diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html index 719bdd7c..e330fec7 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html @@ -58,27 +58,10 @@ COLSPAN="3" >
The goal of the Linux IPv6 HOWTO is to answer both basic and advanced questions about IPv6 on the Linux operating system. This HOWTO will provide the reader with enough information to install, configure, and use IPv6 applications on Linux machines. Intermediate releases of this HOWTO are available at The Linux IPv6 HOWTO, a guide how to configure and use IPv6 on Linux systems. Copyright © 2001-2007 Peter Bieringer 1.1.1. Copyright
1.1.2. License
This documentation is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Note: an overview with URLs can be found at http://www.bieringer.de/linux/IPv6/.
With 2002-11-10 a German translation was started by Georg Käfer <gkaefer at gmx dot at> and the first public version was published 2003-02-10. It's originally available on Deep Space 6 at With 2002-11-10 a German translation was started by Georg Käfer <gkaefer at gmx dot at> and the first public version was published 2003-02-10. It's originally available on Deep Space 6 at http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-de/
This HOWTO is currently written with LyX version 1.4.4 on a Fedora Core 6 system with template SGML/XML (DocBook book). It's available on This HOWTO is currently written with LyX version 1.5.1 on a Fedora Core 7 system with template SGML/XML (DocBook book). It's available on TLDP-CVS / users / Peter-Bieringer for contribution.
Code line wrapping is done using selfmade utility “lyxcodelinewrapper.pl”, you can get it from CVS for your own usage: TLDP-CVS / users / Peter-Bieringer
The special character “¬” is used for signaling that this code line is wrapped for better viewing in PDF and PS files.
The special character “¬” is used for signaling that this code line is wrapped for better viewing in PDF and PS files.diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h -¬ linux/include/linux/in6.h +¬ linux/include/linux/in6.h --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 @@ -0,0 +1,99 @@ @@ -1919,7 +1908,7 @@ CLASS="SECT2" >2.2.2. In between
2.2.3. Current
2.2.4. Future
2.3. What do IPv6 addresses look like?
2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> -¬ 2001:db8:100:f101:210:a4ff:fee3:9566
2.4. FAQ (Basics)
2.4.1. Why is the name IPv6 and not IPv5 as successor for IPv4?
2.4.2. IPv6 addresses: why such a high number of bits?
2.4.3. IPv6 addresses: why so small a number of bits on a new design?
3.1. Addresses without a special prefix
3.1.1. Localhost address
3.1.2. Unspecified address
3.1.3. IPv6 address with embedded IPv4 address
3.1.3.1. IPv4-mapped IPv6 address
3.1.3.2. IPv4-compatible IPv6 address
3.2. Network part, also known as prefix
3.2.1. Link local address type
3.2.2. Site local address type
3.2.3. Unique Local IPv6 Unicast Addresses
3.2.4. Global address type "(Aggregatable) global unicast"
3.2.4.1. 6bone test addresses
3.2.4.2. 6to4 addresses
ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 -¬ | tr "." " "` $sla3.2.4.3. Assigned by provider for hierarchical routing
3.2.4.4. Addresses reserved for examples and documentation
3.2.5. Multicast addresses
3.2.5.1. Multicast scopes
3.2.5.2. Multicast types
3.2.5.3. Solicited node link-local multicast address
3.2.6. Anycast addresses
3.2.6.1. Subnet-router anycast address
3.3. Address types (host part)
3.3.1. Automatically computed (also known as stateless)
3.3.1.1. Privacy problem with automatically computed addresses and a solution
3.3.2. Manually set
3.4. Prefix lengths for routing
3.4.1. Prefix lengths (also known as "netmasks")
3.4.2. Matching a route
4.1.1. Check for IPv6 support in the current running kernel
4.1.2. Try to load IPv6 module
4.1.2.1. Automatically loading of module
4.1.3. Compile kernel with IPv6 capabilities
4.1.3.1. Compiling a vanilla kernel
4.1.3.2. Compiling a kernel with USAGI extensions
4.1.4. IPv6-ready network devices
4.1.4.1. Currently known never “IPv6 capable links”
4.1.4.2. Currently known “not supported IPv6 capable links”
4.2. IPv6-ready network configuration tools
4.2.1. net-tools package
# /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is -¬ IPv6-ready"4.2.2. iproute package
4.3. IPv6-ready test/debug programs
4.3.1.1. Specifying interface for IPv6 ping
# ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from -¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes +¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec --- fe80::2e0:18ff:fe90:9205 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip -¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
4.3.1.2. Ping6 to multicast addresses
# traceroute6 www.6bone.net traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 -¬ hops max, 16 byte packets +¬ hops max, 16 byte packets 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms @@ -4085,7 +4074,7 @@ CLASS="SECT3" >
4.3.4.1. IPv6 ping to 2001:0db8:100:f101::1 native over a local link
# tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 tcpdump: listening on eth0 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo -¬ request (len 64, hlim 64) +¬ request (len 64, hlim 64) 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo -¬ reply (len 64, hlim 64)
4.3.4.2. IPv6 ping to 2001:0db8:100::1 routed through an IPv6-in-IPv4-tunnel
# tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 tcpdump: listening on ppp0 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request -¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) +¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len -¬ 64, hlim 61) (ttl 23, id 29887, len 124) +¬ 64, hlim 61) (ttl 23, id 29887, len 124) 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request -¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) +¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len -¬ 64, hlim 61) (ttl 23, id 29919, len 124)
4.4. IPv6-ready programs
4.5. IPv6-ready client programs (selection)
4.5.1. Checking DNS for resolving IPv6 addresses
4.5.2. IPv6-ready telnet clients
4.5.3. IPv6-ready ssh clients
4.5.3.1. openssh
4.5.3.2. ssh.com
4.5.4. IPv6-ready web browsers
4.5.4.1. URLs for testing
4.6. IPv6-ready server programs
4.7.1. Using tools
4.7.1.1. Q: Cannot ping6 to link-local addresses
4.7.1.2. Q: Cannot ping6 or traceroute6 as normal user
5.1. Different network devices
5.1.1. Physically bounded
5.1.2. Virtually bounded
5.1.2.1. IPv6-in-IPv4 tunnel interfaces
5.1.2.2. PPP interfaces
5.1.2.3. ISDN HDLC interfaces
5.1.2.4. ISDN PPP interfaces
5.1.2.5. SLIP + PLIP
5.1.2.6. Ether-tap device
5.1.2.7. tun devices
5.1.2.8. ATM
5.1.2.9. Others
5.2. Bringing interfaces up/down
5.2.1. Using "ip"
5.2.2. Using "ifconfig"
6.1. Displaying existing IPv6 addresses
6.1.1. Using "ip"
# /sbin/ip -6 addr show dev eth0 3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen -¬ 100 +¬ 100 inet6 2002:d950:f5f8:f101:2e0:18ff:fe90:9205/64 scope global dynamic valid_lft 16sec preferred_lft 6sec inet6 3ffe:400:100:f101:2e0:18ff:fe90:9205/64 scope global dynamic valid_lft 2591997sec preferred_lft 604797sec inet6 fe80::2e0:18ff:fe90:9205/10 -¬ scope link
6.1.2. Using "ifconfig"
6.2. Add an IPv6 address
6.2.1. Using "ip"
6.2.2. Using "ifconfig"
6.3. Removing an IPv6 address
6.3.1. Using "ip"
6.3.2. Using "ifconfig"
7.1. Displaying existing IPv6 routes
7.1.1. Using "ip"
7.1.2. Using "route"
# /sbin/route -A inet6 |grep -w "eth0" 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global -¬ address +¬ address fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local -¬ address +¬ address ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast -¬ addresses +¬ addresses ::/0 :: UDA 256 0 0 eth0 <- Automatic default route
7.2. Add an IPv6 route through a gateway
7.2.1. Using "ip"
# /sbin/ip -6 route add <ipv6network>/<prefixlength> via <ipv6address> -¬ [dev <device>]7.2.2. Using "route"
# /sbin/route -A inet6 add <ipv6network>/<prefixlength> gw -¬ <ipv6address> [dev <device>]7.3. Removing an IPv6 route through a gateway
