diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html index e8c65915..c98e1434 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html @@ -59,6 +59,23 @@ COLSPAN="3" >Version 0.67.de.1wip2015-08-18Geändert durch: PBVersion 0.66.de.1

Das Ziel des Linux IPv6 HOWTO ist die Beantwortung von Basis- und Experten-Fragen zum Thema IPv6 mit Linux-Betriebssystemen. Dieses HOWTO will dem Leser genug Informationen bereitstellen, um IPv6-Anwendungen auf Linux Computer installieren, konfigurieren und anwenden zu können. Zwischen-Versionen sind auf

1.3. Version, Werdegang und Unerledigtes
1.5. Technisches
1.6. Vorwort
1.7. Verwendete Begriffe, Glossar und Abkürzungen
1.8. Grundvoraussetzung für die Verwendung dieses HOWTOs
2.1. Was ist IPv6?
2.3. Wie sehen IPv6 Adressen aus?
2.4. FAQ (Grundlagen)
3.1. Adressen ohne speziellen Präfix
3.2. Netzteil der Adresse (Präfix)
3.3. Adress-Typen (Host-Teil)
3.4. Präfixlängen für das Routing
4.2. IPv6 kompatible Tools zur Netzwerkkonfiguration
4.3. IPv6 Test/Debug-Programme
4.4. IPv6 kompatible Programme
4.5. IPv6 kompatible Client-Programme (Auswahl)
4.6. IPv6 kompatible Server
5.1. Unterschiedliche Netzwerk-Geräte
5.2. Interfaces ein/aus-schalten
6.1. Bestehende IPv6 Adressen anzeigen
6.2. Hinzufügen einer IPv6 Adresse
6.3. IPv6 Adressen entfernen
6.4. Automatische IPv6-Adress-Konfiguration
6.5. Aktivieren der Privacy Extension
7.1. Bestehende IPv6-Routen anzeigen
7.2. Eine IPv6-Route über ein Gateway hinzufügen
7.3. Eine IPv6-Route über ein Gateway entfernen
7.4. Eine IPv6-Route über ein Interface hinzufügen
7.5. Eine IPv6-Route über ein Interface entfernen
7.6. FAQ für IPv6-Routen
8.1. Netzwerkumgebung mit “ip” anzeigen
8.2. Tabelle der Netzwerkumgebung mit “ip” editieren
9.1. Tunnelarten
9.2. Bestehende Tunnel anzeigen
10.1. Anzeigen von existierenden Tunnels
10.2. Konfiguration eines Punkt-zu-Punkt Tunnels
10.3. Löschen von Punkt-zu-Punkt-Tunnels
11.1. Zugriff auf das /proc-Dateisystem
14.1. Server Socket-Anbindung
15.1. Red Hat Linux und “Klone”
15.2. SuSE Linux
16.1. Stateless Auto-Konfiguration (out-of-the-box)
16.2. Stateless Auto-Konfiguration unter Verwendung des Router Advertisement Daemon (radvd)
16.3. Dynamic Host Configuration Protocol v6 (DHCPv6)
17.1. Allgemeines
18.2. Vorbereitung
18.3. Verwendung
18.5. Firewall-Setup mit nftables
19.1. Sicherheit des Knoten
19.2. Zugangsbeschränkungen
20.1. Nutzungsarten von Verschlüsselung und Authentifizierung
20.2. Unterstützung im Kernel (ESP und AH)
20.3. Automatischer Schlüssel-Austausch (IKE)
20.4. Anmerkungen:
21.1. General
21.2. Linux QoS mit “tc”
23.2. Andere Programmiersprachen
25.4. IPv6 Infrastruktur
26. Versions-Überblick / Danksagung / Zum Schluss
26.3. Zum Schluss

1.1.1. Copyright


1.1.2. Lizenz


1.1.3. Über den Autor

1.1.3.1. Internet/IPv6 Background des Autors


1.1.3.2. Ansprechpartner


1.3. Version, Werdegang und Unerledigtes

1.3.1. Version

Die aktuelle Versionsnummer finden Sie auf der Titelseite.

CVS-Information:

CVS-ID: $Id$

Für andere verfügbare Versionen/Übersetzungen siehe auch


1.3.2. Werdegang

1.3.2.1. Eckpunkte


1.3.2.2. Vollständiger Werdegang


1.3.3. Unerledigtes


1.4.1. Diverse Sprachen


1.4.1.1. Deutsch


1.4.1.2. Andere Sprachen


1.5. Technisches


1.5.1.1. Zeilenumbruch in Code-Beispielen


1.5.1.2. SGML Erzeugung


1.5.2. Online-Verweise auf die HTML Version dieses HOWTOs (Links / Anchors)

1.5.2.1. Hauptindexseite


1.5.2.2. Seitennamen


1.6. Vorwort


1.6.1. Wie viele IPv6 & Linux bezogene HOWTOs gibt es?


1.6.1.1. Linux Ipv6 FAQ/HOWTO (veraltet)


1.6.1.2. IPv6 & Linux - HowTo (gewartet)


1.6.1.3. Linux IPv6 HOWTO (dieses Dokument)


1.7. Verwendete Begriffe, Glossar und Abkürzungen

1.7.1. Netzwerkbegriffe


1.7.2. In diesem Dokument verwendete Syntax

1.7.2.1. Zeilenumbruchs-Zeichen bei langen Codebeispielen


1.7.2.2. Platzhalter


1.7.2.3. Shell-Kommandos


1.8. Grundvoraussetzung für die Verwendung dieses HOWTOs

1.8.1. Persönliche Anforderungen

1.8.1.1. Erfahrung mit Unix Tools


1.8.1.2. Erfahrung mit Netzwerktheorie


1.8.1.3. Erfahrung mit der Konfiguration von IPv4 Netzen


1.8.1.4. Erfahrung mit dem Domain Name System (DNS)


1.8.1.5. Routine im Umgang mit Strategien zur Netzwerk-Fehlersuche


1.8.2. Linux kompatible Hardware

2.1. Was ist IPv6?


2.2.1. Anfang


2.2.2. Übergangszeit


2.2.3. Heute


2.2.4. Zukunft


2.3. Wie sehen IPv6 Adressen aus?


2.4. FAQ (Grundlagen)

2.4.1. Warum wird der Nachfolger von IPv4 nun IPv6 und nicht IPv5 genannt?


2.4.2. IPv6 Adressen: Warum ist die Anzahl der Bits so groß?


2.4.3. IPv6 Adressen: Warum ist die Bit-Anzahl bei einem neuen Design so klein?


3.1. Adressen ohne speziellen Präfix

3.1.1. Localhost Adresse


3.1.2. Unspezifische Adresse


3.1.3. IPv6 Adressen mit eingebetteter IPv4 Adresse


3.1.3.1. IPv4 Adressen in IPv6 Format


3.1.3.2. IPv4 kompatible IPv6 Adressen


3.2. Netzteil der Adresse (Präfix)


3.2.1. Link-lokaler Adress-Typ


3.2.2. Site-lokaler Adress-Typ


3.2.3. Unique Local IPv6 Unicast Adressen


3.2.4. Globaler Adress-Typ ("Aggregatable global unicast")


3.2.4.1. 6bone Test-Adressen


3.2.4.2. 6to4 Adressen


3.2.4.3. Durch einen Provider zugewiesene Adressen für ein hierarchisches Routing


3.2.4.4. Für Beispiele und Dokumentationen reservierte Adressen


3.2.5. Multicast-Addressen


3.2.5.1. Multicast-Bereiche


3.2.5.2. Multicast-Typen


3.2.5.3. Erforderliche node link-local Multicast Adresse


3.2.6. Anycast-Adressen


3.2.6.1. Subnet-Router Anycast-Adresse


3.3. Adress-Typen (Host-Teil)


3.3.1. Automatisch erstellte Adressen (auch unter dem Namen stateless bekannt)


3.3.1.1. Datenschutzproblem mit automatisch erstellten Adressen sowie eine Lösung


3.3.2. Manuell festgelegte Adressen


3.4. Präfixlängen für das Routing


3.4.1. Präfixlängen ("netmasks" genannt)


3.4.2. Zutreffende Routen


4.1.1. Überprüfung der IPv6 Unterstützung im aktuellen Kernel


4.1.2. IPv6 Module laden


4.1.2.1. Automatisches Laden des Moduls


4.1.3. Kernel-Kompilierung mit IPv6 Funktionalität


4.1.3.1. Kompilieren eines Standard-Kernels


4.1.3.2. Kompilieren eines Kernels mit USAGI-Erweiterungen


4.1.4. IPv6 kompatible Netzwerkgeräte


4.1.4.1. Gegenwärtig bekannte Verbindungsarten, die niemals IPv6 fähig sein werden


4.1.4.2. Bekannte Verbindungsarten, die gegenwärtig IPv6 nicht unterstützen


4.2. IPv6 kompatible Tools zur Netzwerkkonfiguration


4.2.1. net-tools Paket


4.2.2. iproute Paket


4.3. IPv6 Test/Debug-Programme


4.3.1.1. Das Interface für einen IPv6 ping bestimmen


4.3.1.2. Ping6 zu Multicast-Adressen


4.3.4.1. IPv6 ping zur Adresse 2001:0db8:100:f101::1 über einen lokalen Link


4.3.4.2. IPv6 ping zur Adresse 2001:0db8:100::1 über einen IPv6-in-IPv4 Tunnel geroutet


4.4. IPv6 kompatible Programme


4.5. IPv6 kompatible Client-Programme (Auswahl)


4.5.1. DNS-Überprüfung der IPv6 Adress-Auflösung


4.5.2. IPv6 kompatible Telnet Client-Programme


4.5.3. IPv6 kompatible ssh Client-Programme

4.5.3.1. openssh


4.5.3.2. ssh.com


4.5.4. IPv6 kompatible Web-Browser


4.5.4.1. URLs zum testen


4.6. IPv6 kompatible Server

4.7.1. Anwendung diverser Tools

4.7.1.1. Q: ping6 zu einer link-lokalen Adresse funktioniert nicht


4.7.1.2. Q: ping6 oder traceroute6 funktioniert nicht als normaler Benutzer

5.1. Unterschiedliche Netzwerk-Geräte


5.1.1. Physikalische Devices


5.1.2. Virtuelle Devices


5.1.2.1. IPv6-in-IPv4 Tunnel Interfaces


5.1.2.2. PPP Interfaces


5.1.2.3. ISDN HDLC Interfaces


5.1.2.4. ISDN PPP Interfaces


5.1.2.5. SLIP + PLIP


5.1.2.6. Ether-tap Device


5.1.2.7. tun Device


5.1.2.8. ATM


5.1.2.9. Sonstige


5.2. Interfaces ein/aus-schalten


5.2.1. Verwendung von "ip"


5.2.2. Verwendung von "ifconfig"


6.1. Bestehende IPv6 Adressen anzeigen


6.1.1. Verwendung von "ip"


6.1.2. Verwendung von "ifconfig"


6.2. Hinzufügen einer IPv6 Adresse


6.2.1. Verwendung von "ip"


6.2.2. Verwendung von "ifconfig"


6.3. IPv6 Adressen entfernen


6.3.1. Verwendung von "ip"


6.3.2. Verwendung von "ifconfig"


6.4. Automatische IPv6-Adress-Konfiguration


6.5. Aktivieren der Privacy Extension


6.5.1. Aktivieren von Privacy Extension mit Hilfe von sysctl

Temporäre Aktivierung

Permanente Aktivierung


6.5.2. Aktivieren von Privacy Extension mit Hilfe des NetworkManager


6.5.3. Test zur Benutzung von Privacy Extension IPv6-Adressen


7.1. Bestehende IPv6-Routen anzeigen


7.1.1. Verwendung von "ip"


7.1.2. Verwendung von "route"


7.2. Eine IPv6-Route über ein Gateway hinzufügen


7.2.1. Verwendung von "ip"


7.2.2. Verwendung von "route"


7.3. Eine IPv6-Route über ein Gateway entfernen


7.3.1. Verwendung von "ip"


7.3.2. Verwendung von "route"


7.4. Eine IPv6-Route über ein Interface hinzufügen


7.4.1. Verwendung von "ip"


7.4.2. Verwendung von "route"


7.5. Eine IPv6-Route über ein Interface entfernen


7.5.1. Verwendung von "ip"


7.5.2. Verwendung von "route"


7.6. FAQ für IPv6-Routen

7.6.1. Unterstützung einer IPv6 Default-Route


7.6.1.1. Clients (kein Routing eines Paketes!)


7.6.1.2. Router & Paketweiterleitung


8.1. Netzwerkumgebung mit “ip” anzeigen


8.2. Tabelle der Netzwerkumgebung mit “ip” editieren

8.2.1. Eintrag manuell hinzufügen


8.2.2. Eintrag manuell entfernen


8.2.3. Erweiterte Einstellungen


9.1. Tunnelarten


9.1.1. Statische Punkt-zu-Punkt Tunnel


9.1.2. Automatische Tunnel


9.1.3.1. Erstellen eines 6to4 Präfixes


9.1.3.2. 6to4 Tunnel zum Upstream


9.1.3.3. 6to4 Tunnel zum Downstream


9.1.3.4. Möglicher 6to4 Verkehr


9.1.4. UDP gekapselte IPv6 Tunnels


9.1.4.1. Teredo Tunnel


9.1.4.2. AYIYA Tunnel


9.1.4.3. gogo6 Tunnel


9.2. Bestehende Tunnel anzeigen

9.2.1. Verwendung von "ip"


9.2.2. Verwendung von "route"


9.3.1. Einen Punkt-zu-Punkt Tunnel hinzufügen

9.3.1.1. Verwendung von "ip"


9.3.1.2. Verwendung von "ifconfig" und "route" (nicht empfehlenswert)


9.3.1.3. Verwendung allein von "route"


9.3.2. Punkt-zu-Punkt Tunnel entfernen


9.3.2.1. Verwendung von "ip"


9.3.2.2. Verwendung von "ifconfig" und "route" (nicht empfehlenswert, da unbequem)


9.3.2.3. Verwendung von "route"


9.3.3. Nummerierte Punkt-zu-Punkt Tunnel


9.4.1. 6to4 Tunnel hinzufügen


9.4.1.1. Verwendung von "ip" und einem dedizierten Tunnel-Device


9.4.1.2. Verwendung von "ifconfig" und "route" sowie einem generischen Tunnel-Device "sit0" (nicht empfehlenswert)


9.4.2. 6to4 Tunnel entfernen

9.4.2.1. Verwendung von "ip" und einem dedizierten Tunnel-Device


9.4.2.2. Verwendung von "ifconfig" und "route" sowie einem generischen Tunnel-Device "sit0" (nicht empfehlenswert)


10.1. Anzeigen von existierenden Tunnels


10.2. Konfiguration eines Punkt-zu-Punkt Tunnels


10.3. Löschen von Punkt-zu-Punkt-Tunnels


11.1. Zugriff auf das /proc-Dateisystem

11.1.1. Verwendung von "cat" und "echo"


11.1.1.1. Wert anzeigen


11.1.1.2. Wert einstellen


11.1.2. Verwendung von "sysctl"


11.1.2.1. Wert anzeigen


11.1.2.2. Wert einstellen


11.1.2.3. Sonstiges


11.1.3. Werte im /proc-Dateisystem

11.2.1. conf/default/*


11.2.2. conf/all/*


11.2.2.1. conf/all/forwarding


11.2.3. conf/interface/*


11.2.3.1. accept_ra


11.2.3.2. accept_redirects


11.2.3.3. autoconf


11.2.3.4. dad_transmits


11.2.3.5. forwarding


11.2.3.6. hop_limit


11.2.3.7. mtu


11.2.3.8. router_solicitation_delay


11.2.3.9. router_solicitation_interval


11.2.3.10. router_solicitations


11.2.4. neigh/default/*


11.2.4.1. gc_thresh1


11.2.4.2. gc_thresh2


11.2.4.3. gc_thresh3


11.2.4.4. gc_interval


11.2.5. neigh/interface/*


11.2.5.1. anycast_delay


11.2.5.2. gc_stale_time


11.2.5.3. proxy_qlen


11.2.5.4. unres_qlen


11.2.5.5. app_solicit


11.2.5.6. locktime


11.2.5.7. retrans_time


11.2.5.8. base_reachable_time


11.2.5.9. mcast_solicit


11.2.5.10. ucast_solicit


11.2.5.11. delay_first_probe_time


11.2.5.12. proxy_delay


11.2.6. route/*


11.2.6.1. flush


11.2.6.2. gc_interval


11.2.6.3. gc_thresh


11.2.6.4. mtu_expires


11.2.6.5. gc_elasticity


11.2.6.6. gc_min_interval


11.2.6.7. gc_timeout


11.2.6.8. min_adv_mss


11.2.6.9. max_size


11.3.1. ip_*


14.2.1.2. Router Anfrage


14.2.2. Neighbor-Erkennung


18.3.2.3. Hinzufügen einer Log-Regel zum Input-Filter mit Optionen


18.3.2.4. Hinzufügen einer Drop-Regel zum Input-Filter


18.3.2.5. Löschen einer Regel mit Hilfe der Regelnummer


18.3.2.6. Aktiviere die Auswertung des Verbindungsstatus (connection tracking)


18.3.2.7. ICMPv6 erlauben


18.3.2.8. Rate-limiting


18.3.2.9. Eingehende SSH-Verbindung erlauben


18.3.2.10. Getunnelten IPv6-in-IPv4 Datenverkehr erlauben


18.3.2.11. Schutz gegen eingehende TCP-Verbindungs-Anfragen


18.3.2.12. Schutz gegen eingehende UDP-Verbindungs-Anfragen


18.3.3. Anwendungsbeispiele

18.3.3.1. Einfaches Beispiel für Fedora


18.3.3.2. Umfangreicheres Beispiel


18.4.1. IPv6 Maskierung


18.4.2. IPv6 Destination NAT


18.4.3. IPv6 Port Weiterleitung


18.5. Firewall-Setup mit nftables


18.5.1. Präparation zur Nutzung von nftables


18.5.2. Basis-nftables Konfiguration


18.5.3. Einfache Filter-Policy mit nftables

18.5.3.1. Konfiguration


18.5.3.2. Ergebnis


18.5.3.3. Tipps für's Loggen


18.5.4. Filter-Policy mit nftables unter Benutzung der Tablellen “ip”, “ip6” und “inet”

19.1. Sicherheit des Knoten


19.2. Zugangsbeschränkungen


19.3.1. Rechtsfragen


19.3.2. Sicherheitsüberwachung mit IPv6 fähigen netcat


19.3.3. Sicherheitsüberwachung mit IPv6 fähigen NMap


19.3.4. Sicherheitsüberprüfung IPv6 fähigen strobe


19.3.5. Sicherheitsüberprüfung mit Online-Werkzeugen


19.3.6. Überprüfungsergebnisse


20.1. Nutzungsarten von Verschlüsselung und Authentifizierung


20.1.1. Transport-Modus


20.1.2. Tunnel-Modus


20.2. Unterstützung im Kernel (ESP und AH)


22.3.1.2. Virtueller Host mit IPv4 und IPv6 Adresse


22.3.1.3. Zusätzliche Anmerkungen


22.4.1. radvd konfigurieren

22.4.1.1. Einfache Konfiguration


22.4.1.2. Spezielle 6to4 Konfiguration


22.4.2. Fehlersuche


22.5.1. Konfiguration des DHCPv6-Servers (dhcp6s)

22.5.1.1. Einfache Konfiguration


22.5.2. Konfiguration des DHCPv6-Client (dhcp6s)

22.5.2.1. Einfache Konfiguration


22.5.3. Benutzung

22.5.3.1. dhcp6s


22.5.3.2. dhcp6c


22.5.4. Fehlersuche

22.5.4.1. dhcp6s


22.5.4.2. dhcp6c


22.6.1. Konfiguration des ISC DHCP Server für IPv6 (dhcpd)


22.6.1.1. Einfache Configuration


22.6.2. Benutzung

22.6.2.1. dhcpd


22.7.1. Konfiguration des Dibbler DHCP server für IPv6

22.7.1.1. Einfache Konfuration


22.7.2. Benutzung

22.7.2.1. dibbler-server


22.8.1. Filter-Funktionalität


22.8.2. Welches Programm benützt tcp_wrapper


22.8.3. Anwendung


22.8.3.1. Beispiel für /etc/hosts.allow


22.8.3.2. Beispiel für /etc/hosts.deny


22.8.4. Protokollierung


22.8.4.1. Abgelehnte Verbindung


22.8.4.2. Akzeptierte Verbindung

22.9.1. Auf IPv6-Adressen lauschen

22.10.1. Auf IPv6-Adressen lauschen


23.2. Andere Programmiersprachen

25.6.1. Test-Werkzeuge


25.6.2. Informationsbeschaffung


25.6.3. IPv6 Looking Glasses


25.6.4. Hilfsapplikationen


Kapitel 26. Versions-Überblick / Danksagung / Zum Schluss


26.1.1. Ausgabe 0.x

26.1.1.1. Englische Sprachversion (Peter Bieringer's Original)


26.1.1.2. Deutsche Sprachversion


26.2.2. Sonstiger Dank...

26.2.2.1. Verwaltung des Dokuments


26.3. Zum Schluss

0.67.de.1wip 2015-08-18 PB +\end_layout + +\end_inset + + \end_layout \begin_layout Standard @@ -458,14 +473,6 @@ Version Die aktuelle Versionsnummer finden Sie auf der Titelseite. \end_layout -\begin_layout Standard -CVS-Information: -\end_layout - -\begin_layout Code -CVS-ID: $Id$ -\end_layout - \begin_layout Standard Für andere verfügbare Versionen/Übersetzungen siehe auch \lang english @@ -20126,19 +20133,8 @@ target "http://www.ipinfusion.com/products/server/products_server.html" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "SPA Mail Server 2.21 " -target "http://download.com.com/3000-2165-10153543.html?tag=lst-0-21" - -\end_inset - - -\end_layout - -\begin_layout Itemize -\begin_inset CommandInset href -LatexCommand href -name "Inframail (Advantage Server Edition) 6.0 " -target "http://download.com.com/3000-2165-8202652.html?tag=lst-0-2" +name "Inframail (Advantage Server Edition)" +target "http://download.cnet.com/Inframail-Advantage-Server-Edition/3000-10248_4-8202652.html" \end_inset @@ -20149,7 +20145,7 @@ target "http://download.com.com/3000-2165-8202652.html?tag=lst-0-2" \begin_inset CommandInset href LatexCommand href name "HTTrack Website Copier" -target "http://download.com.com/3000-2377-10149393.html?tag=lst-0-1" +target "http://download.cnet.com/HTTrack-Website-Copier/3000-2377_4-10149393.html" \end_inset @@ -20159,8 +20155,8 @@ target "http://download.com.com/3000-2377-10149393.html?tag=lst-0-1" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "CommView 5.0" -target "http://download.com.com/3000-2085-10132748.html?tag=lst-0-1" +name "CommView" +target "http://download.cnet.com/CommView/3000-2085_4-10132748.html" \end_inset @@ -20170,8 +20166,8 @@ target "http://download.com.com/3000-2085-10132748.html?tag=lst-0-1" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "Posadis 0.50.6" -target "http://download.com.com/3000-2104-10149750.html?tag=lst-0-1" +name "Posadis" +target "http://download.cnet.com/Posadis/3000-2155_4-10149750.html" \end_inset diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf index fb24d6ba..a3581949 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml index ad1ca17c..b0078d07 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml @@ -7,13 +7,14 @@ ]> - Linux IPv6 HOWTO (de) PeterBieringer

pb at bieringer dot de
+ 0.67.de.1wip 2015-08-18 PB 0.66.de.1 2014-05-15 PB 0.65.de.1 2009-12-13 PB 0.64.de.1 2009-06-11 PB @@ -55,9 +56,7 @@ Deutsche Übersetzung Copyright © 2002-2003 Georg Käfer, weitergeführt von Pe Version Die aktuelle Versionsnummer finden Sie auf der Titelseite. -CVS-Information: -Für andere verfügbare Versionen/Übersetzungen siehe auch http://www.bieringer.de/linux/IPv6/. +Für andere verfügbare Versionen/Übersetzungen siehe auch http://www.bieringer.de/linux/IPv6/. Werdegang Eckpunkte @@ -3192,7 +3191,7 @@ SourceForge: Project Info - Wireshark (ehemals Ethereal) is ein kostenloser Netzwerkprotokoll-Analyseprogramm für Unix und Windows Radcom RC100-WL - Download Radcom RC100-WL Protokollanalyseprogramm version 3.20 IPv6 Produkte -6wind - Lösungen für IPv4/IPv6 Router, QoS, Multicast, Mobility, Security/VPN/Firewall.Fefe's patches for IPv6 with djbdns - Aug 2002 - Was ist djbdns und warum es IPv6 benötigt? djbdns ist ein vollwertiger DNS Server, welcher “outperforms BIND in nearly all respects”.ZebOS Server Routing Suite SPA Mail Server 2.21 Inframail (Advantage Server Edition) 6.0 HTTrack Website CopierCommView 5.0Posadis 0.50.6 +6wind - Lösungen für IPv4/IPv6 Router, QoS, Multicast, Mobility, Security/VPN/Firewall.Fefe's patches for IPv6 with djbdns - Aug 2002 - Was ist djbdns und warum es IPv6 benötigt? djbdns ist ein vollwertiger DNS Server, welcher “outperforms BIND in nearly all respects”.ZebOS Server Routing Suite Inframail (Advantage Server Edition)HTTrack Website CopierCommViewPosadis <!-- anchor id="information-snmp" -->SNMP comp.protocpols.snmp SNMP FAQ Part 1 of 2 diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.html index 389837c1..fe699729 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.html @@ -59,6 +59,23 @@ COLSPAN="3" >
Version 0.49.fr.3wip2015-08-18Revu par : PB
Version 0.49.fr.2

L'objet de cet HOWTO IPv6 Linux est de répondre à la fois aux questions basiques et avancées au sujet d'IPv6 sur le système d'exploitation Linux. Cet HOWTO fournira au lecteur assez d'information pour installer, configurer et utiliser les applications IPv6 sur les machines Linux.

1.3. La version, l'historique et ce qu'il reste à faire
1.5. Un peu de technique
1.6. Préface
1.7. Termes employés, glossaire et abréviations
1.8. Pré-requis à l'usage de cet HOWTO
2.1. Qu'est-ce qu'IPv6?
2.3. A quoi ressemblent les adresses IPv6?
2.4. FAQ (Les bases)
3.1. Les adresses sans préfixe spécial
3.2. La partie réseau, aussi appelée préfixe
3.3. Les types d'adresse (partie hôte)
3.4. La longueur de préfixe nécessaire au routage
4.2. Les outils de configuration réseau prêts pour IPv6
4.3. Les programmes de test/déboguage prêts pour IPv6
4.4. Les programmes prêts pour IPv6
4.5. Les programmes client prêts pour IPv6 (une sélection)
4.6. Les programmes serveur prêts pour IPv6
5.1. Les différents périphériques réseau
5.2. (dé)Montage des interfaces
6.1. Affichage des adresses IPv6 existantes
6.2. Ajouter une adresse IPv6
6.3. Ôter une adresse IPv6
7.1. Afficher les routes IPv6 existantes
7.2. Ajouter une route IPv6 traversant une passerelle
7.3. Ôter une route IPv6 traversant une passerelle
7.4. Ajouter une route IPv6 traversant une interface
7.5. Ôter une route IPv6 traversant une interface
7.6. FAQ concernant les routes IPv6
8.1. Afficher le voisinage en utilisant "ip"
8.2. Manipuler la table de voisinage en utilisant "ip"
9.1. Les types de tunnel
9.2. Afficher les tunnels existants
11.1. Comment accéder au système de fichiers /proc
13.1. Les sockets d'écoute de serveur
14.1. Linux Red Hat et ses "clones"
14.2. Linux SuSE
15.1. L'auto-configuration sans état
15.2. L'auto-configuration avec état utilisant le Démon d'Annonce de Routeur
15.3. Le Protocole de Configuration Dynamique d'Hôte version 6 (DHCPv6)
15.4. La mobilité
16.2. Préparation
16.3. Utilisation
17.1. La sécurité d'un noeud
17.2. Les limitations d'accès
18.1. Les modes d'emploi de l'encryptage et de l'authentification
18.2. Son support dans le noyau (ESP et AH)
18.3. Echange automatique de clés (IKE)
18.4. Informations complémentaires

1.1.1. Copyright


1.1.2. Licence


1.1.3. A propos de l'auteur

1.1.3.1. L'auteur, Internet et IPv6


1.1.3.2. Contact


1.3. La version, l'historique et ce qu'il reste à faire

1.3.1. La version

La version actuelle est visible dès le début de ce document.

CVS-Information: CVS-ID: $Id$

En ce qui concerne les autres versions/traductions, voir également


1.3.2. L'historique


2.4. FAQ (Les bases)

2.4.1. Pourquoi IPv6 et non pas IPv5 comme successeur d'IPv4?


2.4.2. L'adresse IPv6: pourquoi un tel nombre de bits?


2.4.3. L'adresse IPv6: pourquoi un si petit nombre de bits pour sa nouvelle conception?


3.1. Les adresses sans préfixe spécial

3.1.1. L'adresse localhost


3.1.2. L'adresse non spécifiée


3.1.3. L'adresse IPv6 avec adresse IPv4 intégrée


3.1.3.1. L'adresse IPv6 mappée IPv4


3.1.3.2. L'adresse IPv6 compatible IPv4


3.2. La partie réseau, aussi appelée préfixe


3.2.1. Le type d'adresse lien-local


3.2.2. Le type d'adresse site-local


3.2.3. Le type d'adresse ”unicast globale (agrégeable) "


3.2.3.1. Les adresses de test 6bone


3.2.3.2. Les adresses 6to4


3.2.3.3. Les adresses assignées par un fournisseur dans la hiérarchie de routage


3.2.3.4. Adresses réservées aux exemples et à la documentation


3.2.4. Les adresses multicast


3.2.4.1. La portée multicast


3.2.4.2. Les types multicast


3.2.4.3. L'adresse multicast de sollicitation du lien-local


3.2.5. Les adresses anycast


3.2.5.1. L'adresse anycast de routeur de sous-réseau


3.3. Les types d'adresse (partie hôte)


3.3.1. L'adresse calculée automatiquement (dite aussi “sans état”)


3.3.1.1. Le problème d'incursion possible dans la sphère privée (privacy problem) avec les adresses automatiquement calculées, et une solution

3.3.2. La configuration manuelle


3.4. La longueur de préfixe nécessaire au routage


3.4.1. La longueur du préfixe (aussi connue en tant que "masque de réseau")


3.4.2. La correspondance à une route


4.1.1. Vérifier la présence du support IPv6 dans le noyau actuellement en cours d'utilisation


4.1.2. Essayer de charger le module IPv6


4.1.2.1. Le chargement automatique du module


4.1.2.2. Compiler un noyau uniquement à partir des sources originales (vanille)


4.1.2.3. Compiler un noyau avec l'extension USAGI


4.1.3. Les périphériques réseau prêts pour IPv6


4.1.3.1. Actuellement connus pour ne jamais être “capables de lien IPv6”


4.1.3.2. Actuellement connu pour ne pas être “capable de lien IPv6”


4.2. Les outils de configuration réseau prêts pour IPv6


4.2.1. Le paquetage net-tools


4.2.2. Le paquetage iproute


4.3. Les programmes de test/déboguage prêts pour IPv6


4.3.1.1. Spécifier une interface à ping IPv6


4.3.1.2. Ping6 et les adresses multicast


4.3.4.1. Ping IPv6 vers l'adresse native 3ffe:ffff:100:f101::1 sur un lien-local


4.3.4.2. Ping IPv6 vers 3ffe:ffff:100::1 routée au travers d'un tunnel IPv6-in-IPv4


4.4. Les programmes prêts pour IPv6


4.5. Les programmes client prêts pour IPv6 (une sélection)


4.5.1. Vérifier la résolution DNS des adresses IPv6


4.5.2. Le client telnet prêt pour IPv6


4.5.3. Les clients ssh prêts pour IPv6

4.5.3.1. openssh


4.5.3.2. ssh.com


4.5.4. Les navigateurs web prêts pour IPv6


4.5.4.1. Un URL de test


4.6. Les programmes serveur prêts pour IPv6

4.7.1. Utiliser les outils

4.7.1.1. Q: impossible d'utiliser ping6 avec des adresses lien-local


4.7.1.2. Q: impossible d'utiliser ping6 ou traceroute en tant qu'utilisateur courant

5.1. Les différents périphériques réseau


5.1.1. Physiquement rattachés


5.1.2. Virtuellement existants


5.1.2.1. Les interfaces de tunnelage IPv6-in-IPv4


5.1.2.2. Les interfaces PPP


5.1.2.3. Les interfaces RNIS HDLC


5.1.2.4. Les interfaces PPP RNIS


5.1.2.5. SLIP + PLIP


5.1.2.6. Le périphérique Ether-tap


5.1.2.7. Les périphériques tun


5.1.2.8. ATM


5.1.2.9. Autres


5.2. (dé)Montage des interfaces


5.2.1. Utiliser "ip"


5.2.2. Utiliser "ifconfig"


6.1. Affichage des adresses IPv6 existantes


6.1.1. Utiliser "ip"


6.1.2. Utiliser "ifconfig"


6.2. Ajouter une adresse IPv6


6.2.1. Utiliser "ip"


6.2.2. Utiliser "ifconfig"


6.3. Ôter une adresse IPv6


6.3.1. Utiliser "ip"


6.3.2. Utiliser "ifconfig"


7.1. Afficher les routes IPv6 existantes


7.1.1. Utiliser "ip"


7.1.2. Utiliser "route"


7.2. Ajouter une route IPv6 traversant une passerelle


7.2.1. Utiliser "ip"


7.2.2. Utiliser "route"


7.3. Ôter une route IPv6 traversant une passerelle


7.3.1. Utiliser "ip"


7.3.2. Utiliser "route"


7.4. Ajouter une route IPv6 traversant une interface


7.4.1. Utiliser "ip"


7.4.2. Utiliser "route"


7.5. Ôter une route IPv6 traversant une interface


7.5.1. Utiliser "ip"


7.5.2. Utiliser "route"


7.6. FAQ concernant les routes IPv6

7.6.1. Support d'une route par défaut IPv6


7.6.1.1. Les clients (ne routent aucun paquet!)


7.6.1.2. Les routeurs en cas de renvoi de paquets


8.1. Afficher le voisinage en utilisant "ip"


8.2. Manipuler la table de voisinage en utilisant "ip"

8.2.1. Ajouter manuellement une entrée


8.2.2. Détruire manuellement une entrée


8.2.3. Pour plus de réglages avancés


9.1. Les types de tunnel


9.1.1. Tunnelage statique point-à-point: 6bone


9.1.2. Le tunnelage automatique


9.1.3.1. La génération d'un préfixe 6to4


9.1.3.2. Le flux de tunnelage ascendant 6to4


9.1.3.3. Le flux de tunnelage descendant 6to4


9.1.3.4. Le trafic possible avec 6to4


9.2. Afficher les tunnels existants

9.2.1. Utiliser "ip"


9.2.2. Utiliser "route"


9.3.1. Ajouter un tunnel point-à-point

9.3.1.1. Utiliser "ip"


9.3.1.2. Utiliser "ifconfig" et "route" (méthode dépréciée)


9.3.1.3. Utiliser seulement "route"


9.3.2. Ôter des tunnels point-à-point


9.3.2.1. Utiliser "ip"


9.3.2.2. Utiliser "ifconfig" et "route" (méthode dépréciée parce qu'elle n'est pas très drôle)


9.3.2.3. Utiliser "route"


9.3.3. Attribution d'une adresse (numbered) à un tunnel point-à-point

9.4.1. Ajouter un tunnel 6to4


9.4.1.1. Utiliser "ip" et un périphérique tunnel dédié


9.4.1.2. Utiliser "ifconfig", "route" et le périphérique de tunnelage “sit0” (méthode dépréciée)


9.4.2. Ôter un tunnel 6to4

9.4.2.1. Utiliser "ip" et un périphérique de tunnelage dédié


9.4.2.2. Utiliser “ifconfig”, “route” et un périphérique de tunnel générique “sit0” (déprécié)


11.1. Comment accéder au système de fichiers /proc

11.1.1. Utiliser “cat” et “echo”


11.1.1.1. Récupérer une valeur


11.1.1.2. Fixer une valeur


11.1.2. Utiliser “sysctl”


11.1.2.1. Récupérer une valeur


11.1.2.2. Fixer une valeur


11.1.2.3. En plus


11.1.3. Les types de valeur trouvés dans le système de fichiers /proc

11.2.1. conf/default/*


11.2.2. conf/all/*


11.2.2.1. conf/all/forwarding


11.2.3. conf/interface/*


11.2.3.1. accept_ra


11.2.3.2. accept_redirects


11.2.3.3. autoconf


11.2.3.4. dad_transmits


11.2.3.5. forwarding


11.2.3.6. hop_limit


11.2.3.7. mtu


11.2.3.8. router_solicitation_delay


11.2.3.9. router_solicitation_interval


11.2.3.10. router_solicitations


11.2.4. neigh/default/*


11.2.4.1. gc_thresh1


11.2.4.2. gc_thresh2


11.2.4.3. gc_thresh3


11.2.4.4. gc_interval


11.2.5. neigh/interface/*


11.2.5.1. anycast_delay


11.2.5.2. gc_stale_time


11.2.5.3. proxy_qlen


11.2.5.4. unres_qlen


11.2.5.5. app_solicit


11.2.5.6. locktime


11.2.5.7. retrans_time


11.2.5.8. base_reachable_time


11.2.5.9. mcast_solicit


11.2.5.10. ucast_solicit


11.2.5.11. delay_first_probe_time


11.2.5.12. proxy_delay


11.2.6. route/*


11.2.6.1. flush


11.2.6.2. gc_interval


11.2.6.3. gc_thresh


11.2.6.4. mtu_expires


11.2.6.5. gc_elasticity


11.2.6.6. gc_min_interval


11.2.6.7. gc_timeout


11.2.6.8. min_adv_mss


11.2.6.9. max_size


11.3.1. ip_*


13.2.1.2. Une sollicitation de routeur


13.2.2. La découverte de voisinage


16.3.2.3. Insérer une règle de journal au filtre entrant, avec des options


16.3.2.4. Insérer une règle de destruction (drop rule) au filtre entrant

16.3.2.5. Détruire une règle par son numéro


16.3.2.6. Autoriser ICMPv6


16.3.2.7. La limitation du débit


16.3.2.8. Permettre le trafic entrant SSH


16.3.2.9. Rendre disponible le trafic tunnelé IPv6-in-IPv4


16.3.2.10. Protection contre les requêtes de connexion entrante TCP


16.3.2.11. Protection contre les requêtes de connexion entrante UDP


16.3.3. Un exemple plus conséquent

17.1. La sécurité d'un noeud


17.2. Les limitations d'accès


17.3.1. Question d'ordre légal


17.3.2. Audit de sécurité par l'emploi de netcat disposant d'IPv6


17.3.3. Audit de sécurité par l'emploi de nmap disposant d'IPv6


17.3.4. Audit de sécurité par l'emploi de strobe disposant d'IPv6


17.3.5. Le résultat de l'audit


18.1. Les modes d'emploi de l'encryptage et de l'authentification


18.1.1. Le mode transport


18.1.2. Le mode tunnel


18.2. Son support dans le noyau (ESP et AH)


20.3.1.2. Un hôte virtuel écoute sur une adresse IPv6 et sur une adresse IPv4


20.3.1.3. Note additionnelle


20.4.1. Configurer radvd

20.4.1.1. Configuration simple


20.4.1.2. Configuration spéciale 6to4


20.4.2. Le déboguage


20.5.1. La configuration du serveur DHCPv6 (dhcp6s)

20.5.1.1. Une configuration simple


20.5.2. La configuration du client DHCPv6 (dhcp6c)

20.5.2.1. Une configuration simple


20.5.3. Usage

20.5.3.1. dhcpv6_server


20.5.3.2. dhcpv6_client


20.5.4. Déboguage

20.5.4.1. dhcpv6_server


20.5.4.2. dhcpv6_client


20.6.1. Les capacités de filtrage


20.6.2. Les programmes utilisant tcp_wrapper


20.6.3. Utilisation


20.6.3.1. Exemple de fichier /etc/hosts.allow


20.6.3.2. Exemple de fichier /etc/hosts.deny


20.6.4. La journalisation


20.6.4.1. Connexion refusée


20.6.4.2. Connexion autorisée

20.7.1. A l'écoute des adresses IPv6

20.8.1. A l'écoute des adresses IPv6

23.1.1. Livres édités (en anglais)

23.1.1.1. Cisco


23.1.1.2. Généraux


23.1.2. Livres édités (en allemand)


23.1.3. Articles, livres électroniques, revues en ligne (mélangés)


23.1.5. Autres

23.2.1. 2002


23.2.2. 2003


23.3.2. Les dernières nouvelles


23.3.3. Les références aux protocoles

23.3.3.1. Les appels à commentaires (RFC) relatifs à IPv6


23.3.3.2. Les brouillons actuels des groupes de travail


23.3.3.3. Autres


23.3.4. Plus d'information


23.3.4.1. Relative à Linux


23.3.4.2. Relative à Linux, par distribution


23.3.4.3. Général


23.3.5. Par pays

23.3.5.1. Europe


23.3.5.2. Autriche


23.3.5.3. Australie


23.3.5.4. Brésil


23.3.5.5. Allemagne


23.3.5.6. France


23.3.5.7. Hongrie


23.3.5.8. Japon


23.3.5.9. Corée


23.3.5.10. Mexique


23.3.5.11. Pays-Bas


23.3.5.12. Portugal


23.3.5.13. Russie


23.3.5.14. Suisse


23.3.5.15. Royaume-Uni


23.3.6. Par systèmes d'exploitation

23.3.6.1. *BSD


23.3.6.2. Cisco IOS


23.3.6.3. Compaq


23.3.6.4. HPUX


23.3.6.5. IBM


23.3.6.6. Microsoft


23.3.6.7. Solaris


23.3.6.8. Sumitoma é


23.3.6.9. ZebOS


23.3.8. Les listes d'applications


23.3.8.1. Les outils d'analyse


23.3.8.2. Les produits IPv6

  • Serveur de courrier SPA 2.21 Inframail (Advantage Server Edition)

