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code - Port State Service \end_layout \begin_layout Code - 22/tcp open ssh \end_layout \begin_layout Code - 53/tcp open domain \end_layout \begin_layout Code - 515/tcp open printer \end_layout \begin_layout Code - 2401/tcp open cvspserver \end_layout \begin_layout Code - Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -13514,32 +12704,26 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code - ::1 2401 unassigned unknown \end_layout \begin_layout Code - ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code - ::1 515 printer spooler (lpd) \end_layout \begin_layout Code - ::1 6010 unassigned unknown \end_layout \begin_layout Code - ::1 53 domain Domain Name Server \end_layout @@ -13910,27 +13094,22 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Transport-Modus \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -13945,37 +13124,30 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Tunnel-Modus \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -14045,22 +13217,18 @@ Datei: /etc/racoon/racoon.conf \end_layout \begin_layout Code - # Racoon IKE daemon configuration file. \end_layout \begin_layout Code - # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code - path include "/etc/racoon"; \end_layout \begin_layout Code - path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -14069,22 +13237,18 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code - listen \end_layout \begin_layout Code - { \end_layout \begin_layout Code - isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code - } \end_layout @@ -14093,62 +13257,50 @@ listen \end_layout \begin_layout Code - remote 2001:db8:2:2::2 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exchange_mode main; \end_layout \begin_layout Code - lifetime time 24 hour; \end_layout \begin_layout Code - proposal \end_layout \begin_layout Code - { \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - hash_algorithm md5; \end_layout \begin_layout Code - authentication_method pre_shared_key; \end_layout \begin_layout Code - dh_group 2; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -14157,42 +13309,34 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code - # gateway-to-gateway \end_layout \begin_layout Code - sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -14201,37 +13345,30 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -14248,12 +13385,10 @@ Datei: /etc/racoon/psk.txt \end_layout \begin_layout Code - # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code - # format is: 'identifier' 'key' \end_layout @@ -14262,7 +13397,6 @@ Datei: /etc/racoon/psk.txt \end_layout \begin_layout Code - 2001:db8:2:2::2 verysecret \end_layout @@ -14290,100 +13424,81 @@ Zum Schluss muss der Daemon gestartet werden. \end_layout \begin_layout Code - # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code - Foreground mode. \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net ) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code - ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code - ¬ queued due to no phase1 found. \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code - ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -14404,12 +13519,10 @@ tcpdump \end_layout \begin_layout Code - 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code - 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -14434,117 +13547,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code - A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code - A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -14649,22 +13739,18 @@ Datei: /etc/ipsec.conf \end_layout \begin_layout Code - # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code - # \end_layout \begin_layout Code - # Manual: ipsec.conf.5 \end_layout \begin_layout Code - version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -14673,27 +13759,22 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code - # basic configuration \end_layout \begin_layout Code - config setup \end_layout \begin_layout Code - # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code - # klipsdebug=none \end_layout \begin_layout Code - # plutodebug="control parsing" \end_layout @@ -14702,12 +13783,10 @@ config setup \end_layout \begin_layout Code - #Disable Opportunistic Encryption \end_layout \begin_layout Code - include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -14716,68 +13795,55 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code - conn ipv6-p1-p2 \end_layout \begin_layout Code - connaddrfamily=ipv6 # Important for IPv6, but no longer needed since StrongSwan 4 \end_layout \begin_layout Code - left=2001:db8:1:1::1 \end_layout \begin_layout Code - right=2001:db8:2:2::2 \end_layout \begin_layout Code - authby=secret \end_layout \begin_layout Code - esp=aes128-sha1 \end_layout \begin_layout Code - ike=aes128-sha-modp1024 \end_layout \begin_layout Code - type=transport \end_layout \begin_layout Code - #type=tunnel \end_layout \begin_layout Code - compress=no \end_layout \begin_layout Code - #compress=yes \end_layout \begin_layout Code - auto=add \end_layout \begin_layout Code - #auto=up \end_layout @@ -14798,7 +13864,6 @@ Datei: /etc/ipsec.secrets \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -14825,7 +13890,6 @@ Wenn die Installation von Openswan erfolgreich war, sollte ein initscript \end_layout \begin_layout Code - # /etc/rc.d/init.d/ipsec start \end_layout @@ -14845,42 +13909,34 @@ IPsec SA established \end_layout \begin_layout Code - # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code - 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code - 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code - 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code - 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code - ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -14900,117 +13956,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code - A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code - A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -15035,12 +14068,10 @@ ip \end_layout \begin_layout Code - # ip xfrm policy \end_layout \begin_layout Code - ... \end_layout @@ -15049,12 +14080,10 @@ ip \end_layout \begin_layout Code - # ip xfrm state \end_layout \begin_layout Code - ... \end_layout @@ -15104,39 +14133,32 @@ Vernünftig funktionierendes QoS ist nur an der ausgehenden Schnittstelle \end_layout \begin_layout Code - ------------------->------- \end_layout \begin_layout Code - Queue 1 \backslash \end_layout \begin_layout Code - --->--- ---->--------->--------->------------------- \end_layout \begin_layout Code - Dicke Leitung Queue 2 Queue 1 / Queue 2 / Queue 3 Dünne Leitung \end_layout \begin_layout Code - --->---- ---->--------->--------->------------------- \end_layout \begin_layout Code - Queue 3 / \end_layout \begin_layout Code - ------------------->------- \end_layout @@ -15218,7 +14240,6 @@ Definition einer root qdisc mit einer Bandbreite von 1000 MBit/s an eth1 \end_layout \begin_layout Code - # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -15235,7 +14256,6 @@ Definition einer Klasse 1:1 mit 1 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -15247,7 +14267,6 @@ Definition einer Klasse 1:2 mit 50 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -15259,7 +14278,6 @@ Definition einer Klasse 1:3 mit 10 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -15271,7 +14289,6 @@ Definition einer Klasse 1:4 mit 200 kBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -15301,7 +14318,6 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -15321,7 +14337,6 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -15337,7 +14352,6 @@ match ip6 flowlabel 0x12345 0x3ffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -15354,7 +14368,6 @@ handle 32 fw \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -15366,7 +14379,6 @@ Die letzte Filterdefinition benötigt auch einen Eintrag in ip6tables um \end_layout \begin_layout Code - # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -15384,17 +14396,14 @@ Starten auf Serverseite in separaten Konsolen: \end_layout \begin_layout Code - # iperf -V -s -p 5001 \end_layout \begin_layout Code - # iperf -V -s -p 5002 \end_layout \begin_layout Code - # iperf -V -s -p 5003 \end_layout @@ -15405,35 +14414,29 @@ Starten auf Clientseite und Vergleichen der Ergebnisse: \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5001 (erwartet: 1 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5001 (erwartet: 50 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5002 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5002 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5003 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5003 (erwartet: 200 kBit/s) \end_layout @@ -15517,22 +14520,18 @@ Folgende Optionen müssen geändert werden, damit IPv6 aktiviert wird \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { any; }; \end_layout \begin_layout Code - }; \end_layout @@ -15542,59 +14541,48 @@ Nach einem Neustart (des Dienstes) sollte z.B. \end_layout \begin_layout Code - # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code - ¬ # incoming TCP requests \end_layout \begin_layout Code - udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code - udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP request to any IPv6 \end_layout @@ -15603,7 +14591,6 @@ Ein kleiner Test sieht wie folgt aus: \end_layout \begin_layout Code - # dig localhost @::1 \end_layout @@ -15620,22 +14607,18 @@ Folgende Optionen müssen geändert werden, damit IPv6 deaktiviert wird: \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - }; \end_layout @@ -15650,67 +14633,54 @@ ACLs mit IPv6 Adressen sind realisierbar und sollten wann immer möglich \end_layout \begin_layout Code - acl internal-net { \end_layout \begin_layout Code - 127.0.0.1; \end_layout \begin_layout Code - 1.2.3.0/24; \end_layout \begin_layout Code - 2001:0db8:100::/56; \end_layout \begin_layout Code - ::1/128; \end_layout \begin_layout Code - ::ffff:1.2.3.4/128; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - acl ns-internal-net { \end_layout \begin_layout Code - 1.2.3.4; \end_layout \begin_layout Code - 1.2.3.5; \end_layout \begin_layout Code - 2001:0db8:100::4/128; \end_layout \begin_layout Code - 2001:0db8:100::5/128; \end_layout \begin_layout Code - }; \end_layout @@ -15722,32 +14692,26 @@ Diese ACLs können für Client-Anfragen und Zonentransfers zu Secondary Nameserv \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - allow-query { internal-net; }; \end_layout \begin_layout Code - allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code - }; \end_layout @@ -15773,7 +14737,6 @@ Diese Option ist nicht verpflichtend, ev. \end_layout \begin_layout Code - query-source-v6 address port ; \end_layout @@ -15794,7 +14757,6 @@ Die Transfer source Adresse wird für ausgehende Zonentransfers verwendet: \end_layout \begin_layout Code - transfer-source-v6 [port port]; \end_layout @@ -15807,7 +14769,6 @@ Die Notify source Adresse wird für ausgehende notify Mitteilungen verwendet: \end_layout \begin_layout Code - notify-source-v6 [port port]; \end_layout @@ -15964,27 +14925,22 @@ Eine IPv6 Verbindung kann durch Angabe eines dedizierten Server, der abgefragt \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -15993,7 +14949,6 @@ Aliases: \end_layout \begin_layout Code - Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -16003,17 +14958,14 @@ Ein entsprechender Log-Eintrag sieht wie folgt aus: \end_layout \begin_layout Code - Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code - ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code - query denied \end_layout @@ -16032,27 +14984,22 @@ Eine erfolgreiche IPv6 Verbindung sieht wie folgt aus: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -16061,14 +15008,12 @@ Aliases: \end_layout \begin_layout Code - www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code - 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -16113,52 +15058,42 @@ Wenn Sie nun einen "eingebauten" Service wie z.B. \end_layout \begin_layout Code - # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code - --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code - +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code - @@ -10,5 +10,5 @@ \end_layout \begin_layout Code - protocol = tcp \end_layout \begin_layout Code - user = root \end_layout \begin_layout Code - wait = no \end_layout \begin_layout Code - - disable = yes \end_layout \begin_layout Code - + disable = no \end_layout \begin_layout Code - } \end_layout @@ -16168,27 +15103,22 @@ dann sollten Sie nach einem Neustart des xinetd-Dienstes z.B. \end_layout \begin_layout Code - # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code - ¬ daytime/tcp \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -16249,27 +15179,22 @@ Virtueller Host mit IPv6 Adresse \end_layout \begin_layout Code - Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -16278,32 +15203,26 @@ Virtueller Host mit IPv4 und IPv6 Adresse \end_layout \begin_layout Code - Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code - Listen 1.2.3.4:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -16312,24 +15231,20 @@ Das Ergebnis sollten nach einen Neustart des Dienstes etwa Folgendes sein: \end_layout \begin_layout Code - # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -16436,52 +15351,42 @@ Die Konfigurationsdatei des radvd ist normalerweise die Datei /etc/radvd.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code - AdvOnLink on; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16490,28 +15395,23 @@ Als Ergebnis auf der Client-Seite ergibt sich hieraus: \end_layout \begin_layout Code - # ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -16538,67 +15438,54 @@ Seit der Version 0.6.2pl3 wird die automatische (Neu)-Erstellung des Präfixes \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code - AdvOnLink off; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - Base6to4Interface ppp0; \end_layout \begin_layout Code - AdvPreferredLifetime 20; \end_layout \begin_layout Code - AdvValidLifetime 30; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16608,28 +15495,23 @@ Das Ergebnis auf Clientseite ist (unter der Annahme, dass ppp0 die lokale \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -16648,7 +15530,6 @@ Achtung: wenn keine spezielle 6to4-Unterstützung der initscripts benutzt \end_layout \begin_layout Code - # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -16678,107 +15559,86 @@ radvdump \end_layout \begin_layout Code - # radvdump \end_layout \begin_layout Code - Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code - AdvCurHopLimit: 64 \end_layout \begin_layout Code - AdvManagedFlag: off \end_layout \begin_layout Code - AdvOtherConfigFlag: off \end_layout \begin_layout Code - AdvHomeAgentFlag: off \end_layout \begin_layout Code - AdvReachableTime: 0 \end_layout \begin_layout Code - AdvRetransTimer: 0 \end_layout \begin_layout Code - Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 30 \end_layout \begin_layout Code - AdvPreferredLifetime: 20 \end_layout \begin_layout Code - AdvOnLink: off \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 2592000 \end_layout \begin_layout Code - AdvPreferredLifetime: 604800 \end_layout \begin_layout Code - AdvOnLink: on \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -16844,67 +15704,54 @@ Die Konfigurationsdatei des dhcp6s ist normalerweise /etc/dhcp6s.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - server-preference 255; \end_layout \begin_layout Code - renew-time 60; \end_layout \begin_layout Code - rebind-time 90; \end_layout \begin_layout Code - prefer-life-time 130; \end_layout \begin_layout Code - valid-life-time 200; \end_layout \begin_layout Code - allow rapid-commit; \end_layout \begin_layout Code - option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code - link AAA { \end_layout \begin_layout Code - range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code - prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16928,22 +15775,18 @@ Die Konfigurationsdatei von dhcp6c ist normalerweise /etc/dhcp6c.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - send rapid-commit; \end_layout \begin_layout Code - request domain-name-servers; \end_layout \begin_layout Code - }; \end_layout @@ -16967,7 +15810,6 @@ Starten des Servers, z.B. \end_layout \begin_layout Code - # service dhcp6s start \end_layout @@ -16985,12 +15827,10 @@ Starten des Clients im Vordergrund, z.B. \end_layout \begin_layout Code - # dhcp6c -f eth0 \end_layout \begin_layout Code - ... \end_layout @@ -17014,7 +15854,6 @@ Der Server hat einen Vordergrund und zwei Debug-Schalter (von denen beide \end_layout \begin_layout Code - # dhcp6c -d -D -f eth0 \end_layout @@ -17032,7 +15871,6 @@ Mit einem IPv6 Ping an die DHCP Multicast-Adresse kann getestet werden, \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1:2 \end_layout @@ -17043,58 +15881,47 @@ Der Client hat einen Vordergrund und zwei Debug-Schalter, hier ein Beispiel: \end_layout \begin_layout Code - # dhcp6c -d -f eth0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code - Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -17161,32 +15988,26 @@ Erstellen einer eigenen Konfigurationsdatei /etc/dhcp/dhcpd6.conf für den \end_layout \begin_layout Code - default-lease-time 600; \end_layout \begin_layout Code - max-lease-time 7200; \end_layout \begin_layout Code - log-facility local7; \end_layout \begin_layout Code - subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients \end_layout \begin_layout Code - range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout @@ -17195,12 +16016,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients requesting a temporary address \end_layout \begin_layout Code - range6 2001:db8:0:1::/64 temporary; \end_layout @@ -17209,17 +16028,14 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Additional options \end_layout \begin_layout Code - option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code - option dhcp6.domain-search "domain.example"; \end_layout @@ -17228,12 +16044,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Prefix range for delegation to sub-routers \end_layout \begin_layout Code - prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout @@ -17242,33 +16056,27 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Example for a fixed host address \end_layout \begin_layout Code - host specialclient { \end_layout \begin_layout Code - host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code - fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -17307,7 +16115,6 @@ dhcp6c \end_layout \begin_layout Code - # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -17333,56 +16140,46 @@ Starte den Server im Vordergrund: \end_layout \begin_layout Code - # /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth1 \end_layout \begin_layout Code - Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code - Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code - All rights reserved. \end_layout \begin_layout Code - For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code - Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code - Wrote 0 leases to leases file. \end_layout \begin_layout Code - Bound to *:547 \end_layout \begin_layout Code - Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code - Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -17425,62 +16222,50 @@ Erstellen der Konfigurationsdatei /etc/dibbler/server.conf . \end_layout \begin_layout Code - log-level 8 \end_layout \begin_layout Code - log-mode short \end_layout \begin_layout Code - preference 0 \end_layout \begin_layout Code - iface "eth1" { \end_layout \begin_layout Code - prefered-lifetime 3600 \end_layout \begin_layout Code - valid-lifetime 7200 \end_layout \begin_layout Code - class { \end_layout \begin_layout Code - pool 2001:db8:0:1::/64 \end_layout \begin_layout Code - } \end_layout \begin_layout Code - option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code - option domain domain.example \end_layout \begin_layout Code - } \end_layout @@ -17503,148 +16288,124 @@ Start Server im Vorgergrund: \end_layout \begin_layout Code - # dibbler-server run \end_layout \begin_layout Code - | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code - | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code - | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code - | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code - 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code - 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code - 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code - 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code - 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code - 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code - 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code - 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code - 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code - 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code - 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code - 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -17709,7 +16470,6 @@ s.allow sowie /etc/hosts.deny. \end_layout \begin_layout Code - $ man hosts.allow \end_layout @@ -17724,13 +16484,11 @@ In dieser Datei wird ein Dienst pro Zeile eingetragen, der positiv gefiltert \end_layout \begin_layout Code - sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code - daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -17751,7 +16509,6 @@ In dieser Datei werden alle Einträge negativ gefiltert. \end_layout \begin_layout Code - ALL: ALL \end_layout @@ -17763,12 +16520,10 @@ Sie können bei Bedarf obige Standardzeile auch durch Folgende ersetzen, \end_layout \begin_layout Code - ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code - | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -17791,22 +16546,18 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code - Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -17817,27 +16568,22 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code - Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code - Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code - ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -17851,22 +16597,18 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code - Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -17876,22 +16618,18 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem auf zwei Ports hörenden \end_layout \begin_layout Code - Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ port 33381 ssh2 \end_layout \begin_layout Code - Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -17927,7 +16665,6 @@ listen \end_layout \begin_layout Code - listen_ipv6=yes \end_layout @@ -17962,27 +16699,22 @@ Editiere die Konfigurationsdatei, üblicherweise /etc/proftpd.conf, allerdings \end_layout \begin_layout Code - \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Bind 2001:0DB8::1 \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - \end_layout diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf index 07eff8508b1a8af867d40a3d9aabef9c1bbebfdd..9aab055592860f5db9f0b5f98dd68fe338c7544e 100644 GIT binary patch delta 19420 zcmcG#1yo!?