7.3.1. Using "ip"
# /sbin/ip -6 route del <ipv6network>/<prefixlength> via <ipv6address> -¬ [dev <device>]7.3.2. Using "route"
7.4. Add an IPv6 route through an interface
7.4.1. Using "ip"
# /sbin/ip -6 route add <ipv6network>/<prefixlength> dev <device> -¬ metric 17.4.2. Using "route"
7.5. Removing an IPv6 route through an interface
7.5.1. Using "ip"
7.5.2. Using "route"
7.6. FAQ for IPv6 routes
7.6.1. Support of an IPv6 default route
7.6.1.1. Clients (not routing any packet!)
# ip -6 route show | grep ^default default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires -¬ 29sec mtu 1500 advmss 1440
7.6.1.2. Routers in case of packet forwarding
8.1. Displaying neighbors using “ip”
8.2. Manipulating neighbors table using “ip”
8.2.1. Manually add an entry
8.2.2. Manually delete an entry
8.2.3. More advanced settings
9.1. Types of tunnels
9.1.1. Static point-to-point tunneling: 6bone
9.1.2. Automatically tunneling
9.1.3.1. Generation of 6to4 prefix
9.1.3.2. 6to4 upstream tunneling
9.1.3.3. 6to4 downstream tunneling
9.1.3.4. Possible 6to4 traffic
9.2. Displaying existing tunnels
9.2.1. Using "ip"
9.2.2. Using "route"
9.3.1. Add point-to-point tunnels
9.3.1.1. Using "ip"
# /sbin/ip tunnel add <device> mode sit ttl <ttldefault> remote -¬ <ipv4addressofforeigntunnel> local <ipv4addresslocal># /sbin/ip tunnel add sit1 mode sit ttl <ttldefault> remote -¬ <ipv4addressofforeigntunnel1> local <ipv4addresslocal> +¬ <ipv4addressofforeigntunnel1> local <ipv4addresslocal> # /sbin/ip link set dev sit1 up # /sbin/ip -6 route add <prefixtoroute1> dev sit1 metric 1 # /sbin/ip tunnel add sit2 mode sit ttl <ttldefault> -¬ <ipv4addressofforeigntunnel2> local <ipv4addresslocal> +¬ <ipv4addressofforeigntunnel2> local <ipv4addresslocal> # /sbin/ip link set dev sit2 up # /sbin/ip -6 route add <prefixtoroute2> dev sit2 metric 1 # /sbin/ip tunnel add sit3 mode sit ttl <ttldefault> -¬ <ipv4addressofforeigntunnel3> local <ipv4addresslocal> +¬ <ipv4addressofforeigntunnel3> local <ipv4addresslocal> # /sbin/ip link set dev sit3 up # /sbin/ip -6 route add <prefixtoroute3> dev sit3 metric 19.3.1.2. Using "ifconfig" and "route" (deprecated)
9.3.1.3. Using "route" only
# /sbin/ifconfig sit0 up # /sbin/route -A inet6 add <prefixtoroute1> gw -¬ ::<ipv4addressofforeigntunnel1> dev sit0 +¬ ::<ipv4addressofforeigntunnel1> dev sit0 # /sbin/route -A inet6 add <prefixtoroute2> gw -¬ ::<ipv4addressofforeigntunnel2> dev sit0 +¬ ::<ipv4addressofforeigntunnel2> dev sit0 # /sbin/route -A inet6 add <prefixtoroute3> gw -¬ ::<ipv4addressofforeigntunnel3> dev sit0
9.3.2. Removing point-to-point tunnels
9.3.2.1. Using "ip"
9.3.2.2. Using "ifconfig" and "route" (deprecated because not very funny)
9.3.2.3. Using "route"
# /sbin/route -A inet6 del <prefixtoroute1> gw -¬ ::<ipv4addressofforeigntunnel1> dev sit0 +¬ ::<ipv4addressofforeigntunnel1> dev sit0 # /sbin/route -A inet6 del <prefixtoroute2> gw -¬ ::<ipv4addressofforeigntunnel2> dev sit0 +¬ ::<ipv4addressofforeigntunnel2> dev sit0 # /sbin/route -A inet6 del <prefixtoroute3> gw -¬ ::<ipv4addressofforeigntunnel3> dev sit0 +¬ ::<ipv4addressofforeigntunnel3> dev sit0 # /sbin/ifconfig sit0 down9.3.3. Numbered point-to-point tunnels
9.4.1. Add a 6to4 tunnel
9.4.1.1. Using "ip" and a dedicated tunnel device
9.4.1.2. Using "ifconfig" and "route" and generic tunnel device “sit0” (deprecated)
9.4.2. Remove a 6to4 tunnel
9.4.2.1. Using "ip" and a dedicated tunnel device
9.4.2.2. Using “ifconfig” and “route” and generic tunnel device “sit0” (deprecated)
11.1. How to access the /proc-filesystem
11.1.1. Using “cat” and “echo”
11.1.1.1. Retrieving a value
11.1.1.2. Setting a value
11.1.2. Using “sysctl”
11.1.2.1. Retrieving a value
11.1.2.2. Setting a value
11.1.2.3. Additionals
11.1.3. Values found in /proc-filesystems
11.2.1. conf/default/*
11.2.2. conf/all/*
11.2.2.1. conf/all/forwarding
11.2.3. conf/interface/*
11.2.3.1. accept_ra
11.2.3.2. accept_redirects
11.2.3.3. autoconf
11.2.3.4. dad_transmits
11.2.3.5. forwarding
11.2.3.6. hop_limit
11.2.3.7. mtu
11.2.3.8. router_solicitation_delay
11.2.3.9. router_solicitation_interval
11.2.3.10. router_solicitations
11.2.4. neigh/default/*
11.2.4.1. gc_thresh1
11.2.4.2. gc_thresh2
11.2.4.3. gc_thresh3
11.2.4.4. gc_interval
11.2.5. neigh/interface/*
11.2.5.1. anycast_delay
11.2.5.2. gc_stale_time
11.2.5.3. proxy_qlen
11.2.5.4. unres_qlen
11.2.5.5. app_solicit
11.2.5.6. locktime
11.2.5.7. retrans_time
11.2.5.8. base_reachable_time
11.2.5.9. mcast_solicit
11.2.5.10. ucast_solicit
11.2.5.11. delay_first_probe_time
11.2.5.12. proxy_delay
11.2.6. route/*
11.2.6.1. flush
11.2.6.2. gc_interval
11.2.6.3. gc_thresh
11.2.6.4. mtu_expires
11.2.6.5. gc_elasticity
11.2.6.6. gc_min_interval
11.2.6.7. gc_timeout
11.2.6.8. min_adv_mss
11.2.6.9. max_size
11.3.1. ip_*
11.3.1.1. ip_local_port_range
11.3.2. tcp_*
11.3.3. icmp_*
11.3.4. others
11.4.1. if_inet6
11.4.2. ipv6_route
11.4.3. sockstat6
11.4.4. tcp6
11.4.5. udp6
11.4.6. igmp6
11.4.7. raw6
11.4.8. ip6_flowlabel
11.4.9. rt6_stats
11.4.10. snmp6
11.4.11. ip6_tables_names
13.1. Server socket binding
13.1.1. Using “netstat” for server socket binding check
# netstat -nlptu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State -¬ PID/Program name +¬ PID/Program name tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN -¬ 1258/rpc.statd +¬ 1258/rpc.statd tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN -¬ 1502/rpc.mountd +¬ 1502/rpc.mountd tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN -¬ 22433/lpd Waiting +¬ 22433/lpd Waiting tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN -¬ 1746/smbd +¬ 1746/smbd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -¬ 1230/portmap +¬ 1230/portmap tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN -¬ 3551/X +¬ 3551/X tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN -¬ 18735/junkbuster +¬ 18735/junkbuster tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN -¬ 18822/(squid) +¬ 18822/(squid) tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN -¬ 30734/named +¬ 30734/named tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN -¬ 6742/xinetd-ipv6 +¬ 6742/xinetd-ipv6 tcp 0 0 :::13 :::* LISTEN -¬ 6742/xinetd-ipv6 +¬ 6742/xinetd-ipv6 tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN -¬ 6742/xinetd-ipv6 +¬ 6742/xinetd-ipv6 tcp 0 0 :::53 :::* LISTEN -¬ 30734/named +¬ 30734/named tcp 0 0 :::22 :::* LISTEN -¬ 1410/sshd +¬ 1410/sshd tcp 0 0 :::6010 :::* LISTEN -¬ 13237/sshd +¬ 13237/sshd udp 0 0 0.0.0.0:32768 0.0.0.0:* -¬ 1258/rpc.statd +¬ 1258/rpc.statd udp 0 0 0.0.0.0:2049 0.0.0.0:* -¬ - +¬ - udp 0 0 0.0.0.0:32770 0.0.0.0:* -¬ 1502/rpc.mountd +¬ 1502/rpc.mountd udp 0 0 0.0.0.0:32771 0.0.0.0:* -¬ - +¬ - udp 0 0 1.2.3.1:137 0.0.0.0:* -¬ 1751/nmbd +¬ 1751/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* -¬ 1751/nmbd +¬ 1751/nmbd udp 0 0 1.2.3.1:138 0.0.0.0:* -¬ 1751/nmbd +¬ 1751/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* -¬ 1751/nmbd +¬ 1751/nmbd udp 0 0 0.0.0.0:33044 0.0.0.0:* -¬ 30734/named +¬ 30734/named udp 0 0 1.2.3.1:53 0.0.0.0:* -¬ 30734/named +¬ 30734/named udp 0 0 127.0.0.1:53 0.0.0.0:* -¬ 30734/named +¬ 30734/named udp 0 0 0.0.0.0:67 0.0.0.0:* -¬ 1530/dhcpd +¬ 1530/dhcpd udp 0 0 0.0.0.0:67 0.0.0.0:* -¬ 1530/dhcpd +¬ 1530/dhcpd udp 0 0 0.0.0.0:32858 0.0.0.0:* -¬ 18822/(squid) +¬ 18822/(squid) udp 0 0 0.0.0.0:4827 0.0.0.0:* -¬ 18822/(squid) +¬ 18822/(squid) udp 0 0 0.0.0.0:111 0.0.0.0:* -¬ 1230/portmap +¬ 1230/portmap udp 0 0 :::53 :::* -¬ 30734/named
13.2.1. Router discovery
13.2.1.1. Router advertisement
15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router -¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, -¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, -¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, -¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: -¬ 0:12:34:12:34:50) (len 88, hlim 255)13.2.1.2. Router solicitation
15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation -¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255)13.2.2. Neighbor discovery
13.2.2.1. Neighbor discovery solicitation for duplicate address detection
15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has -¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255)15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has -¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, -¬ hlim 255)15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has -¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim -¬ 255)13.2.2.2. Neighbor discovery solicitation for looking for host or gateway
13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: -¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, -¬ hlim 255)13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor -¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255)14.1. Red Hat Linux and “clones”
14.1.1. Test for IPv6 support of network configuration scripts
# test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main -¬ IPv6 script library exists"# source /etc/sysconfig/network-scripts/network-functions-ipv6 && -¬ getversion_ipv6_functions +¬ getversion_ipv6_functions 2001112414.1.2. Short hint for enabling IPv6 on current RHL 7.1, 7.2, 7.3, ...