  • Inframail (Advantage Server Edition) 6.0

  • HTTrack Website Copier

  • CommView 5.0CommView

  • Posadis 0.50.6Posadis

  • pb at bieringer dot de \begin_layout Standard \begin_inset ERT -status collapsed +status open \begin_layout Plain Layout @@ -105,7 +114,22 @@ status collapsed \begin_layout Standard \begin_inset ERT -status collapsed +status open + +\begin_layout Plain Layout + +0.49.fr.3wip2015-08-18 PB +\end_layout + +\end_inset + + +\end_layout + +\begin_layout Standard +\begin_inset ERT +status open \begin_layout Plain Layout @@ -120,7 +144,7 @@ B \begin_layout Standard \begin_inset ERT -status collapsed +status open \begin_layout Plain Layout @@ -135,7 +159,7 @@ B \begin_layout Standard \begin_inset ERT -status collapsed +status open \begin_layout Plain Layout @@ -150,7 +174,7 @@ MB \begin_layout Standard \begin_inset ERT -status collapsed +status open \begin_layout Plain Layout @@ -165,7 +189,7 @@ B \begin_layout Standard \begin_inset ERT -status collapsed +status open \begin_layout Plain Layout @@ -180,7 +204,7 @@ B \begin_layout Standard \begin_inset ERT -status collapsed +status open \begin_layout Plain Layout @@ -416,12 +440,6 @@ La version La version actuelle est visible dès le début de ce document. \end_layout -\begin_layout Code - -CVS-Information: CVS-ID: $Id: Linux+IPv6-HOWTO.de.lyx,v 1.56 2006/11/08 22:45:26 - pbldp Exp $ -\end_layout - \begin_layout Standard En ce qui concerne les autres versions/traductions, voir également \begin_inset CommandInset href @@ -1242,7 +1260,6 @@ Dans les exemples génériques vous trouverez parfois ce qui suit: \end_layout \begin_layout Code - \end_layout @@ -1253,7 +1270,6 @@ Pour une utilisation réelle sur votre système, en ligne de commande ou dans \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -1271,7 +1287,6 @@ Les commandes exécutables en tant qu'utilisateur non-root commencent avec \end_layout \begin_layout Code - $ whoami \end_layout @@ -1281,7 +1296,6 @@ Les commandes exécutables en tant qu'utilisateur root commencent avec un \end_layout \begin_layout Code - # whoami \end_layout @@ -1498,72 +1512,58 @@ Le premier code réseau relatif à IPv6 a été ajouté au noyau Linux 2.1.8 en \end_layout \begin_layout Code - diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code - ¬ linux/include/linux/in6.h \end_layout \begin_layout Code - --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code - +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code - @@ -0,0 +1,99 @@ \end_layout \begin_layout Code - +/* \end_layout \begin_layout Code - + * Types and definitions for AF_INET6 \end_layout \begin_layout Code - + * Linux INET6 implementation \end_layout \begin_layout Code - + * + * Authors: \end_layout \begin_layout Code - + * Pedro Roque <******> \end_layout \begin_layout Code - + * \end_layout \begin_layout Code - + * Source: \end_layout \begin_layout Code - + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code - + * \end_layout @@ -1668,7 +1668,6 @@ Comme cela a été mentionné précédemment, les adresses IPv6 ont une longueur \end_layout \begin_layout Code - 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1684,7 +1683,6 @@ De tels nombres ne sont vraiment pas des adresses pouvant être mémorisées. \end_layout \begin_layout Code - 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1699,7 +1697,6 @@ Cette représentation est encore peu praticable (possibilité de confusion \end_layout \begin_layout Code - 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1710,7 +1707,6 @@ Une adresse utilisable (nous verrons les différents types d'adresse plus \end_layout \begin_layout Code - 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1720,12 +1716,10 @@ Dans un but de simplification, les zéros non significatifs de chaque bloc \end_layout \begin_layout Code - 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code - ¬ 3ffe:ffff:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1751,7 +1745,6 @@ Une séquence de blocs de 16 bits ne comprenant que des zéros peut être rempla \end_layout \begin_layout Code - 3ffe:ffff:100:f101:0:0:0:1 -> 3ffe:ffff:100:f101::1 \end_layout @@ -1762,7 +1755,6 @@ La plus importante réduction qui peut être observée est celle de l'adresse \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1785,12 +1777,10 @@ target "http://www.faqs.org/rfcs/rfc1924.html" \end_layout \begin_layout Code - # ipv6calc --addr_to_base85 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code - Itu&-ZQ82s>J%s99FJXT \end_layout @@ -2009,7 +1999,6 @@ loopback \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2018,7 +2007,6 @@ ou compressée: \end_layout \begin_layout Code - ::1 \end_layout @@ -2062,7 +2050,6 @@ any \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2071,7 +2058,6 @@ ou: \end_layout \begin_layout Code - :: \end_layout @@ -2109,7 +2095,6 @@ Ces adresses sont définies par un préfixe spécial d'une longueur de 96 (a.b.c \end_layout \begin_layout Code - 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2118,7 +2103,6 @@ ou en format compressé: \end_layout \begin_layout Code - ::ffff:a.b.c.d/96 \end_layout @@ -2127,7 +2111,6 @@ Par exemple, l'adresse IPv4 1.2.3.4 ressemble à ceci: \end_layout \begin_layout Code - ::ffff:1.2.3.4 \end_layout @@ -2156,7 +2139,6 @@ reference "tunneling-6to4" \end_layout \begin_layout Code - 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2165,7 +2147,6 @@ ou en format compressé: \end_layout \begin_layout Code - ::a.b.c.d/96 \end_layout @@ -2257,22 +2238,18 @@ x \end_layout \begin_layout Code - fe8x: <- actuellement le seul en usage. \end_layout \begin_layout Code - fe9x: \end_layout \begin_layout Code - feax: \end_layout \begin_layout Code - febx: \end_layout @@ -2314,22 +2291,18 @@ Il commence par: \end_layout \begin_layout Code - fecx: <- le plus couramment utilisé. \end_layout \begin_layout Code - fedx: \end_layout \begin_layout Code - feex: \end_layout \begin_layout Code - fefx: \end_layout @@ -2428,12 +2401,10 @@ x \end_layout \begin_layout Code - 2xxx: \end_layout \begin_layout Code - 3xxx: \end_layout @@ -2465,7 +2436,6 @@ Elles ont été les premières adresses globales à être définies et mises en \end_layout \begin_layout Code - 3ffe: \end_layout @@ -2474,7 +2444,6 @@ Exemple: \end_layout \begin_layout Code - 3ffe:ffff:100:f102::1 \end_layout @@ -2484,7 +2453,6 @@ Une adresse spéciale de test 6bone, qui ne sera jamais globalement unique, \end_layout \begin_layout Code - 3ffe:ffff: \end_layout @@ -2537,7 +2505,6 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code - 2002: \end_layout @@ -2546,7 +2513,6 @@ Par exemple, pour représenter 92.168.1.1/5: \end_layout \begin_layout Code - 2002:c0a8:0101:5::1 \end_layout @@ -2556,12 +2522,10 @@ Une petite ligne de commande peut vous aider à générer une telle adresse \end_layout \begin_layout Code - ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code - ¬ | tr "." " "` $sla \end_layout @@ -2595,7 +2559,6 @@ Ces adresses sont déléguées aux Fournisseurs d'Accès à Internet (FAI) et \end_layout \begin_layout Code - 2001: \end_layout @@ -2634,12 +2597,10 @@ tion: \end_layout \begin_layout Code - 3ffe:ffff::/32 \end_layout \begin_layout Code - 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2666,7 +2627,6 @@ Elles commencent par (xx est la valeur de la portée) \end_layout \begin_layout Code - ffxy: \end_layout @@ -2757,7 +2717,6 @@ Un exemple de cette adresse ressemble à ceci \end_layout \begin_layout Code - ff02::1:ff00:1234 \end_layout @@ -2817,7 +2776,6 @@ Un simple exemple d'une adresse anycast est celle d'un routeur de sous-réseau. \end_layout \begin_layout Code - 3ffe:ffff:100:f101:210:a4ff:fee3:9566/64 <- L'adresse du noeud \end_layout @@ -2827,7 +2785,6 @@ L'adresse anycast de routeur de sous-réseau sera créée en laissant totalement \end_layout \begin_layout Code - 3ffe:ffff:100:f101::/64 <- l'adresse anycast de routeur de sous-réseau \end_layout @@ -2877,7 +2834,6 @@ Considérons à nouveau le premier exemple: \end_layout \begin_layout Code - 3ffe:ffff:100:f101:210:a4ff:fee3:9566 \end_layout @@ -2887,7 +2843,6 @@ ici, \end_layout \begin_layout Code - 210:a4ff:fee3:9566 \end_layout @@ -2897,7 +2852,6 @@ est la partie hôte calculée à partir de l'adresse MAC de la NIC \end_layout \begin_layout Code - 00:10:A4:E3:95:66 \end_layout @@ -2982,7 +2936,6 @@ Pour les serveurs, il est probablement plus aisé de se rappeler d'adresses \end_layout \begin_layout Code - 3ffe:ffff:100:f101::1 \end_layout @@ -3088,7 +3041,6 @@ Un exemple: \end_layout \begin_layout Code - 3ffe:ffff:100:1:2:3:4:5/48 \end_layout @@ -3102,7 +3054,6 @@ le réseau: \end_layout \begin_layout Code - 3ffe:ffff:0100:0000:0000:0000:0000:0000 \end_layout @@ -3111,7 +3062,6 @@ le masque de réseau: \end_layout \begin_layout Code - ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3136,12 +3086,10 @@ Par exemple, si une table de routage affiche les entrées suivantes (la liste \end_layout \begin_layout Code - 3ffe:ffff:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code - 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3151,13 +3099,11 @@ Ci-dessous, les adresses de destination des paquets IPv6 dont le trafic \end_layout \begin_layout Code - 3ffe:ffff:100:1:2:3:4:5/48 -> trafic routé au travers du périphérique sit1 \end_layout \begin_layout Code - 3ffe:ffff:200:1:2:3:4:5/48 -> trafic routé au travers du périphérique tun6to4 \end_layout @@ -3229,7 +3175,6 @@ Afin de vérifier si oui ou non votre actuel noyau supporte IPv6, jetez un \end_layout \begin_layout Code - /proc/net/if_inet6 \end_layout @@ -3239,7 +3184,6 @@ Un bref test automatique ressemble à: \end_layout \begin_layout Code - # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3258,7 +3202,6 @@ Vous pouvez tenter de charger le module IPv6 en exécutant \end_layout \begin_layout Code - # modprobe ipv6 \end_layout @@ -3269,7 +3212,6 @@ Si c'est un succès, la présence de ce module sera testée comme par magie \end_layout \begin_layout Code - # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3300,7 +3242,6 @@ ules): \end_layout \begin_layout Code - alias net-pf-10 ipv6 # chargement automatique du module IPv6 à la demande \end_layout @@ -3310,7 +3251,6 @@ Il est aussi possible de mettre hors service le chargement automatique du \end_layout \begin_layout Code - alias net-pf-10 off # rend indisponible le chargement automatique du module IPv6 \end_layout @@ -3552,13 +3492,11 @@ Vérification magique: \end_layout \begin_layout Code - # /sbin/ifconfig -? 2>& 1 | grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code - ¬ IPv6-ready" \end_layout @@ -3568,7 +3506,6 @@ La même vérification peut être réalisée pour route: \end_layout \begin_layout Code - # /sbin/route -? 2>& 1 | grep -qw 'inet6' && echo "utility 'route' is IPv6-ready " \end_layout @@ -3589,7 +3526,6 @@ Alexey N. \end_layout \begin_layout Code - # /sbin/ip 2>&1 | grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3686,17 +3622,14 @@ Usage \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 [-I ] \end_layout @@ -3705,17 +3638,14 @@ Exemple \end_layout \begin_layout Code - # ping6 -c 1 ::1 \end_layout \begin_layout Code - PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3724,17 +3654,14 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - --- ::1 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code - round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3768,12 +3695,10 @@ En spécifiant uniquement une adresse lien-local à ping IPv6, le noyau ne \end_layout \begin_layout Code - # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - connect: Invalid argument \end_layout @@ -3782,22 +3707,18 @@ Dans ce cas vous devez en plus spécifier l'interface comme ci-dessous: \end_layout \begin_layout Code - # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code - PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3806,17 +3727,14 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code - ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3834,22 +3752,18 @@ all-node \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code - PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:012356 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code - 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3885,51 +3799,42 @@ iputils \end_layout \begin_layout Code - # traceroute6 www.6bone.net \end_layout \begin_layout Code - traceroute to 6bone.net (3ffe:b00:c18:1::10) from 3ffe:ffff:0000:f101::2, 30 \end_layout \begin_layout Code - ¬ hops max, 16 byte packets \end_layout \begin_layout Code - 1 localipv6gateway (3ffe:ffff:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code - 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code - 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code - 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code - 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code - 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3965,52 +3870,42 @@ iputils \end_layout \begin_layout Code - # tracepath6 www.6bone.net \end_layout \begin_layout Code - 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code - 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code - 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code - 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code - 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code - 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code - 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code - 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code - Resume: pmtu 1280 \end_layout @@ -4102,32 +3997,26 @@ Ping IPv6 vers \end_layout \begin_layout Code - # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on eth0 \end_layout \begin_layout Code - 3ffe:ffff:100:f101:2e0:18ff:fe90:9205 > 3ffe:ffff:100:f101::1: icmp6: echo \end_layout \begin_layout Code - ¬ request (len 64, hlim 64) \end_layout \begin_layout Code - 3ffe:ffff:100:f101::1 > 3ffe:ffff:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code - ¬ reply (len 64, hlim 64) \end_layout @@ -4145,52 +4034,42 @@ Ping IPv6 vers \end_layout \begin_layout Code - # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on ppp0 \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4266,7 +4145,6 @@ A cause des mises à jour de sécurité ces dernières années, tout serveur \end_layout \begin_layout Code - # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4275,14 +4153,12 @@ et cela devrait affiché quelque chose comme ce qui suit: \end_layout \begin_layout Code - www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code - tolot.join.uni-muenster.de. has AAAA address 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4297,30 +4173,25 @@ Des clients telnet prêts pour IPv6 sont disponibles. \end_layout \begin_layout Code - $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code - Trying 3ffe:400:100::1... \end_layout \begin_layout Code - Connected to 3ffe:400:100::1. \end_layout \begin_layout Code - Escape character is '^]'. \end_layout \begin_layout Code - HEAD / HTTP/1.0 \end_layout @@ -4329,47 +4200,38 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code - HTTP/1.1 200 OK \end_layout \begin_layout Code - Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code - GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code - Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code - ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code - Accept-Ranges: bytes \end_layout \begin_layout Code - Content-Length: 2637 \end_layout \begin_layout Code - Connection: close \end_layout \begin_layout Code - Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4378,7 +4240,6 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code - Connection closed by foreign host. \end_layout @@ -4432,17 +4293,14 @@ Les versions actuelles d'openssh sont prêtes pour IPv6. \end_layout \begin_layout Code - $ ssh -6 ::1 \end_layout \begin_layout Code - user@::1's password: ****** \end_layout \begin_layout Code - [user@ipv6host user]$ \end_layout @@ -4925,12 +4783,10 @@ Usage: \end_layout \begin_layout Code - # ip link set dev up \end_layout \begin_layout Code - # ip link set dev down \end_layout @@ -4943,12 +4799,10 @@ Exemple: \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout @@ -4962,12 +4816,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig up \end_layout \begin_layout Code - # /sbin/ifconfig down \end_layout @@ -4976,12 +4828,10 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 up \end_layout \begin_layout Code - # /sbin/ifconfig eth0 down \end_layout @@ -5021,7 +4871,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev \end_layout @@ -5030,27 +4879,22 @@ Exemple pour un hôte configuré statiquement: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: \end_layout @@ -5124,22 +4959,18 @@ Exemple (la sortie est filtrée avec grep pour n'afficher que les adresses \end_layout \begin_layout Code - # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code - inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code - inet6 addr: 3ffe:ffff:0:f101::1/64 Scope:Global \end_layout \begin_layout Code - inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5168,7 +4999,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr add / dev \end_layout @@ -5178,7 +5008,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ip -6 addr add 3ffe:ffff:0:f101::1/64 dev eth0 \end_layout @@ -5192,7 +5021,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 add / \end_layout @@ -5201,7 +5029,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 add 3ffe:ffff:0:f101::1/64 \end_layout @@ -5228,7 +5055,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr del / dev \end_layout @@ -5238,7 +5064,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ip -6 addr del 3ffe:ffff:0:f101::1/64 dev eth0 \end_layout @@ -5252,7 +5077,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 del / \end_layout @@ -5261,7 +5085,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 del 3ffe:ffff:0:f101::1/64 \end_layout @@ -5302,7 +5125,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route show [dev ] \end_layout @@ -5312,27 +5134,22 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code - 3ffe:ffff:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5346,7 +5163,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -5358,45 +5174,37 @@ Exemple (la sortie est filtrée sur l'interface eth0). \end_layout \begin_layout Code - # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code - 3ffe:ffff:0:f101 ::/64 :: UA 256 0 0 eth0 <- Route de l'interface de portée globale \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 eth0 <- Route de l'interface de portée lien-local \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 eth0 <- Route de l'interface destiné à tout le trafic multicast \end_layout \begin_layout Code - ¬ addresses \end_layout \begin_layout Code - ::/0 :: UDA 256 0 0 eth0 <- Route automatique par défaut \end_layout @@ -5419,12 +5227,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5437,7 +5243,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ip -6 route add 2000::/3 via 3ffe:ffff:0:f101::1 \end_layout @@ -5451,12 +5256,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5475,7 +5278,6 @@ Suivre l'exemple montré ajoute une route à toutes les adresses globales \end_layout \begin_layout Code - # /sbin/route -A inet6 add 2000::/3 gw 3ffe:ffff:0:f101::1 \end_layout @@ -5499,12 +5301,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5513,7 +5313,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ip -6 route del 2000::/3 via 3ffe:ffff:0:f101::1 \end_layout @@ -5527,7 +5326,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / [dev ] \end_layout @@ -5536,7 +5334,6 @@ Exemple pour de nouveau ôter la route précédemment ajoutée: \end_layout \begin_layout Code - # /sbin/route -A inet6 del 2000::/3 gw 3ffe:ffff:0:f101::1 \end_layout @@ -5558,12 +5355,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / dev \end_layout \begin_layout Code - ¬ metric 1 \end_layout @@ -5572,7 +5367,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ip -6 route add 2000::/3 dev eth0 metric 1 \end_layout @@ -5619,7 +5413,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / dev \end_layout @@ -5628,7 +5421,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/route -A inet6 add 2000::/3 dev eth0 \end_layout @@ -5650,7 +5442,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / dev \end_layout @@ -5659,7 +5450,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ip -6 route del 2000::/3 dev eth0 \end_layout @@ -5673,7 +5463,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / dev \end_layout @@ -5683,7 +5472,6 @@ Exemple: \end_layout \begin_layout Code - # /sbin/route -A inet6 del 2000::/3 dev eth0 \end_layout @@ -5723,17 +5511,14 @@ Les clients peuvent installer une route par défaut avec pour préfixe \end_layout \begin_layout Code - # ip -6 route show | grep ^default \end_layout \begin_layout Code - default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code - ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5841,7 +5626,6 @@ Avec la commande qui suit vous pouvez afficher les voisins IPv6 appris ou \end_layout \begin_layout Code - # ip -6 neigh show [dev ] \end_layout @@ -5850,12 +5634,10 @@ L'exemple suivant montre un voisin, qui est un routeur pouvant être atteint \end_layout \begin_layout Code - # ip -6 neigh show \end_layout \begin_layout Code - fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -5872,7 +5654,6 @@ La commande suivante vous permet d'ajouter manuellement une entrée \end_layout \begin_layout Code - # ip -6 neigh add lladdr dev \end_layout @@ -5882,7 +5663,6 @@ Exemple: \end_layout \begin_layout Code - # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5895,7 +5675,6 @@ De même qu'une entrée peut être ajoutée, une entrée peut être détruite: \end_layout \begin_layout Code - # ip -6 neigh del lladdr dev \end_layout @@ -5905,7 +5684,6 @@ Exemple: \end_layout \begin_layout Code - # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5927,28 +5705,23 @@ ip \end_layout \begin_layout Code - # ip -6 neigh help \end_layout \begin_layout Code - Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code - [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code - | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code - ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -6090,27 +5863,22 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code - | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code - | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code - | 0x2002 | | | | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6239,7 +6007,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -6248,17 +6015,14 @@ Exemple: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show \end_layout \begin_layout Code - sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code - sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6271,7 +6035,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -6281,7 +6044,6 @@ Exemple (la sortie est filtrée afin de ne laisser apparaître que les tunnels \end_layout \begin_layout Code - # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6290,27 +6052,22 @@ W*$" \end_layout \begin_layout Code - ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code - 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6378,12 +6135,10 @@ Usage en vue de créer un périphérique de tunnelage (mais il n'est pas monté \end_layout \begin_layout Code - # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -6392,22 +6147,18 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6416,22 +6167,18 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6440,22 +6187,18 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6477,7 +6220,6 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6486,17 +6228,14 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit1 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6505,17 +6244,14 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit2 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6524,17 +6260,14 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit3 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6563,7 +6296,6 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6572,32 +6304,26 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6626,7 +6352,6 @@ Pour ôter un périphérique de tunnelage: \end_layout \begin_layout Code - # /sbin/ip tunnel del \end_layout @@ -6635,17 +6360,14 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code - # /sbin/ip link set sit1 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit1 \end_layout @@ -6654,17 +6376,14 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code - # /sbin/ip link set sit2 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit2 \end_layout @@ -6673,17 +6392,14 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code - # /sbin/ip link set sit3 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit3 \end_layout @@ -6704,12 +6420,10 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code - # /sbin/ifconfig sit3 down \end_layout @@ -6718,12 +6432,10 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code - # /sbin/ifconfig sit2 down \end_layout @@ -6732,12 +6444,10 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code - # /sbin/ifconfig sit1 down \end_layout @@ -6746,7 +6456,6 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6768,32 +6477,26 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6802,7 +6505,6 @@ Usage (exemple générique pour trois tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6864,7 +6566,6 @@ En considérant que votre adresse IPv4 soit \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -6873,7 +6574,6 @@ le préfixe 6to4 généré sera \end_layout \begin_layout Code - 2002:0102:0304:: \end_layout @@ -6892,7 +6592,6 @@ Les passerelles locales 6to4 devraient (mais cela n'est pas une nécessité, \end_layout \begin_layout Code - 2002:0102:0304::1 \end_layout @@ -6901,7 +6600,6 @@ Utiliser par exemple ce qui suit pour une génération automatique: \end_layout \begin_layout Code - ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -6924,7 +6622,6 @@ Créez un nouveau périphérique tunnel \end_layout \begin_layout Code - # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout @@ -6934,7 +6631,6 @@ Montez l'interface \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 up \end_layout @@ -6944,7 +6640,6 @@ Ajouter une adresse 6to4 locale à l'interface (note: la longueur du préfixe, \end_layout \begin_layout Code - # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -6958,7 +6653,6 @@ all-6to4-routers \end_layout \begin_layout Code - # /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -6977,7 +6671,6 @@ ip \end_layout \begin_layout Code - # /sbin/ip -6 route add 2000::/3 via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -7004,7 +6697,6 @@ Monter l'interface de tunnelage générique sit0 \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -7013,7 +6705,6 @@ Ajouter une adresse 6to4 locale à une interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 add /16 \end_layout @@ -7027,7 +6718,6 @@ all-6to4-relays \end_layout \begin_layout Code - # /sbin/route -A inet6 add 2000::/3 gw ::192.88.99.1 dev sit0 \end_layout @@ -7044,7 +6734,6 @@ Utiliser "ip" et un périphérique de tunnelage dédié \end_layout \begin_layout Code - # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -7053,7 +6742,6 @@ Démonter l'interface \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 down \end_layout @@ -7062,7 +6750,6 @@ Démonter l'interface \end_layout \begin_layout Code - # /sbin/ip tunnel del tun6to4 \end_layout @@ -7099,7 +6786,6 @@ sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del 2000::/3 gw ::192.88.99.1 dev sit0 \end_layout @@ -7108,7 +6794,6 @@ sit0 \end_layout \begin_layout Code - # /sbin/ifconfig sit0 del /16 \end_layout @@ -7118,7 +6803,6 @@ Démontage d'un périphérique de tunnelage générique (prenez garde, peut-êtr \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7214,7 +6898,6 @@ Le système de fichiers /proc doit être rendu disponible dans le noyau, ce \end_layout \begin_layout Code - CONFIG_PROC_FS=y \end_layout @@ -7224,12 +6907,10 @@ Le système de fichiers /proc doit être auparavant monté, ce qui peut être \end_layout \begin_layout Code - # mount | grep "type proc" \end_layout \begin_layout Code - none on /proc type proc (rw) \end_layout @@ -7252,12 +6933,10 @@ La valeur de l'entrée peut être récupérée en utilisant "cat": \end_layout \begin_layout Code - # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code - 0 \end_layout @@ -7271,7 +6950,6 @@ Une nouvelle valeur peut être fixée (si l'entrée est en écriture) en utilisa \end_layout \begin_layout Code - # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -7321,7 +6999,6 @@ L'interface sysctl doit être disponible dans le noyau, ce qui signifie qu'à \end_layout \begin_layout Code - CONFIG_SYSCTL=y \end_layout @@ -7334,12 +7011,10 @@ La valeur de l'entrée peut maintenant être récupérée: \end_layout \begin_layout Code - # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7352,12 +7027,10 @@ Une nouvelle valeur peut être fixée (si l'entrée est en écriture): \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7369,12 +7042,10 @@ Note: n'utilisez pas d'espaces autour du signe "=" lorsque vous fixez les \end_layout \begin_layout Code - # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code - net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -7865,7 +7536,6 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code - ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), seq=426, pid=0 \end_layout @@ -8341,27 +8011,22 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code - # cat /proc/net/if_inet6 \end_layout \begin_layout Code - 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code - +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code - | | | | | | \end_layout \begin_layout Code - 1 2 3 4 5 6 \end_layout @@ -8439,27 +8104,22 @@ net/ipv6/route.c \end_layout \begin_layout Code - # cat /proc/net/ipv6_route \end_layout \begin_layout Code - 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code - +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code - | | | | \end_layout \begin_layout Code - 1 2 3 4 \end_layout @@ -8468,22 +8128,18 @@ net/ipv6/route.c \end_layout \begin_layout Code - ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code - ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code - ¬ | | | | | | \end_layout \begin_layout Code - ¬ 5 6 7 8 9 10 \end_layout @@ -8544,27 +8200,22 @@ Statistiques à propos de l'utilisation des sockets IPv6. \end_layout \begin_layout Code - # cat /proc/net/sockstat6 \end_layout \begin_layout Code - TCP6: inuse 7 \end_layout \begin_layout Code - UDP6: inuse 2 \end_layout \begin_layout Code - RAW6: inuse 1 \end_layout \begin_layout Code - FRAG6: inuse 0 memory 0 \end_layout @@ -8701,375 +8352,307 @@ Exemple: \end_layout \begin_layout Code - # netstat -nlptu \end_layout \begin_layout Code - Active Internet connections (only servers) \end_layout \begin_layout Code - Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code - ¬ PID/Program name \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 22433/lpd Waiting \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1746/smbd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 3551/X \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18735/junkbuster \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code - ¬ 1410/sshd \end_layout \begin_layout Code - tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code - ¬ 13237/sshd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - udp 0 0 :::53 :::* \end_layout \begin_layout Code - ¬ 30734/named \end_layout @@ -9101,32 +8684,26 @@ Une annonce de routeur \end_layout \begin_layout Code - 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code - ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code - ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code - ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code - ¬ preffered_ltime=604800, prefix=3ffe:ffff:0:1::/64)(src lladdr: \end_layout \begin_layout Code - ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -9184,12 +8761,10 @@ Une sollicitation de routeur \end_layout \begin_layout Code - 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code - ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -9268,12 +8843,10 @@ fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -9291,18 +8864,15 @@ Le noeud veut configurer son adresse globale \end_layout \begin_layout Code - 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9320,18 +8890,15 @@ Le noeud veut configurer son adresse globale \end_layout \begin_layout Code - 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 3ffe:ffff:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code - ¬ 255) \end_layout @@ -9354,18 +8921,15 @@ Un noeud veut émettre des paquets à \end_layout \begin_layout Code - 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code - ¬ neighbor sol: who has 3ffe:ffff:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9382,12 +8946,10 @@ fe80::10 \end_layout \begin_layout Code - 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code - ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -9502,7 +9064,6 @@ Vous pouvez tester si votre distribution Linux contient le support pour \end_layout \begin_layout Code - /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -9511,13 +9072,11 @@ Un test magique: \end_layout \begin_layout Code - # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code - ¬ IPv6 script library exists" \end_layout @@ -9529,17 +9088,14 @@ La version de la bibliothèque est importante s'il vous manque certaines \end_layout \begin_layout Code - # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code - ¬ getversion_ipv6_functions \end_layout \begin_layout Code - 20011124 \end_layout @@ -9579,12 +9135,10 @@ Vérifiez si votre système a déjà le module IPv6 chargé \end_layout \begin_layout Code - # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code - alias net-pf-10 off \end_layout @@ -9602,7 +9156,6 @@ rk, ajoutez la nouvelle ligne \end_layout \begin_layout Code - NETWORKING_IPV6=yes \end_layout @@ -9611,7 +9164,6 @@ Redémarrez la machine, ou simplement le réseau par \end_layout \begin_layout Code - # service network restart \end_layout @@ -9620,12 +9172,10 @@ Maintenant le module IPv6 devrait être chargé \end_layout \begin_layout Code - # modprobe -c | grep ipv6 \end_layout \begin_layout Code - alias net-pf-10 ipv6 \end_layout @@ -9686,7 +9236,6 @@ Editez le fichier /etc/sysconfig/network/ifcfg- et fixez \end_layout \begin_layout Code - IP6ADDR="/" \end_layout @@ -9712,7 +9261,6 @@ Editez le fichier /etc/sysconfig/network/ifcfg- et fixez \end_layout \begin_layout Code - IPADDR="/" \end_layout @@ -9762,53 +9310,43 @@ Configurez votre interface. \end_layout \begin_layout Code - iface eth0 inet6 static \end_layout \begin_layout Code - pre-up modprobe ipv6 \end_layout \begin_layout Code - address 3ffe:ffff:1234:5::1:1 \end_layout \begin_layout Code - # Pour rendre complètement indisponible l'auto-configuration: \end_layout \begin_layout Code - # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code - netmask 64 \end_layout \begin_layout Code - # Le routeur est auto-configuré, et n'a pas d'adresse fixe. \end_layout \begin_layout Code - # Il est déterminé comme par magie \end_layout \begin_layout Code - # (/proc/sys/net/ipv6/conf/all/accept_ra). Sinon: \end_layout \begin_layout Code - # gateway 3ffe:ffff:1234:5::1 \end_layout @@ -9817,7 +9355,6 @@ Puis vous rebootez, ou alors vous faites juste \end_layout \begin_layout Code - # ifup --force eth0 \end_layout @@ -9883,22 +9420,18 @@ Exemple: \end_layout \begin_layout Code - # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code - inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code - valid_lft forever preferred_lft forever \end_layout @@ -10486,7 +10019,6 @@ Déplacez-vous dans le répertoire des sources: \end_layout \begin_layout Code - # cd /chemin/vers/les/sources \end_layout @@ -10495,12 +10027,10 @@ Décompactez et renommez les sources du noyau \end_layout \begin_layout Code - # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code - # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -10509,7 +10039,6 @@ Décompactez les sources d'iptables \end_layout \begin_layout Code - # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -10522,7 +10051,6 @@ Déplacez-vous dans le répertoire iptables \end_layout \begin_layout Code - # cd iptables-version \end_layout @@ -10531,7 +10059,6 @@ Appliquez les patchs en attente \end_layout \begin_layout Code - # make pending-patches KERNEL_DIR=/chemin/vers/les/sources/linux-version-iptable s-version+IPv6/ \end_layout @@ -10542,7 +10069,6 @@ Appliquez les patchs additionnels relatifs à IPv6 (pas encore inclus dans \end_layout \begin_layout Code - # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10581,12 +10107,10 @@ Vérifier la présence des extensions IPv6 \end_layout \begin_layout Code - # make print-extensions \end_layout \begin_layout Code - Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -10599,7 +10123,6 @@ Déplacez-vous dans les sources du noyau \end_layout \begin_layout Code - # cd /chemin/vers/les/sources/linux-version-iptables-version/ \end_layout @@ -10608,12 +10131,10 @@ Editez Makefile \end_layout \begin_layout Code - - EXTRAVERSION = \end_layout \begin_layout Code - + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -10622,99 +10143,80 @@ Lancez configure, avec IPv6 de disponible \end_layout \begin_layout Code - Code maturity level options \end_layout \begin_layout Code - Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code - Networking options \end_layout \begin_layout Code - Network packet filtering: yes \end_layout \begin_layout Code - The IPv6 protocol: module \end_layout \begin_layout Code - IPv6: Netfilter Configuration \end_layout \begin_layout Code - IP6 tables support: module \end_layout \begin_layout Code - All new options like following: \end_layout \begin_layout Code - limit match support: module \end_layout \begin_layout Code - MAC address match support: module \end_layout \begin_layout Code - Multiple port match support: module \end_layout \begin_layout Code - Owner match support: module \end_layout \begin_layout Code - netfilter MARK match support: module \end_layout \begin_layout Code - Aggregated address check: module \end_layout \begin_layout Code - Packet filtering: module \end_layout \begin_layout Code - REJECT target support: module \end_layout \begin_layout Code - LOG target support: module \end_layout \begin_layout Code - Packet mangling: module \end_layout \begin_layout Code - MARK target support: module \end_layout @@ -10740,7 +10242,6 @@ Renommez l'ancien répertoire \end_layout \begin_layout Code - # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -10749,7 +10250,6 @@ Créez un nouveau lien symbolique \end_layout \begin_layout Code - # ln -s /chemin/vers/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -10758,7 +10258,6 @@ Reconstruisez le SRPM \end_layout \begin_layout Code - # rpm --rebuild /chemin/vers/SRPM/iptables-version-release.src.rpm \end_layout @@ -10772,7 +10271,6 @@ Sur les systèmes RH 7.1, normalement, une ancienne version est installée, \end_layout \begin_layout Code - # rpm -Fhv /chemin/vers/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10781,7 +10279,6 @@ Si elle n'était pas installée, utiliser "install" \end_layout \begin_layout Code - # rpm -ihv /chemin/vers/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10792,7 +10289,6 @@ nt les pré-requis ne correspondent pas. \end_layout \begin_layout Code - # rpm -ihv --nodeps /chemin/vers/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10803,7 +10299,6 @@ Il sera peut-être nécessaire de créer un lien symbolique vers le lieu où \end_layout \begin_layout Code - # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -10820,7 +10315,6 @@ Chargez le module, s'il est compilé \end_layout \begin_layout Code - # modprobe ip6_tables \end_layout @@ -10829,12 +10323,10 @@ Vérifiez si le noyau courant prend en charge iptables \end_layout \begin_layout Code - # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code - ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -10851,7 +10343,6 @@ de façon abrégée \end_layout \begin_layout Code - # ip6tables -L \end_layout @@ -10860,7 +10351,6 @@ de façon détaillée \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L \end_layout @@ -10869,7 +10359,6 @@ Lister un filtre spécifique \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -10878,12 +10367,10 @@ Insérer une règle de journal au filtre entrant, avec des options \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code - ¬ --log-level 7 \end_layout @@ -10896,7 +10383,6 @@ drop rule \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -10905,7 +10391,6 @@ Détruire une règle par son numéro \end_layout \begin_layout Code - # ip6tables --table filter --delete INPUT 1 \end_layout @@ -10923,7 +10408,6 @@ Accepter le trafic ICMPv6 entrant dans les tunnels \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -10932,7 +10416,6 @@ Autoriser le trafic ICMPv6 sortant des tunnels \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -10941,7 +10424,6 @@ Les nouveaux noyaux permettent de spécifier les types ICMPv6: \end_layout \begin_layout Code - # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -10960,12 +10442,10 @@ Il peut arriver (l'auteur l'a déjà vu) qu'un engorgement ICMPv6 se produise, \end_layout \begin_layout Code - # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code - ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -10983,12 +10463,10 @@ Autoriser le trafic entrant SSH provenant de 3ffe:ffff:100::1/128 \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p tcp -s 3ffe:ffff:100::1/128 --sport 512:65535 \end_layout \begin_layout Code - ¬ --dport 22 -j ACCEPT \end_layout @@ -10998,12 +10476,10 @@ Autoriser les paquets réponse (pour le moment, la traque du trafic IPv6 \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p tcp -d 3ffe:ffff:100::1/128 --dport 512:65535 \end_layout \begin_layout Code - ¬ --sport 22 ! --syn j ACCEPT \end_layout @@ -11025,7 +10501,6 @@ Accepter le trafic entrant IPv6-in-IPv4 sur l'interface ppp0 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11034,7 +10509,6 @@ Permettre au trafic IPv6-in-IPv4 de sortir par l'interface ppp0 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11049,7 +10523,6 @@ Accepter le trafic entrant IPv6-in-IPv4 sur l'interface ppp0 et provenant \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -s 1.2.3.4 -j ACCEPT \end_layout @@ -11059,7 +10532,6 @@ Autoriser le trafic sortant IPv6-in-IPv4 vers l'interface ppp0 pour l'extrémit \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -d 1.2.3.4 -j ACCEPT \end_layout @@ -11082,7 +10554,6 @@ Bloquer les requêtes de connexion entrante TCP vers cet hôte \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -11092,7 +10563,6 @@ Bloquer les requêtes de connexion entrante TCP allant vers les hôtes placés \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -11125,7 +10595,6 @@ Bloquer les paquets entrants UDP qui ne peuvent être des réponses de requêtes \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11135,7 +10604,6 @@ Bloquer les paquets entrants UDP qui ne peuvent être des réponses de requêtes \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11149,578 +10617,472 @@ Les lignes qui suivent montrent en exemple une installation plus sophistiquée. \end_layout \begin_layout Code - # ip6tables -n -v -L \end_layout \begin_layout Code - Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain ext2int (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 3ffe:ffff:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 3ffe:ffff:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain int2ext (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -11836,12 +11198,10 @@ etc \end_layout \begin_layout Code - # nc6 ::1 daytime \end_layout \begin_layout Code - 13 JUL 2002 11:22:22 CEST \end_layout @@ -11863,53 +11223,43 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code - # nmap -6 -sT ::1 \end_layout \begin_layout Code - Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code - Interesting ports on localhost6 (::1): \end_layout \begin_layout Code - (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code - Port State Service \end_layout \begin_layout Code - 22/tcp open ssh \end_layout \begin_layout Code - 53/tcp open domain \end_layout \begin_layout Code - 515/tcp open printer \end_layout \begin_layout Code - 2401/tcp open cvspserver \end_layout \begin_layout Code - Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -11932,32 +11282,26 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code - ::1 2401 unassigned unknown \end_layout \begin_layout Code - ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code - ::1 515 printer spooler (lpd) \end_layout \begin_layout Code - ::1 6010 unassigned unknown \end_layout \begin_layout Code - ::1 53 domain Domain Name Server \end_layout @@ -12279,27 +11623,22 @@ Exemple d'une connexion encryptée de boute-en-bout en mode transport \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -12312,37 +11651,30 @@ Exemple d'une connexion encryptée de boute-en-bout en mode tunnel \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -12405,22 +11737,18 @@ Fichier: /etc/racoon/racoon.conf \end_layout \begin_layout Code - # Fichier de configuration du démon IKE racoon. \end_layout \begin_layout Code - # Voir 'man racoon.conf' pour une description du format et des entrées. \end_layout \begin_layout Code - path include "/etc/racoon"; \end_layout \begin_layout Code - path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -12429,87 +11757,70 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code - listen \end_layout \begin_layout Code - { \end_layout \begin_layout Code - isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - \end_layout \begin_layout Code - remote 2001:db8:2:2::2 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exchange_mode main; \end_layout \begin_layout Code - lifetime time 24 hour; \end_layout \begin_layout Code - proposal \end_layout \begin_layout Code - { \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - hash_algorithm md5; \end_layout \begin_layout Code - authentication_method pre_shared_key; \end_layout \begin_layout Code - dh_group 2; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -12518,42 +11829,34 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code - # De passerelle-à-passerelle \end_layout \begin_layout Code - sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -12562,37 +11865,30 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -12605,12 +11901,10 @@ Fichier: /etc/racoon/psk.txt \end_layout \begin_layout Code - # Fichier des clés pré-partagées utilisées pour l'authentification IKE \end_layout \begin_layout Code - # Le format est: 'identificateur' 'clé' \end_layout @@ -12619,7 +11913,6 @@ Fichier: /etc/racoon/psk.txt \end_layout \begin_layout Code - 2001:db8:2:2::2 absolumentsecret \end_layout @@ -12659,99 +11952,80 @@ Security Association \end_layout \begin_layout Code - # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code - Foreground mode. \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net ) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code - ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code - ¬ queued due to no phase1 found. \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code - ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -12770,12 +12044,10 @@ tcpdump \end_layout \begin_layout Code - 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code - 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -12800,117 +12072,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code - A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code - A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -13004,22 +12253,18 @@ Fichier: /etc/ipsec.conf \end_layout \begin_layout Code - # /etc/ipsec.conf - Fichier de configuration d'IPsec Openswan \end_layout \begin_layout Code - # \end_layout \begin_layout Code - # Manuel: ipsec.conf.5 \end_layout \begin_layout Code - version 2.0 # conforme à la seconde version de la spécification d'ipsec.conf \end_layout @@ -13028,28 +12273,23 @@ version 2.0 # conforme à la seconde version de la spécification d'ipsec.co \end_layout \begin_layout Code - # configuration de base \end_layout \begin_layout Code - config setup \end_layout \begin_layout Code - # Contrôles du déboguage / journalisation : "none" pour (presque) rien, "all" pour beaucoup. \end_layout \begin_layout Code - # klipsdebug=none \end_layout \begin_layout Code - # plutodebug="control parsing" \end_layout @@ -13058,12 +12298,10 @@ config setup \end_layout \begin_layout Code - #Rendre indisponible l'encryptage opportuniste \end_layout \begin_layout Code - include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -13072,67 +12310,54 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code - conn ipv6-p1-p2 \end_layout \begin_layout Code - connaddrfamily=ipv6 # Important pour IPv6! \end_layout \begin_layout Code - left=2001:db8:1:1::1 \end_layout \begin_layout Code - right=2001:db8:2:2::2 \end_layout \begin_layout Code - authby=secret \end_layout \begin_layout Code - esp=aes128-sha1 \end_layout \begin_layout Code - ike=aes128-sha-modp1024 \end_layout \begin_layout Code - type=transport \end_layout \begin_layout Code - #type=tunnel \end_layout \begin_layout Code - compress=no \end_layout \begin_layout Code - #compress=yes \end_layout \begin_layout Code - auto=add \end_layout \begin_layout Code - #auto=start \end_layout @@ -13149,7 +12374,6 @@ Fichier: /etc/ipsec.secrets \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "absolumentsecret" \end_layout @@ -13172,7 +12396,6 @@ on doit exister permettant le démarrage d'IPsec, lancez simplement (sur \end_layout \begin_layout Code - # /etc/rc.d/init.d/ipsec start \end_layout @@ -13190,42 +12413,34 @@ IPsec SA established \end_layout \begin_layout Code - # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code - 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code - 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code - 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code - 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code - ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -13243,117 +12458,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code - A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code - A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -13375,12 +12567,10 @@ ip \end_layout \begin_layout Code - # ip xfrm policy \end_layout \begin_layout Code - ... \end_layout @@ -13389,12 +12579,10 @@ ip \end_layout \begin_layout Code - # ip xfrm state \end_layout \begin_layout Code - ... \end_layout @@ -13510,22 +12698,18 @@ Pour rendre disponible à named l'écoute IPv6, les options suivantes demandent \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # certainement que d'autres options sont aussi ici \end_layout \begin_layout Code - listen-on-v6 { any; }; \end_layout \begin_layout Code - }; \end_layout @@ -13534,59 +12718,48 @@ Il doit en résulter après redémarrage \end_layout \begin_layout Code - # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code - ¬ # incoming TCP requests \end_layout \begin_layout Code - udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code - udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP request to any IPv6 \end_layout @@ -13595,7 +12768,6 @@ Un test simple ressemble à \end_layout \begin_layout Code - # dig localhost @::1 \end_layout @@ -13613,22 +12785,18 @@ Pour rendre indisponible l'écoute IPv6, l'option suivante demande à être \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # certainement que d'autres options sont aussi ici \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - }; \end_layout @@ -13642,67 +12810,54 @@ Les ACL IPv6 sont disponibles et devraient être utilisées dès que possible. \end_layout \begin_layout Code - acl internal-net { \end_layout \begin_layout Code - 127.0.0.1; \end_layout \begin_layout Code - 1.2.3.0/24; \end_layout \begin_layout Code - 3ffe:ffff:100::/56; \end_layout \begin_layout Code - ::1/128; \end_layout \begin_layout Code - ::ffff:1.2.3.4/128; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - acl ns-internal-net { \end_layout \begin_layout Code - 1.2.3.4; \end_layout \begin_layout Code - 1.2.3.5; \end_layout \begin_layout Code - 3ffe:ffff:100::4/128; \end_layout \begin_layout Code - 3ffe:ffff:100::5/128; \end_layout \begin_layout Code - }; \end_layout @@ -13714,32 +12869,26 @@ Ces ACL peuvent être utilisées par exemple pour les requêtes des clients \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # certainement que d'autres options sont aussi ici \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - allow-query { internal-net; }; \end_layout \begin_layout Code - allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code - }; \end_layout @@ -13765,7 +12914,6 @@ Cette option n'est pas requise, mais peut être nécessaire: \end_layout \begin_layout Code - query-source-v6 address port ; \end_layout @@ -13787,7 +12935,6 @@ L'adresse de la source de transfert est utilisée pour aller chercher les \end_layout \begin_layout Code - transfer-source-v6 [port port]; \end_layout @@ -13801,7 +12948,6 @@ L'adresse de la source à notifier est utilisée pour les messages de notificati \end_layout \begin_layout Code - notify-source-v6 [port port]; \end_layout @@ -13969,27 +13115,22 @@ En spécifiant un serveur pour les requêtes, une connexion IPv6 peut être \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 3ffe:ffff:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 3ffe:ffff:200:f101::1 \end_layout \begin_layout Code - Address: 3ffe:ffff:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -13998,7 +13139,6 @@ Aliases: \end_layout \begin_layout Code - Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -14008,17 +13148,14 @@ L'entrée relative dans le journal ressemble à ce qui suit: \end_layout \begin_layout Code - Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code - ¬ 3ffe:ffff:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code - query denied \end_layout @@ -14037,27 +13174,22 @@ Une connexion IPv6 réussie ressemble à ce qui suit: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 3ffe:ffff:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 3ffe:ffff:200:f101::1 \end_layout \begin_layout Code - Address: 3ffe:ffff:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -14066,14 +13198,12 @@ Aliases: \end_layout \begin_layout Code - www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code - 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -14121,52 +13251,42 @@ Si vous rendez disponible un service fourni avec xinetd, comme par exemple \end_layout \begin_layout Code - # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code - --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code - +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code - @@ -10,5 +10,5 @@ \end_layout \begin_layout Code - protocol = tcp \end_layout \begin_layout Code - user = root \end_layout \begin_layout Code - wait = no \end_layout \begin_layout Code - - disable = yes \end_layout \begin_layout Code - + disable = no \end_layout \begin_layout Code - } \end_layout @@ -14176,27 +13296,22 @@ vous devriez recevoir, après le redémarrage de xinetd, une réponse positive \end_layout \begin_layout Code - # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code - ¬ daytime/tcp \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -14254,27 +13369,22 @@ Un hôte virtuel écoute sur une adresse IPv6 uniquement \end_layout \begin_layout Code - Listen [3ffe:ffff:100::1]:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6seul.votredomaine.votretld \end_layout \begin_layout Code - # certainement des lignes de configuration en plus... \end_layout \begin_layout Code - \end_layout @@ -14283,32 +13393,26 @@ Un hôte virtuel écoute sur une adresse IPv6 et sur une adresse IPv4 \end_layout \begin_layout Code - Listen [3ffe:ffff:100::2]:80 \end_layout \begin_layout Code - Listen 1.2.3.4:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6etipv4.votredomaine.votretld \end_layout \begin_layout Code - # certainement des lignes de configuration en plus... \end_layout \begin_layout Code - \end_layout @@ -14317,24 +13421,20 @@ Il devrait en résulter après redémarrage \end_layout \begin_layout Code - # netstat -lnptu | grep "httpd2 \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 3ffe:ffff:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 3ffe:ffff:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -14441,52 +13541,42 @@ Le fichier de configuration de radvd est généralement /etc/radvd.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 3ffe:ffff:0100:f101::/64 { \end_layout \begin_layout Code - AdvOnLink on; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -14495,28 +13585,23 @@ Ce qui a pour résultat côté client \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 3ffe:ffff:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -14550,67 +13635,54 @@ dial-on-demand \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code - AdvOnLink off; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - Base6to4Interface ppp0; \end_layout \begin_layout Code - AdvPreferredLifetime 20; \end_layout \begin_layout Code - AdvValidLifetime 30; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -14620,28 +13692,23 @@ Il en résulte pour le client situé à l'intérieur (en considérant que ppp0 \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -14659,7 +13726,6 @@ Note additionnelle: si vous n'utilisez pas de support spécifique 6to4 dans \end_layout \begin_layout Code - # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -14691,107 +13757,86 @@ radvdump \end_layout \begin_layout Code - # radvdump \end_layout \begin_layout Code - Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code - AdvCurHopLimit: 64 \end_layout \begin_layout Code - AdvManagedFlag: off \end_layout \begin_layout Code - AdvOtherConfigFlag: off \end_layout \begin_layout Code - AdvHomeAgentFlag: off \end_layout \begin_layout Code - AdvReachableTime: 0 \end_layout \begin_layout Code - AdvRetransTimer: 0 \end_layout \begin_layout Code - Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 30 \end_layout \begin_layout Code - AdvPreferredLifetime: 20 \end_layout \begin_layout Code - AdvOnLink: off \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - Prefix 3ffe:ffff:100:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 2592000 \end_layout \begin_layout Code - AdvPreferredLifetime: 604800 \end_layout \begin_layout Code - AdvOnLink: on \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -14844,67 +13889,54 @@ Le fichier de configuration de dhcp6s est normalement /etc/dhcp6s.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - server-preference 255; \end_layout \begin_layout Code - renew-time 60; \end_layout \begin_layout Code - rebind-time 90; \end_layout \begin_layout Code - prefer-life-time 130; \end_layout \begin_layout Code - valid-life-time 200; \end_layout \begin_layout Code - allow rapid-commit; \end_layout \begin_layout Code - option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code - link AAA { \end_layout \begin_layout Code - range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code - prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -14922,22 +13954,18 @@ Le fichier de configuration de dhcp6c est normalement /etc/dhcp6c.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - send rapid-commit; \end_layout \begin_layout Code - request domain-name-servers; \end_layout \begin_layout Code - }; \end_layout @@ -14954,7 +13982,6 @@ Démarrage du serveur, \end_layout \begin_layout Code - # service dhcp6s start \end_layout @@ -14967,7 +13994,6 @@ Démarrage du client en premier plan, \end_layout \begin_layout Code - # dhcp6c -f eth0 \end_layout @@ -14986,7 +14012,6 @@ Le serveur a un drapeau pour passer en premier plan et deux pour le déboguage \end_layout \begin_layout Code - # dhcp6c -d -D -f eth0 \end_layout @@ -15000,58 +14025,47 @@ Le client a un drapeau pour passer en premier plan et deux pour le déboguage. \end_layout \begin_layout Code - # dhcp6c -d -f eth0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len isnot in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code - Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -15119,7 +14133,6 @@ eny. \end_layout \begin_layout Code - $ man hosts.allow \end_layout @@ -15136,13 +14149,11 @@ i.e., \end_layout \begin_layout Code - sshd: 1.2.3. [3ffe:ffff:100:200::]/64 \end_layout \begin_layout Code - daytime-stream: 1.2.3. [3ffe:ffff:100:200::]/64 \end_layout @@ -15166,7 +14177,6 @@ Ce fichier contient toutes les entrées de filtre négative et devrait dénier \end_layout \begin_layout Code - ALL: ALL \end_layout @@ -15183,12 +14193,10 @@ a logwatch \end_layout \begin_layout Code - ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code - | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -15215,22 +14223,18 @@ via \end_layout \begin_layout Code - Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - from=3ffe:ffff:100:200::212:34ff:fe12:3456 \end_layout @@ -15244,27 +14248,22 @@ IPv4 à sshd en double écoute produit des lignes telles que celles de l'exemple \end_layout \begin_layout Code - Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code - Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code - from 3ffe:ffff:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code - ¬ (3ffe:ffff:100:200::212:34ff:fe12:3456) \end_layout @@ -15282,22 +14281,18 @@ via \end_layout \begin_layout Code - Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - from=3ffe:ffff:100:200::212:34ff:fe12:3456 \end_layout @@ -15311,22 +14306,18 @@ via \end_layout \begin_layout Code - Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ port 33381 ssh2 \end_layout \begin_layout Code - Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code - from 3ffe:ffff:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -15358,7 +14349,6 @@ listen \end_layout \begin_layout Code - listen_ipv6=yes \end_layout @@ -15387,27 +14377,22 @@ Editer le fichier de configuration, couramment /etc/proftpd.conf, mais prenez \end_layout \begin_layout Code - \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Bind 2001:0DB8::1 \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - \end_layout @@ -18499,19 +17484,8 @@ target "http://www.ipinfusion.com/products/server/products_server.html" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "Serveur de courrier SPA 2.21 " -target "http://download.com.com/3000-2165-10153543.html?tag=lst-0-21" - -\end_inset - - -\end_layout - -\begin_layout Itemize -\begin_inset CommandInset href -LatexCommand href -name "Inframail (Advantage Server Edition) 6.0 " -target "http://download.com.com/3000-2165-8202652.html?tag=lst-0-2" +name "Inframail (Advantage Server Edition)" +target "http://download.cnet.com/Inframail-Advantage-Server-Edition/3000-10248_4-8202652.html" \end_inset @@ -18522,7 +17496,7 @@ target "http://download.com.com/3000-2165-8202652.html?tag=lst-0-2" \begin_inset CommandInset href LatexCommand href name "HTTrack Website Copier" -target "http://download.com.com/3000-2377-10149393.html?tag=lst-0-1" +target "http://download.cnet.com/HTTrack-Website-Copier/3000-2377_4-10149393.html" \end_inset @@ -18532,8 +17506,8 @@ target "http://download.com.com/3000-2377-10149393.html?tag=lst-0-1" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "CommView 5.0" -target "http://download.com.com/3000-2085-10132748.html?tag=lst-0-1" +name "CommView" +target "http://download.cnet.com/CommView/3000-2085_4-10132748.html" \end_inset @@ -18543,8 +17517,8 @@ target "http://download.com.com/3000-2085-10132748.html?tag=lst-0-1" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "Posadis 0.50.6" -target "http://download.com.com/3000-2104-10149750.html?tag=lst-0-1" +name "Posadis" +target "http://download.cnet.com/Posadis/3000-2155_4-10149750.html" \end_inset @@ -19687,7 +18661,7 @@ Les listes de diffusion essentielles sont listées dans le tableau suivant: \begin_layout Standard \begin_inset Tabular - + diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.pdf index 33238d0d..b6075cac 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.sgml index a0085831..1a52efe4 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.sgml @@ -7,13 +7,14 @@ ]> - Linux IPv6 HOWTO (fr) PeterBieringer
    pb at bieringer dot de
    +0.49.fr.3wip2015-08-18 PB 0.49.fr.22007-10-06 PB 0.49.fr.12006-02-26 MB 0.48.1.fr.12005-01-20 MB @@ -54,9 +55,8 @@ La version, l'historique et ce qu'il reste à faire La version -La version actuelle est visible dès le début de ce document. -En ce qui concerne les autres versions/traductions, voir égalementhttp://www.bieringer.de/linux/IPv6/. +La version actuelle est visible dès le début de ce document. +En ce qui concerne les autres versions/traductions, voir égalementhttp://www.bieringer.de/linux/IPv6/. L'historique L'essentiel de l'historique @@ -2641,7 +2641,7 @@ SourceForge: Projet Info - Ethereal - Ethereal est un analyseur libre de protocoles réseaux pour Unix et WindowsRadcom RC100-WL - Téléchargez l'analyseur de protocoles RC100-WL Radcom version 3.20 Les produits IPv6 -6wind - solutions pour routeur IPv4/IPv6, QoS, Multicast, Mobilité, Sécurité/VPN/Pare-feu. Fefe's patches for IPv6 with djbdnsAoût 2002 -- Qu'est-ce que djbdns et a-t-il besoin d'IPv6? djbdns est un serveur DNS complet qui outrepasse les performances de BIND.Suite de serveurs de routage ZebOS Serveur de courrier SPA 2.21 Inframail (Advantage Server Edition) 6.0 HTTrack Website CopierCommView 5.0Posadis 0.50.6TCP Wrapper (prêt pour IPv6) +6wind - solutions pour routeur IPv4/IPv6, QoS, Multicast, Mobilité, Sécurité/VPN/Pare-feu. Fefe's patches for IPv6 with djbdnsAoût 2002 -- Qu'est-ce que djbdns et a-t-il besoin d'IPv6? djbdns est un serveur DNS complet qui outrepasse les performances de BIND.Suite de serveurs de routage ZebOS Inframail (Advantage Server Edition)HTTrack Website CopierCommViewPosadisTCP Wrapper (prêt pour IPv6) <!-- anchor id="information-snmp" -->SNMP comp.protocpols.snmp SNMP FAQ Parties 1 of 2 diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html index e9fe900b..38edf066 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html @@ -59,6 +59,23 @@ COLSPAN="3" >
  • Revision 0.67wip2015-08-18Revised by: PB
    Revision 0.66