*Cm=@jZ1I{?ht4iPk<&s2<{e~;0^(THZ;LC1lK@9aF+nV8izn|ch>~h z#-|~l&HVGvduzRUYt`Ldb?Q{zd#h@nbE>#p9n6VSEGIeT|QUT0oN=SRZ3R zV{_uIM?c7@Juz1YE)j%nk4?eWMW{bhEA0ZanLYr~%$3-L`S%vv0y}RD6Q8WvR%yl$ ziCdash>~p&s-5AzZfu0fN1oi;(3{--vTMt|O_=uD>95i&)??kI4TEWUw5msgVmm=J z{@mvn^m180gImxU{GFoYUz{%fEVX_M{rXi$&@&=!O#6whsXY*+Q9Miht8L2P(-e^s2-?cCN`rquD7JRx4nDJbkPy~+%bzkkj2YykX3Dp7{E6WLu z=I}9!6FNR}FF)-pY{#DH49iTua}cqS&XT3X7EYHExblH+FD`?`VWd_(_D zUWkt$lRu;E4(2{#{#E_Fab>hVw_JI#d*L#HZF;us22ts(EYVeUA?f>ZDiBL%- z*Ok;pu4l8pxTYIsM%5}FG!#_)(ZR^aCfj%p6R^jax5!+&eX*U(@lf@d^!gS7baFeR2MuLG) z26xxcCxMY3--h=EO*!$u+Eni>-0O|N%Pk6kg4yR<_5R%wion(o|?M_iTZ08(HJhKOhzj3GQ8`} z`qV{NZJU_hwWHxwWwW6p3ehF-{o(-_y=bh zhWxP|gN6($kWZ&fqpMonn2OzpaB+xo9IHF!+VO43B#w|A>GkX0c?&5*Gt`fMs*E&7 z$i!E+AAj`R#PabNJ#qfFG%G0+J>^&Na_I02XO5KdpP9Xns+nJE=Whro6q7esJ;w6u zzhz5yi@aQn&#Z?qPPNThcIW7CCY)kZ%r}0vMdA>?2C4s+p`X_jo_rJnByTWb0MCUp z>L_{a0L2Rn^^3=0Rbql+&>T5;A74@|n(j7wD*0ESD0LrubD_|xaq`B|p4PF1QXK*nS!xW1!8s?e=#lLbQE1u6-i(w%5-J<%A7c*C64z~I{aovcLU8pH| zB>kDs+wwFQ@3qTZaE(;ayr5rL1~RYQ5ns!tz|7=(re6-rHa7aMZqV@e${W{dbjLvC zK`Yuh%asOx-vQUV@%GUHZlZ&Tcg6|a+DvDJE7I*#X{4?AJ?Ck68DvAUL_>Wq>a1KY z^0!BC<|4l&!KE8TBDQjjxetX+38GzwEI*1#@&HJ1ml=L(U zK>4pytymUd8dd%EYi^Jv=(VI2_bYL32|kbjA3wK%Ac*fZADp)ryvfTktt|+_D=BlyTlu;WIRT@%*aXqy36sz`Ye_*y_>QMG0HbwhK5XUfoS% zR<+7g>UkB!tSKKbmLI03mizho_Y*4~#c|g)_OLOlRO@8EER<1+BC`(svB-D@(^iG3 zCo*co9~LHi#2l}lF4dhs&vePSI&gw*rpe`~6`2=k=&;M?)WqNFK+icyd(|3j9gmq* zv=Vjijy+*|ea`u;^7e`YNAqS{Z4@y0G-Y3P`Nw_w#rGRtQ!VZZ`xI4}0!Q=f4ZU+H zX%~Bk25%iclt6YNNh!0&!ixZyd>`Kq>&46y7=0Cm+fl-?f!Urv1q=t$--m5>A#h}1 zyg@ryo3t-dMdEf0rCJj1o`5k=x|Tf0h~f6 z;YuJpN#sQw*y{}fpt@1Chw-E8d-?VkE$Yj`NItR^A1; z4lEPC!nB$#KRh*K)HT@>>BoPpdDJ-@WlVZe2>+czH)alnaYEh|(j95So-NW@F#dcG z6EO;8i~YmAC=5gHlj&3Ia`=oDMc?7R#I@)P^XVh`(d`}zT&u&wgMU0CPA(bhat{V( z`=Cd|2M%{Fz`-n#nDZDC^XrP@-cm%|LW^r6bkXfdDyw@I|EnWEgbMN}IqRx~=*)ip z9qb)u{6*rX-e7I8?6_mY#R_Eg#Jr;x$tbwYpDhixyE@xX`ZX?W5%-`I^-CmML^IWj z?M6g-k)Pu!MDRjQVf?t{Ls`66!|~U&-Yd8Gef~w3+`=2J7uPjCL^S>PPt9^cWN-^b zRYw8!zNS2n^<1_zF3<SvfT^c)!dxtp}W9!iSTRb-6TqH!ao#@hDQXjq7lZJ2|TuAr9+XxZ;LLl-_Psoir za-zr`w@{5bXmM#+j>F3m_8;>i9R@2CY_66_;V&Kq!OoNET7+TIkaxOthO*_|<2xQdqmY3Z^?sO17SA&BH&I zvf$rYb6M^&dLZ0WBVJx)9heVm4+51b2yZ`<(7vRn+l;i00 z+r1EE2tg9_hPY4%DM+ZlIABCRca)3gLcOnjsAY42VezL3lJtedP+Xs>Q@SI^B8J5h zqfy6_5HGG%xFep?^_xZy!c66!YgLQJ!z##E&qlNK6HnMs;|KD`h&4gh@jy8Gi$C{- z1G|S@2#w=kup8;K;({2U;-$w@*YpZ8`hpjw$5h6zO%^s9I!WnZ$nF;qp|x|6-V*hq z5A4$>SY+w=Lky5x?`zaP$Vlc2pZc(AZMGkRtqg~}++g6$XyXODi(eo(7q9kwes6$> zhVAr;;i3J?FCL?IO4yH~*Dq??^!snbfYC(uOf(b+PQvSR}HbQxab#D$k z$Gv%72<Y&u-R`kKiCP-m1F7_1$$({i1fv6+ zaEY!439g8axmnLLnY_4Mg^|KFl`d zr{sxO+&w$1bMNE*GL$-g@_ZZPl z9PfF&Ck@e6rIER_a&igcW{XFn7GRW4SaG>abn+o;C+s>52xG$4g?d#};n-fxBp(JF z9HpT5)b z4?raEC>_)s=*ax=W?|A_R|fH4FXgUn(E?{0*CFUt{#p6m1{Y|wJYaBFtMq4a@MlPj zK50tBmtbYOjnowKpGR!{t$;C zw7Go{XhI6$M^=S6i|Mse#ueB;dj^6l{Stw|d;* z!S&$N=1ev*`?Rc9v3w+FLJmR)4a6M;k3k~K5fReao$4N4q?a2hgJ0v3#tq(8M8WY*6QK9qfQWI1MlthnSQMDQRMrd%hi zdsF(oHqq6+U;7pb9ptoBqPjuUu*0t%5@rW9cElzQI%SJmX~J*1U%-U6OAvNawWW*4&3arLBGSkBrR&x!QQDMDkf*H*+g$$dGFfZ#SiZ1PAe;DUabmc zHl#i4hq9j0uv|du&BVA7&!`S@n65fn4>7qL?%3qwy!u!$1x;Ufkxx&s6(hQeK88YK z#jX+&LcZfV@1MP+h_{xG8JyQY!%?re`_Y$IUgdm^X#6fgxwx_{88Ia9!JQeJG>Eo% zoiKW?X;Q@KeACzw)}u$W`E#$B1T;B_MD&N4)FK5fgImPNQXh;Th`wb%qp^oLe6F&& zM5rBx4pPaT5%9vG2Z73l=Bs)uUk2g&&#LVEJS2f|NSnp#!8@KZxV}dvUNS+bAmj*0 z>B#91PaF)fJ)`DD@#sEJ2P$!NT(xWl@OdYZw?S821Y@H<#mDBZI3|YQwAiraxcMGF zV)1_9B3^Q3?Y*DdBoXkAyEmfOw~0-y`dEM9b5Jd_GTzB{G{i*P_OVa>+|=UqPN>5W zIKCMBY53sk!2FdDfn{cq^Vt(#9AP-b#w?=GW~wKzrSdNsKbWVbkh5+#xD1z}PGj{w zUAvg`G#li#eJhx$Jh1b8gPQd~ivF|tUXTwYM#eJvYWY!SglbKgCqC}s1=OrJ!(u{Q zG&4f_3}H<94lbHNvk&fWMFc@dakiZXU4~(0Ze*5=tf^?;)kk@7k=mbK(VY>3he0su zl*6vUBdMKLM36anTo>0Pz|COX57|?xJal82k^(okTOgdChHR^W?`+{} zG|&|osi0ao>Xgb2o_@R!&#IwMSZoKtJO+hRXrRl4Mva@S0kN0~cW(=(qOX6&1Amwg z?k&lGi5$%At+c+kp`Nj+^8>|!{E&C2(_Qz|mVpR2OG9uV@1$nh9>SB;>ApFXoV#&8 zso@~<#m0m|P9?X$j3hF6%D%9M3uCRvxt}!B9(+er(y@ciAUmr2=maWrA{2y}u`K*a z?)wQ_9ISeGiHJ`&#WiaD>qyTIrOFvx5i@4gQ5JbWVV!wK2;cYnVr3NADT0jy2^S@- zr~2>>LalEB1|h5`nAERNdILkKCl8;OCOHaWYE!A*F;mX_Mu$2!&-eO-H^_y4v4D7~ z`dpkcl<6#>3p~J=yqU=sGbyBBe{RNc9S3`2a2;R7Ic)GBW9qNF01`Yq8_^~&^i_C( zDS}JPnGwbtsK+F88^;|lj?+B>dq zX=6ZmFVBuhpvdyEtr;`I>0L$+0*rDWg2_xMUYWvQpEvhY#P~Js!a+f+!e5`~uAAcB zhrdLXDV(p6t`&Oz0l4D)K(&auPz2K~`kT}$GA}pTj6zZB`jcL=QStT@q~CAemRx?t z*Y(`b7eV^N)(!Y%?S+e|-IB{}a@|8XSt^rK)TdaUGMEST*}!zcvRglPzv?sJ5SSVu z#c&Qw38sQ%*ja`@uq>J9FUvsY4=%4Rp-=yQ1Gi}s|9tR1Rsomr+((oeJ1K*EkvtE6 z4-p$;yNEqqI=0TVHlYrbgn$ir?)}~%sg!fLCm98tUMs4P!6|-FiW%w>>xupGxQ?nX z{eB}Shtfn!n%(LAeBnd>eedOPI1WHUDrRxS4-u5{5(2&<)R|rH(HOFqA_{xufORcofyU~<(yE-bv&MDw(*Gf$+3XZnpq$mcWyl* zeXiT?gEzz%D%uw)a=!dHvsvHl!Sfx{#bQ|BPZ|w<%6wn8c)r%L`2oLUWbgsp@UD z3Ztovqac}EDhLMaSs68y+kB+YS!Ks))usXwUxweZ^;uNM7+0oGtWnu_X!zMC9Z6NQ-!z(B=iY1uNi>IKH z5Y!{~--9JCxqk`g{jq!!VILbJ6&|JzVlx)#AiczzsaKz>e7_$Ul=`~CaEy|^cAQ}g z=B8XG%4C_~M}(SR!v}h-~h~S=$A-AJ=!ITS|r{+IMXDeb_(;^Bc z-A>KxyHa_fF_1U3m&$Sw-NWg${h0K$7=;k^Bp_XO#0Hgp7`CW9LNC9>+)?-k($Nip_Ef8ujcd) z8Vo-pv5MW*jll?Ihh6>spu5w#x% zGZk$Hc!;ldz~I_yej5v|ib3inm&1H(6GRgPAK%)J%@&(vmTW>@u=HHQ5jU3a%s4+E zn&-E9f3Le9AtBO(xOevj{fF@jJH&Qx>s>lIK&X?nll?Vo;e-Y3PR;)}9KB{& zAALAsx%giAmzZ@7MFkJcq}N&1kX$Q*#1w}l$Iwn*%n^^hN~W)KIFeF=Qa^0@j^C;i z(j`t;xnIo1jPIBhhEIVM`Hjq~zGnrnMn403F1j__S}jH8YQ>BC6J1D2>$H5zY4D z*E9Nr1;taAV$cIA@V*&hP?RCyV%sci-w{SV_A}|`q@y78m4^-B+{|Ql3L{6$m zUtoM6ywF(%Iv}hnVuwk7e>CR8VMzG4EI`eA47Vdsg^!0OSPeGj3k(_BMSp7U5cojO zI&v_Na*J$k+{NvOY4p70g`x9%SBPTy<+<#9<5Qq770E!W=i(f8Qi{|MB+|IC66wSK zBnUsuY1(@HYB9;b7r+Q@m+75jk$hLAGhkHoGh>x?nuJSmc9BrcQ z#Tz`zFPH*t%v0EU#vFD5yPtxoRB(jfl8(JZtNauoGS=oWg^W6db!9B})GxpZ{r4AY zTuJ1oAHF$Ze{9DP!iaLhRFWi2|4`*b5blJ*)lU2ab8_j$oL`!gI8>;Nxu5~c*XF6D zs~;$zIydN-_~%vhduP`%Kf2MqxH{cFw=LZt6b~siDHF&$^x30*`WTT3gAB0s zS>I(G+ql%yzNp?87TDHvqTFjSu=?PQIOTby`xS?}jllz3d5KLVVDkV8ak%&I;WumzLlHc?tWqz>s1fJ4GAo^|(=V(3 zaf|!CP2B_6@$}Wz^q%uU)%;~sgKgXx&0PY#4fNxY;1?XjR%Nd+{zB#7LYZSPz&Ze1 zy84W7InTY~z8y~eQGx|;{o(}l7e>{~Ql7W?TKTD~1X_vsVxtaYUW?NvDV_tkp&fcx z=$S8%qKEAjj-q96K|Ny37u}3^$!j!m*QT-1|G$OM|JQfoYBm3XWb;;mGm^kF@~0`? zbpqq5evDZ8TmUPjjs)T2%F$_!vWI%J=N82+gbkd7OJUXz~s zMbiMJ$(ylwO!mB;9;O5W2T&#R*0pW`z)B?FwGH z@4s|it&upHu!%jra(zK%Uo`xY;wFpY#Vl_*K!WrC>u^E;HQXFb(D6JXMisRG`{cnL zXh*dQj!+4dcOoxs(folnxr{a!*f4~oiVqb;3=KC~D~yTU?6b7f_8FEF247OmpC|T7 z4ZF(A{I4QTlywa`#8)dQf1V5uQ#T6B-UN9@4Lcx>?j4Lctc~m~k2uVX?7>DHevRyj zk2vs;?D32^Fpun!kNmKXXAza6=$P4WN zIAY1x2>)UiZPWZ!>7!F4y!|&jzpZVJSE`%zwhh3XWY7kngrek+#OPN)o0U~XK$7`Y zrQKv2qMZJ#^0SJjS6orzy~rqW_o17(3b`WZ@qd>`Yvo4&vkd%oWr)a_A@G`O|>SvEkj|7qaXyC^iRkkq6_$)a*Ql0P5P*K zuDd&z5NygY0VQejcku-OhLQ#bulLeV9Xq2-;sZ!#h?~keC}g#>DAh>HtW*rGQFpsI zl*Nw^i5{$nq}E!5EN0*&z@KW;r0rXm#;;3|#*A znrQWgKcZPCj92p=9sa*WBIy6(g8ug``j;1QqCq%-P@W%%iS3FWVz@N?rgO^FI7vs& znO0p+`g@5iJ#f?sjf=6M0Qy8UTj~eirAD)r!p%_}v($Wcg!QMm2xn)|3$|}eN1&~6 zgR%JuXg&4!h-$5N!yk{lZglw@s((9Bj(io!X0o^9$fiT~oI<`5zgqp2(fO6~K#f5c zX*jlqTw?p*gkfs*pFBXDS>|+Y5%$2NSz>@7d5W)%#S)SsB$1g-SJ66nEyEdpQfmMb;?S%qn$2ZdJw> zQ3Nixm~azGW3x49%;?v&r!)zx-<%;DAESE@RiA^|yQSCR`TtcY{~UJlKB=)CL96dA z_x5d>;MGDcV?jzYwb!f7Rq{_xqom@b8?IPCleVp7A|2YJ>z8`pa=v0PqLbx3-R82H zaGZcpxCZgtUf4|7ju*!iUa&O=pMO!^t_uD-`0>b-bSGrXUl?t;h$PBt*ptNGd{~-9 z(S#GRD*c0t266A6&*VKhP-^zd!!c?an&kWxZ1b~)8eKDKu@gWg%6J!R43xcP>S<=Y zNJ13WCgaLIWsm+Rkx}fme5_Gb+s41O5TY3pfh5`<05Q@Z%Ot!W02#i5d@S_eEvv?Y7Ju;l)=bVLg-gG5vMoGgz0Yne)0KLsoJ94}jRQvRjJYEu2qmAMX z)*oY0J3sa*^fY5$yALJhI5mWt@b~V-M^yl zwfcBK?*|C6cK*W%eno`f=y!awB`^$5BTrga&BUi6%s(D;;)}Wui;x;PB=Hq$ zqik#mlu4;swdFhEsrB!p7T_Z3uKNBHu|4Sb^n>OwD`k4C%#W2}Hb3x64k#9EHD$kG zI^!EWpRxUYGCF3R2+DY(b z)^Y6iYB`)6gmMWr$#Oq9WcTh!hXV-O0q@>2Gr{mSXHuBP9s+dCQAZr43zD;x>W1QeO= z{pXpd5Rf~c-ETtHB+%+WxbwflhttP()w}kwbMVzeimX}Ydi&goYK(Wyz!Q!EU#4kb zZvD5~GmakLpebPejmZo!_n%;-7;P(ibcWaU)kMiyF;*l4C&{%R;PhA_X&vzcUFi}E zhxgmd#zx=qD5MS!Lq2Y}@MV6xNPm&4F73i&r=&Qj>ZJtgFUWX4&MOUn-Zn_!%jE@^ z0ZA`DzZ@8L{|Ix@`26knQ_ao%7o>!A^4bMrCyO1FS-+niZiEU-H`Z<0(oH|@*;reA zYQACe+l;T|6(2QoPxD2YGRJEC z2NzqKuhUeoDJJyP`z7V3`#k7$(imY$rK49m&jSuaEFgA8f+yvMmWoZPFG5a3TK(ED z8H|g+*3r!V#^Eg%d;FR(^{S#|;bq&U%NM#lLmK6#<$zPtR*%+84&!{|8_^#bjL?nA zB*bwtnSj`x^vV@=i=+oi^fE>xN|VH`N_GFIPxhy~2e?^|+sKeW<(DaYm5djZf?4OG znDYa*4cUE5Nz;P>W$0N)1HF{HLNepa+KHmQ*F(^8ABxZs#dwD-SHhe$*7@wM3HEUx zjDLuJMLFn&{PLldt8Lq6mJ?L14;v}LD7qrwdi2Nl zao}%eWkJvSZyd$Q=;Mm{4ifJP3)58MFgp5sq8L*OPN4O11CUC3Szmj0g%!moHfpB| zBUZ7mjuhqEiPAAT95m^BBpf2U**BXZV!1zw0EV>NRDzif%DjiQ=utZv*`YW75S zUy24>+*%6bV76RJWJM-Xx=0FR^Dv=fl5QMmlNZhVi49MeCj!vi5b)YL){+P99Tb7D z?PD#~0-5F2uA9Wj0Ze0zqRiVM*=SiR*SKEuSf04}lrXxGOUFZXO zj2B{=UAEU9dC~=-$D?eN9Ie+qukBT%a+L&10aeVDry~5R+|&6+g~R$iU7TNB3RQVE zzInz(y~v_a46~a;k%)#t{ERt&0MrXH*a zFw6JtULYfq%UB@8lZ#&=DK}~|0@w*<>z-;YG zclX$0jo^aMm6Py(!>p4hIoj^#WvXdSYuil9Ku@pt`e#pal31HwZ8OOMRlTZB&N9%B zpeM0;Ng@c91neeKKb|K4DQ`BmB9SMK0k0q0Iez~glP9<$9skhbzgl-OFh<8!M%Au( zF!!8|}THoZ{r-X5krHWZUk@XYD+_`<+^h~obGGfMq zj*a8`7_QSBNoX#zk@>`2BsZfl{#{n&AH%0CokDC~vLL1KcWRNDF=6$kBky=NV=LQubzoKaem|Fr<)N@Iz*$}X2a+(>L`JPj4jb$@RGM3A^ zuaGAnq`ngg{Wj*G$oJ>%=tO&NiNB&AYFf=1|L2bcRo%2`UB7+gyJeIkPvWo^6mnb?2WdWu+EESk~!FLJ+u0msUmO$vHmDK$$x^VE6cG4b;+ zhynZ?V>Z36-hCX3w9K(D7SEC;*|~N>KCYr2eX2f%*1I50jZ7Qwz9;jE@lB2q->kN6 zflR}zuE{Htr3uvrTgA9awP{E*Tw2sexuR=|dbsHhq}6V!wxk@RXR)l_o4A^CX8ZNmmzx~2 z)4*%5ry2qI{QTCoHX~Xw*(LO{dQ!19;f(g3GBe>Z--#KlIbM%Ugk_fy%IdMi)+jOB zzn8h(gvUpIlbOg|WHL8^G8)P#AZmf#o)EcS-*?YomS4`Qm2we@Um>?z_WxQ+!b30# zTq^ks6kN^4_NR$7DQyBE1QokjTn#cAv+Z*u?paUXl8atXUS%InGW9BI)A@K&%*A?n zIr2CC8V>m5pA`ZuK_nwbX-RBx#V@X^HJ+ z**j&|pM@51hQ_Cz0DIyb-&_BB*{un?P}y4Dmy{;367W!Pvhi#w17DVEy%V&Fs*Hfa zc2N?$P&CS6gG^aI9A?GK6vWgfd>J^udQIhH`{9uf$^oO7bY}T^XW*N+`w?~JUW!+4 zjOOYrt16((_u6V_w#{ToxKjW!Bp4`(bqc@(eZ6|Hk$u*QG(d7km<}81+=A9UF=BG3 zQ5A7r941|qhzEbJ^uhBJ@mbquP^R&`{5dL}0X{m3$ph*_qA2#TRMEuy7H|t0&^KO>+@~@i$#8O{zI;D&gDqa&V9STHTHh9J#@E|O-DH9*D0wxv zq#r^h-e$QL3N)12u{4|S+sodexz>VfbYefY2=rmzSi-zgP^eEh=LIclO<9^0a@JXP z_%fr-gx@Gc7LT8b5K3Anv?@eqX`=Ch{Io(X*KQ)awo=HRQSP5OApXna&Y_XCB9q{X zoFJ3n@ISzu``c4&i&v1>9hO8Lk^aeHdsg&=h-W3pRDI0b20l)5n+B*r@3tc+qYmq) zvv)GJ5N>o-RkW<=tg&?FxZY+Eqv%f*_%yzBrmD_naHCK(t?10|Uxk>Wvsa}vx{WrJ z^%{DgwCyRA{;SUa)PTOYRFG%PwC?xi)?!qgwQTQ3{i-Om`}-oPH>Y~V3AvwzUhgkouIWl4|{*XIxA zXu|%`s(g*WG`JTfQD2stz6|1GcU8R?rT%FccyzBNbuZek->*mccSEY?KZ(JXYOV=3 z7TYwPp05^9eZEMOiq>xpOGR^exekAepf)(!3XkbQfcQPA{zSmzdw^DSYmkMN+O6|Q zL=$*L4w(jGGK8DGib3QM(7|Wo6=|p3`%8ND5egX_#=#Zu+b-_qWNHP!m}K&MAi4+C zdw6sYSMmthk@q7&io`b#e8hl4M%RM=_%%AW#D61F{0}v)m27#W;@dyRwEyQe_{Oiw zrBS@4LbciBj;NsQ^)urqz4h6Uo2DfEIY1uNknpa`%UG&I+w3ab&M0P=1Le&H8=Kg^ z(tFE@?M6;nwG1DkT!EcLIc{*RxxHG(RSw)gtcg?8nA!0cGj~|6IaYG>Y$eXw%NJ~m zH;lf0E%S*_$r5I>v>T=L+#>`I6D8DOWx_D!JC6vh{loy{MEhR^Rza(>p7Y9wJ}fV# z+&zD>4Vf%BQ**uK)kpE!;7nTL(f?57gj3p%2=m-&H^gdRD)@X%2IJ3LK_>kcMiS#` zyeS=5>5>nwJ3CerS!6H5Zj!v`0TfW9EJ5&xCYsS6<2omB<>1wYL_9EdIpXcC5&8iW%9lRUfa>PZ8`6q9lb|+IBnVxL$*WaQ zwOd-M?r+_st7Xk9%UDT93jj9gUCZ0DimlIF4)VQ5x6|AO<*Wk{ASvB+Qd76@{%<0; zhuDol77`I~69u1|FD4)hQJUc7gJ%exNgWJMYQS3~4dRHXmwr+?6;_7>SxjURS_jXb zn8&b2^qQ;IJ&UzO0DF>@1m_c*7?p@XUB)r`uOt}NGWk+$<@rt|vd|itZ&DPT?CDbc zRr#neeiG++%sf+j6o0dO<)ams&=xgY&=~z-ma~oq*Fy&;=%;Z3sVZ|eA6^&Lb(E|d zmq^<(y*U`JCsCkwC_%Cn(yjGNpe;fCH^m#mk$Pk|=JmV1J7VdN1!MfO7c^|a)}1o8 zB+n?VOM>Q&A18$@0-hr`A8;nMF9Kdc?W0KrOY2Yh$<*d&a9^v}y1jfhU4d!xQxI?1 zKGZ?dl`?Di6RN1Bg#@0e?a#`zuZk~g>FRM3_R4NYL*6}lM_#DZdv_!DbVDis!&4QD zpW$D=`n-&$^THlB4W*VmA_1OK_%7bl#o=rB^?Zjj>Iz4r(HlgB#9sLAL2|`?7bUV4Buy%_J5-L zWfrNLB)|IQH&m%ge5ya*tW_^lP+WMmM@AJ*V&}6%K#Q=u1UfW zNxn?)-DM^g;saU-?jeb)=A@pm&cQJGQ0TMe{mpEqe=r|f?q(}K~M zoOn=mv>YpbPv~9Xd3_;kCuQt)0hN1xR9q$fU zxA8f3#XiAkhN&8Dx~Z39#omx5j91GW0FH~J7^p1F>$vVw3ldJ|&2 zr~kmil8mA2D$2qtxgk8FBu`Eo0Tic0R;jN?*J+3Iwn2)~*4v^8@KVs56W|=qW8?j- z#O`*hR{WMQYI|g}ZU1ha+nP`Dn{}^(xCP zOhITAg$xJNbxnP3c96b0tyh6}z)NkrcWio;e^Y z!Zi$TdplQ`^loL@&P3N|^Ozkw?zUQ~ru7X$9Q~l?`QHf}$wLkpnl63ji)bKd)O>j1 zMsllzj;4!(VQqTR^NkWc^YN$Z6E65wG1T6j`6 z+GRTnEDxDWZfwA@8f$j}+?=1SYjlgJQBEx6-BL>^ZNbPS(fpan93H7aKXbGGq?YSL ziz2U7PHJ0NjK+>_bb#*KC<dU;uU_IE`bouV! z3H)glT_z*(;H|=SF|F@Hsz!P4i*|wR~ zBvn)t+}-Hq1^F0uB2Bw76fv|(DBD>=byx**0i*R2F1bX8G^2xd49dkK_AG~Qo)L;I z%Chg>P99cCT-On!oK^9^$wWP?$_dC+)VX^~M>0BSa;d{8rl$ng4EMcF*7$y7^ORkS z^mYx31v=LkYVIOBK9%ikzPVZ^3@xLK3m4RGpF>$W*Sv3P9}7~N)g+FQ8^&#>n}&}NVW*rHzk_9A(WEA|*v zWN_Qx9q0!799_4=^A4O_5itV+7i?XSNhf|h2H6-GZ=$+oY#ak(!^NP7+%PHE%}z(d zib44wo-yg9J^uvlv*TW0Lxs&w*9XWbJl1|Gv}wNC_~%z+%fPQuPtO;?j$;Xt2iRxl zMkL_WvA-w+2<#$|H)REYA2w0FZ&U2NEb0uO-Fe4ooDi=>=5sp|EH`FnxPMJXBxqi@ zi0H;PXg?MNtlES+$N%H6$hL2(ibHTzP$}OMzTwDsVJdQAnuY!IZ#*crnD0x?aAbb{ z*6%^287iS7Bc@qu^?f{M;^u4jRReN|MH1AY&7&6*mZ6@;SM$}~Q zy}mpXBH7MpK_~WFbP#joQd=p2Ht@Hjp<2pG3s3%EX(GF{I3u}uAfebkplU|D zGS}UFRx;)Ot0ReL-H?BMm34lA5o)q4GhsJk2h~wK)V^~~2H`f-7m!`=a&zu~uVl0} zmz~IpEhf*M_N9R87{*pNGTM5|P8`J+uQTcVlCMlmGUEjHq`pt(|HC({jQ2;jaw5*G zgr!GUIkq~3(NpIg9Y()LDTLpuFKgNfaznS0Eq=ZvZ?!DX@HP*CZce4yN z|2YwotJ``sFeX`kC-EEfMkv(_^GsJp6d?R8+t8mlr(n`pFi1mqN|J8;v73@i6X1#| z8w?G%MoIjBZi0nktFoU^`0m89lQjLdiC?y}Y!NSRPJpL(8pdkboRxkP?(D|aJDtO7 z>6n$?6z1$k(K~I;Y6<(GR$P;NZB%vura<%xnn)_z zR}hsBfYiUB(^DlKK-}|%o}B1VT#6@O2CdTt)q0@OA@Cp<}Z;2^2Kop+NM)X{rHEH+{fQWsX@Hrui zGqci~Li*1Xp%`9Eddq=V1LWu_##^Y>L(ZAsWWfQH9YNk4Z0+BjmN z)pHe$clv6F-f62z&vpTCp+Rte!RcCrJs@RikL2HObLcW(=sNN=2)s{C0T!el{TUPrOZMx3o}haiinpEiI#cahV{tbgdF+T`H z;vNW}G0O;uXFxHI6h2w{ix94*&<+ObCaYi(2Bva5zx7u^{L+pE7AA)-V-=dLueXp537ohcC?=7X(nmEU3!@9@6$m5MC>0!=)s$is z?-vMToqf-*Vv?IjEeFbd=H&VT=E&7RV(J|YMF6nfe9m&odU11T-PI1 zz=;s{r*}!90|1#kw}mNfrbfmc%_`3G;}7$)>xb=cW8M6|BWEK%X!CnYQO@V<_XT;w z6MIa2r{r6dkKa$^SJd2FrY-f!k4M31N{^NS=wkToVso$Xk}?heFOo_R006=dGLL&+ z9N=5siu%Ka3Pdih2+)(h9sro35ckIYz&oYA{X-oRNr|5~pXU~P?%|tH(D%h!CR>ZU zm)FlUnXM@!#(LzR~0G!^yIIO&(vCRd-C^ z=pb|rI5j0h%%Qhk2+^;!k1Pq3V%_o?GVH>ySD-9$y?cdlBU81DbEsR#of4C6>|)s6 zXQc`KdD1&uxryteVYtz=jfm$`66Xe6Fs%9WH?j<_i;GOQzO}%FVx30Kw!3qz0yFzg z8sOX2*(Yvrm-ao~w3_jmtnvvr{pvHmqUt7#5}Xp7-6m~Y$|7CL{_&al;)&d<>YAmJ z>c>VUoPxHyZU(mdrBGeHFB3DUjT0XYs%shwt7k2C^~!g3c7@B`wM(MPY<9=r*v^*f zddm^ZJKCQwo==3=?6S`QimXU4vr2}-Yq+^)mP)OV%d$$=!vFk_9b_wVwO%axc4Oq0 zso@v5t#F;4CYsw8wWYWCqFbhGbe>qQe)tylxQlghuGXu?b7zKaxmsU%@mRgI?aqRBl7J0Ql z1`pdg?R|bE9^x0SoACjgP(5+VXr?Lvr^|@9vcU6)ZMN5;_^Z4-(|xBuJHlS3$GF8w z+NQ<*gT%Z8!4+)hAF}Rg2?wrRaj@Rg%2&bu{vmjR|HrvWANs!vym>j@@GJX{=^MTR zXASH_h5k*ppY?X8(jSqB%Q@^_e`p@^7p&|05Zp4K4npo80gMn z^qgLGoV{#&+;{dYM%Mbgt6_=L8Go_|Ouzqw-B|A5f6-f(jE4dkSRD_E=J9_NGoHxE z%OtSlPv*9ovs^a}0FHMtMgRZ+ delta 19627 zcmb@t1yogC+cqj82#6plAxL+JASED3w;;LcPHEV%=nmP$rni(R-AH$DItA%gx&*1S z!RLLy_Z$B?=l{n!-xzaUd(L~tT5HaA&Fj7wi@jsY%VWwiTp8sy?epd!l0lzgdeol= zY?}EUrIr;reU1?Whm@8xt>WJp+DvTJB(}ujK629u>Bd6V9Aq5haE}1lUKYGeTwBkZ zR8z5~`Ae|Z5thM=`m0KijKv~U6^6nD6lBnKz+h@3i?> z#;m}hUOX?(F<9OXWt4}f4@1<+jWr(K4fK1E*-fIh*Un(2ZjmnI=8JGqO^-J9ST1fw zJW*7mA^gsS&T?%3r_$8zeC$>mEphte?SO=2rTq~R@z+w?s_t1v{+|z7Y1D(f%bd}4 zge35r3W~q=0d{J!D@VmL}Gn7~gXK zF}s9r=h~bO+ko$tCAA}KEM+>pSvGm8w6nKx9}n_ip+ykF6Xi88ALaQl<$3x}`1f{^?s!|K zK!9Mk#$1!S(OIca!`^63?NwSAeuM9KO}>8o6FBR+IHf2$CeU*X9c4ly05CSfR%MQ< zw8{$R@M0>1cvz)-ASg+cSx#D7i2+=k!5wN1TxL1?DbCIm+WDbAe&Jz{;=Z+CqW)~Q zf0?{PgC6xT=~RhN*f=^~Lm{KxRVW<4Me{Vfq@HFYJL=%8>l~ZKi22l;QF;G zFJYiv_13($0VKNIs(}7=PEfNxAgB8G-m#)16V$a~knoQnUw*VYP8yJidzhIJV1_O< zRK|xTcdZ2tP7GPNjI?iPyDa3WWZ8L|`{&QWpCPb0?Lbr~Q>0{S5N`$O-0F?;S5Ak) zMrKl)OtJUNlUTUM14eGP`dgT_swVFwY`E&iwf)?_ij{77dZX%mT(%?FE}8N7+9~hR zHf+F~60!_Mix{h&HO>Q!9`QY<^7Mbn)m-P~EufgGe$=Zn))*<9UeR$KCHAbE4r)!w?%uOg46nI)%B;~KPtlmS(FHW#~4F*mgH+G^sT4rIRPtv znkK$m-KBkigf3d@UiG*y9$NA#R^wz5eK>5mO&{acaTl$_oQ7YHQfhUj*Eo8PpuOZ= z_T(N}Yv-^(37sGokX$C)T*9L5hNY#xnq8@0N!mq+8*k&+3{J1}r~0JQ2Hq;d_BPE?n`p&W*0tYo zJPZt9eELgm{T+r_u&y`pBOJTvFnqFNFWMP4qE26wK@`Tr6L3 za|&>B$1l4v0JQVoD)T`4^zY+!2w5HMqa!;lgVv)u$VW24I*=@K9SEcDx~QhhnxH!P zl~P{bc%;tvm7zZ@Qpp+5g;tBU;d_*t7SC&9Smn3;G71RBReS2qTlwB+y^_k>JX`=W z`!2D;!xzn<{olXA7e_aZVqZ0wt96p(67wJ$*7Dmhz_sN=7Hf6G89xZw%7O2QPpQMMIrdp<=v3&4ft0c>vv3z0F@OXYr8d~VEYG!0!{M)!9B39Fnm;)LdtVIk z*ciP87Ll5r;UX$aLhbHJb;M_f&o_lSe&C>=D;@H2;j~jV%Y*Y%TvdkMqxT7pIe8D} zmuyTa{ByuhTjJp+j_LbIix}ohw2N5Ht8jrNjB6$BIhI=&{wtgATVZg0a zPY_*vZ3f1MKYGstq60O~KXQvJjVR3|kjBQta3nILn#%vx0 z&!t3M{~~SP1zR5!8sFB(I4~?~enw>cOXHNUec$bXULIv^%)vDfnPaJ=P?E*QL=K1- z4Ud7P5Qq#!&b+Ypq*-7aTfqXjaAg3|dNpD{{iD+{-BugJR1cCjTAX^mNtXXQrPQ9Xxlw zHlWpYQyuO=yeNdY6R)JwOyv?E#GMQukFwn+eVu9HKbE~|6uvH)X(76>OaVF&H^*^j zBELnL4A!0fhg*!9&q}8em0FZ{6O{&bI5)T(eh$p8;#qzAt{h;?>p$zpY_?G7x;do) zr7G(KcaueVFnJ_mgy?GrekjU!jcDi7xrqz|I-@v*ml5Ok)OL!)4yE*FlMh1-4x}Eh z95`{8p6gstaMIv9oD(>SF6f{hvVpd|V@Z%3S1)^s^9ffHHRcx@V)og2f^IwWHIJV{ z)W&F0@{AWx7W2SVK`n#O*Cen)yBmP0lAQVc$??3YW;>~bn?5hI1Z&h%+C0>8|vv7EO556#Nl_$0D^6Dr!_w93~z4mc(8@e35=V2i$XHM z?7|n3aD9~y=&Fsm`HO+t*nMOkbkAm)lViBf%%FSJKDjdv!MV~whS^@Q4*-^G=7C>3 z`f;p`bqYTUJ*P&yAu7c!wJ0-HOKm~+AvIf z^dl44%UzgwRAg5k-3Zq3_Th#j2#lrDF%>YRgbvSTo zl^wB2pFNRdUdA(6m+0>pPc(wd3ZYCrbl{kr@yx7tr>+)`^=Ss`Q@=KwLM&d+(U39J zWMqKc)y#_FT$-Zw8e#F`+>%wvqFVEj7ma+%Ol<99(X9CiqLKEDNi#ZBX-z@pcNorT9aeM1|s8G z7{L+^&WP;j>1$kZhQ@ifM!jxaF5HN$B@zb@Fx-ClolJ$;F9X3&I#dhjqV7?34RG8W ze3;O-UQliV?|LX=-8|!t9=61<*&oxXbZ_>j-U%6IvrI`ET<(3xrhD{{du|b9xM$Q+ z@E=GSmU0z-0yOG{{^*^4&`L=&}M zi`toZ;()1BkB0|ETT}|#&`Svbq}CC!(3I9T}iG7?O8 zNAF(LvK(YCaVZY#SbBHOMMD_CPKRMt9+<=D5{tsef(dG$>RH&6;?y{n2|<=A_qrDM z`(D?E^LMnrk z1vQ!zX2M0>X5_OXBel~Wz`i+5JiR&UTy-h(nFgoXc&ra%!+MmVaOLDTTp6H8qE2)x z(7EY8q!**8O*7^e(YfR({M{L$dim|Qq5PT3pR0(zSul#-eBLvzJdY7%=Vx(lQuITBrhj=xY$`!@oqfC(n|J;8g~Q4 znFoD^wqSYk6B1aYSxq#F!`4HX@{BFHsL}=@3`_Y8i3j;GMES;SwO9&w@#w;FaKR+x z!Tx#XahFxF2jw~Vqxn9!aib_cjVn3 zYHw8eG9|GrWO(1cNYajgY73P{^4Tu&R;I7(|F%ImUYY) z99-jNfy4RIHTOb?$?6?fhuB34-q)n0_(Ph7h_7`%Hr?@YIOFZvJs~gF;F))f1ksLZ zZy3z<5Qn>j)KNY;sC#CXc27t^`SXsI`SXe6IuBE2E*wb|*dkeFG@QmUfn#Wu_V`&s zdvhTl-t|2pBd!H_o;XGfJ4f1Hy>IluM+klbiNh5us8jTwkT9VXTNEDTDfs3SIx>fs z0s3plLbf#sFEf$g2j5N!9ofC?IbWuUbVi}p4Iw;?Xih-t!~7b;#h@^hHeT3>T#3S6 z^lt#~J*c=$W^;@k-mm}uaZ^-y$+;((4uGhSNcY12Ef=3cTXM7^SNa;*3lZ>A4uCz( z{<@QE(i?xNhHbubPqn)7{vY>L`yp<&QYF!d1AYp<*F4ag^qu6{>?KBAPqfHgNYM7$ zHKWRHCtJlV{V-0FdxT2)t(UV@zn0Of;~SFuI(_`%_2c?;Lcy6Mzcu1Tz&vkzEr@!b6AeIA%cTNfnLpw z5OsLRNGox<^?ek_&JCp8$8p2Eh8y=BgZ%o-u?$suUsi+0a1LXydyc`dH0b}53}nWA zAIQNP3KZ@mx&5c0d&iQPxcIN|b>86e;H|xa2~{W{{K~=v*Axy>Iv(`oxa8UkY6hA+ z*Ale0cJEmp1HX*u*XnR^&ac*~)eUPT$Y3~e3ir}?f!nupPq94;?l>alWfE9Js6yri zxxv9jq!RsoOm_@tjQ>yZ<8Udw3+hCN#kuc;I@sppl>4Y|xKt;FF;K0$L=hTs-F}7$ z>yGx9>UM?r824yy>(ei-4i zu)mWs2v__xvpFAP-X7(kxpVAfHs2dXthRHUX=#2(Gs4TpxivVNIUnPhXN#`ciro%! zmndadRZI#}m+1cf=M;fpguCa7qVXejSmLF?52FX@JJP4%~|W+ zafl}d`*EFaf#+Z&vepHyOQ95H=SLdJATMz!#f*7|Z~UXrgbXd-5l0*v?(?ucwJ4 zVRKJA;9Oz=9sa13OmsNT`XAn571Z@SMp`($IL)G0V(GkW-CWUihLW@cE5~hG_*8Mc zi*jAQUHZ;L)mH9r&m}XLs5k|Y0AlmxI z+s`vCgy&b^b2nJk%YnI`&6*nNL9qJHB0~5)CU_CvL9HZM)W~LH?j_K5Q=B=>W;@7) zIFBatSz}A+UWsbq-Pv=%s$mQWcWln7S;o-yh7IA8o(K#@p`@=MWa>WTi~J4#OHQHK zRF6J^?PG+?@zu&ux;6CztTWj;7i~y<@gr_>f=BYp064D5setO}U9-%TBwXg>FYq3w zHMK$zE+spVnG(!jcqt-a)%OSUn34nt?>)BU@>&Ze@#nP+;5gDX?&F!+z_ z%nC66#)6|S5wT#+@x^=|{S!im59qMDwp47m^-Lc?+}<-c^Du8@a!P8s$OI9u6YtY0 zQ6ctMwlu!Ku^{SSL3GFD`zwg3(f0&(I%PMZ2$BTbciG%2B6IYt|2aW~^hSqDKXi6~ z9k>3ue-1qQ;7$~IUUt0Qz!2zj;a(KuBwHpJC;M}g=}DTp^q3c5_?iY??HXdat!e|q3;M7a}+;)wf1{P{$Ok)J!)>EZ6E6V^LM9P!y7ZBEj<{*HYkFf1Dx=_nh2Niy;w zW2;=Lr1iNa(sfs#x8f|R_gufBh=#b!=l#$vN-?x(M=IHCy_1(K47{M)?HYUMk(x`y ztpwDp@i%o|W4uQiDNSqv!F*db{@jqeY%!l%JCiPMK52h?VC|gRyP4jeezq@I%I}Vq zt$x`Y-~6z4`N@x9qHpMjY&f3?XP2mi1E4cq=;T0vT8x80QUGfIr~j9E`2RKyLv5bl z9t=7@jc_C^5vK*Vf1dw=N#m{`|1j~u96i1<0NgP7fj0gxXwmS~SI}S8MAM7@nusuN zxj55OY)=1)Z;ft?ySp9a4}J?CNC1s^39YJ)6yh`KG!~PySCswl~wxRlIK< zKJZd_&wri9^{HF`q+PB0(rT4r1_#>_GXgidCzeXbU+ht*>o=sA%S1mygdB-=mM9Q! zY(_Bc4gg$=HWLqIgn$Z%5+C3hwApx|>>d!kT6*3X>S05*Js3%%G0q zXZU*wAQLYW^?qL1{1gt(#;g(NdsFJn%RLRWjnbZiuIWUU@O#=+>DeVudVcPoz!`U` zRA<$*s(OU1Vok;}TXM%oOTnnwmjXJG!>@TUK|z+6(Kqu#xbxqNahs}BO|L~Wl-|x+ zSLH~zdJ$UXTa8`V!hP@&NIckUVhJ5m`xs zCOu$$1l3}RH5~{%c0@{DrY2a%(+goiJg9B=j|qF#Yl6-}+EW-pB^_kZv^SsX)n6m) zArI#5*1wrsx4%^Pz#gT(j!&AF8}ZmdZ-iIRi)Kb zHI!D(RaAL@tkR9HYKW>z3$OAHIjKNlwMjEDz)A%Ipf~|j^XubFi~}(h?N@Tu}|h1ibV%zP3n7tb-0>~+T3>p-y#=J$9MyTm2zpMUT;vjgkDHn-mg zNTTfwA9sf;! zSihI^lr-#GDB5?n=1?cgD1XLJfG$u-gD;g@Nxq@IT;>-JogT^ZRIfcK(p=IOX{xkx z{PH~zSEOXL^`}ZDaqFRZ6ZCujNJ)m;r9qQHy%)CQY5mlXj(5{qBL$gJY7$;Ux9!xOv7a+}V&(Ga zPEhin5#)cqP*&pci&y2y<&KW6-#WPUmW^7jx+JK+C2{>XOx6n(Xt_@uYF^FA30h|9 zk76}s$GOneQ<)t`psgorj@UOI5%A)azB%4_``mZEjH19ukl6IKyiTNVB@wncTYZmC z>Jsal*8k_74d>vgs5sO5%jb&XP^A-eHvl0AjDeT3Kc|5piqYSsg9RMRO;7qPzZV5J zsi5~P(WZy+AoNJ_c5zfvC+PB%va5>8&n4wl0@rx<&*Dn#{e4|qxlu{IJ)c0o;=BX6DBOzun-G}yfloh?hMS}y(=@_5Y%X9s;Zw!@1k)S*>A+7jc9JnF3Z zqdcfXFZy#}?K)W?w(pY5Q;dGU2T^FGjQ?$Na8dfvo;&}; z|Ngq)P|zGbi|fgjnT1T8Pk!8tF%>|An2Ss9v`c+M_EICZZ<8F^t2?0Zl~cPljW#I! z%nZm#@|k`jI+Hj-r9gY`si^ZS^`x24>XnTbrcQ6_NhqJyjrG{>) z*oC%C%e6?Q2FqCQ$EibJ+3KvXTCaBCItMrARd0rZ>_31NVq*IaxdcV&dwSN+lgTOL zS55v`Bg^{v#xxVupc&l&D)1Yf1PFSI>$wQYH3!&E!iIWyUM!ol2e89ah(2=gjDCDJ zA42Kcme`>aCfzIn(fK*9KT)(;biuoYX)|>+Su|asP4n&;u}SWW=ZslkOTwP7AG6Qk zj6QUKoUO%1I+}gVI@_Ne%bMD$vm`2vime5Ee&bxFOt+Nbd#Kdnk;S3=;t}@bM}HCA z0#RsVCpx*P%ne~b5$llQPl`@2M_*ND}V z(1%WdJUtAB^`aBu0kX+Sw737&*(MOW)QkQMdeeuF3;41Tq(T3)_Wo>thenJ1&!JBq z=wx9}v_o{>Qy<~QK_$+|@^0LxLsVk(x-dQtgVq+IHn>e;qZ-fV{fDW%&Z&Qi()W=9 z9)ocCrVF|EIPY+GZAW!KUpgCP5C7UvpB@q158eR1-5x3kV%-U8azu?0=k>}6;Xi*s z+H-}$I@f~5{po4(E#43RORt=M@o_o1Unvr62w?txeRf#(TO-#~PiLwlw3lm&X1!#kA73(1IV_1UtOYcx5_sC&9upmI7IzQp zioj}l0a1rT?*+&a7`B((Y`3K1^JLQf5qW`fWm4$-i{_6-C<|@g=MNCB-qqUv%1vv= zd57!D{)((%CvJmW*r=-w724EAp(mcn&#P_W@MV{@7t&*P{?FdjVjExSkv`6lFK7dG z#OoWj>Oqi9*6{!;<;U^z)@_gKOmWTwJu8T>fJx!Q&_A6YzjZDS1hy3ni;8y>rfqFjdvr=Ug7hUz@K0tP_t*i@wkZ>s^cTa286%^Pa#eh~qr$d5gG6jkKbU_uTXvdwexKUN? zL_vI|{HID5#{YGU{@rY@T$+YeJhPoz9-vrI)diOLI!2_9;ZE0g4T_+MdM5g%A%`uV z*1{J!r&ZKdc#*(s$K|dvR@G%Hjxk15i9#o%tMEACg&h~Z3U^i4M9Vm?^L15RRTr1X~8>i=Ysf1!M^nVX}n zJEZKf3A0bzs!7qArtiFN9w`;LOf+pt{u#3{TS|LLXxy@O7HQRz{4W6bL`vxT=EQJA zBLw~VWRK2oF`?Fj=#EIX&^g2paH!}+aF{j+p{2Z4Oy-575+J8OJm`pJe3hllyFbdG&TuuwY2lm7QK9sYDHU zQIhYhkwLRSez+0#lGulhHjUT_aPcL(i7V2isBmzvrPuxb1{w`{oU zy^IkovMqL0jc}FXp*MR;{-|W0bDpR)e-c9<$Ds5++~A7>BoiPte{4O`t46s>GA;So ztSI1F*SCkpGsdLG=_~AE{^2B?^yQ-HAvCEg<;4p!oqt3=MISfpCI7K0L+pdcJ%=lo zZRe6aqBWCbUhhjQKQDag0RD6swi;bO<(wM%5o>oELNWz=kb^OJJ)`OH!suFXx9YSHvd3VkWl3D!#WNq3(djBaQdVPk2yKG7pbaWV9 z8NfU&kr{oCPmeKDd|J@(^aSJzL(6u-&r4&Rf3r<5_mZi;TFw=O{Ez8Fj&72RdR7|d zd=_%`XJ#s|+CBQd(&nh&A1K4diXH32#}pInvt4Z3fBK@mYOM!7$g1xfSIpeo!u<6> z!WF+DO=UjlC;fy5vXk=%8d-A@R^SK!Iy|2lvQ~PV!5RKi>I>5(k5mp5sp6<*gtU4$ zMCtyQH&snUy}$xt;Z4mRP57CDC{CniPZ3mq{=z3!%w(;oY7?QO&TS!=rx0fmA*{}9 z#@y|z=J?YTaa%^|Ic5$n+%&xR>e8n%2jFJAqY73x0M>v=_-zmejY|t{^N53j3Ep2`G4b7{K)S*>z}^Z0|Mvm7RaGqZg%d z$hKryU!F3RdAv2AO;mU;2bFnDO^2@M{sGWb4IkS_!rELZZbGkoLl!@FkbQ!er^RBv4_LiW=J53D z8%H$h8}UYB9A^n@fniHtxC3X{T0UJRpp()aR+XJSNKZfmHy?Pp|iv4F=l&p)$m zE9yQ-Q-ac&S@^Ov7o@;R7pf*}tqL8+r+$1cu2a;-NUy2lx3jXF4VbNZSZy^RG`_92 z3=rHJlIIas|@7&%Jkc3!~~K$ zTl1OKi);Fm{~t>nlrsIkR3(xF zTp`u$Ouw2ap|Mlw0zgYf1aX9FDc9UPTBu1ji%615OyL_)%yu!R1!BtTKW+Vz|8<`@ z-r|&CMNl+XA(C&?b8IeDKL0VP)9L--lt4AF+p%Cy7OIf6lF(;X1zHv2fhHY9oCQ@z zWY2_W%dn!z?0WsEajuw-& z38p4oA9V?