14.2. SuSE Linux
14.2.1. SuSE Linux 7.3
14.2.2. SuSE Linux 8.0
14.2.2.1. IPv6 address configuration
14.2.2.2. Additional information
14.2.3. SuSE Linux 8.1
14.2.3.1. IPv6 address configuration
14.2.3.2. Additional information
14.3.1. Further information
15.1. Stateless auto-configuration
15.2. Stateful auto-configuration using Router Advertisement Daemon (radvd)
15.3. Dynamic Host Configuration Protocol v6 (DHCPv6)
16.1. Common information
16.1.1. Node Mobility
16.1.2. Network Mobility
16.1.3. Links
17.1.1. More information
17.2. Preparation
17.2.1. Get sources
17.2.2. Extract sources
17.2.3. Apply latest iptables/IPv6-related patches to kernel source
17.2.4. Configure, build and install new kernel
17.2.5. Rebuild and install binaries of iptables
17.3. Usage
17.3.1. Check for support
# [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support -¬ 'ip6tables' firewalling (IPv6)!"17.3.2. Learn how to use ip6tables
17.3.2.1. List all IPv6 netfilter entries
17.3.2.2. List specified filter
17.3.2.3. Insert a log rule at the input filter with options
# ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" -¬ --log-level 717.3.2.4. Insert a drop rule at the input filter
17.3.2.5. Delete a rule by number
17.3.2.6. Enable connection tracking
17.3.2.7. Allow ICMPv6
17.3.2.8. Rate-limiting
# ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request -¬ -j ACCEPT --match limit --limit 30/minute17.3.2.9. Allow incoming SSH
# ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 -¬ --dport 22 -j ACCEPT# ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 -¬ --sport 22 ! --syn -j ACCEPT17.3.2.10. Enable tunneled IPv6-in-IPv4
17.3.2.11. Protection against incoming TCP connection requests
17.3.2.12. Protection against incoming UDP connection requests
17.3.3. Examples
17.3.3.1. Simple example for Fedora Core
17.3.3.2. Sophisticated example
18.1. Node security
18.2. Access limitations
18.3.1. Legal issues
18.3.2. Security auditing using IPv6-enabled netcat
18.3.3. Security auditing using IPv6-enabled nmap
18.3.4. Security auditing using IPv6-enabled strobe
18.3.5. Audit results
19.1. Modes of using encryption and authentication
19.1.1. Transport mode
19.1.2. Tunnel mode
19.2. Support in kernel (ESP and AH)
19.2.1. Support in vanilla Linux kernel 2.4.x
19.2.2. Support in vanilla Linux kernel 2.6.x
19.3. Automatic key exchange (IKE)
19.3.1. IKE daemon “racoon”
19.3.1.1. Manipulation of the IPsec SA/SP database with the tool “setkey”
19.3.1.2. Configuration of the IKE daemon “racoon”
19.3.1.3. Running IPsec with IKE daemon “racoon”
19.3.2. IKE daemon “pluto”
19.3.2.1. Configuration of the IKE daemon “pluto”
19.3.2.2. Running IPsec with IKE daemon “pluto”
19.4. Additional informations:
21.1.1. Listening on IPv6 addresses
21.1.1.1. Enable BIND named for listening on IPv6 address
# netstat -lnptu |grep "named\W*$" tcp 0 0 :::53 :::* LISTEN 1234/named -¬ # incoming TCP requests +¬ # incoming TCP requests udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named -¬ # incoming UDP requests to IPv4 1.2.3.4 +¬ # incoming UDP requests to IPv4 1.2.3.4 udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named -¬ # incoming UDP requests to IPv4 localhost +¬ # incoming UDP requests to IPv4 localhost udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named -¬ # dynamic chosen port for outgoing queries +¬ # dynamic chosen port for outgoing queries udp 0 0 :::53 :::* 1234/named -¬ # incoming UDP request to any IPv6
21.1.1.2. Disable BIND named for listening on IPv6 address
21.1.2. IPv6 enabled Access Control Lists (ACL)
21.1.3. Sending queries with dedicated IPv6 address
21.1.4. Per zone defined dedicated IPv6 addresses
21.1.4.1. Transfer source address
21.1.4.2. Notify source address
21.1.5. IPv6 DNS zone files examples
21.1.6. Serving IPv6 related DNS data
21.1.6.1. Current best practice
21.1.7. Checking IPv6-enabled connect
21.1.7.1. IPv6 connect, but denied by ACL
Jan 3 12:43:32 gate named[12347]: client -¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: +¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: query denied21.1.7.2. Successful IPv6 connect
# netstat -lnptu -A inet6 |grep "xinetd*" tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service -¬ daytime/tcp +¬ daytime/tcp tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6
21.3.1. Listening on IPv6 addresses
21.3.1.1. Virtual host listen on an IPv6 address only
21.3.1.2. Virtual host listen on an IPv6 and on an IPv4 address
21.3.1.3. Additional notes
21.4.1. Configuring radvd
21.4.1.1. Simple configuration
21.4.1.2. Special 6to4 configuration
21.4.2. Debugging
21.5.1. Configuration of the DHCPv6 server (dhcp6s)
21.5.1.1. Simple configuration
21.5.2. Configuration of the DHCPv6 client (dhcp6c)
21.5.2.1. Simple configuration
21.5.3. Usage
21.5.3.1. dhcpv6_server
21.5.3.2. dhcpv6_client
21.5.4. Debugging
21.5.4.1. dhcpv6_server
21.5.4.2. dhcpv6_client
21.6.1. Filtering capabilities
21.6.2. Which program uses tcp_wrapper
21.6.3. Usage
21.6.3.1. Example for /etc/hosts.allow
21.6.3.2. Example for /etc/hosts.deny
21.6.4. Logging
21.6.4.1. Refused connection
Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap -¬ from=::ffff:1.2.3.4 +¬ from=::ffff:1.2.3.4 Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap from=2001:0db8:100:200::212:34ff:fe12:3456Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 -¬ (::ffff:1.2.3.4) +¬ (::ffff:1.2.3.4) Jan 2 20:39:33 gate sshd[12345]: refused connect from 2001:0db8:100:200::212:34ff:fe12:3456 -¬ (2001:0db8:100:200::212:34ff:fe12:3456)21.6.4.2. Permitted connection
Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 -¬ from=::ffff:1.2.3.4 +¬ from=::ffff:1.2.3.4 Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 from=2001:0db8:100:200::212:34ff:fe12:3456Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 -¬ port 33381 ssh2 +¬ port 33381 ssh2 Jan 2 20:42:19 gate sshd[12345]: Accepted password for user from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh221.7.1. Listening on IPv6 addresses
21.8.1. Listening on IPv6 addresses
22.1.1. Address Structures
22.1.1.1. IPv4 sockaddr_in
22.1.1.2. IPv6 sockaddr_in6
The sin6_flowinfo field is used for flow control, but is not yet standardized and can be ignored.
The sin6_scope_id field has an odd use, and it seems (at least to this naïve author) that the IPv6 designers took a huge step backwards when devising this. Apparently, 128-bit IPv6 network addresses are not unique. For example, it is possible to have two hosts, on separate networks, with the same link-local address (see Figure 1). In order to pass information to a specific host, more than just the network address is required; the scope identifier must also be specified. In Linux, the network interface name is used for the scope identifier (e.g. “eth0”) [be warned that the scope identifier is implementation dependent!]. Use the ifconfig(1M) command to display a list of active network interfaces.
The sin6_scope_id field has an odd use, and it seems (at least to this naïve author) that the IPv6 designers took a huge step backwards when devising this. Apparently, 128-bit IPv6 network addresses are not unique. For example, it is possible to have two hosts, on separate networks, with the same link-local address (see Figure 1). In order to pass information to a specific host, more than just the network address is required; the scope identifier must also be specified. In Linux, the network interface name is used for the scope identifier (e.g. “eth0”) [be warned that the scope identifier is implementation dependent!]. Use the ifconfig(1M) command to display a list of active network interfaces.A colon-hex network address can be augmented with the scope identifier to produce a "scoped address”. The percent sign ('%') is used to delimit the network address from the scope identifier. For example, fe80::1%eth0 is a scoped IPv6 address where fe80::1 represents the 128-bit network address and eth0 is the network interface (i.e. the scope identifier). Thus, if a host resides on two networks, such as Host B in example below, the user now has to know which path to take in order to get to a particular host. In Figure 1, Host B addresses Host A using the scoped address fe80::1%eth0, while Host C is addressed with fe80::1%eth1.