    The goal of the Linux IPv6 HOWTO is to answer both basic and advanced questions about IPv6 on the Linux operating system. This HOWTO will provide the reader with enough information to install, configure, and use IPv6 applications on Linux machines. Intermediate releases of this HOWTO are available at

    1.3. Version, History and To-Do
    1.5. Technical
    1.6. Preface
    1.7. Used terms, glossary and shortcuts
    1.8. Requirements for using this HOWTO
    2.1. What is IPv6?
    2.3. What do IPv6 addresses look like?
    2.4. FAQ (Basics)
    3.1. Addresses without a special prefix
    3.2. Network part, also known as prefix
    3.3. Address types (host part)
    3.4. Prefix lengths for routing
    4.2. IPv6-ready network configuration tools
    4.3. IPv6-ready test/debug programs
    4.4. IPv6-ready programs
    4.5. IPv6-ready client programs (selection)
    4.6. IPv6-ready server programs
    5.1. Different network devices
    5.2. Bringing interfaces up/down
    6.1. Displaying existing IPv6 addresses
    6.2. Add an IPv6 address
    6.3. Removing an IPv6 address
    6.4. Automatic IPv6 Address Configuration
    6.5. Enable Privacy Extension
    7.1. Displaying existing IPv6 routes
    7.2. Add an IPv6 route through a gateway
    7.3. Removing an IPv6 route through a gateway
    7.4. Add an IPv6 route through an interface
    7.5. Removing an IPv6 route through an interface
    7.6. FAQ for IPv6 routes
    8.1. Displaying neighbors using “ip”
    8.2. Manipulating neighbors table using “ip”
    9.1. Types of tunnels
    9.2. Displaying existing tunnels
    10.1. Displaying existing tunnels
    10.2. Setup of point-to-point tunnel
    10.3. Removing point-to-point tunnels
    11.1. How to access the /proc-filesystem
    14.1. Server socket binding
    15.1. Red Hat Linux and “clones”
    15.2. SuSE Linux
    16.1. Stateless auto-configuration out-of-the-box
    16.2. Stateless auto-configuration using Router Advertisement Daemon (radvd)
    16.3. Dynamic Host Configuration Protocol v6 (DHCPv6)
    17.1. Common information
    18.2. Preparation
    18.3. Usage of ip6tables
    18.5. Firewalling using nftables
    19.1. Node security
    19.2. Access limitations
    20.1. Modes of using encryption and authentication
    20.2. Support in kernel (ESP and AH)
    20.3. Automatic key exchange (IKE)
    20.4. Additional informations:
    21.1. General
    21.2. Linux QoS using “tc”
    23.2. Other programming languages
    25.4. IPv6 Infrastructure
    26. Revision history / Credits / The End
    26.3. The End

    1.1.1. Copyright


    1.1.2. License


    1.1.3. About the author

    1.1.3.1. Internet/IPv6 history of the author


    1.1.3.2. Contact


    1.3. Version, History and To-Do


    2.4. FAQ (Basics)

    2.4.1. Why is the name IPv6 and not IPv5 as successor for IPv4?


    2.4.2. IPv6 addresses: why such a high number of bits?


    2.4.3. IPv6 addresses: why so small a number of bits on a new design?


    3.1. Addresses without a special prefix

    3.1.1. Localhost address


    3.1.2. Unspecified address


    3.1.3. IPv6 address with embedded IPv4 address


    3.1.3.1. IPv4-mapped IPv6 address


    3.1.3.2. IPv4-compatible IPv6 address


    3.2. Network part, also known as prefix


    3.2.1. Link local address type


    3.2.2. Site local address type


    3.2.3. Unique Local IPv6 Unicast Addresses


    3.2.4. Global address type "(Aggregatable) global unicast"


    3.2.4.1. 6bone test addresses


    3.2.4.2. 6to4 addresses


    3.2.4.3. Assigned by provider for hierarchical routing


    3.2.4.4. Addresses reserved for examples and documentation


    3.2.5. Multicast addresses


    3.2.5.1. Multicast scopes


    3.2.5.2. Multicast types


    3.2.5.3. Solicited node link-local multicast address


    3.2.6. Anycast addresses


    3.2.6.1. Subnet-router anycast address


    3.3. Address types (host part)


    3.3.1. Automatically computed (also known as stateless)


    3.3.1.1. Privacy problem with automatically computed addresses and a solution


    3.3.2. Manually set


    3.4. Prefix lengths for routing


    3.4.1. Prefix lengths (also known as "netmasks")


    3.4.2. Matching a route


    4.1.1. Check for IPv6 support in the current running kernel


    4.1.2. Try to load IPv6 module


    4.1.2.1. Automatically loading of module


    4.1.3. Compile kernel with IPv6 capabilities


    4.1.3.1. Compiling a vanilla kernel


    4.1.3.2. Compiling a kernel with USAGI extensions


    4.1.4. IPv6-ready network devices


    4.1.4.1. Currently known never “IPv6 capable links”


    4.1.4.2. Currently known “not supported IPv6 capable links”


    4.2. IPv6-ready network configuration tools


    4.2.1. net-tools package


    4.2.2. iproute package


    4.3. IPv6-ready test/debug programs


    4.3.1.1. Specifying interface for IPv6 ping


    4.3.1.2. Ping6 to multicast addresses


    4.3.4.1. IPv6 ping to 2001:0db8:100:f101::1 native over a local link


    4.3.4.2. IPv6 ping to 2001:0db8:100::1 routed through an IPv6-in-IPv4-tunnel


    4.4. IPv6-ready programs


    4.5. IPv6-ready client programs (selection)


    4.5.1. Checking DNS for resolving IPv6 addresses


    4.5.2. IPv6-ready telnet clients


    4.5.3. IPv6-ready ssh clients

    4.5.3.1. openssh


    4.5.3.2. ssh.com


    4.5.4. IPv6-ready web browsers


    4.5.4.1. URLs for testing


    4.6. IPv6-ready server programs

    4.7.1. Using tools

    4.7.1.1. Q: Cannot ping6 to link-local addresses


    4.7.1.2. Q: Cannot ping6 or traceroute6 as normal user

    5.1. Different network devices


    5.1.1. Physically bounded


    5.1.2. Virtually bounded


    5.1.2.1. IPv6-in-IPv4 tunnel interfaces


    5.1.2.2. PPP interfaces


    5.1.2.3. ISDN HDLC interfaces


    5.1.2.4. ISDN PPP interfaces


    5.1.2.5. SLIP + PLIP


    5.1.2.6. Ether-tap device


    5.1.2.7. tun devices


    5.1.2.8. ATM


    5.1.2.9. Others


    5.2. Bringing interfaces up/down


    5.2.1. Using "ip"


    5.2.2. Using "ifconfig"


    6.1. Displaying existing IPv6 addresses


    6.1.1. Using "ip"


    6.1.2. Using "ifconfig"


    6.2. Add an IPv6 address


    6.2.1. Using "ip"


    6.2.2. Using "ifconfig"


    6.3. Removing an IPv6 address


    6.3.1. Using "ip"


    6.3.2. Using "ifconfig"


    6.4. Automatic IPv6 Address Configuration


    6.5. Enable Privacy Extension


    6.5.1. Enable Privacy Extension using sysctl

    Temporary activation

    Permanent activation


    6.5.2. Enable Privacy Extension using NetworkManager


    6.5.3. Test real use of Privacy Extension IPv6 Addresses


    7.1. Displaying existing IPv6 routes


    7.1.1. Using "ip"


    7.1.2. Using "route"


    7.2. Add an IPv6 route through a gateway


    7.2.1. Using "ip"


    7.2.2. Using "route"


    7.3. Removing an IPv6 route through a gateway


    7.3.1. Using "ip"


    7.3.2. Using "route"


    7.4. Add an IPv6 route through an interface


    7.4.1. Using "ip"


    7.4.2. Using "route"


    7.5. Removing an IPv6 route through an interface


    7.5.1. Using "ip"


    7.5.2. Using "route"


    7.6. FAQ for IPv6 routes

    7.6.1. Support of an IPv6 default route


    7.6.1.1. Clients (not routing any packet!)


    7.6.1.2. Routers in case of packet forwarding


    8.1. Displaying neighbors using “ip”


    8.2. Manipulating neighbors table using “ip”

    8.2.1. Manually add an entry


    8.2.2. Manually delete an entry


    8.2.3. More advanced settings


    9.1. Types of tunnels


    9.1.1. Static point-to-point tunneling


    9.1.2. Automatically tunneling


    9.1.3.1. Generation of 6to4 prefix


    9.1.3.2. 6to4 upstream tunneling


    9.1.3.3. 6to4 downstream tunneling


    9.1.3.4. Possible 6to4 traffic


    9.1.4. UDP encapsulated IPv6 tunneling


    9.1.4.1. Teredo Tunnel


    9.1.4.2. AYIYA Tunnel


    9.1.4.3. gogo6 Tunnel


    9.2. Displaying existing tunnels

    9.2.1. Using "ip"


    9.2.2. Using "route"


    9.3.1. Add point-to-point tunnels

    9.3.1.1. Using "ip"


    9.3.1.2. Using "ifconfig" and "route" (deprecated)


    9.3.1.3. Using "route" only


    9.3.2. Removing point-to-point tunnels


    9.3.2.1. Using "ip"


    9.3.2.2. Using "ifconfig" and "route" (deprecated because not very funny)


    9.3.2.3. Using "route"


    9.3.3. Numbered point-to-point tunnels


    9.4.1. Add a 6to4 tunnel


    9.4.1.1. Using "ip" and a dedicated tunnel device


    9.4.1.2. Using "ifconfig" and "route" and generic tunnel device “sit0” (deprecated)


    9.4.2. Remove a 6to4 tunnel

    9.4.2.1. Using "ip" and a dedicated tunnel device


    9.4.2.2. Using “ifconfig” and “route” and generic tunnel device “sit0” (deprecated)


    10.1. Displaying existing tunnels


    10.2. Setup of point-to-point tunnel


    10.3. Removing point-to-point tunnels


    11.1. How to access the /proc-filesystem

    11.1.1. Using “cat” and “echo”


    11.1.1.1. Retrieving a value


    11.1.1.2. Setting a value


    11.1.2. Using “sysctl”


    11.1.2.1. Retrieving a value


    11.1.2.2. Setting a value


    11.1.2.3. Additionals


    11.1.3. Values found in /proc-filesystems

    11.2.1. conf/default/*


    11.2.2. conf/all/*


    11.2.2.1. conf/all/forwarding


    11.2.3. conf/interface/*


    11.2.3.1. accept_ra


    11.2.3.2. accept_redirects


    11.2.3.3. autoconf


    11.2.3.4. dad_transmits


    11.2.3.5. forwarding


    11.2.3.6. hop_limit


    11.2.3.7. mtu


    11.2.3.8. router_solicitation_delay


    11.2.3.9. router_solicitation_interval


    11.2.3.10. router_solicitations


    11.2.4. neigh/default/*


    11.2.4.1. gc_thresh1


    11.2.4.2. gc_thresh2


    11.2.4.3. gc_thresh3


    11.2.4.4. gc_interval


    11.2.5. neigh/interface/*


    11.2.5.1. anycast_delay


    11.2.5.2. gc_stale_time


    11.2.5.3. proxy_qlen


    11.2.5.4. unres_qlen


    11.2.5.5. app_solicit


    11.2.5.6. locktime


    11.2.5.7. retrans_time


    11.2.5.8. base_reachable_time


    11.2.5.9. mcast_solicit


    11.2.5.10. ucast_solicit


    11.2.5.11. delay_first_probe_time


    11.2.5.12. proxy_delay


    11.2.6. route/*


    11.2.6.1. flush


    11.2.6.2. gc_interval


    11.2.6.3. gc_thresh


    11.2.6.4. mtu_expires


    11.2.6.5. gc_elasticity


    11.2.6.6. gc_min_interval


    11.2.6.7. gc_timeout


    11.2.6.8. min_adv_mss


    11.2.6.9. max_size


    11.3.1. ip_*


    14.2.1.2. Router solicitation


    14.2.2. Neighbor discovery


    18.3.2.3. Insert a log rule at the input filter with options


    18.3.2.4. Insert a drop rule at the input filter


    18.3.2.5. Delete a rule by number


    18.3.2.6. Enable connection tracking


    18.3.2.7. Allow ICMPv6


    18.3.2.8. Rate-limiting


    18.3.2.9. Allow incoming SSH


    18.3.2.10. Enable tunneled IPv6-in-IPv4


    18.3.2.11. Protection against incoming TCP connection requests


    18.3.2.12. Protection against incoming UDP connection requests


    18.3.3. Examples

    18.3.3.1. Simple example for Fedora


    18.3.3.2. Sophisticated example


    18.4.1. IPv6 Masquerading


    18.4.2. IPv6 Destination NAT


    18.4.3. IPv6 Port Forwarding


    18.5. Firewalling using nftables


    18.5.1. Preparation for nftables usage


    18.5.2. Basic nftables configuration


    18.5.3. Simple filter policy with nftables using only table “inet”

    18.5.3.1. Configuration


    18.5.3.2. Result


    18.5.3.3. Hints for logging


    18.5.4. Filter policy with nftables using tables “ip”, “ip6” and “inet”

    19.1. Node security


    19.2. Access limitations


    19.3.1. Legal issues


    19.3.2. Security auditing using IPv6-enabled netcat


    19.3.3. Security auditing using IPv6-enabled nmap


    19.3.4. Security auditing using IPv6-enabled strobe


    19.3.5. Security auditing using online tools


    19.3.6. Audit results


    20.1. Modes of using encryption and authentication


    20.1.1. Transport mode


    20.1.2. Tunnel mode


    20.2. Support in kernel (ESP and AH)


    22.3.1.2. Virtual host listen on an IPv6 and on an IPv4 address


    22.3.1.3. Additional notes


    22.4.1. Configuring radvd

    22.4.1.1. Simple configuration


    22.4.1.2. Special 6to4 configuration


    22.4.2. Debugging


    22.5.1. Configuration of the DHCPv6 server (dhcp6s)

    22.5.1.1. Simple configuration


    22.5.2. Configuration of the DHCPv6 client (dhcp6c)

    22.5.2.1. Simple configuration


    22.5.3. Usage

    22.5.3.1. dhcpv6_server


    22.5.3.2. dhcpv6_client


    22.5.4. Debugging

    22.5.4.1. dhcpv6_server


    22.5.4.2. dhcpv6_client


    22.6.1. Configuration of the ISC DHCP server for IPv6 (dhcpd)


    22.6.1.1. Simple configuration


    22.6.2. Usage

    22.6.2.1. dhcpd


    22.7.1. Configuration of the Dibbler DHCP server for IPv6

    22.7.1.1. Simple configuration


    22.7.2. Usage

    22.7.2.1. dibbler-server


    22.8.1. Filtering capabilities


    22.8.2. Which program uses tcp_wrapper


    22.8.3. Usage


    22.8.3.1. Example for /etc/hosts.allow


    22.8.3.2. Example for /etc/hosts.deny


    22.8.4. Logging


    22.8.4.1. Refused connection


    22.8.4.2. Permitted connection

    22.9.1. Listening on IPv6 addresses

    22.10.1. Listening on IPv6 addresses


    23.1.1. Address Structures


    23.1.1.1. IPv4 sockaddr_in


    23.1.1.2. IPv6 sockaddr_in6


    23.1.1.3. Generic Addresses


    23.1.2. Lookup Functions


    23.1.3. Quirks Encountered


    23.1.3.1. IPv4 Mapped Addresses


    23.1.3.2. Cannot Specify the Scope Identifier in /etc/hosts


    23.1.3.3. Client & Server Residing on the Same Machine


    23.1.4. Putting It All Together (A Client-Server Programming Example)

    Porting applications to IPv6 HowTo. For the record, the source code presented here is original, developed from scratch, and any similarity between it and any other publicly available 'daytime' example is purely coincidental.]. The source code presented in this section was developed and tested on a RedHat Linux release using the 2.6 kernel (2.6.9 to be specific). Readers may use the source code freely, so long as proper credit is attributed; but of course the standard disclaimer must be given first:


    23.1.4.1. 'Daytime' Server Code


    23.1.4.2. 'Daytime' TCP Client Code


    23.1.4.3. 'Daytime' UDP Client Code


    23.2. Other programming languages

    25.6.1. Testing tools


    25.6.2. Information retrievement


    25.6.3. IPv6 Looking Glasses


    25.6.4. Helper applications


    Chapter 26. Revision history / Credits / The End


    26.1.1. Releases 0.x

    0.67wip

    2015-08-18/PB: fix some broken URLs

    0.66


    26.2.2. Other credits

    26.2.2.1. Document technique related


    26.3. The End

    0.67wip 2015-08-18 PB +\end_layout + +\end_inset + + \end_layout \begin_layout Standard @@ -450,14 +465,6 @@ Version The current version is shown at the beginning of the document. \end_layout -\begin_layout Standard -CVS information: -\end_layout - -\begin_layout Code -CVS-ID: $Id$ -\end_layout - \begin_layout Standard For other available versions/translations see also \begin_inset CommandInset href @@ -1286,6 +1293,7 @@ In generic examples you will sometimes find the following: \end_layout \begin_layout Code + \end_layout @@ -1296,6 +1304,7 @@ For real use on your system command line or in scripts this has to be replaced \end_layout \begin_layout Code + 1.2.3.4 \end_layout @@ -1308,6 +1317,7 @@ Commands executable as non-root user begin with $, e.g. \end_layout \begin_layout Code + $ whoami \end_layout @@ -1316,6 +1326,7 @@ Commands executable as root user begin with #, e.g. \end_layout \begin_layout Code + # whoami \end_layout @@ -1510,58 +1521,72 @@ The first IPv6 related network code was added to the Linux kernel 2.1.8 in \end_layout \begin_layout Code + diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code + ¬ linux/include/linux/in6.h \end_layout \begin_layout Code + --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code + +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code + @@ -0,0 +1,99 @@ \end_layout \begin_layout Code + +/* \end_layout \begin_layout Code + + * Types and definitions for AF_INET6 \end_layout \begin_layout Code + + * Linux INET6 implementation \end_layout \begin_layout Code + + * + * Authors: \end_layout \begin_layout Code + + * Pedro Roque <******> \end_layout \begin_layout Code + + * \end_layout \begin_layout Code + + * Source: \end_layout \begin_layout Code + + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code + + * \end_layout @@ -1670,6 +1695,7 @@ As previously mentioned, IPv6 addresses are 128 bits long. \end_layout \begin_layout Code + 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1692,6 +1718,7 @@ nibble \end_layout \begin_layout Code + 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1709,6 +1736,7 @@ This representation is still not very convenient (possible mix-up or loss \end_layout \begin_layout Code + 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1718,6 +1746,7 @@ A usable address (see address types later) is e.g.: \end_layout \begin_layout Code + 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1728,10 +1757,12 @@ For simplifications, leading zeros of each 16 bit block can be omitted: \end_layout \begin_layout Code + 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code + ¬ 2001:db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1757,6 +1788,7 @@ ion. \end_layout \begin_layout Code + 2001:0db8:100:f101:0:0:0:1 -> 2001:db8:100:f101::1 \end_layout @@ -1766,6 +1798,7 @@ The biggest reduction is seen by the IPv6 localhost address: \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1789,10 +1822,12 @@ target "http://www.faqs.org/rfcs/rfc1924.html" \end_layout \begin_layout Code + # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code + 9R}vSQZ1W=9A_Q74Lz&R \end_layout @@ -2003,6 +2038,7 @@ This is a special address for the loopback interface, similiar to IPv4 with \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2011,6 +2047,7 @@ or compressed: \end_layout \begin_layout Code + ::1 \end_layout @@ -2046,6 +2083,7 @@ any \end_layout \begin_layout Code + 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2054,6 +2092,7 @@ or: \end_layout \begin_layout Code + :: \end_layout @@ -2089,6 +2128,7 @@ These addresses are defined with a special prefix of length 96 (a.b.c.d is \end_layout \begin_layout Code + 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2097,6 +2137,7 @@ or in compressed format \end_layout \begin_layout Code + ::ffff:a.b.c.d/96 \end_layout @@ -2105,6 +2146,7 @@ For example, the IPv4 address 1.2.3.4 looks like this: \end_layout \begin_layout Code + ::ffff:1.2.3.4 \end_layout @@ -2133,6 +2175,7 @@ reference "tunneling-6to4" \end_layout \begin_layout Code + 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2141,6 +2184,7 @@ or in compressed format \end_layout \begin_layout Code + ::a.b.c.d/96 \end_layout @@ -2221,18 +2265,22 @@ x \end_layout \begin_layout Code + fe8x: <- currently the only one in use \end_layout \begin_layout Code + fe9x: \end_layout \begin_layout Code + feax: \end_layout \begin_layout Code + febx: \end_layout @@ -2278,18 +2326,22 @@ It begins with: \end_layout \begin_layout Code + fecx: <- most commonly used \end_layout \begin_layout Code + fedx: \end_layout \begin_layout Code + feex: \end_layout \begin_layout Code + fefx: \end_layout @@ -2364,10 +2416,12 @@ It begins with: \end_layout \begin_layout Code + fcxx: \end_layout \begin_layout Code + fdxx: <- currently the only one in use \end_layout @@ -2390,6 +2444,7 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code + fd0f:8b72:ac90::/48 \end_layout @@ -2421,10 +2476,12 @@ x \end_layout \begin_layout Code + 2xxx: \end_layout \begin_layout Code + 3xxx: \end_layout @@ -2455,6 +2512,7 @@ These were the first global addresses which were defined and in use. \end_layout \begin_layout Code + 3ffe: \end_layout @@ -2463,6 +2521,7 @@ Example: \end_layout \begin_layout Code + 3ffe:ffff:100:f102::1 \end_layout @@ -2472,6 +2531,7 @@ A special 6bone test address which will never be globally unique begins \end_layout \begin_layout Code + 3ffe:ffff: \end_layout @@ -2523,6 +2583,7 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code + 2002: \end_layout @@ -2531,6 +2592,7 @@ For example, representing 192.168.1.1/5: \end_layout \begin_layout Code + 2002:c0a8:0101:5::1 \end_layout @@ -2540,10 +2602,12 @@ A small shell command line can help you generating such address out of a \end_layout \begin_layout Code + ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code + ¬ | tr "." " "` $sla \end_layout @@ -2577,6 +2641,7 @@ These addresses are delegated to Internet service providers (ISP) and begin \end_layout \begin_layout Code + 2001: \end_layout @@ -2615,10 +2680,12 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code + 3fff:ffff::/32 \end_layout \begin_layout Code + 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2647,6 +2714,7 @@ xx \end_layout \begin_layout Code + ffxy: \end_layout @@ -2735,6 +2803,7 @@ An example of this address looks like \end_layout \begin_layout Code + ff02::1:ff00:1234 \end_layout @@ -2791,6 +2860,7 @@ A simple example for an anycast address is the subnet-router anycast address. \end_layout \begin_layout Code + 2001:db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2800,6 +2870,7 @@ The subnet-router anycast address will be created blanking the suffix (least \end_layout \begin_layout Code + 2001:db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2839,6 +2910,7 @@ E.g. \end_layout \begin_layout Code + 00:10:a4:01:23:45 \end_layout @@ -2856,6 +2928,7 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code + 0210:a4ff:fe01:2345 \end_layout @@ -2865,6 +2938,7 @@ With a given prefix, the result is the IPv6 address shown in example above: \end_layout \begin_layout Code + 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -2917,6 +2991,7 @@ For servers, it's probably easier to remember simpler addresses, this can \end_layout \begin_layout Code + 2001:0db8:100:f101::1 \end_layout @@ -3008,6 +3083,7 @@ An example: \end_layout \begin_layout Code + 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -3021,6 +3097,7 @@ Network: \end_layout \begin_layout Code + 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -3029,6 +3106,7 @@ Netmask: \end_layout \begin_layout Code + ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3047,10 +3125,12 @@ For example if a routing table shows following entries (list is not complete): \end_layout \begin_layout Code + 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code + 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3060,10 +3140,12 @@ Shown destination addresses of IPv6 packets will be routed through shown \end_layout \begin_layout Code + 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code + 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -3127,6 +3209,7 @@ To check, whether your current running kernel supports IPv6, take a look \end_layout \begin_layout Code + /proc/net/if_inet6 \end_layout @@ -3136,6 +3219,7 @@ A short automatical test looks like: \end_layout \begin_layout Code + # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3154,6 +3238,7 @@ You can try to load the IPv6 module executing \end_layout \begin_layout Code + # modprobe ipv6 \end_layout @@ -3164,6 +3249,7 @@ If this is successful, this module should be listed, testable with following \end_layout \begin_layout Code + # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3188,6 +3274,7 @@ Its possible to automatically load the IPv6 module on demand. \end_layout \begin_layout Code + alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -3197,6 +3284,7 @@ It's also possible to disable automatically loading of the IPv6 module using \end_layout \begin_layout Code + alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3454,10 +3542,12 @@ Auto-magically check: \end_layout \begin_layout Code + # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code + ¬ IPv6-ready" \end_layout @@ -3471,6 +3561,7 @@ route \end_layout \begin_layout Code + # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3489,6 +3580,7 @@ Alexey N. \end_layout \begin_layout Code + # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3552,14 +3644,17 @@ Usage \end_layout \begin_layout Code + # ping6 \end_layout \begin_layout Code + # ping6 \end_layout \begin_layout Code + # ping6 [-I ] \end_layout @@ -3569,6 +3664,7 @@ Some implementation also support % suffix instead of using -I , \end_layout \begin_layout Code + # ping6 % \end_layout @@ -3577,14 +3673,17 @@ Example \end_layout \begin_layout Code + # ping6 -c 1 ::1 \end_layout \begin_layout Code + PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code + 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3593,14 +3692,17 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code + --- ::1 ping statistics --- \end_layout \begin_layout Code + 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code + round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3631,10 +3733,12 @@ Using link-local addresses for an IPv6 ping, the kernel does not know through \end_layout \begin_layout Code + # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code + connect: Invalid argument \end_layout @@ -3643,18 +3747,22 @@ In this case you have to specify the interface additionally like shown here: \end_layout \begin_layout Code + # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code + PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code + ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code + 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3663,14 +3771,17 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code + --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code + 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code + ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3679,6 +3790,7 @@ Example for % notation: \end_layout \begin_layout Code + # ping6 -c 1 fe80::2e0:18ff:fe90:9205%eth0 \end_layout @@ -3692,18 +3804,22 @@ An interesting mechanism to detect IPv6-active hosts on a link is to ping6 \end_layout \begin_layout Code + # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code + PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code + 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code + 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3713,6 +3829,7 @@ Example for % notation: \end_layout \begin_layout Code + # ping6 ff02::1%eth0 \end_layout @@ -3743,42 +3860,51 @@ iputils \end_layout \begin_layout Code + # traceroute6 www.6bone.net \end_layout \begin_layout Code + traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code + ¬ hops max, 16 byte packets \end_layout \begin_layout Code + 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code + 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code + 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code + 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code + 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code + 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3820,42 +3946,52 @@ iputils \end_layout \begin_layout Code + # tracepath6 www.6bone.net \end_layout \begin_layout Code + 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code + 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code + 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code + 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code + 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code + 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code + 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code + 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code + Resume: pmtu 1280 \end_layout @@ -3944,26 +4080,32 @@ IPv6 ping to \end_layout \begin_layout Code + # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code + tcpdump: listening on eth0 \end_layout \begin_layout Code + 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code + ¬ request (len 64, hlim 64) \end_layout \begin_layout Code + 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code + ¬ reply (len 64, hlim 64) \end_layout @@ -3980,42 +4122,52 @@ IPv6 ping to \end_layout \begin_layout Code + # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code + tcpdump: listening on ppp0 \end_layout \begin_layout Code + 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code + ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code + 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code + ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code + 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code + ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code + 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code + ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4099,6 +4251,7 @@ Because of security updates in the last years every Domain Name System (DNS) \end_layout \begin_layout Code + # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4107,17 +4260,20 @@ and should show something like following: \end_layout \begin_layout Code + www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code + tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code + ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4131,25 +4287,30 @@ IPv6-ready telnet clients are available. \end_layout \begin_layout Code + $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code + Trying 3ffe:400:100::1... \end_layout \begin_layout Code + Connected to 3ffe:400:100::1. \end_layout \begin_layout Code + Escape character is '^]'. \end_layout \begin_layout Code + HEAD / HTTP/1.0 \end_layout @@ -4158,38 +4319,47 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code + HTTP/1.1 200 OK \end_layout \begin_layout Code + Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code + GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code + Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code + ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code + Accept-Ranges: bytes \end_layout \begin_layout Code + Content-Length: 2637 \end_layout \begin_layout Code + Connection: close \end_layout \begin_layout Code + Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4198,6 +4368,7 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code + Connection closed by foreign host. \end_layout @@ -4238,14 +4409,17 @@ Current versions of openssh are IPv6-ready. \end_layout \begin_layout Code + $ ssh -6 ::1 \end_layout \begin_layout Code + user@::1's password: ****** \end_layout \begin_layout Code + [user@ipv6host user]$ \end_layout @@ -4792,10 +4966,12 @@ Usage: \end_layout \begin_layout Code + # ip link set dev up \end_layout \begin_layout Code + # ip link set dev down \end_layout @@ -4808,10 +4984,12 @@ Example: \end_layout \begin_layout Code + # ip link set dev eth0 up \end_layout \begin_layout Code + # ip link set dev eth0 down \end_layout @@ -4825,10 +5003,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/ifconfig up \end_layout \begin_layout Code + # /sbin/ifconfig down \end_layout @@ -4837,10 +5017,12 @@ Example: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 up \end_layout \begin_layout Code + # /sbin/ifconfig eth0 down \end_layout @@ -4891,6 +5073,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 addr show dev \end_layout @@ -4899,22 +5082,27 @@ Example for a static configured host: \end_layout \begin_layout Code + # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code + 2: eth0: \end_layout @@ -4977,18 +5174,22 @@ Example (output filtered with grep to display only IPv6 addresses). \end_layout \begin_layout Code + # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code + inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code + inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code + inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5010,6 +5211,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 addr add / dev \end_layout @@ -5018,6 +5220,7 @@ Example: \end_layout \begin_layout Code + # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5031,6 +5234,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ifconfig inet6 add / \end_layout @@ -5039,6 +5243,7 @@ Example: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -5061,6 +5266,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 addr del / dev \end_layout @@ -5069,6 +5275,7 @@ Example: \end_layout \begin_layout Code + # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5082,6 +5289,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ifconfig inet6 del / \end_layout @@ -5090,6 +5298,7 @@ Example: \end_layout \begin_layout Code + # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -5159,6 +5368,7 @@ eth0 \end_layout \begin_layout Code + # sysctl -w net.ipv6.conf.eth0.use_tempaddr=2 \end_layout @@ -5167,10 +5377,12 @@ Afterwards, restart of the interface is necessary \end_layout \begin_layout Code + # ip link set dev eth0 down \end_layout \begin_layout Code + # ip link set dev eth0 up \end_layout @@ -5179,32 +5391,39 @@ Once a router advertisement is received, the result should look like following \end_layout \begin_layout Code + # ip -6 addr show dev eth0 \end_layout \begin_layout Code + 2: eth0: mtu 1500 qlen 1000 \end_layout \begin_layout Code + inet6 2001:db8:0:1:8992:3c03:d6e2:ed72/64 scope global secondary dynamic <- pseudo-random IID \end_layout \begin_layout Code + valid_lft 604711sec preferred_lft 86311sec \end_layout \begin_layout Code + inet6 2001:db8:0:1::224:21ff:fe01:2345/64 scope global <- IID based on MAC \end_layout \begin_layout Code + valid_lft 604711sec preferred_lft 86311sec \end_layout \begin_layout Code + ... \end_layout @@ -5218,6 +5437,7 @@ For permanent activation, either a special initscript value per interface \end_layout \begin_layout Code + net.ipv6.conf.eth0.use_tempaddr=2 \end_layout @@ -5229,10 +5449,12 @@ Note: interface must already exists with proper name when sysctl.conf is \end_layout \begin_layout Code + net.ipv6.conf.all.use_tempaddr=2 \end_layout \begin_layout Code + net.ipv6.conf.default.use_tempaddr=2 \end_layout @@ -5242,6 +5464,7 @@ Changed/added values in /etc/sysctl.conf can be activated during runtime, \end_layout \begin_layout Code + # sysctl -p \end_layout @@ -5264,14 +5487,17 @@ Check existing interfaces with: \end_layout \begin_layout Code + # nmcli connection \end_layout \begin_layout Code + NAME UUID TYPE DEVICE \end_layout \begin_layout Code + ens4v1 d0fc2b2e-5fa0-4675-96b5-b723ca5c46db 802-3-ethernet ens4v1 \end_layout @@ -5280,10 +5506,12 @@ Current amount of IPv6 privacy extension addresses can be checked with \end_layout \begin_layout Code + # ip -o addr show dev ens4v1 | grep temporary | wc -l \end_layout \begin_layout Code + 0 \end_layout @@ -5292,10 +5520,12 @@ Current IPv6 privacy extension settings can be checked with \end_layout \begin_layout Code + # nmcli connection show ens4v1 |grep ip6-privacy \end_layout \begin_layout Code + ipv6.ip6-privacy: -1 (unknown) \end_layout @@ -5304,10 +5534,12 @@ Enable IPv6 privacy extension and restart interface \end_layout \begin_layout Code + # nmcli connection modify ens4v1 ipv6.ip6-privacy 2 \end_layout \begin_layout Code + # nmcli connection down ens4v1; nmcli connection up ens4v1 \end_layout @@ -5316,10 +5548,12 @@ New IPv6 privacy extension settings can be checked with \end_layout \begin_layout Code + # nmcli connection show ens4v1 |grep ip6-privacy \end_layout \begin_layout Code + ipv6.ip6-privacy: 2 (active, prefer temporary IP) \end_layout @@ -5328,10 +5562,12 @@ Now IPv6 privacy extension addresses are configured on the interface \end_layout \begin_layout Code + # ip -o addr show dev ens4v1 | grep temporary | wc -l \end_layout \begin_layout Code + 2 \end_layout @@ -5409,6 +5645,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route show [dev ] \end_layout @@ -5418,22 +5655,27 @@ Example: \end_layout \begin_layout Code + # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code + 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code + default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5447,6 +5689,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 \end_layout @@ -5458,34 +5701,42 @@ Example (output is filtered for interface eth0). \end_layout \begin_layout Code + # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code + 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code + ¬ address \end_layout \begin_layout Code + fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code + ¬ address \end_layout \begin_layout Code + ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code + ¬ addresses \end_layout \begin_layout Code + ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -5508,10 +5759,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route add / via \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -5520,6 +5773,7 @@ Example: \end_layout \begin_layout Code + # /sbin/ip -6 route add default via 2001:0db8:0:f101::1 \end_layout @@ -5533,10 +5787,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -5554,6 +5810,7 @@ Following shown example adds a default route through gateway \end_layout \begin_layout Code + # /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1 \end_layout @@ -5577,10 +5834,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route del / via \end_layout \begin_layout Code + ¬ [dev ] \end_layout @@ -5589,6 +5848,7 @@ Example: \end_layout \begin_layout Code + # /sbin/ip -6 route del default via 2001:0db8:0:f101::1 \end_layout @@ -5602,10 +5862,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code + ¬ ] \end_layout @@ -5614,6 +5876,7 @@ Example for removing upper added route again: \end_layout \begin_layout Code + # /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1 \end_layout @@ -5636,10 +5899,12 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route add / dev \end_layout \begin_layout Code + ¬ metric 1 \end_layout @@ -5648,6 +5913,7 @@ Example: \end_layout \begin_layout Code + # /sbin/ip -6 route add default dev eth0 metric 1 \end_layout @@ -5690,6 +5956,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 add / dev \end_layout @@ -5698,6 +5965,7 @@ Example: \end_layout \begin_layout Code + # /sbin/route -A inet6 add default dev eth0 \end_layout @@ -5720,6 +5988,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 route del / dev \end_layout @@ -5728,6 +5997,7 @@ Example: \end_layout \begin_layout Code + # /sbin/ip -6 route del default dev eth0 \end_layout @@ -5741,6 +6011,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 del / dev \end_layout @@ -5750,6 +6021,7 @@ Example: \end_layout \begin_layout Code + # /sbin/route -A inet6 del default dev eth0 \end_layout @@ -5788,14 +6060,17 @@ Client can setup a default route like prefix \end_layout \begin_layout Code + # ip -6 route show | grep ^default \end_layout \begin_layout Code + default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code + ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5877,6 +6152,7 @@ With following command you can display the learnt or configured IPv6 neighbors \end_layout \begin_layout Code + # ip -6 neigh show [dev ] \end_layout @@ -5885,10 +6161,12 @@ The following example shows one neighbor, which is a reachable router \end_layout \begin_layout Code + # ip -6 neigh show \end_layout \begin_layout Code + fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -5913,6 +6191,7 @@ With following command you are able to manually add an entry \end_layout \begin_layout Code + # ip -6 neigh add lladdr dev \end_layout @@ -5921,6 +6200,7 @@ Example: \end_layout \begin_layout Code + # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5933,6 +6213,7 @@ Like adding also an entry can be deleted: \end_layout \begin_layout Code + # ip -6 neigh del lladdr dev \end_layout @@ -5941,6 +6222,7 @@ Example: \end_layout \begin_layout Code + # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5970,23 +6252,28 @@ help \end_layout \begin_layout Code + # ip -6 neigh help \end_layout \begin_layout Code + Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code + [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code + | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code + ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -6176,22 +6463,27 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code + | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code + +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code + | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code + | 0x2002 | | | | \end_layout \begin_layout Code + +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6402,6 +6694,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show [] \end_layout @@ -6410,14 +6703,17 @@ Example: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show \end_layout \begin_layout Code + sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code + sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6430,6 +6726,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/route -A inet6 \end_layout @@ -6439,6 +6736,7 @@ Example (output is filtered to display only tunnels through virtual interface \end_layout \begin_layout Code + # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6447,22 +6745,27 @@ W*$" \end_layout \begin_layout Code + ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code + 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code + 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code + fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code + ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6528,10 +6831,12 @@ Usage for creating a tunnel device (but it's not up afterward, also a TTL \end_layout \begin_layout Code + # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code + ¬ local \end_layout @@ -6540,18 +6845,22 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6560,18 +6869,22 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6580,18 +6893,22 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6612,6 +6929,7 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -6620,14 +6938,17 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit1 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6636,14 +6957,17 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit2 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6652,14 +6976,17 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code + # /sbin/ifconfig sit3 up \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6685,6 +7012,7 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -6693,26 +7021,32 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 add gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout @@ -6741,6 +7075,7 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code + # /sbin/ip tunnel del \end_layout @@ -6749,14 +7084,17 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code + # /sbin/ip link set sit1 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit1 \end_layout @@ -6765,14 +7103,17 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code + # /sbin/ip link set sit2 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit2 \end_layout @@ -6781,14 +7122,17 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code + # /sbin/ip link set sit3 down \end_layout \begin_layout Code + # /sbin/ip tunnel del sit3 \end_layout @@ -6807,10 +7151,12 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code + # /sbin/ifconfig sit3 down \end_layout @@ -6819,10 +7165,12 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code + # /sbin/ifconfig sit2 down \end_layout @@ -6831,10 +7179,12 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code + # /sbin/ifconfig sit1 down \end_layout @@ -6843,6 +7193,7 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -6864,26 +7215,32 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout \begin_layout Code + # /sbin/route -A inet6 del gw \end_layout \begin_layout Code + ¬ :: dev sit0 \end_layout @@ -6892,6 +7249,7 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -6950,6 +7308,7 @@ Assuming your IPv4 address is \end_layout \begin_layout Code + 1.2.3.4 \end_layout @@ -6958,6 +7317,7 @@ the generated 6to4 prefix will be \end_layout \begin_layout Code + 2002:0102:0304:: \end_layout @@ -6976,6 +7336,7 @@ Local 6to4 gateways should (but it's not a must, you can choose an arbitrary \end_layout \begin_layout Code + 2002:0102:0304::1 \end_layout @@ -6985,6 +7346,7 @@ Use e.g. \end_layout \begin_layout Code + ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -7006,10 +7368,12 @@ Create a new tunnel device \end_layout \begin_layout Code + # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code + ¬ \end_layout @@ -7018,6 +7382,7 @@ Bring interface up \end_layout \begin_layout Code + # /sbin/ip link set dev tun6to4 up \end_layout @@ -7026,6 +7391,7 @@ Add local 6to4 address to interface (note: prefix length 16 is important!) \end_layout \begin_layout Code + # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -7035,6 +7401,7 @@ Add (default) route to the global IPv6 network using the all-6to4-routers \end_layout \begin_layout Code + # /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -7053,6 +7420,7 @@ ip \end_layout \begin_layout Code + # /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -7079,6 +7447,7 @@ Bring generic tunnel interface sit0 up \end_layout \begin_layout Code + # /sbin/ifconfig sit0 up \end_layout @@ -7087,6 +7456,7 @@ Add local 6to4 address to interface \end_layout \begin_layout Code + # /sbin/ifconfig sit0 add /16 \end_layout @@ -7096,6 +7466,7 @@ Add (default) route to the global IPv6 network using the all-6to4-relays \end_layout \begin_layout Code + # /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0 \end_layout @@ -7112,6 +7483,7 @@ Remove all routes through this dedicated tunnel device \end_layout \begin_layout Code + # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -7120,6 +7492,7 @@ Shut down interface \end_layout \begin_layout Code + # /sbin/ip link set dev tun6to4 down \end_layout @@ -7128,6 +7501,7 @@ Remove created tunnel device \end_layout \begin_layout Code + # /sbin/ip tunnel del tun6to4 \end_layout @@ -7164,6 +7538,7 @@ Remove (default) route through the 6to4 tunnel interface \end_layout \begin_layout Code + # /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0 \end_layout @@ -7172,6 +7547,7 @@ Remove local 6to4 address to interface \end_layout \begin_layout Code + # /sbin/ifconfig sit0 del /16 \end_layout @@ -7181,6 +7557,7 @@ Shut down generic tunnel device (take care about this, perhaps it's still \end_layout \begin_layout Code + # /sbin/ifconfig sit0 down \end_layout @@ -7220,6 +7597,7 @@ Usage: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show [] \end_layout @@ -7228,23 +7606,28 @@ Example: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code + ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 \end_layout \begin_layout Code + ¬ flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code + ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 \end_layout \begin_layout Code + ¬ hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -7261,10 +7644,12 @@ Usage for creating a 4over6 tunnel device (but it's not up afterward) \end_layout \begin_layout Code + # /sbin/ip tunnel add mode ip4ip6 remote \end_layout \begin_layout Code + ¬ local \end_layout @@ -7273,18 +7658,22 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -7293,18 +7682,22 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -7313,18 +7706,22 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote \end_layout \begin_layout Code + ¬ local \end_layout \begin_layout Code + # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code + # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -7337,6 +7734,7 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del \end_layout @@ -7345,14 +7743,17 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code + # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -7361,14 +7762,17 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code + # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -7377,14 +7781,17 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code + # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code + # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code + # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -7477,6 +7884,7 @@ The /proc-filesystem had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code + CONFIG_PROC_FS=y \end_layout @@ -7485,10 +7893,12 @@ The /proc-filesystem was mounted before, which can be tested using \end_layout \begin_layout Code + # mount | grep "type proc" \end_layout \begin_layout Code + none on /proc type proc (rw) \end_layout @@ -7519,10 +7929,12 @@ cat \end_layout \begin_layout Code + # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code + 0 \end_layout @@ -7543,6 +7955,7 @@ echo \end_layout \begin_layout Code + # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -7598,6 +8011,7 @@ The sysctl-interface had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code + CONFIG_SYSCTL=y \end_layout @@ -7610,10 +8024,12 @@ The value of an entry can be retrieved now: \end_layout \begin_layout Code + # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code + net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7626,10 +8042,12 @@ A new value can be set (if entry is writable): \end_layout \begin_layout Code + # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code + net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7647,10 +8065,12 @@ Note: Don't use spaces around the \end_layout \begin_layout Code + # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code + net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -8118,10 +8538,12 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code + ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code + ¬ seq=426, pid=0 \end_layout @@ -8593,22 +9015,27 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code + # cat /proc/net/if_inet6 \end_layout \begin_layout Code + 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code + +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code + | | | | | | \end_layout \begin_layout Code + 1 2 3 4 5 6 \end_layout @@ -8699,22 +9126,27 @@ net/ipv6/route.c \end_layout \begin_layout Code + # cat /proc/net/ipv6_route \end_layout \begin_layout Code + 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code + +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code + | | | | \end_layout \begin_layout Code + 1 2 3 4 \end_layout @@ -8723,18 +9155,22 @@ net/ipv6/route.c \end_layout \begin_layout Code + ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code + ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code + ¬ | | | | | | \end_layout \begin_layout Code + ¬ 5 6 7 8 9 10 \end_layout @@ -8794,22 +9230,27 @@ Statistics about used IPv6 sockets. \end_layout \begin_layout Code + # cat /proc/net/sockstat6 \end_layout \begin_layout Code + TCP6: inuse 7 \end_layout \begin_layout Code + UDP6: inuse 2 \end_layout \begin_layout Code + RAW6: inuse 1 \end_layout \begin_layout Code + FRAG6: inuse 0 memory 0 \end_layout @@ -9019,14 +9460,17 @@ A host in DNS returning more than one IPv6 address, e.g. \end_layout \begin_layout Code + $ dig +short aaaa st1.bieringer.de \end_layout \begin_layout Code + 2001:4dd0:ff00:834::2 \end_layout \begin_layout Code + 2a01:238:423d:8800:85b3:9e6b:3019:8909 \end_layout @@ -9039,30 +9483,37 @@ Lookup via DNS (/etc/hosts won't work) \end_layout \begin_layout Code + precedence ::1/128 50 # default \end_layout \begin_layout Code + precedence ::/0 40 # default \end_layout \begin_layout Code + precedence 2002::/16 30 # default \end_layout \begin_layout Code + precedence ::/96 20 # default \end_layout \begin_layout Code + precedence ::ffff:0:0/96 10 # default \end_layout \begin_layout Code + precedence 2001:4dd0:ff00:834::/64 80 # dst-A \end_layout \begin_layout Code + precedence 2a01:238:423d:8800::/64 90 # dst-B \end_layout @@ -9072,24 +9523,29 @@ For tests use e.g. \end_layout \begin_layout Code + $ telnet st1.bieringer.de \end_layout \begin_layout Code + Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code + ... \end_layout @@ -9098,10 +9554,12 @@ If precedence is changed in configuration \end_layout \begin_layout Code + precedence 2001:4dd0:ff00:834::/64 90 # dst-A ex 80 \end_layout \begin_layout Code + precedence 2a01:238:423d:8800::/64 80 # dst-B ex 90 \end_layout @@ -9110,24 +9568,29 @@ The order is changed accordingly \end_layout \begin_layout Code + $ telnet st1.bieringer.de \end_layout \begin_layout Code + Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code + ... \end_layout @@ -9188,38 +9651,47 @@ ip addrlabel \end_layout \begin_layout Code + # ip addrlabel \end_layout \begin_layout Code + prefix ::1/128 label 0 \end_layout \begin_layout Code + prefix ::/96 label 3 \end_layout \begin_layout Code + prefix ::ffff:0.0.0.0/96 label 4 \end_layout \begin_layout Code + prefix 2001::/32 label 6 \end_layout \begin_layout Code + prefix 2001:10::/28 label 7 \end_layout \begin_layout Code + prefix 2002::/16 label 2 \end_layout \begin_layout Code + prefix fc00::/7 label 5 \end_layout \begin_layout Code + prefix ::/0 label 1 \end_layout @@ -9229,14 +9701,17 @@ System is multihomed (here on one interface), router provides 2 prefixes \end_layout \begin_layout Code + # ip -6 addr show dev eth1 | grep -w inet6 |grep -w global \end_layout \begin_layout Code + inet6 2001:6f8:12d8:2:5054:ff:fefb:6582/64 scope global dynamic \end_layout \begin_layout Code + inet6 2001:6f8:900:8cbc:5054:ff:fefb:6582/64 scope global dynamic \end_layout @@ -9245,24 +9720,29 @@ Connect now to server (shown above) \end_layout \begin_layout Code + $ telnet st1.bieringer.de \end_layout \begin_layout Code + Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code + ... \end_layout @@ -9279,11 +9759,13 @@ tcp and dst port 23 \end_layout \begin_layout Code + IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37762 > 2001:4dd0:ff00:834::2.telnet: (src-A -> dst-A) \end_layout \begin_layout Code + IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.45754 > 2a01:238:423d:8800:85b3:9e6b:3019:8 909.telnet: (src-A -> dst-B) \end_layout @@ -9301,18 +9783,22 @@ ip addrlabel \end_layout \begin_layout Code + # ip addrlabel add prefix 2001:6f8:12d8:2::/64 label 200 \end_layout \begin_layout Code + # ip addrlabel add prefix 2001:6f8:900:8cbc::/64 label 300 \end_layout \begin_layout Code + # ip addrlabel add prefix 2001:4dd0:ff00:834::/64 label 200 \end_layout \begin_layout Code + # ip addrlabel add prefix 2a01:238:423d:8800::/64 label 300 \end_layout @@ -9329,54 +9815,67 @@ ip addrlabel \end_layout \begin_layout Code + # ip addrlabel \end_layout \begin_layout Code + prefix ::1/128 label 0 \end_layout \begin_layout Code + prefix ::/96 label 3 \end_layout \begin_layout Code + prefix ::ffff:0.0.0.0/96 label 4 \end_layout \begin_layout Code + prefix 2a01:238:423d:8800::/64 label 300 # dst-B \end_layout \begin_layout Code + prefix 2001:4dd0:ff00:834::/64 label 200 # dst-A \end_layout \begin_layout Code + prefix 2001:6f8:900:8cbc::/64 label 300 # src-B \end_layout \begin_layout Code + prefix 2001:6f8:12d8:2::/64 label 200 # src-A \end_layout \begin_layout Code + prefix 2001::/32 label 6 \end_layout \begin_layout Code + prefix 2001:10::/28 label 7 \end_layout \begin_layout Code + prefix 2002::/16 label 2 \end_layout \begin_layout Code + prefix fc00::/7 label 5 \end_layout \begin_layout Code + prefix ::/0 label 1 \end_layout @@ -9385,24 +9884,29 @@ Connect now to server again \end_layout \begin_layout Code + $ telnet st1.bieringer.de \end_layout \begin_layout Code + Trying 2001:4dd0:ff00:834::2... (dst-A) \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B) \end_layout \begin_layout Code + ... \end_layout @@ -9420,11 +9924,13 @@ tcp and dst port 23 \end_layout \begin_layout Code + IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37765 > 2001:4dd0:ff00:834::2.telnet: (src-A -> dst-A) \end_layout \begin_layout Code + IP6 2001:6f8:900:8cbc:5054:ff:fefb:6582.39632 > 2a01:238:423d:8800:85b3:9e6b:3019 :8909.telnet: (src-B -> dst-B) \end_layout @@ -9507,307 +10013,375 @@ Example: \end_layout \begin_layout Code + # netstat -nlptu \end_layout \begin_layout Code + Active Internet connections (only servers) \end_layout \begin_layout Code + Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code + ¬ PID/Program name \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1258/rpc.statd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1502/rpc.mountd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 22433/lpd Waiting \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1746/smbd \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 1230/portmap \end_layout \begin_layout Code + tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 3551/X \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 18735/junkbuster \end_layout \begin_layout Code + tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code + ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code + ¬ 1410/sshd \end_layout \begin_layout Code + tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code + ¬ 13237/sshd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1258/rpc.statd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code + ¬ - \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1502/rpc.mountd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code + ¬ - \end_layout \begin_layout Code + udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1751/nmbd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code + ¬ 30734/named \end_layout \begin_layout Code + udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1530/dhcpd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1530/dhcpd \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code + ¬ 18822/(squid) \end_layout \begin_layout Code + udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code + ¬ 1230/portmap \end_layout \begin_layout Code + udp 0 0 :::53 :::* \end_layout \begin_layout Code + ¬ 30734/named \end_layout @@ -9839,26 +10413,32 @@ Router advertisement \end_layout \begin_layout Code + 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code + ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code + ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code + ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code + ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code + ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -9911,10 +10491,12 @@ Router solicitation \end_layout \begin_layout Code + 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code + ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -9982,10 +10564,12 @@ fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code + 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -10002,15 +10586,18 @@ Node wants to configure its global address \end_layout \begin_layout Code + 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code + ¬ hlim 255) \end_layout @@ -10027,15 +10614,18 @@ Node wants to configure its global address \end_layout \begin_layout Code + 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code + ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code + ¬ 255) \end_layout @@ -10056,15 +10646,18 @@ Node wants to send packages to \end_layout \begin_layout Code + 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code + ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code + ¬ hlim 255) \end_layout @@ -10081,10 +10674,12 @@ fe80::10 \end_layout \begin_layout Code + 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code + ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -10206,6 +10801,7 @@ You can test, whether your Linux distribution contain support for persistent \end_layout \begin_layout Code + /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -10214,11 +10810,13 @@ Auto-magically test: \end_layout \begin_layout Code + # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code + ¬ IPv6 script library exists" \end_layout @@ -10228,14 +10826,17 @@ The version of the library is important if you miss some features. \end_layout \begin_layout Code + # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code + ¬ getversion_ipv6_functions \end_layout \begin_layout Code + 20011124 \end_layout @@ -10274,10 +10875,12 @@ Check whether running system has already IPv6 module loaded \end_layout \begin_layout Code + # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code + alias net-pf-10 off \end_layout @@ -10295,6 +10898,7 @@ off \end_layout \begin_layout Code + NETWORKING_IPV6=yes \end_layout @@ -10303,6 +10907,7 @@ Reboot or restart networking using \end_layout \begin_layout Code + # service network restart \end_layout @@ -10311,10 +10916,12 @@ Now IPv6 module should be loaded \end_layout \begin_layout Code + # modprobe -c | grep ipv6 \end_layout \begin_layout Code + alias net-pf-10 ipv6 \end_layout @@ -10374,6 +10981,7 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code + IP6ADDR="/" \end_layout @@ -10399,6 +11007,7 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code + IPADDR="/" \end_layout @@ -10439,44 +11048,54 @@ Configure your interface. \end_layout \begin_layout Code + iface eth0 inet6 static \end_layout \begin_layout Code + pre-up modprobe ipv6 \end_layout \begin_layout Code + address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code + # To suppress completely autoconfiguration: \end_layout \begin_layout Code + # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code + netmask 64 \end_layout \begin_layout Code + # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code + # It is magically \end_layout \begin_layout Code + # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code + #gateway 2001:0db8:1234:5::1 \end_layout @@ -10485,6 +11104,7 @@ And you reboot or you just \end_layout \begin_layout Code + # ifup --force eth0 \end_layout @@ -10555,18 +11175,22 @@ Example: \end_layout \begin_layout Code + # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code + 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code + inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code + valid_lft forever preferred_lft forever \end_layout @@ -11077,6 +11701,7 @@ Change to source directory: \end_layout \begin_layout Code + # cd /path/to/src \end_layout @@ -11085,10 +11710,12 @@ Unpack and rename kernel sources \end_layout \begin_layout Code + # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code + # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -11097,6 +11724,7 @@ Unpack iptables sources \end_layout \begin_layout Code + # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -11109,6 +11737,7 @@ Change to iptables directory \end_layout \begin_layout Code + # cd iptables-version \end_layout @@ -11117,6 +11746,7 @@ Apply pending patches \end_layout \begin_layout Code + # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11127,6 +11757,7 @@ Apply additional IPv6 related patches (still not in the vanilla kernel included) \end_layout \begin_layout Code + # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -11165,10 +11796,12 @@ Check IPv6 extensions \end_layout \begin_layout Code + # make print-extensions \end_layout \begin_layout Code + Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -11181,6 +11814,7 @@ Change to kernel sources \end_layout \begin_layout Code + # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -11189,10 +11823,12 @@ Edit Makefile \end_layout \begin_layout Code + - EXTRAVERSION = \end_layout \begin_layout Code + + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -11201,80 +11837,99 @@ Run configure, enable IPv6 related \end_layout \begin_layout Code + Code maturity level options \end_layout \begin_layout Code + Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code + Networking options \end_layout \begin_layout Code + Network packet filtering: yes \end_layout \begin_layout Code + The IPv6 protocol: module \end_layout \begin_layout Code + IPv6: Netfilter Configuration \end_layout \begin_layout Code + IP6 tables support: module \end_layout \begin_layout Code + All new options like following: \end_layout \begin_layout Code + limit match support: module \end_layout \begin_layout Code + MAC address match support: module \end_layout \begin_layout Code + Multiple port match support: module \end_layout \begin_layout Code + Owner match support: module \end_layout \begin_layout Code + netfilter MARK match support: module \end_layout \begin_layout Code + Aggregated address check: module \end_layout \begin_layout Code + Packet filtering: module \end_layout \begin_layout Code + REJECT target support: module \end_layout \begin_layout Code + LOG target support: module \end_layout \begin_layout Code + Packet mangling: module \end_layout \begin_layout Code + MARK target support: module \end_layout @@ -11301,6 +11956,7 @@ Rename older directory \end_layout \begin_layout Code + # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -11309,6 +11965,7 @@ Create a new softlink \end_layout \begin_layout Code + # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -11317,6 +11974,7 @@ Rebuild SRPMS \end_layout \begin_layout Code + # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -11330,6 +11988,7 @@ On RH 7.1 systems, normally, already an older version is installed, therefore \end_layout \begin_layout Code + # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11338,6 +11997,7 @@ If not already installed, use "install" \end_layout \begin_layout Code + # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11348,6 +12008,7 @@ ts don't fit. \end_layout \begin_layout Code + # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11357,6 +12018,7 @@ Perhaps it's necessary to create a softlink for iptables libraries where \end_layout \begin_layout Code + # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -11373,6 +12035,7 @@ Load module, if so compiled \end_layout \begin_layout Code + # modprobe ip6_tables \end_layout @@ -11381,10 +12044,12 @@ Check for capability \end_layout \begin_layout Code + # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code + ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -11401,6 +12066,7 @@ Short \end_layout \begin_layout Code + # ip6tables -L \end_layout @@ -11409,6 +12075,7 @@ Extended \end_layout \begin_layout Code + # ip6tables -n -v --line-numbers -L \end_layout @@ -11417,6 +12084,7 @@ List specified filter \end_layout \begin_layout Code + # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -11425,10 +12093,12 @@ Insert a log rule at the input filter with options \end_layout \begin_layout Code + # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code + ¬ --log-level 7 \end_layout @@ -11437,6 +12107,7 @@ Insert a drop rule at the input filter \end_layout \begin_layout Code + # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -11445,6 +12116,7 @@ Delete a rule by number \end_layout \begin_layout Code + # ip6tables --table filter --delete INPUT 1 \end_layout @@ -11458,6 +12130,7 @@ Since kernel version 2.6.20 IPv6 connection tracking is well supported and \end_layout \begin_layout Code + # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -11475,6 +12148,7 @@ Accept incoming ICMPv6 through tunnels \end_layout \begin_layout Code + # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11483,6 +12157,7 @@ Allow outgoing ICMPv6 through tunnels \end_layout \begin_layout Code + # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11491,6 +12166,7 @@ Newer kernels allow specifying of ICMPv6 types: \end_layout \begin_layout Code + # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -11508,10 +12184,12 @@ Because it can happen (author already saw it to times) that an ICMPv6 storm \end_layout \begin_layout Code + # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code + ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -11529,10 +12207,12 @@ Allow incoming SSH from 2001:0db8:100::1/128 \end_layout \begin_layout Code + # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code + ¬ --dport 22 -j ACCEPT \end_layout @@ -11545,10 +12225,12 @@ no longer needed if connection tracking is used! \end_layout \begin_layout Code + # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code + ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -11570,6 +12252,7 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 \end_layout \begin_layout Code + # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11578,6 +12261,7 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 \end_layout \begin_layout Code + # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11591,6 +12275,7 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 from tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code + # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -11599,6 +12284,7 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 to tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code + # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -11621,6 +12307,7 @@ Block incoming TCP connection requests to this host \end_layout \begin_layout Code + # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -11629,6 +12316,7 @@ Block incoming TCP connection requests to hosts behind this router \end_layout \begin_layout Code + # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -11661,6 +12349,7 @@ Block incoming UDP packets which cannot be responses of outgoing requests \end_layout \begin_layout Code + # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11670,6 +12359,7 @@ Block incoming UDP packets which cannot be responses of forwarded requests \end_layout \begin_layout Code + # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11697,6 +12387,7 @@ tracking \end_layout \begin_layout Code + File: /etc/sysconfig/ip6tables \end_layout @@ -11705,70 +12396,87 @@ File: /etc/sysconfig/ip6tables \end_layout \begin_layout Code + *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code + :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code + :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code + :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code + -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code + COMMIT \end_layout @@ -11777,6 +12485,7 @@ For completeness also the IPv4 configuration is shown here: \end_layout \begin_layout Code + File: /etc/sysconfig/iptables \end_layout @@ -11785,71 +12494,88 @@ File: /etc/sysconfig/iptables \end_layout \begin_layout Code + *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code + :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code + :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code + :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code + -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code + -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code + COMMIT \end_layout @@ -11866,10 +12592,12 @@ Activate IPv4 & IPv6 firewalling \end_layout \begin_layout Code + # service iptables start \end_layout \begin_layout Code + # service ip6tables start \end_layout @@ -11878,10 +12606,12 @@ Enable automatic start after reboot \end_layout \begin_layout Code + # chkconfig iptables on \end_layout \begin_layout Code + # chkconfig ip6tables on \end_layout @@ -11900,472 +12630,578 @@ but still stateless filter \end_layout \begin_layout Code + # ip6tables -n -v -L \end_layout \begin_layout Code + Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code + 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code + 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code + 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code + 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain ext2int (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code + 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain extIN (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain extOUT (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code + ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code + ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain int2ext (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code + 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain intIN (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code + ¬ fe80::/ffc0:: \end_layout \begin_layout Code + 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code + \end_layout \begin_layout Code + Chain intOUT (1 references) \end_layout \begin_layout Code + pkts bytes target prot opt in out source destination \end_layout \begin_layout Code + ¬ \end_layout \begin_layout Code + 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code + ¬ fe80::/ffc0:: \end_layout \begin_layout Code + 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code + 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code + ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code + 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -12395,6 +13231,7 @@ Like in IPv4 clients behind a router can be hided by using IPv6 masquerading \end_layout \begin_layout Code + # ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE \end_layout @@ -12408,6 +13245,7 @@ A dedicated public IPv6 address can be forwarded to an internal IPv6 address, \end_layout \begin_layout Code + # ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout @@ -12421,6 +13259,7 @@ A dedicated specified port can be forwarded to an internal system, e.g. \end_layout \begin_layout Code + # ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti nation [fec0::1234]:80 \end_layout @@ -12465,10 +13304,12 @@ Take care if rules are contained in more than one table, because the tables \end_layout \begin_layout Code + IPv4-Packet --> table "ip" --> table "inet" --> further checks \end_layout \begin_layout Code + IPv6-Packet --> table "ip6" --> table "inet" --> further checks \end_layout @@ -12511,18 +13352,22 @@ Load kernel modules: \end_layout \begin_layout Code + # modprobe nf_tables \end_layout \begin_layout Code + # modprobe nf_tables_ipv4 \end_layout \begin_layout Code + # modprobe nf_tables_ipv6 \end_layout \begin_layout Code + # modprobe nf_tables_inet \end_layout @@ -12531,10 +13376,12 @@ Flush iptables and ip6tables to avoid interferences: \end_layout \begin_layout Code + # iptables -F \end_layout \begin_layout Code + # ip6tables -F \end_layout @@ -12543,6 +13390,7 @@ Create filter table: \end_layout \begin_layout Code + # nft add table inet filter \end_layout @@ -12551,6 +13399,7 @@ Create input chain: \end_layout \begin_layout Code + # nft add chain inet filter input { type filter hook input priority 0 \backslash ; } @@ -12577,6 +13426,7 @@ Allow packets which are related to existing connection tracking entries \end_layout \begin_layout Code + # nft add rule inet filter input ct state established,related counter accept \end_layout @@ -12585,11 +13435,13 @@ Allow IPv4 and IPv6 ICMP echo-request (aka ping) \end_layout \begin_layout Code + # nft add rule inet filter input meta nfproto ipv4 icmp type { echo-request } counter accept \end_layout \begin_layout Code + # nft add rule inet filter input meta nfproto ipv6 icmpv6 type echo-request counter accept \end_layout @@ -12600,19 +13452,23 @@ Allow some important IPv6 ICMP traffic, without counter, but checking hop-limit \end_layout \begin_layout Code + # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code + ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 1 accept \end_layout \begin_layout Code + # nft add rule inet filter input meta nfproto ipv6 \end_layout \begin_layout Code + ¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} ip6 hoplimit 255 counter accept \end_layout @@ -12622,6 +13478,7 @@ Allow incoming SSH for IPv4 and IPv6 \end_layout \begin_layout Code + # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -12638,14 +13495,17 @@ Reject/drop others \end_layout \begin_layout Code + # nft add rule inet filter input tcp dport 0-65535 reject \end_layout \begin_layout Code + # nft add rule inet filter input udp dport 0-65535 counter drop \end_layout \begin_layout Code + # nft add rule inet filter input counter drop \end_layout @@ -12658,63 +13518,77 @@ Table for IP version aware filter \end_layout \begin_layout Code + table inet filter { \end_layout \begin_layout Code + chain input { \end_layout \begin_layout Code + type filter hook input priority 0; \end_layout \begin_layout Code + ct state established,related counter packets 0 bytes 0 accept \end_layout \begin_layout Code + ip protocol icmp icmp type { echo-request} counter packets 0 bytes 0 accept \end_layout \begin_layout Code + ip6 nexthdr ipv6-icmp icmpv6 type echo-request counter packets 0 bytes 0 accept \end_layout \begin_layout Code + ip6 nexthdr ipv6-icmp ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code + ip6 nexthdr ipv6-icmp ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept \end_layout \begin_layout Code + tcp dport ssh ct state new tcp flags & (syn | ack) == syn counter packets 0 bytes 0 accept \end_layout \begin_layout Code + tcp dport >= 0 tcp dport <= 65535 counter packets 0 bytes 0 reject \end_layout \begin_layout Code + udp dport >= 0 udp dport <= 65535 counter packets 0 bytes 0 drop \end_layout \begin_layout Code + log prefix counter packets 0 bytes 0 drop \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -12727,6 +13601,7 @@ To enable logging, an additonal kernel module must be loaded \end_layout \begin_layout Code + # modprobe xt_LOG \end_layout @@ -12751,6 +13626,7 @@ Fir initial test with logging it can be useful to disable kernel console \end_layout \begin_layout Code + #*.emerg :omusrmsg:* \end_layout @@ -12759,6 +13635,7 @@ Rule from above accepting SSH on port 22, but now with logging: \end_layout \begin_layout Code + # nft add rule inet filter input tcp dport 22 ct state new tcp flags \backslash & @@ -12826,114 +13703,141 @@ mark xxxx \end_layout \begin_layout Code + # for table in ip ip6 inet; do nft list table $table filter; done \end_layout \begin_layout Code + table ip filter { \end_layout \begin_layout Code + chain input { \end_layout \begin_layout Code + type filter hook input priority 0; \end_layout \begin_layout Code + ct state established,related counter packets 241 bytes 25193 accept \end_layout \begin_layout Code + counter packets 2 bytes 120 mark 0x00000100 accept \end_layout \begin_layout Code + icmp type { echo-request} counter packets 0 bytes 0 meta mark set 0x00000100 accept \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout \begin_layout Code + table ip6 filter { \end_layout \begin_layout Code + chain input { \end_layout \begin_layout Code + type filter hook input priority 0; \end_layout \begin_layout Code + ct state established,related counter packets 14 bytes 4077 accept \end_layout \begin_layout Code + counter packets 4 bytes 408 mark 0x00000100 accept \end_layout \begin_layout Code + icmpv6 type echo-request counter packets 1 bytes 104 meta mark set 0x00000100 \end_layout \begin_layout Code + icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} counter packets 2 bytes 224 meta mark set 0x00000100 accept \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout \begin_layout Code + table inet filter { \end_layout \begin_layout Code + chain input { \end_layout \begin_layout Code + type filter hook input priority 0; \end_layout \begin_layout Code + ct state established,related counter packets 307 bytes 31974 accept \end_layout \begin_layout Code + counter packets 6 bytes 528 mark 0x00000100 accept \end_layout \begin_layout Code + tcp dport ssh ct state new tcp flags & (syn | ack) == syn log prefix "inet/input/accept: " meta mark set 0x00000100 counter packets 3 bytes 200 accept \end_layout \begin_layout Code + log prefix "inet/input/reject: " counter packets 0 bytes 0 reject \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -13041,10 +13945,12 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code + # nc6 ::1 daytime \end_layout \begin_layout Code + 13 JUL 2002 11:22:22 CEST \end_layout @@ -13066,43 +13972,53 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code + # nmap -6 -sT ::1 \end_layout \begin_layout Code + Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code + Interesting ports on localhost6 (::1): \end_layout \begin_layout Code + (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code + Port State Service \end_layout \begin_layout Code + 22/tcp open ssh \end_layout \begin_layout Code + 53/tcp open domain \end_layout \begin_layout Code + 515/tcp open printer \end_layout \begin_layout Code + 2401/tcp open cvspserver \end_layout \begin_layout Code + Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -13125,26 +14041,32 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code + # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code + ::1 2401 unassigned unknown \end_layout \begin_layout Code + ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code + ::1 515 printer spooler (lpd) \end_layout \begin_layout Code + ::1 6010 unassigned unknown \end_layout \begin_layout Code + ::1 53 domain Domain Name Server \end_layout @@ -13439,22 +14361,27 @@ Example for an end-to-end encrypted connection in transport mode \end_layout \begin_layout Code + #!/sbin/setkey -f \end_layout \begin_layout Code + flush; \end_layout \begin_layout Code + spdflush; \end_layout \begin_layout Code + spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code + spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -13467,30 +14394,37 @@ Example for a end-to-end encrypted connection in tunnel mode \end_layout \begin_layout Code + #!/sbin/setkey -f \end_layout \begin_layout Code + flush; \end_layout \begin_layout Code + spdflush; \end_layout \begin_layout Code + spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code + ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code + spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code + ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -13552,18 +14486,22 @@ File: /etc/racoon/racoon.conf \end_layout \begin_layout Code + # Racoon IKE daemon configuration file. \end_layout \begin_layout Code + # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code + path include "/etc/racoon"; \end_layout \begin_layout Code + path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -13572,18 +14510,22 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code + listen \end_layout \begin_layout Code + { \end_layout \begin_layout Code + isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code + } \end_layout @@ -13592,50 +14534,62 @@ listen \end_layout \begin_layout Code + remote 2001:db8:2:2::2 \end_layout \begin_layout Code + { \end_layout \begin_layout Code + exchange_mode main; \end_layout \begin_layout Code + lifetime time 24 hour; \end_layout \begin_layout Code + proposal \end_layout \begin_layout Code + { \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + hash_algorithm md5; \end_layout \begin_layout Code + authentication_method pre_shared_key; \end_layout \begin_layout Code + dh_group 2; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -13644,34 +14598,42 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code + # gateway-to-gateway \end_layout \begin_layout Code + sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code + { \end_layout \begin_layout Code + lifetime time 1 hour; \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + authentication_algorithm hmac_md5; \end_layout \begin_layout Code + compression_algorithm deflate; \end_layout \begin_layout Code + } \end_layout @@ -13680,30 +14642,37 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code + sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code + { \end_layout \begin_layout Code + lifetime time 1 hour; \end_layout \begin_layout Code + encryption_algorithm 3des; \end_layout \begin_layout Code + authentication_algorithm hmac_md5; \end_layout \begin_layout Code + compression_algorithm deflate; \end_layout \begin_layout Code + } \end_layout @@ -13716,10 +14685,12 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code + # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code + # format is: 'identifier' 'key' \end_layout @@ -13728,6 +14699,7 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code + 2001:db8:2:2::2 verysecret \end_layout @@ -13751,84 +14723,104 @@ At least the daemon needs to be started. \end_layout \begin_layout Code + # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code + Foreground mode. \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 \end_layout \begin_layout Code + ¬ (http://ipsec-tools.sourceforge.net) \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code + ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code + 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code + ¬ queued due to no phase1 found. \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code + ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code + 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code + 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code + ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code + 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code + ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code + 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code + ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code + 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code + ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -13846,10 +14838,12 @@ tcpdump \end_layout \begin_layout Code + 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code + 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -13870,94 +14864,117 @@ setkey \end_layout \begin_layout Code + # setkey -D \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code + esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code + E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code + A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code + seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code + diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code + 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code + esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code + E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code + A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code + seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code + diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -14050,18 +15067,22 @@ File: /etc/ipsec.conf \end_layout \begin_layout Code + # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code + # \end_layout \begin_layout Code + # Manual: ipsec.conf.5 \end_layout \begin_layout Code + version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -14070,22 +15091,27 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code + # basic configuration \end_layout \begin_layout Code + config setup \end_layout \begin_layout Code + # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code + # klipsdebug=none \end_layout \begin_layout Code + # plutodebug="control parsing" \end_layout @@ -14094,10 +15120,12 @@ config setup \end_layout \begin_layout Code + #Disable Opportunistic Encryption \end_layout \begin_layout Code + include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -14106,55 +15134,68 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code + conn ipv6-p1-p2 \end_layout \begin_layout Code + connaddrfamily=ipv6 # Important for IPv6, but no longer needed since StrongSwan 4 \end_layout \begin_layout Code + left=2001:db8:1:1::1 \end_layout \begin_layout Code + right=2001:db8:2:2::2 \end_layout \begin_layout Code + authby=secret \end_layout \begin_layout Code + esp=aes128-sha1 \end_layout \begin_layout Code + ike=aes128-sha-modp1024 \end_layout \begin_layout Code + type=transport \end_layout \begin_layout Code + #type=tunnel \end_layout \begin_layout Code + compress=no \end_layout \begin_layout Code + #compress=yes \end_layout \begin_layout Code + auto=add \end_layout \begin_layout Code + #auto=up \end_layout @@ -14171,6 +15212,7 @@ File: /etc/ipsec.secrets \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -14192,6 +15234,7 @@ If installation of Openswan was successfully, an initscript should exist \end_layout \begin_layout Code + # /etc/rc.d/init.d/ipsec start \end_layout @@ -14209,34 +15252,42 @@ IPsec SA established \end_layout \begin_layout Code + # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code + 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code + 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code + 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code + 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code + 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code + 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code + ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -14254,94 +15305,117 @@ setkey \end_layout \begin_layout Code + # setkey -D \end_layout \begin_layout Code + 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code + esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code + E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code + A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code + seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code + diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code + 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code + esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code + E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code + A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code + seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code + created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code + diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code + allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code + sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -14363,10 +15437,12 @@ ip \end_layout \begin_layout Code + # ip xfrm policy \end_layout \begin_layout Code + ... \end_layout @@ -14375,10 +15451,12 @@ ip \end_layout \begin_layout Code + # ip xfrm state \end_layout \begin_layout Code + ... \end_layout @@ -14425,32 +15503,39 @@ Proper working QoS is only possible on the outgoing interface of a router \end_layout \begin_layout Code + -------------->------- \end_layout \begin_layout Code + Queue 1 \backslash \end_layout \begin_layout Code + --->--- ---->--------->--------->--------------- \end_layout \begin_layout Code + Big pipe Queue 2 Queue 1 / Queue 2 / Queue 3 Thin Pipe \end_layout \begin_layout Code + --->---- ---->--------->--------->--------------- \end_layout \begin_layout Code + Queue 3 / \end_layout \begin_layout Code + -------------->------- \end_layout @@ -14519,6 +15604,7 @@ Define root qdisc with a bandwidth of 1000 MBit/s on eth1 \end_layout \begin_layout Code + # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -14531,6 +15617,7 @@ Define a class 1:1 with 1 MBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -14540,6 +15627,7 @@ Define a class 1:2 with 50 MBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -14549,6 +15637,7 @@ Define a class 1:3 with 10 MBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -14558,6 +15647,7 @@ Define a class 1:4 with 200 kBit/s \end_layout \begin_layout Code + # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -14583,6 +15673,7 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -14600,6 +15691,7 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -14613,6 +15705,7 @@ match ip6 flowlabel 12345 0x3ffff \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -14626,6 +15719,7 @@ handle 32 fw \end_layout \begin_layout Code + # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -14635,6 +15729,7 @@ The last filter definition requires an entry in the ip6tables to mark a \end_layout \begin_layout Code + # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -14648,14 +15743,17 @@ Start on server side each one one separate console: \end_layout \begin_layout Code + # iperf -V -s -p 5001 \end_layout \begin_layout Code + # iperf -V -s -p 5002 \end_layout \begin_layout Code + # iperf -V -s -p 5003 \end_layout @@ -14664,29 +15762,35 @@ Start on client side and compare results: \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv4 -p 5001 (expected: 1 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv6 -p 5001 (expected: 50 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv4 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv6 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv4 -p 5003 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code + # iperf -V -c SERVER-IPv6 -p 5003 (expected: 200 kBit/s) \end_layout @@ -14762,18 +15866,22 @@ To enable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # sure other options here, too \end_layout \begin_layout Code + listen-on-v6 { any; }; \end_layout \begin_layout Code + }; \end_layout @@ -14782,48 +15890,59 @@ This should result after restart in e.g. \end_layout \begin_layout Code + # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code + tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code + ¬ # incoming TCP requests \end_layout \begin_layout Code + udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code + udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code + udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code + ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code + udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code + ¬ # incoming UDP request to any IPv6 \end_layout @@ -14832,6 +15951,7 @@ And a simple test looks like \end_layout \begin_layout Code + # dig localhost @::1 \end_layout @@ -14848,18 +15968,22 @@ To disable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # sure other options here, too \end_layout \begin_layout Code + listen-on-v6 { none; }; \end_layout \begin_layout Code + }; \end_layout @@ -14873,54 +15997,67 @@ IPv6 enabled ACLs are possible and should be used whenever it's possible. \end_layout \begin_layout Code + acl internal-net { \end_layout \begin_layout Code + 127.0.0.1; \end_layout \begin_layout Code + 1.2.3.0/24; \end_layout \begin_layout Code + 2001:0db8:100::/56; \end_layout \begin_layout Code + ::1/128; \end_layout \begin_layout Code + ::ffff:1.2.3.4/128; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + acl ns-internal-net { \end_layout \begin_layout Code + 1.2.3.4; \end_layout \begin_layout Code + 1.2.3.5; \end_layout \begin_layout Code + 2001:0db8:100::4/128; \end_layout \begin_layout Code + 2001:0db8:100::5/128; \end_layout \begin_layout Code + }; \end_layout @@ -14932,26 +16069,32 @@ This ACLs can be used e.g. \end_layout \begin_layout Code + options { \end_layout \begin_layout Code + # sure other options here, too \end_layout \begin_layout Code + listen-on-v6 { none; }; \end_layout \begin_layout Code + allow-query { internal-net; }; \end_layout \begin_layout Code + allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code + }; \end_layout @@ -14976,6 +16119,7 @@ This option is not required, but perhaps needed: \end_layout \begin_layout Code + query-source-v6 address port ; \end_layout @@ -14996,6 +16140,7 @@ Transfer source address is used for outgoing zone transfers: \end_layout \begin_layout Code + transfer-source-v6 [port port]; \end_layout @@ -15008,6 +16153,7 @@ Notify source address is used for outgoing notify messages: \end_layout \begin_layout Code + notify-source-v6 [port port]; \end_layout @@ -15160,22 +16306,27 @@ Specifying a dedicated server for the query, an IPv6 connect can be forced: \end_layout \begin_layout Code + $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Using domain server: \end_layout \begin_layout Code + Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code + Aliases: \end_layout @@ -15184,6 +16335,7 @@ Aliases: \end_layout \begin_layout Code + Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -15193,14 +16345,17 @@ Related log entry looks like following: \end_layout \begin_layout Code + Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code + ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code + query denied \end_layout @@ -15218,22 +16373,27 @@ A successful IPv6 connect looks like following: \end_layout \begin_layout Code + $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Using domain server: \end_layout \begin_layout Code + Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code + Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code + Aliases: \end_layout @@ -15242,12 +16402,14 @@ Aliases: \end_layout \begin_layout Code + www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code + 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -15291,42 +16453,52 @@ If you enable a built-in service like e.g. \end_layout \begin_layout Code + # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code + --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code + +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code + @@ -10,5 +10,5 @@ \end_layout \begin_layout Code + protocol = tcp \end_layout \begin_layout Code + user = root \end_layout \begin_layout Code + wait = no \end_layout \begin_layout Code + - disable = yes \end_layout \begin_layout Code + + disable = no \end_layout \begin_layout Code + } \end_layout @@ -15335,22 +16507,27 @@ After restarting the xinetd you should get a positive result like: \end_layout \begin_layout Code + # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code + tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code + tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code + ¬ daytime/tcp \end_layout \begin_layout Code + tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -15405,22 +16582,27 @@ Virtual host listen on an IPv6 address only \end_layout \begin_layout Code + Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code + \end_layout \begin_layout Code + ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code + # ...sure more config lines \end_layout \begin_layout Code + \end_layout @@ -15429,26 +16611,32 @@ Virtual host listen on an IPv6 and on an IPv4 address \end_layout \begin_layout Code + Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code + Listen 1.2.3.4:80 \end_layout \begin_layout Code + \end_layout \begin_layout Code + ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code + # ...sure more config lines \end_layout \begin_layout Code + \end_layout @@ -15457,20 +16645,24 @@ This should result after restart in e.g. \end_layout \begin_layout Code + # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code + tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code + tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code + tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -15570,42 +16762,52 @@ Radvd's config file is normally /etc/radvd.