|a*ZT>H~ehTVa3^3DQ;pGsGWgb&qAiKW%~`)+>!sy+b>LM*j(yoI%;Ro zTTSwPw5^}E-%x)4^D?;S0M*5YzcW{t?GrZFq9&!Kq(Yh9^i$GNM*VLsKfh*(cixyWS7hwrP|pJ^%EMzs(dqI*H4V74{ij zv6*lLg-M)$7dZYc``w`>S}P|sxLfFt%yOl74=a}yIOYAmtFc|>08cq+&nheI-Q3mA+=2bBcU`PV=D|Mv z8%vm%whHx$zbg?FHDh5?z*c9`<;#yY8*yzLRWx}jOeSfS*k&7*{SK{?%TF`RV*R?P zd+Yl%RtA&~HNWSvJ-Y@OkYnw*<+KB+$>@qLw0Ns;?Wkf2N{mvxs z>@!XB>8{niN&mM#)bGDKuDZ{U9VkSUs134S=Lp1ZH8kU#Y-PVC7OCGFm5OEeav9Bu zq|oQ$PC)?U9bn$U0|WqEXUUj3qlv|O(%W2ev8rBCYDOAyQOpoTju|qVEUgebx-08> z;n0Qjh*Jk|Y4JLc(-< z=L4DHx7s3Q)GI6%K2kNMy=R2TMOO(4FtKc^hAx+dBwD6n(I@I;Zt`@`U~?7xOvBg4 z;I__%BxcU|S~L9Q&bf+*@I|}tXx=X}683#b#mtxN<)1|L+l{g;WEVF`rFqCxF)dEx zFXjV{QibjV;+z9D>yN714|5y$es}%Ocpx>u&X)f=(sSVNpNmdXYXAEy1^?vRAIMy% zg2sPdyW|||qj<^ds`(btEObk9E_;r2t|l?aUWB7SZRZg$JOW3_V6PS4u`BmeUSA(* zhjP7Vh74?Tnj{_RgkkhgIX>==GWB}gZF&d7cR*n3a~jBX`QG{3P(gUgNbH$&4BPcH z-g%FYDuF?yw5y-Kb_HJga|b4nRJ}4Cx!P&#ki8fb*cP|ORx zNpLC7LV$+BDdX1_)_t6N)fOW_A%Yg&LXq440;;)y&IAB3&;xgNul&e4$PpA^S72t1 zI5t*@BiigreqQ{7$mCTO=KH9W5$fh=>M*u1@1wMbL#gP6Bae;Yu9^~&J>oOO@4Ad> za1B+hSaljJEit;Y356ryXw&v*f6&%ok6gQhezQ20$RHis3F<5&jB1%LQW9)<)~cAS z%;{19gl)_+PC63PLUoYU+TS5Mm^`n2`#rJ$i|>fW;f?3y)MXPokE?qtzvvMq4%`p$ zOyYX&6Fot#&Zkjpb|)Lb_rFGUFo?iaB@g36bqiZbW2V>)>12NK&peq5s@n6*ki7to za8`S{66@)iZgDt*t-54vh*-(2ii773q2NXIS15obH?(dM{SA<}+7(@B?}HtpQCkx@ zI#K)_SKbW~!k!IwxR8CG{j$G55e9u}ik^$h#~QyJdXxg1uu> z_5$_?r~L;8-$#`G$GT5>8*#R{6k?6M9*>(OQ*@j>``p7R60-f*q;7Oxl^Wx;m_&dL zlkLBa3_S!OcP+}YHV`e7csrmk(30bg1-g?E5R!;*D9|0JE5%JN*(=LMp3{Q>lshPu zk63=ju7m)lJD{ad>kTw2rzE=kFIax>PdyhZM!$Z0N*SXbcB&d-Mb+&SZ%l>e#gY~L zY_&Lu$k^khClO$5iok>siS3oM!koj(>;{!Ty|-8`?u>QihWb;;W<+jCo63>LMV*%HQKJOz3=(@4pQtcJjbv{}K@#l6%FW|A>-=xcA%Z#)m6xj9Cw} zbOq89ZjT%~f5+L1W3Y|b`Ria!AeJ(KT089dsYrtMCph9fjFqob9`>_V$wr1wExeha zU|7E$heDUp8Gsw5BD`5-LfMPb>kCfAC+Y8V#;flBUN?iv#pFZQ3EwZ4y#U=JE}o0j zhq&|8F?lEBu?TKQ|8L1CiqgPm0=}rmx#wJAS2T)f|x#ww11~b z7twru`p5!@(5thwC!m-DW!<}I_9vHg^IHY)&Z-{j5(=7C?>Dt?UH-yZKk=_xub@f` z08qQZk(i{2Z1Q>%F!MXiC$?=*#CVbBvq%r*2skfYP5V0Qj4U%sb0)%7ea##8PMK*G zuy6+R5PGq{er(Jjr5pu9z~lD}ua%?TwIFdRWDtmOv1dFGL7sCKW4hhUaT-w($2>`n zSdjF~6kr<|^D>_Ge6uB`c5~Yp4)eeOG@qPSp_q9wj+;=a4tsx6#fdhz6+Oyh)+zSD?u=sRK0NP_Yb+gj=0P zVkvIP1QIW}ijlN9oH2}q8IcRY1MZm0c!-FCh^=4y&JtE_fFKWRvc+eZS?E!KrjU-Rp7N zW$ntWrDV$5)-|ZMY?a*wH@l6xKH6H$+ z)R8>A8k&84Xp#rtzM4D-rBBI+m7i!T`G!*+KOK6;2C5gnO8HXZdBF{%B?PYaLz%QU z={6cW(~0XZlDF9}HccQ6GDAH@ZWk{p@n^eSL^mo1IxmvD*{zQ+a5ro&~E+?FtB-ZuwXRUp#t zzrUO)`>e7lH|1AVG?aLk=KU-GysOydI=wMeJCp~677~}wt`9?gLLxu{1kD|e$i}SK zB%B`2*W}M$Iy7od?X_y_GvB508lb`redwoFUur{QHJ792rrf{N)a#NWwtz~n_Z9z6 z^sZ*7ou;lOrgmiMlg$vmCYCvh{`(Jcj0F+@7xnKiag<*Z*u1SUk2k*@fJC$$Ee4US z9lvC!rp2s%IvNnZ4&FIsfM!6xA_;2B#?hx^0I6=IwegglI)W6f(`i>K zRhnm*Uv3+T$WD1dicV>@f5}!%#hVs0^yw%=sv~G^2xV);*0SCLtmM@-6U>mJceL7t zG8LL}rp45KI#T~MnYyp|elx@8=W$)G_2BT2N$7(WZ7GO+moAGwS(Wd)LuX14#e>dD zKiWCUoSSX)U74wfxFSLt==>J?3+UPwIzBLNSb05BVN7e&^-rBPi}VMk0ep3gtR7V=|xB zUqO2ync1i8sydCUQp}*1|LZvnv2q{3pD=Z7se8An^-cJ4nu?k=nf6;=026m#t{K{y z{(Sa6Bjwfo$7}v(NlXL$>UUqo{PR&vP!e>B8&O|z&f|(*64(X%nr8UjoY@WW-k@AL z@Lkr|nGC8VDqYG{>xTnE>NssTSYLY#mo0xX&Dc<#lJAs#^uo|g_-qh3PoTDIh!d=V zJ|jqVO0fg|_y=J8{Pg|ULL?h*k$96B^Mw+$p>(F2#h&dxNU(nod3S4!}b zaD7KDp;BITXyJ{ZH~#t#Z$jm`%FvC3;3d}j4s$|fp~{c}qJXx(*Y(PVdzOaLLhMue zbKry9Rp0kb1`8N0Jp=r~ZMW}xA%jI}=8q;1Tskz#a&(nTTeZWqc&PtRbOS(z^_=jG z%7_y3U9!A32p6X-22Vnm;8G^+SY?NTYDlu&qBALXW&hfoyld|HY^H`ncQ=t_zqQOx zs4>T*a>|J3FW!J=%7k?KB3dKB{xMTDRU3sGsU)>1 z?aE)Uyw9!((+){u8q0{Yb~P~1uis=09_~qjW!N5LTz=GfriLZiE=s#2$!sX|@bOba z#tDX2T%-_<){mIasJn2PLS(q!L{O&;kAB6dmEMgGq8Zz5dMLH~8Fp(b7oH zyX4NfXd#5v!EsDVe0-KN{OcL~pM($p#R~t8(LmJJD4XI*HnPcwwQ(7wA8BY{Vz{sb zZ?xMy_9>4sn5llW@t?`{#l|JO4lU)cT@D7q0k*?EpzHhR6HgI;&()X5XF0=jexi%S zWQC8MK(_hRoj&E^5rP;#<*pHizq>-10_KV5a__3V?y4qb(L2rQC4`yE;wwDVh?M(R z`dnqrHoRERhy(iyax0FMgGuHhJAJ9k{lhdeqwFN#xO4MkaU~j6puKTdb77FWgJ{4e z`3LrjFw;=HY5EVShUWFE2XXZbH?|%-kEZ~~an@ss*Cg+aQ zM$=pI%I3&cbIN`}fK@;jZ6AFfz$2R}d!zudfC$I0rD$NqTN^=C;-%RY@T?KPL8%&q z@myf>cM3Oa*LkhobgqP-n14o*ebL4GWhi1R!~E-34t(r8lc2G818P5MEwE>?MZval zwVFZF?4RBZ(#O?pFnz)A@-=v-!VITVnl1Co^!Lp5OZnSl^ptuO+4W`>vO{b1Hggu& zx2;o5u9@&DKL1k@SBthxBG;NXUmG5rNqw#ClF|>$j;&!odtLYMZ(;4*?7pG6XFc3& z^BIv=o3?%+l@9O7JyHQd;rr;UKqC?duOWZ8Uv(aeDfx@l2PEjd0scg0 zUPG&^2jb}P<7Zz2XLR3^T|S6I4-+;V>G8vJRRG2 zh3>$+s`TU8WsT`zEx_TMRIn&@<^Aew;}sK_YcimBG5kt|A_nh5D6U0*f8Y94NW7)T z`s)0b)&w(2OZ=hG!#GDuLT4Wi;B-<(~HPips)@)rEx_0mP ztlZ?#?8Q5ycF(?gt7O|Xu{~SO9<1K_G;QtO`gPfF?}laryNbITuHV|Y`dV4|*0S4c zYPq-BuC8VO_HNbIk3a*YvU6{TX8W&9db#%PzuotuE^do;{hc8C)+v6AXw*fqW3JM7 zL~|d6ZkZZWXnVt9T}JwrMYd+$+dgUC65E<_dCj7;0o~gQ^=@gb%{YB_(c7n8-wtTs zI=?z2{p+H7-OF9utn_aESf4Tb^di}9UEls_-?CW?;s7<3{nfqoa8t(j{fl&;cbVnr zfRqWZTlDr{*S33Fw*uB?WS?7PE8Gp@eBG3Bc?OHq5gEy-ydDm587>az0F=P_V#et7Uk57Kwk6>(YMQ@wn#=# z{NQ>>oHJgfhFpfS>O=oORuA1d?45oH9_kmUYx$tuBCq&|14F1Dix@qH>T$Y^G*?WV z^r8CNl$QOgq>IkaB4Jf}J<+T45zEp!^$v^f;JW_6>Q2M#0`9!SvOBnS3$U)RF&50`V=(?O`7{#N==Z_%Hl$@$-1*Fbj;qv!PaeeAK@ zfy)V-8CmtCwuVMb7yQX?G~M7QyD%1lP5%FX?JdPjEejdAnp(8)$UV}{dc-8f^C17{ y<(!|hGUKP`{bbjhUhtEhd-|N8?5fP+|2d{l{L3sn{rXRKehw2ZRaIAiH!cAC2gjlS diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml index 108988c3..3233f944 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml @@ -14,7 +14,7 @@ Linux IPv6 HOWTO (de) PeterBieringer
pb at bieringer dot de
 - 0.66wip.de.1 2014-05-02 PB + 0.66wip.de.1 2014-05-10 PB 0.65.de.1 2009-12-13 PB 0.64.de.1 2009-06-11 PB 0.61.de.1 2007-10-06 PB diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html index 6f4b510c..317d8750 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html @@ -62,7 +62,7 @@ ALIGN="LEFT" >Revision 0.66wip2014-05-022014-05-10Revised by: PB 0.66wip 2014-05-02 0.66wip 2014-05-10 PB \end_layout @@ -455,7 +455,6 @@ CVS information: \end_layout \begin_layout Code - CVS-ID: $Id$ \end_layout @@ -1287,7 +1286,6 @@ In generic examples you will sometimes find the following: \end_layout \begin_layout Code - \end_layout @@ -1298,7 +1296,6 @@ For real use on your system command line or in scripts this has to be replaced \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -1311,7 +1308,6 @@ Commands executable as non-root user begin with $, e.g. \end_layout \begin_layout Code - $ whoami \end_layout @@ -1320,7 +1316,6 @@ Commands executable as root user begin with #, e.g. \end_layout \begin_layout Code - # whoami \end_layout @@ -1515,72 +1510,58 @@ The first IPv6 related network code was added to the Linux kernel 2.1.8 in \end_layout \begin_layout Code - diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code - ¬ linux/include/linux/in6.h \end_layout \begin_layout Code - --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code - +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code - @@ -0,0 +1,99 @@ \end_layout \begin_layout Code - +/* \end_layout \begin_layout Code - + * Types and definitions for AF_INET6 \end_layout \begin_layout Code - + * Linux INET6 implementation \end_layout \begin_layout Code - + * + * Authors: \end_layout \begin_layout Code - + * Pedro Roque <******> \end_layout \begin_layout Code - + * \end_layout \begin_layout Code - + * Source: \end_layout \begin_layout Code - + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code - + * \end_layout @@ -1689,7 +1670,6 @@ As previously mentioned, IPv6 addresses are 128 bits long. \end_layout \begin_layout Code - 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1712,7 +1692,6 @@ nibble \end_layout \begin_layout Code - 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1730,7 +1709,6 @@ This representation is still not very convenient (possible mix-up or loss \end_layout \begin_layout Code - 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1740,7 +1718,6 @@ A usable address (see address types later) is e.g.: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1751,12 +1728,10 @@ For simplifications, leading zeros of each 16 bit block can be omitted: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code - ¬ 2001:db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1782,7 +1757,6 @@ ion. \end_layout \begin_layout Code - 2001:0db8:100:f101:0:0:0:1 -> 2001:db8:100:f101::1 \end_layout @@ -1792,7 +1766,6 @@ The biggest reduction is seen by the IPv6 localhost address: \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1816,12 +1789,10 @@ target "http://www.faqs.org/rfcs/rfc1924.html" \end_layout \begin_layout Code - # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code - 9R}vSQZ1W=9A_Q74Lz&R \end_layout @@ -2032,7 +2003,6 @@ This is a special address for the loopback interface, similiar to IPv4 with \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2041,7 +2011,6 @@ or compressed: \end_layout \begin_layout Code - ::1 \end_layout @@ -2077,7 +2046,6 @@ any \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2086,7 +2054,6 @@ or: \end_layout \begin_layout Code - :: \end_layout @@ -2122,7 +2089,6 @@ These addresses are defined with a special prefix of length 96 (a.b.c.d is \end_layout \begin_layout Code - 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2131,7 +2097,6 @@ or in compressed format \end_layout \begin_layout Code - ::ffff:a.b.c.d/96 \end_layout @@ -2140,7 +2105,6 @@ For example, the IPv4 address 1.2.3.4 looks like this: \end_layout \begin_layout Code - ::ffff:1.2.3.4 \end_layout @@ -2169,7 +2133,6 @@ reference "tunneling-6to4" \end_layout \begin_layout Code - 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2178,7 +2141,6 @@ or in compressed format \end_layout \begin_layout Code - ::a.b.c.d/96 \end_layout @@ -2259,22 +2221,18 @@ x \end_layout \begin_layout Code - fe8x: <- currently the only one in use \end_layout \begin_layout Code - fe9x: \end_layout \begin_layout Code - feax: \end_layout \begin_layout Code - febx: \end_layout @@ -2320,22 +2278,18 @@ It begins with: \end_layout \begin_layout Code - fecx: <- most commonly used \end_layout \begin_layout Code - fedx: \end_layout \begin_layout Code - feex: \end_layout \begin_layout Code - fefx: \end_layout @@ -2410,12 +2364,10 @@ It begins with: \end_layout \begin_layout Code - fcxx: \end_layout \begin_layout Code - fdxx: <- currently the only one in use \end_layout @@ -2438,7 +2390,6 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code - fd0f:8b72:ac90::/48 \end_layout @@ -2470,12 +2421,10 @@ x \end_layout \begin_layout Code - 2xxx: \end_layout \begin_layout Code - 3xxx: \end_layout @@ -2506,7 +2455,6 @@ These were the first global addresses which were defined and in use. \end_layout \begin_layout Code - 3ffe: \end_layout @@ -2515,7 +2463,6 @@ Example: \end_layout \begin_layout Code - 3ffe:ffff:100:f102::1 \end_layout @@ -2525,7 +2472,6 @@ A special 6bone test address which will never be globally unique begins \end_layout \begin_layout Code - 3ffe:ffff: \end_layout @@ -2577,7 +2523,6 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code - 2002: \end_layout @@ -2586,7 +2531,6 @@ For example, representing 192.168.1.1/5: \end_layout \begin_layout Code - 2002:c0a8:0101:5::1 \end_layout @@ -2596,12 +2540,10 @@ A small shell command line can help you generating such address out of a \end_layout \begin_layout Code - ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code - ¬ | tr "." " "` $sla \end_layout @@ -2635,7 +2577,6 @@ These addresses are delegated to Internet service providers (ISP) and begin \end_layout \begin_layout Code - 2001: \end_layout @@ -2674,12 +2615,10 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code - 3fff:ffff::/32 \end_layout \begin_layout Code - 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2708,7 +2647,6 @@ xx \end_layout \begin_layout Code - ffxy: \end_layout @@ -2797,7 +2735,6 @@ An example of this address looks like \end_layout \begin_layout Code - ff02::1:ff00:1234 \end_layout @@ -2854,7 +2791,6 @@ A simple example for an anycast address is the subnet-router anycast address. \end_layout \begin_layout Code - 2001:db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2864,7 +2800,6 @@ The subnet-router anycast address will be created blanking the suffix (least \end_layout \begin_layout Code - 2001:db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2904,7 +2839,6 @@ E.g. \end_layout \begin_layout Code - 00:10:a4:01:23:45 \end_layout @@ -2922,7 +2856,6 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code - 0210:a4ff:fe01:2345 \end_layout @@ -2932,7 +2865,6 @@ With a given prefix, the result is the IPv6 address shown in example above: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -2985,7 +2917,6 @@ For servers, it's probably easier to remember simpler addresses, this can \end_layout \begin_layout Code - 2001:0db8:100:f101::1 \end_layout @@ -3077,7 +3008,6 @@ An example: \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -3091,7 +3021,6 @@ Network: \end_layout \begin_layout Code - 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -3100,7 +3029,6 @@ Netmask: \end_layout \begin_layout Code - ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3119,12 +3047,10 @@ For example if a routing table shows following entries (list is not complete): \end_layout \begin_layout Code - 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code - 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3134,12 +3060,10 @@ Shown destination addresses of IPv6 packets will be routed through shown \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code - 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -3203,7 +3127,6 @@ To check, whether your current running kernel supports IPv6, take a look \end_layout \begin_layout Code - /proc/net/if_inet6 \end_layout @@ -3213,7 +3136,6 @@ A short automatical test looks like: \end_layout \begin_layout Code - # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3232,7 +3154,6 @@ You can try to load the IPv6 module executing \end_layout \begin_layout Code - # modprobe ipv6 \end_layout @@ -3243,7 +3164,6 @@ If this is successful, this module should be listed, testable with following \end_layout \begin_layout Code - # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3268,7 +3188,6 @@ Its possible to automatically load the IPv6 module on demand. \end_layout \begin_layout Code - alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -3278,7 +3197,6 @@ It's also possible to disable automatically loading of the IPv6 module using \end_layout \begin_layout Code - alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3536,12 +3454,10 @@ Auto-magically check: \end_layout \begin_layout Code - # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code - ¬ IPv6-ready" \end_layout @@ -3555,7 +3471,6 @@ route \end_layout \begin_layout Code - # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3574,7 +3489,6 @@ Alexey N. \end_layout \begin_layout Code - # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3638,17 +3552,14 @@ Usage \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 [-I ] \end_layout @@ -3658,7 +3569,6 @@ Some implementation also support % suffix instead of using -I , \end_layout \begin_layout Code - # ping6 % \end_layout @@ -3667,17 +3577,14 @@ Example \end_layout \begin_layout Code - # ping6 -c 1 ::1 \end_layout \begin_layout Code - PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3686,17 +3593,14 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - --- ::1 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code - round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3727,12 +3631,10 @@ Using link-local addresses for an IPv6 ping, the kernel does not know through \end_layout \begin_layout Code - # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - connect: Invalid argument \end_layout @@ -3741,22 +3643,18 @@ In this case you have to specify the interface additionally like shown here: \end_layout \begin_layout Code - # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code - PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3765,17 +3663,14 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code - ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3784,7 +3679,6 @@ Example for % notation: \end_layout \begin_layout Code - # ping6 -c 1 fe80::2e0:18ff:fe90:9205%eth0 \end_layout @@ -3798,22 +3692,18 @@ An interesting mechanism to detect IPv6-active hosts on a link is to ping6 \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code - PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code - 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3823,7 +3713,6 @@ Example for % notation: \end_layout \begin_layout Code - # ping6 ff02::1%eth0 \end_layout @@ -3854,51 +3743,42 @@ iputils \end_layout \begin_layout Code - # traceroute6 www.6bone.net \end_layout \begin_layout Code - traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code - ¬ hops max, 16 byte packets \end_layout \begin_layout Code - 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code - 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code - 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code - 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code - 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code - 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3940,52 +3820,42 @@ iputils \end_layout \begin_layout Code - # tracepath6 www.6bone.net \end_layout \begin_layout Code - 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code - 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code - 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code - 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code - 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code - 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code - 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code - 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code - Resume: pmtu 1280 \end_layout @@ -4074,32 +3944,26 @@ IPv6 ping to \end_layout \begin_layout Code - # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on eth0 \end_layout \begin_layout Code - 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code - ¬ request (len 64, hlim 64) \end_layout \begin_layout Code - 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code - ¬ reply (len 64, hlim 64) \end_layout @@ -4116,52 +3980,42 @@ IPv6 ping to \end_layout \begin_layout Code - # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on ppp0 \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4245,7 +4099,6 @@ Because of security updates in the last years every Domain Name System (DNS) \end_layout \begin_layout Code - # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4254,20 +4107,17 @@ and should show something like following: \end_layout \begin_layout Code - www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code - tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code - ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4281,30 +4131,25 @@ IPv6-ready telnet clients are available. \end_layout \begin_layout Code - $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code - Trying 3ffe:400:100::1... \end_layout \begin_layout Code - Connected to 3ffe:400:100::1. \end_layout \begin_layout Code - Escape character is '^]'. \end_layout \begin_layout Code - HEAD / HTTP/1.0 \end_layout @@ -4313,47 +4158,38 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code - HTTP/1.1 200 OK \end_layout \begin_layout Code - Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code - GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code - Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code - ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code - Accept-Ranges: bytes \end_layout \begin_layout Code - Content-Length: 2637 \end_layout \begin_layout Code - Connection: close \end_layout \begin_layout Code - Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4362,7 +4198,6 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code - Connection closed by foreign host. \end_layout @@ -4403,17 +4238,14 @@ Current versions of openssh are IPv6-ready. \end_layout \begin_layout Code - $ ssh -6 ::1 \end_layout \begin_layout Code - user@::1's password: ****** \end_layout \begin_layout Code - [user@ipv6host user]$ \end_layout @@ -4960,12 +4792,10 @@ Usage: \end_layout \begin_layout Code - # ip link set dev up \end_layout \begin_layout Code - # ip link set dev down \end_layout @@ -4978,12 +4808,10 @@ Example: \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout @@ -4997,12 +4825,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig up \end_layout \begin_layout Code - # /sbin/ifconfig down \end_layout @@ -5011,12 +4837,10 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 up \end_layout \begin_layout Code - # /sbin/ifconfig eth0 down \end_layout @@ -5067,7 +4891,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev \end_layout @@ -5076,27 +4899,22 @@ Example for a static configured host: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: \end_layout @@ -5168,22 +4977,18 @@ Example (output filtered with grep to display only IPv6 addresses). \end_layout \begin_layout Code - # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code - inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code - inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code - inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5205,7 +5010,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr add / dev \end_layout @@ -5214,7 +5018,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5228,7 +5031,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 add / \end_layout @@ -5237,7 +5039,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -5260,7 +5061,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr del / dev \end_layout @@ -5269,7 +5069,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5283,7 +5082,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 del / \end_layout @@ -5292,7 +5090,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -5345,7 +5142,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route show [dev ] \end_layout @@ -5355,27 +5151,22 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code - 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5389,7 +5180,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -5401,42 +5191,34 @@ Example (output is filtered for interface eth0). \end_layout \begin_layout Code - # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code - 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code - ¬ addresses \end_layout \begin_layout Code - ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -5459,12 +5241,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5473,7 +5253,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2001:0db8:0:f101::1 \end_layout @@ -5487,12 +5266,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5510,7 +5287,6 @@ Following shown example adds a default route through gateway \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1 \end_layout @@ -5534,12 +5310,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5548,7 +5322,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route del default via 2001:0db8:0:f101::1 \end_layout @@ -5562,12 +5335,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code - ¬ ] \end_layout @@ -5576,7 +5347,6 @@ Example for removing