22.1.1.3. Generic Addresses
22.1.2. Lookup Functions
22.1.3. Quirks Encountered
22.1.3.1. IPv4 Mapped Addresses
22.1.3.2. Cannot Specify the Scope Identifier in /etc/hosts
22.1.3.3. Client & Server Residing on the Same Machine
22.1.4. Putting It All Together (A Client-Server Programming Example)
Porting applications to IPv6 HowTo. For the record, the source code presented here is original, developed from scratch, and any similarity between it and any other publicly available 'daytime' example is purely coincidental.]. The source code presented in this section was developed and tested on a RedHat Linux release using the 2.6 kernel (2.6.9 to be specific). Readers may use the source code freely, so long as proper credit is attributed; but of course the standard disclaimer must be given first:
22.1.4.1. 'Daytime' Server Code
22.1.4.2. 'Daytime' TCP Client Code
22.1.4.3. 'Daytime' UDP Client Code
22.2. Other programming languages
22.2.1. JAVA
22.2.2. Perl
24.1.1. Printed Books (English)
24.1.1.1. Cisco
24.1.1.2. General
24.1.2. Articles, eBooks, Online Reviews (mixed)
Aufbruch in die neue Welt - IPv6 in IPv4 Netzen by Dipl.Ing. Ralf Döring, TU Illmenau, 1999
by Dipl.Ing. Ralf Döring, TU Illmenau, 199924.1.4. Others
24.2.1. 2002
24.2.2. 2003
24.2.3. 2004
24.3.2. Latest news and URLs to other documents
24.3.3. Protocol references
24.3.3.1. IPv6-related Request For Comments (RFCs)
24.3.3.2. Current drafts of working groups
24.3.3.3. Others
24.3.4. More information
24.3.4.1. Linux related
24.3.4.2. Linux related per distribution
24.3.4.3. General
24.3.5. By countries
24.3.5.1. Europe
24.3.5.2. Austria
24.3.5.3. Australia
24.3.5.4. Belgium
24.3.5.5. Brazil
24.3.5.6. China
24.3.5.7. Czech
24.3.5.8. Germany
24.3.5.9. France
24.3.5.10. Italy
24.3.5.11. Japan
24.3.5.12. Korea
24.3.5.13. Mexico
24.3.5.14. Netherland
24.3.5.15. Portugal
24.3.5.16. Russia
24.3.5.17. Switzerland
24.3.5.18. United Kingdom
24.3.6. By operating systems
24.3.6.1. *BSD
24.3.6.2. Cisco IOS
24.3.6.3. Compaq
24.3.6.4. HPUX
24.3.6.5. IBM
24.3.6.6. Microsoft
24.3.6.7. Solaris
24.3.6.8. Sumitoma
24.3.6.9. ZebOS
24.3.8. Application lists
24.3.8.1. Analyzer tools
24.3.8.2. IPv6 Products
24.4. IPv6 Infrastructure
24.4.1. Statistics
IPv6 routing table history created by Gert Döring, created by Gert Döring, Space.Net
24.4.2. Internet Exchanges
24.4.4.4. Radio Stations, Music Streams
24.6.1. Testing tools
24.6.2. Information retrievement
24.6.3. IPv6 Looking Glasses
24.6.4. Helper applications
Chapter 25. Revision history / Credits / The End
25.1.1. Releases 0.x
- 0.61
2007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update.
- 0.60.2
0.36
2002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes
2002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes- 0.35
0.252002-05-16/PB: Cosmetic fix for 2^128, thanks to José AbÃlio Oliveira Matos for help with LyX
2002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX- 0.24
Georg Käfer <gkaefer at gmx dot at>: For detection of no proper PDF creation (fixed now by LDP maintainer Greg Ferguson), input for German books, big list of URLs, checking all URLs, many more suggestions, corrections and contributions, and the German translation
Georg Käfer <gkaefer at gmx dot at>: For detection of no proper PDF creation (fixed now by LDP maintainer Greg Ferguson), input for German books, big list of URLs, checking all URLs, many more suggestions, corrections and contributions, and the German translation25.2.2. Other credits
25.2.2.1. Document technique related
25.3. The End
0.60.2 2007-10-03 P -B -\end_layout - -\end_inset - - -\end_layout - -\begin_layout Standard -\begin_inset ERT -status inlined - -\begin_layout Standard - -+ 0.60.1 2007-06-16 P -B \end_layout \end_inset @@ -549,6 +534,17 @@ Looks like the document's change frequency is mostly less than once per To language \end_layout +\begin_layout Standard +Note: an overview with URLs can be found at +\begin_inset LatexCommand htmlurl +name "http://www.bieringer.de/linux/IPv6/" +target "http://www.bieringer.de/linux/IPv6/" + +\end_inset + +. +\end_layout + \begin_layout Subsubsection Chinese \end_layout @@ -722,12 +718,12 @@ Original source of this HOWTO \end_layout \begin_layout Standard -This HOWTO is currently written with LyX version 1.4.4 on a Fedora Core 6 +This HOWTO is currently written with LyX version 1.5.1 on a Fedora Core 7 system with template SGML/XML (DocBook book). It's available on \begin_inset LatexCommand url name "TLDP-CVS / users / Peter-Bieringer" -target "http://cvsview.tldp.org/index.cgi/LDP/users/Peter-Bieringer/" +target "http://cvs.tldp.org/go.to/LDP/LDP/users/Peter-Bieringer/" \end_inset @@ -750,7 +746,7 @@ lyxcodelinewrapper.pl , you can get it from CVS for your own usage: \begin_inset LatexCommand url name "TLDP-CVS / users / Peter-Bieringer" -target "http://cvsview.tldp.org/index.cgi/LDP/users/Peter-Bieringer/" +target "http://cvs.tldp.org/go.to/LDP/LDP/users/Peter-Bieringer/" \end_inset @@ -27125,6 +27121,10 @@ Versions x.y.z are work-in-progress and published as LyX and SGML file on Releases 0.x \end_layout +\begin_layout Description +0.61 2007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update. +\end_layout + \begin_layout Description 0.60.2 2007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavi er Le Bail) diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf index 09c4b9b4..287a4e15 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml index b0ed2206..50028d86 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml @@ -13,8 +13,7 @@ 0.61 2007-10-06 PB + Linux IPv6 HOWTO (en) Peter Bieringer pb at bieringer dot de - - 0.60.2 2007-10-03 PB + 0.60.1 2007-06-16 PB 0.61 2007-10-06 PB 0.60 2007-05-31 PB 0.51 2006-11-08 PB @@ -34,7 +33,7 @@ The Linux IPv6 HOWTO, a guide how to configure and use IPv6 on Linux systems. -Copyright © 2001-2007 Peter Bieringer + Copyright © 2001-2007 Peter Bieringer This documentation is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. @@ -83,13 +82,13 @@Translations always have to contain the URL, version number and copyright of the original document (but yours, too). Pls. don't translate the original changelog, this is not very useful - also do not translate the full section about available translations, can be run out-of-date, add an URL to this section here in the English howto. Looks like the document's change frequency is mostly less than once per month. Since version 0.27 it looks like that most of the content contributed by me has been written. Translations always have to use the English version as source. To language -+ Note: an overview with URLs can be found at http://www.bieringer.de/linux/IPv6/ .Chinese A Chinese translation by Burma Chen <expns at yahoo dot com> (announced to me at 2002-10-31) can be found on the TLDP: http://www.ibiblio.org/pub/Linux/docs/HOWTO/translations/zh/Linux-IPv6-HOWTO.txt.gz (g'zipped txt) . It's a snapshot translation, don't know whether kept up-to-date.Polish Since 2002-08-16 a Polish translation was started and is still in progress by Lukasz Jokiel <Lukasz dot Jokiel at klonex dot com dot pl>. Taken source: CVS-version 1.29 of LyX file, which was source for howto version 0.27. Status is still work-in-progress (2004-08-30). German -With 2002-11-10 a German translation was started by Georg Käfer <gkaefer at gmx dot at> and the first public version was published 2003-02-10. It's originally available on Deep Space 6 at http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-de/ (mirrored e.g. onhttp://mirrors.bieringer.de/Linux+IPv6-HOWTO-de/ ). This version will stay up-to-date as much as possible.+ With 2002-11-10 a German translation was started by Georg Käfer <gkaefer at gmx dot at> and the first public version was published 2003-02-10. It's originally available on Deep Space 6 at http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-de/ (mirrored e.g. onhttp://mirrors.bieringer.de/Linux+IPv6-HOWTO-de/ ). This version will stay up-to-date as much as possible.French With 2003-04-09 a French translation was started by Michel Boucey <mboucey at free dot fr> and the first public version was published 2003-05-09. It's originally available on Deep Space 6 at http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-fr/ (mirrored e.g. onhttp://mirrors.bieringer.de/Linux+IPv6-HOWTO-fr/ ).Spanish @@ -107,9 +106,9 @@Technical Original source of this HOWTO -This HOWTO is currently written with LyX version 1.4.4 on a Fedora Core 6 system with template SGML/XML (DocBook book). It's available on TLDP-CVS / users / Peter-Bieringer for contribution.+ This HOWTO is currently written with LyX version 1.5.1 on a Fedora Core 7 system with template SGML/XML (DocBook book). It's available on TLDP-CVS / users / Peter-Bieringer for contribution.Code line wrapping -Code line wrapping is done using selfmade utility “lyxcodelinewrapper.pl”, you can get it from CVS for your own usage: TLDP-CVS / users / Peter-Bieringer + Code line wrapping is done using selfmade utility “lyxcodelinewrapper.pl”, you can get it from CVS for your own usage: TLDP-CVS / users / Peter-Bieringer SGML generation SGML/XML is generated using export function in LyX. On-line references to the HTML version of this HOWTO (linking/anchors) @@ -141,7 +140,7 @@Document related Long code line wrapping signal char -The special character “¬” is used for signaling that this code line is wrapped for better viewing in PDF and PS files. + The special character “¬” is used for signaling that this code line is wrapped for better viewing in PDF and PS files. Placeholders In generic examples you will sometimes find the following: @@ -181,7 +180,7 @@ Beginning The first IPv6 related network code was added to the Linux kernel 2.1.8 in November 1996 by Pedro Roque. It was based on the BSD API: For simplifications, leading zeros of each 16 bit block can be omitted: -¬ 2001:db8:100:f101:210:a4ff:fee3:9566 +¬ 2001:db8:100:f101:210:a4ff:fee3:9566 ]]> One sequence of 16 bit blocks containing only zeroes can be replaced with “::“. But not more than one at a time, otherwise it is no longer a unique representation. 