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + AdvSendAdvert on; \end_layout \begin_layout Code + MinRtrAdvInterval 3; \end_layout \begin_layout Code + MaxRtrAdvInterval 10; \end_layout \begin_layout Code + prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code + AdvOnLink on; \end_layout \begin_layout Code + AdvAutonomous on; \end_layout \begin_layout Code + AdvRouterAddr on; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -15614,23 +16816,28 @@ This results on client side in \end_layout \begin_layout Code + # ip -6 addr show eth0 \end_layout \begin_layout Code + 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code + inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code + valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code + inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -15653,54 +16860,67 @@ Version since 0.6.2pl3 support the automatic (re)-generation of the prefix \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + AdvSendAdvert on; \end_layout \begin_layout Code + MinRtrAdvInterval 3; \end_layout \begin_layout Code + MaxRtrAdvInterval 10; \end_layout \begin_layout Code + prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code + AdvOnLink off; \end_layout \begin_layout Code + AdvAutonomous on; \end_layout \begin_layout Code + AdvRouterAddr on; \end_layout \begin_layout Code + Base6to4Interface ppp0; \end_layout \begin_layout Code + AdvPreferredLifetime 20; \end_layout \begin_layout Code + AdvValidLifetime 30; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -15710,23 +16930,28 @@ This results on client side in (assuming, ppp0 has currently 1.2.3.4 as local \end_layout \begin_layout Code + # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code + 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code + inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code + valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code + inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -15743,6 +16968,7 @@ Additional note: if you do not used special 6to4 support in initscripts, \end_layout \begin_layout Code + # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -15769,86 +16995,107 @@ radvdump \end_layout \begin_layout Code + # radvdump \end_layout \begin_layout Code + Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code + AdvCurHopLimit: 64 \end_layout \begin_layout Code + AdvManagedFlag: off \end_layout \begin_layout Code + AdvOtherConfigFlag: off \end_layout \begin_layout Code + AdvHomeAgentFlag: off \end_layout \begin_layout Code + AdvReachableTime: 0 \end_layout \begin_layout Code + AdvRetransTimer: 0 \end_layout \begin_layout Code + Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code + AdvValidLifetime: 30 \end_layout \begin_layout Code + AdvPreferredLifetime: 20 \end_layout \begin_layout Code + AdvOnLink: off \end_layout \begin_layout Code + AdvAutonomous: on \end_layout \begin_layout Code + AdvRouterAddr: on \end_layout \begin_layout Code + Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code + AdvValidLifetime: 2592000 \end_layout \begin_layout Code + AdvPreferredLifetime: 604800 \end_layout \begin_layout Code + AdvOnLink: on \end_layout \begin_layout Code + AdvAutonomous: on \end_layout \begin_layout Code + AdvRouterAddr: on \end_layout \begin_layout Code + AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -15900,54 +17147,67 @@ dhcp6s's config file is normally /etc/dhcp6s.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + server-preference 255; \end_layout \begin_layout Code + renew-time 60; \end_layout \begin_layout Code + rebind-time 90; \end_layout \begin_layout Code + prefer-life-time 130; \end_layout \begin_layout Code + valid-life-time 200; \end_layout \begin_layout Code + allow rapid-commit; \end_layout \begin_layout Code + option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code + link AAA { \end_layout \begin_layout Code + range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code + prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code + }; \end_layout \begin_layout Code + }; \end_layout @@ -15965,18 +17225,22 @@ dhcp6c's config file is normally /etc/dhcp6c.conf. \end_layout \begin_layout Code + interface eth0 { \end_layout \begin_layout Code + send rapid-commit; \end_layout \begin_layout Code + request domain-name-servers; \end_layout \begin_layout Code + }; \end_layout @@ -15993,6 +17257,7 @@ Start server, e.g. \end_layout \begin_layout Code + # service dhcp6s start \end_layout @@ -16005,6 +17270,7 @@ Start client in foreground, e.g. \end_layout \begin_layout Code + # dhcp6c -f eth0 \end_layout @@ -16022,6 +17288,7 @@ The server has one foreground and two debug toggles (both should be used \end_layout \begin_layout Code + # dhcp6s -d -D -f eth0 \end_layout @@ -16035,6 +17302,7 @@ As general debugging for test whether the IPv6 DHCP server is reable on \end_layout \begin_layout Code + # ping6 -I eth0 ff02::1:2 \end_layout @@ -16043,51 +17311,63 @@ The client has one foreground and two debug toggles, here is an example: \end_layout \begin_layout Code + # dhcp6c -d -f eth0 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code + Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code + Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code + Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code + Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not \end_layout \begin_layout Code + ¬ in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code + Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -16138,26 +17418,32 @@ Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 \end_layout \begin_layout Code + default-lease-time 600; \end_layout \begin_layout Code + max-lease-time 7200; \end_layout \begin_layout Code + log-facility local7; \end_layout \begin_layout Code + subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Range for clients \end_layout \begin_layout Code + range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout @@ -16166,10 +17452,12 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Range for clients requesting a temporary address \end_layout \begin_layout Code + range6 2001:db8:0:1::/64 temporary; \end_layout @@ -16178,14 +17466,17 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Additional options \end_layout \begin_layout Code + option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code + option dhcp6.domain-search "domain.example"; \end_layout @@ -16194,10 +17485,12 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Prefix range for delegation to sub-routers \end_layout \begin_layout Code + prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout @@ -16206,27 +17499,33 @@ subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code + # Example for a fixed host address \end_layout \begin_layout Code + host specialclient { \end_layout \begin_layout Code + host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code + fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } \end_layout @@ -16262,6 +17561,7 @@ dhcp6c \end_layout \begin_layout Code + # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -16281,46 +17581,56 @@ Start server in foreground: \end_layout \begin_layout Code + # /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth1 \end_layout \begin_layout Code + Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code + Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code + All rights reserved. \end_layout \begin_layout Code + For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code + Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code + Wrote 0 leases to leases file. \end_layout \begin_layout Code + Bound to *:547 \end_layout \begin_layout Code + Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code + Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -16353,55 +17663,68 @@ Create a dedicated configuration file /etc/dibbler/server.conf . \end_layout \begin_layout Code + log-level 8 \end_layout \begin_layout Code + log-mode short \end_layout \begin_layout Code + preference 0 \end_layout \begin_layout Code + iface "eth1" { \end_layout \begin_layout Code + // also ranges can be defines, instead of exact values t1 1800-2000 t2 2700-3000 \end_layout \begin_layout Code + prefered-lifetime 3600 \end_layout \begin_layout Code + valid-lifetime 7200 \end_layout \begin_layout Code + class { \end_layout \begin_layout Code + pool 2001:6f8:12d8:1::/64 \end_layout \begin_layout Code + } \end_layout \begin_layout Code + option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code + option domain domain.example \end_layout \begin_layout Code + } \end_layout @@ -16418,124 +17741,148 @@ Start server in foreground: \end_layout \begin_layout Code + # dibbler-server run \end_layout \begin_layout Code + | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code + | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code + | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code + | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code + 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code + 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code + 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code + 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code + 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code + 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code + 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code + 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code + 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code + 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code + 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code + 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code + 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -16597,6 +17944,7 @@ tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny \end_layout \begin_layout Code + $ man hosts.allow \end_layout @@ -16610,11 +17958,13 @@ In this file, each service which should be positive filtered (means connects \end_layout \begin_layout Code + sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code + daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -16635,6 +17985,7 @@ This file contains all negative filter entries and should normally deny \end_layout \begin_layout Code + ALL: ALL \end_layout @@ -16646,10 +17997,12 @@ If this node is a more sensible one you can replace the standard line above \end_layout \begin_layout Code + ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code + | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -16672,18 +18025,22 @@ A refused connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code + Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code + ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code + Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code + from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -16693,22 +18050,27 @@ A refused connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code + Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code + ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code + Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code + from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code + ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -16722,18 +18084,22 @@ A permitted connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code + Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code + ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code + Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code + from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -16743,18 +18109,22 @@ A permitted connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code + Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code + ¬ port 33381 ssh2 \end_layout \begin_layout Code + Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code + from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -16778,6 +18148,7 @@ Edit the configuration file, ususally /etc/vsftpd/vsftpd.conf, and adjust \end_layout \begin_layout Code + listen_ipv6=yes \end_layout @@ -16805,22 +18176,27 @@ Edit the configuration file, ususally /etc/proftpd.conf, but take care, not \end_layout \begin_layout Code + \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + Bind 2001:0DB8::1 \end_layout \begin_layout Code + ... \end_layout \begin_layout Code + \end_layout @@ -17020,30 +18396,37 @@ struct sockaddr_in \end_layout \begin_layout Code + struct sockaddr_in \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sa_family_t sin_family; \end_layout \begin_layout Code + in_port_t sin_port; \end_layout \begin_layout Code + struct in_addr sin_addr; \end_layout \begin_layout Code + /* Plus some padding for alignment */ \end_layout \begin_layout Code + }; \end_layout @@ -17095,34 +18478,42 @@ struct sockaddr_in6 \end_layout \begin_layout Code + struct sockaddr_in6 \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sa_family_t sin6_family; \end_layout \begin_layout Code + in_port_t sin6_port; \end_layout \begin_layout Code + uint32_t sin6_flowinfo; \end_layout \begin_layout Code + struct in6_addr sin6_addr; \end_layout \begin_layout Code + uint32_t sin6_scope_id; \end_layout \begin_layout Code + }; \end_layout @@ -17236,6 +18627,7 @@ fe80::1%eth1 \end_layout \begin_layout Code + Host A (fe80::1) ---- eth0 ---- Host B ---- eth1 ---- Host C (fe80::1) \end_layout @@ -17344,26 +18736,32 @@ recvfrom(2) \end_layout \begin_layout Code + ssize_t recvfrom( int s, \end_layout \begin_layout Code + void *buf, \end_layout \begin_layout Code + size_t len, \end_layout \begin_layout Code + int flags, \end_layout \begin_layout Code + struct sockaddr *from, \end_layout \begin_layout Code + socklen_t *fromlen ); \end_layout @@ -17389,84 +18787,104 @@ struct sockaddr_storage \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Read a message from a remote peer, and return a buffer pointer to \end_layout \begin_layout Code + ** the caller. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** 's' is the file descriptor for the socket. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + char *rcvMsg( int s ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + static char bfr[ 1025 ]; /* Where the msg is stored. */ \end_layout \begin_layout Code + ssize_t count; \end_layout \begin_layout Code + struct sockaddr_storage ss; /* Where the peer adr goes. */ \end_layout \begin_layout Code + socklen_t sslen; \end_layout \begin_layout Code + sslen = sizeof( ss ); \end_layout \begin_layout Code + count = recvfrom( s, \end_layout \begin_layout Code + bfr, \end_layout \begin_layout Code + sizeof( bfr ) - 1, \end_layout \begin_layout Code + 0, \end_layout \begin_layout Code + (struct sockaddr*) &ss, \end_layout \begin_layout Code + &sslen ); \end_layout \begin_layout Code + bfr[ count ] = ' \backslash 0'; /* Null-terminates the message. @@ -17474,10 +18892,12 @@ char *rcvMsg( int s ) \end_layout \begin_layout Code + return bfr; \end_layout \begin_layout Code + } /* End rcvMsg() */ \end_layout @@ -17544,18 +18964,22 @@ getaddrinfo(3) \end_layout \begin_layout Code + int getaddrinfo( const char *node, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + const struct addrinfo *hints, \end_layout \begin_layout Code + struct addrinfo **res ); \end_layout @@ -17614,46 +19038,57 @@ struct addrinfo \end_layout \begin_layout Code + struct addrinfo \end_layout \begin_layout Code + { \end_layout \begin_layout Code + int ai_flags; \end_layout \begin_layout Code + int ai_family; \end_layout \begin_layout Code + int ai_socktype; \end_layout \begin_layout Code + int ai_protocol; \end_layout \begin_layout Code + socklen_t ai_addrlen; \end_layout \begin_layout Code + struct sockaddr *ai_addr; \end_layout \begin_layout Code + char *ai_canonname; \end_layout \begin_layout Code + struct addrinfo *ai_next; \end_layout \begin_layout Code + }; \end_layout @@ -18062,30 +19497,37 @@ struct sockaddr \end_layout \begin_layout Code + int getnameinfo( const struct sockaddr *sa, \end_layout \begin_layout Code + socklen_t salen, \end_layout \begin_layout Code + char *host, \end_layout \begin_layout Code + size_t hostlen, \end_layout \begin_layout Code + char *serv, \end_layout \begin_layout Code + size_t servlen, \end_layout \begin_layout Code + int flags ); \end_layout @@ -18184,6 +19626,7 @@ For security reasons that this author won't pretend to understand, "IPv4 \end_layout \begin_layout Code + ::ffff:192.0.2.1 \end_layout @@ -18254,18 +19697,22 @@ It is possible to assign a hostname to an IPv6 network address in \end_layout \begin_layout Code + ::1 localhost \end_layout \begin_layout Code + 127.0.0.1 localhost \end_layout \begin_layout Code + fe80::2c0:8cff:fe01:2345 pt141 \end_layout \begin_layout Code + 192.0.2.1 pt141 \end_layout @@ -18370,6 +19817,7 @@ The server code is found in file tod6d.c (time-of-day IPv6 daemon). \end_layout \begin_layout Code + tod6d [-v] [service] \end_layout @@ -18396,257 +19844,314 @@ The server handles both TCP and UDP requests on the network. \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * File: tod6d.c \end_layout \begin_layout Code + * Description: Contains source code for an IPv6-capable 'daytime' server. \end_layout \begin_layout Code + * Author: John Wenker, Sr. Software Engineer, \end_layout \begin_layout Code + * Performance Technologies, San Diego, USA \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** System header files. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #include /* errno declaration & error codes. */ \end_layout \begin_layout Code + #include /* getaddrinfo(3) et al. */ \end_layout \begin_layout Code + #include /* sockaddr_in & sockaddr_in6 definition. */ \end_layout \begin_layout Code + #include /* printf(3) et al. */ \end_layout \begin_layout Code + #include /* exit(2). */ \end_layout \begin_layout Code + #include /* String manipulation & memory functions. */ \end_layout \begin_layout Code + #include /* poll(2) and related definitions. */ \end_layout \begin_layout Code + #include /* Socket functions (socket(2), bind(2), etc). */ \end_layout \begin_layout Code + #include /* time(2) & ctime(3). */ \end_layout \begin_layout Code + #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Constants. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code + #define INVALID_DESC -1 /* Invalid file descriptor. */ \end_layout \begin_layout Code + #define MAXCONNQLEN 3 /* Max nbr of connection requests to queue. */ \end_layout \begin_layout Code + #define MAXTCPSCKTS 2 /* One TCP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code + #define MAXUDPSCKTS 2 /* One UDP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code + #define VALIDOPTS "v" /* Valid command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Simple boolean type definition. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Prototypes for internal helper functions. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static int openSckt( const char *service, \end_layout \begin_layout Code + const char *protocol, \end_layout \begin_layout Code + int desc[ ], \end_layout \begin_layout Code + size_t *descSize ); \end_layout \begin_layout Code + static void tod( int tSckt[ ], \end_layout \begin_layout Code + size_t tScktSize, \end_layout \begin_layout Code + int uSckt[ ], \end_layout \begin_layout Code + size_t uScktSize ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Global (within this file only) data objects. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static char hostBfr[ NI_MAXHOST ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code + static const char *pgmName; /* Program name w/o dir prefix. */ \end_layout \begin_layout Code + static char servBfr[ NI_MAXSERV ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code + static boolean verbose = false; /* Verbose mode indication. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Usage macro for command syntax violations. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define USAGE \backslash \end_layout \begin_layout Code + { \backslash \end_layout \begin_layout Code + fprintf( stderr, \backslash \end_layout \begin_layout Code + "Usage: %s [-v] [service] \backslash n", @@ -18655,37 +20160,44 @@ n", \end_layout \begin_layout Code + pgmName ); \backslash \end_layout \begin_layout Code + exit( 127 ); \backslash \end_layout \begin_layout Code + } /* End USAGE macro. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Macro to terminate the program if a system call error occurs. The system \end_layout \begin_layout Code + ** call must be one of the usual type that returns -1 on error. This macro is \end_layout \begin_layout Code + ** a modified version of a macro authored by Dr. V. Vinge, SDSU Dept. @@ -18693,56 +20205,66 @@ n", \end_layout \begin_layout Code + ** Computer Science (retired)... best professor I ever had. I hear he writes \end_layout \begin_layout Code + ** great science fiction in addition to robust code, too. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define CHK(expr) \backslash \end_layout \begin_layout Code + do \backslash \end_layout \begin_layout Code + { \backslash \end_layout \begin_layout Code + if ( (expr) == -1 ) \backslash \end_layout \begin_layout Code + { \backslash \end_layout \begin_layout Code + fprintf( stderr, \backslash \end_layout \begin_layout Code + "%s (line %d): System call ERROR - %s. \backslash n", @@ -18751,30 +20273,35 @@ n", \end_layout \begin_layout Code + pgmName, \backslash \end_layout \begin_layout Code + __LINE__, \backslash \end_layout \begin_layout Code + strerror( errno ) ); \backslash \end_layout \begin_layout Code + exit( 1 ); \backslash \end_layout \begin_layout Code + } /* End IF system call failed. */ \backslash @@ -18782,352 +20309,436 @@ n", \end_layout \begin_layout Code + } while ( false ) \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: main \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Set up a time-of-day server and handle network requests. This server \end_layout \begin_layout Code + * handles both TCP and UDP requests. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * The usual argc and argv parameters to a main() function. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * This is a daemon program and never returns. However, in the degenerate \end_layout \begin_layout Code + * case where no sockets are created, the function returns zero. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + int main( int argc, \end_layout \begin_layout Code + char *argv[ ] ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + int opt; \end_layout \begin_layout Code + const char *service = DFLT_SERVICE; \end_layout \begin_layout Code + int tSckt[ MAXTCPSCKTS ]; /* Array of TCP socket descriptors. */ \end_layout \begin_layout Code + size_t tScktSize = MAXTCPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code + int uSckt[ MAXUDPSCKTS ]; /* Array of UDP socket descriptors. */ \end_layout \begin_layout Code + size_t uScktSize = MAXUDPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Set the program name (w/o directory prefix). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + pgmName = strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code + pgmName = pgmName == NULL ? argv[ 0 ] : pgmName + 1; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command options. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code + while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) >= 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + switch ( opt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 'v': /* Verbose mode. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + verbose = true; \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on command option. */ \end_layout \begin_layout Code + } /* End WHILE processing options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command line arguments. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + switch ( argc - optind ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 0: break; \end_layout \begin_layout Code + case 1: service = argv[ optind ]; break; \end_layout \begin_layout Code + default: USAGE; \end_layout \begin_layout Code + } /* End SWITCH on number of command line arguments. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Open both a TCP and UDP socket, for both IPv4 & IPv6, on which to receive \end_layout \begin_layout Code + ** service requests. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( openSckt( service, "tcp", tSckt, &tScktSize ) < 0 ) || \end_layout \begin_layout Code + ( openSckt( service, "udp", uSckt, &uScktSize ) < 0 ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Run the time-of-day server. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( tScktSize > 0 ) || ( uScktSize > 0 ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + tod( tSckt, /* tod() never returns. */ \end_layout \begin_layout Code + tScktSize, \end_layout \begin_layout Code + uSckt, \end_layout \begin_layout Code + uScktSize ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Since tod() never returns, execution only gets here if no sockets were \end_layout \begin_layout Code + ** created. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: No sockets opened... terminating. \backslash @@ -19135,286 +20746,354 @@ n", \end_layout \begin_layout Code + pgmName ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + return 0; \end_layout \begin_layout Code + } /* End main() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: openSckt \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Open passive (server) sockets for the indicated inet service & protocol. \end_layout \begin_layout Code + * Notice in the last sentence that "sockets" is plural. During the interim \end_layout \begin_layout Code + * transition period while everyone is switching over to IPv6, the server \end_layout \begin_layout Code + * application has to open two sockets on which to listen for connections... \end_layout \begin_layout Code + * one for IPv4 traffic and one for IPv6 traffic. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * service - Pointer to a character string representing the well-known port \end_layout \begin_layout Code + * on which to listen (can be a service name or a decimal number). \end_layout \begin_layout Code + * protocol - Pointer to a character string representing the transport layer \end_layout \begin_layout Code + * protocol (only "tcp" or "udp" are valid). \end_layout \begin_layout Code + * desc - Pointer to an array into which the socket descriptors are \end_layout \begin_layout Code + * placed when opened. \end_layout \begin_layout Code + * descSize - This is a value-result parameter. On input, it contains the \end_layout \begin_layout Code + * max number of descriptors that can be put into 'desc' (i.e. the \end_layout \begin_layout Code + * number of elements in the array). Upon return, it will contain \end_layout \begin_layout Code + * the number of descriptors actually opened. Any unused slots in \end_layout \begin_layout Code + * 'desc' are set to INVALID_DESC. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * 0 on success, -1 on error. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static int openSckt( const char *service, \end_layout \begin_layout Code + const char *protocol, \end_layout \begin_layout Code + int desc[ ], \end_layout \begin_layout Code + size_t *descSize ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct addrinfo *ai; \end_layout \begin_layout Code + int aiErr; \end_layout \begin_layout Code + struct addrinfo *aiHead; \end_layout \begin_layout Code + struct addrinfo hints = { .ai_flags = AI_PASSIVE, /* Server mode. \end_layout \begin_layout Code + ¬ */ \end_layout \begin_layout Code + .ai_family = PF_UNSPEC }; /* IPv4 or IPv6. \end_layout \begin_layout Code + ¬ */ \end_layout \begin_layout Code + size_t maxDescs = *descSize; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Initialize output parameters. When the loop completes, *descSize is 0. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + while ( *descSize > 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + desc[ --( *descSize ) ] = INVALID_DESC; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Check which protocol is selected (only TCP and UDP are valid). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( strcmp( protocol, "tcp" ) == 0 ) /* TCP protocol. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + hints.ai_socktype = SOCK_STREAM; \end_layout \begin_layout Code + hints.ai_protocol = IPPROTO_TCP; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + else if ( strcmp( protocol, "udp" ) == 0 ) /* UDP protocol. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + hints.ai_socktype = SOCK_DGRAM; \end_layout \begin_layout Code + hints.ai_protocol = IPPROTO_UDP; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + else /* Invalid protocol. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown transport " \end_layout \begin_layout Code + "layer protocol \backslash "%s @@ -19425,191 +21104,235 @@ n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + protocol ); \end_layout \begin_layout Code + return -1; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Look up the service's well-known port number. Notice that NULL is being \end_layout \begin_layout Code + ** passed for the 'node' parameter, and that the AI_PASSIVE flag is set in \end_layout \begin_layout Code + ** 'hints'. Thus, the program is requesting passive address information. \end_layout \begin_layout Code + ** The network address is initialized to :: (all zeros) for IPv6 records, or \end_layout \begin_layout Code + ** 0.0.0.0 for IPv4 records. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( aiErr = getaddrinfo( NULL, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + &hints, \end_layout \begin_layout Code + &aiHead ) ) != 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + gai_strerror( aiErr ) ); \end_layout \begin_layout Code + return -1; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** For each of the address records returned, attempt to set up a passive \end_layout \begin_layout Code + ** socket. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( ai = aiHead; \end_layout \begin_layout Code + ( ai != NULL ) && ( *descSize < maxDescs ); \end_layout \begin_layout Code + ai = ai->ai_next ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the current address info. Start with the protocol- \end_layout \begin_layout Code + ** independent fields first. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Setting up a passive socket based on the " \end_layout \begin_layout Code + "following address info: \backslash n" \end_layout \begin_layout Code + " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code + " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -19617,6 +21340,7 @@ n" \end_layout \begin_layout Code + " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -19624,512 +21348,629 @@ n" \end_layout \begin_layout Code + " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + ai->ai_flags, \end_layout \begin_layout Code + ai->ai_family, \end_layout \begin_layout Code + PF_INET, \end_layout \begin_layout Code + PF_INET6, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + SOCK_STREAM, \end_layout \begin_layout Code + SOCK_DGRAM, \end_layout \begin_layout Code + ai->ai_protocol, \end_layout \begin_layout Code + IPPROTO_TCP, \end_layout \begin_layout Code + IPPROTO_UDP, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Now display the protocol-specific formatted socket address. Note \end_layout \begin_layout Code + ** that the program is requesting that getnameinfo(3) convert the \end_layout \begin_layout Code + ** host & service into numeric strings. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + switch ( ai->ai_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in *p = (struct sockaddr_in*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + p->sin_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4. */ \end_layout \begin_layout Code + case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in6 *p = (struct sockaddr_in6*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + p->sin6_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + p->sin6_flowinfo, \end_layout \begin_layout Code + p->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6. */ \end_layout \begin_layout Code + default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + ai->ai_family ); \end_layout \begin_layout Code + freeaddrinfo( aiHead ); \end_layout \begin_layout Code + return -1; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code + } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Create a socket using the info in the addrinfo structure. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + CHK( desc[ *descSize ] = socket( ai->ai_family, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + ai->ai_protocol ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Here is the code that prevents "IPv4 mapped addresses", as discussed \end_layout \begin_layout Code + ** in Section 22.1.3.1. If an IPv6 socket was just created, then set the \end_layout \begin_layout Code + ** IPV6_V6ONLY socket option. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + #if defined( IPV6_V6ONLY ) \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Disable IPv4 mapped addresses. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + int v6Only = 1; \end_layout \begin_layout Code + CHK( setsockopt( desc[ *descSize ], \end_layout \begin_layout Code + IPPROTO_IPV6, \end_layout \begin_layout Code + IPV6_V6ONLY, \end_layout \begin_layout Code + &v6Only, \end_layout \begin_layout Code + sizeof( v6Only ) ) ); \end_layout \begin_layout Code + #else \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** IPV6_V6ONLY is not defined, so the socket option can't be set and \end_layout \begin_layout Code + ** thus IPv4 mapped addresses can't be disabled. Print a warning \end_layout \begin_layout Code + ** message and close the socket. Design note: If the \end_layout \begin_layout Code + ** #if...#else...#endif construct were removed, then this program \end_layout \begin_layout Code + ** would not compile (because IPV6_V6ONLY isn't defined). That's an \end_layout \begin_layout Code + ** acceptable approach; IPv4 mapped addresses are certainly disabled \end_layout \begin_layout Code + ** if the program can't build! However, since this program is also \end_layout \begin_layout Code + ** designed to work for IPv4 sockets as well as IPv6, I decided to \end_layout \begin_layout Code + ** allow the program to compile when IPV6_V6ONLY is not defined, and \end_layout \begin_layout Code + ** turn it into a run-time warning rather than a compile-time error. \end_layout \begin_layout Code + ** IPv4 mapped addresses are still disabled because _all_ IPv6 traffic \end_layout \begin_layout Code + ** is disabled (all IPv6 sockets are closed here), but at least this \end_layout \begin_layout Code + ** way the server can still service IPv4 network traffic. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): WARNING - Cannot set IPV6_V6ONLY socket " \end_layout \begin_layout Code + "option. Closing IPv6 %s socket. \backslash @@ -20137,556 +21978,690 @@ n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + ai->ai_protocol == IPPROTO_TCP ? "TCP" : "UDP" ); \end_layout \begin_layout Code + CHK( close( desc[ *descSize ] ) ); \end_layout \begin_layout Code + continue; /* Go to top of FOR loop w/o updating *descSize! */ \end_layout \begin_layout Code + #endif /* IPV6_V6ONLY */ \end_layout \begin_layout Code + } /* End IF this is an IPv6 socket. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Bind the socket. Again, the info from the addrinfo structure is used. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + CHK( bind( desc[ *descSize ], \end_layout \begin_layout Code + ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** If this is a TCP socket, put the socket into passive listening mode \end_layout \begin_layout Code + ** (listen is only valid on connection-oriented sockets). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ai->ai_socktype == SOCK_STREAM ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + CHK( listen( desc[ *descSize ], \end_layout \begin_layout Code + MAXCONNQLEN ) ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Socket set up okay. Bump index to next descriptor array element. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + *descSize += 1; \end_layout \begin_layout Code + } /* End FOR each address info structure returned. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Dummy check for unused address records. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose && ( ai != NULL ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): WARNING - Some address records were " \end_layout \begin_layout Code + "not processed due to insufficient array space. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__ ); \end_layout \begin_layout Code + } /* End IF verbose and some address records remain unprocessed. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Clean up. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + freeaddrinfo( aiHead ); \end_layout \begin_layout Code + return 0; \end_layout \begin_layout Code + } /* End openSckt() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: tod \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Listen on a set of sockets and send the current time-of-day to any \end_layout \begin_layout Code + * clients. This function never returns. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * tSckt - Array of TCP socket descriptors on which to listen. \end_layout \begin_layout Code + * tScktSize - Size of the tSckt array (nbr of elements). \end_layout \begin_layout Code + * uSckt - Array of UDP socket descriptors on which to listen. \end_layout \begin_layout Code + * uScktSize - Size of the uSckt array (nbr of elements). \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: None. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static void tod( int tSckt[ ], \end_layout \begin_layout Code + size_t tScktSize, \end_layout \begin_layout Code + int uSckt[ ], \end_layout \begin_layout Code + size_t uScktSize ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + char bfr[ 256 ]; \end_layout \begin_layout Code + ssize_t count; \end_layout \begin_layout Code + struct pollfd *desc; \end_layout \begin_layout Code + size_t descSize = tScktSize + uScktSize; \end_layout \begin_layout Code + int idx; \end_layout \begin_layout Code + int newSckt; \end_layout \begin_layout Code + struct sockaddr *sadr; \end_layout \begin_layout Code + socklen_t sadrLen; \end_layout \begin_layout Code + struct sockaddr_storage sockStor; \end_layout \begin_layout Code + int status; \end_layout \begin_layout Code + size_t timeLen; \end_layout \begin_layout Code + char *timeStr; \end_layout \begin_layout Code + time_t timeVal; \end_layout \begin_layout Code + ssize_t wBytes; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Allocate memory for the poll(2) array. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + desc = malloc( descSize * sizeof( struct pollfd ) ); \end_layout \begin_layout Code + if ( desc == NULL ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + strerror( ENOMEM ) ); \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Initialize the poll(2) array. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + desc[ idx ].fd = idx < tScktSize ? tSckt[ idx ] \end_layout \begin_layout Code + : uSckt[ idx - tScktSize ]; \end_layout \begin_layout Code + desc[ idx ].events = POLLIN; \end_layout \begin_layout Code + desc[ idx ].revents = 0; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Main time-of-day server loop. Handles both TCP & UDP requests. This is \end_layout \begin_layout Code + ** an interative server, and all requests are handled directly within the \end_layout \begin_layout Code + ** main loop. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + while ( true ) /* Do forever. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Wait for activity on one of the sockets. The DO..WHILE construct is \end_layout \begin_layout Code + ** used to restart the system call in the event the process is \end_layout \begin_layout Code + ** interrupted by a signal. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + do \end_layout \begin_layout Code + { \end_layout \begin_layout Code + status = poll( desc, \end_layout \begin_layout Code + descSize, \end_layout \begin_layout Code + -1 /* Wait indefinitely for input. */ ); \end_layout \begin_layout Code + } while ( ( status < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code + CHK( status ); /* Check for a bona fide system call error. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Get the current time. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + timeVal = time( NULL ); \end_layout \begin_layout Code + timeStr = ctime( &timeVal ); \end_layout \begin_layout Code + timeLen = strlen( timeStr ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Indicate that there is new network activity. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + char *s = malloc( timeLen+1 ); \end_layout \begin_layout Code + strcpy( s, timeStr ); \end_layout \begin_layout Code + s[ timeLen-1 ] = ' \backslash 0'; /* Overwrite ' @@ -20696,743 +22671,913 @@ n' in date string. \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: New network activity on %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + s ); \end_layout \begin_layout Code + free( s ); \end_layout \begin_layout Code + } /* End IF verbose. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process sockets with input available. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + switch ( desc[ idx ].revents ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 0: /* No activity on this socket; try the next. */ \end_layout \begin_layout Code + continue; \end_layout \begin_layout Code + case POLLIN: /* Network activity. Go process it. */ \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + default: /* Invalid poll events. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Invalid poll event (0x%02X). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + desc[ idx ].revents ); \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on returned poll events. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Determine if this is a TCP request or UDP request. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( idx < tScktSize ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** TCP connection requested. Accept it. Notice the use of \end_layout \begin_layout Code + ** the sockaddr_storage data type. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code + sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code + CHK( newSckt = accept( desc[ idx ].fd, \end_layout \begin_layout Code + sadr, \end_layout \begin_layout Code + &sadrLen ) ); \end_layout \begin_layout Code + CHK( shutdown( newSckt, /* Server never recv's anything. */ \end_layout \begin_layout Code + SHUT_RD ) ); \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the socket address of the remote client. Begin with \end_layout \begin_layout Code + ** the address-independent fields. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Sockaddr info for new TCP client: \backslash n" \end_layout \begin_layout Code + " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + sadr->sa_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + sadrLen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address-specific fields. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( sadr, \end_layout \begin_layout Code + sadrLen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Notice that we're switching on an address family now, not a \end_layout \begin_layout Code + ** protocol family. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + switch ( sadr->sa_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + p->sin_family, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4. */ \end_layout \begin_layout Code + case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + p->sin6_family, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + p->sin6_flowinfo, \end_layout \begin_layout Code + p->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6. */ \end_layout \begin_layout Code + default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code + "family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + sadr->sa_family ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code + } /* End SWITCH on address family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Send the TOD to the client. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + wBytes = timeLen; \end_layout \begin_layout Code + while ( wBytes > 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + do \end_layout \begin_layout Code + { \end_layout \begin_layout Code + count = write( newSckt, \end_layout \begin_layout Code + timeStr, \end_layout \begin_layout Code + wBytes ); \end_layout \begin_layout Code + } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code + CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code + wBytes -= count; \end_layout \begin_layout Code + } /* End WHILE there is data to send. */ \end_layout \begin_layout Code + CHK( close( newSckt ) ); \end_layout \begin_layout Code + } /* End IF this was a TCP connection request. */ \end_layout \begin_layout Code + else \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** This is a UDP socket, and a datagram is available. The funny \end_layout \begin_layout Code + ** thing about UDP requests is that this server doesn't require any \end_layout \begin_layout Code + ** client input; but it can't send the TOD unless it knows a client \end_layout \begin_layout Code + ** wants the data, and the only way that can occur with UDP is if \end_layout \begin_layout Code + ** the server receives a datagram from the client. Thus, the \end_layout \begin_layout Code + ** server must receive _something_, but the content of the datagram \end_layout \begin_layout Code + ** is irrelevant. Read in the datagram. Again note the use of \end_layout \begin_layout Code + ** sockaddr_storage to receive the address. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code + sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code + CHK( count = recvfrom( desc[ idx ].fd, \end_layout \begin_layout Code + bfr, \end_layout \begin_layout Code + sizeof( bfr ), \end_layout \begin_layout Code + 0, \end_layout \begin_layout Code + sadr, \end_layout \begin_layout Code + &sadrLen ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display whatever was received on stdout. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + ssize_t rBytes = count; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: UDP datagram received (%d bytes). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + count ); \end_layout \begin_layout Code + while ( count > 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fputc( bfr[ rBytes - count-- ], \end_layout \begin_layout Code + stdout ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + if ( bfr[ rBytes-1 ] != ' \backslash n' ) \end_layout \begin_layout Code + fputc( ' \backslash n', stdout ); /* Newline also flushes stdout. @@ -21440,403 +23585,493 @@ n', stdout ); /* Newline also flushes stdout. \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the socket address of the remote client. Address- \end_layout \begin_layout Code + ** independent fields first. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Remote client's sockaddr info: \backslash n" \end_layout \begin_layout Code + " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + sadr->sa_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + sadrLen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address-specific information. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( sadr, \end_layout \begin_layout Code + sadrLen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + switch ( sadr->sa_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + p->sin_family, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4 address. */ \end_layout \begin_layout Code + case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + p->sin6_family, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + p->sin6_flowinfo, \end_layout \begin_layout Code + p->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6 address. */ \end_layout \begin_layout Code + default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code + "family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + sadr->sa_family ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code + } /* End SWITCH on address family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Send the time-of-day to the client. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + wBytes = timeLen; \end_layout \begin_layout Code + while ( wBytes > 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + do \end_layout \begin_layout Code + { \end_layout \begin_layout Code + count = sendto( desc[ idx ].fd, \end_layout \begin_layout Code + timeStr, \end_layout \begin_layout Code + wBytes, \end_layout \begin_layout Code + 0, \end_layout \begin_layout Code + sadr, /* Address & address length */ \end_layout \begin_layout Code + sadrLen ); /* received in recvfrom(). */ \end_layout \begin_layout Code + } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code + CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code + wBytes -= count; \end_layout \begin_layout Code + } /* End WHILE there is data to send. */ \end_layout \begin_layout Code + } /* End ELSE a UDP datagram is available. */ \end_layout \begin_layout Code + desc[ idx ].revents = 0; /* Clear the returned poll events. */ \end_layout \begin_layout Code + } /* End FOR each socket descriptor. */ \end_layout \begin_layout Code + } /* End WHILE forever. */ \end_layout \begin_layout Code + } /* End tod() */ \end_layout @@ -21851,6 +24086,7 @@ The TCP client code is found in file tod6tc.c (time-of-day IPv6 TCP client). \end_layout \begin_layout Code + tod6tc [-v] [-s scope_id] [host [service]] \end_layout @@ -21891,216 +24127,265 @@ The TCP client source code contained in tod6tc.c follows: \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * File: tod6tc.c \end_layout \begin_layout Code + * Description: Contains source code for an IPv6-capable 'daytime' TCP client. \end_layout \begin_layout Code + * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code + * Performance Technologies, San Diego, USA \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** System header files. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #include /* errno declaration and error codes. */ \end_layout \begin_layout Code + #include /* if_nametoindex(3). */ \end_layout \begin_layout Code + #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code + #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code + #include /* printf(3) et al. */ \end_layout \begin_layout Code + #include /* exit(2). */ \end_layout \begin_layout Code + #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code + #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code + #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Constants & macros. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code + #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code + #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code + #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code + #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code + #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Type definitions (for convenience). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code + typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code + typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Prototypes for internal helper functions. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static int openSckt( const char *host, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + unsigned int scopeId ); \end_layout \begin_layout Code + static void tod( int sckt ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Global (within this file only) data objects. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code + static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Usage macro. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define USAGE \backslash @@ -22108,6 +24393,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + { \backslash @@ -22115,6 +24401,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + fprintf( stderr, \backslash @@ -22122,6 +24409,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -22130,6 +24418,7 @@ n", \end_layout \begin_layout Code + pgmName ); \backslash @@ -22137,6 +24426,7 @@ n", \end_layout \begin_layout Code + exit( 127 ); \backslash @@ -22144,20 +24434,24 @@ n", \end_layout \begin_layout Code + } /* End USAGE macro. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code + ** CHK() macro by Dr. V. Vinge (see server code). @@ -22165,540 +24459,669 @@ n", \end_layout \begin_layout Code + ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code + ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code + ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code + ** of the system call. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code + ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code + ** { \end_layout \begin_layout Code + ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code + ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code + ** } \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code + int lineNbr, \end_layout \begin_layout Code + int status ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + lineNbr, \end_layout \begin_layout Code + syscallName, \end_layout \begin_layout Code + strerror( errno ) ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code + } /* End SYSCALL() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: main \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code + * stdout. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * This function always returns zero. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + int main( int argc, \end_layout \begin_layout Code + char *argv[ ] ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + const char *host = DFLT_HOST; \end_layout \begin_layout Code + int opt; \end_layout \begin_layout Code + int sckt; \end_layout \begin_layout Code + unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code + const char *service = DFLT_SERVICE; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code + pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command line options. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code + while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + switch ( opt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code + if ( scopeId == 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + optarg ); \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 'v': /* Verbose mode. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + verbose = true; \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on command option. */ \end_layout \begin_layout Code + } /* End WHILE processing command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code + ** index of the first NON-option argv element. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + switch ( argc - optind ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + service = argv[ optind + 1 ]; \end_layout \begin_layout Code + /***** Fall through *****/ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + host = argv[ optind ]; \end_layout \begin_layout Code + /***** Fall through *****/ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 0: /* Use default host & service. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Open a connection to the indicated host/service. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code + ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code + ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code + ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code + ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code + ** command line. \end_layout \begin_layout Code + ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code + ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code + ** sockets). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( sckt = openSckt( host, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: Sorry... a connection could not be established. \backslash @@ -22706,524 +25129,646 @@ n", \end_layout \begin_layout Code + pgmName ); \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Get the remote time-of-day. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + tod( sckt ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Close the connection and terminate. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + (void) SYSCALL( "close", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + close( sckt ) ); \end_layout \begin_layout Code + return 0; \end_layout \begin_layout Code + } /* End main() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: openSckt \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Sets up a TCP connection to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code + * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code + * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code + * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code + * when either a connection has been established or all records in the list \end_layout \begin_layout Code + * have been processed. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code + * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code + * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code + * well-known port number. \end_layout \begin_layout Code + * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code + * network interface on which to set up the connection. This \end_layout \begin_layout Code + * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code + * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code + * network address is augmented with the scope ID). \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code + * address records have been processed and a connection could not be \end_layout \begin_layout Code + * established. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static int openSckt( const char *host, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + unsigned int scopeId ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct addrinfo *ai; \end_layout \begin_layout Code + int aiErr; \end_layout \begin_layout Code + struct addrinfo *aiHead; \end_layout \begin_layout Code + struct addrinfo hints; \end_layout \begin_layout Code + sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code + int sckt; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code + ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code + ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code + ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code + ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code + ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code + ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code + ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code + ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code + hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code + hints.ai_socktype = SOCK_STREAM; /* Connection-oriented byte stream. */ \end_layout \begin_layout Code + hints.ai_protocol = IPPROTO_TCP; /* TCP transport layer protocol only. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Look up the host/service information. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + &hints, \end_layout \begin_layout Code + &aiHead ) ) != 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + gai_strerror( aiErr ) ); \end_layout \begin_layout Code + return INVALID_DESC; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code + ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code + ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code + ai = ai->ai_next ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code + if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code + } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code + } /* End IPv6 kluge. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address info for the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Temporary character string buffers for host & service. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code + char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address information just fetched. Start with the \end_layout \begin_layout Code + ** common (protocol-independent) stuff first. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Address info: \backslash n" \end_layout \begin_layout Code + " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code + " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -23231,6 +25776,7 @@ n" \end_layout \begin_layout Code + " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -23238,608 +25784,751 @@ n" \end_layout \begin_layout Code + " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + ai->ai_flags, \end_layout \begin_layout Code + ai->ai_family, \end_layout \begin_layout Code + PF_INET, \end_layout \begin_layout Code + PF_INET6, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + SOCK_STREAM, \end_layout \begin_layout Code + SOCK_DGRAM, \end_layout \begin_layout Code + ai->ai_protocol, \end_layout \begin_layout Code + IPPROTO_TCP, \end_layout \begin_layout Code + IPPROTO_UDP, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the protocol-specific formatted address. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + switch ( ai->ai_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + pSadrIn->sin_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code + case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + pSadrIn6->sin6_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code + pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code + default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + ai->ai_family ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code + } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Create a socket. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "socket", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + sckt = socket( ai->ai_family, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + ai->ai_protocol ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sckt = INVALID_DESC; \end_layout \begin_layout Code + continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Connect to the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "connect", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + connect( sckt, \end_layout \begin_layout Code + ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code + sckt = INVALID_DESC; \end_layout \begin_layout Code + continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Clean up & return. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + freeaddrinfo( aiHead ); \end_layout \begin_layout Code + return sckt; \end_layout \begin_layout Code + } /* End openSckt() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: tod \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: None. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static void tod( int sckt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code + int inBytes; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** The client never sends anything, so shut down the write side of the \end_layout \begin_layout Code + ** connection. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "shutdown", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + shutdown( sckt, SHUT_WR ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + return; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Read the time-of-day from the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + do \end_layout \begin_layout Code + { \end_layout \begin_layout Code + if ( !SYSCALL( "read", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + inBytes = read( sckt, \end_layout \begin_layout Code + bfr, \end_layout \begin_layout Code + MAXBFRSIZE ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + return; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -23847,19 +26536,23 @@ static void tod( int sckt ) \end_layout \begin_layout Code + fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code + } while ( inBytes > 0 ); \end_layout \begin_layout Code + fflush( stdout ); \end_layout \begin_layout Code + } /* End tod() */ \end_layout @@ -23876,6 +26569,7 @@ The UDP client code is found in file tod6uc.c (time-of-day IPv6 UDP client). \end_layout \begin_layout Code + tod6uc [-v] [-s scope_id] [host [service]] \end_layout @@ -23916,216 +26610,265 @@ The UDP client source code contained in tod6uc.c follows: \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * File: tod6uc.c \end_layout \begin_layout Code + * Description: Contains source code for an IPv6-capable 'daytime' UDP client. \end_layout \begin_layout Code + * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code + * Performance Technologies, San Diego, USA \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** System header files. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #include /* errno declaration and error codes. */ \end_layout \begin_layout Code + #include /* if_nametoindex(3). */ \end_layout \begin_layout Code + #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code + #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code + #include /* printf(3) et al. */ \end_layout \begin_layout Code + #include /* exit(2). */ \end_layout \begin_layout Code + #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code + #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code + #include /* getopt(3), recvfrom(2), sendto(2), etc. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Constants & macros. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code + #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code + #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code + #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code + #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code + #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Type definitions (for convenience). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code + typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code + typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Prototypes for internal helper functions. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static int openSckt( const char *host, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + unsigned int scopeId ); \end_layout \begin_layout Code + static void tod( int sckt ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Global (within this file only) data objects. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code + static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Usage macro. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + #define USAGE \backslash @@ -24133,6 +26876,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + { \backslash @@ -24140,6 +26884,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + fprintf( stderr, \backslash @@ -24147,6 +26892,7 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code + "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -24155,6 +26901,7 @@ n", \end_layout \begin_layout Code + pgmName ); \backslash @@ -24162,6 +26909,7 @@ n", \end_layout \begin_layout Code + exit( 127 ); \backslash @@ -24169,20 +26917,24 @@ n", \end_layout \begin_layout Code + } /* End USAGE macro. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code + ** CHK() macro by Dr. V. Vinge (see server code). @@ -24190,1065 +26942,1316 @@ n", \end_layout \begin_layout Code + ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code + ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code + ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code + ** of the system call. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code + ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code + ** { \end_layout \begin_layout Code + ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code + ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code + ** } \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code + int lineNbr, \end_layout \begin_layout Code + int status ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + lineNbr, \end_layout \begin_layout Code + syscallName, \end_layout \begin_layout Code + strerror( errno ) ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code + } /* End SYSCALL() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: main \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code + * stdout. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * This function always returns zero. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + int main( int argc, \end_layout \begin_layout Code + char *argv[ ] ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + const char *host = DFLT_HOST; \end_layout \begin_layout Code + int opt; \end_layout \begin_layout Code + int sckt; \end_layout \begin_layout Code + unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code + const char *service = DFLT_SERVICE; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code + pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command line options. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code + while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + switch ( opt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code + if ( scopeId == 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + optarg ); \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 'v': /* Verbose mode. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + verbose = true; \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on command option. */ \end_layout \begin_layout Code + } /* End WHILE processing command options. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code + ** index of the first NON-option argv element. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + switch ( argc - optind ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + service = argv[ optind + 1 ]; \end_layout \begin_layout Code + /***** Fall through *****/ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + host = argv[ optind ]; \end_layout \begin_layout Code + /***** Fall through *****/ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + case 0: /* Use default host & service. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + default: \end_layout \begin_layout Code + { \end_layout \begin_layout Code + USAGE; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Open a connection to the indicated host/service. \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code + ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code + ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code + ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code + ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code + ** command line. \end_layout \begin_layout Code + ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code + ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code + ** sockets). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( sckt = openSckt( host, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s: Sorry... a connectionless socket could " \end_layout \begin_layout Code + "not be set up. \backslash n", \end_layout \begin_layout Code + pgmName ); \end_layout \begin_layout Code + exit( 1 ); \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Get the remote time-of-day. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + tod( sckt ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Close the connection and terminate. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + (void) SYSCALL( "close", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + close( sckt ) ); \end_layout \begin_layout Code + return 0; \end_layout \begin_layout Code + } /* End main() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: openSckt \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Sets up a UDP socket to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code + * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code + * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code + * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code + * when either a connection has been established or all records in the list \end_layout \begin_layout Code + * have been processed. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code + * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code + * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code + * well-known port number. \end_layout \begin_layout Code + * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code + * network interface on which to exchange datagrams. This \end_layout \begin_layout Code + * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code + * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code + * network address is augmented with the scope ID). \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: \end_layout \begin_layout Code + * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code + * address records have been processed and a socket could not be initialized. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static int openSckt( const char *host, \end_layout \begin_layout Code + const char *service, \end_layout \begin_layout Code + unsigned int scopeId ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + struct addrinfo *ai; \end_layout \begin_layout Code + int aiErr; \end_layout \begin_layout Code + struct addrinfo *aiHead; \end_layout \begin_layout Code + struct addrinfo hints; \end_layout \begin_layout Code + sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code + int sckt; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code + ** \end_layout \begin_layout Code + ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code + ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code + ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code + ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code + ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code + ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code + ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code + ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code + ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code + hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code + hints.ai_socktype = SOCK_DGRAM; /* Connectionless communication. */ \end_layout \begin_layout Code + hints.ai_protocol = IPPROTO_UDP; /* UDP transport layer protocol only. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Look up the host/service information. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code + service, \end_layout \begin_layout Code + &hints, \end_layout \begin_layout Code + &aiHead ) ) != 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + gai_strerror( aiErr ) ); \end_layout \begin_layout Code + return INVALID_DESC; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code + ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code + ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code + ai = ai->ai_next ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code + if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code + } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code + } /* End IPv6 kluge. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address info for the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( verbose ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Temporary character string buffers for host & service. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code + char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the address information just fetched. Start with the \end_layout \begin_layout Code + ** common (protocol-independent) stuff first. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "Address info: \backslash n" \end_layout \begin_layout Code + " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code + " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -25256,6 +28259,7 @@ n" \end_layout \begin_layout Code + " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -25263,606 +28267,748 @@ n" \end_layout \begin_layout Code + " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code + "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code + ai->ai_flags, \end_layout \begin_layout Code + ai->ai_family, \end_layout \begin_layout Code + PF_INET, \end_layout \begin_layout Code + PF_INET6, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + SOCK_STREAM, \end_layout \begin_layout Code + SOCK_DGRAM, \end_layout \begin_layout Code + ai->ai_protocol, \end_layout \begin_layout Code + IPPROTO_TCP, \end_layout \begin_layout Code + IPPROTO_UDP, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + sizeof( struct sockaddr_in ), \end_layout \begin_layout Code + sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Display the protocol-specific formatted address. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + getnameinfo( ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + sizeof( hostBfr ), \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + sizeof( servBfr ), \end_layout \begin_layout Code + NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code + switch ( ai->ai_family ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin_addr: %s \backslash n" \end_layout \begin_layout Code + " sin_port: %s \backslash n", \end_layout \begin_layout Code + pSadrIn->sin_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code + case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code + "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code + " sin6_addr: %s \backslash n" \end_layout \begin_layout Code + " sin6_port: %s \backslash n" \end_layout \begin_layout Code + " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code + " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code + pSadrIn6->sin6_family, \end_layout \begin_layout Code + AF_INET, \end_layout \begin_layout Code + AF_INET6, \end_layout \begin_layout Code + hostBfr, \end_layout \begin_layout Code + servBfr, \end_layout \begin_layout Code + pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code + pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code + default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code + { \end_layout \begin_layout Code + fprintf( stderr, \end_layout \begin_layout Code + "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code + pgmName, \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + ai->ai_family ); \end_layout \begin_layout Code + break; \end_layout \begin_layout Code + } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code + } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code + } /* End IF verbose mode. */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Create a socket. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "socket", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + sckt = socket( ai->ai_family, \end_layout \begin_layout Code + ai->ai_socktype, \end_layout \begin_layout Code + ai->ai_protocol ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + sckt = INVALID_DESC; \end_layout \begin_layout Code + continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Set the target destination for the remote host on this socket. That \end_layout \begin_layout Code + ** is, this socket only communicates with the specified host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "connect", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + connect( sckt, \end_layout \begin_layout Code + ai->ai_addr, \end_layout \begin_layout Code + ai->ai_addrlen ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code + sckt = INVALID_DESC; \end_layout \begin_layout Code + continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code + } \end_layout \begin_layout Code + } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Clean up & return. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + freeaddrinfo( aiHead ); \end_layout \begin_layout Code + return sckt; \end_layout \begin_layout Code + } /* End openSckt() */ \end_layout \begin_layout Code + /****************************************************************************** \end_layout \begin_layout Code + * Function: tod \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Description: \end_layout \begin_layout Code + * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Parameters: \end_layout \begin_layout Code + * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code + * \end_layout \begin_layout Code + * Return Value: None. \end_layout \begin_layout Code + ******************************************************************************/ \end_layout \begin_layout Code + static void tod( int sckt ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code + int inBytes; \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Send a datagram to the server to wake it up. The content isn't \end_layout \begin_layout Code + ** important, but something must be sent to let it know we want the TOD. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "write", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + write( sckt, "Are you there?", 14 ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + return; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + /* \end_layout \begin_layout Code + ** Read the time-of-day from the remote host. \end_layout \begin_layout Code + */ \end_layout \begin_layout Code + if ( !SYSCALL( "read", \end_layout \begin_layout Code + __LINE__, \end_layout \begin_layout Code + inBytes = read( sckt, \end_layout \begin_layout Code + bfr, \end_layout \begin_layout Code + MAXBFRSIZE ) ) ) \end_layout \begin_layout Code + { \end_layout \begin_layout Code + return; \end_layout \begin_layout Code + } \end_layout \begin_layout Code + bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -25870,15 +29016,18 @@ static void tod( int sckt ) \end_layout \begin_layout Code + fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code + fflush( stdout ); \end_layout \begin_layout Code + } /* End tod() */ \end_layout @@ -28226,19 +31375,8 @@ target "http://www.ipinfusion.com/products/server/products_server.html" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "SPA Mail Server 2.21 " -target "http://download.com.com/3000-2165-10153543.html?tag=lst-0-21" - -\end_inset - - -\end_layout - -\begin_layout Itemize -\begin_inset CommandInset href -LatexCommand href -name "Inframail (Advantage Server Edition) 6.0 " -target "http://download.com.com/3000-2165-8202652.html?tag=lst-0-2" +name "Inframail (Advantage Server Edition)" +target "http://download.cnet.com/Inframail-Advantage-Server-Edition/3000-10248_4-8202652.html" \end_inset @@ -28249,7 +31387,7 @@ target "http://download.com.com/3000-2165-8202652.html?tag=lst-0-2" \begin_inset CommandInset href LatexCommand href name "HTTrack Website Copier" -target "http://download.com.com/3000-2377-10149393.html?tag=lst-0-1" +target "http://download.cnet.com/HTTrack-Website-Copier/3000-2377_4-10149393.html" \end_inset @@ -28259,8 +31397,8 @@ target "http://download.com.com/3000-2377-10149393.html?tag=lst-0-1" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "CommView 5.0" -target "http://download.com.com/3000-2085-10132748.html?tag=lst-0-1" +name "CommView" +target "http://download.cnet.com/CommView/3000-2085_4-10132748.html" \end_inset @@ -28270,8 +31408,8 @@ target "http://download.com.com/3000-2085-10132748.html?tag=lst-0-1" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "Posadis 0.50.6" -target "http://download.com.com/3000-2104-10149750.html?tag=lst-0-1" +name "Posadis" +target "http://download.cnet.com/Posadis/3000-2155_4-10149750.html" \end_inset @@ -30136,6 +33274,10 @@ Versions x.y.z are work-in-progress and published as LyX and SGML file on Releases 0.x \end_layout +\begin_layout Description +0.67wip 2015-08-18/PB: fix some broken URLs +\end_layout + \begin_layout Description 0.66 2010-04-20/PB: extend QoS section with examples, 20130513/PB: add IPv6 NAT hints, 20130521/PB: review dhcpd, 20131019/bie: general review, 20140502/bi diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf index 0183cd3c..b5beb31c 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.html index 4e5e9b6e..7adc2c52 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.html @@ -205,22 +205,22 @@ HREF="#GENERAL-TRANSLATIONS" >