upper added route again: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1 \end_layout @@ -5599,12 +5369,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / dev \end_layout \begin_layout Code - ¬ metric 1 \end_layout @@ -5613,7 +5381,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route add default dev eth0 metric 1 \end_layout @@ -5656,7 +5423,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / dev \end_layout @@ -5665,7 +5431,6 @@ Example: \end_layout \begin_layout Code - # /sbin/route -A inet6 add default dev eth0 \end_layout @@ -5688,7 +5453,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / dev \end_layout @@ -5697,7 +5461,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route del default dev eth0 \end_layout @@ -5711,7 +5474,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / dev \end_layout @@ -5721,7 +5483,6 @@ Example: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default dev eth0 \end_layout @@ -5760,17 +5521,14 @@ Client can setup a default route like prefix \end_layout \begin_layout Code - # ip -6 route show | grep ^default \end_layout \begin_layout Code - default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code - ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5852,7 +5610,6 @@ With following command you can display the learnt or configured IPv6 neighbors \end_layout \begin_layout Code - # ip -6 neigh show [dev ] \end_layout @@ -5861,12 +5618,10 @@ The following example shows one neighbor, which is a reachable router \end_layout \begin_layout Code - # ip -6 neigh show \end_layout \begin_layout Code - fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -5891,7 +5646,6 @@ With following command you are able to manually add an entry \end_layout \begin_layout Code - # ip -6 neigh add lladdr dev \end_layout @@ -5900,7 +5654,6 @@ Example: \end_layout \begin_layout Code - # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5913,7 +5666,6 @@ Like adding also an entry can be deleted: \end_layout \begin_layout Code - # ip -6 neigh del lladdr dev \end_layout @@ -5922,7 +5674,6 @@ Example: \end_layout \begin_layout Code - # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5952,28 +5703,23 @@ help \end_layout \begin_layout Code - # ip -6 neigh help \end_layout \begin_layout Code - Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code - [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code - | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code - ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -6163,27 +5909,22 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code - | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code - | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code - | 0x2002 | | | | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6394,7 +6135,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -6403,17 +6143,14 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show \end_layout \begin_layout Code - sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code - sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6426,7 +6163,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -6436,7 +6172,6 @@ Example (output is filtered to display only tunnels through virtual interface \end_layout \begin_layout Code - # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6445,27 +6180,22 @@ W*$" \end_layout \begin_layout Code - ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code - 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6531,12 +6261,10 @@ Usage for creating a tunnel device (but it's not up afterward, also a TTL \end_layout \begin_layout Code - # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -6545,22 +6273,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6569,22 +6293,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6593,22 +6313,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6629,7 +6345,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6638,17 +6353,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit1 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6657,17 +6369,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit2 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6676,17 +6385,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit3 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6712,7 +6418,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6721,32 +6426,26 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6775,7 +6474,6 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code - # /sbin/ip tunnel del \end_layout @@ -6784,17 +6482,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code - # /sbin/ip link set sit1 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit1 \end_layout @@ -6803,17 +6498,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code - # /sbin/ip link set sit2 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit2 \end_layout @@ -6822,17 +6514,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code - # /sbin/ip link set sit3 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit3 \end_layout @@ -6851,12 +6540,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code - # /sbin/ifconfig sit3 down \end_layout @@ -6865,12 +6552,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code - # /sbin/ifconfig sit2 down \end_layout @@ -6879,12 +6564,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code - # /sbin/ifconfig sit1 down \end_layout @@ -6893,7 +6576,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6915,32 +6597,26 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6949,7 +6625,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7008,7 +6683,6 @@ Assuming your IPv4 address is \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -7017,7 +6691,6 @@ the generated 6to4 prefix will be \end_layout \begin_layout Code - 2002:0102:0304:: \end_layout @@ -7036,7 +6709,6 @@ Local 6to4 gateways should (but it's not a must, you can choose an arbitrary \end_layout \begin_layout Code - 2002:0102:0304::1 \end_layout @@ -7046,7 +6718,6 @@ Use e.g. \end_layout \begin_layout Code - ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -7068,12 +6739,10 @@ Create a new tunnel device \end_layout \begin_layout Code - # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code - ¬ \end_layout @@ -7082,7 +6751,6 @@ Bring interface up \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 up \end_layout @@ -7091,7 +6759,6 @@ Add local 6to4 address to interface (note: prefix length 16 is important!) \end_layout \begin_layout Code - # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -7101,7 +6768,6 @@ Add (default) route to the global IPv6 network using the all-6to4-routers \end_layout \begin_layout Code - # /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -7120,7 +6786,6 @@ ip \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -7147,7 +6812,6 @@ Bring generic tunnel interface sit0 up \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -7156,7 +6820,6 @@ Add local 6to4 address to interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 add /16 \end_layout @@ -7166,7 +6829,6 @@ Add (default) route to the global IPv6 network using the all-6to4-relays \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0 \end_layout @@ -7183,7 +6845,6 @@ Remove all routes through this dedicated tunnel device \end_layout \begin_layout Code - # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -7192,7 +6853,6 @@ Shut down interface \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 down \end_layout @@ -7201,7 +6861,6 @@ Remove created tunnel device \end_layout \begin_layout Code - # /sbin/ip tunnel del tun6to4 \end_layout @@ -7238,7 +6897,6 @@ Remove (default) route through the 6to4 tunnel interface \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0 \end_layout @@ -7247,7 +6905,6 @@ Remove local 6to4 address to interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 del /16 \end_layout @@ -7257,7 +6914,6 @@ Shut down generic tunnel device (take care about this, perhaps it's still \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7297,7 +6953,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -7306,28 +6961,23 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code - ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 \end_layout \begin_layout Code - ¬ flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code - ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 \end_layout \begin_layout Code - ¬ hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -7344,12 +6994,10 @@ Usage for creating a 4over6 tunnel device (but it's not up afterward) \end_layout \begin_layout Code - # /sbin/ip tunnel add mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -7358,22 +7006,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -7382,22 +7026,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -7406,22 +7046,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -7434,7 +7070,6 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del \end_layout @@ -7443,17 +7078,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -7462,17 +7094,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -7481,17 +7110,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -7584,7 +7210,6 @@ The /proc-filesystem had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code - CONFIG_PROC_FS=y \end_layout @@ -7593,12 +7218,10 @@ The /proc-filesystem was mounted before, which can be tested using \end_layout \begin_layout Code - # mount | grep "type proc" \end_layout \begin_layout Code - none on /proc type proc (rw) \end_layout @@ -7629,12 +7252,10 @@ cat \end_layout \begin_layout Code - # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code - 0 \end_layout @@ -7655,7 +7276,6 @@ echo \end_layout \begin_layout Code - # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -7711,7 +7331,6 @@ The sysctl-interface had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code - CONFIG_SYSCTL=y \end_layout @@ -7724,12 +7343,10 @@ The value of an entry can be retrieved now: \end_layout \begin_layout Code - # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7742,12 +7359,10 @@ A new value can be set (if entry is writable): \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7765,12 +7380,10 @@ Note: Don't use spaces around the \end_layout \begin_layout Code - # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code - net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -8238,12 +7851,10 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code - ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code - ¬ seq=426, pid=0 \end_layout @@ -8715,27 +8326,22 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code - # cat /proc/net/if_inet6 \end_layout \begin_layout Code - 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code - +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code - | | | | | | \end_layout \begin_layout Code - 1 2 3 4 5 6 \end_layout @@ -8826,27 +8432,22 @@ net/ipv6/route.c \end_layout \begin_layout Code - # cat /proc/net/ipv6_route \end_layout \begin_layout Code - 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code - +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code - | | | | \end_layout \begin_layout Code - 1 2 3 4 \end_layout @@ -8855,22 +8456,18 @@ net/ipv6/route.c \end_layout \begin_layout Code - ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code - ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code - ¬ | | | | | | \end_layout \begin_layout Code - ¬ 5 6 7 8 9 10 \end_layout @@ -8930,27 +8527,22 @@ Statistics about used IPv6 sockets. \end_layout \begin_layout Code - # cat /proc/net/sockstat6 \end_layout \begin_layout Code - TCP6: inuse 7 \end_layout \begin_layout Code - UDP6: inuse 2 \end_layout \begin_layout Code - RAW6: inuse 1 \end_layout \begin_layout Code - FRAG6: inuse 0 memory 0 \end_layout @@ -9132,375 +8724,307 @@ Example: \end_layout \begin_layout Code - # netstat -nlptu \end_layout \begin_layout Code - Active Internet connections (only servers) \end_layout \begin_layout Code - Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code - ¬ PID/Program name \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 22433/lpd Waiting \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1746/smbd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 3551/X \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18735/junkbuster \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code - ¬ 1410/sshd \end_layout \begin_layout Code - tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code - ¬ 13237/sshd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - udp 0 0 :::53 :::* \end_layout \begin_layout Code - ¬ 30734/named \end_layout @@ -9532,32 +9056,26 @@ Router advertisement \end_layout \begin_layout Code - 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code - ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code - ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code - ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code - ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code - ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -9610,12 +9128,10 @@ Router solicitation \end_layout \begin_layout Code - 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code - ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -9683,12 +9199,10 @@ fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -9705,18 +9219,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9733,18 +9244,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code - ¬ 255) \end_layout @@ -9765,18 +9273,15 @@ Node wants to send packages to \end_layout \begin_layout Code - 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code - ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9793,12 +9298,10 @@ fe80::10 \end_layout \begin_layout Code - 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code - ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -9920,7 +9423,6 @@ You can test, whether your Linux distribution contain support for persistent \end_layout \begin_layout Code - /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -9929,13 +9431,11 @@ Auto-magically test: \end_layout \begin_layout Code - # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code - ¬ IPv6 script library exists" \end_layout @@ -9945,17 +9445,14 @@ The version of the library is important if you miss some features. \end_layout \begin_layout Code - # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code - ¬ getversion_ipv6_functions \end_layout \begin_layout Code - 20011124 \end_layout @@ -9994,12 +9491,10 @@ Check whether running system has already IPv6 module loaded \end_layout \begin_layout Code - # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code - alias net-pf-10 off \end_layout @@ -10017,7 +9512,6 @@ off \end_layout \begin_layout Code - NETWORKING_IPV6=yes \end_layout @@ -10026,7 +9520,6 @@ Reboot or restart networking using \end_layout \begin_layout Code - # service network restart \end_layout @@ -10035,12 +9528,10 @@ Now IPv6 module should be loaded \end_layout \begin_layout Code - # modprobe -c | grep ipv6 \end_layout \begin_layout Code - alias net-pf-10 ipv6 \end_layout @@ -10100,7 +9591,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IP6ADDR="/" \end_layout @@ -10126,7 +9616,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IPADDR="/" \end_layout @@ -10167,54 +9656,44 @@ Configure your interface. \end_layout \begin_layout Code - iface eth0 inet6 static \end_layout \begin_layout Code - pre-up modprobe ipv6 \end_layout \begin_layout Code - address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code - # To suppress completely autoconfiguration: \end_layout \begin_layout Code - # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code - netmask 64 \end_layout \begin_layout Code - # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code - # It is magically \end_layout \begin_layout Code - # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code - #gateway 2001:0db8:1234:5::1 \end_layout @@ -10223,7 +9702,6 @@ And you reboot or you just \end_layout \begin_layout Code - # ifup --force eth0 \end_layout @@ -10294,22 +9772,18 @@ Example: \end_layout \begin_layout Code - # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code - inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code - valid_lft forever preferred_lft forever \end_layout @@ -10820,7 +10294,6 @@ Change to source directory: \end_layout \begin_layout Code - # cd /path/to/src \end_layout @@ -10829,12 +10302,10 @@ Unpack and rename kernel sources \end_layout \begin_layout Code - # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code - # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -10843,7 +10314,6 @@ Unpack iptables sources \end_layout \begin_layout Code - # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -10856,7 +10326,6 @@ Change to iptables directory \end_layout \begin_layout Code - # cd iptables-version \end_layout @@ -10865,7 +10334,6 @@ Apply pending patches \end_layout \begin_layout Code - # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10876,7 +10344,6 @@ Apply additional IPv6 related patches (still not in the vanilla kernel included) \end_layout \begin_layout Code - # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10915,12 +10382,10 @@ Check IPv6 extensions \end_layout \begin_layout Code - # make print-extensions \end_layout \begin_layout Code - Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -10933,7 +10398,6 @@ Change to kernel sources \end_layout \begin_layout Code - # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -10942,12 +10406,10 @@ Edit Makefile \end_layout \begin_layout Code - - EXTRAVERSION = \end_layout \begin_layout Code - + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -10956,99 +10418,80 @@ Run configure, enable IPv6 related \end_layout \begin_layout Code - Code maturity level options \end_layout \begin_layout Code - Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code - Networking options \end_layout \begin_layout Code - Network packet filtering: yes \end_layout \begin_layout Code - The IPv6 protocol: module \end_layout \begin_layout Code - IPv6: Netfilter Configuration \end_layout \begin_layout Code - IP6 tables support: module \end_layout \begin_layout Code - All new options like following: \end_layout \begin_layout Code - limit match support: module \end_layout \begin_layout Code - MAC address match support: module \end_layout \begin_layout Code - Multiple port match support: module \end_layout \begin_layout Code - Owner match support: module \end_layout \begin_layout Code - netfilter MARK match support: module \end_layout \begin_layout Code - Aggregated address check: module \end_layout \begin_layout Code - Packet filtering: module \end_layout \begin_layout Code - REJECT target support: module \end_layout \begin_layout Code - LOG target support: module \end_layout \begin_layout Code - Packet mangling: module \end_layout \begin_layout Code - MARK target support: module \end_layout @@ -11075,7 +10518,6 @@ Rename older directory \end_layout \begin_layout Code - # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -11084,7 +10526,6 @@ Create a new softlink \end_layout \begin_layout Code - # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -11093,7 +10534,6 @@ Rebuild SRPMS \end_layout \begin_layout Code - # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -11107,7 +10547,6 @@ On RH 7.1 systems, normally, already an older version is installed, therefore \end_layout \begin_layout Code - # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11116,7 +10555,6 @@ If not already installed, use "install" \end_layout \begin_layout Code - # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11127,7 +10565,6 @@ ts don't fit. \end_layout \begin_layout Code - # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11137,7 +10574,6 @@ Perhaps it's necessary to create a softlink for iptables libraries where \end_layout \begin_layout Code - # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -11154,7 +10590,6 @@ Load module, if so compiled \end_layout \begin_layout Code - # modprobe ip6_tables \end_layout @@ -11163,12 +10598,10 @@ Check for capability \end_layout \begin_layout Code - # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code - ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -11185,7 +10618,6 @@ Short \end_layout \begin_layout Code - # ip6tables -L \end_layout @@ -11194,7 +10626,6 @@ Extended \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L \end_layout @@ -11203,7 +10634,6 @@ List specified filter \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -11212,12 +10642,10 @@ Insert a log rule at the input filter with options \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code - ¬ --log-level 7 \end_layout @@ -11226,7 +10654,6 @@ Insert a drop rule at the input filter \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -11235,7 +10662,6 @@ Delete a rule by number \end_layout \begin_layout Code - # ip6tables --table filter --delete INPUT 1 \end_layout @@ -11249,7 +10675,6 @@ Since kernel version 2.6.20 IPv6 connection tracking is well supported and \end_layout \begin_layout Code - # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -11267,7 +10692,6 @@ Accept incoming ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11276,7 +10700,6 @@ Allow outgoing ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11285,7 +10708,6 @@ Newer kernels allow specifying of ICMPv6 types: \end_layout \begin_layout Code - # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -11303,12 +10725,10 @@ Because it can happen (author already saw it to times) that an ICMPv6 storm \end_layout \begin_layout Code - # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code - ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -11326,12 +10746,10 @@ Allow incoming SSH from 2001:0db8:100::1/128 \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code - ¬ --dport 22 -j ACCEPT \end_layout @@ -11344,12 +10762,10 @@ no longer needed if connection tracking is used! \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code - ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -11371,7 +10787,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11380,7 +10795,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11394,7 +10808,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 from tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -11403,7 +10816,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 to tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -11426,7 +10838,6 @@ Block incoming TCP connection requests to this host \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -11435,7 +10846,6 @@ Block incoming TCP connection requests to hosts behind this router \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -11468,7 +10878,6 @@ Block incoming UDP packets which cannot be