2001:db8:100:f101::1 ]]> The biggest reduction is seen by the IPv6 localhost address: @@ -330,7 +329,7 @@ Because IPv6 is now in production, this prefix is no longer be delegated and is A small shell command line can help you generating such address out of a given IPv4 one: See also tunneling using 6to4 and information about 6to4 relay routers. Assigned by provider for hierarchical routing These addresses are delegated to Internet service providers (ISP) and begin currently with @@ -458,7 +457,7 @@ Because IPv6 is now in production, this prefix is no longer be delegated and is The net-tool package includes some tools like ifconfig and route, which helps you to configure IPv6 on an interface. Look at the output of ifconfig -? or route -?, if something is shown like IPv6 or inet6, then the tool is IPv6-ready. Auto-magically check: & 1|grep -qw 'inet6' && echo "utility 'ifconfig' is -¬ IPv6-ready" +¬ IPv6-ready" ]]> Same check can be done for route: & 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" ]]> @@ -492,12 +491,12 @@ connect: Invalid argument ]]> In this case you have to specify the interface additionally like shown here: Ping6 to multicast addresses An interesting mechanism to detect IPv6-active hosts on a link is to ping6 to the link-local all-node multicast address: @@ -510,7 +509,7 @@ PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes This program is normally included in package iputils . It's a program similar to IPv4 traceroute. Below you will see an example:2001:0db8:100:f101::1: icmp6: echo -¬ request (len 64, hlim 64) +¬ request (len 64, hlim 64) 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo -¬ reply (len 64, hlim 64) +¬ reply (len 64, hlim 64) ]]> IPv6 ping to 2001:0db8:100::1 routed through an IPv6-in-IPv4-tunnel 1.2.3.4 and 5.6.7.8 are tunnel endpoints (all addresses are examples) 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request -¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) +¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len -¬ 64, hlim 61) (ttl 23, id 29887, len 124) +¬ 64, hlim 61) (ttl 23, id 29887, len 124) 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request -¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) +¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len -¬ 64, hlim 61) (ttl 23, id 29919, len 124) +¬ 64, hlim 61) (ttl 23, id 29919, len 124) ]]> IPv6-ready programs Current distributions already contain the most needed IPv6 enabled client and servers. See first on IPv6+Linux-Status-Distribution . If still not included, you can checkIPv6 & Linux - Current Status - Applications whether the program is already ported to IPv6 and usable with Linux. For common used programs there are some hints available atIPv6 & Linux - HowTo - Part 3 andIPv6 & Linux - HowTo - Part 4 .@@ -685,12 +684,12 @@ inet6 fec0:0:0:f101::1/64 scope site Here you see some auto-magically configured IPv6 addresses and their lifetime. Using "ifconfig" Usage: @@ -749,11 +748,11 @@ default proto kernel metric 256 mtu 1500 advmss 1440 ]]> Example (output is filtered for interface eth0). Here you see different IPv6 routes for different addresses on a single interface. Add an IPv6 route through a gateway @@ -761,14 +760,14 @@ ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicastUsing "ip" Usage: / via -¬ [dev ] +¬ [dev ] ]]> Example: Using "route" Usage: / gw -¬ [dev ] +¬ [dev ] ]]> A device can be needed, too, if the IPv6 address of the gateway is a link local one. Following shown example adds a route for all currently global addresses (2000::/3) through gateway 2001:0db8:0:f101::1 Using "ip" Usage: / via -¬ [dev ] +¬ [dev ] ]]> Example: @@ -793,7 +792,7 @@ ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast Using "ip" Usage: / dev -¬ metric 1 +¬ metric 1 ]]> Example: Metric “1” is used here to be compatible with the metric used by route, because the default metric on using “ip” is “1024”. @@ -826,7 +825,7 @@ ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast Client can setup a default route like prefix “::/0”, they also learn such route on autoconfiguration e.g. using radvd on the link like following example shows: Routers in case of packet forwarding Older Linux kernel (at least <= 2.4.17) don't support default routes. You can set them up, but the route lookup fails when a packet should be forwarded (normal intention of a router). If you're still using such older kernel, “default routing” can be setup using the currently used global address prefix “2000::/3”. @@ -922,20 +921,20 @@ ff00::/8 :: UA 256 0 0 sit0Common method at the moment for a small amount of tunnels. Usage for creating a tunnel device (but it's not up afterward, also a TTL must be specified because the default value is 0). mode sit ttl remote -¬ local +¬ local ]]> Usage (generic example for three tunnels): remote -¬ local +¬ local # /sbin/ip link set dev sit1 up # /sbin/ip -6 route add dev sit1 metric 1 # /sbin/ip tunnel add sit2 mode sit ttl -¬ local +¬ local # /sbin/ip link set dev sit2 up # /sbin/ip -6 route add dev sit2 metric 1 # /sbin/ip tunnel add sit3 mode sit ttl -¬ local +¬ local # /sbin/ip link set dev sit3 up # /sbin/ip -6 route add dev sit3 metric 1 ]]> @@ -962,11 +961,11 @@ ff00::/8 :: UA 256 0 0 sit0 gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/route -A inet6 add gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/route -A inet6 add gw -¬ :: dev sit0 +¬ :: dev sit0 ]]> Important: DON'T USE THIS, because this setup implicit enable "automatic tunneling" from anywhere in the Internet, this is a risk, and it should not be advocated. Removing point-to-point tunnels Manually not so often needed, but used by scripts for clean shutdown or restart of IPv6 configuration. @@ -1005,11 +1004,11 @@ ff00::/8 :: UA 256 0 0 sit0 This is like removing normal IPv6 routes. Usage (generic example for three tunnels): gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/route -A inet6 del gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/route -A inet6 del gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/ifconfig sit0 down ]]> @@ -1287,10 +1286,10 @@ net.ipv6.conf.all.forwarding = 1 | | | | 1 2 3 4 -¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo -¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ -¬ | | | | | | -¬ 5 6 7 8 9 10 +¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo +¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ +¬ | | | | | | +¬ 5 6 7 8 9 10 ]]> IPv6 destination network displayed in 32 hexadecimal chars without colons as separator IPv6 destination prefix length in hexadecimal IPv6 source network displayed in 32 hexadecimal chars without colons as separator IPv6 source prefix length in hexadecimal IPv6 next hop displayed in 32 hexadecimal chars without colons as separator Metric in hexadecimal Reference counter Use counter Flags Device name sockstat6 @@ -1332,71 +1331,71 @@ FRAG6: inuse 0 memory 0Examples for tcpdump packet dumps Here some examples of captured packets are shown, perhaps useful for your own debugging... @@ -1406,16 +1405,16 @@ udp 0 0 :::53 :::*Router advertisement ff02::1: icmp6: router -¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, -¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, -¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, -¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: -¬ 0:12:34:12:34:50) (len 88, hlim 255) +¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, +¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, +¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, +¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: +¬ 0:12:34:12:34:50) (len 88, hlim 255) ]]> Router with link-local address “fe80::212:34ff:fe12:3450” send an advertisement to the all-node-on-link multicast address “ff02::1” containing two prefixes “2002:0102:0304:1::/64” (lifetime 30 s) and “2001:0db8:0:1::/64” (lifetime 2592000 s) including its own layer 2 MAC address “0:12:34:12:34:50”. Router solicitation ff02::2: icmp6: router solicitation -¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) +¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) ]]> Node with link-local address “fe80::212:34ff:fe12:3456” and layer 2 MAC address “0:12:34:12:34:56” is looking for a router on-link, therefore sending this solicitation to the all-router-on-link multicast address “ff02::2”. Neighbor discovery @@ -1423,28 +1422,28 @@ udp 0 0 :::53 :::* Following packets are sent by a node with layer 2 MAC address “0:12:34:12:34:56” during autoconfiguration to check whether a potential address is already used by another node on the link sending this to the solicited-node link-local multicast address. Node wants to configure its link-local address “fe80::212:34ff:fe12:3456”, checks for duplicate now ff02::1:ff12:3456: icmp6: neighbor sol: who has -¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) +¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) ]]> Node wants to configure its global address “2002:0102:0304:1:212:34ff:fe12:3456” (after receiving advertisement shown above), checks for duplicate now ff02::1:ff12:3456: icmp6: neighbor sol: who has -¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, -¬ hlim 255) +¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, +¬ hlim 255) ]]> Node wants to configure its global address “2001:0db8:0:1:212:34ff:fe12:3456” (after receiving advertisement shown above), checks for duplicate now ff02::1:ff12:3456: icmp6: neighbor sol: who has -¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim -¬ 255) +¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim +¬ 255) ]]> Neighbor discovery solicitation for looking for host or gateway Node wants to send packages to “2001:0db8:0:1::10” but has no layer 2 MAC address to send packet, so send solicitation now ff02::1:ff00:10: icmp6: -¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, -¬ hlim 255) +¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, +¬ hlim 255) ]]> Node looks for “fe80::10” now ff02::1:ff00:10: icmp6: neighbor -¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) +¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) ]]> Support for persistent IPv6 configuration in Linux distributions Some Linux distribution contain already support of a persistent IPv6 configuration using existing or new configuration and script files and some hook in the IPv4 script files. @@ -1457,10 +1456,10 @@ udp 0 0 :::53 :::* Auto-magically test: The version of the library is important if you miss some features. You can get it executing following (or easier look at the top of the file): In shown example, the used version is 20011124. Check this against latest information on initscripts-ipv6 homepage (Mirror ) to see what has been changed. You will find there also a change-log.Short hint for enabling IPv6 on current RHL 7.1, 7.2, 7.3, ... @@ -1642,7 +1641,7 @@ Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiportCheck for capability Learn how to use ip6tables @@ -1661,7 +1660,7 @@ Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport Insert a log rule at the input filter with options Insert a drop rule at the input filter @@ -1688,17 +1687,17 @@ Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport Rate-limiting Because it can happen (author already saw it to times) that an ICMPv6 storm will raise up, you should use available rate limiting for at least ICMPv6 ruleset. In addition logging rules should also get rate limiting to prevent DoS attacks against syslog and storage of log file partition. An example for a rate limited ICMPv6 looks like: Allow incoming SSH Here an example is shown for a ruleset which allows incoming SSH connection from a specified IPv6 address Allow incoming SSH from 2001:0db8:100::1/128 Allow response packets (no longer needed if connection tracking is used!) Enable tunneled IPv6-in-IPv4 To accept tunneled IPv6-in-IPv4 packets, you have to insert rules in your IPv4 firewall setup relating to such packets, for example @@ -1792,103 +1791,103 @@ Chain INPUT (policy DROP 0 packets, 0 bytes) 0 0 ACCEPT all * * ::1/128 ::1/128 0 0 ACCEPT all lo * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `INPUT-default:' +¬ LOG flags 0 level 7 prefix `INPUT-default:' 0 0 DROP all * * ::/0 ::/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 int2ext all eth0 sit+ ::/0 ::/0 0 0 ext2int all sit+ eth0 ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `FORWARD-default:' +¬ LOG flags 0 level 7 prefix `FORWARD-default:' 0 0 DROP all * * ::/0 ::/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 extOUT all * sit+ ::/0 ::/0 4 384 intOUT all * eth0 ::/0 ::/0 0 0 ACCEPT all * * ::1/128 ::1/128 0 0 ACCEPT all * lo ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `OUTPUT-default:' +¬ LOG flags 0 level 7 prefix `OUTPUT-default:' 0 0 DROP all * * ::/0 ::/0 Chain ext2int (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 -¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 +¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `ext2int-default:' +¬ LOG flags 0 level 7 prefix `ext2int-default:' 0 0 DROP tcp * * ::/0 ::/0 0 0 DROP udp * * ::/0 ::/0 0 0 DROP all * * ::/0 ::/0 Chain extIN (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 -¬ tcp spts:512:65535 dpt:22 +¬ tcp spts:512:65535 dpt:22 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 -¬ tcp spts:512:65535 dpt:22 +¬ tcp spts:512:65535 dpt:22 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 -¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 +¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 0 0 ACCEPT udp * * ::/0 ::/0 -¬ udp spts:1:65535 dpts:1024:65535 +¬ udp spts:1:65535 dpts:1024:65535 0 0 LOG all * * ::/0 ::/0 -¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' +¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' 0 0 DROP all * * ::/0 ::/0 Chain extOUT (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT tcp * * ::/0 -¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 +¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 0 0 ACCEPT tcp * * ::/0 -¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 +¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 -¬ tcp spts:1024:65535 dpts:1:65535 +¬ tcp spts:1024:65535 dpts:1:65535 0 0 ACCEPT udp * * ::/0 ::/0 -¬ udp spts:1024:65535 dpts:1:65535 +¬ udp spts:1024:65535 dpts:1:65535 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `extOUT-default:' +¬ LOG flags 0 level 7 prefix `extOUT-default:' 0 0 DROP all * * ::/0 ::/0 Chain int2ext (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 -¬ tcp spts:1024:65535 dpts:1:65535 +¬ tcp spts:1024:65535 dpts:1:65535 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `int2ext:' +¬ LOG flags 0 level 7 prefix `int2ext:' 0 0 DROP all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `int2ext-default:' +¬ LOG flags 0 level 7 prefix `int2ext-default:' 0 0 DROP tcp * * ::/0 ::/0 0 0 DROP udp * * ::/0 ::/0 0 0 DROP all * * ::/0 ::/0 Chain intIN (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT all * * ::/0 -¬ fe80::/ffc0:: +¬ fe80::/ffc0:: 4 384 ACCEPT all * * ::/0 ff02::/16 Chain intOUT (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT all * * ::/0 -¬ fe80::/ffc0:: +¬ fe80::/ffc0:: 4 384 ACCEPT all * * ::/0 ff02::/16 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `intOUT-default:' +¬ LOG flags 0 level 7 prefix `intOUT-default:' 0 0 DROP all * * ::/0 ::/0 ]]> Security @@ -1974,9 +1973,9 @@ spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; flush; spdflush; spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec -¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; +¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec -¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; +¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; ]]>For the other peer, you have to replace “in” with “out”. Configuration of the IKE daemon “racoon” “racoon” requires a configuration file for proper execution. It includes the related settings to the security policy, which should be set up previously using “setkey”. @@ -2033,21 +2032,21 @@ sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any Foreground mode. 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net) 2005-01-01 20:30:15: INFO: @(#)This product linked -¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) +¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 -¬ queued due to no phase1 found. +¬ queued due to no phase1 found. 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: -¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] +¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] 2005-01-01 20:31:06: INFO: begin Identity Protection mode. 2005-01-01 20:31:09: INFO: ISAKMP-SA established -¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db401 +¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db401 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: -¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] +¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] 2005-01-01 20:31:10: INFO: IPsec-SA established: -¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) +¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) 2005-01-01 20:31:10: INFO: IPsec-SA established: -¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) +¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) ]]>Each direction got its own IPsec-SA (like defined in the IPsec standard). With “tcpdump” on the related interface, you will see as result of an IPv6 ping: 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) @@ -2126,7 +2125,7 @@ conn ipv6-p1-p2 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, -¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} +¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} ]]> Because *S/WAN and setkey/racoon do use the same IPsec implementation in Linux 2.6.x kernel, “setkey” can be used here too to show current active parameters: This should result after restart in e.g. And a simple test looks like and should show you a result. @@ -2259,7 +2258,7 @@ Aliases: Host www.6bone.net. not found: 5(REFUSED) ]]> Related log entry looks like following: If you see such entries in the log, check whether requests from this client should be allowed and perhaps review your ACL configuration. Successful IPv6 connect @@ -2291,7 +2290,7 @@ www.6bone.net. is an alias for 6bone.net.Shown example also displays an IMAP and IMAP-SSL IPv4-only listening xinetd. Note: earlier versions had a problem that an IPv4-only xinetd won't start on an IPv6-enabled node and also the IPv6-enabled xinetd won't start on an IPv4-only node. This is known to be fixed in later versions, at least version 2.3.11. @@ -2488,25 +2487,25 @@ daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 Refused connection A refused connection via IPv4 to an xinetd covered daytime service produces a line like following example A refused connection via IPv4 to an dual-listen sshd produces a line like following example Permitted connection A permitted connection via IPv4 to an xinetd covered daytime service produces a line like following example A permitted connection via IPv4 to an dual-listen sshd produces a line like following example @@ -2562,7 +2561,7 @@ Jan 2 20:42:19 gate sshd[12345]: Accepted password for user }; ]]> The sin6_family, sin6_port, and sin6_addr components of the structure have the same meaning as the corresponding fields in the sockaddr_in structure. However, the sin6_family member is set to AF_INET6 for IPv6 addresses, and the sin6_addr field holds a 128-bit address instead of only 32 bits. The sin6_flowinfo field is used for flow control, but is not yet standardized and can be ignored. -The sin6_scope_id field has an odd use, and it seems (at least to this naïve author) that the IPv6 designers took a huge step backwards when devising this. Apparently, 128-bit IPv6 network addresses are not unique. For example, it is possible to have two hosts, on separate networks, with the same link-local address (see Figure 1). In order to pass information to a specific host, more than just the network address is required; the scope identifier must also be specified. In Linux, the network interface name is used for the scope identifier (e.g. “eth0”) [be warned that the scope identifier is implementation dependent!]