    1.5. Técnico
    1.6. Prefácio
    1.7. Termos usados, glossário e atalhos
    1.8. Necessidades para usar este HOWTO
    2.1. O que é IPv6?
    2.3. Como o endereço IPv6 se parece?
    2.4. FAQ (Básico)
    3.1. Endereços sem um prefixo especial
    3.2. Parte da rede, também conhecido como prefixo
    3.3. Tipos de endereço (parte de host)
    3.4. Tamanho de prefixos para roteamento
    4.2. Ferramentas de configuração de rede que suportam IPv6
    4.3. Programas de teste e debug IPv6
    4.4. Programas com suporte a IPv6
    4.5. Programas cliente com suporte a IPv6
    4.6. Programas servidores com suporte a IPv6
    5.1. Dispositivos de rede diferentes
    5.2. Colocando as interfaces em up e down
    6.1. Mostrando os endereços IPv6 existentes
    6.2. Adicionando um endereço IPv6
    6.3. Removendo um endereço IPv6
    7.1. Mostrando as rotas IPv6 existentes
    7.2. Adicionando uma rota IPv6 através de um gateway
    7.3. Removendo uma rota IPv6 através de um gateway
    7.4. Adicionando uma rota IPv6 através de uma interface
    7.5. Removendo uma rota IPv6 através de uma interface
    7.6. FAQ para rotas em IPv6
    8.1. Mostrando os vizinhos usando "ip"
    8.2. Manipulando a tabela de vizinhos usando "ip"
    9.1. Tipos de túneis
    9.2. Mostrando os túneis existentes
    10.1. Mostrando os túneis existentes
    10.2. Configuração de túnel ponto a ponto
    10.3. Removendo túneis ponto a ponto
    11.1. Como acessar os arquivos do /proc
    14.1. Server socket binding
    15.1. Red Hat Linux and “clones”
    15.2. SuSE Linux
    16.1. Stateless auto-configuration
    16.2. Stateful auto-configuration using Router Advertisement Daemon (radvd)
    16.3. Dynamic Host Configuration Protocol v6 (DHCPv6)
    17.1. Common information
    18.2. Preparation
    18.3. Usage
    19.1. Node security
    19.2. Access limitations
    20.1. Modes of using encryption and authentication
    20.2. Support in kernel (ESP and AH)
    20.3. Automatic key exchange (IKE)
    20.4. Additional informations:
    21.1. General
    21.2. Linux QoS using “tc”
    23.2. Other programming languages
    25.4. IPv6 Infrastructure
    26. Revision history / Credits / The End
    26.3. The End

    A versão atual deste documento é mostrada no começo do documento.

    Informação CVS:

    CVS-ID: $Id$

    Para outras versões ou traduções disponíveis, veja o site


    1.3.2. Histórico

    1.3.2.1. Relevantes


    1.3.2.2. História completa


    1.3.3. To-Do


    1.4.1. Linguagens


    1.4.1.1. Chines


    1.4.1.2. Polones


    1.4.1.3. German


    1.4.1.4. Frances


    1.4.1.5. Espanhol


    1.4.1.6. Italiano


    1.4.1.7. Japones


    1.4.1.8. Grego


    1.4.1.9. Turco


    1.4.1.10. Portuguese-Brazil


    1.5. Técnico


    1.5.1.1. Divisor de linha de código


    1.5.1.2. Geração de SGML


    1.5.2. Referencias On-line para a versão em HTML deste HOWTO

    1.5.2.1. Página principal


    1.5.2.2. Páginas dedicadas


    1.6. Prefácio


    1.6.1. Quantas versões deste HOWTO existem por aí ?


    1.6.1.1. Linux IPv6 FAQ/HOWTO (desatualizada)


    1.6.1.2. IPv6 & Linux - HowTo (mantida)


    1.6.1.3. Linux IPv6 HOWTO (este documento)


    1.7. Termos usados, glossário e atalhos

    1.7.1. Rede


    1.7.2. Informações úteis

    1.7.2.1. Sinal de divisão de linha longa de código


    1.7.2.2. Marcadores


    1.7.2.3. Comandos no shell


    1.8. Necessidades para usar este HOWTO

    1.8.1. Prerequisitos pessoais

    1.8.1.1. Experiencia com ferramentas Unix


    1.8.1.2. Experiencia com teoria de rede


    1.8.1.3. Experiencia com configuração IPv4


    1.8.1.4. Experiencia com Domain Name System (DNS)


    1.8.1.5. Experiencia com estratégias de debug de rede


    1.8.2. Hardware compatível com o sistema Linux

    2.1. O que é IPv6?


    2.2.1. O começo


    2.2.2. Enquanto isso


    2.2.3. Atualmente


    2.2.4. O futuro


    2.3. Como o endereço IPv6 se parece?


    2.4. FAQ (Básico)

    2.4.1. Porque o nome do sucessor do IPv4 é IPv6 e não IPv5 ?


    2.4.2. Endereços IPv6: porque um número tão grande de bits ?


    2.4.3. Endereços IPv6: porque um número tão pequeno de bits em um nova versão ?


    3.1. Endereços sem um prefixo especial

    3.1.1. Endereço localhost


    3.1.2. Endereços não especificados


    3.1.3. Endereços IPv6 vinculados a endereços IPv4


    3.1.3.1. IPv4-mapeado para IPv6


    3.1.3.2. por exemplo, o endereço IP 1.2.3.4 seria assim:


    3.2. Parte da rede, também conhecido como prefixo


    3.2.1. Endereço tipo "link local"


    3.2.2. Endereço tipo "site local"


    3.2.3. Endereços locais Unicast IPv6


    3.2.4. Endereço tipo Global "(Aggregatable) global unicast"


    3.2.4.1. Endereço de teste 6bone


    3.2.4.2. Endereços 6to4


    3.2.4.3. Designado pelo provedor para roteamento hierárquico


    3.2.4.4. Endereços reservados para exemplos e documentação


    3.2.5. Endereços Multicast


    3.2.5.1. Escopo Multicast


    3.2.5.2. Tipos Multicast


    3.2.5.3. Endereço multicast solicitado nó link-local


    3.2.6. Endereços Anycast


    3.2.6.1. Endereços Anycast Subnet-router


    3.3. Tipos de endereço (parte de host)


    3.3.1. Computado automaticamente (também conhecido como stateless)


    3.3.1.1. Problema de privacidade com os endereços automaticamente computados e uma solução


    3.3.2. Definido manualmente


    3.4. Tamanho de prefixos para roteamento


    3.4.1. Tamanho de prefixo (também conhecido como "netmasks")


    3.4.2. Encontrando uma rota


    4.1.1. Verificação do suporte a IPv6 no kernel utilizado


    4.1.2. Tentando carregar os módulos para o IPv6


    4.1.2.1. Carga automática do módulo


    4.1.3. Compilando o kernel 2.6 para suportar o IPv6


    4.1.3.1. Compilando um kernel vanilla


    4.1.3.2. Compilando um kernel com as extensões USAGI


    4.1.4. Dispositivos de rede com suporte a IPv6


    4.1.4.1. Estes links nunca suportarão IPv6


    4.1.4.2. Este link atualmente não suporta IPv6


    4.2. Ferramentas de configuração de rede que suportam IPv6


    4.2.1. Pacote net-tools


    4.2.2. Pacote iproute


    4.3. Programas de teste e debug IPv6


    4.3.1.1. Especificando a interface para o ping em IPv6


    4.3.1.2. Ping6 para endereços multicast


    4.3.4.1. Ping IPv6 para 2001:0db8:100:f101::1 nativo sobre um link local


    4.3.4.2. Ping IPv6 para 2001:0db8:100::1 roteado através de um túnel IPv6-in-IPv4


    4.4. Programas com suporte a IPv6


    4.5. Programas cliente com suporte a IPv6


    4.5.1. Verificando a resolução DNS para endereços IPv6


    4.5.2. Cliente de Telnet com suporte a IPv6


    4.5.3. SSH com suporte a IPv6

    4.5.3.1. openssh


    4.5.3.2. ssh.com


    4.5.4. Browsers com suporte a IPv6


    4.5.4.1. URLs para teste


    4.6. Programas servidores com suporte a IPv6

    4.7.1. Usando ferramentas

    4.7.1.1. Q: Não consigo pingar (ping6) o endereço link-local


    4.7.1.2. Q: Não consigo pingar (ping6) ou efetuar traceroute (traceroute6) como usuário normal

    5.1. Dispositivos de rede diferentes


    5.1.1. Físicas


    5.1.2. Virtuais


    5.1.2.1. Interfaces Túnel IPv6-in-IPv4


    5.1.2.2. Interfaces PPP


    5.1.2.3. Interfaces ISDN HDLC


    5.1.2.4. Interfaces ISDN PPP


    5.1.2.5. SLIP + PLIP


    5.1.2.6. Dispositivo Ether-tap


    5.1.2.7. Dispositivos tun


    5.1.2.8. ATM


    5.1.2.9. Outras


    5.2. Colocando as interfaces em up e down


    5.2.1. Usando "ip"


    5.2.2. Usando "ifconfig"


    6.1. Mostrando os endereços IPv6 existentes


    6.1.1. Usando "ip"


    6.1.2. Usando "ifconfig"


    6.2. Adicionando um endereço IPv6


    6.2.1. Usando "ip"


    6.2.2. Usando "ifconfig"


    6.3. Removendo um endereço IPv6


    6.3.1. Usando "ip"


    6.3.2. Usando "ifconfig"


    7.1. Mostrando as rotas IPv6 existentes


    7.1.1. Usando "ip"


    7.1.2. Usando "route"


    7.2. Adicionando uma rota IPv6 através de um gateway


    7.2.1. Usando "ip"


    7.2.2. Usando "route"


    7.3. Removendo uma rota IPv6 através de um gateway


    7.3.1. Usando "ip"


    7.3.2. Usando "route"


    7.4. Adicionando uma rota IPv6 através de uma interface


    7.4.1. Usando "ip"


    7.4.2. Usando "route"


    7.5. Removendo uma rota IPv6 através de uma interface


    7.5.1. Usando "ip"


    7.5.2. Usando "route"


    7.6. FAQ para rotas em IPv6

    7.6.1. Suporte de uma rota default IPv6


    7.6.1.1. Clientes (não roteando qualquer pacote!)


    7.6.1.2. Roteadores em caso de packet forwarding


    8.1. Mostrando os vizinhos usando "ip"


    8.2. Manipulando a tabela de vizinhos usando "ip"

    8.2.1. Adicionando uma entrada manualmente


    8.2.2. Excluindo uma entrada manualmente


    8.2.3. Opções mais avançadas


    9.1. Tipos de túneis


    9.1.1. Túnel estático ponto a ponto: 6bone


    9.1.2. Túnel automático


    9.1.3.1. Geração de prefixo 6to4


    9.1.3.2. Tunelamento Upstream 6to4


    9.1.3.3. Tunelamento Downstream 6to4


    9.1.3.4. Tráfego 6to4 possível


    9.2. Mostrando os túneis existentes

    9.2.1. Usando "ip"


    9.2.2. Usando "route"


    9.3.1. Adicionando túneis ponto a ponto

    9.3.1.1. Usando "ip"


    9.3.1.2. Usando "ifconfig" e "route" (obsoleto)


    9.3.1.3. Usando somente "route"


    9.3.2. Removendo os túneis ponto a ponto


    9.3.2.1. Usando "ip"


    9.3.2.2. Usando "ifconfig" e "route" (não é mais usado por ser estranho)


    9.3.2.3. Usando "route"


    9.3.3. Tuneis ponto a ponto numerados


    9.4.1. Adição de um túnel 6to4


    9.4.1.1. Usando "ip" e um dispositivo de túnel dedicado


    9.4.1.2. Usando "ifconfig" e "route" e um dispositivo de túnel genérico "sit0" (obsoleto)


    9.4.2. Removendo um túnel 6to4

    9.4.2.1. Usando "ip" e um dispositivo de túnel dedicado


    9.4.2.2. Usando "ifconfig" e "route" e o dispositivo genérico de túnel "sit0" (obsoleto)


    10.1. Mostrando os túneis existentes


    10.2. Configuração de túnel ponto a ponto


    10.3. Removendo túneis ponto a ponto


    11.1. Como acessar os arquivos do /proc

    11.1.1. Usando "cat" e "echo"


    11.1.1.1. Obtendo um valor


    11.1.1.2. Definindo um valor


    11.1.2. Usando "sysctl"


    11.1.2.1. Obtendo um valor


    11.1.2.2. Definindo um valor


    11.1.2.3. Adicionais


    11.1.3. Valores encontrados nas entradas /proc

    11.2.1. conf/default/*


    11.2.2. conf/all/*


    11.2.2.1. conf/all/forwarding


    11.2.3. conf/interface/*


    11.2.3.1. accept_ra


    11.2.3.2. accept_redirects


    11.2.3.3. autoconf


    11.2.3.4. dad_transmits


    11.2.3.5. forwarding


    11.2.3.6. hop_limit


    11.2.3.7. mtu


    11.2.3.8. router_solicitation_delay


    11.2.3.9. router_solicitation_interval


    11.2.3.10. router_solicitations


    11.2.4. neigh/default/*


    11.2.4.1. gc_thresh1


    11.2.4.2. gc_thresh2


    11.2.4.3. gc_thresh3


    11.2.4.4. gc_interval


    11.2.5. neigh/interface/*


    11.2.5.1. anycast_delay


    11.2.5.2. gc_stale_time


    11.2.5.3. proxy_qlen


    11.2.5.4. unres_qlen


    11.2.5.5. app_solicit


    11.2.5.6. locktime


    11.2.5.7. retrans_time


    11.2.5.8. base_reachable_time


    11.2.5.9. mcast_solicit


    11.2.5.10. ucast_solicit


    11.2.5.11. delay_first_probe_time


    11.2.5.12. proxy_delay


    11.2.6. route/*


    11.2.6.1. flush


    11.2.6.2. gc_interval


    11.2.6.3. gc_thresh


    11.2.6.4. mtu_expires


    11.2.6.5. gc_elasticity


    11.2.6.6. gc_min_interval


    11.2.6.7. gc_timeout


    11.2.6.8. min_adv_mss


    11.2.6.9. max_size


    11.3.1. ip_*


    14.2.1.2. Router solicitation


    14.2.2. Neighbor discovery


    18.3.2.3. Insert a log rule at the input filter with options


    18.3.2.4. Insert a drop rule at the input filter


    18.3.2.5. Delete a rule by number


    18.3.2.6. Enable connection tracking


    18.3.2.7. Allow ICMPv6


    18.3.2.8. Rate-limiting


    18.3.2.9. Allow incoming SSH


    18.3.2.10. Enable tunneled IPv6-in-IPv4


    18.3.2.11. Protection against incoming TCP connection requests


    18.3.2.12. Protection against incoming UDP connection requests


    18.3.3. Examples

    18.3.3.1. Simple example for Fedora


    18.3.3.2. Sophisticated example

    19.1. Node security


    19.2. Access limitations


    19.3.1. Legal issues


    19.3.2. Security auditing using IPv6-enabled netcat


    19.3.3. Security auditing using IPv6-enabled nmap


    19.3.4. Security auditing using IPv6-enabled strobe


    19.3.5. Audit results


    20.1. Modes of using encryption and authentication


    20.1.1. Transport mode


    20.1.2. Tunnel mode


    20.2. Support in kernel (ESP and AH)


    22.3.1.2. Virtual host listen on an IPv6 and on an IPv4 address


    22.3.1.3. Additional notes


    22.4.1. Configuring radvd

    22.4.1.1. Simple configuration


    22.4.1.2. Special 6to4 configuration


    22.4.2. Debugging


    22.5.1. Configuration of the DHCPv6 server (dhcp6s)

    22.5.1.1. Simple configuration


    22.5.2. Configuration of the DHCPv6 client (dhcp6c)

    22.5.2.1. Simple configuration


    22.5.3. Usage

    22.5.3.1. dhcpv6_server


    22.5.3.2. dhcpv6_client


    22.5.4. Debugging

    22.5.4.1. dhcpv6_server


    22.5.4.2. dhcpv6_client


    22.6.1. Configuration of the ISC DHCP server for IPv6 (dhcpd)


    22.6.1.1. Simple configuration


    22.6.2. Usage

    22.6.2.1. dhcpd


    22.7.1. Configuration of the Dibbler DHCP server for IPv6

    22.7.1.1. Simple configuration


    22.7.2. Usage

    22.7.2.1. dibbler-server


    22.8.1. Filtering capabilities


    22.8.2. Which program uses tcp_wrapper


    22.8.3. Usage


    22.8.3.1. Example for /etc/hosts.allow


    22.8.3.2. Example for /etc/hosts.deny


    22.8.4. Logging


    22.8.4.1. Refused connection


    22.8.4.2. Permitted connection

    22.9.1. Listening on IPv6 addresses

    22.10.1. Listening on IPv6 addresses


    23.1.1. Address Structures


    23.1.1.1. IPv4 sockaddr_in


    23.1.1.2. IPv6 sockaddr_in6


    23.1.1.3. Generic Addresses


    23.1.2. Lookup Functions


    23.1.3. Quirks Encountered


    23.1.3.1. IPv4 Mapped Addresses


    23.1.3.2. Cannot Specify the Scope Identifier in /etc/hosts


    23.1.3.3. Client & Server Residing on the Same Machine


    23.1.4. Putting It All Together (A Client-Server Programming Example)

    Porting applications to IPv6 HowTo. For the record, the source code presented here is original, developed from scratch, and any similarity between it and any other publicly available 'daytime' example is purely coincidental.]. The source code presented in this section was developed and tested on a RedHat Linux release using the 2.6 kernel (2.6.9 to be specific). Readers may use the source code freely, so long as proper credit is attributed; but of course the standard disclaimer must be given first:


    23.1.4.1. 'Daytime' Server Code


    23.1.4.2. 'Daytime' TCP Client Code


    23.1.4.3. 'Daytime' UDP Client Code


    23.2. Other programming languages

    25.6.1. Testing tools


    25.6.2. Information retrievement


    25.6.3. IPv6 Looking Glasses


    25.6.4. Helper applications


    Chapter 26. Revision history / Credits / The End


    26.1.1. Releases 0.x


    26.2.2. Other credits

    26.2.2.1. Document technique related


    26.3. The End

    \end_layout @@ -1186,7 +1185,6 @@ Para o uso real em seu sistema de linha de comando ou em scripts, isto deve \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -1200,7 +1198,6 @@ Comandos executados no shell por usuários normais (não root) começam com \end_layout \begin_layout Code - $ whoami \end_layout @@ -1209,7 +1206,6 @@ Comandos executados pelo usuário root começam com # \end_layout \begin_layout Code - # whoami \end_layout @@ -1385,72 +1381,58 @@ O primeiro trecho de código de rede relacionado com o IPv6 foi adicionado \end_layout \begin_layout Code - diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code - ¬ linux/include/linux/in6.h \end_layout \begin_layout Code - --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code - +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code - @@ -0,0 +1,99 @@ \end_layout \begin_layout Code - +/* \end_layout \begin_layout Code - + * Types and definitions for AF_INET6 \end_layout \begin_layout Code - + * Linux INET6 implementation \end_layout \begin_layout Code - + * + * Authors: \end_layout \begin_layout Code - + * Pedro Roque <******> \end_layout \begin_layout Code - + * \end_layout \begin_layout Code - + * Source: \end_layout \begin_layout Code - + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code - + * \end_layout @@ -1555,7 +1537,6 @@ Como já mencionado antes, os endereços IPv6 possuem 128 bits de tamanho. \end_layout \begin_layout Code - 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1571,7 +1552,6 @@ Tais números não são endereços fáceis de serem memorizados. \end_layout \begin_layout Code - 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1586,7 +1566,6 @@ s de programação) foi removido: \end_layout \begin_layout Code - 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1596,7 +1575,6 @@ Um endereço utilizável seria: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1606,12 +1584,10 @@ Para simplificar, os zeros iniciais de cada bloco de 16 bits pode ser omitido: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code - ¬ 2001:db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1623,7 +1599,6 @@ Um bloco de 16 bits contendo somente zeros também pode ser omitida, sendo \end_layout \begin_layout Code - 2001:0db8:100:f101:0:0:0:1 -> 2001:db8:100:f101::1 \end_layout @@ -1633,7 +1608,6 @@ A maior redução possível é vista do endereço IPv6 de localhost: \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1654,12 +1628,10 @@ target "http://www.faqs.org/rfcs/rfc1924.html" \end_layout \begin_layout Code - # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code - 9R}vSQZ1W=9A_Q74Lz&R \end_layout @@ -1854,7 +1826,6 @@ Este é um endereço especial para a interface de loopback, similar ao 127.0.0.1 \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -1863,7 +1834,6 @@ ou em sua forma comprimida: \end_layout \begin_layout Code - ::1 \end_layout @@ -1883,7 +1853,6 @@ Este é um endereço especial, como "any" ou "0.0.0.0". \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -1892,7 +1861,6 @@ ou: \end_layout \begin_layout Code - :: \end_layout @@ -1929,7 +1897,6 @@ Estes endereços são definidos dentro de um prefixo especial, com o tamanho \end_layout \begin_layout Code - 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -1938,7 +1905,6 @@ ou em seu formato comprimido \end_layout \begin_layout Code - ::ffff:a.b.c.d/96 \end_layout @@ -1947,7 +1913,6 @@ por exemplo, o endereço IP 1.2.3.4 seria assim: \end_layout \begin_layout Code - ::ffff:1.2.3.4 \end_layout @@ -1976,7 +1941,6 @@ reference "tunneling-6to4" \end_layout \begin_layout Code - 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -1985,7 +1949,6 @@ ou em seu formato comprimido \end_layout \begin_layout Code - ::a.b.c.d/96 \end_layout @@ -2042,22 +2005,18 @@ Eles começam com (onde "x" é qualquer caractere hexadecimal, normalmente \end_layout \begin_layout Code - fe8x: <- atualmente é o único em uso \end_layout \begin_layout Code - fe9x: \end_layout \begin_layout Code - feax: \end_layout \begin_layout Code - febx: \end_layout @@ -2099,22 +2058,18 @@ Ele começa com: \end_layout \begin_layout Code - fecx: <- mais usado, mais comum \end_layout \begin_layout Code - fedx: \end_layout \begin_layout Code - feex: \end_layout \begin_layout Code - fefx: \end_layout @@ -2166,12 +2121,10 @@ Ele começa com: \end_layout \begin_layout Code - fcxx: \end_layout \begin_layout Code - fdxx: <- atualmente o único em uso \end_layout @@ -2194,7 +2147,6 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code - fd0f:8b72:ac90::/48 \end_layout @@ -2222,12 +2174,10 @@ Ele começa com (os caracteres "x" são hexadecimais) \end_layout \begin_layout Code - 2xxx: \end_layout \begin_layout Code - 3xxx: \end_layout @@ -2248,7 +2198,6 @@ Estes foram os primeiros endereços globais que foram definidos e usados. \end_layout \begin_layout Code - 3ffe: \end_layout @@ -2257,7 +2206,6 @@ Exemplo: \end_layout \begin_layout Code - 3ffe:ffff:100:f102::1 \end_layout @@ -2267,7 +2215,6 @@ Um endereço de teste especial para o 6bone que nunca seria globalmente único \end_layout \begin_layout Code - 3ffe:ffff: \end_layout @@ -2322,7 +2269,6 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code - 2002: \end_layout @@ -2331,7 +2277,6 @@ Por exemplo, este endereço 192.168.1.1/5 ficaria: \end_layout \begin_layout Code - 2002:c0a8:0101:5::1 \end_layout @@ -2341,12 +2286,10 @@ Um pequeno comando em shell poderia ajudar voce a gerar este endereço, baseado \end_layout \begin_layout Code - ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code - ¬ | tr "." " "` $sla \end_layout @@ -2379,7 +2322,6 @@ Este endereço é delegado pelo ISP e começa com \end_layout \begin_layout Code - 2001: \end_layout @@ -2420,12 +2362,10 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code - 3fff:ffff::/32 \end_layout \begin_layout Code - 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2448,7 +2388,6 @@ Eles sempre começam com (xx é o valor de escopo) \end_layout \begin_layout Code - ffxy: \end_layout @@ -2538,7 +2477,6 @@ Um exemplo deste endereço se parece com \end_layout \begin_layout Code - ff02::1:ff00:1234 \end_layout @@ -2582,7 +2520,6 @@ Um exemplo simples para um endereço unicast é o anycast subnet-router. \end_layout \begin_layout Code - 2001:db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2592,7 +2529,6 @@ O endereço unicast subnet-router será criado removendo o sufixo (os 64 bits \end_layout \begin_layout Code - 2001:db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2631,7 +2567,6 @@ Exemplo: uma placa de rede tem o seguinte endereço MAC (48 bit): \end_layout \begin_layout Code - 00:10:a4:01:23:45 \end_layout @@ -2649,7 +2584,6 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code - 0210:a4ff:fe01:2345 \end_layout @@ -2659,7 +2593,6 @@ Com um prefixo já fornecido, o resultado é o endereço IPv6 mostrado abaixo: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -2718,7 +2651,6 @@ Para servidores, provavelmente é mais fácil se lembrar de endereços mais \end_layout \begin_layout Code - 2001:0db8:100:f101::1 \end_layout @@ -2797,7 +2729,6 @@ Exemplo: \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -2811,7 +2742,6 @@ Rede: \end_layout \begin_layout Code - 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -2820,7 +2750,6 @@ Máscara de rede: \end_layout \begin_layout Code - ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -2841,12 +2770,10 @@ Por exemplo, se uma tabela de rotas mostra as seguintes entradas (a lista \end_layout \begin_layout Code - 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code - 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -2856,12 +2783,10 @@ Os endereços de destino mostrados dos pacotes IPv6 serão roteados através \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code - 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -2921,7 +2846,6 @@ Para verificar se o seu kernel já está com o suporte a IPv6 habilitado, \end_layout \begin_layout Code - /proc/net/if_inet6 \end_layout @@ -2931,7 +2855,6 @@ Para quem gosta de scripts, é possível usar estes comandos: \end_layout \begin_layout Code - # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -2951,7 +2874,6 @@ Voce pode tentar carregar os módulos do IPv6 com o comando \end_layout \begin_layout Code - # modprobe ipv6 \end_layout @@ -2961,7 +2883,6 @@ Se a carga ocorreu sem problemas, verifique o status com estes comandos: \end_layout \begin_layout Code - # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -2986,7 +2907,6 @@ Carga automática do módulo \end_layout \begin_layout Code - alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -2996,7 +2916,6 @@ Também é possível desabilitar a carga do módulo automaticamente usando a \end_layout \begin_layout Code - alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3217,12 +3136,10 @@ Novamente, para quem gosta de scripts: \end_layout \begin_layout Code - # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code - ¬ IPv6-ready" \end_layout @@ -3232,7 +3149,6 @@ Verificando o route: \end_layout \begin_layout Code - # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3250,7 +3166,6 @@ Alexey N. \end_layout \begin_layout Code - # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3309,17 +3224,14 @@ Uso \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 [-I ] \end_layout @@ -3328,17 +3240,14 @@ Exemplo \end_layout \begin_layout Code - # ping6 -c 1 ::1 \end_layout \begin_layout Code - PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3347,17 +3256,14 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - --- ::1 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code - round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3392,12 +3298,10 @@ Ao usar um endereço link-local para pingar alguém em IPv6 o kernel pode \end_layout \begin_layout Code - # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - connect: Invalid argument \end_layout @@ -3407,22 +3311,18 @@ Neste caso, voce precisa especificar qual interface deve ser usada para \end_layout \begin_layout Code - # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code - PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3431,17 +3331,14 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code - ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3455,22 +3352,18 @@ Um mecanismo interessante para detectar hosts com endereço IPv6 é pingar \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code - PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code - 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3498,51 +3391,42 @@ Este programa geralmente está incluso no pacote iputils. \end_layout \begin_layout Code - # traceroute6 www.6bone.net \end_layout \begin_layout Code - traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code - ¬ hops max, 16 byte packets \end_layout \begin_layout Code - 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code - 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code - 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code - 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code - 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code - 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3572,52 +3456,42 @@ Este programa costuma estar incluído no pacote iputils. \end_layout \begin_layout Code - # tracepath6 www.6bone.net \end_layout \begin_layout Code - 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code - 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code - 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code - 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code - 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code - 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code - 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code - 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code - Resume: pmtu 1280 \end_layout @@ -3686,32 +3560,26 @@ Ping IPv6 para 2001:0db8:100:f101::1 nativo sobre um link local \end_layout \begin_layout Code - # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on eth0 \end_layout \begin_layout Code - 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code - ¬ request (len 64, hlim 64) \end_layout \begin_layout Code - 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code - ¬ reply (len 64, hlim 64) \end_layout @@ -3725,52 +3593,42 @@ Os endereços IPv4 1.2.3.4 e 5.6.7.8 são os tunnel endpoints (todos os endereç \end_layout \begin_layout Code - # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on ppp0 \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -3840,7 +3698,6 @@ Por causa dos updates de segurança aplicados nos últimos anos, o Servidor \end_layout \begin_layout Code - # host -t AAAA www.join.uni-muenster.de \end_layout @@ -3849,20 +3706,17 @@ e a resposta deve ser alguma coisa parecida com isso: \end_layout \begin_layout Code - www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code - tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code - ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -3876,30 +3730,25 @@ Cliente de telnet com suporte a IPv6 estão disponíveis. \end_layout \begin_layout Code - $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code - Trying 3ffe:400:100::1... \end_layout \begin_layout Code - Connected to 3ffe:400:100::1. \end_layout \begin_layout Code - Escape character is '^]'. \end_layout \begin_layout Code - HEAD / HTTP/1.0 \end_layout @@ -3908,47 +3757,38 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code - HTTP/1.1 200 OK \end_layout \begin_layout Code - Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code - GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code - Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code - ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code - Accept-Ranges: bytes \end_layout \begin_layout Code - Content-Length: 2637 \end_layout \begin_layout Code - Connection: close \end_layout \begin_layout Code - Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -3957,7 +3797,6 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code - Connection closed by foreign host. \end_layout @@ -3991,17 +3830,14 @@ As versões atuais do openssh já suportam IPv6. \end_layout \begin_layout Code - $ ssh -6 ::1 \end_layout \begin_layout Code - user@::1's password: ****** \end_layout \begin_layout Code - [user@ipv6host user]$ \end_layout @@ -4349,12 +4185,10 @@ Uso: \end_layout \begin_layout Code - # ip link set dev up \end_layout \begin_layout Code - # ip link set dev down \end_layout @@ -4367,12 +4201,10 @@ Exemplo: \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout @@ -4386,12 +4218,10 @@ Uso: \end_layout \begin_layout Code - # /sbin/ifconfig up \end_layout \begin_layout Code - # /sbin/ifconfig down \end_layout @@ -4400,12 +4230,10 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 up \end_layout \begin_layout Code - # /sbin/ifconfig eth0 down \end_layout @@ -4445,7 +4273,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev \end_layout @@ -4454,27 +4281,22 @@ Exemplo para uma configuração de host estático: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: \end_layout @@ -4548,22 +4361,18 @@ Exemplo (a saída foi filtrada com o grep para mostrar somente os endereços \end_layout \begin_layout Code - # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code - inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code - inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code - inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -4585,7 +4394,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 addr add / dev \end_layout @@ -4594,7 +4402,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -4608,7 +4415,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 add / \end_layout @@ -4617,7 +4423,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -4641,7 +4446,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 addr del / dev \end_layout @@ -4650,7 +4454,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -4664,7 +4467,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 del / \end_layout @@ -4673,7 +4475,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -4714,7 +4515,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 route show [dev ] \end_layout @@ -4724,27 +4524,22 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code - 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -4758,7 +4553,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -4769,42 +4563,34 @@ Exemplo (a saída foi filtrada para a interface eth0). \end_layout \begin_layout Code - # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code - 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code - ¬ addresses \end_layout \begin_layout Code - ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -4827,12 +4613,10 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 route add / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -4841,7 +4625,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ip -6 route add 2000::/3 via 2001:0db8:0:f101::1 \end_layout @@ -4855,12 +4638,10 @@ Uso: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -4879,7 +4660,6 @@ Veja o exemplo abaixo, como adicionar uma rota para todos os endereços globais \end_layout \begin_layout Code - # /sbin/route -A inet6 add 2000::/3 gw 2001:0db8:0:f101::1 \end_layout @@ -4903,12 +4683,10 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 route del / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -4917,7 +4695,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ip -6 route del 2000::/3 via 2001:0db8:0:f101::1 \end_layout @@ -4931,12 +4708,10 @@ Uso: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code - ¬ ] \end_layout @@ -4945,7 +4720,6 @@ Exemplo para remover a rota adicionada anteriormente (acima): \end_layout \begin_layout Code - # /sbin/route -A inet6 del 2000::/3 gw 2001:0db8:0:f101::1 \end_layout @@ -4968,12 +4742,10 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 route add / dev \end_layout \begin_layout Code - ¬ metric 1 \end_layout @@ -4982,7 +4754,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ip -6 route add 2000::/3 dev eth0 metric 1 \end_layout @@ -5001,7 +4772,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / dev \end_layout @@ -5010,7 +4780,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/route -A inet6 add 2000::/3 dev eth0 \end_layout @@ -5032,7 +4801,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 route del / dev \end_layout @@ -5041,7 +4809,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ip -6 route del 2000::/3 dev eth0 \end_layout @@ -5055,7 +4822,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / dev \end_layout @@ -5065,7 +4831,6 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/route -A inet6 del 2000::/3 dev eth0 \end_layout @@ -5097,17 +4862,14 @@ Um cliente pode configurar uma rota default prefixo "::/0", mas eles também \end_layout \begin_layout Code - # ip -6 route show | grep ^default \end_layout \begin_layout Code - default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code - ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5159,7 +4921,6 @@ Com o comando abaixo voce pode verificar a tabela de vizinhos aprendida \end_layout \begin_layout Code - # ip -6 neigh show [dev ] \end_layout @@ -5168,12 +4929,10 @@ O exemplo a seguir mostra um vizinho, o qual é um router acessível \end_layout \begin_layout Code - # ip -6 neigh show \end_layout \begin_layout Code - fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -5190,7 +4949,6 @@ Com o comando abaixo, voce consegue adicionar uma entrada manualmente \end_layout \begin_layout Code - # ip -6 neigh add lladdr dev \end_layout @@ -5199,7 +4957,6 @@ Exemplo: \end_layout \begin_layout Code - # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5212,7 +4969,6 @@ Similar à adição de uma entrada, uma entrada pode ser excluída \end_layout \begin_layout Code - # ip -6 neigh del lladdr dev \end_layout @@ -5221,7 +4977,6 @@ Exemplo: \end_layout \begin_layout Code - # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5235,28 +4990,23 @@ A ferramenta "ip" não é tão documentada, mas é bem útil e forte. \end_layout \begin_layout Code - # ip -6 neigh help \end_layout \begin_layout Code - Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code - [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code - | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code - ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -5388,27 +5138,22 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code - | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code - | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code - | 0x2002 | | | | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout @@ -5520,7 +5265,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -5529,17 +5273,14 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show \end_layout \begin_layout Code - sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code - sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -5552,7 +5293,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -5562,7 +5302,6 @@ Exemplo (a saída está filtrada para mostrar somente os túneis através da \end_layout \begin_layout Code - # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -5571,27 +5310,22 @@ W*$" \end_layout \begin_layout Code - ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code - 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -5658,12 +5392,10 @@ Use-o para criar um dispositivo túnel (mas não depois, o TTL também deve \end_layout \begin_layout Code - # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -5672,22 +5404,18 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -5696,22 +5424,18 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -5720,22 +5444,18 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -5757,7 +5477,6 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -5766,17 +5485,14 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit1 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout @@ -5785,17 +5501,14 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit2 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit2 \end_layout @@ -5804,17 +5517,14 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit3 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit3 \end_layout @@ -5847,7 +5557,6 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -5856,32 +5565,26 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -5917,7 +5620,6 @@ Uso para remover um dispositivo túnel: \end_layout \begin_layout Code - # /sbin/ip tunnel del \end_layout @@ -5926,17 +5628,14 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code - # /sbin/ip link set sit1 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit1 \end_layout @@ -5945,17 +5644,14 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code - # /sbin/ip link set sit2 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit2 \end_layout @@ -5964,17 +5660,14 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code - # /sbin/ip link set sit3 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit3 \end_layout @@ -5993,12 +5686,10 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code - # /sbin/ifconfig sit3 down \end_layout @@ -6007,12 +5698,10 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code - # /sbin/ifconfig sit2 down \end_layout @@ -6021,12 +5710,10 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code - # /sbin/ifconfig sit1 down \end_layout @@ -6035,7 +5722,6 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6057,32 +5743,26 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6091,7 +5771,6 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6150,7 +5829,6 @@ Assumindo que o seu endereço IPv4 seja este \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -6159,7 +5837,6 @@ o prefixo 6to4 gerado será este \end_layout \begin_layout Code - 2002:0102:0304:: \end_layout @@ -6170,7 +5847,6 @@ Gateways locais 6to4 deveriam (mas não é uma regra fixa, pois voce pode \end_layout \begin_layout Code - 2002:0102:0304::1 \end_layout @@ -6179,7 +5855,6 @@ Por exemplo, use a seguinte automação: \end_layout \begin_layout Code - ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -6201,12 +5876,10 @@ Criando um dispositivo de túnel \end_layout \begin_layout Code - # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code - ¬ \end_layout @@ -6215,7 +5888,6 @@ Ativando a interface \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 up \end_layout @@ -6225,7 +5897,6 @@ Adicionando o endereço local 6to4 na interface (nota: o tamanho do prefixo \end_layout \begin_layout Code - # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -6235,7 +5906,6 @@ Adicionando uma rota default para a rede global IPv6 usando o endereço anycast \end_layout \begin_layout Code - # /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -6246,7 +5916,6 @@ Adicionando uma rota default para a rede global IPv6 usando o endereço anycast \end_layout \begin_layout Code - # /sbin/ip -6 route add 2000::/3 via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -6265,7 +5934,6 @@ Ativando a interface genérica sit0 \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6274,7 +5942,6 @@ Adicionando um endereço 6to4 na interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 add /16 \end_layout @@ -6284,7 +5951,6 @@ Adicionando uma rota default para a rede global IPv6 usando o endereço anycast \end_layout \begin_layout Code - # /sbin/route -A inet6 add 2000::/3 gw ::192.88.99.1 dev sit0 \end_layout @@ -6301,7 +5967,6 @@ Remova todas as rotas que utilizam este dispositivo \end_layout \begin_layout Code - # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -6310,7 +5975,6 @@ Desligue a interface \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 down \end_layout @@ -6319,7 +5983,6 @@ Remova o dispositivo criado \end_layout \begin_layout Code - # /sbin/ip tunnel del tun6to4 \end_layout @@ -6332,7 +5995,6 @@ Remova as rotas default que usam esta interface \end_layout \begin_layout Code - # /sbin/route -A inet6 del 2000::/3 gw ::192.88.99.1 dev sit0 \end_layout @@ -6341,7 +6003,6 @@ Remova o endereço local 6to4 desta interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 del /16 \end_layout @@ -6351,7 +6012,6 @@ Desligue o dispositivo genérico de túnel (cuidado com isto, pois ela ainda \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6392,7 +6052,6 @@ Uso: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -6401,28 +6060,23 @@ Exemplo: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code - ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 \end_layout \begin_layout Code - ¬ flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code - ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 \end_layout \begin_layout Code - ¬ hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -6440,12 +6094,10 @@ Uso para criar um dispositivo de túnel 4over6 \end_layout \begin_layout Code - # /sbin/ip tunnel add mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -6454,22 +6106,18 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -6478,22 +6126,18 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -6502,22 +6146,18 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -6530,7 +6170,6 @@ Uso ara remover um dispositivo de túnel: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del \end_layout @@ -6539,17 +6178,14 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -6558,17 +6194,14 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -6577,17 +6210,14 @@ Uso (exemplo genérico para 3 túneis): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -6635,7 +6265,6 @@ O sistema de arquivos /proc deve estar habilitado no kernel , ou seja, a \end_layout \begin_layout Code - CONFIG_PROC_FS=y \end_layout @@ -6645,12 +6274,10 @@ O sistema de arquivos já deve estar montado, o que pode ser testado como \end_layout \begin_layout Code - # mount | grep "type proc" \end_layout \begin_layout Code - none on /proc type proc (rw) \end_layout @@ -6673,12 +6300,10 @@ O valor de uma entrada pode ser obtido com o comando "cat": \end_layout \begin_layout Code - # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code - 0 \end_layout @@ -6692,7 +6317,6 @@ Um novo valor pode ser definido (se a entrada aceitar a escrita) através \end_layout \begin_layout Code - # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -6718,7 +6342,6 @@ A interface do sysctl deve estar habilitada no kernel, então a seguinte \end_layout \begin_layout Code - CONFIG_SYSCTL=y \end_layout @@ -6731,12 +6354,10 @@ O valor de uma entrada pode ser obtida da seguinte maneira: \end_layout \begin_layout Code - # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 0 \end_layout @@ -6749,12 +6370,10 @@ Um novo valor pode ser definido (se a entrada aceitar a escrita): \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 1 \end_layout @@ -6764,12 +6383,10 @@ Nota: Não use espaços entre o sinal = para definir os valores. \end_layout \begin_layout Code - # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code - net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -7186,12 +6803,10 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code - ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code - ¬ seq=426, pid=0 \end_layout @@ -7639,27 +7254,22 @@ s). \end_layout \begin_layout Code - # cat /proc/net/if_inet6 \end_layout \begin_layout Code - 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code - +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code - | | | | | | \end_layout \begin_layout Code - 1 2 3 4 5 6 \end_layout @@ -7714,27 +7324,22 @@ Aqui toda a configuração de rotas em IPv6 é mostrada em um formato especialt. \end_layout \begin_layout Code - # cat /proc/net/ipv6_route \end_layout \begin_layout Code - 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code - +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code - | | | | \end_layout \begin_layout Code - 1 2 3 4 \end_layout @@ -7743,22 +7348,18 @@ Aqui toda a configuração de rotas em IPv6 é mostrada em um formato especialt. \end_layout \begin_layout Code - ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code - ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code - ¬ | | | | | | \end_layout \begin_layout Code - ¬ 5 6 7 8 9 10 \end_layout @@ -7819,27 +7420,22 @@ Estatísticas sobre o uso de sockets IPv6. \end_layout \begin_layout Code - # cat /proc/net/sockstat6 \end_layout \begin_layout Code - TCP6: inuse 7 \end_layout \begin_layout Code - UDP6: inuse 2 \end_layout \begin_layout Code - RAW6: inuse 1 \end_layout \begin_layout Code - FRAG6: inuse 0 memory 0 \end_layout @@ -8021,375 +7617,307 @@ Example: \end_layout \begin_layout Code - # netstat -nlptu \end_layout \begin_layout Code - Active Internet connections (only servers) \end_layout \begin_layout Code - Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code - ¬ PID/Program name \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 22433/lpd Waiting \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1746/smbd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 3551/X \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18735/junkbuster \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code - ¬ 1410/sshd \end_layout \begin_layout Code - tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code - ¬ 13237/sshd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - udp 0 0 :::53 :::* \end_layout \begin_layout Code - ¬ 30734/named \end_layout @@ -8421,32 +7949,26 @@ Router advertisement \end_layout \begin_layout Code - 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code - ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code - ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code - ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code - ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code - ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -8499,12 +8021,10 @@ Router solicitation \end_layout \begin_layout Code - 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code - ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -8572,12 +8092,10 @@ fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -8594,18 +8112,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -8622,18 +8137,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code - ¬ 255) \end_layout @@ -8654,18 +8166,15 @@ Node wants to send packages to \end_layout \begin_layout Code - 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code - ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -8682,12 +8191,10 @@ fe80::10 \end_layout \begin_layout Code - 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code - ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -8809,7 +8316,6 @@ You can test, whether your Linux distribution contain support for persistent \end_layout \begin_layout Code - /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -8818,13 +8324,11 @@ Auto-magically test: \end_layout \begin_layout Code - # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code - ¬ IPv6 script library exists" \end_layout @@ -8834,17 +8338,14 @@ The version of the library is important if you miss some features. \end_layout \begin_layout Code - # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code - ¬ getversion_ipv6_functions \end_layout \begin_layout Code - 20011124 \end_layout @@ -8883,12 +8384,10 @@ Check whether running system has already IPv6 module loaded \end_layout \begin_layout Code - # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code - alias net-pf-10 off \end_layout @@ -8906,7 +8405,6 @@ off \end_layout \begin_layout Code - NETWORKING_IPV6=yes \end_layout @@ -8915,7 +8413,6 @@ Reboot or restart networking using \end_layout \begin_layout Code - # service network restart \end_layout @@ -8924,12 +8421,10 @@ Now IPv6 module should be loaded \end_layout \begin_layout Code - # modprobe -c | grep ipv6 \end_layout \begin_layout Code - alias net-pf-10 ipv6 \end_layout @@ -8989,7 +8484,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IP6ADDR="/" \end_layout @@ -9015,7 +8509,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IPADDR="/" \end_layout @@ -9056,54 +8549,44 @@ Configure your interface. \end_layout \begin_layout Code - iface eth0 inet6 static \end_layout \begin_layout Code - pre-up modprobe ipv6 \end_layout \begin_layout Code - address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code - # To suppress completely autoconfiguration: \end_layout \begin_layout Code - # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code - netmask 64 \end_layout \begin_layout Code - # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code - # It is magically \end_layout \begin_layout Code - # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code - #gateway 2001:0db8:1234:5::1 \end_layout @@ -9112,7 +8595,6 @@ And you reboot or you just \end_layout \begin_layout Code - # ifup --force eth0 \end_layout @@ -9183,22 +8665,18 @@ Example: \end_layout \begin_layout Code - # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code - inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code - valid_lft forever preferred_lft forever \end_layout @@ -9700,7 +9178,6 @@ Change to source directory: \end_layout \begin_layout Code - # cd /path/to/src \end_layout @@ -9709,12 +9186,10 @@ Unpack and rename kernel sources \end_layout \begin_layout Code - # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code - # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -9723,7 +9198,6 @@ Unpack iptables sources \end_layout \begin_layout Code - # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -9736,7 +9210,6 @@ Change to iptables directory \end_layout \begin_layout Code - # cd iptables-version \end_layout @@ -9745,7 +9218,6 @@ Apply pending patches \end_layout \begin_layout Code - # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -9756,7 +9228,6 @@ Apply additional IPv6 related patches (still not in the vanilla kernel included) \end_layout \begin_layout Code - # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -9795,12 +9266,10 @@ Check IPv6 extensions \end_layout \begin_layout Code - # make print-extensions \end_layout \begin_layout Code - Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -9813,7 +9282,6 @@ Change to kernel sources \end_layout \begin_layout Code - # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -9822,12 +9290,10 @@ Edit Makefile \end_layout \begin_layout Code - - EXTRAVERSION = \end_layout \begin_layout Code - + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -9836,99 +9302,80 @@ Run configure, enable IPv6 related \end_layout \begin_layout Code - Code maturity level options \end_layout \begin_layout Code - Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code - Networking options \end_layout \begin_layout Code - Network packet filtering: yes \end_layout \begin_layout Code - The IPv6 protocol: module \end_layout \begin_layout Code - IPv6: Netfilter Configuration \end_layout \begin_layout Code - IP6 tables support: module \end_layout \begin_layout Code - All new options like following: \end_layout \begin_layout Code - limit match support: module \end_layout \begin_layout Code - MAC address match support: module \end_layout \begin_layout Code - Multiple port match support: module \end_layout \begin_layout Code - Owner match support: module \end_layout \begin_layout Code - netfilter MARK match support: module \end_layout \begin_layout Code - Aggregated address check: module \end_layout \begin_layout Code - Packet filtering: module \end_layout \begin_layout Code - REJECT target support: module \end_layout \begin_layout Code - LOG target support: module \end_layout \begin_layout Code - Packet mangling: module \end_layout \begin_layout Code - MARK target support: module \end_layout @@ -9955,7 +9402,6 @@ Rename older directory \end_layout \begin_layout Code - # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -9964,7 +9410,6 @@ Create a new softlink \end_layout \begin_layout Code - # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -9973,7 +9418,6 @@ Rebuild SRPMS \end_layout \begin_layout Code - # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -9987,7 +9431,6 @@ On RH 7.1 systems, normally, already an older version is installed, therefore \end_layout \begin_layout Code - # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -9996,7 +9439,6 @@ If not already installed, use "install" \end_layout \begin_layout Code - # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10007,7 +9449,6 @@ ts don't fit. \end_layout \begin_layout Code - # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10017,7 +9458,6 @@ Perhaps it's necessary to create a softlink for iptables libraries where \end_layout \begin_layout Code - # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -10034,7 +9474,6 @@ Load module, if so compiled \end_layout \begin_layout Code - # modprobe ip6_tables \end_layout @@ -10043,12 +9482,10 @@ Check for capability \end_layout \begin_layout Code - # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code - ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -10065,7 +9502,6 @@ Short \end_layout \begin_layout Code - # ip6tables -L \end_layout @@ -10074,7 +9510,6 @@ Extended \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L \end_layout @@ -10083,7 +9518,6 @@ List specified filter \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -10092,12 +9526,10 @@ Insert a log rule at the input filter with options \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code - ¬ --log-level 7 \end_layout @@ -10106,7 +9538,6 @@ Insert a drop rule at the input filter \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -10115,7 +9546,6 @@ Delete a rule by number \end_layout \begin_layout Code - # ip6tables --table filter --delete INPUT 1 \end_layout @@ -10129,7 +9559,6 @@ Since kernel version 2.6.20 IPv6 connection tracking is well supported and \end_layout \begin_layout Code - # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -10147,7 +9576,6 @@ Accept incoming ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -10156,7 +9584,6 @@ Allow outgoing ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -10165,7 +9592,6 @@ Newer kernels allow specifying of ICMPv6 types: \end_layout \begin_layout Code - # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -10183,12 +9609,10 @@ Because it can happen (author already saw it to times) that an ICMPv6 storm \end_layout \begin_layout Code - # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code - ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -10206,12 +9630,10 @@ Allow incoming SSH from 2001:0db8:100::1/128 \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code - ¬ --dport 22 -j ACCEPT \end_layout @@ -10224,12 +9646,10 @@ no longer needed if connection tracking is used! \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code - ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -10251,7 +9671,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -10260,7 +9679,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -10274,7 +9692,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 from tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -10283,7 +9700,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 to tunnel endpoint 1.2.3.4 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -10306,7 +9722,6 @@ Block incoming TCP connection requests to this host \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -10315,7 +9730,6 @@ Block incoming TCP connection requests to hosts behind this router \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -10348,7 +9762,6 @@ Block incoming UDP packets which cannot be responses of outgoing requests \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -10358,7 +9771,6 @@ Block incoming UDP packets which cannot be responses of forwarded requests \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -10386,7 +9798,6 @@ tracking \end_layout \begin_layout Code - File: /etc/sysconfig/ip6tables \end_layout @@ -10395,87 +9806,70 @@ File: /etc/sysconfig/ip6tables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -10484,7 +9878,6 @@ For completeness also the IPv4 configuration is shown here: \end_layout \begin_layout Code - File: /etc/sysconfig/iptables \end_layout @@ -10493,88 +9886,71 @@ File: /etc/sysconfig/iptables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -10591,12 +9967,10 @@ Activate IPv4 & IPv6 firewalling \end_layout \begin_layout Code - # service iptables start \end_layout \begin_layout Code - # service ip6tables start \end_layout @@ -10605,12 +9979,10 @@ Enable automatic start after reboot \end_layout \begin_layout Code - # chkconfig iptables on \end_layout \begin_layout Code - # chkconfig ip6tables on \end_layout @@ -10629,578 +10001,472 @@ but still stateless filter \end_layout \begin_layout Code - # ip6tables -n -v -L \end_layout \begin_layout Code - Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain ext2int (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain int2ext (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -11309,12 +10575,10 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # nc6 ::1 daytime \end_layout \begin_layout Code - 13 JUL 2002 11:22:22 CEST \end_layout @@ -11336,53 +10600,43 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code - # nmap -6 -sT ::1 \end_layout \begin_layout Code - Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code - Interesting ports on localhost6 (::1): \end_layout \begin_layout Code - (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code - Port State Service \end_layout \begin_layout Code - 22/tcp open ssh \end_layout \begin_layout Code - 53/tcp open domain \end_layout \begin_layout Code - 515/tcp open printer \end_layout \begin_layout Code - 2401/tcp open cvspserver \end_layout \begin_layout Code - Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -11405,32 +10659,26 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code - ::1 2401 unassigned unknown \end_layout \begin_layout Code - ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code - ::1 515 printer spooler (lpd) \end_layout \begin_layout Code - ::1 6010 unassigned unknown \end_layout \begin_layout Code - ::1 53 domain Domain Name Server \end_layout @@ -11694,27 +10942,22 @@ Example for an end-to-end encrypted connection in transport mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -11727,37 +10970,30 @@ Example for a end-to-end encrypted connection in tunnel mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -11819,22 +11055,18 @@ File: /etc/racoon/racoon.conf \end_layout \begin_layout Code - # Racoon IKE daemon configuration file. \end_layout \begin_layout Code - # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code - path include "/etc/racoon"; \end_layout \begin_layout Code - path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -11843,22 +11075,18 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code - listen \end_layout \begin_layout Code - { \end_layout \begin_layout Code - isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code - } \end_layout @@ -11867,62 +11095,50 @@ listen \end_layout \begin_layout Code - remote 2001:db8:2:2::2 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exchange_mode main; \end_layout \begin_layout Code - lifetime time 24 hour; \end_layout \begin_layout Code - proposal \end_layout \begin_layout Code - { \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - hash_algorithm md5; \end_layout \begin_layout Code - authentication_method pre_shared_key; \end_layout \begin_layout Code - dh_group 2; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -11931,42 +11147,34 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code - # gateway-to-gateway \end_layout \begin_layout Code - sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -11975,37 +11183,30 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -12018,12 +11219,10 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code - # format is: 'identifier' 'key' \end_layout @@ -12032,7 +11231,6 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - 2001:db8:2:2::2 verysecret \end_layout @@ -12056,104 +11254,84 @@ At least the daemon needs to be started. \end_layout \begin_layout Code - # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code - Foreground mode. \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 \end_layout \begin_layout Code - ¬ (http://ipsec-tools.sourceforge.net) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code - ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code - ¬ queued due to no phase1 found. \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code - ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -12171,12 +11349,10 @@ tcpdump \end_layout \begin_layout Code - 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code - 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -12197,117 +11373,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code - A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code - A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -12400,22 +11553,18 @@ File: /etc/ipsec.conf \end_layout \begin_layout Code - # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code - # \end_layout \begin_layout Code - # Manual: ipsec.conf.5 \end_layout \begin_layout Code - version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -12424,27 +11573,22 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code - # basic configuration \end_layout \begin_layout Code - config setup \end_layout \begin_layout Code - # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code - # klipsdebug=none \end_layout \begin_layout Code - # plutodebug="control parsing" \end_layout @@ -12453,12 +11597,10 @@ config setup \end_layout \begin_layout Code - #Disable Opportunistic Encryption \end_layout \begin_layout Code - include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -12467,67 +11609,54 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code - conn ipv6-p1-p2 \end_layout \begin_layout Code - connaddrfamily=ipv6 # Important for IPv6! \end_layout \begin_layout Code - left=2001:db8:1:1::1 \end_layout \begin_layout Code - right=2001:db8:2:2::2 \end_layout \begin_layout Code - authby=secret \end_layout \begin_layout Code - esp=aes128-sha1 \end_layout \begin_layout Code - ike=aes128-sha-modp1024 \end_layout \begin_layout Code - type=transport \end_layout \begin_layout Code - #type=tunnel \end_layout \begin_layout Code - compress=no \end_layout \begin_layout Code - #compress=yes \end_layout \begin_layout Code - auto=add \end_layout \begin_layout Code - #auto=start \end_layout @@ -12544,7 +11673,6 @@ File: /etc/ipsec.secrets \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -12566,7 +11694,6 @@ If installation of Openswan was successfully, an initscript should exist \end_layout \begin_layout Code - # /etc/rc.d/init.d/ipsec start \end_layout @@ -12584,42 +11711,34 @@ IPsec SA established \end_layout \begin_layout Code - # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code - 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code - 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code - 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code - 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code - ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -12637,117 +11756,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code - A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code - A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -12769,12 +11865,10 @@ ip \end_layout \begin_layout Code - # ip xfrm policy \end_layout \begin_layout Code - ... \end_layout @@ -12783,12 +11877,10 @@ ip \end_layout \begin_layout Code - # ip xfrm state \end_layout \begin_layout Code - ... \end_layout @@ -12835,39 +11927,32 @@ Proper working QoS is only possible on the outgoing interface of a router \end_layout \begin_layout Code - -------------->------- \end_layout \begin_layout Code - Queue 1 \backslash \end_layout \begin_layout Code - --->--- ---->--------->--------->--------------- \end_layout \begin_layout Code - Big pipe Queue 2 Queue 1 / Queue 2 / Queue 3 Thin Pipe \end_layout \begin_layout Code - --->---- ---->--------->--------->--------------- \end_layout \begin_layout Code - Queue 3 / \end_layout \begin_layout Code - -------------->------- \end_layout @@ -12936,7 +12021,6 @@ Define root qdisc with a bandwidth of 1000 MBit/s on eth1 \end_layout \begin_layout Code - # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -12949,7 +12033,6 @@ Define a class 1:1 with 1 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -12959,7 +12042,6 @@ Define a class 1:2 with 50 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -12969,7 +12051,6 @@ Define a class 1:3 with 10 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -12979,7 +12060,6 @@ Define a class 1:4 with 200 kBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -13005,7 +12085,6 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -13023,7 +12102,6 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -13037,7 +12115,6 @@ match ip6 flowlabel 12345 0x3ffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -13051,7 +12128,6 @@ handle 32 fw \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -13061,7 +12137,6 @@ The last filter definition requires an entry in the ip6tables to mark a \end_layout \begin_layout Code - # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -13075,17 +12150,14 @@ Start on server side each one one separate console: \end_layout \begin_layout Code - # iperf -V -s -p 5001 \end_layout \begin_layout Code - # iperf -V -s -p 5002 \end_layout \begin_layout Code - # iperf -V -s -p 5003 \end_layout @@ -13094,35 +12166,29 @@ Start on client side and compare results: \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5001 (expected: 1 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5001 (expected: 50 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5003 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5003 (expected: 200 kBit/s) \end_layout @@ -13198,22 +12264,18 @@ To enable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { any; }; \end_layout \begin_layout Code - }; \end_layout @@ -13222,59 +12284,48 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code - ¬ # incoming TCP requests \end_layout \begin_layout Code - udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code - udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP request to any IPv6 \end_layout @@ -13283,7 +12334,6 @@ And a simple test looks like \end_layout \begin_layout Code - # dig localhost @::1 \end_layout @@ -13300,22 +12350,18 @@ To disable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - }; \end_layout @@ -13329,67 +12375,54 @@ IPv6 enabled ACLs are possible and should be used whenever it's possible. \end_layout \begin_layout Code - acl internal-net { \end_layout \begin_layout Code - 127.0.0.1; \end_layout \begin_layout Code - 1.2.3.0/24; \end_layout \begin_layout Code - 2001:0db8:100::/56; \end_layout \begin_layout Code - ::1/128; \end_layout \begin_layout Code - ::ffff:1.2.3.4/128; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - acl ns-internal-net { \end_layout \begin_layout Code - 1.2.3.4; \end_layout \begin_layout Code - 1.2.3.5; \end_layout \begin_layout Code - 2001:0db8:100::4/128; \end_layout \begin_layout Code - 2001:0db8:100::5/128; \end_layout \begin_layout Code - }; \end_layout @@ -13401,32 +12434,26 @@ This ACLs can be used e.g. \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - allow-query { internal-net; }; \end_layout \begin_layout Code - allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code - }; \end_layout @@ -13451,7 +12478,6 @@ This option is not required, but perhaps needed: \end_layout \begin_layout Code - query-source-v6 address port ; \end_layout @@ -13472,7 +12498,6 @@ Transfer source address is used for outgoing zone transfers: \end_layout \begin_layout Code - transfer-source-v6 [port port]; \end_layout @@ -13485,7 +12510,6 @@ Notify source address is used for outgoing notify messages: \end_layout \begin_layout Code - notify-source-v6 [port port]; \end_layout @@ -13638,27 +12662,22 @@ Specifying a dedicated server for the query, an IPv6 connect can be forced: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -13667,7 +12686,6 @@ Aliases: \end_layout \begin_layout Code - Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -13677,17 +12695,14 @@ Related log entry looks like following: \end_layout \begin_layout Code - Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code - ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code - query denied \end_layout @@ -13705,27 +12720,22 @@ A successful IPv6 connect looks like following: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -13734,14 +12744,12 @@ Aliases: \end_layout \begin_layout Code - www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code - 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -13785,52 +12793,42 @@ If you enable a built-in service like e.g. \end_layout \begin_layout Code - # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code - --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code - +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code - @@ -10,5 +10,5 @@ \end_layout \begin_layout Code - protocol = tcp \end_layout \begin_layout Code - user = root \end_layout \begin_layout Code - wait = no \end_layout \begin_layout Code - - disable = yes \end_layout \begin_layout Code - + disable = no \end_layout \begin_layout Code - } \end_layout @@ -13839,27 +12837,22 @@ After restarting the xinetd you should get a positive result like: \end_layout \begin_layout Code - # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code - ¬ daytime/tcp \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -13914,27 +12907,22 @@ Virtual host listen on an IPv6 address only \end_layout \begin_layout Code - Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -13943,32 +12931,26 @@ Virtual host listen on an IPv6 and on an IPv4 address \end_layout \begin_layout Code - Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code - Listen 1.2.3.4:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -13977,24 +12959,20 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -14094,52 +13072,42 @@ Radvd's config file is normally /etc/radvd.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code - AdvOnLink on; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -14148,28 +13116,23 @@ This results on client side in \end_layout \begin_layout Code - # ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -14192,67 +13155,54 @@ Version since 0.6.2pl3 support the automatic (re)-generation of the prefix \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code - AdvOnLink off; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - Base6to4Interface ppp0; \end_layout \begin_layout Code - AdvPreferredLifetime 20; \end_layout \begin_layout Code - AdvValidLifetime 30; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -14262,28 +13212,23 @@ This results on client side in (assuming, ppp0 has currently 1.2.3.4 as local \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -14300,7 +13245,6 @@ Additional note: if you do not used special 6to4 support in initscripts, \end_layout \begin_layout Code - # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -14327,107 +13271,86 @@ radvdump \end_layout \begin_layout Code - # radvdump \end_layout \begin_layout Code - Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code - AdvCurHopLimit: 64 \end_layout \begin_layout Code - AdvManagedFlag: off \end_layout \begin_layout Code - AdvOtherConfigFlag: off \end_layout \begin_layout Code - AdvHomeAgentFlag: off \end_layout \begin_layout Code - AdvReachableTime: 0 \end_layout \begin_layout Code - AdvRetransTimer: 0 \end_layout \begin_layout Code - Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 30 \end_layout \begin_layout Code - AdvPreferredLifetime: 20 \end_layout \begin_layout Code - AdvOnLink: off \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 2592000 \end_layout \begin_layout Code - AdvPreferredLifetime: 604800 \end_layout \begin_layout Code - AdvOnLink: on \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -14479,67 +13402,54 @@ dhcp6s's config file is normally /etc/dhcp6s.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - server-preference 255; \end_layout \begin_layout Code - renew-time 60; \end_layout \begin_layout Code - rebind-time 90; \end_layout \begin_layout Code - prefer-life-time 130; \end_layout \begin_layout Code - valid-life-time 200; \end_layout \begin_layout Code - allow rapid-commit; \end_layout \begin_layout Code - option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code - link AAA { \end_layout \begin_layout Code - range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code - prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -14557,22 +13467,18 @@ dhcp6c's config file is normally /etc/dhcp6c.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - send rapid-commit; \end_layout \begin_layout Code - request domain-name-servers; \end_layout \begin_layout Code - }; \end_layout @@ -14589,7 +13495,6 @@ Start server, e.g. \end_layout \begin_layout Code - # service dhcp6s start \end_layout @@ -14602,7 +13507,6 @@ Start client in foreground, e.g. \end_layout \begin_layout Code - # dhcp6c -f eth0 \end_layout @@ -14620,7 +13524,6 @@ The server has one foreground and two debug toggles (both should be used \end_layout \begin_layout Code - # dhcp6s -d -D -f eth0 \end_layout @@ -14634,7 +13537,6 @@ As general debugging for test whether the IPv6 DHCP server is reable on \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1:2 \end_layout @@ -14643,63 +13545,51 @@ The client has one foreground and two debug toggles, here is an example: \end_layout \begin_layout Code - # dhcp6c -d -f eth0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not \end_layout \begin_layout Code - ¬ in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code - Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -14750,88 +13640,71 @@ Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 \end_layout \begin_layout Code - default-lease-time 600; \end_layout \begin_layout Code - max-lease-time 7200; \end_layout \begin_layout Code - log-facility local7; \end_layout \begin_layout Code - subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients \end_layout \begin_layout Code - range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout \begin_layout Code - # Additional options \end_layout \begin_layout Code - option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code - option dhcp6.domain-search "domain.example"; \end_layout \begin_layout Code - # Prefix range for delegation to sub-routers \end_layout \begin_layout Code - prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout \begin_layout Code - # Example for a fixed host address \end_layout \begin_layout Code - host specialclient { \end_layout \begin_layout Code - host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code - fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -14867,7 +13740,6 @@ dhcp6c \end_layout \begin_layout Code - # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -14887,56 +13759,46 @@ Start server in foreground: \end_layout \begin_layout Code - # /usr/sbin/dhcpd -6 -f -cf /etc/dhcp/dhcpd.conf eth1 \end_layout \begin_layout Code - Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code - Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code - All rights reserved. \end_layout \begin_layout Code - For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code - Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code - Wrote 0 leases to leases file. \end_layout \begin_layout Code - Bound to *:547 \end_layout \begin_layout Code - Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code - Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -14969,68 +13831,55 @@ Create a dedicated configuration file /etc/dibbler/server.conf . \end_layout \begin_layout Code - log-level 8 \end_layout \begin_layout Code - log-mode short \end_layout \begin_layout Code - preference 0 \end_layout \begin_layout Code - iface "eth1" { \end_layout \begin_layout Code - // also ranges can be defines, instead of exact values t1 1800-2000 t2 2700-3000 \end_layout \begin_layout Code - prefered-lifetime 3600 \end_layout \begin_layout Code - valid-lifetime 7200 \end_layout \begin_layout Code - class { \end_layout \begin_layout Code - pool 2001:6f8:12d8:1::/64 \end_layout \begin_layout Code - } \end_layout \begin_layout Code - option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code - option domain domain.example \end_layout \begin_layout Code - } \end_layout @@ -15047,148 +13896,124 @@ Start server in foreground: \end_layout \begin_layout Code - # dibbler-server run \end_layout \begin_layout Code - | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code - | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code - | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code - | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code - 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code - 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code - 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code - 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code - 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code - 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code - 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code - 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code - 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code - 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code - 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code - 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -15250,7 +14075,6 @@ tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny \end_layout \begin_layout Code - $ man hosts.allow \end_layout @@ -15264,13 +14088,11 @@ In this file, each service which should be positive filtered (means connects \end_layout \begin_layout Code - sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code - daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -15291,7 +14113,6 @@ This file contains all negative filter entries and should normally deny \end_layout \begin_layout Code - ALL: ALL \end_layout @@ -15303,12 +14124,10 @@ If this node is a more sensible one you can replace the standard line above \end_layout \begin_layout Code - ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code - | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -15331,22 +14150,18 @@ A refused connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -15356,27 +14171,22 @@ A refused connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code - Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code - ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -15390,22 +14200,18 @@ A permitted connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -15415,22 +14221,18 @@ A permitted connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ port 33381 ssh2 \end_layout \begin_layout Code - Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -15454,7 +14256,6 @@ Edit the configuration file, ususally /etc/vsftpd/vsftpd.conf, and adjust \end_layout \begin_layout Code - listen_ipv6=yes \end_layout @@ -15482,27 +14283,22 @@ Edit the configuration file, ususally /etc/proftpd.conf, but take care, not \end_layout \begin_layout Code - \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Bind 2001:0DB8::1 \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - \end_layout @@ -15702,37 +14498,30 @@ struct sockaddr_in \end_layout \begin_layout Code - struct sockaddr_in \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin_family; \end_layout \begin_layout Code - in_port_t sin_port; \end_layout \begin_layout Code - struct in_addr sin_addr; \end_layout \begin_layout Code - /* Plus some padding for alignment */ \end_layout \begin_layout Code - }; \end_layout @@ -15784,42 +14573,34 @@ struct sockaddr_in6 \end_layout \begin_layout Code - struct sockaddr_in6 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin6_family; \end_layout \begin_layout Code - in_port_t sin6_port; \end_layout \begin_layout Code - uint32_t sin6_flowinfo; \end_layout \begin_layout Code - struct in6_addr sin6_addr; \end_layout \begin_layout Code - uint32_t sin6_scope_id; \end_layout \begin_layout Code - }; \end_layout @@ -15933,7 +14714,6 @@ fe80::1%eth1 \end_layout \begin_layout Code - Host A (fe80::1) ---- eth0 ---- Host B ---- eth1 ---- Host C (fe80::1) \end_layout @@ -16042,32 +14822,26 @@ recvfrom(2) \end_layout \begin_layout Code - ssize_t recvfrom( int s, \end_layout \begin_layout Code - void *buf, \end_layout \begin_layout Code - size_t len, \end_layout \begin_layout Code - int flags, \end_layout \begin_layout Code - struct sockaddr *from, \end_layout \begin_layout Code - socklen_t *fromlen ); \end_layout @@ -16093,104 +14867,84 @@ struct sockaddr_storage \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read a message from a remote peer, and return a buffer pointer to \end_layout \begin_layout Code - ** the caller. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** 's' is the file descriptor for the socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char *rcvMsg( int s ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - static char bfr[ 1025 ]; /* Where the msg is stored. */ \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct sockaddr_storage ss; /* Where the peer adr goes. */ \end_layout \begin_layout Code - socklen_t sslen; \end_layout \begin_layout Code - sslen = sizeof( ss ); \end_layout \begin_layout Code - count = recvfrom( s, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ) - 1, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - (struct sockaddr*) &ss, \end_layout \begin_layout Code - &sslen ); \end_layout \begin_layout Code - bfr[ count ] = ' \backslash 0'; /* Null-terminates the message. @@ -16198,12 +14952,10 @@ char *rcvMsg( int s ) \end_layout \begin_layout Code - return bfr; \end_layout \begin_layout Code - } /* End rcvMsg() */ \end_layout @@ -16270,22 +15022,18 @@ getaddrinfo(3) \end_layout \begin_layout Code - int getaddrinfo( const char *node, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - const struct addrinfo *hints, \end_layout \begin_layout Code - struct addrinfo **res ); \end_layout @@ -16344,57 +15092,46 @@ struct addrinfo \end_layout \begin_layout Code - struct addrinfo \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int ai_flags; \end_layout \begin_layout Code - int ai_family; \end_layout \begin_layout Code - int ai_socktype; \end_layout \begin_layout Code - int ai_protocol; \end_layout \begin_layout Code - socklen_t ai_addrlen; \end_layout \begin_layout Code - struct sockaddr *ai_addr; \end_layout \begin_layout Code - char *ai_canonname; \end_layout \begin_layout Code - struct addrinfo *ai_next; \end_layout \begin_layout Code - }; \end_layout @@ -16803,37 +15540,30 @@ struct sockaddr \end_layout \begin_layout Code - int getnameinfo( const struct sockaddr *sa, \end_layout \begin_layout Code - socklen_t salen, \end_layout \begin_layout Code - char *host, \end_layout \begin_layout Code - size_t hostlen, \end_layout \begin_layout Code - char *serv, \end_layout \begin_layout Code - size_t servlen, \end_layout \begin_layout Code - int flags ); \end_layout @@ -16932,7 +15662,6 @@ For security reasons that this author won't pretend to understand, "IPv4 \end_layout \begin_layout Code - ::ffff:192.0.2.1 \end_layout @@ -17003,22 +15732,18 @@ It is possible to assign a hostname to an IPv6 network address in \end_layout \begin_layout Code - ::1 localhost \end_layout \begin_layout Code - 127.0.0.1 localhost \end_layout \begin_layout Code - fe80::2c0:8cff:fe01:2345 pt141 \end_layout \begin_layout Code - 192.0.2.1 pt141 \end_layout @@ -17123,7 +15848,6 @@ The server code is found in file tod6d.c (time-of-day IPv6 daemon). \end_layout \begin_layout Code - tod6d [-v] [service] \end_layout @@ -17150,314 +15874,257 @@ The server handles both TCP and UDP requests on the network. \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6d.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' server. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer, \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration & error codes. */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) et al. */ \end_layout \begin_layout Code - #include /* sockaddr_in & sockaddr_in6 definition. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation & memory functions. */ \end_layout \begin_layout Code - #include /* poll(2) and related definitions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), bind(2), etc). */ \end_layout \begin_layout Code - #include /* time(2) & ctime(3). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file descriptor. */ \end_layout \begin_layout Code - #define MAXCONNQLEN 3 /* Max nbr of connection requests to queue. */ \end_layout \begin_layout Code - #define MAXTCPSCKTS 2 /* One TCP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define MAXUDPSCKTS 2 /* One UDP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define VALIDOPTS "v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Simple boolean type definition. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ); \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static char hostBfr[ NI_MAXHOST ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name w/o dir prefix. */ \end_layout \begin_layout Code - static char servBfr[ NI_MAXSERV ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode indication. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro for command syntax violations. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "Usage: %s [-v] [service] \backslash n", @@ -17466,44 +16133,37 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash \end_layout \begin_layout Code - exit( 127 ); \backslash \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Macro to terminate the program if a system call error occurs. The system \end_layout \begin_layout Code - ** call must be one of the usual type that returns -1 on error. This macro is \end_layout \begin_layout Code - ** a modified version of a macro authored by Dr. V. Vinge, SDSU Dept. @@ -17511,66 +16171,56 @@ n", \end_layout \begin_layout Code - ** Computer Science (retired)... best professor I ever had. I hear he writes \end_layout \begin_layout Code - ** great science fiction in addition to robust code, too. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define CHK(expr) \backslash \end_layout \begin_layout Code - do \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - if ( (expr) == -1 ) \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "%s (line %d): System call ERROR - %s. \backslash n", @@ -17579,35 +16229,30 @@ n", \end_layout \begin_layout Code - pgmName, \backslash \end_layout \begin_layout Code - __LINE__, \backslash \end_layout \begin_layout Code - strerror( errno ) ); \backslash \end_layout \begin_layout Code - exit( 1 ); \backslash \end_layout \begin_layout Code - } /* End IF system call failed. */ \backslash @@ -17615,436 +16260,352 @@ n", \end_layout \begin_layout Code - } while ( false ) \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Set up a time-of-day server and handle network requests. This server \end_layout \begin_layout Code - * handles both TCP and UDP requests. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc and argv parameters to a main() function. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This is a daemon program and never returns. However, in the degenerate \end_layout \begin_layout Code - * case where no sockets are created, the function returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - int tSckt[ MAXTCPSCKTS ]; /* Array of TCP socket descriptors. */ \end_layout \begin_layout Code - size_t tScktSize = MAXTCPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - int uSckt[ MAXUDPSCKTS ]; /* Array of UDP socket descriptors. */ \end_layout \begin_layout Code - size_t uScktSize = MAXUDPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName + 1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) >= 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line arguments. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: break; \end_layout \begin_layout Code - case 1: service = argv[ optind ]; break; \end_layout \begin_layout Code - default: USAGE; \end_layout \begin_layout Code - } /* End SWITCH on number of command line arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open both a TCP and UDP socket, for both IPv4 & IPv6, on which to receive \end_layout \begin_layout Code - ** service requests. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( openSckt( service, "tcp", tSckt, &tScktSize ) < 0 ) || \end_layout \begin_layout Code - ( openSckt( service, "udp", uSckt, &uScktSize ) < 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Run the time-of-day server. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( tScktSize > 0 ) || ( uScktSize > 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - tod( tSckt, /* tod() never returns. */ \end_layout \begin_layout Code - tScktSize, \end_layout \begin_layout Code - uSckt, \end_layout \begin_layout Code - uScktSize ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Since tod() never returns, execution only gets here if no sockets were \end_layout \begin_layout Code - ** created. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: No sockets opened... terminating. \backslash @@ -18052,354 +16613,286 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Open passive (server) sockets for the indicated inet service & protocol. \end_layout \begin_layout Code - * Notice in the last sentence that "sockets" is plural. During the interim \end_layout \begin_layout Code - * transition period while everyone is switching over to IPv6, the server \end_layout \begin_layout Code - * application has to open two sockets on which to listen for connections... \end_layout \begin_layout Code - * one for IPv4 traffic and one for IPv6 traffic. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * service - Pointer to a character string representing the well-known port \end_layout \begin_layout Code - * on which to listen (can be a service name or a decimal number). \end_layout \begin_layout Code - * protocol - Pointer to a character string representing the transport layer \end_layout \begin_layout Code - * protocol (only "tcp" or "udp" are valid). \end_layout \begin_layout Code - * desc - Pointer to an array into which the socket descriptors are \end_layout \begin_layout Code - * placed when opened. \end_layout \begin_layout Code - * descSize - This is a value-result parameter. On input, it contains the \end_layout \begin_layout Code - * max number of descriptors that can be put into 'desc' (i.e. the \end_layout \begin_layout Code - * number of elements in the array). Upon return, it will contain \end_layout \begin_layout Code - * the number of descriptors actually opened. Any unused slots in \end_layout \begin_layout Code - * 'desc' are set to INVALID_DESC. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * 0 on success, -1 on error. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints = { .ai_flags = AI_PASSIVE, /* Server mode. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - .ai_family = PF_UNSPEC }; /* IPv4 or IPv6. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - size_t maxDescs = *descSize; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize output parameters. When the loop completes, *descSize is 0. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( *descSize > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ --( *descSize ) ] = INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Check which protocol is selected (only TCP and UDP are valid). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( strcmp( protocol, "tcp" ) == 0 ) /* TCP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else if ( strcmp( protocol, "udp" ) == 0 ) /* UDP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else /* Invalid protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown transport " \end_layout \begin_layout Code - "layer protocol \backslash "%s @@ -18410,235 +16903,191 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - protocol ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the service's well-known port number. Notice that NULL is being \end_layout \begin_layout Code - ** passed for the 'node' parameter, and that the AI_PASSIVE flag is set in \end_layout \begin_layout Code - ** 'hints'. Thus, the program is requesting passive address information. \end_layout \begin_layout Code - ** The network address is initialized to :: (all zeros) for IPv6 records, or \end_layout \begin_layout Code - ** 0.0.0.0 for IPv4 records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( NULL, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** For each of the address records returned, attempt to set up a passive \end_layout \begin_layout Code - ** socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead; \end_layout \begin_layout Code - ( ai != NULL ) && ( *descSize < maxDescs ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the current address info. Start with the protocol- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Setting up a passive socket based on the " \end_layout \begin_layout Code - "following address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -18646,7 +17095,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -18654,629 +17102,512 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Now display the protocol-specific formatted socket address. Note \end_layout \begin_layout Code - ** that the program is requesting that getnameinfo(3) convert the \end_layout \begin_layout Code - ** host & service into numeric strings. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket using the info in the addrinfo structure. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( desc[ *descSize ] = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Here is the code that prevents "IPv4 mapped addresses", as discussed \end_layout \begin_layout Code - ** in Section 22.1.3.1. If an IPv6 socket was just created, then set the \end_layout \begin_layout Code - ** IPV6_V6ONLY socket option. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - #if defined( IPV6_V6ONLY ) \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Disable IPv4 mapped addresses. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - int v6Only = 1; \end_layout \begin_layout Code - CHK( setsockopt( desc[ *descSize ], \end_layout \begin_layout Code - IPPROTO_IPV6, \end_layout \begin_layout Code - IPV6_V6ONLY, \end_layout \begin_layout Code - &v6Only, \end_layout \begin_layout Code - sizeof( v6Only ) ) ); \end_layout \begin_layout Code - #else \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPV6_V6ONLY is not defined, so the socket option can't be set and \end_layout \begin_layout Code - ** thus IPv4 mapped addresses can't be disabled. Print a warning \end_layout \begin_layout Code - ** message and close the socket. Design note: If the \end_layout \begin_layout Code - ** #if...#else...#endif construct were removed, then this program \end_layout \begin_layout Code - ** would not compile (because IPV6_V6ONLY isn't defined). That's an \end_layout \begin_layout Code - ** acceptable approach; IPv4 mapped addresses are certainly disabled \end_layout \begin_layout Code - ** if the program can't build! However, since this program is also \end_layout \begin_layout Code - ** designed to work for IPv4 sockets as well as IPv6, I decided to \end_layout \begin_layout Code - ** allow the program to compile when IPV6_V6ONLY is not defined, and \end_layout \begin_layout Code - ** turn it into a run-time warning rather than a compile-time error. \end_layout \begin_layout Code - ** IPv4 mapped addresses are still disabled because _all_ IPv6 traffic \end_layout \begin_layout Code - ** is disabled (all IPv6 sockets are closed here), but at least this \end_layout \begin_layout Code - ** way the server can still service IPv4 network traffic. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Cannot set IPV6_V6ONLY socket " \end_layout \begin_layout Code - "option. Closing IPv6 %s socket. \backslash @@ -19284,690 +17615,556 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_protocol == IPPROTO_TCP ? "TCP" : "UDP" ); \end_layout \begin_layout Code - CHK( close( desc[ *descSize ] ) ); \end_layout \begin_layout Code - continue; /* Go to top of FOR loop w/o updating *descSize! */ \end_layout \begin_layout Code - #endif /* IPV6_V6ONLY */ \end_layout \begin_layout Code - } /* End IF this is an IPv6 socket. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Bind the socket. Again, the info from the addrinfo structure is used. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( bind( desc[ *descSize ], \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** If this is a TCP socket, put the socket into passive listening mode \end_layout \begin_layout Code - ** (listen is only valid on connection-oriented sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_socktype == SOCK_STREAM ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - CHK( listen( desc[ *descSize ], \end_layout \begin_layout Code - MAXCONNQLEN ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Socket set up okay. Bump index to next descriptor array element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - *descSize += 1; \end_layout \begin_layout Code - } /* End FOR each address info structure returned. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Dummy check for unused address records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose && ( ai != NULL ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Some address records were " \end_layout \begin_layout Code - "not processed due to insufficient array space. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__ ); \end_layout \begin_layout Code - } /* End IF verbose and some address records remain unprocessed. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Listen on a set of sockets and send the current time-of-day to any \end_layout \begin_layout Code - * clients. This function never returns. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * tSckt - Array of TCP socket descriptors on which to listen. \end_layout \begin_layout Code - * tScktSize - Size of the tSckt array (nbr of elements). \end_layout \begin_layout Code - * uSckt - Array of UDP socket descriptors on which to listen. \end_layout \begin_layout Code - * uScktSize - Size of the uSckt array (nbr of elements). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ 256 ]; \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct pollfd *desc; \end_layout \begin_layout Code - size_t descSize = tScktSize + uScktSize; \end_layout \begin_layout Code - int idx; \end_layout \begin_layout Code - int newSckt; \end_layout \begin_layout Code - struct sockaddr *sadr; \end_layout \begin_layout Code - socklen_t sadrLen; \end_layout \begin_layout Code - struct sockaddr_storage sockStor; \end_layout \begin_layout Code - int status; \end_layout \begin_layout Code - size_t timeLen; \end_layout \begin_layout Code - char *timeStr; \end_layout \begin_layout Code - time_t timeVal; \end_layout \begin_layout Code - ssize_t wBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Allocate memory for the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - desc = malloc( descSize * sizeof( struct pollfd ) ); \end_layout \begin_layout Code - if ( desc == NULL ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - strerror( ENOMEM ) ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ idx ].fd = idx < tScktSize ? tSckt[ idx ] \end_layout \begin_layout Code - : uSckt[ idx - tScktSize ]; \end_layout \begin_layout Code - desc[ idx ].events = POLLIN; \end_layout \begin_layout Code - desc[ idx ].revents = 0; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Main time-of-day server loop. Handles both TCP & UDP requests. This is \end_layout \begin_layout Code - ** an interative server, and all requests are handled directly within the \end_layout \begin_layout Code - ** main loop. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( true ) /* Do forever. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Wait for activity on one of the sockets. The DO..WHILE construct is \end_layout \begin_layout Code - ** used to restart the system call in the event the process is \end_layout \begin_layout Code - ** interrupted by a signal. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - status = poll( desc, \end_layout \begin_layout Code - descSize, \end_layout \begin_layout Code - -1 /* Wait indefinitely for input. */ ); \end_layout \begin_layout Code - } while ( ( status < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( status ); /* Check for a bona fide system call error. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the current time. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - timeVal = time( NULL ); \end_layout \begin_layout Code - timeStr = ctime( &timeVal ); \end_layout \begin_layout Code - timeLen = strlen( timeStr ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Indicate that there is new network activity. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char *s = malloc( timeLen+1 ); \end_layout \begin_layout Code - strcpy( s, timeStr ); \end_layout \begin_layout Code - s[ timeLen-1 ] = ' \backslash 0'; /* Overwrite ' @@ -19977,913 +18174,743 @@ n' in date string. \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: New network activity on %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - s ); \end_layout \begin_layout Code - free( s ); \end_layout \begin_layout Code - } /* End IF verbose. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process sockets with input available. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( desc[ idx ].revents ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: /* No activity on this socket; try the next. */ \end_layout \begin_layout Code - continue; \end_layout \begin_layout Code - case POLLIN: /* Network activity. Go process it. */ \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - default: /* Invalid poll events. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Invalid poll event (0x%02X). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - desc[ idx ].revents ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on returned poll events. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine if this is a TCP request or UDP request. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( idx < tScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** TCP connection requested. Accept it. Notice the use of \end_layout \begin_layout Code - ** the sockaddr_storage data type. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( newSckt = accept( desc[ idx ].fd, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - CHK( shutdown( newSckt, /* Server never recv's anything. */ \end_layout \begin_layout Code - SHUT_RD ) ); \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Begin with \end_layout \begin_layout Code - ** the address-independent fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Sockaddr info for new TCP client: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Notice that we're switching on an address family now, not a \end_layout \begin_layout Code - ** protocol family. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the TOD to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = write( newSckt, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes ); \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - CHK( close( newSckt ) ); \end_layout \begin_layout Code - } /* End IF this was a TCP connection request. */ \end_layout \begin_layout Code - else \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This is a UDP socket, and a datagram is available. The funny \end_layout \begin_layout Code - ** thing about UDP requests is that this server doesn't require any \end_layout \begin_layout Code - ** client input; but it can't send the TOD unless it knows a client \end_layout \begin_layout Code - ** wants the data, and the only way that can occur with UDP is if \end_layout \begin_layout Code - ** the server receives a datagram from the client. Thus, the \end_layout \begin_layout Code - ** server must receive _something_, but the content of the datagram \end_layout \begin_layout Code - ** is irrelevant. Read in the datagram. Again note the use of \end_layout \begin_layout Code - ** sockaddr_storage to receive the address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( count = recvfrom( desc[ idx ].fd, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ), \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display whatever was received on stdout. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - ssize_t rBytes = count; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: UDP datagram received (%d bytes). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - count ); \end_layout \begin_layout Code - while ( count > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fputc( bfr[ rBytes - count-- ], \end_layout \begin_layout Code - stdout ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - if ( bfr[ rBytes-1 ] != ' \backslash n' ) \end_layout \begin_layout Code - fputc( ' \backslash n', stdout ); /* Newline also flushes stdout. @@ -20891,493 +18918,403 @@ n', stdout ); /* Newline also flushes stdout. \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Address- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Remote client's sockaddr info: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 address. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 address. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the time-of-day to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = sendto( desc[ idx ].fd, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, /* Address & address length */ \end_layout \begin_layout Code - sadrLen ); /* received in recvfrom(). */ \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - } /* End ELSE a UDP datagram is available. */ \end_layout \begin_layout Code - desc[ idx ].revents = 0; /* Clear the returned poll events. */ \end_layout \begin_layout Code - } /* End FOR each socket descriptor. */ \end_layout \begin_layout Code - } /* End WHILE forever. */ \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -21392,7 +19329,6 @@ The TCP client code is found in file tod6tc.c (time-of-day IPv6 TCP client). \end_layout \begin_layout Code - tod6tc [-v] [-s scope_id] [host [service]] \end_layout @@ -21433,265 +19369,216 @@ The TCP client source code contained in tod6tc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6tc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' TCP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -21699,7 +19586,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -21707,7 +19593,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -21715,7 +19600,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -21724,7 +19608,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -21732,7 +19615,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -21740,24 +19622,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -21765,669 +19643,540 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connection could not be established. \backslash @@ -22435,646 +20184,524 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a TCP connection to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to set up the connection. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a connection could not be \end_layout \begin_layout Code - * established. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; /* Connection-oriented byte stream. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; /* TCP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -23082,7 +20709,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -23090,751 +20716,608 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Connect to the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** The client never sends anything, so shut down the write side of the \end_layout \begin_layout Code - ** connection. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "shutdown", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - shutdown( sckt, SHUT_WR ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -23842,23 +21325,19 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - } while ( inBytes > 0 ); \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -23875,7 +21354,6 @@ The UDP client code is found in file tod6uc.c (time-of-day IPv6 UDP client). \end_layout \begin_layout Code - tod6uc [-v] [-s scope_id] [host [service]] \end_layout @@ -23916,265 +21394,216 @@ The UDP client source code contained in tod6uc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6uc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' UDP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), recvfrom(2), sendto(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -24182,7 +21611,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -24190,7 +21618,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -24198,7 +21625,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -24207,7 +21633,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -24215,7 +21640,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -24223,24 +21647,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -24248,1316 +21668,1065 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connectionless socket could " \end_layout \begin_layout Code - "not be set up. \backslash n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a UDP socket to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to exchange datagrams. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a socket could not be initialized. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; /* Connectionless communication. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; /* UDP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -25565,7 +22734,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -25573,748 +22741,606 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the target destination for the remote host on this socket. That \end_layout \begin_layout Code - ** is, this socket only communicates with the specified host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send a datagram to the server to wake it up. The content isn't \end_layout \begin_layout Code - ** important, but something must be sent to let it know we want the TOD. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "write", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - write( sckt, "Are you there?", 14 ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -26322,18 +23348,15 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -28688,19 +25711,8 @@ target "http://www.ipinfusion.com/products/server/products_server.html" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "SPA Mail Server 2.21 " -target "http://download.com.com/3000-2165-10153543.html?tag=lst-0-21" - -\end_inset - - -\end_layout - -\begin_layout Itemize -\begin_inset CommandInset href -LatexCommand href -name "Inframail (Advantage Server Edition) 6.0 " -target "http://download.com.com/3000-2165-8202652.html?tag=lst-0-2" +name "Inframail (Advantage Server Edition)" +target "http://download.cnet.com/Inframail-Advantage-Server-Edition/3000-10248_4-8202652.html" \end_inset @@ -28711,7 +25723,7 @@ target "http://download.com.com/3000-2165-8202652.html?tag=lst-0-2" \begin_inset CommandInset href LatexCommand href name "HTTrack Website Copier" -target "http://download.com.com/3000-2377-10149393.html?tag=lst-0-1" +target "http://download.cnet.com/HTTrack-Website-Copier/3000-2377_4-10149393.html" \end_inset @@ -28721,8 +25733,8 @@ target "http://download.com.com/3000-2377-10149393.html?tag=lst-0-1" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "CommView 5.0" -target "http://download.com.com/3000-2085-10132748.html?tag=lst-0-1" +name "CommView" +target "http://download.cnet.com/CommView/3000-2085_4-10132748.html" \end_inset @@ -28732,8 +25744,8 @@ target "http://download.com.com/3000-2085-10132748.html?tag=lst-0-1" \begin_layout Itemize \begin_inset CommandInset href LatexCommand href -name "Posadis 0.50.6" -target "http://download.com.com/3000-2104-10149750.html?tag=lst-0-1" +name "Posadis" +target "http://download.cnet.com/Posadis/3000-2155_4-10149750.html" \end_inset @@ -29624,7 +26636,7 @@ Major Mailinglists are listed in following table: \begin_layout Standard \begin_inset Tabular - + diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.pdf index a704f67a..328bcbdc 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.sgml index b4a016ff..5c0a883f 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pt_BR.sgml @@ -6,7 +6,7 @@ ]> - @@ -51,9 +51,7 @@ Versão A versão atual deste documento é mostrada no começo do documento. -Informação CVS: -Para outras versões ou traduções disponíveis, veja o sitehttp://www.bieringer.de/linux/IPv6/. +Para outras versões ou traduções disponíveis, veja o sitehttp://www.bieringer.de/linux/IPv6/. Histórico Relevantes @@ -4758,7 +4756,7 @@ SourceForge: Project Info - Wireshark (former known as Ethereal) is a free network protocol analyzer for Unix and WindowsRadcom RC100-WL - Download Radcom RC100-WL protocol analyzer version 3.20 IPv6 Products -6wind - solutions for IPv4/IPv6 Router, QoS, Multicast, Mobility, Security/VPN/Firewall. Fefe's patches for IPv6 with djbdnsAug 2002 -- What is djbdns and why does it need IPv6? djbdns is a full blown DNS server which outperforms BIND in nearly all respects.ZebOS Server Routing Suite SPA Mail Server 2.21 Inframail (Advantage Server Edition) 6.0 HTTrack Website CopierCommView 5.0Posadis 0.50.6 +6wind - solutions for IPv4/IPv6 Router, QoS, Multicast, Mobility, Security/VPN/Firewall. Fefe's patches for IPv6 with djbdnsAug 2002 -- What is djbdns and why does it need IPv6? djbdns is a full blown DNS server which outperforms BIND in nearly all respects.ZebOS Server Routing Suite Inframail (Advantage Server Edition)HTTrack Website CopierCommViewPosadis <!-- anchor id="information-snmp" -->SNMP comp.protocpols.snmp SNMP FAQ Part 1 of 2 diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml index bf8aff3f..39ad8ba9 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml @@ -6,13 +6,14 @@ ]> - Linux IPv6 HOWTO (en) PeterBieringer