responses of outgoing requests \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11478,7 +10887,6 @@ Block incoming UDP packets which cannot be responses of forwarded requests \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11506,7 +10914,6 @@ tracking \end_layout \begin_layout Code - File: /etc/sysconfig/ip6tables \end_layout @@ -11515,87 +10922,70 @@ File: /etc/sysconfig/ip6tables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11604,7 +10994,6 @@ For completeness also the IPv4 configuration is shown here: \end_layout \begin_layout Code - File: /etc/sysconfig/iptables \end_layout @@ -11613,88 +11002,71 @@ File: /etc/sysconfig/iptables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11711,12 +11083,10 @@ Activate IPv4 & IPv6 firewalling \end_layout \begin_layout Code - # service iptables start \end_layout \begin_layout Code - # service ip6tables start \end_layout @@ -11725,12 +11095,10 @@ Enable automatic start after reboot \end_layout \begin_layout Code - # chkconfig iptables on \end_layout \begin_layout Code - # chkconfig ip6tables on \end_layout @@ -11749,578 +11117,472 @@ but still stateless filter \end_layout \begin_layout Code - # ip6tables -n -v -L \end_layout \begin_layout Code - Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain ext2int (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain int2ext (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -12350,7 +11612,6 @@ Like in IPv4 clients behind a router can be hided by using IPv6 masquerading \end_layout \begin_layout Code - # ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE \end_layout @@ -12364,7 +11625,6 @@ A dedicated public IPv6 address can be forwarded to an internal IPv6 address, \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout @@ -12378,7 +11638,6 @@ A dedicated specified port can be forwarded to an internal system, e.g. \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti nation [fec0::1234]:80 \end_layout @@ -12423,17 +11682,14 @@ Take care if rules are contained in more than one table, because the tables \end_layout \begin_layout Code - IPv4-Packet --> table "ip" --> table "inet" --> further checks \end_layout \begin_layout Code - IPv6-Packet --> table "ip6" --> table "inet" --> further checks \end_layout \begin_layout Standard - If table \begin_inset Quotes sld \end_inset @@ -12472,22 +11728,18 @@ Load kernel modules: \end_layout \begin_layout Code - # modprobe nf_tables \end_layout \begin_layout Code - # modprobe nf_tables_ipv4 \end_layout \begin_layout Code - # modprobe nf_tables_ipv6 \end_layout \begin_layout Code - # modprobe nf_tables_inet \end_layout @@ -12496,12 +11748,10 @@ Flush iptables and ip6tables to avoid interferences: \end_layout \begin_layout Code - # iptables -F \end_layout \begin_layout Code - # ip6tables -F \end_layout @@ -12510,7 +11760,6 @@ Create filter table: \end_layout \begin_layout Code - # nft add table inet filter \end_layout @@ -12519,7 +11768,6 @@ Create input chain: \end_layout \begin_layout Code - # nft add chain inet filter input { type filter hook input priority 0 \backslash ; } @@ -12546,7 +11794,6 @@ Allow packets which are related to existing connection tracking entries \end_layout \begin_layout Code - # nft add rule inet filter input ct state established,related counter accept \end_layout @@ -12555,13 +11802,11 @@ Allow IPv4 and IPv6 ICMP echo-request (aka ping) \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv4 icmp type { echo-request } counter accept \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv6 icmpv6 type echo-request counter accept \end_layout @@ -12572,23 +11817,19 @@ Allow some important IPv6 ICMP traffic, without counter, but checking hop-limit \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code - ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 1 accept \end_layout \begin_layout Code - # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code - ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 255 counter accept \end_layout @@ -12598,7 +11839,6 @@ Allow incoming SSH for IPv4 and IPv6 \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -12615,17 +11855,14 @@ Reject/drop others \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 0-65535 reject \end_layout \begin_layout Code - # nft add rule inet filter input udp dport 0-65535 counter drop \end_layout \begin_layout Code - # nft add rule inet filter input counter drop \end_layout @@ -12638,77 +11875,63 @@ Table for IP version aware filter \end_layout \begin_layout Code - table inet filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip protocol icmp icmp type { echo-request} counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip6 nexthdr ipv6-icmp icmpv6 type echo-request counter packets 0 bytes 0 accept \end_layout \begin_layout Code - ip6 nexthdr ipv6-icmp ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - ip6 nexthdr ipv6-icmp ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code - tcp dport ssh ct state new tcp flags & (syn | ack) == syn counter packets 0 bytes 0 accept \end_layout \begin_layout Code - tcp dport >= 0 tcp dport <= 65535 counter packets 0 bytes 0 reject \end_layout \begin_layout Code - udp dport >= 0 udp dport <= 65535 counter packets 0 bytes 0 drop \end_layout \begin_layout Code - log prefix counter packets 0 bytes 0 drop \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -12721,7 +11944,6 @@ To enable logging, an additonal kernel module must be loaded \end_layout \begin_layout Code - # modprobe xt_LOG \end_layout @@ -12746,7 +11968,6 @@ Fir initial test with logging it can be useful to disable kernel console \end_layout \begin_layout Code - #*.emerg :omusrmsg:* \end_layout @@ -12755,7 +11976,6 @@ Rule from above accepting SSH on port 22, but now with logging: \end_layout \begin_layout Code - # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -12823,141 +12043,114 @@ mark xxxx \end_layout \begin_layout Code - # for table in ip ip6 inet; do nft list table $table filter; done \end_layout \begin_layout Code - table ip filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 241 bytes 25193 accept \end_layout \begin_layout Code - counter packets 2 bytes 120 mark 0x00000100 accept \end_layout \begin_layout Code - icmp type { echo-request} counter packets 0 bytes 0 meta mark set 0x00000100 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout \begin_layout Code - table ip6 filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 14 bytes 4077 accept \end_layout \begin_layout Code - counter packets 4 bytes 408 mark 0x00000100 accept \end_layout \begin_layout Code - icmpv6 type echo-request counter packets 1 bytes 104 meta mark set 0x00000100 \end_layout \begin_layout Code - icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} counter packets 2 bytes 224 meta mark set 0x00000100 accept \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout \begin_layout Code - table inet filter { \end_layout \begin_layout Code - chain input { \end_layout \begin_layout Code - type filter hook input priority 0; \end_layout \begin_layout Code - ct state established,related counter packets 307 bytes 31974 accept \end_layout \begin_layout Code - counter packets 6 bytes 528 mark 0x00000100 accept \end_layout \begin_layout Code - tcp dport ssh ct state new tcp flags & (syn | ack) == syn log prefix "inet/input/accept: " meta mark set 0x00000100 counter packets 3 bytes 200 accept \end_layout \begin_layout Code - log prefix "inet/input/reject: " counter packets 0 bytes 0 reject \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13065,12 +12258,10 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # nc6 ::1 daytime \end_layout \begin_layout Code - 13 JUL 2002 11:22:22 CEST \end_layout @@ -13092,53 +12283,43 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code - # nmap -6 -sT ::1 \end_layout \begin_layout Code - Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code - Interesting ports on localhost6 (::1): \end_layout \begin_layout Code - (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code - Port State Service \end_layout \begin_layout Code - 22/tcp open ssh \end_layout \begin_layout Code - 53/tcp open domain \end_layout \begin_layout Code - 515/tcp open printer \end_layout \begin_layout Code - 2401/tcp open cvspserver \end_layout \begin_layout Code - Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -13161,32 +12342,26 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code - ::1 2401 unassigned unknown \end_layout \begin_layout Code - ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code - ::1 515 printer spooler (lpd) \end_layout \begin_layout Code - ::1 6010 unassigned unknown \end_layout \begin_layout Code - ::1 53 domain Domain Name Server \end_layout @@ -13481,27 +12656,22 @@ Example for an end-to-end encrypted connection in transport mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -13514,37 +12684,30 @@ Example for a end-to-end encrypted connection in tunnel mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -13606,22 +12769,18 @@ File: /etc/racoon/racoon.conf \end_layout \begin_layout Code - # Racoon IKE daemon configuration file. \end_layout \begin_layout Code - # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code - path include "/etc/racoon"; \end_layout \begin_layout Code - path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -13630,22 +12789,18 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code - listen \end_layout \begin_layout Code - { \end_layout \begin_layout Code - isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code - } \end_layout @@ -13654,62 +12809,50 @@ listen \end_layout \begin_layout Code - remote 2001:db8:2:2::2 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exchange_mode main; \end_layout \begin_layout Code - lifetime time 24 hour; \end_layout \begin_layout Code - proposal \end_layout \begin_layout Code - { \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - hash_algorithm md5; \end_layout \begin_layout Code - authentication_method pre_shared_key; \end_layout \begin_layout Code - dh_group 2; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13718,42 +12861,34 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code - # gateway-to-gateway \end_layout \begin_layout Code - sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -13762,37 +12897,30 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -13805,12 +12933,10 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code - # format is: 'identifier' 'key' \end_layout @@ -13819,7 +12945,6 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - 2001:db8:2:2::2 verysecret \end_layout @@ -13843,104 +12968,84 @@ At least the daemon needs to be started. \end_layout \begin_layout Code - # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code - Foreground mode. \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 \end_layout \begin_layout Code - ¬ (http://ipsec-tools.sourceforge.net) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code - ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code - ¬ queued due to no phase1 found. \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code - ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -13958,12 +13063,10 @@ tcpdump \end_layout \begin_layout Code - 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code - 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -13984,117 +13087,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code - A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code - A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -14187,22 +13267,18 @@ File: /etc/ipsec.conf \end_layout \begin_layout Code - # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code - # \end_layout \begin_layout Code - # Manual: ipsec.conf.5 \end_layout \begin_layout Code - version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -14211,27 +13287,22 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code - # basic configuration \end_layout \begin_layout Code - config setup \end_layout \begin_layout Code - # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code - # klipsdebug=none \end_layout \begin_layout Code - # plutodebug="control parsing" \end_layout @@ -14240,12 +13311,10 @@ config setup \end_layout \begin_layout Code - #Disable Opportunistic Encryption \end_layout \begin_layout Code - include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -14254,68 +13323,55 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code - conn ipv6-p1-p2 \end_layout \begin_layout Code - connaddrfamily=ipv6 # Important for IPv6, but no longer needed since StrongSwan 4 \end_layout \begin_layout Code - left=2001:db8:1:1::1 \end_layout \begin_layout Code - right=2001:db8:2:2::2 \end_layout \begin_layout Code - authby=secret \end_layout \begin_layout Code - esp=aes128-sha1 \end_layout \begin_layout Code - ike=aes128-sha-modp1024 \end_layout \begin_layout Code - type=transport \end_layout \begin_layout Code - #type=tunnel \end_layout \begin_layout Code - compress=no \end_layout \begin_layout Code - #compress=yes \end_layout \begin_layout Code - auto=add \end_layout \begin_layout Code - #auto=up \end_layout @@ -14332,7 +13388,6 @@ File: /etc/ipsec.secrets \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -14354,7 +13409,6 @@ If installation of Openswan was successfully, an initscript should exist \end_layout \begin_layout Code - # /etc/rc.d/init.d/ipsec start \end_layout @@ -14372,42 +13426,34 @@ IPsec SA established \end_layout \begin_layout Code - # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code - 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code - 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code - 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code - 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code - ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -14425,117 +13471,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code - A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code - A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -14557,12 +13580,10 @@ ip \end_layout \begin_layout Code - # ip xfrm policy \end_layout \begin_layout Code - ... \end_layout @@ -14571,12 +13592,10 @@ ip \end_layout \begin_layout Code - # ip xfrm state \end_layout \begin_layout Code - ... \end_layout @@ -14623,39 +13642,32 @@ Proper working QoS is only possible on the outgoing interface of a router \end_layout \begin_layout Code - -------------->------- \end_layout \begin_layout Code - Queue 1 \backslash \end_layout \begin_layout Code - --->--- ---->--------->--------->--------------- \end_layout \begin_layout Code - Big pipe Queue 2 Queue 1 / Queue 2 / Queue 3 Thin Pipe \end_layout \begin_layout Code - --->---- ---->--------->--------->--------------- \end_layout \begin_layout Code - Queue 3 / \end_layout \begin_layout Code - -------------->------- \end_layout @@ -14724,7 +13736,6 @@ Define root qdisc with a bandwidth of 1000 MBit/s on eth1 \end_layout \begin_layout Code - # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -14737,7 +13748,6 @@ Define a class 1:1 with 1 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -14747,7 +13757,6 @@ Define a class 1:2 with 50 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -14757,7 +13766,6 @@ Define a class 1:3 with 10 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -14767,7 +13775,6 @@ Define a class 1:4 with 200 kBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -14793,7 +13800,6 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -14811,7 +13817,6 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -14825,7 +13830,6 @@ match ip6 flowlabel 12345 0x3ffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -14839,7 +13843,6 @@ handle 32 fw \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -14849,7 +13852,6 @@ The last filter definition requires an entry in the ip6tables to mark a \end_layout \begin_layout Code - # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -14863,17 +13865,14 @@ Start on server side each one one separate console: \end_layout \begin_layout Code - # iperf -V -s -p 5001 \end_layout \begin_layout Code - # iperf -V -s -p 5002 \end_layout \begin_layout Code - # iperf -V -s -p 5003 \end_layout @@ -14882,35 +13881,29 @@ Start on client side and compare results: \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5001 (expected: 1 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5001 (expected: 50 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5003 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5003 (expected: 200 kBit/s) \end_layout @@ -14986,22 +13979,18 @@ To enable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { any; }; \end_layout \begin_layout Code - }; \end_layout @@ -15010,59 +13999,48 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code - ¬ # incoming TCP requests \end_layout \begin_layout Code - udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code - udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP request to any IPv6 \end_layout @@ -15071,7 +14049,6 @@ And a simple test looks like \end_layout \begin_layout Code - # dig localhost @::1 \end_layout @@ -15088,22 +14065,18 @@ To disable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - }; \end_layout @@ -15117,67 +14090,54 @@ IPv6 enabled ACLs are possible and should be used whenever it's possible. \end_layout \begin_layout Code - acl internal-net { \end_layout \begin_layout Code - 127.0.0.1; \end_layout \begin_layout Code - 1.2.3.0/24; \end_layout \begin_layout Code - 2001:0db8:100::/56; \end_layout \begin_layout Code - ::1/128; \end_layout \begin_layout Code - ::ffff:1.2.3.4/128; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - acl ns-internal-net { \end_layout \begin_layout Code - 1.2.3.4; \end_layout \begin_layout Code - 1.2.3.5; \end_layout \begin_layout Code - 2001:0db8:100::4/128; \end_layout \begin_layout Code - 2001:0db8:100::5/128; \end_layout \begin_layout Code - }; \end_layout @@ -15189,32 +14149,26 @@ This ACLs can be used e.g. \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - allow-query { internal-net; }; \end_layout \begin_layout Code - allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code - }; \end_layout @@ -15239,7 +14193,6 @@ This option is not required, but perhaps needed: \end_layout \begin_layout Code - query-source-v6 address port ; \end_layout @@ -15260,7 +14213,6 @@ Transfer source address is used for outgoing zone transfers: \end_layout \begin_layout Code - transfer-source-v6 [port port]; \end_layout @@ -15273,7 +14225,6 @@ Notify source address is used for outgoing notify messages: \end_layout \begin_layout Code - notify-source-v6 [port port]; \end_layout @@ -15426,27 +14377,22 @@ Specifying a dedicated server for the query, an IPv6 connect can be forced: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -15455,7 +14401,6 @@ Aliases: \end_layout \begin_layout Code - Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -15465,17 +14410,14 @@ Related log entry looks like following: \end_layout \begin_layout Code - Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code - ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code - query denied \end_layout @@ -15493,27 +14435,22 @@ A successful IPv6 connect looks like following: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -15522,14 +14459,12 @@ Aliases: \end_layout \begin_layout Code - www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code - 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -15573,52 +14508,42 @@ If you enable a built-in service like e.g. \end_layout \begin_layout Code - # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code - --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code - +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code - @@ -10,5 +10,5 @@ \end_layout \begin_layout Code - protocol = tcp \end_layout \begin_layout Code - user = root \end_layout \begin_layout Code - wait = no \end_layout \begin_layout Code - - disable = yes \end_layout \begin_layout Code - + disable = no \end_layout \begin_layout Code - } \end_layout @@ -15627,27 +14552,22 @@ After restarting the xinetd you should get a positive result like: \end_layout \begin_layout Code - # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code - ¬ daytime/tcp \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -15702,27 +14622,22 @@ Virtual host listen on an IPv6 address only \end_layout \begin_layout Code - Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -15731,32 +14646,26 @@ Virtual host listen on an IPv6 and on an IPv4 address \end_layout \begin_layout Code - Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code - Listen 1.2.3.4:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -15765,24 +14674,20 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -15882,52 +14787,42 @@ Radvd's config file is normally /etc/radvd.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code - AdvOnLink on; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -15936,28 +14831,23 @@ This results on client side in \end_layout \begin_layout Code - # ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -15980,67 +14870,54 @@ Version since 0.6.2pl3 support the automatic (re)-generation of the prefix \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code - AdvOnLink off; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - Base6to4Interface ppp0; \end_layout \begin_layout Code - AdvPreferredLifetime 20; \end_layout \begin_layout Code - AdvValidLifetime 30; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16050,28 +14927,23 @@ This results on client side in (assuming, ppp0 has currently 1.2.3.4 as local \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -16088,7 +14960,6 @@ Additional note: if you do not used special 6to4 support in initscripts, \end_layout \begin_layout Code - # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -16115,107 +14986,86 @@ radvdump \end_layout \begin_layout Code - # radvdump \end_layout \begin_layout Code - Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code - AdvCurHopLimit: 64 \end_layout \begin_layout Code - AdvManagedFlag: off \end_layout \begin_layout Code - AdvOtherConfigFlag: off \end_layout \begin_layout Code - AdvHomeAgentFlag: off \end_layout \begin_layout Code - AdvReachableTime: 0 \end_layout \begin_layout Code - AdvRetransTimer: 0 \end_layout \begin_layout Code - Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 30 \end_layout \begin_layout Code - AdvPreferredLifetime: 20 \end_layout \begin_layout Code - AdvOnLink: off \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 2592000 \end_layout \begin_layout Code - AdvPreferredLifetime: 604800 \end_layout \begin_layout Code - AdvOnLink: on \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -16267,67 +15117,54 @@ dhcp6s's config file is normally /etc/dhcp6s.