. Use the ifconfig(1M) command to display a list of active network interfaces. +The sin6_scope_id field has an odd use, and it seems (at least to this naïve author) that the IPv6 designers took a huge step backwards when devising this. Apparently, 128-bit IPv6 network addresses are not unique. For example, it is possible to have two hosts, on separate networks, with the same link-local address (see Figure 1). In order to pass information to a specific host, more than just the network address is required; the scope identifier must also be specified. In Linux, the network interface name is used for the scope identifier (e.g. “eth0”) [be warned that the scope identifier is implementation dependent!]. Use the ifconfig(1M) command to display a list of active network interfaces. A colon-hex network address can be augmented with the scope identifier to produce a "scoped address”. The percent sign ('%') is used to delimit the network address from the scope identifier. For example, fe80::1%eth0 is a scoped IPv6 address where fe80::1 represents the 128-bit network address and eth0 is the network interface (i.e. the scope identifier). Thus, if a host resides on two networks, such as Host B in example below, the user now has to know which path to take in order to get to a particular host. In Figure 1, Host B addresses Host A using the scoped address fe80::1%eth0, while Host C is addressed with fe80::1%eth1. Getting back to the sockaddr_in6 structure, its sin6_scope_id field contains the index of the network interface on which a host may be found. Server applications will have this field set automatically by the socket API when they accept a connection or receive a datagram. For client applications, if a scoped address is passed as the node parameter to getaddrinfo(3) (described later in this HowTo), then the sin6_scope_id field will be filled in correctly by the system upon return from the function; if a scoped address is not supplied, then the sin6_scope_id field must be explicitly set by the client software prior to attempting to communicate with the remote server. The if_nametoindex(3) function is used to translate a network interface name into its corresponding index. It is declared in <net/if.h>. @@ -4407,7 +4406,7 @@ Source: Understanding IPV6 by Davies, Joseph; ISBN 0735612455; Date Published 13/11/2002; Number of Pages 544.Migrating to IPv6 - IPv6 in Practice by Marc Blanchet Publisher: John Wiley & Sons; ISBN 0471498920; 1st edition (November 2002); 368 pages. Ipv6 Network Programming by Jun-ichiro Hagino; ISBN 1555583180 Wireless boosting IPv6 by Carolyn Duffy Marsan, 10/23/2000.O'reilly Network search for keyword IPv6 results in 29 hits (28. January 2002)Articles, eBooks, Online Reviews (mixed) - Getting Connected with 6to4 by Huber Feyrer, 06/01/2001Transient Addressing for Related Processes: Improved Firewalling by Using IPv6 and Multiple Addresses per Host; written by Peter M. Gleiz, Steven M. Bellovin ( PC-PDF-Version ;Palm-PDF-Version ;PDB-Version )Internetworking IPv6 with Cisco Routers by Silvano Gai, McGrawHill Italia, 1997. The 13 chapters and appendix A-D are downloadable as PDF-documents.Aufbruch in die neue Welt - IPv6 in IPv4 Netzen by Dipl.Ing. Ralf Döring, TU Illmenau, 1999Migration and Co-existence of IPv4 and IPv6 in Residential Networks by Pekka Savola, CSC/FUNET, 2002+ Getting Connected with 6to4 by Huber Feyrer, 06/01/2001Transient Addressing for Related Processes: Improved Firewalling by Using IPv6 and Multiple Addresses per Host; written by Peter M. Gleiz, Steven M. Bellovin ( PC-PDF-Version ;Palm-PDF-Version ;PDB-Version )Internetworking IPv6 with Cisco Routers by Silvano Gai, McGrawHill Italia, 1997. The 13 chapters and appendix A-D are downloadable as PDF-documents.Aufbruch in die neue Welt - IPv6 in IPv4 Netzen by Dipl.Ing. Ralf Döring, TU Illmenau, 1999Migration and Co-existence of IPv4 and IPv6 in Residential Networks by Pekka Savola, CSC/FUNET, 2002Science Publications (abstracts, bibliographies, online resources) See also: liinwww.ira.uka.de/ipv6 orGoogle / Scholar / IPv6 GEANT IPv6 Workplan IPv6 Trials on UK Academic Networks: Bermuda Project Aug.2002 : Participants - Getting connected - Project deliverables - Network topology - Address assignments - Wireless IPv6 access - IPv6 migration - Project presentations - Internet 2 - Other IPv6 projects - IPv6 fora and standards Bermuda 2...http://www.ipv6.ac.uk/ IPv6 at the University of Southampton Microsoft Research IPv6 Implementation (MSRIPv6): MSRIPv6 Configuring 6to4 - Connectivity with MSR IPv6 - Our 6Bone Node... @@ -4578,7 +4577,7 @@ SourceForge: Project Info - Statistics - IPv6 routing table history created by Gert Döring,Space.Net Official 6bone Webserver list Statisic + IPv6 routing table history created by Gert Döring,Space.Net Official 6bone Webserver list Statisic Internet Exchanges Another list of IPv6 Internet Exchanges can be found here: IPv6 status of IXPs in Europe Estonia @@ -4801,13 +4800,13 @@ Publisher: MarketResearch.com; ISBN B00006334Y; (November 1, 2001)Versions x.y.z are work-in-progress and published as LyX and SGML file on CVS. Because Deep Space 6 mirrors these SGML files and generate independend from TLDP public versions, this versions will show up there and also on its mirrors. Releases 0.x - 0.60.2 2007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail) 0.60.1 2007-06-16/PB: speling fixes (credits to Larry W. Burton) 0.60 2007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes 0.52 2007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes 0.51 2006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich) 0.50.2 2006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto) 0.50.1 2006-09-23/PB: add some URLs 0.50 2006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing 0.49.5 2006-08-23/PB: fix/remove broken URLs 0.49.4 2006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones. 0.49.3 2006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter 0.49.2 2006-08-20/PB: update and cleanup of maillist entries 0.49.1 2006-06-13/PB: major update of mobility section (contributed by Benjamin Thery) 0.49 2005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel) 0.48.1 2005-01-15/PB: minor fixes 0.48 2005-01-11/PB: grammar check and minor review of IPv6 IPsec section 0.47.1 2005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs 0.47 2004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation 0.46.4 2004-07-19/PB: minor fixes 0.46.3 2004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation 0.46.2 2004-05-22/PB: minor fixes 0.46.1 2004-04-18/PB: minor fixes 0.46 2004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates 0.45.1 2004-01-12/PB: add note about the official example address space 0.45 2004-01-11/PB: minor fixes, add/fix some URLs, some extensions 0.44.2 2003-10-30/PB: fix some copy&paste text bugs 0.44.1 2003-10-19/PB: add note about start of Italian translation 0.44 2003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache2 0.43.4 2003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs 0.43.3 2003-06-19/PB: fix typos 0.43.2 2003-06-11/PB: fix URL 0.43.1 2003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec 0.43 2003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation 0.42 2003-05-09/PB: minor fixes, announce French translation 0.41.4 2003-05-02/PB: Remove a broken URL, update some others. 0.41.3 2003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation 0.41.2 2003-04-13/PB: Fix some typos, add a note about a French translation is in progress 0.41.1 2003-03-31/PB: Remove a broken URL, fix another 0.41 2003-03-22/PB: Add URL of German translation 0.40.2 2003-02-27/PB: Fix a misaddressed URL 0.40.1 2003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations 0.40 2003-02-10/PB: Announcing available German version 0.39.2 2003-02-10/GK: Minor syntax and spelling fixes 0.39.1 2003-01-09/PB: fix an URL (draft adopted to an RFC) 0.39 2003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul) 0.38.1 2003-01-09/PB: a minor fix 0.38 2003-01-06/PB: minor fixes 0.37.1 2003-01-05/PB: minor updates 0.37 2002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections 0.36.1 2002-12-20/PB: Minor fixes 0.36 2002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes 0.35 2002-12-11/PB: Some fixes and extensions 0.34.1 2002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs) 0.34 2002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books 0.33 2002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example 0.32 2002-11-03/PB: Add information about Taiwanese translation 0.31.1 2002-10-06/PB: Add another maillist 0.31 2002-09-29/PB: Extend information in proc-filesystem entries 0.30 2002-09-27/PB: Add some maillists 0.29 2002-09-18/PB: Update statement about nmap (triggered by Fyodor) 0.28.1 2002-09-16/PB: Add note about ping6 to multicast addresses, add some labels 0.28 2002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle 0.27 2002-08-10/PB: Some minor updates 0.26.2 2002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters 0.26.1 2002-07-13/PB: Update nmap/IPv6 information 0.26 2002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only 0.25.2 2002-07-11/PB: Minor spelling fixes 0.25.1 2002-06-23/PB: Minor spelling and other fixes 0.25 2002-05-16/PB: Cosmetic fix for 2^128, thanks to José AbÃlio Oliveira Matos for help with LyX 0.24 2002-05-02/PB: Add entries in URL list, minor spelling fixes 0.23 2002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL 0.22 