    pb at bieringer dot de
    + 0.67wip 2015-08-18 PB 0.66 2014-05-15 PB 0.65 2009-12-13 PB 0.64 2009-06-11 PB @@ -51,9 +52,7 @@ Version The current version is shown at the beginning of the document. -CVS information: -For other available versions/translations see also http://www.bieringer.de/linux/IPv6/. +For other available versions/translations see also http://www.bieringer.de/linux/IPv6/. History Major history @@ -5053,7 +5052,7 @@ SourceForge: Project Info - Wireshark (former known as Ethereal) is a free network protocol analyzer for Unix and WindowsRadcom RC100-WL - Download Radcom RC100-WL protocol analyzer version 3.20 IPv6 Products -6wind - solutions for IPv4/IPv6 Router, QoS, Multicast, Mobility, Security/VPN/Firewall. Fefe's patches for IPv6 with djbdnsAug 2002 -- What is djbdns and why does it need IPv6? djbdns is a full blown DNS server which outperforms BIND in nearly all respects.ZebOS Server Routing Suite SPA Mail Server 2.21 Inframail (Advantage Server Edition) 6.0 HTTrack Website CopierCommView 5.0Posadis 0.50.6 +6wind - solutions for IPv4/IPv6 Router, QoS, Multicast, Mobility, Security/VPN/Firewall. Fefe's patches for IPv6 with djbdnsAug 2002 -- What is djbdns and why does it need IPv6? djbdns is a full blown DNS server which outperforms BIND in nearly all respects.ZebOS Server Routing Suite Inframail (Advantage Server Edition)HTTrack Website CopierCommViewPosadis <!-- anchor id="information-snmp" -->SNMP comp.protocpols.snmp SNMP FAQ Part 1 of 2 @@ -5281,7 +5280,7 @@ Publisher: MarketResearch.com; ISBN B00006334Y; (November 1, 2001) Versions x.y.z are work-in-progress and published as LyX and SGML file on CVS. Because Deep Space 6 mirrors these SGML files and generate independend from TLDP public versions, this versions will show up there and also on its mirrors. Releases 0.x -0.662010-04-20/PB: extend QoS section with examples, 20130513/PB: add IPv6 NAT hints, 20130521/PB: review dhcpd, 20131019/bie: general review, 20140502/bie: add hints for nftables, 20140513/bie: extend section regarding address resolution and add source/destination address selection information, 20140515/bie: add hints for activation of privacy extension0.652009-12-13/PB: minor fixes0.642009-06-11/PB: extend DHCP server examples (ISC DHCP, Dibbler)0.632009-02-14/PB: Fix FSF address, major update on 4in6 tunnels, add new section for address resolving, add some URLs, remove broken URLs0.622008-11-09/PB: Adjust URL to Turkish howto, add some HIP related URLs, remove broken URLs0.61.12007-11-11/PB: fix broken description of shortcut BIND0.612007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update.0.60.22007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail)0.60.12007-06-16/PB: speling fixes (credits to Larry W. Burton)0.602007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes0.522007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes0.512006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich)0.50.22006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto)0.50.12006-09-23/PB: add some URLs0.502006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing0.49.52006-08-23/PB: fix/remove broken URLs0.49.42006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones.0.49.32006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter0.49.22006-08-20/PB: update and cleanup of maillist entries0.49.12006-06-13/PB: major update of mobility section (contributed by Benjamin Thery)0.492005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel)0.48.12005-01-15/PB: minor fixes0.482005-01-11/PB: grammar check and minor review of IPv6 IPsec section0.47.12005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs0.472004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation0.46.42004-07-19/PB: minor fixes0.46.32004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation0.46.22004-05-22/PB: minor fixes0.46.12004-04-18/PB: minor fixes0.462004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates0.45.12004-01-12/PB: add note about the official example address space0.452004-01-11/PB: minor fixes, add/fix some URLs, some extensions0.44.22003-10-30/PB: fix some copy&paste text bugs0.44.12003-10-19/PB: add note about start of Italian translation0.442003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache20.43.42003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs0.43.32003-06-19/PB: fix typos0.43.22003-06-11/PB: fix URL0.43.12003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec0.432003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation0.422003-05-09/PB: minor fixes, announce French translation0.41.42003-05-02/PB: Remove a broken URL, update some others.0.41.32003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation0.41.22003-04-13/PB: Fix some typos, add a note about a French translation is in progress0.41.12003-03-31/PB: Remove a broken URL, fix another0.412003-03-22/PB: Add URL of German translation0.40.22003-02-27/PB: Fix a misaddressed URL0.40.12003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations0.402003-02-10/PB: Announcing available German version0.39.22003-02-10/GK: Minor syntax and spelling fixes0.39.12003-01-09/PB: fix an URL (draft adopted to an RFC)0.392003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul)0.38.12003-01-09/PB: a minor fix0.382003-01-06/PB: minor fixes0.37.12003-01-05/PB: minor updates0.372002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections0.36.12002-12-20/PB: Minor fixes0.362002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes0.352002-12-11/PB: Some fixes and extensions0.34.12002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs)0.342002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books0.332002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example0.322002-11-03/PB: Add information about Taiwanese translation0.31.12002-10-06/PB: Add another maillist0.312002-09-29/PB: Extend information in proc-filesystem entries0.302002-09-27/PB: Add some maillists0.292002-09-18/PB: Update statement about nmap (triggered by Fyodor)0.28.12002-09-16/PB: Add note about ping6 to multicast addresses, add some labels0.282002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle0.272002-08-10/PB: Some minor updates0.26.22002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters0.26.12002-07-13/PB: Update nmap/IPv6 information0.262002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only0.25.22002-07-11/PB: Minor spelling fixes0.25.12002-06-23/PB: Minor spelling and other fixes0.252002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX0.242002-05-02/PB: Add entries in URL list, minor spelling fixes0.232002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL0.222002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists0.212002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.42002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.32002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan0.20.22002-02-05/PB: Add mipl to maillist table0.20.12002-01-31/PB: Add a hint how to generate 6to4 addresses0.202002-01-30/PB: Add a hint about default route problem, some minor updates0.19.22002-01-29/PB: Add many new URLs0.19.12002-01-27/PB: Add some forgotten URLs0.192002-01-25/PB: Add two German books, fix quote entinities in exported SGML code0.18.22002-01-23/PB: Add a FAQ on the program chapter0.18.12002-01-23/PB: Move “the end” to the end, add USAGI to maillists0.182002-01-22/PB: Fix bugs in explanation of multicast address types0.17.22002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document0.17.12002-01-20/PB: Add a reference, fix URL text in online-test-tools0.172002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses0.162002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs.0.152002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document0.142002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements0.132002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions0.122002-01-03/PB: Merge review of David Ranch0.112002-01-02/PB: Spell checking and merge review of Pekka Savola0.102002-01-02/PB: First public release of chapter 1 +0.67wip2015-08-18/PB: fix some broken URLs0.662010-04-20/PB: extend QoS section with examples, 20130513/PB: add IPv6 NAT hints, 20130521/PB: review dhcpd, 20131019/bie: general review, 20140502/bie: add hints for nftables, 20140513/bie: extend section regarding address resolution and add source/destination address selection information, 20140515/bie: add hints for activation of privacy extension0.652009-12-13/PB: minor fixes0.642009-06-11/PB: extend DHCP server examples (ISC DHCP, Dibbler)0.632009-02-14/PB: Fix FSF address, major update on 4in6 tunnels, add new section for address resolving, add some URLs, remove broken URLs0.622008-11-09/PB: Adjust URL to Turkish howto, add some HIP related URLs, remove broken URLs0.61.12007-11-11/PB: fix broken description of shortcut BIND0.612007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update.0.60.22007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail)0.60.12007-06-16/PB: speling fixes (credits to Larry W. Burton)0.602007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes0.522007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes0.512006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich)0.50.22006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto)0.50.12006-09-23/PB: add some URLs0.502006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing0.49.52006-08-23/PB: fix/remove broken URLs0.49.42006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones.0.49.32006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter0.49.22006-08-20/PB: update and cleanup of maillist entries0.49.12006-06-13/PB: major update of mobility section (contributed by Benjamin Thery)0.492005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel)0.48.12005-01-15/PB: minor fixes0.482005-01-11/PB: grammar check and minor review of IPv6 IPsec section0.47.12005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs0.472004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation0.46.42004-07-19/PB: minor fixes0.46.32004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation0.46.22004-05-22/PB: minor fixes0.46.12004-04-18/PB: minor fixes0.462004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates0.45.12004-01-12/PB: add note about the official example address space0.452004-01-11/PB: minor fixes, add/fix some URLs, some extensions0.44.22003-10-30/PB: fix some copy&paste text bugs0.44.12003-10-19/PB: add note about start of Italian translation0.442003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache20.43.42003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs0.43.32003-06-19/PB: fix typos0.43.22003-06-11/PB: fix URL0.43.12003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec0.432003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation0.422003-05-09/PB: minor fixes, announce French translation0.41.42003-05-02/PB: Remove a broken URL, update some others.0.41.32003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation0.41.22003-04-13/PB: Fix some typos, add a note about a French translation is in progress0.41.12003-03-31/PB: Remove a broken URL, fix another0.412003-03-22/PB: Add URL of German translation0.40.22003-02-27/PB: Fix a misaddressed URL0.40.12003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations0.402003-02-10/PB: Announcing available German version0.39.22003-02-10/GK: Minor syntax and spelling fixes0.39.12003-01-09/PB: fix an URL (draft adopted to an RFC)0.392003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul)0.38.12003-01-09/PB: a minor fix0.382003-01-06/PB: minor fixes0.37.12003-01-05/PB: minor updates0.372002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections0.36.12002-12-20/PB: Minor fixes0.362002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes0.352002-12-11/PB: Some fixes and extensions0.34.12002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs)0.342002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books0.332002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example0.322002-11-03/PB: Add information about Taiwanese translation0.31.12002-10-06/PB: Add another maillist0.312002-09-29/PB: Extend information in proc-filesystem entries0.302002-09-27/PB: Add some maillists0.292002-09-18/PB: Update statement about nmap (triggered by Fyodor)0.28.12002-09-16/PB: Add note about ping6 to multicast addresses, add some labels0.282002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle0.272002-08-10/PB: Some minor updates0.26.22002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters0.26.12002-07-13/PB: Update nmap/IPv6 information0.262002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only0.25.22002-07-11/PB: Minor spelling fixes0.25.12002-06-23/PB: Minor spelling and other fixes0.252002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX0.242002-05-02/PB: Add entries in URL list, minor spelling fixes0.232002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL0.222002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists0.212002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.42002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.32002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan0.20.22002-02-05/PB: Add mipl to maillist table0.20.12002-01-31/PB: Add a hint how to generate 6to4 addresses0.202002-01-30/PB: Add a hint about default route problem, some minor updates0.19.22002-01-29/PB: Add many new URLs0.19.12002-01-27/PB: Add some forgotten URLs0.192002-01-25/PB: Add two German books, fix quote entinities in exported SGML code0.18.22002-01-23/PB: Add a FAQ on the program chapter0.18.12002-01-23/PB: Move “the end” to the end, add USAGI to maillists0.182002-01-22/PB: Fix bugs in explanation of multicast address types0.17.22002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document0.17.12002-01-20/PB: Add a reference, fix URL text in online-test-tools0.172002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses0.162002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs.0.152002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document0.142002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements0.132002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions0.122002-01-03/PB: Merge review of David Ranch0.112002-01-02/PB: Spell checking and merge review of Pekka Savola0.102002-01-02/PB: First public release of chapter 1 <!-- anchor id="credits" -->Credits The quickest way to be added to this nice list is to send bug fixes, corrections, and/or updates to me ;-). If you want to do a major review, you can use the native LyX file (see original source) and send diffs against it, because diffs against SGML don't help too much.