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - server-preference 255; \end_layout \begin_layout Code - renew-time 60; \end_layout \begin_layout Code - rebind-time 90; \end_layout \begin_layout Code - prefer-life-time 130; \end_layout \begin_layout Code - valid-life-time 200; \end_layout \begin_layout Code - allow rapid-commit; \end_layout \begin_layout Code - option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code - link AAA { \end_layout \begin_layout Code - range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code - prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16345,22 +15182,18 @@ dhcp6c's config file is normally /etc/dhcp6c.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - send rapid-commit; \end_layout \begin_layout Code - request domain-name-servers; \end_layout \begin_layout Code - }; \end_layout @@ -16377,7 +15210,6 @@ Start server, e.g. \end_layout \begin_layout Code - # service dhcp6s start \end_layout @@ -16390,7 +15222,6 @@ Start client in foreground, e.g. \end_layout \begin_layout Code - # dhcp6c -f eth0 \end_layout @@ -16408,7 +15239,6 @@ The server has one foreground and two debug toggles (both should be used \end_layout \begin_layout Code - # dhcp6s -d -D -f eth0 \end_layout @@ -16422,7 +15252,6 @@ As general debugging for test whether the IPv6 DHCP server is reable on \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1:2 \end_layout @@ -16431,63 +15260,51 @@ The client has one foreground and two debug toggles, here is an example: \end_layout \begin_layout Code - # dhcp6c -d -f eth0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not \end_layout \begin_layout Code - ¬ in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code - Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -16538,32 +15355,26 @@ Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 \end_layout \begin_layout Code - default-lease-time 600; \end_layout \begin_layout Code - max-lease-time 7200; \end_layout \begin_layout Code - log-facility local7; \end_layout \begin_layout Code - subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients \end_layout \begin_layout Code - range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout @@ -16572,12 +15383,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients requesting a temporary address \end_layout \begin_layout Code - range6 2001:db8:0:1::/64 temporary; \end_layout @@ -16586,17 +15395,14 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Additional options \end_layout \begin_layout Code - option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code - option dhcp6.domain-search "domain.example"; \end_layout @@ -16605,12 +15411,10 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Prefix range for delegation to sub-routers \end_layout \begin_layout Code - prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout @@ -16619,33 +15423,27 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Example for a fixed host address \end_layout \begin_layout Code - host specialclient { \end_layout \begin_layout Code - host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code - fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -16681,7 +15479,6 @@ dhcp6c \end_layout \begin_layout Code - # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -16701,56 +15498,46 @@ Start server in foreground: \end_layout \begin_layout Code - # /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth1 \end_layout \begin_layout Code - Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code - Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code - All rights reserved. \end_layout \begin_layout Code - For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code - Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code - Wrote 0 leases to leases file. \end_layout \begin_layout Code - Bound to *:547 \end_layout \begin_layout Code - Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code - Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -16783,68 +15570,55 @@ Create a dedicated configuration file /etc/dibbler/server.conf . \end_layout \begin_layout Code - log-level 8 \end_layout \begin_layout Code - log-mode short \end_layout \begin_layout Code - preference 0 \end_layout \begin_layout Code - iface "eth1" { \end_layout \begin_layout Code - // also ranges can be defines, instead of exact values t1 1800-2000 t2 2700-3000 \end_layout \begin_layout Code - prefered-lifetime 3600 \end_layout \begin_layout Code - valid-lifetime 7200 \end_layout \begin_layout Code - class { \end_layout \begin_layout Code - pool 2001:6f8:12d8:1::/64 \end_layout \begin_layout Code - } \end_layout \begin_layout Code - option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code - option domain domain.example \end_layout \begin_layout Code - } \end_layout @@ -16861,148 +15635,124 @@ Start server in foreground: \end_layout \begin_layout Code - # dibbler-server run \end_layout \begin_layout Code - | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code - | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code - | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code - | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code - 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code - 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code - 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code - 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code - 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code - 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code - 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code - 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code - 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code - 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code - 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code - 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -17064,7 +15814,6 @@ tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny \end_layout \begin_layout Code - $ man hosts.allow \end_layout @@ -17078,13 +15827,11 @@ In this file, each service which should be positive filtered (means connects \end_layout \begin_layout Code - sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code - daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -17105,7 +15852,6 @@ This file contains all negative filter entries and should normally deny \end_layout \begin_layout Code - ALL: ALL \end_layout @@ -17117,12 +15863,10 @@ If this node is a more sensible one you can replace the standard line above \end_layout \begin_layout Code - ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code - | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -17145,22 +15889,18 @@ A refused connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -17170,27 +15910,22 @@ A refused connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code - Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code - ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -17204,22 +15939,18 @@ A permitted connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -17229,22 +15960,18 @@ A permitted connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ port 33381 ssh2 \end_layout \begin_layout Code - Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -17268,7 +15995,6 @@ Edit the configuration file, ususally /etc/vsftpd/vsftpd.conf, and adjust \end_layout \begin_layout Code - listen_ipv6=yes \end_layout @@ -17296,27 +16022,22 @@ Edit the configuration file, ususally /etc/proftpd.conf, but take care, not \end_layout \begin_layout Code - \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Bind 2001:0DB8::1 \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - \end_layout @@ -17516,37 +16237,30 @@ struct sockaddr_in \end_layout \begin_layout Code - struct sockaddr_in \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin_family; \end_layout \begin_layout Code - in_port_t sin_port; \end_layout \begin_layout Code - struct in_addr sin_addr; \end_layout \begin_layout Code - /* Plus some padding for alignment */ \end_layout \begin_layout Code - }; \end_layout @@ -17598,42 +16312,34 @@ struct sockaddr_in6 \end_layout \begin_layout Code - struct sockaddr_in6 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin6_family; \end_layout \begin_layout Code - in_port_t sin6_port; \end_layout \begin_layout Code - uint32_t sin6_flowinfo; \end_layout \begin_layout Code - struct in6_addr sin6_addr; \end_layout \begin_layout Code - uint32_t sin6_scope_id; \end_layout \begin_layout Code - }; \end_layout @@ -17747,7 +16453,6 @@ fe80::1%eth1 \end_layout \begin_layout Code - Host A (fe80::1) ---- eth0 ---- Host B ---- eth1 ---- Host C (fe80::1) \end_layout @@ -17856,32 +16561,26 @@ recvfrom(2) \end_layout \begin_layout Code - ssize_t recvfrom( int s, \end_layout \begin_layout Code - void *buf, \end_layout \begin_layout Code - size_t len, \end_layout \begin_layout Code - int flags, \end_layout \begin_layout Code - struct sockaddr *from, \end_layout \begin_layout Code - socklen_t *fromlen ); \end_layout @@ -17907,104 +16606,84 @@ struct sockaddr_storage \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read a message from a remote peer, and return a buffer pointer to \end_layout \begin_layout Code - ** the caller. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** 's' is the file descriptor for the socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char *rcvMsg( int s ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - static char bfr[ 1025 ]; /* Where the msg is stored. */ \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct sockaddr_storage ss; /* Where the peer adr goes. */ \end_layout \begin_layout Code - socklen_t sslen; \end_layout \begin_layout Code - sslen = sizeof( ss ); \end_layout \begin_layout Code - count = recvfrom( s, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ) - 1, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - (struct sockaddr*) &ss, \end_layout \begin_layout Code - &sslen ); \end_layout \begin_layout Code - bfr[ count ] = ' \backslash 0'; /* Null-terminates the message. @@ -18012,12 +16691,10 @@ char *rcvMsg( int s ) \end_layout \begin_layout Code - return bfr; \end_layout \begin_layout Code - } /* End rcvMsg() */ \end_layout @@ -18084,22 +16761,18 @@ getaddrinfo(3) \end_layout \begin_layout Code - int getaddrinfo( const char *node, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - const struct addrinfo *hints, \end_layout \begin_layout Code - struct addrinfo **res ); \end_layout @@ -18158,57 +16831,46 @@ struct addrinfo \end_layout \begin_layout Code - struct addrinfo \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int ai_flags; \end_layout \begin_layout Code - int ai_family; \end_layout \begin_layout Code - int ai_socktype; \end_layout \begin_layout Code - int ai_protocol; \end_layout \begin_layout Code - socklen_t ai_addrlen; \end_layout \begin_layout Code - struct sockaddr *ai_addr; \end_layout \begin_layout Code - char *ai_canonname; \end_layout \begin_layout Code - struct addrinfo *ai_next; \end_layout \begin_layout Code - }; \end_layout @@ -18617,37 +17279,30 @@ struct sockaddr \end_layout \begin_layout Code - int getnameinfo( const struct sockaddr *sa, \end_layout \begin_layout Code - socklen_t salen, \end_layout \begin_layout Code - char *host, \end_layout \begin_layout Code - size_t hostlen, \end_layout \begin_layout Code - char *serv, \end_layout \begin_layout Code - size_t servlen, \end_layout \begin_layout Code - int flags ); \end_layout @@ -18746,7 +17401,6 @@ For security reasons that this author won't pretend to understand, "IPv4 \end_layout \begin_layout Code - ::ffff:192.0.2.1 \end_layout @@ -18817,22 +17471,18 @@ It is possible to assign a hostname to an IPv6 network address in \end_layout \begin_layout Code - ::1 localhost \end_layout \begin_layout Code - 127.0.0.1 localhost \end_layout \begin_layout Code - fe80::2c0:8cff:fe01:2345 pt141 \end_layout \begin_layout Code - 192.0.2.1 pt141 \end_layout @@ -18937,7 +17587,6 @@ The server code is found in file tod6d.c (time-of-day IPv6 daemon). \end_layout \begin_layout Code - tod6d [-v] [service] \end_layout @@ -18964,314 +17613,257 @@ The server handles both TCP and UDP requests on the network. \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6d.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' server. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer, \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration & error codes. */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) et al. */ \end_layout \begin_layout Code - #include /* sockaddr_in & sockaddr_in6 definition. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation & memory functions. */ \end_layout \begin_layout Code - #include /* poll(2) and related definitions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), bind(2), etc). */ \end_layout \begin_layout Code - #include /* time(2) & ctime(3). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file descriptor. */ \end_layout \begin_layout Code - #define MAXCONNQLEN 3 /* Max nbr of connection requests to queue. */ \end_layout \begin_layout Code - #define MAXTCPSCKTS 2 /* One TCP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define MAXUDPSCKTS 2 /* One UDP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define VALIDOPTS "v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Simple boolean type definition. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ); \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static char hostBfr[ NI_MAXHOST ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name w/o dir prefix. */ \end_layout \begin_layout Code - static char servBfr[ NI_MAXSERV ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode indication. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro for command syntax violations. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "Usage: %s [-v] [service] \backslash n", @@ -19280,44 +17872,37 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash \end_layout \begin_layout Code - exit( 127 ); \backslash \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Macro to terminate the program if a system call error occurs. The system \end_layout \begin_layout Code - ** call must be one of the usual type that returns -1 on error. This macro is \end_layout \begin_layout Code - ** a modified version of a macro authored by Dr. V. Vinge, SDSU Dept. @@ -19325,66 +17910,56 @@ n", \end_layout \begin_layout Code - ** Computer Science (retired)... best professor I ever had. I hear he writes \end_layout \begin_layout Code - ** great science fiction in addition to robust code, too. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define CHK(expr) \backslash \end_layout \begin_layout Code - do \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - if ( (expr) == -1 ) \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "%s (line %d): System call ERROR - %s. \backslash n", @@ -19393,35 +17968,30 @@ n", \end_layout \begin_layout Code - pgmName, \backslash \end_layout \begin_layout Code - __LINE__, \backslash \end_layout \begin_layout Code - strerror( errno ) ); \backslash \end_layout \begin_layout Code - exit( 1 ); \backslash \end_layout \begin_layout Code - } /* End IF system call failed. */ \backslash @@ -19429,436 +17999,352 @@ n", \end_layout \begin_layout Code - } while ( false ) \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Set up a time-of-day server and handle network requests. This server \end_layout \begin_layout Code - * handles both TCP and UDP requests. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc and argv parameters to a main() function. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This is a daemon program and never returns. However, in the degenerate \end_layout \begin_layout Code - * case where no sockets are created, the function returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - int tSckt[ MAXTCPSCKTS ]; /* Array of TCP socket descriptors. */ \end_layout \begin_layout Code - size_t tScktSize = MAXTCPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - int uSckt[ MAXUDPSCKTS ]; /* Array of UDP socket descriptors. */ \end_layout \begin_layout Code - size_t uScktSize = MAXUDPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName + 1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) >= 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line arguments. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: break; \end_layout \begin_layout Code - case 1: service = argv[ optind ]; break; \end_layout \begin_layout Code - default: USAGE; \end_layout \begin_layout Code - } /* End SWITCH on number of command line arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open both a TCP and UDP socket, for both IPv4 & IPv6, on which to receive \end_layout \begin_layout Code - ** service requests. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( openSckt( service, "tcp", tSckt, &tScktSize ) < 0 ) || \end_layout \begin_layout Code - ( openSckt( service, "udp", uSckt, &uScktSize ) < 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Run the time-of-day server. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( tScktSize > 0 ) || ( uScktSize > 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - tod( tSckt, /* tod() never returns. */ \end_layout \begin_layout Code - tScktSize, \end_layout \begin_layout Code - uSckt, \end_layout \begin_layout Code - uScktSize ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Since tod() never returns, execution only gets here if no sockets were \end_layout \begin_layout Code - ** created. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: No sockets opened... terminating. \backslash @@ -19866,354 +18352,286 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Open passive (server) sockets for the indicated inet service & protocol. \end_layout \begin_layout Code - * Notice in the last sentence that "sockets" is plural. During the interim \end_layout \begin_layout Code - * transition period while everyone is switching over to IPv6, the server \end_layout \begin_layout Code - * application has to open two sockets on which to listen for connections... \end_layout \begin_layout Code - * one for IPv4 traffic and one for IPv6 traffic. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * service - Pointer to a character string representing the well-known port \end_layout \begin_layout Code - * on which to listen (can be a service name or a decimal number). \end_layout \begin_layout Code - * protocol - Pointer to a character string representing the transport layer \end_layout \begin_layout Code - * protocol (only "tcp" or "udp" are valid). \end_layout \begin_layout Code - * desc - Pointer to an array into which the socket descriptors are \end_layout \begin_layout Code - * placed when opened. \end_layout \begin_layout Code - * descSize - This is a value-result parameter. On input, it contains the \end_layout \begin_layout Code - * max number of descriptors that can be put into 'desc' (i.e. the \end_layout \begin_layout Code - * number of elements in the array). Upon return, it will contain \end_layout \begin_layout Code - * the number of descriptors actually opened. Any unused slots in \end_layout \begin_layout Code - * 'desc' are set to INVALID_DESC. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * 0 on success, -1 on error. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints = { .ai_flags = AI_PASSIVE, /* Server mode. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - .ai_family = PF_UNSPEC }; /* IPv4 or IPv6. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - size_t maxDescs = *descSize; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize output parameters. When the loop completes, *descSize is 0. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( *descSize > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ --( *descSize ) ] = INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Check which protocol is selected (only TCP and UDP are valid). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( strcmp( protocol, "tcp" ) == 0 ) /* TCP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else if ( strcmp( protocol, "udp" ) == 0 ) /* UDP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else /* Invalid protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown transport " \end_layout \begin_layout Code - "layer protocol \backslash "%s @@ -20224,235 +18642,191 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - protocol ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the service's well-known port number. Notice that NULL is being \end_layout \begin_layout Code - ** passed for the 'node' parameter, and that the AI_PASSIVE flag is set in \end_layout \begin_layout Code - ** 'hints'. Thus, the program is requesting passive address information. \end_layout \begin_layout Code - ** The network address is initialized to :: (all zeros) for IPv6 records, or \end_layout \begin_layout Code - ** 0.0.0.0 for IPv4 records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( NULL, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** For each of the address records returned, attempt to set up a passive \end_layout \begin_layout Code - ** socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead; \end_layout \begin_layout Code - ( ai != NULL ) && ( *descSize < maxDescs ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the current address info. Start with the protocol- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Setting up a passive socket based on the " \end_layout \begin_layout Code - "following address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -20460,7 +18834,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -20468,629 +18841,512 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Now display the protocol-specific formatted socket address. Note \end_layout \begin_layout Code - ** that the program is requesting that getnameinfo(3) convert the \end_layout \begin_layout Code - ** host & service into numeric strings. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket using the info in the addrinfo structure. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( desc[ *descSize ] = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Here is the code that prevents "IPv4 mapped addresses", as discussed \end_layout \begin_layout Code - ** in Section 22.1.3.1. If an IPv6 socket was just created, then set the \end_layout \begin_layout Code - ** IPV6_V6ONLY socket option. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - #if defined( IPV6_V6ONLY ) \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Disable IPv4 mapped addresses. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - int v6Only = 1; \end_layout \begin_layout Code - CHK( setsockopt( desc[ *descSize ], \end_layout \begin_layout Code - IPPROTO_IPV6, \end_layout \begin_layout Code - IPV6_V6ONLY, \end_layout \begin_layout Code - &v6Only, \end_layout \begin_layout Code - sizeof( v6Only ) ) ); \end_layout \begin_layout Code - #else \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPV6_V6ONLY is not defined, so the socket option can't be set and \end_layout \begin_layout Code - ** thus IPv4 mapped addresses can't be disabled. Print a warning \end_layout \begin_layout Code - ** message and close the socket. Design note: If the \end_layout \begin_layout Code - ** #if...#else...#endif construct were removed, then this program \end_layout \begin_layout Code - ** would not compile (because IPV6_V6ONLY isn't defined). That's an \end_layout \begin_layout Code - ** acceptable approach; IPv4 mapped addresses are certainly disabled \end_layout \begin_layout Code - ** if the program can't build! However, since this program is also \end_layout \begin_layout Code - ** designed to work for IPv4 sockets as well as IPv6, I decided to \end_layout \begin_layout Code - ** allow the program to compile when IPV6_V6ONLY is not defined, and \end_layout \begin_layout Code - ** turn it into a run-time warning rather than a compile-time error. \end_layout \begin_layout Code - ** IPv4 mapped addresses are still disabled because _all_ IPv6 traffic \end_layout \begin_layout Code - ** is disabled (all IPv6 sockets are closed here), but at least this \end_layout \begin_layout Code - ** way the server can still service IPv4 network traffic. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Cannot set IPV6_V6ONLY socket " \end_layout \begin_layout Code - "option. Closing IPv6 %s socket. \backslash @@ -21098,690 +19354,556 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_protocol == IPPROTO_TCP ? "TCP" : "UDP" ); \end_layout \begin_layout Code - CHK( close( desc[ *descSize ] ) ); \end_layout \begin_layout Code - continue; /* Go to top of FOR loop w/o updating *descSize! */ \end_layout \begin_layout Code - #endif /* IPV6_V6ONLY */ \end_layout \begin_layout Code - } /* End IF this is an IPv6 socket. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Bind the socket. Again, the info from the addrinfo structure is used. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( bind( desc[ *descSize ], \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** If this is a TCP socket, put the socket into passive listening mode \end_layout \begin_layout Code - ** (listen is only valid on connection-oriented sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_socktype == SOCK_STREAM ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - CHK( listen( desc[ *descSize ], \end_layout \begin_layout Code - MAXCONNQLEN ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Socket set up okay. Bump index to next descriptor array element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - *descSize += 1; \end_layout \begin_layout Code - } /* End FOR each address info structure returned. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Dummy check for unused address records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose && ( ai != NULL ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Some address records were " \end_layout \begin_layout Code - "not processed due to insufficient array space. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__ ); \end_layout \begin_layout Code - } /* End IF verbose and some address records remain unprocessed. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Listen on a set of sockets and send the current time-of-day to any \end_layout \begin_layout Code - * clients. This function never returns. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * tSckt - Array of TCP socket descriptors on which to listen. \end_layout \begin_layout Code - * tScktSize - Size of the tSckt array (nbr of elements). \end_layout \begin_layout Code - * uSckt - Array of UDP socket descriptors on which to listen. \end_layout \begin_layout Code - * uScktSize - Size of the uSckt array (nbr of elements). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ 256 ]; \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct pollfd *desc; \end_layout \begin_layout Code - size_t descSize = tScktSize + uScktSize; \end_layout \begin_layout Code - int idx; \end_layout \begin_layout Code - int newSckt; \end_layout \begin_layout Code - struct sockaddr *sadr; \end_layout \begin_layout Code - socklen_t sadrLen; \end_layout \begin_layout Code - struct sockaddr_storage sockStor; \end_layout \begin_layout Code - int status; \end_layout \begin_layout Code - size_t timeLen; \end_layout \begin_layout Code - char *timeStr; \end_layout \begin_layout Code - time_t timeVal; \end_layout \begin_layout Code - ssize_t wBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Allocate memory for the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - desc = malloc( descSize * sizeof( struct pollfd ) ); \end_layout \begin_layout Code - if ( desc == NULL ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - strerror( ENOMEM ) ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ idx ].fd = idx < tScktSize ? tSckt[ idx ] \end_layout \begin_layout Code - : uSckt[ idx - tScktSize ]; \end_layout \begin_layout Code - desc[ idx ].events = POLLIN; \end_layout \begin_layout Code - desc[ idx ].revents = 0; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Main time-of-day server loop. Handles both TCP & UDP requests. This is \end_layout \begin_layout Code - ** an interative server, and all requests are handled directly within the \end_layout \begin_layout Code - ** main loop. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( true ) /* Do forever. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Wait for activity on one of the sockets. The DO..WHILE construct is \end_layout \begin_layout Code - ** used to restart the system call in the event the process is \end_layout \begin_layout Code - ** interrupted by a signal. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - status = poll( desc, \end_layout \begin_layout Code - descSize, \end_layout \begin_layout Code - -1 /* Wait indefinitely for input. */ ); \end_layout \begin_layout Code - } while ( ( status < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( status ); /* Check for a bona fide system call error. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the current time. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - timeVal = time( NULL ); \end_layout \begin_layout Code - timeStr = ctime( &timeVal ); \end_layout \begin_layout Code - timeLen = strlen( timeStr ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Indicate that there is new network activity. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char *s = malloc( timeLen+1 ); \end_layout \begin_layout Code - strcpy( s, timeStr ); \end_layout \begin_layout Code - s[ timeLen-1 ] = ' \backslash 0'; /* Overwrite ' @@ -21791,913 +19913,743 @@ n' in date string. \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: New network activity on %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - s ); \end_layout \begin_layout Code - free( s ); \end_layout \begin_layout Code - } /* End IF verbose. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process sockets with input available. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( desc[ idx ].revents ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: /* No activity on this socket; try the next. */ \end_layout \begin_layout Code - continue; \end_layout \begin_layout Code - case POLLIN: /* Network activity. Go process it. */ \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - default: /* Invalid poll events. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Invalid poll event (0x%02X). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - desc[ idx ].revents ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on returned poll events. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine if this is a TCP request or UDP request. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( idx < tScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** TCP connection requested. Accept it. Notice the use of \end_layout \begin_layout Code - ** the sockaddr_storage data type. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( newSckt = accept( desc[ idx ].fd, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - CHK( shutdown( newSckt, /* Server never recv's anything. */ \end_layout \begin_layout Code - SHUT_RD ) ); \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Begin with \end_layout \begin_layout Code - ** the address-independent fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Sockaddr info for new TCP client: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Notice that we're switching on an address family now, not a \end_layout \begin_layout Code - ** protocol family. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the TOD to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = write( newSckt, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes ); \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - CHK( close( newSckt ) ); \end_layout \begin_layout Code - } /* End IF this was a TCP connection request. */ \end_layout \begin_layout Code - else \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This is a UDP socket, and a datagram is available. The funny \end_layout \begin_layout Code - ** thing about UDP requests is that this server doesn't require any \end_layout \begin_layout Code - ** client input; but it can't send the TOD unless it knows a client \end_layout \begin_layout Code - ** wants the data, and the only way that can occur with UDP is if \end_layout \begin_layout Code - ** the server receives a datagram from the client. Thus, the \end_layout \begin_layout Code - ** server must receive _something_, but the content of the datagram \end_layout \begin_layout Code - ** is irrelevant. Read in the datagram. Again note the use of \end_layout \begin_layout Code - ** sockaddr_storage to receive the address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( count = recvfrom( desc[ idx ].fd, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ), \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display whatever was received on stdout. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - ssize_t rBytes = count; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: UDP datagram received (%d bytes). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - count ); \end_layout \begin_layout Code - while ( count > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fputc( bfr[ rBytes - count-- ], \end_layout \begin_layout Code - stdout ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - if ( bfr[ rBytes-1 ] != ' \backslash n' ) \end_layout \begin_layout Code - fputc( ' \backslash n', stdout ); /* Newline also flushes stdout. @@ -22705,493 +20657,403 @@ n', stdout ); /* Newline also flushes stdout. \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Address- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Remote client's sockaddr info: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 address. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 address. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the time-of-day to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = sendto( desc[ idx ].fd, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, /* Address & address length */ \end_layout \begin_layout Code - sadrLen ); /* received in recvfrom(). */ \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - } /* End ELSE a UDP datagram is available. */ \end_layout \begin_layout Code - desc[ idx ].revents = 0; /* Clear the returned poll events. */ \end_layout \begin_layout Code - } /* End FOR each socket descriptor. */ \end_layout \begin_layout Code - } /* End WHILE forever. */ \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -23206,7 +21068,6 @@ The TCP client code is found in file tod6tc.c (time-of-day IPv6 TCP client). \end_layout \begin_layout Code - tod6tc [-v] [-s scope_id] [host [service]] \end_layout @@ -23247,265 +21108,216 @@ The TCP client source code contained in tod6tc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6tc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' TCP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -23513,7 +21325,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -23521,7 +21332,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -23529,7 +21339,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -23538,7 +21347,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -23546,7 +21354,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -23554,24 +21361,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -23579,669 +21382,540 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connection could not be established. \backslash @@ -24249,646 +21923,524 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a TCP connection to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to set up the connection. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a connection could not be \end_layout \begin_layout Code - * established. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; /* Connection-oriented byte stream. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; /* TCP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -24896,7 +22448,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -24904,751 +22455,608 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Connect to the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** The client never sends anything, so shut down the write side of the \end_layout \begin_layout Code - ** connection. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "shutdown", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - shutdown( sckt, SHUT_WR ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -25656,23 +23064,19 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - } while ( inBytes > 0 ); \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -25689,7 +23093,6 @@ The UDP client code is found in file tod6uc.c (time-of-day IPv6 UDP client). \end_layout \begin_layout Code - tod6uc [-v] [-s scope_id] [host [service]] \end_layout @@ -25730,265 +23133,216 @@ The UDP client source code contained in tod6uc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6uc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' UDP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), recvfrom(2), sendto(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -25996,7 +23350,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -26004,7 +23357,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -26012,7 +23364,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -26021,7 +23372,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -26029,7 +23379,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -26037,24 +23386,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -26062,1316 +23407,1065 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connectionless socket could " \end_layout \begin_layout Code - "not be set up. \backslash n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a UDP socket to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to exchange datagrams. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a socket could not be initialized. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; /* Connectionless communication. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; /* UDP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -27379,7 +24473,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -27387,748 +24480,606 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the target destination for the remote host on this socket. That \end_layout \begin_layout Code - ** is, this socket only communicates with the specified host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send a datagram to the server to wake it up. The content isn't \end_layout \begin_layout Code - ** important, but something must be sent to let it know we want the TOD. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "write", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - write( sckt, "Are you there?", 14 ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -28136,18 +25087,15 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf index ee51540603558fe03df00522750a340d6476f6a2..851fcf4f04a236571c716411c2c267545bd4eaf0 100644 GIT binary patch delta 20550 zcmc$_WmFtNv@RM*a0|gb1Pc&cgGP|x4#C|uNU(t>xDx_l28Un)LU0H+1P>AI9P1k(;+q=6bWt}N?ovETzMzt*vz^~sO6-$YT z*~@FlSQLnLJHQkR)6gcQ5y|mU+`sPlI*-mnAF|BPvT_-@jD_fn{*ZLSwBzD%r~ZqU z(KXE}GJ0UE=NQ2wlT%+`{XjNr1xiePm%aWsJK883u%}MM&idrL#P?$TXt|8o7lp05 zN$z#OI)=(^_7+2{NDDe2i|Z=B(kgqPn6Ge zJ}Gs-ld8!!tf_w%z#Cj#xz}W`QZ=hKUi{?`oV;+~R|j|9c(PCyO>q|1HSVWLt|j?Z zmVIB2_SyE4Q_OdyM%Z%|i`NfBbj(vpY+%60T1udB@`tTC>amvzE|;dqrD}ITrb|kd z#N*$l2e#K8(#YJ3!yS2?leS-!Gpy%<)s>T-B`GlmfD<(xePcJb2Eo<24@gfIt8F z8s#z7g0f`b#NG#o!C&V!GnKzWSpyO$xBV)^9S)@@P_44QR16RPb{wa?{yUy}ak3Tg zDP^LtR>)Z+rNb$Hv%&UWS9ALJwZ=>y3E5IH6|VO0NBz7OPky%m+q04;-t^7qX9cS` zM}jja2(GH_L+WE^yMqybb?xeo>8{3>6Z{#}wELcPWG*&ae74NvIv%n{?vE%Zn zxLV1Wds;tyEF;Fx%O}Vy^dDX7DH5?gakT^mXMNp_E}@g&#tPdlwKZ1#AEsyP ztouuw4d+f~_g(6(l;*N|-`i^AVibq6s7u^eEsq#o4=^HLu=$yqr^dJmLU#O*T9 zv)SBrTJvu^N&Jni0>OY24bZ8Jjir^7L4e&Z?c4tlsBTx7sz zs=q$7JiUR);I#9w$9Ukp>L8Xvp1)zMCX3&vTiY@N9T3F! z6nB8c?ZYnZywWPW=uhv&U5o?#8l>@G|3L}7wNsZpNz1GVJV^a%7C%or3)~+9sKKC% zxbr0No`F)gxZS7oOsihs+D<;~G9IwbEN!hg+RlZGLuMgFFz-eBd2#sp!1ufG1jq>t zd8a`B>(5X)(iXXrfU4V@HSfj)`szROWbqT8JvF^M&t-ED!7}d%_h}$Te88=p-(6{H z!_PHAhQZ%_W^|{Rr-wTZym}9aKq63&loO41PhZS)4!jy5g0P_;btaBwpQ;`hTW~~L z6i;bMb037@1wPCB{J22({E`fgr#${y*|D{CP=5Zi6^qGvKqMr-c#4atc7A>>iKa4` zR0J9J!&$k@WTyQjR?UQr%)c^vmu%j?(1K@TujOx2l5CgBz+S+Tc&|2q=+bl^k9S#0 z8Ul?o-FjW#8O2jE(!fy+YYq zOhhz=Z*qB>D~|v`xFJ5P>T?Fw)J^D%N zk9=zSM4bw}Sn!pYD3a$1L@YVJU`E#*g#ZLSbh>oy(L=tCC`VFHBB@8XPa4 zr>8y)ymSnw7P*mCnusnn2o_41PiZLS;mY$0syBrLAXYdQ4hI&a$F%fDn$>wd~?lwYWd$MiaN~K}= zreEr$vMxRoZlV-X&09*e)4EgLlkF!_zwb<={+vqj)8s~}p#!MzGidr!yUM0>0^Tp; z6MmS^@f}pe42cgy>j!4lqXUfBFySJ=4bRr5;GO~}&+)Ru)|4nbq-hrpz9Rn$9XzC6 zV!D9p4RpAL4zYda$sEuX?UP^Op&PJt%TOZ**m>2yD@g4go0{;ewb|cRc!!?RWUI-U zW(f?v*wEVye*m`~IB;E~aiVb4jZFV)vQStELZ@^&Gqvp`>xp z@m#Q*t|&=Z(;j+A#q>Z82e7A<;EoWaJJS>$L<%FI;g)f}9;Xi?s2_PFWxpC*$^|zs zYPp*Jqui4c!1OCG6QA@Riu91>1+Btm)X<}YzYnUl@BejG>dHb5^iMpM*$Nfzs!d zJQ3BRzj&+RO?l)g`0grY)CFDy7NA>rvEPBL)fibu zLPi<;W%2I%7^>i`<(R3SMR|Usg&5H_SmG<_X|qRQ)Ua_lCuHtvt5vGrBDEwo>nkAc;wdHbV7jZ5mrQwa5y zW)~t{1R_NMME&x?+dYLmxTp$4(M#=hrK=>5%b#{qJZ*^57u%0c(X14?_{lHrHh5*t zWQty3QO*$c(eFmfP>*mX1+*&Shn@~Xy#`L(FyUhG(~myGDv(NmLyupigItP18s6Da zlpF2JVEVM0+Trxk;!?r*i|`@&S{~~GvCnHHQyZdnpq34xt`2X-EXi$@AvJEeldWQu z0Ve*ipDnR)9^@JO$9i4yq4dC>fevn|Z1uwVTRjt;r?C-0{Ph@=n*BM0#Rd7`*cj8m zK)9#y71)>@2yu%X3KqGH_N9#9^X*C9v8rp=fJZ*ZI-sOoJ79Ni{4RmUhJv*6U4HPz zRXy;Xgax)q+;xVK*Ke#1RJ+9w71eCq(roC3@MW?uv7-6>AC`#1Y+jxYGAUQe(S(~d z%a(OKBR&8Z&2h#5M>9_SX|uUesS6*IS-~q8I$gZce|*bD5!hfKMGq~B)7`SI%Msokd(XFH zEvd&dl>NgNUACI(s2(g4#sEqk_8aCSHuw)Dprnj}EYn7a6G2hWBbD=9IW`TSW`8t4 zL)Q`tEL}NZ=@ATQEnaagcrf3%O7i{iX`#h+-8*nu>>H3OmB4i8n$njI;TvPvP@foA zIh_62RR{DM8>7lyS7qTm4~$gEy>xKO zh#~RgL&lrQp+mmwHD{NFQ?0doviP9#o!8%m5Qp4SQ5N3-R6hCBN0>-;0YD`Z6I?8hSXZ==u;c!Uo29lSt|1D zR!jAqkV?Yh(UB8CuGf3Oh*-mZAc^9PYeuNdr?lc`-bPg21^KJTU zHPTVWdW-AhprN9M4KOsg+GaE*mATQs>tonZ(~hU4Rwdxyw`S}u_DdP84Xz#9h;@M1 z%Vb~n%OhFv{~?4&DiPdt>Z0I_Jk&+ZD|W%1x#xIGVBn>sf&a*TOaP8bXZj??@Wz5A zmHo9S?+fX9y&42Q51Z?JLgxRMCpkJ`XqV$4=R_muv26 z|4qcXmbasQtA%UEmYXEiXmvMSIs4%h$|_a5J%+VP_+$U+T=B_3=KE!jX02VA?^M?s zz=Rw#Ty>f1Sj)89B&eo3-q-(F)R=mn6Q(wz;>CB;fhM&}tyP|iwRk`KpsM(v81~c` ztJ-iTN4MlowhN56NnrM%GQ`!$U~CJ_*%-c?EC-|+tJRb$EoNEogr$nCw1!e`7iqJ* zEH|kRB#ajF{*Gy_%6{vl=s|}10-zi!92Vb3pK6tAk`^WrzdA&eQGu45w-IR4nAY~d zv|Gf`BhjNEUy2*ceYq`?0y3fGnBqKCS=3>gGLH(PWvBEwdRZe zg`$Z`#7nO>)gY?1h1`5f7>Q@O+6b(SG}obUbqX+DSUX^u9>cgGtGv?=Kody_E0AEt`+-2^jh@>*p#%NK(#-VQogcw`$W ziI2(7kB4-vQ(PWEq_I<6!jH4%3 zrm=I4WLZ0Ohu>&1=2JgE7|MXdW1oYG!y4V2k|?&ZV3~W-Jn;el{gqtE?ZIu4mMk7{%h4h5}D%M;@yz= zx%P#k#5$`KLs=n5YPva|={>f8qZf?a8V8(lom zaId;e^higoZsSia<)nXFt!s!fx5_z)c?lzPZggEqF}ycUy-sG06kxM z2LU{C{^hF5w=TAF*6Gyx=auEBHG(LRZlveYyY{TR0(YYWx(Zf${Re#RbitQM`m8SW zB^oSDH8PUCVaRr}^JullNjJI}9U!Z!I%gsGo%CFB#k6?_yUxNCsbI5@DG;iO-~`=Z z>`Q_~rA?7cPd`!LI4Yd|aA4@$cZx>YNTy6Emp>72_@?=v20kwQm-}fb|C7KNl+`Wq4&u(NQf}4|6==ub9!Tf1 z_jEqn={6qC)p+%mW@oPp>0&z>H__xEr)G% zx5dU{wNj;erxHnT7rrU89#s-<%n^h<3@Iv%%k8pU{Wun|&;;IyGa$RWtTk4j2qT}? zA&Hdr>tTPBjFv4LA6rs*Ktid3p5*PA0{*Gro0iL>lH`C+-x9qP!*b6&ug>o!6RFaD zQ7#Idbql=g(>QNFos%UrDF&XNzipo^OeMfrs|l&6+y(au9TNGr>~5z~$wU7)34fXH z#+ETuU%R~T3fi((V!kz7f&c3$gxfo=e^#~&KGjW8={E>ohqcouDa-qTU@wyekFVla zKyvXE1rO4c-Gq-#YFZp$l;w}+*lVSHZOYExbx=j+bGL~-$sw7|IF%c|6uSSJ+ znV}Y+Fb^`+WWRS5>C*rZBf!As@?YdyG=sd+#27F}Lf+h*5rO2&-zuVM^Xh*HV$(lC zOl*R}=IuXlk)3b1SO?z6fh6+0(=6ULI_hday%of#yHwKu0vfaBe@P-wQ}+HWUH;~mK^?!6H z2+){`XD75S_rSokV@*672_}l~|5p1Y)boS+{ZP}&DX|T`VnkZgma+QharN;x;;o|oQ}K9UDGr_aV8gwfd_<3obI%{?Z4!cpiF)=E!m5SeYFBt;djg; zKNz^YV8fkg^P9Q@#wkwWT<^m1&V0GesTAH z8yqV24Vw*kL0==9xa$Maq0kds-mio1uGCys}^uHhZSxD?NA z{eTO1aft}1*kC^+#<)5b!NT*_?w|MQcO7dk7((pYrSV2I87}uH7g=X8hLA^8%|V3g z!Sy*b5_x&z)%1r7wt{lDpSF$Ct5-@sYS!`>=^Bg?^+g)=s-It?@)2x-Ea;Wc#dU0I zC>9)>5Fqf+p*n7tvU_*wc89Q?Q50W3hb+FGPm~Z0PBVf>-7xZ(vgLNyrJd^=f%gLUOvw4(oj;3=V6MJ*FRNX^hY<9Kq&auR7Rj2!x!1!*_Q>bj z{7>&NERy^sx4NkIo72icBd|OqIO_s8LY)1)J}?UBbR+xP z=JgFtWRZL(T-=Rfr!Bze&i3AYFpl#fDJ${De+0N+$5Eu^=xGr!thn(!8 zNwu@R-xk>Sl&c&1aZL4FN(+bmHC9ys*p$KeqSSY_2SiH8&_*90p6q3stl8a5h~KgM z8Bf1umy%-Czwe;0$kmi*hLSJ}o6fNWP*m%2raR#YX+E50Om<|>69>O%uze%vHtbU3 zRoCr2q=-ghX^kbjM&xKOzf=3CH!Vua41I}kCu^8Hn)jP@+X`SZ+QoHfQOY=yo&hHx zus9r%t9PqGCo$_r=e0zGRo)qZGS*|$LHFvgpFp$fu;1KeZRdu%)nPLL1roDM$}TYn z&0O=)mmr7!8-*M`zq=o3sd=3D)kk99fS|5FZvAB9o8%*J`IVg?Hj(gEx(b@(;2OH8 z7!O=l9@(WaBswz9in)5ZHR{4^4YIAh?ylQ?aS0D`!~EnW;^(#7!Q_MKx|mlufjd0@ zyI{LY>DtN*D7v-}*!e>gu}EqZy52S}D&9=B`JrkNI%1QC1@J-e2ZPxd;EdG&pDuVL zQ!7sWg7D0{CO0TgGd2gHUJ_Ju@TX>Uvc~XabkK2hi-Qqk%S_TKD6RrWxP$!FOET@3 z1Y;e#*o&nfs^ieOnPe8 zZ9$yM?*zndrx8upx4DR7vn_yJIS0x3?rQK@b-3*J75Smb@i@@Nw^tu3}6)R=o*7;!fOO4>6#3O|?yB_?{%2+FGM$l*>En$ndH4pt$3Sb*;GWv2`&?eB0+9 zR_QK3>L`YD<*U&(E9gs}jXLjo4M+dp;_;hr$1+X|)DO`P;r@nM1`wpl(Rjjy?OdH< zo2q?*N9FQ*7U(11>x)8xEFk>OH%s~*Z2SAL+3M}V0{r{<{|&L~H{OXV`tCyC zHDYT5b(>Nh?Gyd&)ts!~B!_l&wEhuR^BoL?R5sDiBS`9GicIoes_HkuB9{7Vnm_77#k&@nRcMsS9Y$NYv*ER=EET8G$ z-Ljo6&aTZ0Ja)ifCI7fa7=zEJ#TN+wP%@<t|pYvmQ|1lDt}#nZ-fli zm6(g}F+`T=4z|mF%SgU#QtWMYr^~-k6x^ovE#TA){L2Ly8zTGZGBQhE=9tcyHt4`; z!2&gF!480$wqWxB5QRUR^ZJ-L$^V-h{69q!4~d%0cn~4?rJ%`|{maO9Z>5+3xBG{a znPZQ=_n#PrPrFgjw_Ez4jg%Ejj%MPk>=@X&mp)J8@k{fZ71`i+{UtrOa-P9Tx29qM zRHu^*8gd&=%+^tHzkrQk6tQflNL3jc?_ti_b1HqX3Ng1AXEj)OB9m<>SlJR(zeoQ` z;mNxv2OqC9BOKir{^Y)VXkaEy8x-P(P1r$f7nbLSAK!r^ic_>8nDI_n6mJc5K0z^V zINTj%-*6`v#Abrh-SEIW{on9Tz$Fg?-uhsJd6dMvqCNbq4m=+mjL49kP`$mISZwaQ zp%2#X;$29nn!4guS_%KF??>Y$xV#x(`#w%^Fm04fggp1up=mp9DEVo&ZlpsUn^x+s zU)LAZP-4KV`?XK!4@bvJNnJ3pyAJmsT`F3=aqR9corZ8j>sLnOs%}E{97JCM61{Cq z%Y_o7#WMbjG6x1qlx{79k?dFgt}>2LSMI<1-0><(e->WGLB=b{s2A})H*>@Zpo_vY zVMW7ejkM6Y4jeA4Kk)`4FN6?5vlR@Vnz;Uq?F7q}>(UvP@hk{=I&PK(`P^x7m=#a5 zI(Pi3KKti)V|fVHdf>fXF9qjtplso(&E@YeS#|mj&&V#jBb}0v6l0Xe%-tWv(odzH4-ZqyIVM+(-3K5t!q5)>-MyzZ~TnIW21yS zq;yM1uMNMEWAb;Ya#pE(WlNvVWy!QzpV3FhT^*Z#orYhg)}M?