diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html index d1fd6195..c0eabef6 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.html @@ -877,11 +877,11 @@ NAME="AEN37" >1.1.1. Copyright

Verfasst von und urheberrechtlich geschützt durch Peter Bieringer © 2001-2011.

Verfasst von und urheberrechtlich geschützt durch Peter Bieringer © 2001-2013.

Deutsche Übersetzung:

Verfasst von und urheberrechtlich geschützt durch Georg Käfer © 2002-2003, weitergeführt von Peter Bieringer © 2004-2011.

Verfasst von und urheberrechtlich geschützt durch Georg Käfer © 2002-2003, weitergeführt von Peter Bieringer © 2004-2013.

Dieses Linux IPv6 HOWTO ist ein Handbuch zur Anwendung und Konfiguration von IPv6 auf Linux-Systemen.

Copyright © 2001-2011 Peter Bieringer -Deutsche Übersetzung Copyright © 2002-2003 Georg Käfer, weitergeführt von Peter Bieringer © 2004-2011.

Copyright © 2001-2013 Peter Bieringer +Deutsche Übersetzung Copyright © 2002-2003 Georg Käfer, weitergeführt von Peter Bieringer © 2004-2013.

Diese Dokumentation ist freie Software; Sie können diese unter den Bedingungen der GNU General Public License, wie von der Free Software Foundation publiziert, entweder unter Version 2 oder optional jede höhere Version redistribuieren und/oder modifizieren.

# ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345/128 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345
# ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout @@ -1263,7 +1261,6 @@ In Skripts oder an Ihrer Kommandozeile müssen Sie die < und > weglassen \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -1277,7 +1274,6 @@ Kommandos, die nicht als Root-Benutzer ausgeführt werden, beginnen mit $, \end_layout \begin_layout Code - $ whoami \end_layout @@ -1286,7 +1282,6 @@ Befehle, die mit Root-Rechten ausgeführt werden, beginnen mit #, z.B. \end_layout \begin_layout Code - # whoami \end_layout @@ -1476,72 +1471,58 @@ Der erste IPv6 Netzwerk Code wurde dem Linux Kernel 2.1.8 im November 1996 \end_layout \begin_layout Code - diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code - ¬ linux/include/linux/in6.h \end_layout \begin_layout Code - --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code - +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code - @@ -0,0 +1,99 @@ \end_layout \begin_layout Code - +/* \end_layout \begin_layout Code - + * Types and definitions for AF_INET6 \end_layout \begin_layout Code - + * Linux INET6 implementation \end_layout \begin_layout Code - + * + * Authors: \end_layout \begin_layout Code - + * Pedro Roque <******> \end_layout \begin_layout Code - + * \end_layout \begin_layout Code - + * Source: \end_layout \begin_layout Code - + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code - + * \end_layout @@ -1663,7 +1644,6 @@ Wie gesagt, IPv6 Adressen sind 128 bit lang. \end_layout \begin_layout Code - 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1687,7 +1667,6 @@ nibble \end_layout \begin_layout Code - 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1710,7 +1689,6 @@ e Werte) entfernt: \end_layout \begin_layout Code - 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1721,7 +1699,6 @@ Eine gültige Adresse (s.u. \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1732,12 +1709,10 @@ Der Vereinfachung halber können führende Nullen jedes 16 bit-Blocks weggelasse \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code - ¬ 2001:0db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1760,7 +1735,6 @@ Eine Sequenz von 16 bit-Blöcken, die nur Nullen enthaltet, kann durch ein \end_layout \begin_layout Code - 2001:0db8:100:f101:0:0:0:1 -> 2001:0db8:100:f101::1 \end_layout @@ -1770,7 +1744,6 @@ Die höchstmögliche Reduktion sieht man bei der IPv6 Localhost Adresse: \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1795,12 +1768,10 @@ h ein Aprilscherz. \end_layout \begin_layout Code - # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code - Itu&-ZQ82s>J%s99FJXT \end_layout @@ -2013,7 +1984,6 @@ Dies ist eine spezielle Adresse für das Loopback Interface, vergleichbar \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2023,7 +1993,6 @@ bzw. \end_layout \begin_layout Code - ::1 \end_layout @@ -2059,7 +2028,6 @@ any \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2068,7 +2036,6 @@ oder: \end_layout \begin_layout Code - :: \end_layout @@ -2114,7 +2081,6 @@ Diese Adressen sind mit einer speziellen Präfixlänge von 96 definiert (a.b.c.d \end_layout \begin_layout Code - 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2123,7 +2089,6 @@ oder in komprimiertem Format: \end_layout \begin_layout Code - ::ffff:a.b.c.d/96 \end_layout @@ -2134,7 +2099,6 @@ Die IPv4 Adresse 1.2.3.4. \end_layout \begin_layout Code - ::ffff:1.2.3.4 \end_layout @@ -2163,7 +2127,6 @@ reference "tunneling-6to4" \end_layout \begin_layout Code - 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2172,7 +2135,6 @@ oder in komprimierter Form: \end_layout \begin_layout Code - ::a.b.c.d/96 \end_layout @@ -2257,22 +2219,18 @@ x \end_layout \begin_layout Code - fe8x: <- zurzeit als einziger in Benutzung \end_layout \begin_layout Code - fe9x: \end_layout \begin_layout Code - feax: \end_layout \begin_layout Code - febx: \end_layout @@ -2312,22 +2270,18 @@ Die Adresse beginnt mit: \end_layout \begin_layout Code - fecx: <- meistens genutzt. \end_layout \begin_layout Code - fedx: \end_layout \begin_layout Code - feex: \end_layout \begin_layout Code - fefx: \end_layout @@ -2415,12 +2369,10 @@ Die Adresse beginnt mit: \end_layout \begin_layout Code - fcxx: \end_layout \begin_layout Code - fdxx: <- zurzeit als einziger in Benutzung \end_layout @@ -2448,7 +2400,6 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code - fd0f:8b72:ac90::/48 \end_layout @@ -2477,12 +2428,10 @@ Die Adresse beginnt mit (x sind hexadezimale Zeichen) \end_layout \begin_layout Code - 2xxx: \end_layout \begin_layout Code - 3xxx: \end_layout @@ -2514,7 +2463,6 @@ Diese globalen Adressen waren die Ersten definierten und auch benutzen Adressen. \end_layout \begin_layout Code - 3ffe: \end_layout @@ -2523,7 +2471,6 @@ Beispiel: \end_layout \begin_layout Code - 3ffe:ffff:100:f102::1 \end_layout @@ -2533,7 +2480,6 @@ Eine spezielle 6bone Test-Adresse, die niemals weltweit einmalig ist, beginnt \end_layout \begin_layout Code - 3ffe:ffff: \end_layout @@ -2592,7 +2538,6 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code - 2002: \end_layout @@ -2602,7 +2547,6 @@ z.B. \end_layout \begin_layout Code - 2002:c0a8:0101:5::1 \end_layout @@ -2611,12 +2555,10 @@ Ein kleines Shell-Kommando kann aus einer IPv4 eine 6to4 Adresse erstellen: \end_layout \begin_layout Code - ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code - ¬ | tr "." " "` $sla \end_layout @@ -2650,7 +2592,6 @@ Diese Adressen werden an Internet Service Provider (ISP) delegiert und beginnen \end_layout \begin_layout Code - 2001: \end_layout @@ -2693,12 +2634,10 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code - 3ffe:ffff::/32 \end_layout \begin_layout Code - 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2723,7 +2662,6 @@ Sie beginnen immer mit (xx ist hierbei der Wert der Reichweite) \end_layout \begin_layout Code - ffxy: \end_layout @@ -2819,7 +2757,6 @@ Ein Beispiel für diese Adresse könnte sein: \end_layout \begin_layout Code - ff02::1:ff00:1234 \end_layout @@ -2888,7 +2825,6 @@ Die Subnet-Router Anycast Adresse ist ein einfaches Beispiel für eine Anycast \end_layout \begin_layout Code - 2001:0db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2898,7 +2834,6 @@ Die Subnet-Router Anycast Adresse wird durch komplette Streichung des Suffixes \end_layout \begin_layout Code - 2001:0db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2938,7 +2873,6 @@ Als Beispiel hat hier ein NIC folgende MAC-Adresse (48 bit): \end_layout \begin_layout Code - 00:10:a4:01:23:45 \end_layout @@ -2958,7 +2892,6 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code - 0210:a4ff:fe01:2345 \end_layout @@ -2970,7 +2903,6 @@ Mit einem gegebenen Präfix wird daraus die schon oben gezeigte IPv6-Adresse: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -3028,7 +2960,6 @@ Bei Servern ist es wahrscheinlich leichter, sich einfachere Adressen zu \end_layout \begin_layout Code - 2001:0db8:100:f101::1 \end_layout @@ -3126,7 +3057,6 @@ Ein Beispiel: \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -3140,7 +3070,6 @@ Netzwerk: \end_layout \begin_layout Code - 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -3149,7 +3078,6 @@ Netzmaske: \end_layout \begin_layout Code - ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3169,12 +3097,10 @@ Wenn z.B. \end_layout \begin_layout Code - 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code - 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3184,12 +3110,10 @@ Die gezeigten Zieladressen der IPv6 Pakete werden über die entsprechenden \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code - 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -3249,7 +3173,6 @@ Um zu überprüfen, ob ihr aktueller Kernel IPv6 unterstützt, sollten sie \end_layout \begin_layout Code - /proc/net/if_inet6 \end_layout @@ -3259,7 +3182,6 @@ Einen kleinen automatischen Test können Sie wie folgt durchführen: \end_layout \begin_layout Code - # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3279,7 +3201,6 @@ Mit folgenden Befehl können Sie versuchen, das Modul zu laden: \end_layout \begin_layout Code - # modprobe ipv6 \end_layout @@ -3290,7 +3211,6 @@ Wenn dieser Befehl positiv verläuft, dann sollten Sie das Modul mit folgendem \end_layout \begin_layout Code - # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3316,7 +3236,6 @@ Es ist möglich das IPv6 Modul bei Bedarf automatisch zu laden. \end_layout \begin_layout Code - alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -3326,7 +3245,6 @@ Mit der folgenden Zeile ist es auch möglich, das automatische Laden des \end_layout \begin_layout Code - alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3584,12 +3502,10 @@ Automatische Überprüfung: \end_layout \begin_layout Code - # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code - ¬ IPv6-ready" \end_layout @@ -3603,7 +3519,6 @@ route \end_layout \begin_layout Code - # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3622,7 +3537,6 @@ Alexey N.Kuznetsov (gegenwärtig ein Betreuer des Linux Network Codes) erstellte \end_layout \begin_layout Code - # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3688,17 +3602,14 @@ Anwendung \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 [-I ] \end_layout @@ -3707,17 +3618,14 @@ Beispiel \end_layout \begin_layout Code - # ping6 -c 1 ::1 \end_layout \begin_layout Code - PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3726,17 +3634,14 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - --- ::1 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code - round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3769,12 +3674,10 @@ Wenn link-lokale Adressen für ein IPv6 ping verwendet werden, dann hat der \end_layout \begin_layout Code - # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - connect: Invalid argument \end_layout @@ -3783,22 +3686,18 @@ In diesem Fall müssen Sie das Interface zusätzlich spezifizieren: \end_layout \begin_layout Code - # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code - PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3807,17 +3706,14 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code - ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3831,22 +3727,18 @@ Ein interessanter Mechanismus zum Aufspüren eines IPv6 aktiven Hosts am \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code - PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code - 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3875,51 +3767,42 @@ Dieses Programm ist normal im Paket iputils enthalten. \end_layout \begin_layout Code - # traceroute6 www.6bone.net \end_layout \begin_layout Code - traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code - ¬ hops max, 16 byte packets \end_layout \begin_layout Code - 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code - 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code - 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code - 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code - 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code - 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3954,52 +3837,42 @@ iputils \end_layout \begin_layout Code - # tracepath6 www.6bone.net \end_layout \begin_layout Code - 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code - 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code - 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code - 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code - 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code - 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code - 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code - 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code - Resume: pmtu 1280 \end_layout @@ -4092,32 +3965,26 @@ IPv6 ping zur Adresse \end_layout \begin_layout Code - # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on eth0 \end_layout \begin_layout Code - 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code - ¬ request (len 64, hlim 64) \end_layout \begin_layout Code - 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code - ¬ reply (len 64, hlim 64) \end_layout @@ -4136,52 +4003,42 @@ IPv6 ping zur Adresse \end_layout \begin_layout Code - # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on ppp0 \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4241,7 +4098,6 @@ Jeder DNS-Server (Domain Name System) sollte aufgrund der Sicherheitsupdates \end_layout \begin_layout Code - # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4250,20 +4106,17 @@ Die Ausgabe des Tests sollte etwa wie folgt sein: \end_layout \begin_layout Code - www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code - tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code - ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4277,30 +4130,25 @@ IPv6 kompatible Clients sind verfügbar. \end_layout \begin_layout Code - $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code - Trying 3ffe:400:100::1... \end_layout \begin_layout Code - Connected to 3ffe:400:100::1. \end_layout \begin_layout Code - Escape character is '^]'. \end_layout \begin_layout Code - HEAD / HTTP/1.0 \end_layout @@ -4309,47 +4157,38 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code - HTTP/1.1 200 OK \end_layout \begin_layout Code - Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code - GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code - Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code - ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code - Accept-Ranges: bytes \end_layout \begin_layout Code - Content-Length: 2637 \end_layout \begin_layout Code - Connection: close \end_layout \begin_layout Code - Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4358,7 +4197,6 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code - Connection closed by foreign host. \end_layout @@ -4400,17 +4238,14 @@ he Verhaltensweisen: \end_layout \begin_layout Code - $ ssh -6 ::1 \end_layout \begin_layout Code - user@::1's password: ****** \end_layout \begin_layout Code - [user@ipv6host user]$ \end_layout @@ -4882,12 +4717,10 @@ Gebrauch: \end_layout \begin_layout Code - # ip link set dev up \end_layout \begin_layout Code - # ip link set dev down \end_layout @@ -4900,12 +4733,10 @@ Beispiel: \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout @@ -4919,12 +4750,10 @@ Gebrauch: \end_layout \begin_layout Code - # /sbin/ifconfig up \end_layout \begin_layout Code - # /sbin/ifconfig down \end_layout @@ -4933,12 +4762,10 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 up \end_layout \begin_layout Code - # /sbin/ifconfig eth0 down \end_layout @@ -4979,7 +4806,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev \end_layout @@ -4988,27 +4814,22 @@ Beispiel für einen statisch konfigurierten Host: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: \end_layout @@ -5081,22 +4893,18 @@ en (die Ausgabe wurde mit grep gefiltert) \end_layout \begin_layout Code - # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code - inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code - inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code - inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5119,7 +4927,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 addr add / dev \end_layout @@ -5128,7 +4935,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5142,7 +4948,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 add / \end_layout @@ -5151,7 +4956,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -5175,7 +4979,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 addr del / dev \end_layout @@ -5184,7 +4987,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5198,7 +5000,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 del / \end_layout @@ -5207,7 +5008,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -5247,7 +5047,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route show [dev ] \end_layout @@ -5257,27 +5056,22 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code - 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5291,7 +5085,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -5302,42 +5095,34 @@ Sie sehen hier mehrere IPv6 Routen mit unterschiedlichen Adressen eines \end_layout \begin_layout Code - # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code - 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code - ¬ addresses \end_layout \begin_layout Code - ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -5360,12 +5145,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route add / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5374,7 +5157,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2001:0db8:0:f101::1 \end_layout @@ -5388,12 +5170,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5412,7 +5192,6 @@ Im folgenden Beispiel wird eine Route für alle Adressen (default) über das \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1 \end_layout @@ -5437,12 +5216,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route del / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5451,7 +5228,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route del default via 2001:0db8:0:f101::1 \end_layout @@ -5465,13 +5241,11 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code - ¬ ] \end_layout @@ -5480,7 +5254,6 @@ Beispiel zum entfernen der im obigen Beispiel hinzugefügten Route: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1 \end_layout @@ -5504,12 +5277,10 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route add / dev \end_layout \begin_layout Code - ¬ metric 1 \end_layout @@ -5518,7 +5289,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route add default dev eth0 metric 1 \end_layout @@ -5561,7 +5331,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / dev \end_layout @@ -5570,7 +5339,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/route -A inet6 add default dev eth0 \end_layout @@ -5593,7 +5361,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 route del / dev \end_layout @@ -5602,7 +5369,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 route del default dev eth0 \end_layout @@ -5616,7 +5382,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / dev \end_layout @@ -5626,7 +5391,6 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default dev eth0 \end_layout @@ -5666,17 +5430,14 @@ Ein client kann eine Default Route (z.B. \end_layout \begin_layout Code - # ip -6 route show | grep ^default \end_layout \begin_layout Code - default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code - ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5773,7 +5534,6 @@ Mit dem folgenden Befehl können Sie die gelernten oder konfigurierten IPv6 \end_layout \begin_layout Code - # ip -6 neigh show [dev ] \end_layout @@ -5782,12 +5542,10 @@ Das folgende Beispiel zeigt einen Nachbar, einen erreichbaren Router: \end_layout \begin_layout Code - # ip -6 neigh show \end_layout \begin_layout Code - fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -5812,7 +5570,6 @@ Mit folgendem Befehl können Sie einen Eintrag manuell hinzufügen: \end_layout \begin_layout Code - # ip -6 neigh add lladdr dev \end_layout @@ -5821,7 +5578,6 @@ Beispiel: \end_layout \begin_layout Code - # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5834,7 +5590,6 @@ Sie können einen Eintrag auch löschen: \end_layout \begin_layout Code - # ip -6 neigh del lladdr dev \end_layout @@ -5843,7 +5598,6 @@ Beispiel: \end_layout \begin_layout Code - # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5873,28 +5627,23 @@ help \end_layout \begin_layout Code - # ip -6 neigh help \end_layout \begin_layout Code - Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code - [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code - | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code - ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -6070,27 +5819,22 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code - | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code - | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code - | 0x2002 | | | | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6316,7 +6060,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -6325,17 +6068,14 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show \end_layout \begin_layout Code - sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code - sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6348,7 +6088,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -6358,7 +6097,6 @@ Beispiel (Ausgabe wurde derart gefiltert, dass nur Tunnels über das virtuelle \end_layout \begin_layout Code - # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6367,27 +6105,22 @@ W*$" \end_layout \begin_layout Code - ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code - 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6465,12 +6198,10 @@ ert 0 ist): \end_layout \begin_layout Code - # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -6479,22 +6210,18 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6503,22 +6230,18 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6527,22 +6250,18 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6565,7 +6284,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6574,17 +6292,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit1 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6593,17 +6308,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit2 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6612,17 +6324,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit3 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6651,7 +6360,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6660,32 +6368,26 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6715,7 +6417,6 @@ Entfernen eines Tunnel-Devices: \end_layout \begin_layout Code - # /sbin/ip tunnel del \end_layout @@ -6724,17 +6425,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code - # /sbin/ip link set sit1 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit1 \end_layout @@ -6743,17 +6441,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code - # /sbin/ip link set sit2 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit2 \end_layout @@ -6762,17 +6457,14 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code - # /sbin/ip link set sit3 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit3 \end_layout @@ -6793,12 +6485,10 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code - # /sbin/ifconfig sit3 down \end_layout @@ -6807,12 +6497,10 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code - # /sbin/ifconfig sit2 down \end_layout @@ -6821,12 +6509,10 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code - # /sbin/ifconfig sit1 down \end_layout @@ -6835,7 +6521,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6857,32 +6542,26 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6891,7 +6570,6 @@ Anwendung (drei allgemeine Beispiele): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6952,7 +6630,6 @@ Angenommen, Ihre IPv4 Adresse ist: \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -6961,7 +6638,6 @@ Dann ist das daraus resultierende 6to4 Präfix: \end_layout \begin_layout Code - 2002:0102:0304:: \end_layout @@ -6980,7 +6656,6 @@ pe Suffix kann benutzt werden) das Suffix \end_layout \begin_layout Code - 2002:0102:0304::1 \end_layout @@ -6989,7 +6664,6 @@ Zum automatischen Erstellen der Adresse können Sie folgenden Befehl nutzen: \end_layout \begin_layout Code - ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -7011,12 +6685,10 @@ Erstellen eines neues Tunnel-Device: \end_layout \begin_layout Code - # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code - ¬ \end_layout @@ -7025,7 +6697,6 @@ Interface aktivieren: \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 up \end_layout @@ -7035,7 +6706,6 @@ Eine lokale 6to4 Adresse am Interface hinzufügen (Hinweis: Präfix-Länge \end_layout \begin_layout Code - # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -7045,7 +6715,6 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung \end_layout \begin_layout Code - # /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -7066,7 +6735,6 @@ ip \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -7086,7 +6754,6 @@ Das allgemeine Tunnel Interface sit0 aktivieren: \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -7095,7 +6762,6 @@ Dem Interface eine lokale 6to4 Adresse hinzufügen: \end_layout \begin_layout Code - # /sbin/ifconfig sit0 add /16 \end_layout @@ -7105,7 +6771,6 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0 \end_layout @@ -7122,7 +6787,6 @@ Entfernen aller Routen über dieses bestimmten Tunnel Devices: \end_layout \begin_layout Code - # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -7131,7 +6795,6 @@ Interface deaktivieren: \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 down \end_layout @@ -7140,7 +6803,6 @@ Ein erstelltes Tunnel Device entfernen: \end_layout \begin_layout Code - # /sbin/ip tunnel del tun6to4 \end_layout @@ -7154,7 +6816,6 @@ Entfernen der (Standard-) Route über ein 6to4 Tunnel Device: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0 \end_layout @@ -7163,7 +6824,6 @@ Eine 6to4 Adresse des Interfaces entfernen: \end_layout \begin_layout Code - # /sbin/ifconfig sit0 del /16 \end_layout @@ -7173,7 +6833,6 @@ Ein allgemeines Tunnel Device deaktivieren (aber Achtung, eventuell ist \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7221,7 +6880,6 @@ Anwendung: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -7232,18 +6890,15 @@ Beispiel: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code - ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code - ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -7269,7 +6924,6 @@ Anwendung für die Erzeugung einer 4over6 Tunnel-Schnittstelle (welche danach \end_layout \begin_layout Code - # /sbin/ip tunnel add mode ip4ip6 remote local \end_layout @@ -7281,18 +6935,15 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -7301,18 +6952,15 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -7321,18 +6969,15 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -7349,7 +6994,6 @@ Anwendung für das Löschen einer Tunnel-Schnittstelle: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del \end_layout @@ -7360,17 +7004,14 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -7379,17 +7020,14 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -7398,17 +7036,14 @@ Anwendung (allgemeines Beispiel für drei Tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -7488,7 +7123,6 @@ Das /proc-Dateisystem muss im Kernel aktiviert sein. \end_layout \begin_layout Code - CONFIG_PROC_FS=y \end_layout @@ -7498,12 +7132,10 @@ Das /proc-Dateisystem muss zuerst gemountet sein. \end_layout \begin_layout Code - # mount | grep "type proc" \end_layout \begin_layout Code - none on /proc type proc (rw) \end_layout @@ -7535,12 +7167,10 @@ cat \end_layout \begin_layout Code - # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code - 0 \end_layout @@ -7562,7 +7192,6 @@ echo \end_layout \begin_layout Code - # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -7611,7 +7240,6 @@ Das sysctl-Interface muss im Kernel aktiviert sein. \end_layout \begin_layout Code - CONFIG_SYSCTL=y \end_layout @@ -7624,12 +7252,10 @@ Der Wert eines Eintrags kann nun angezeigt werden: \end_layout \begin_layout Code - # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7643,12 +7269,10 @@ Ein neuer Wert kann wie folgt zugewiesen werden (wenn der Eintrag beschreibbar \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7668,12 +7292,10 @@ Anmerkung: Verwenden Sie beim setzen eines Wertes keine Leerzeichen vor \end_layout \begin_layout Code - # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code - net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -8156,12 +7778,10 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code - ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code - ¬ seq=426, pid=0 \end_layout @@ -8637,27 +8257,22 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code - # cat /proc/net/if_inet6 \end_layout \begin_layout Code - 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code - +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code - | | | | | | \end_layout \begin_layout Code - 1 2 3 4 5 6 \end_layout @@ -8751,27 +8366,22 @@ net/ipv6/route.c \end_layout \begin_layout Code - # cat /proc/net/ipv6_route \end_layout \begin_layout Code - 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code - +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code - | | | | \end_layout \begin_layout Code - 1 2 3 4 \end_layout @@ -8780,22 +8390,18 @@ net/ipv6/route.c \end_layout \begin_layout Code - ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code - ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code - ¬ | | | | | | \end_layout \begin_layout Code - ¬ 5 6 7 8 9 10 \end_layout @@ -8855,27 +8461,22 @@ Statistiken über verwendete IPv6 Sockets. \end_layout \begin_layout Code - # cat /proc/net/sockstat6 \end_layout \begin_layout Code - TCP6: inuse 7 \end_layout \begin_layout Code - UDP6: inuse 2 \end_layout \begin_layout Code - RAW6: inuse 1 \end_layout \begin_layout Code - FRAG6: inuse 0 memory 0 \end_layout @@ -9069,375 +8670,307 @@ Beispiel: \end_layout \begin_layout Code - # netstat -nlptu \end_layout \begin_layout Code - Active Internet connections (only servers) \end_layout \begin_layout Code - Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code - ¬ PID/Program name \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 22433/lpd Waiting \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1746/smbd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 3551/X \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18735/junkbuster \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code - ¬ 1410/sshd \end_layout \begin_layout Code - tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code - ¬ 13237/sshd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - udp 0 0 :::53 :::* \end_layout \begin_layout Code - ¬ 30734/named \end_layout @@ -9470,32 +9003,26 @@ Router Advertisement \end_layout \begin_layout Code - 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code - ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code - ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code - ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code - ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code - ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -9548,12 +9075,10 @@ Router Anfrage \end_layout \begin_layout Code - 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code - ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -9622,12 +9147,10 @@ fe80:212:34ff:fe12:3456 \end_layout \begin_layout Code - 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -9645,18 +9168,15 @@ Der Knoten will seine globale Adresse \end_layout \begin_layout Code - 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9674,18 +9194,15 @@ Der Knoten will seine globale Adresse \end_layout \begin_layout Code - 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code - ¬ 255) \end_layout @@ -9707,18 +9224,15 @@ Der Knoten möchte Pakete an die Adresse \end_layout \begin_layout Code - 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code - ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9735,12 +9249,10 @@ fe80::10 \end_layout \begin_layout Code - 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code - ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -9868,7 +9380,6 @@ Sie können überprüfen, ob Ihre Distribution eine permanente IPv6 Konfiguratio \end_layout \begin_layout Code - /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -9877,13 +9388,11 @@ Automatischer Test: \end_layout \begin_layout Code - # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code - ¬ IPv6 script library exists" \end_layout @@ -9895,17 +9404,14 @@ Die Versionsnummer der Library ist von Interesse, wenn Sie Features vermissen \end_layout \begin_layout Code - # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code - ¬ getversion_ipv6_functions \end_layout \begin_layout Code - 20011124 \end_layout @@ -9949,12 +9455,10 @@ Kurze Anleitung zum aktivieren von IPv6 bei RHL 7.1, 7.2, 7.3, ... \end_layout \begin_layout Code - # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code - alias net-pf-10 off \end_layout @@ -9972,7 +9476,6 @@ twork \end_layout \begin_layout Code - NETWORKING_IPV6=yes \end_layout @@ -9982,7 +9485,6 @@ Rebooten bzw. \end_layout \begin_layout Code - # service network restart \end_layout @@ -9991,12 +9493,10 @@ Nun sollte das IPv6 Modul geladen sein \end_layout \begin_layout Code - # modprobe -c | grep ipv6 \end_layout \begin_layout Code - alias net-pf-10 ipv6 \end_layout @@ -10065,7 +9565,6 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende \end_layout \begin_layout Code - IP6ADDR="/" \end_layout @@ -10101,7 +9600,6 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende \end_layout \begin_layout Code - IPADDR="/" \end_layout @@ -10156,54 +9654,44 @@ Konfiguriere die Schnittstelle (hier im Beispiel: eth0). \end_layout \begin_layout Code - iface eth0 inet6 static \end_layout \begin_layout Code - pre-up modprobe ipv6 \end_layout \begin_layout Code - address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code - # To suppress completely autoconfiguration: \end_layout \begin_layout Code - # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code - netmask 64 \end_layout \begin_layout Code - # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code - # It is magically \end_layout \begin_layout Code - # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code - #gateway 2001:0db8:1234:5::1 \end_layout @@ -10214,7 +9702,6 @@ Danach rebooten oder folgendes Kommando ausführen \end_layout \begin_layout Code - # ifup --force eth0 \end_layout @@ -10291,22 +9778,18 @@ Beispiel: \end_layout \begin_layout Code - # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code - inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code - valid_lft forever preferred_lft forever \end_layout @@ -10868,7 +10351,6 @@ Wechseln Sie in das Source-Verzeichnis: \end_layout \begin_layout Code - # cd /path/to/src \end_layout @@ -10877,12 +10359,10 @@ Entpacken sie die Kernel-Quellen und vergeben diesen einen neuen Namen \end_layout \begin_layout Code - # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code - # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -10891,7 +10371,6 @@ Entpacken Sie die iptables Quellen \end_layout \begin_layout Code - # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -10904,7 +10383,6 @@ Wechseln Sie in das iptables Verzeichnis \end_layout \begin_layout Code - # cd iptables-version \end_layout @@ -10913,7 +10391,6 @@ Fügen Sie relevante Patches hinzu \end_layout \begin_layout Code - # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10924,7 +10401,6 @@ Fügen Sie zusätzliche IPv6 relevante IPv6 Patches hinzu (die nach wie vor \end_layout \begin_layout Code - # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10963,12 +10439,10 @@ REJECT.patch.ipv6 \end_layout \begin_layout Code - # make print-extensions \end_layout \begin_layout Code - Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -10981,7 +10455,6 @@ Wechseln Sie zu den Kernel-Quellen \end_layout \begin_layout Code - # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -10990,12 +10463,10 @@ Editieren Sie das Makefile \end_layout \begin_layout Code - - EXTRAVERSION = \end_layout \begin_layout Code - + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -11004,99 +10475,80 @@ Starten Sie configure und aktivieren Sie IPv6 relevante Optionen \end_layout \begin_layout Code - Code maturity level options \end_layout \begin_layout Code - Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code - Networking options \end_layout \begin_layout Code - Network packet filtering: yes \end_layout \begin_layout Code - The IPv6 protocol: module \end_layout \begin_layout Code - IPv6: Netfilter Configuration \end_layout \begin_layout Code - IP6 tables support: module \end_layout \begin_layout Code - All new options like following: \end_layout \begin_layout Code - limit match support: module \end_layout \begin_layout Code - MAC address match support: module \end_layout \begin_layout Code - Multiple port match support: module \end_layout \begin_layout Code - Owner match support: module \end_layout \begin_layout Code - netfilter MARK match support: module \end_layout \begin_layout Code - Aggregated address check: module \end_layout \begin_layout Code - Packet filtering: module \end_layout \begin_layout Code - REJECT target support: module \end_layout \begin_layout Code - LOG target support: module \end_layout \begin_layout Code - Packet mangling: module \end_layout \begin_layout Code - MARK target support: module \end_layout @@ -11122,7 +10574,6 @@ Benennen sie das ältere Verzeichnis um \end_layout \begin_layout Code - # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -11131,7 +10582,6 @@ Erstellen Sie einen neuen symbolischen Link \end_layout \begin_layout Code - # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -11140,7 +10590,6 @@ Erstellen Sie ein neues SRPMS \end_layout \begin_layout Code - # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -11162,7 +10611,6 @@ Freshen \end_layout \begin_layout Code - # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11179,7 +10627,6 @@ install \end_layout \begin_layout Code - # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11198,7 +10645,6 @@ nodeps \end_layout \begin_layout Code - # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -11208,7 +10654,6 @@ Damit iptables die Libraries finden kann, ist es eventuell notwendig, einen \end_layout \begin_layout Code - # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -11225,7 +10670,6 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde): \end_layout \begin_layout Code - # modprobe ip6_tables \end_layout @@ -11234,12 +10678,10 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde): \end_layout \begin_layout Code - # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code - ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -11256,7 +10698,6 @@ Kurze Auflistung: \end_layout \begin_layout Code - # ip6tables -L \end_layout @@ -11265,7 +10706,6 @@ Erweiterte Auflistung: \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L \end_layout @@ -11274,7 +10714,6 @@ Auflistung angegebener Filter \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -11283,12 +10722,10 @@ Hinzufügen einer Log-Regel zum Input-Filter mit Optionen \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code - ¬ --log-level 7 \end_layout @@ -11297,7 +10734,6 @@ Hinzufügen einer Drop-Regel zum Input-Filter \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -11306,7 +10742,6 @@ Löschen einer Regel mit Hilfe der Regelnummer \end_layout \begin_layout Code - # ip6tables --table filter --delete INPUT 1 \end_layout @@ -11325,7 +10760,6 @@ Seit Kernel-Version 2.6.20 ist die Auswertung