2002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists 0.21 2002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.4 2002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.3 2002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan 0.20.2 2002-02-05/PB: Add mipl to maillist table 0.20.1 2002-01-31/PB: Add a hint how to generate 6to4 addresses 0.20 2002-01-30/PB: Add a hint about default route problem, some minor updates 0.19.2 2002-01-29/PB: Add many new URLs 0.19.1 2002-01-27/PB: Add some forgotten URLs 0.19 2002-01-25/PB: Add two German books, fix quote entinities in exported SGML code 0.18.2 2002-01-23/PB: Add a FAQ on the program chapter 0.18.1 2002-01-23/PB: Move “the end” to the end, add USAGI to maillists 0.18 2002-01-22/PB: Fix bugs in explanation of multicast address types 0.17.2 2002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document 0.17.1 2002-01-20/PB: Add a reference, fix URL text in online-test-tools 0.17 2002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses 0.16 2002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs. 0.15 2002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document 0.14 2002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements 0.13 2002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions 0.12 2002-01-03/PB: Merge review of David Ranch 0.11 2002-01-02/PB: Spell checking and merge review of Pekka Savola 0.10 2002-01-02/PB: First public release of chapter 1 + 0.61 2007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update. 0.60.2 2007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail) 0.60.1 2007-06-16/PB: speling fixes (credits to Larry W. Burton) 0.60 2007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes 0.52 2007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes 0.51 2006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich) 0.50.2 2006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto) 0.50.1 2006-09-23/PB: add some URLs 0.50 2006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing 0.49.5 2006-08-23/PB: fix/remove broken URLs 0.49.4 2006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones. 0.49.3 2006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter 0.49.2 2006-08-20/PB: update and cleanup of maillist entries 0.49.1 2006-06-13/PB: major update of mobility section (contributed by Benjamin Thery) 0.49 2005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel) 0.48.1 2005-01-15/PB: minor fixes 0.48 2005-01-11/PB: grammar check and minor review of IPv6 IPsec section 0.47.1 2005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs 0.47 2004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation 0.46.4 2004-07-19/PB: minor fixes 0.46.3 2004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation 0.46.2 2004-05-22/PB: minor fixes 0.46.1 2004-04-18/PB: minor fixes 0.46 2004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates 0.45.1 2004-01-12/PB: add note about the official example address space 0.45 2004-01-11/PB: minor fixes, add/fix some URLs, some extensions 0.44.2 2003-10-30/PB: fix some copy&paste text bugs 0.44.1 2003-10-19/PB: add note about start of Italian translation 0.44 2003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache2 0.43.4 2003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs 0.43.3 2003-06-19/PB: fix typos 0.43.2 2003-06-11/PB: fix URL 0.43.1 2003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec 0.43 2003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation 0.42 2003-05-09/PB: minor fixes, announce French translation 0.41.4 2003-05-02/PB: Remove a broken URL, update some others. 0.41.3 2003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation 0.41.2 2003-04-13/PB: Fix some typos, add a note about a French translation is in progress 0.41.1 2003-03-31/PB: Remove a broken URL, fix another 0.41 2003-03-22/PB: Add URL of German translation 0.40.2 2003-02-27/PB: Fix a misaddressed URL 0.40.1 2003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations 0.40 2003-02-10/PB: Announcing available German version 0.39.2 2003-02-10/GK: Minor syntax and spelling fixes 0.39.1 2003-01-09/PB: fix an URL (draft adopted to an RFC) 0.39 2003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul) 0.38.1 2003-01-09/PB: a minor fix 0.38 2003-01-06/PB: minor fixes 0.37.1 2003-01-05/PB: minor updates 0.37 2002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections 0.36.1 2002-12-20/PB: Minor fixes 0.36 2002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes 0.35 2002-12-11/PB: Some fixes and extensions 0.34.1 2002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs) 0.34 2002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books 0.33 2002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example 0.32 2002-11-03/PB: Add information about Taiwanese translation 0.31.1 2002-10-06/PB: Add another maillist 0.31 2002-09-29/PB: Extend information in proc-filesystem entries 0.30 2002-09-27/PB: Add some maillists 0.29 2002-09-18/PB: Update statement about nmap (triggered by Fyodor) 0.28.1 2002-09-16/PB: Add note about ping6 to multicast addresses, add some labels 0.28 2002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle 0.27 2002-08-10/PB: Some minor updates 0.26.2 2002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters 0.26.1 2002-07-13/PB: Update nmap/IPv6 information 0.26 2002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only 0.25.2 2002-07-11/PB: Minor spelling fixes 0.25.1 2002-06-23/PB: Minor spelling and other fixes 0.25 2002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX 0.24 2002-05-02/PB: Add entries in URL list, minor spelling fixes 0.23 2002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL 0.22 2002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists 0.21 2002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.4 2002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.3 2002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan 0.20.2 2002-02-05/PB: Add mipl to maillist table 0.20.1 2002-01-31/PB: Add a hint how to generate 6to4 addresses 0.20 2002-01-30/PB: Add a hint about default route problem, some minor updates 0.19.2 2002-01-29/PB: Add many new URLs 0.19.1 2002-01-27/PB: Add some forgotten URLs 0.19 2002-01-25/PB: Add two German books, fix quote entinities in exported SGML code 0.18.2 2002-01-23/PB: Add a FAQ on the program chapter 0.18.1 2002-01-23/PB: Move “the end” to the end, add USAGI to maillists 0.18 2002-01-22/PB: Fix bugs in explanation of multicast address types 0.17.2 2002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document 0.17.1 2002-01-20/PB: Add a reference, fix URL text in online-test-tools 0.17 2002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses 0.16 2002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs. 0.15 2002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document 0.14 2002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements 0.13 2002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions 0.12 2002-01-03/PB: Merge review of David Ranch 0.11 2002-01-02/PB: Spell checking and merge review of Pekka Savola 0.10 2002-01-02/PB: First public release of chapter 1 Credits The quickest way to be added to this nice list is to send bug fixes, corrections, and/or updates to me ;-). If you want to do a major review, you can use the native LyX file (see original source) and send diffs against it, because diffs against SGML don't help too much. Major credits - David Ranch <dranch at trinnet dot net>: For encouraging me to write this HOWTO, his editorial comments on the first few revisions, and his contributions to various IPv6 testing results on my IPv6 web site. Also for his major reviews and suggestions. Pekka Savola <pekkas at netcore dot fi>: For major reviews, input and suggestions. Martin F. Krafft <madduck at madduck dot net>: For grammar checks and general reviewing of the document. John Ronan <j0n at tssg dot wit dot ie>: For grammar checks. Georg Käfer <gkaefer at gmx dot at>: For detection of no proper PDF creation (fixed now by LDP maintainer Greg Ferguson), input for German books, big list of URLs, checking all URLs, many more suggestions, corrections and contributions, and the German translation Michel Boucey <mboucey at free dot fr>: Finding typos and some broken URLs, contribute some suggestions and URLs, and the French translation Michele Ferritto <m dot ferritto at virgilio dot it>: Finding bugs and the Italian translation Daniel Roesen <dr at cluenet dot de>: For grammar checks Benjamin Thery <benjamin dot thery at bull dot net>: For contribution of updated mobility section John Wenker <jjw at pt dot com>: major contribution to Programming using C-API + David Ranch <dranch at trinnet dot net>: For encouraging me to write this HOWTO, his editorial comments on the first few revisions, and his contributions to various IPv6 testing results on my IPv6 web site. Also for his major reviews and suggestions. Pekka Savola <pekkas at netcore dot fi>: For major reviews, input and suggestions. Martin F. Krafft <madduck at madduck dot net>: For grammar checks and general reviewing of the document. John Ronan <j0n at tssg dot wit dot ie>: For grammar checks. Georg Käfer <gkaefer at gmx dot at>: For detection of no proper PDF creation (fixed now by LDP maintainer Greg Ferguson), input for German books, big list of URLs, checking all URLs, many more suggestions, corrections and contributions, and the German translation Michel Boucey <mboucey at free dot fr>: Finding typos and some broken URLs, contribute some suggestions and URLs, and the French translation Michele Ferritto <m dot ferritto at virgilio dot it>: Finding bugs and the Italian translation Daniel Roesen <dr at cluenet dot de>: For grammar checks Benjamin Thery <benjamin dot thery at bull dot net>: For contribution of updated mobility section John Wenker <jjw at pt dot com>: major contribution to Programming using C-API Other credits Document technique related