%Dj{`<76D?3aJD^C zqrCE8`09UO1bmDSDnb8dWjc;iz9951*mRu0^?U6_iT578)OY#Qdwn^kC5N0Lf!4$2 z_-B@KdHm}My|H~c(yM$NAy=^W&!F-66KITzxiLPuF@C)<7Ty>YqBYPWJ}_%BsLeg2 z|Cv%M#;%tDwCU#@ItbRyVzmU8VhlIbpJ~Wzvp59{I)&Io(wEy!h+&TSkx6P(EQ-nW z|9WeO4lEw>in#GB#D7hQ&sr~RB;t8ynr2Vd6bqZOUTNnRAb(30T;ZrraNL9a%6E7k z#_S)+N~msr!nqV!FkS9>{?Vm1JnkyQjNh^~0|8CCd+A;U)o8<}66y?0o#G)m|7!{e z`iBNjCao-F$4@@OIcG6%Wkx{VE+2d~WxL9e*oJytR(&-MKkBatq?&+cw_(!)=bOH* zeHG;&74{eGV1#E|XUtCzw9FO1mhW$tHlJ~n!~05as!nGd>F~bXa`*L8jKfkhfNZv$ zPjb`(C1hh0eJ}}&W*;;ipP1BaH$Iz2I_VCSrv#Vtt!q}ac0X2XyQ1#kz&Lh{%_5yD z=QGlDgLi*^RdB9z{hZb06v$(4Kou<|%I=q*2I%CP%5Il_4j?Nne{`s01P@$uCD0gP zHdD5cOOom4Y6&Um@lWbhQ|stv_H7hVW+E0yf9@#Lz0#p91oMWCuqX2U<<-KnA-AD! z%Woeb9R8N{8>i8m-gXiipa1;E#%ZeYs_=XLAR{v@h*9aqkiOQKFl_n>I+2fxx zXjJ4sVO+6~fDNOtEx6Z6BJDGV9@@CUgJ8}2cMgOF#5DO?9c&t(yDF}7!Lm|)iAGoo zOj#^7ZC0C@#Za@YlzDtzo9Dl1kUiOi0&!+yYHXUn(Xl(7vZlCb2YBLO-@cq!9YE956*m*?7d~(89pnVjZ!qS^C=hv)(k}$|( zZauMWCtcHcLr?Z!Fsm^_M>eX#M@QB>LW#lgA&>8lHnY4XqUcq8cZFIat=G%%IWp8< zKyzLLGiuRVqTGTyt}QFtUa;F2_t*{}Ns1VuoGpgQS(+7rd-yV=?X^4Q$p$~SQ|XB2 zkq2p1GLW7BH~7e3qA6F*3qn`mq0NU2ZSA?w!*LEKioKm9{tEkS*9oWZ6sdF=@?@yu zIy7%SSo$7o$c+Q-pC?*1KE;-VY1Hy6X5B#Q$gYGu`|kB-u3h`D)epZ^K9;=taJ}Jj zs%du5%7KaU0`>>r@F78CvF5*!8FPv-?mY&9Uh#iVk7mLy75Jyf%VoWFHy_dl!{Yzo z@{#CZz2;!e%?g46ez+E!8&r`Eg}@qPVX8?e%-oO4!hJ($STdy%hxJ3D%ggmQ42O3L z{s<+>x+(5oK#ZHEmgTh4LNqa>3q7+6Vu@8+?sUA=Y7Ezu3okSY$;~Nt8O})Y!@~?J zoC~SUW|wrwWwZQd+U?dFn;6)Hna$kGbM18T{dub~lo@EDT=jdH+8aQ1a0c+N9$71I z^uvBY`675M2~E2XTVgl-sSb|#SGTN{$NOO=P(CFd%M_FDdo8gzepDU@{Hv?h%KiPY z6eu4PkENVRw^eg2yAM_MF2BvZwQ_Sm%m>Q1#%(!hyy_h5D4ED?+4`V7)qwT4b?n!E zN@FNr1-GTBardjnSfmHlOJI%P)iML&75T1m#g~T3yjOsf*g@?>YdvKGt$>-(eRy1N zIk@A%Bx+xnwei7U=YcmY(Y`KJS~L8tb=Cv+{jkv#zDzCw(tzNCG!(@$Qd)zC<75BK z7H^)GvH^bAV;xQWt~)y80;HB&8+pCvH*;g49p0$i7eh407ZZY%5` znMh#y;tvksCt5_38o>E6ZEeD_b5NX?Ha6Yw2L|q=g=6!|1TmtomP zpqs$@Q?1s4W*lo>+P#7HFC$!fmVd0{REwy~RD@_4NU(alCi3(ZRH1$c9~O9F1Mx~2ZyJ1n5{di za8e!_qv8M*g5FQ8nmL+2;SHyCp(YIn)k>tNgnQ%m2m#&R6i zWZ*$kgBo8SEa9`PU6q1;GRP~g=thiD8v~hql_&O^S=wD8n@c6WXx+IJq|dbUemX`T z%WoSCHTD1wbHRy)LT5i5@cGM7*xk?x^={G7M%6w~&B7%9%riD|A%VBQK7-Zd4P~~! zKU=8);_A1hN&APUxJd??f}3L*6Aff`V+why)zaeL!BN?nhwHIuaDz#)@(y@DWGm6< zGi*vJYY^6|6g>!Qyn)&qsJMY#B_K$(-Fq`1L3*xQxqAzOv1aNQVmQMJL8|EZU3jgD z$+p+en$i6{9lj&RL?#td!E+0zKa&+_pDo50TSh9EZZj*gX^2JrqT(vZe3qrU@A;u9 zNg{J)gISHuSFCqb;Xh3igJMcLnFS?-nmV?{CDqTy?bE*k0_}}1pFQb4;lc*8WWDME znt|)}VG6j8GPCM0H3OL`r26b?z6wk<4t~&MOCqGBfwInz zS5eV_)I9-?ZjHAre~WgzLU3o*W7o-8x0Gh9W{l%;n%upgu5R|t{)H7f2I$B8HoT~( z)pA$TzxXb);MK3`&``r|9F=cE-fP`kL7U`KCfLt6uS?F;bI(x2FutMoQyp!ReV2p& zA8w^-YYjv4+J7+bi7(b?9aRI7U~j!DUt$Mj-SwHFwdg#CN+~RRRrgE^r$GP*jp?a! z?=^{@w6ouz#r;1b26RR&G2*m9kMv zRR6rMRc0z&zTA~ttq+)v;;o$!D*6CQfT(haa=Hq)^F+j?ld!!9wKB8wR{*oc_otWH zFS`R>UZooS)-2cctyz4N`HZ{U{y+VnjoNwO|K#E#;;HMd?uwniyiek9$Y`?y2|!Z^b|tjn=y`M}xgqynmG=d{?j=BMlPWsB;;X@*aKb<9-KN<>Uc<{-s> zS_PY+1c@k>%snagBgx-Xd0*mPTQK)N+;8;Lrm=UiNOtaA>}S8E+)b765)q=3If>7H zS~;7>X~iPdxpRmjztPN1759>B#_Z(lxg(^3OZ!g##W_I3il%H=0*K@m&lwf^d8BTt zSeA(R7SA;o_#LEd8t)d1XcW)U7WjE2Z>p%3h)5RC4dnYBByOt6mWYrQ&ppZatA4+! z@~lJzt$1!G?<~=0-%tUy8%TcLM3Bt){qt3X9a@}5M>2{r97j5YlENs6@~V^w6+wyO zL`Zk4&tv=7umI3x;Ce%xK2YYB+=u)NqQP*gYJVKw2cy0q2>4?7GqWOak6#UplOYme z8JwL=d^~y)2S1MUFIt`BdPc7$9^7>=IEjo*SpPzw_>k$Bzl^86jQ4*+r}c`P=2cIi z6un}FJo8zk3kbX{Bh`|RDwy^I!9l>6 z^P3rn*NETH{}*VWF}XvSvtD+}Ghe@A`y8D(`7DgMk|D}u_QcPeNtYpMpJBWQ?@?Ez zs_b%UU5b=avYDzwZFiSLK+QN!oAQ{$W#xEbmhP6_7=6{aU}@PnVBlQ3^Y~y-MCxLW%1_i)Ne~Ijobz< zCDW3x!;~ee;4_;rqA!`hZpH+^?5(Ft$Wcn{FOKzp9?x&~n+3TZ>G0Oo8|+%wnzxLL zv_+a!SJ&w};(i6-c-=?`kKYbK6BCuUcn`Oq2<_fMGI58~dS&qRv%aXC*r>0*IkBx5)JJ<|QBvJEc2S{~8 z#zJzalyB_S)?QQqw8DF%Xy*^k?E&BjP?bUKr$9`D4;P=r(?S+Jf4zZMZrUDS#+x`iY(AlD&Ct;+yH;RtVBxV@lqo;fwas2ynEw0s?a zujL3cxZPQydSYJ7t6XO80PcNVf?pbK-gg7H(?0Hyq0+_ca4?5SI3n8_nExh8M=$4$ z@cM>-?B)gj*RVZS_S6JD5;xFk*N5MeaRZ(pj9SLwI%>bpYo{ig_*_9AlF=2&B`3uB zp_X!3Ijokl|H-ia?bMPJ>y>f|LVjOHEL9Rgh@*Ere4W>m zrn>#sdCjq4D6@56e97$7(9Aae?T-IE;AUWzf-l9%w}<|lg28dqlI!qvusXGMItzUp znBS&p!=F9=Y3AJV`s3h334rEfz9u>`9Aw)d#e&rOgnCyYRH=Ux&=`(mX$K z^Cy4%VxV&HrE1=nVrPy%so;pQz6Y@`aGxY^=*2)3 z9Geg4jKA~3wgtJ(ccg#r-qbL--MBI>FT`IzAGQuP-33_4$QzeL2OM2QavCl%D9dK9 zs6Vw_OH%sJa2E!Qm}dvAA8(xRj@rz#4F-U`1&&0P^qObj1PUnWVmzqg2)66pEAM4! z^9VMZ`Ler&c5E&Ac?0$vZ_O*7))0pSCO##8Z3WdI9$9vJ1wO^ zwAoBuv^s0J&%&O1Ck{}tOHufFIxavRJzSHbOE!G!D5>eS+Bf(ps@qx*{H@3NC>Nr;Kl5u(wAYSUA-U5tgTu$PxO=!W zz|=6gh=~khJ}CXspV&edf2`d$$p_BhBR2?CJ0p(r&@Zt?LG#Uu6)b<93}Mo?146y$ zVPRVUU5iWAI@z&_`L0*GyzAX>lX>;T*uzbCXU;~NNCpIU$&e;m1O8zxlah=rKNq^+ z&jmb-Hqkt6RLh^7rEQVf@alP0uCM~MtZc-gmO&`K0sR}mxq*fy7r~7<`=!v$II0`y zUDTVs_dq1gNP$BY!tgFqV^MIkz--s~{;0`|qj2@)4X+c$U8Wojo;W}Iu`PJg9Q0Y) z+_$m7!8K@W1Gn08oL%}34?`$_`5iZ~y<@)Rb9_nhcsF@}Ug+U9>>F03XY zp7XAVZ`CD!p?O(VrXahhw`2|5%=7{jC!XvgaCpnaw~jx2p_=_&z0my;;meyK?oX_| zIB0@dU0W+^Lsx62Upl&99^oU|xkcQV^-`g07ybZv-c0{=>}3`Gi=%HMWoxAG zzeK1@u52)>5&8Q47=4*Vzkm3?C_+LKsp!f=*19&--H}uj!7rJ-k*iE(?e}=}Wh#B& zp?V=(GL&Ev8y6TNUfRiDB5F>+Dv&3V^jjYx@%v_6vX*Ch%$cp^Dh@1~TqOL;_I|05 zCw(>D0Y&G46t>$|UOzd`*6FkL-V9(}wk5v)A|-`~u+>58n@P)iYs{drG-g}UUu5Mk zwVszRFIqam&4Bo}Q^7OZ2@yJZT9 zM?12(e%k#j=F)cL)aVTRxaiMvuO(qi1)xioEqhTN36QT1EnVn)N;gR&JY+;z8w}~C zpi%~xskX?+=;!*%((=l)xqtCm!q!7B5NXl z$i9p~fuK0}JtuIVWv#eJ$yQRd>7V;2k$=q%HIWC`hA;v%^hO>ungEQ*`08 zs)|ZKJx#uhDAPHDoq;#IKwdy6bpYGcx_F!1JdW@m`7a~h!EtaBr$c8G%cGHe3r`{X z1xlE-$+j>(csw=zuw7}ToGF$tHPf)2d?g@fiZ6U-Q87Xh(u8R_5rDtbnxcKNRNk}P zu-2m&8V7&m^d(;7+Iu#M)VwiU`(iuwv<0@ki&?k{o4dYeVbj_aT4JdQpjnV#J7UMp zJk_SFK9Kesri@ifj;D;+6>g5F3|7mE|0Uj8e!YB3#<=mg+Z!zfMFKF3oU>RpDuZWSH2~W zrTFw5;55PX75g#ze4LQO^IKj?2jT>*sON^@(rK@|v6)9G?9d&q^Om-Rq-K3qA>|jkUnvY8StyJ-8+`f;xU+jpbazJcx0$*QjaTuRw z>?|gFEY3NsB0=HmBlciY{?fH14UudZ9~tjzJRC&11irKQ;vhbb*y3ied&9gdLK3)d z9sAf)MxU_@mtFT&Wfgbv43gxHUe;+@vcqD1AStVcZe-PqXfn+&?=8YeIrCpLc10V! z*1-E$d-zq5<>OW$2Yoa>=i%$h{IbU(WKU}>_zV)aIr-oGHPdV;V842S(363%)IGbu z_Hk(eA1YrTi8TB_H0VScEM^X0I%`r*a-;`FYFv9M z{4L8S(3&z9cX99f*2`Q3u=?K_Ls?^ogG5ou_iv0Bvzl9Xmugh%b&eH(ho#Z0W9f2_ zwfG`Heo15Q#SF(r(c4e<274hGja3yT*;X_(^=2n#+?{@4_@)226;uXI`r};uZY5tevNTZqH&%0jGLPzSe`m z({>b!URMcMNw{yrC}Zzc;y!6s;Q-$!xp;Q=q%#qC#Q`j%^O2gbWz>O|lx z(Spwg8WSQM!V8%{Ud5R20Cz-|=lCMNw4s*@CH9XY zSPR&+ikc{Z7~bKAZ;&(wkJ_UPOLCJ?phI~q#t=_LU1z@2QrPT7ownIWUP}M@FqUeH zo$Vj%Dj9sBu-QJ3ZR&*OPG;eeuyx;(1TmTfnVpzYJYMRZ|Zz zl$ax_SnKAh=bewv6n;car?Bbgc%jG!2^zj2fvlY@x!Ci|G@!wy$!A*$G%bB=W%R1vG^@e6$_<4QQltq{eNo6JOEUU#9=?fLg zTq%D(Y-AbW4<5!HSNRbVl=uKI})IelgN z(&@!0LFLhaVI+a=Ox7$dn4zfii7bfAQ$;ugKg*R+xV$a< zH|mFyjLD<@2Z_+gW|6s#m#j8Q)56iFr?Tlo)0hT2$V%I1irA|Z5I1nDqJwT>_4`Qjy z|5|=H%e&qfPnTMVbG3Cuf9qv0bd)26v198h^ebmv_eq(31)7p0*OWy;EuqtwUk;nk zOOY65E+1TLqZA#Pro;-o*rsR;gorAyH3T{d<>gT5#Ut zIkXUT3)M6xwT{P2mtjiO{8=kH!ui(JIzD?@wklflHu(I)aQ;Q-Z^202CPYnOXyk#n ziD~nzwjFYW%bOkHvQPe!kv{beWV6DZzy|rbOXV*4`A!M*k%u$`(S3iyan|DNN-1Sc zPp#Z^+*$4Q!WSZFjX1;3_vGs79Kni8kP8W4qqF$9O0m zk+3&fF0*QS_PkZeUymn9{qyc|HPT7#!&vrtS>(G0>e=KC;jX;tLB(0Y%|Z>4xJLUi z=Vtl(mZV0@?g&QOSKIz|HIFe ziPBaF`1iqa(fA~VP2fu8&1cW_f{7=!Hb0-H>b$5HOe+|95@$m;_@zDd)?6&)$W*59 z@H1Qv*H*V`kR#*w6nczAbtRI_*T&M3^V2|gxUNiU99OADj-r#cZ1T8IL;mZymZDdc z24|2xRCX6p{@7+C^ULZ|cpYUJFbq1@LvzE#X1 z*WI3yy9_(bjLLn=wFwC=w%lrTA(bI#+!`FCGZjS{GkDuk$z{tWG8oZl(xhfar5wAA zYceBYTt?C`%zistbyn+iR%?CNXZ_yid4JD(*Zb$YKEKx=ll(XQs_a**h4{&V15BP( zQiy({nhPH*(m{+RU~_8?5`O+QO<~1x>wa5h*d`Tw%&eEo?z`pXGkoCCOGmk}LLK_Q z{$Z2=ex0V?Me8Y|^&y0GVO_in?n;BoVZ|zvs%D7xx$d5^H4k_Bh3nDFuy%@8h0PIL zx&7_#C&rA2OL@4l>i*Knfi;V+{VhuI7n_sTPbkJUYEQ_;&HruOTx*Tl=KtoW5To+n zNi);3qp4n}WNU6HHV-K=&VI6O9QS03*OY8Xmq(SD1Dp}4CeS_tg{f(>4aXftun=EqL3=c^?|5h+_jmQ2Ix9hyr)~bIz-+Ir z;&0DZ<<>b0o{+daFI0FrH?RVqS5Z)E(ztQ)VkxDIDP9{f!;q6!MS1%$Yu5pbZ=qzF z1t4=2>WY>I{E*s4jT11{y_Z$5P`admLd;iRo~XJxT35%>eTnh1LGswueavBbDE*5k z{as_UB=uPd1KIL5r@IK6J#XV+BV{G2axDzG7D>*!=cT}_|BCfvI|sPz`*FeC=ag-v z5aTSRX4m{J{@6&3+tRwFCIzND^k*4M{TB?SAO z5WmwHtcGc3HSWATX*_NvEw;gP%zxn&>c!3q;yy=db%!@+_0O%dz9Pr85bWm++?Q?H3^8Uq#ezj>&idM-by_k+qt~GGu}fR+32GPnxY*CgOu^>&V(GRt%=RJ702QG5DmA5yg!t{!WC^o43HxsbF)?P4Km zjke*ao)bjgZi8m!Ww!M(>2s$}<(@|b^QdX+{r_|izE@7n(lr$79f!E1-FjM&9m#s< zRibSuJQz#fnGn3+=1U9QNr^WfiKN7n>q%+UIU?~bPAebb0U3TX_#(7_sBKz9)5dMm zX}5|`A~}l0*D;*eYl3igoYD_`wO~BlfixPQTw;A3EDh}^#+xrE*aliJw9hb2InBi7 z@fl_%XCW_Xh8e+GaQNsu)Hx;&Gia$3uKmCkn_DGqXrhHK zX?HSFL)W{2X;g&A$3{Q6B+ceb5fkBaW3=PKauuK?glYiVLa6*V@bkIhcD87hsmbl4 z9Mp+SWM{EkYEk8JjLABVuOTLT9k?jpTjHFpfN{~upywh?m_;Jf&rn^@3HU7qBk=!< z`jK@)@_ryi2(nQP2Q8MAXR0O%P%2*{)*n9C$KXQLabY>ivotG5_LBkbsjR%Ucn5$w2Ja4ZP!b#T_8#`v=~QuO2g2( zRy-s+v}}UXPjmgiwdbKA{6Z}X3%}DjkAG8(I*fPr;%>G@g!8KksIzz{Bp2Rf=Fis@ zgU+p`*y|oJj(3UTBAO5h{A!7w1J_$r*GHr-iX3&gC{g8h%45;aYus%FB$G2GN|S6x z@k<$$SE60Z6sF)7gE}vAvgaC$&0eo>pYA~PvnV6o6?0{73PUTHP^KU?0xh`{m z@NhfqwP)QCnE`urpV@iYQy#+GUCJwneqjiE9Z6>$MQhoBt#RS)0p%5#%V)`+VhPRr zlvfa~4+jU`VVyy1?E&vSG8t_L7M?b<)N;Xxm{wjrWj?JOJQI-GC{*rso{YwU-CGP6 z7hT0*$>f3MdF7<3+y4X6jbZPmw@O^4&Ovqz=X+$7z*HQxj|(gdp>F>7vQG*s_EV?$ zNli#={vUmmUcBohS4C7TF?49((S%ar-;fwExtj=P-u&|I)VHF136jXZE^@|lO$msT ze3UqNfQu%ebos@}l#W&Qz>qX7n~?+5ilF8|p$HV}L7*U0VISY${AW3!KMOqy9Grz3 ze}ei^>^X-8oW`<))s*Y?TVxd9L%jQ5UM_9-zV?lQrsJV4IPyiByHz`kXVM#bcY=JC z<`Lhn!!unBWonU0csJ#CHTghFF@Ddbc6r;)W&HYr>^gi@+Za(ABleXhiFBn9gI;Yd SKsXE4huSE>;TZ2-3V#6yvWnaQ delta 20443 zcmb@sby!qE_%^H{-Abo~q;yJ(bcclG(jc8u3#-yCp-Y2whe)@SbeD9ez_Qem-vNL1 ze%Jec-#_nl&3Sg_nP<-&X7--@euk5@P5*71zM@lFb?Ew*)Nv`_<0T%+ik#c44r|ht zO&oX3>;g&w$Jelg^}7(GRup4V)E-O4-&X`Zcr#y#UN9ZX%`Z$ma@5POyA?cIBTAZ% z`8x}eRj#e8dMcB?4mIUNVyT^Fc|86Y;#?F$_>9cZD+x@a^D*i{}t_!X%q*yKG=o`XI2s)P;6-rHn}E1KId zHM)*FjbDBhe5kd(Elc+M{FOx;S;Q)CPm@d}7*G*bdRo6O-Jf1c6R-|z<^DC!8H#aa zc{^Ke@D15_vt~YnR#Y)EUJu<{)joX*bK7mw@+bO@YP8#zm|P)@L2xShHaEnOczmNv z9?lyJQAs{{E#-Kk=ee|L>B3SdiTyg?TC!Ewt}QxK@DJD2o9ia*_am=@{ZNJ8#$@m} zYmwYF`iSf8~(lG80kw#QBztHjaV7$BW$tcLJe(#`Skg&m( zlI?RqCdqxscvSDWg{3xHq#B{j<$S{vNvibW5ajC_Go6NZ*y3O4{YDJuT+BDZUZgqL zkKzybgqm=2|L8-dHg7CjeK?i9UsYW+w6t%YE(8mRjpM{`v zJO(Z#;6etjC%}aQT&Tc>R*TMozG=qF^@>}FpNo%|jf;ngi;IZ`lT*dXLfX{b@;S4# zFb@|u9~b|Bgw&G8qPt_hm6qb=l9qhK#VaWL=9MhZ8$m8vE?FLa9`0ANLVSYUJmSwq z|9?Y_FgcYi9j)DMp7ZeVa|y)5NSGiD3%>8>?^32c#oN|JDN&yyB@Hmp(#pBwzRDP; z-LiQ8DYdns6vT2mmab!9SHf;I+_m6SJ@u=))Mzxq2V+`?y;4U97oj4fQ&C9bTv)wd z4fRloV5-TQ^PazjD<4oKCJo;-9G(wYi=S`#L%)9gdL!$tr{}GwsiR|bY25+I@Btau z6xYRaemXw>p|aP95a43V{LxgBC(&P!Q?GUVAz-~ZHH${d88iNDHu<&CF8nn9&_%3`q&J(8cB(xR$jEkFfA~+Z2%CpuCcOHWk<|UUF+)ZwwAzKhUTYl27G1vj?HNOcr|z@mxovaDrh!1<3B%w*e)kDE6mpcL&Kh3Z#psx1@)_`5`)ZHf?b zI#1Z&mB#MKC*B>NkVMX3guSQHoF~n{B0I0!JmWauP%7Mn9r7)`$otIvEnMt0o=2i? z8I3PIT+_B%!g!^zO)IMJ=ULAl_#{eEXSG@)`1e*~_`)$Th@W^p0h_$bGf?P!x7L0a zJ9zkFU0b7)r1-)ZmS)9zW`?t5ApS}Z=)zuNYKd3wGJXk})cL#3D2^}$oDN`Za8FWr zb6px|M?P_Qc=JrBbu6M+BhQS}3PD$~TTn0)@v0?sk^pcVtX3UeOXCm|`MThNM3!jp zT^kW=+O0BO#`Y@_L0gaBR+8WydBB3mTEU^5(X~NjYFa)hNfSOTUIkvUa)=_t8PD3I z7zo^9Edol={;Ib&zzL5R$v2rZjt!Sq`u&4r`c zec5dbGZ^L)9#}8$CC9fh5x4;H2znzX^Wt*EnvGde`YL;iQ1ln&4Wh%Nzgu%dTGd^? z;Mi^2S~E`ZWs%|9sKS{DJOl?^ril4$6=L3!0zL(10^H{bJvJzG_3 z5n7bj=rZ14j+igKcd)gDO6CA}`L;fUJ$bCnP2>y10of4dexHdryl@2@B!)L%eBvYy zXJ+d%zV7t=;`FTQ#J+dy zJvBr%uc4%-? z%B{DZAgqCB&T+$yH`CC8x6aA;6_Nqok?yVd(P;o}>X%;|z6TzX!9@+1i`RYon$V#a zQ!p`8<6t&00kmhJ*f}bu1w_ML4(Y&YVQdK*NO6uB&d)6WJ22-QGR%}-j+f}ULY;xK zyys`N{CJ7B#dpB#V+fcSUJkQ{t;Zl#VGE|+Sdcyv#8Wjgw42o7RoE#pFVb1uAvvgN z9{mGahMFYEiA$()~U7w-GqjZaOjcxzokO+%)=IhG`M;h}~&6$bkF+9#|a3 zFA85y6S7+M8{FLal1Lgcr&($3uarasJ_?8cV2qvR_goxu_e}t?}1O+#rIbH%x4?;yM$H5gjcSiu5o&3;eNA? zBh$|YN;7Am&CeiWkRkg=T`iPZl;#4T%|I<3o(c8HgjdJ(EjpX3z&$kf3*Yjo>tveX_*>dWq?qNH8-FhEy_l(grd+fO{@Ja7&H2feEgJ zuH}QVzyw>Ayia$YW_S*j6EyTY2MvpCO}~V*8m>jG$5eoTT{3oC->T)L+aq_=;LtX&a}h82WBGQo2^jooIZN5fi3g%X`jt!UVS95$ljk}r^97R zcpw8LM{&a`o73{6NbW~nS?V48fx5s_#V(eA2YwMN<=O*|UL9NGN7KwvwMWszOzq_c ziH9r5pr%=AJ-Y*Csp3KBC1aD$z(N(}mA~&Dvk$-@nzP}W6V@lBUwyTCW z?fiophUMi0pDDqcO$9oP#kcmyA8^K0pVydpwel!qJ=uQ{a*wl@UgPD7AuH$^o~b*k zR&10T5v1;1G3_qm8Dn|>aCS~H&Y6_I%$MOAwex^8YnK%NAyKTY3$S8}f43+e$;C^H zakV6p?}TTiMy@uO7;qlL6?icBO`Wyq{LtGQ9ZERuqWZTXCmxZ#xa6ag6aWnoW~mg*mT0zr%bE4s5k{b zFSL^+FPQ|ZmtVYW8Fwk5btM5cZQ2dUe-Q+Wdn?N&($z1*5GVY8L1bZwPn;+Juogkt z+NlM>UsCF7fjcMB1pel`EX!(v!u81VIJvaf&K1Q$uFB)*jf%I%tguo$@yE&;=B#Ij z6u`2ie4|(*x;j?@w{#{u-a8F0N=n9$cN@*_jJvEKCyEbh?JwC~(2Z`adv@K5b!;hx z?ErLl+nhe!*#8rJTQ<|`v^_A*#hohv7HASfI{jfcYR2 zZ6w_2y#5G$P-iBLRh9qT6P zYWc@|@48mxcnp`_T7=WgW$BDo;TyB=fvSxDt-naHWWKRPw1UVyFoZNWl`HVbco*R0ltn-qEYTdxNJ<0zcL<3= zH0`NQ^8$ZnK6ue1pMH?=>U;~V>XgR|%-78eP$#RVRwd+cIihZY3kcE$69mXR0W+z! zKexGxlN}CBRqILwW%!u-{?Zbx%d9>K@IaQ~J3hjFij|PN&aJDc9hCviO5NKo&B{Z> zUrT@d;$hjACw&OBuK6}d$wx);tpbc*4>f+J)HAtS*jim|NXD3N2xeytdjp{mxwi4749wqJdqau0MaHqe`c9tT*;c;$Z}Ek4!~bffus#L`g6 zvFR_=wq<0#%MX7}x$0&ta2oDS8hwPg5SZ+>57Mj@Jkj^c6He?|7RqqjDnx=mNnNjc zuJ%uQ5@#3wqr(LI-B<9JscThU%3|i}Az0v_sXh;ExGI#+#o0jw5f2kTeZVNoS)ts( zp1RLPFw2sYvY5qUpaD3}rzp*v;^0W{Nj^2#;V&`q46nQcUSzxr!qtffl(vMvzt$5) zn2Up=RsS*K*0V(|QAUxqzkU% zpdTtmCOWTQfI?j#GKHa_ydmysDVC6$^9xc5k8kw^0x$$|EN049ucuVuOf966wZC&>%W9_IT033%_dFUqnD+Yd{pyiK z=p@4WLoTwm^%G&zau+Yh-on&jbTP-T*c1Oe5F%ttsjtwBj36~0TuJ)ZRMtcdE_1z# z|0Y2|JmO@6!wTIen)CPtu0-4lQpWh_!hf8o7Wwvp6FI{<`tK8mtZlme=@rxr&(1=| zO_jPX>(LC%UPmc~ZrSN*PZbC2#UNjB<#N#c`O0HZr#nRz74`9}>eO&8?&8>5P>M2a?b6xS0mO+ z%|3Kcw7j#(;#>SB(h}NEyy<(_z!gA`YQiYJap9uR-}{cOPW;gAi;RbSxU?U z7FSgL$_=cTnlt0tOwBI=@%E(aPWz9V`h3v}UwR+(XH~eWzsbSJmjEz&AM__&<#1i( ze$ndf1rgusDb9|7P{9GK8A$(D_PWJC$mR7uKrTO#5yXr4i&ngg5AlFFy+}rpq*CVu zwK3%nTrq&;q0n9R`p1hRdWAA0$oKd`eZpC6jvvy! zDrYtE2mR@4bIko9WG;Yo4+1C|g4PH9sb;KF!|N1a27xCZ2XL|5UdsZ9XhSkAuwZuP1s zu8XjJNodmr9q0T+x zL5ady9FCt>Y2okf0SmZ^_Z9IeMlK$ZyUbf|9Iw1T={^1mUZiDwP@=;<1-)(qrxl-u zk+{4cP**>}JKH^vZE*3X-~n{?PXxS^@Au8cFeWu_JK7Flr#)u4-!&n?9w_<%yf+1F z1E@1Y)|P3a-S&Zu;#*tsa!Df3`vJ0H1Eh^>(~jGdGxYmyldd8psnHZKV?3l+3RuE^ zl87G3O>vtQIELl%BR2_3APsxqzKrpd-Uk^fp25So_D_dSH$lnJyi$QA51_w%!fHq! z3e78~b1wRdd<5N@3p%Z$LMc`4s+Z@37}ZdAxroIkxyVX%9gxpa0`z|``hsQMuPutx z-Ul%XzZtOzyb+!USW;rPvk9a2;!XCKeL&dUb6*oy?#~%+0xZ4Xel*laU3AS+v$%K& zx;r{;>UQ&%P(Lv^hA3nsVw&;DTA24Aq-Z@4m)?UG1*VL?83gPzRfDkP z;>3lc;NkqAz5mpx;BEYa8qH86i`UShS$PJssShihApthZ(X0%IXiprE`hppfeuP=j zT$|Q@#8+^vp{_i6e$;k~FVK87loAd3ze*W}=4uq7eIaj|M5d^~;z${pITjceBV8q4t?qTlf z4pec_ho}ro$3PXZDpvPgB0z^3ZZOzAG$AnWe2ND~6lXiSV6g(S4#KMo1uLovIO2oH z^%FNX`?absQ8d=~SqBZICx)Bidl(?e*B-EGeM;?gPl*|xy)gO#(F9z6&*{eX3)4-< znGO<|Nay`A8bNEoeRdBt|K*5CqhM6SN!ghf?)Z+GEgY)ncxvI*pT!@K;Yt|USDgJglv+(a-XAUBuJ+<;QTssz?3NN z2T6w|uug%5B>|AripK)K7-z5zp5th%YD}<@Ryd$Up?WBfaITLWSTh<}zu8&O z9;r|%%%bnO_0|TUres7G!F?haHcqDGpa)a#L>?VDX%9nD;T0d z)<=}aZA#3q(cFKrdEpq1;5aR_HwBy@Jr@7P^yM5`i%P!jMhuxq9YdP>`SEK)X-mzs zv)Ufce2Y%YI#j_G>N<@#rBg-Se`wZ>gJLeH1mBR`ekZb++4io(#cNxNZiq5F;RjE! zm4T#QX`>i?$2g(Q&*C-O^V%hF|6FE07)iDeOy>8Q%+HH#!If;mfvnUnsdm(ex^!*0 zZE3f+uPLf#hx|xdO2pJt^K85}tqPs=@#7k3%};a>$l=|r*M;2CuUOsx`?K|boGiKu z&hL+?Mli~kA@^8l`c!*_yV!wtfu8ZYX889w*{nGIoVCT3@{1f3s^4co^BGYE2g_CS z9nbAcSLQ$COC5MVY1ss#!VTH{B0eSAdit*H{l%6n)%($(H{i}hjsej(8`hbE{`C~% zwyUKdqcXLB>J3}F(XZ3`HL@(;ED3ED|@WZLWQoPF!YRT$Wge}+RaYsp~kEOeeK zwvj%C_A=SC&2a{6?87>td|hlr=6iqXvMBexrpfjleZ-Wl-?vGe%#=Ztpn3(C`k&I*w%L>e2i8&?I5J1(e+l&h2%-|t@k zIS>E2dEpt*29_)K-A>$*t7);Z=lpecmy=V1(Ugbm ztHNa2IMj27InpyzhN$qP*bfeHMjGnysKZlRCfh!=KYX%~{MSkH&=LfpqC|$wIx$ACuS6#cmFqc&lPIOd^E!T-O1@5dtbD*sCfQ32))Pu_p4;XP28KKy?bYuESIt~;NY zL&ts~B-p#*Q%b>9nU!Ew2oqwSr4A!Gb8CIa5Xv#iu8us4PeD~Nx=8LBC-)3BWZr>Xj;D9RAZj96Ji|q)?bmnQfJlfvS;#t-2XpAsJ;ZH;cHj2vs_)qdr9Jq(OtS` z)9RqvtGP!X1a8kIh>Hnx_(r#rjV#Y(BUf&5czvWcY80bhj`%js>0{VxV{(%vavCu; z&YAujRhrR-@j-Dl zm$hFdkv7yHfBo{=qXG*4fzAxUx_TZs{KE2X+pFnlVa$w%^2v<{6MtWtC>C@@U_L11 zh}8JCyPfT@JCjs=BXRP)?Z|pWI-}9KN<)9jNsJ&uJYS*5JAP_E4`uKh7SyBGAvglx z%Dw%)LSt^sz79##C(l29aSXF2@BT!G5es3BZV{{4a{@#gV)In#c|RCy1G2S3J|FU7 z8$T3!)rhVFS&3G*!62oA6I=*sY#&W*N7Tz)E;gA&n_<7 zWh**lPj#!G84i~A1?+WdH@1`3vFdsiV?&DnpvksCwEv>%#uh8P6l1QWD0zR2FdvT- zxKO7D@!JQ<3L&QnZ>x4#*5P=ru(*HZ=*c~IeuI@%lRXusjw50sxF53Z7$H#Im^oUk z-J`RI<%P45+`#&r`gOVf`4GeGtv;_-?T4C!z2(OZH0{1dnklAiUeS6Gf#Q4zo$=Wc zrsSw8NX0fR+^TfDVNAA`+(CIXhLGE%vboQ_krmooJn*wv_%Y+Gb{Z0NsCejOp@%j{ zmTr=^t_QWDYPoB5OP^swQUCI;&!je2Kv|#18EgDjk)eILt9I+IKq8Os#vk9Wv##1@ zC%Q?@x*M9{$^Vc-DAU`;e8^h$>Y!YDNM_L^j#*ugdrefftn1N1;mqE;OVt#DcSIom ziDw(idefH)B0FIVxJ?`_z`iu+$>!OP@s8}vl*r>^1)RKMQyqgN%Zo z?~`i<+;AglQlAJi_NGgaqZL$K5xKOE{nc%_QLF`Z$lghEB~?NV+tJDRd;MR{axz_6 znzbtLL&I*4%O#S<-n8#2xE{sy*u@6k#8rTvo+;J&V@#JngQ%yU^*8wIO+$;?(J3K& zP}3Wp5>T)oylKf|rnZm4dxShM;I>9wVdz>pF>WuV>5{R$rMKAWc=x`V($bsf|dhH+*|`rJTy_~$$Sh@_;|YxX>|aJXRgX=#Ep^ww20g$SOKyKI2nK)CP3-KSa6 z+Et4rF)3FXWH8%mh!#LcP++3_ETd?P}^Bq`x_bRol<@NC;|1Bw0XG zfXNS&O)kpEgJenBnNsv_lzd2*s&CwpyNV^^8Pe)6KoqG#ZkhS?ZjU*By%=GSt4Gq6 zT#}caliNhye%|{}fP5~C8}LK-{zJ>?F8(>OAMwPDe2X`fES2*)qZ4sk(_mzDLS$HS zlH*89oHtgUwbi1OyTZ;J-QL86Bm}L3e-9{fG|}wTd?)H+jRu=n)?DW`c4y>=MACr5 z`rRH<|H74x9#U_GB^vXQ7qO5?*f;50?qL0=h#sh42Rbh%L^P2>g6K`Xv?jEn1DyjR zAsZh}c?UC%yPnGR^3tpWYwR7%l=hQUbATppNzGMHVb`Pq%0V|hq}sb2agwfgq;D0q zhi&xYuJU7j3qAH5uG$aK06xX$p>Y~0CmDy^F~Sc3ln9{Q}az?y7AT8siQ{I!r$|uez@-$ z2YO_{S}T#PsTx7NwvS1Pt~4rX{@ZA?WV2c(U;;*KU(SiK_wbG#HWuip1=mz$j9yfV zlQ4{=DM-*b6?%F9p^+8&)KZHb5@~xw@uIIlpHv$wdz}n031m0zZVAV?!&H%s zFC92o7PJb(84%@%ft)C^uk!>xx5pF?R-lY!rm$*1q_z)vo8E}?*S`Oe)wUbWWH1C+ zuU2mlDN+SW;g4$=&{}2fK2qvpn0ST{S5uQz7866}o<4zycJhr!;PWbTN-1+RV>a|? z3bsp+O*o*79RyHkYBgH@Kvz{rmq-hnww||9bW`tpJ(@67mB5`J~8E>xKL1~EKJg0dbs9V0(C_pW4z5LGbx=pgx2+GiU5zjS^ z+^c-hpEwPHa+h#EQAF`?w9>#4; z<&plx6ezbKr@6jy_s^zCGH){8W8f&#Qn|f9(GSXf#bLf`)ZN(_`O1^b?SRM0+;A_9 zfh;9zTA4k5pGS7uGP10n^c|EtmBXCDsQaQm@;k&Wsg_&yOt`b{-EmV?Y{fcRIC?cx zFDH8^eGm3KoIoe@V>a)_?k3%=rl_zoX>STQ!!WaSgKomw$S?;ow?90aKP{E5`>|y* zObV@TS3psBVSm&M4L6O0$kNQl%$Q{h*3yRXelcp%f(E8ZS^#M2{D?;_b9yJf8 zmV)?Dgw%Yp!FEuKbMjn!_1oOp$|{slDre;QE4L6Yuk@oq5E(BoZ?J_`Fglm?M_MFo zg4eq5WOd(lg9iq_(2df3BXeDsvW~Z4iBoEP*KIQp`Jr;)iy|3a7e32C&j5DpFD)Q0 zc~s*YH$E?Kj@8LG%Yk15*g>KvBPQRt&v_ucIr71TVg6N-_0S~Rg=8tKZCu0?2^$k@ z6+YV*g}4m}X}MzVwoV^*m;JmtqrM0~=cJ8Uu|nI+0rCY`{yd|pZTF(lKU!4;W)=?o zo$C62Ui{qQHMnLo_Q;)~dN&^Y-0yVajZ_3!K&_-|7Vm6TcA_kEIR`{L@n;uITrD7j z{v%_$*=|L$Akd&G*GY9AQKV1lXpydYo82JBh^e+4Cg0;J8>Eua7TxTXqD>4#xNnwXM7LWMZYh8;!C?>8RE_^AEOBWvxSrGgo{pYGbg> zhB{m0k1hrLC?gZvaPq7h4PV`;gGxwptx3-NDDfZU0m^pbpJBQD3Ea5f%i?*`5_WQw z^KW}q2P4z?c5{@OEQQAvyy3RjG6R1~Rr|*8q!K4~b2Rcde-4$t&Q>M&NWPh^f2MrB zpCf0DeKgrHhnP`X>T3F5I*JyI;B4@LGHFfDi1i;9@1hlIb&@v{o!BCv z=ATOo*n8&nH4LJAf0|Xlbb#jm{ZYUk@#mj$5=N!k_#v$?o}K`@qgG>ygY?tYmk@c) z>i>B83HsuQXW`q6qaX4d2BP1B-1H7OltwqMlG)cX=i-k=S}E~ZJNu8_^-`f--g+N6 z`iCrCjET1Z^DVxg$3@QsYPtGD+3>cVesADJ%*W5oTk|$0CZw>s?A6x<3B;8txy2uQ z*Y{Q8O;%M3DdQ$|@7?&fA%k{h$nml%wV(B}1}{&+QlLYtqsvW7nqPu%kbS|2%t4hH31588@0_5O5GLS$x;hiWZdLxfo%(?k;dF*OKw z8$@d?-W!o|Qmh>u&+?x1CnU{vAadae)r+wP!2k!N%MqI9m0Tf*+3Mv-N83Sf{zOqpXB(s#q7$h_By@TXkB}MeJG&b{V4l#coc~| zJD3IjDi}i|fRx1WBk6519>Oj1n&@npdqVIRwL`B2!v^HK1`4XA4ptK z`WTxybZ>guX6U(1bt~k|%F0Y)I@b+psl&YMg;V8fm^NAuNaAZuJ!~aj5Kd0j6>z#2bC%yGOj&4_@;k05GZp@s{g1KMkTPTD2;}7T+$Vr zZy$+=R{j!pDmG872wvDFC82bK#4v71fGA>0IBSJBk?r#N25s$53v;epuW~QmV?UXy zHgHIAI<@3#tG#3;oiivs|M90{aW}<8x_nm8pqL*;cM0YFnpbtbJ^yPvyVGY}n!3~d zQ)R+;Z0wR!XsaxP{SSUSF5+5Y;Z&TCQryQU!O8K}lRth|D|I%WNOA&a1_mT949(+RM{dzYuEaA&%V6y;F7JC275tvBL>w^6*{0+;<2H%19em_@ zqkw<1r{a<{Z;Gq>UuW7uhplO%e#ZpRTcJg!L)4LQZ|=w8(g+UYDIpG?{Ke%xwHhQL z-^X{~0LO=-a7Nxij7q_)#~m;H;JXsVz> zHmI6({pFb*cadIfN!Ld!){?GwR+XTL_I_4(_HK5lnS}M?0j8JG%u-ds6*xgVHlo)(g5ynxM};X~7@wR?kKRe&d@oZ=Xi$X&Y7 zEXJs`C*>G3J8J!$Q8pte@tGfi+0zrtP{gp$+MM}r)!D`ex3oDAh2B~_3&&QhQO?%I zJ4M!)P0?#y<@F06H_u2+e!5=Sg`VA>o9w$ZCZ5TJ_#tHh2ehqfDSjD3=cP)0cNw5a z5X|*TfMKIG4g;z>itdDbq`L}j8%1X_{i`Xe6&Yd^d{Ez8_!Eq(g)xV98|0pUPlLT~?ha5?y6jcq7w-UDB%9#Z=zaz?PQ=S^9-;18QIOe6{EWWN1=@&4v6}L6n4)d9`|hn5q6!U2x_-}ZQ7%bk~!5+1XB(N zJT|;_4Sz*RRTe%FVCOhCV#_Mj8mX`z_pGrjw2oMb z3BRijXdiKKw6^iZMe#y$w1?P4P;ken}xeOcg$_h$X5*bym=LZys>h{<2+37u@vcmectbFHMZFUBOr8;!i_ z1-9mxkFw2tySW(-xbdBH9DVz6KIl_OFE2o#D2!64s{k*a|Ti4Sm53{EyWk_FmeDI{V zVU)qn#!CRN`?GaQ`|{zwzcXCn>^bRin#Y{{R21#(R8AHb1!srWVae6oA6DMhY9HS( z=+#0k2DgXOQ3T5@h6B9kXCq87JSh*GM$uKtu`G( zibs?2srehV?I|AvQERm@^{e1tZ@=fW6mH)H9mQ5M<+VL45AhP~+@m$dgZTuOZK-R* zL^ygt_~mlAr(a4!)Wr@|_Fkbd?9poBdHehxmrAETKKYU#A}Y4NL#w9NG-jaC1vy&k z?1;|~;So#N`L2v->BBrOl|a|R2Yv=(CPH%5s%Qk-IzkCX*7=?bk?<@IWt?J>Y37ekk5i|3i`KEQf(@JQC zocQrTsZADyB=Co~2| z%PwIETndy|UfO7KUkoKveBa2FQj)uT`n9u_Cjed)_0hjrLGrRX(OKYg?EWP`K$L2I$9Wti zH(w!BfGcR^p`I7OLzS?TsT}fZmx^7XYw6-C=R;7YEgF&VyvC&InJ-W&7?BLZWp%HM zujpVn$MtbfoLrO~!6n#b)^1yBAdFG|h>PTopGp7ZxmE}?VHTYR$w>}cJ&SGtIhC*C z)}UZxS86@(H;pq>=85b=zYD+*xSH&F7rCd4Z=OT?7T+AxERqnY(RU?AQi)_}UF$yu ze!JX0k%ckbr`)nh+|^vN;gxf*KXRMWJUip=ZGGDA9jA4@R^!FY8d>;}+w&v}us)Ha zp2{eZ8m7t{QL$zNH~!{_pCHWU(q!~~m@GQ-m2bkodMIo}FHw4Kge@r+68o>k1SupC zWtDs}3nFC8c}Lsz5SB%(Gx6)8Mifh2I8w$%N_#y2%LX`XBXk+em!XGDhUq8E`vF&VA835P!BQD=&rJ zT^>N{*Ggoz?1$W$ctwRDurp8q6--)(OjyKZG6Hb}?zTT@)W^4G z_+QUB^p2l+duk%qB_hy59gyaYE?x;B;RCtf?b2XyhWU1DqQ7{YR?B4?j6~~#^6hQm zvX5*0Uav|SlVE-N{QAEJqdfntcYd#PQm)7`SoMhc%WgW z3gNGxSg_ztV}wFe?7xq%le@+DcdKL^GJU-}>+oV;B~zNb_swdl2sFHRt*-B#++CEz^Q=g>k%AyLG?^b0b!K4DyeIixSHV_zjbK};GMF@(?^5^^w3%~E!qJU4F@@wu zq94~MF-IVt%qbrcG{$Zc@={R7Fl`;QLy#XtC?8ZQX z3VN`BE)Ef*9AZwqtXD`nJ+m4T0u^Lh~(3f zy>cCg$E1Erd#+^xlhS)j)%#ClmPPS}OR z-8GWW?aXl8y*xbqveAg#dPI;@)AIu9EA5tm{J z)qEMa_)$#!#N-lT%=wf3dY69ofm*Zts8CtCxCVa)|J-NduWfEI{EvKH1o_@G{T7Qw zDpFPVF+;|8|D5^Eu_k>6DJSju-zV>xXLctxc_byz%aT9BIf)Hgg?n;sZVaaabo0LeHs_GtDM4^I`BVlXKNH(ur zFbnu4+cDw2EufS7 zQ2t47JNRV@W8;66Z!Pw4ahp#!&W~_^(F&#J+^QVX%)X(NE9?_@2{*5gr3SuT z-n1F?(h~#EZdN(t0{=X7-uoHdR05RPI6aC#)`MRM{&b5M3v&KPq30}qD0aIRQvzpt z&EEH=6f(Ps)ah_nPAl+zCwRtZlf5&T*Kyb}+QI5gK_bObKz5`QzhtI*dXE2eGgrBk zW!!ElR(vERXy#RLWY7%fy?JqODDDkGuoucIQK;^7<4+bSaYX3a6$VPCOkYY~|3K=+ zWMKQ>RUTf_!!LSWfb<=c>7zc1Em47Xrp6~(l#ZvEB>&mg`J|7MP55n9(utuEvZWCi z2>GvZ?kfXE%%YDvNHATT#3Zqvu;c%HJ%aQrTpyNKERjPoAyu+@#ZhOW=v-bN;2cIF2wYEh@GwzOUpR4IIN#y6a>ICmHg zMImUOkWoVivQtS;q12_S3B=uGhyEZJk&ZRvKMT?nDz1b-W6?2hWzsC^ z=1|Ld7uB4GUZMC=8>!@}$=654Pu{&~E2=2Ryecv&?;F?Fu4HW}=H8RhE(wS4dasGC zY8xqPLR`3vn~UBN?Q6Fi|1(?KF2>qK#lgcR;TJ_f4-BGB03w0`2JjBQ?$rI-UL;f= z4lh~SCWy$Y_`!~v_+I?moQP7^fVpD*%-f3P3NiujA$4^}BaoIgb z_E5(&Xcvlaj55jVUATX@44~M~GrdMyfx$m$l_*n^p;6_yQuYoWNM_kZy!dl((@-c3 z)ED^4HV!rz_=!@UFI3M?7&R&_G-I5_H26~NlY5+V%#iFlip=2b9?*MXt1YvL25ecC zbv|xU*5pN7UBMc8oOXn1EJgDFv}*1_O`K~S78J8cO)4TF$en;(A}9(XAO;ErITZ*O z1q6q16A8&7VnQUcq85%oEd<%M5`j^RTCJLB2_P6+6x6*&_c8dD!hJXI|bm7Tc02%Z< z-*PBt5%JY@Y&T|MLA(UM@}zz=r2dB)b*{EUO^D02_h48a7$}(GocU7e;7~($xkh&J zCF*34q6gliL(mx-tTlg-^A_c$f@Cnh<67%eP*gH}gBNxseHox8UzXAU=izm68Gmg9VhjwMEa@B8CtEzc8yCWkPWche;(>ub4lnxwMBB556e^uP{2jWSM?Q!E*yQvYwhUY?J$CITX z)#H)j;+wIwS*cLV{YZ0O+_+xvvxunT`Ih_L#Ic$A;+(aW`|5tS8>>^byJjAiQV1*{ zGs~yuo_QsS^#%R$SRZvsSaE-K-1rgc*^Zh3y~yIrAtV-#p1xFiyl#AP+zpW=|Hi$r zR>NFjo#b>gs+kAM&8p)sfse=TIQkTvH1u*4@pYtvI*ISidxnD~dIjw<_bFBV$nd#V z?6^}ub?nh^OZ&9na7Fcg1Nz_f9%8#z$;rZXilj9+`!nNcZvE7_hmfT7>9%@EQt))E zh$K+fF5ewTZST;&8(2vwHY&wdjF0r{ zo9=CuYYXD7$+#rLgJg(d`WH&Mn9GH#x?rMXJ;oVcuxBNyuzPqrNKq3thEy{7>Q%|Fy5B)~kwCS6)1X z@p51_Y%T|MKT?#YA#$zb^|RVe+m&ZqUs(GTEm_-mI{Lg{nRfuiAUIreu`IyR;8NH| znP6{R&sogLQT$fRvdT&V(4CQa?|+ba$pl&BL{GQyGKFg1A8Fa#oq8?Q1_(2 zPNd(mu6gyU{(#2#krf4xA6TZQUUW)@NDwWb1Z92`u$sIyym_Ck{1ddqru)Y;v?Z~Sbl(Cims*_?FgX3Z$JICcc)V>W35mW?tY692+U!MRX zfIMi(C8s1S8UFDlK!n9F0s9Z71I845&2FDmG!vGu9Ca^B#iDt z4)$1@rj*klk}#?cVf9#frNHBmk8tOVW?s}1hnB8^Z1jb;pQESNz$=-Q9Z0&TO&Ut& z^I<(^_&Ow|!FnfpdN*u}eZ_V1K%qX!i@9?GImEFfpkB%Zb0mpl9g5Linux IPv6 HOWTO (en) PeterBieringer
pb at bieringer dot de
 - 0.66wip 2014-05-02 PB + 0.66wip 2014-05-10 PB 0.65 2009-12-13 PB 0.64 2009-06-11 PB 0.60 2007-05-31 PB