des IPv6-Verbindungsstatus gut \end_layout \begin_layout Code - # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -11343,7 +10777,6 @@ Eingehender ICMPv6 Verkehr durch Tunnel erlauben \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11352,7 +10785,6 @@ Ausgehenden ICMPv6 Verkehr durch Tunnel erlauben \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11361,7 +10793,6 @@ Neuere Kernel erlauben das Spezifizieren des ICMPv6-Typs: \end_layout \begin_layout Code - # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -11380,12 +10811,10 @@ n Patitionen entgegenzuwirken. \end_layout \begin_layout Code - # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code - ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -11404,12 +10833,10 @@ Eingehende SSH Verbindungen werden von der Adresse 2001:0db8:100::1/128 \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code - ¬ --dport 22 -j ACCEPT \end_layout @@ -11424,12 +10851,10 @@ nicht mehr notwendig, wenn der IPv6-Verbindungsstatus ausgewertet wird! \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code - ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -11447,7 +10872,6 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten am interface ppp0 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11456,7 +10880,6 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten am interface ppp0 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11471,7 +10894,6 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -11481,7 +10903,6 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -11505,7 +10926,6 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu diesem Host \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -11514,7 +10934,6 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu Hosts hinter diesem Router \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -11547,7 +10966,6 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten ausgehender Anfragen \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11557,7 +10975,6 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten auf Anfragen von hinter \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11586,7 +11003,6 @@ system-config-firewall \end_layout \begin_layout Code - Datei: /etc/sysconfig/ip6tables \end_layout @@ -11595,87 +11011,70 @@ Datei: /etc/sysconfig/ip6tables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11687,7 +11086,6 @@ Zwecks der Vollständigkeit ist hier auch die entsprechende Konfiguration \end_layout \begin_layout Code - Datei: /etc/sysconfig/iptables \end_layout @@ -11696,88 +11094,71 @@ Datei: /etc/sysconfig/iptables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11800,12 +11181,10 @@ Aktivieren von IPv4 & IPv6 Firewalling \end_layout \begin_layout Code - # service iptables start \end_layout \begin_layout Code - # service ip6tables start \end_layout @@ -11816,12 +11195,10 @@ Aktivieren des automatischen Starts nach dem Reboot \end_layout \begin_layout Code - # chkconfig iptables on \end_layout \begin_layout Code - # chkconfig ip6tables on \end_layout @@ -11835,578 +11212,472 @@ Folgende Zeilen zeigen ein umfangreicheres Setup. \end_layout \begin_layout Code - # ip6tables -n -v -L \end_layout \begin_layout Code - Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain ext2int (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain int2ext (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -12444,7 +11715,6 @@ Wie bei IPv4 können Systeme hinter einem Router versteckt werden mit Hilfe \end_layout \begin_layout Code - # ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE \end_layout @@ -12462,9 +11732,8 @@ Eine dedizierte öffentliche IPv6-Adresse kann zu einer internen IPv6-Adresse \end_layout \begin_layout Code - -# ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345/128 -i - sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 +# ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs + -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout \begin_layout Subsection @@ -12481,7 +11750,6 @@ Ein dedizierter Port kann zu einem internen System weitergeleitet werden, \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti nation [fec0::1234]:80 \end_layout @@ -12594,12 +11862,10 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # nc6 ::1 daytime \end_layout \begin_layout Code - 13 JUL 2002 11:22:22 CEST \end_layout @@ -12621,53 +11887,43 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code - # nmap -6 -sT ::1 \end_layout \begin_layout Code - Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code - Interesting ports on localhost6 (::1): \end_layout \begin_layout Code - (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code - Port State Service \end_layout \begin_layout Code - 22/tcp open ssh \end_layout \begin_layout Code - 53/tcp open domain \end_layout \begin_layout Code - 515/tcp open printer \end_layout \begin_layout Code - 2401/tcp open cvspserver \end_layout \begin_layout Code - Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -12690,32 +11946,26 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code - ::1 2401 unassigned unknown \end_layout \begin_layout Code - ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code - ::1 515 printer spooler (lpd) \end_layout \begin_layout Code - ::1 6010 unassigned unknown \end_layout \begin_layout Code - ::1 53 domain Domain Name Server \end_layout @@ -13046,27 +12296,22 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Transport-Modus \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -13081,37 +12326,30 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Tunnel-Modus \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -13181,22 +12419,18 @@ Datei: /etc/racoon/racoon.conf \end_layout \begin_layout Code - # Racoon IKE daemon configuration file. \end_layout \begin_layout Code - # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code - path include "/etc/racoon"; \end_layout \begin_layout Code - path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -13205,22 +12439,18 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code - listen \end_layout \begin_layout Code - { \end_layout \begin_layout Code - isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code - } \end_layout @@ -13229,62 +12459,50 @@ listen \end_layout \begin_layout Code - remote 2001:db8:2:2::2 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exchange_mode main; \end_layout \begin_layout Code - lifetime time 24 hour; \end_layout \begin_layout Code - proposal \end_layout \begin_layout Code - { \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - hash_algorithm md5; \end_layout \begin_layout Code - authentication_method pre_shared_key; \end_layout \begin_layout Code - dh_group 2; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -13293,42 +12511,34 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code - # gateway-to-gateway \end_layout \begin_layout Code - sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -13337,37 +12547,30 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -13384,12 +12587,10 @@ Datei: /etc/racoon/psk.txt \end_layout \begin_layout Code - # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code - # format is: 'identifier' 'key' \end_layout @@ -13398,7 +12599,6 @@ Datei: /etc/racoon/psk.txt \end_layout \begin_layout Code - 2001:db8:2:2::2 verysecret \end_layout @@ -13426,100 +12626,81 @@ Zum Schluss muss der Daemon gestartet werden. \end_layout \begin_layout Code - # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code - Foreground mode. \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net ) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code - ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code - ¬ queued due to no phase1 found. \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code - ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -13540,12 +12721,10 @@ tcpdump \end_layout \begin_layout Code - 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code - 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -13570,117 +12749,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code - A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code - A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -13785,22 +12941,18 @@ Datei: /etc/ipsec.conf \end_layout \begin_layout Code - # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code - # \end_layout \begin_layout Code - # Manual: ipsec.conf.5 \end_layout \begin_layout Code - version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -13809,27 +12961,22 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code - # basic configuration \end_layout \begin_layout Code - config setup \end_layout \begin_layout Code - # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code - # klipsdebug=none \end_layout \begin_layout Code - # plutodebug="control parsing" \end_layout @@ -13838,12 +12985,10 @@ config setup \end_layout \begin_layout Code - #Disable Opportunistic Encryption \end_layout \begin_layout Code - include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -13852,68 +12997,55 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code - conn ipv6-p1-p2 \end_layout \begin_layout Code - connaddrfamily=ipv6 # Important for IPv6, but no longer needed since StrongSwan 4 \end_layout \begin_layout Code - left=2001:db8:1:1::1 \end_layout \begin_layout Code - right=2001:db8:2:2::2 \end_layout \begin_layout Code - authby=secret \end_layout \begin_layout Code - esp=aes128-sha1 \end_layout \begin_layout Code - ike=aes128-sha-modp1024 \end_layout \begin_layout Code - type=transport \end_layout \begin_layout Code - #type=tunnel \end_layout \begin_layout Code - compress=no \end_layout \begin_layout Code - #compress=yes \end_layout \begin_layout Code - auto=add \end_layout \begin_layout Code - #auto=up \end_layout @@ -13934,7 +13066,6 @@ Datei: /etc/ipsec.secrets \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -13961,7 +13092,6 @@ Wenn die Installation von Openswan erfolgreich war, sollte ein initscript \end_layout \begin_layout Code - # /etc/rc.d/init.d/ipsec start \end_layout @@ -13981,42 +13111,34 @@ IPsec SA established \end_layout \begin_layout Code - # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code - 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code - 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code - 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code - 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code - ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -14036,117 +13158,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code - A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code - A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -14171,12 +13270,10 @@ ip \end_layout \begin_layout Code - # ip xfrm policy \end_layout \begin_layout Code - ... \end_layout @@ -14185,12 +13282,10 @@ ip \end_layout \begin_layout Code - # ip xfrm state \end_layout \begin_layout Code - ... \end_layout @@ -14240,39 +13335,32 @@ Vernünftig funktionierendes QoS ist nur an der ausgehenden Schnittstelle \end_layout \begin_layout Code - ------------------->------- \end_layout \begin_layout Code - Queue 1 \backslash \end_layout \begin_layout Code - --->--- ---->--------->--------->------------------- \end_layout \begin_layout Code - Dicke Leitung Queue 2 Queue 1 / Queue 2 / Queue 3 Dünne Leitung \end_layout \begin_layout Code - --->---- ---->--------->--------->------------------- \end_layout \begin_layout Code - Queue 3 / \end_layout \begin_layout Code - ------------------->------- \end_layout @@ -14354,7 +13442,6 @@ Definition einer root qdisc mit einer Bandbreite von 1000 MBit/s an eth1 \end_layout \begin_layout Code - # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -14371,7 +13458,6 @@ Definition einer Klasse 1:1 mit 1 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -14383,7 +13469,6 @@ Definition einer Klasse 1:2 mit 50 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -14395,7 +13480,6 @@ Definition einer Klasse 1:3 mit 10 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -14407,7 +13491,6 @@ Definition einer Klasse 1:4 mit 200 kBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -14437,7 +13520,6 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -14457,7 +13539,6 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -14473,7 +13554,6 @@ match ip6 flowlabel 0x12345 0x3ffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -14490,7 +13570,6 @@ handle 32 fw \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -14502,7 +13581,6 @@ Die letzte Filterdefinition benötigt auch einen Eintrag in ip6tables um \end_layout \begin_layout Code - # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -14520,17 +13598,14 @@ Starten auf Serverseite in separaten Konsolen: \end_layout \begin_layout Code - # iperf -V -s -p 5001 \end_layout \begin_layout Code - # iperf -V -s -p 5002 \end_layout \begin_layout Code - # iperf -V -s -p 5003 \end_layout @@ -14541,35 +13616,29 @@ Starten auf Clientseite und Vergleichen der Ergebnisse: \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5001 (erwartet: 1 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5001 (erwartet: 50 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5002 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5002 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5003 (erwartet: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5003 (erwartet: 200 kBit/s) \end_layout @@ -14653,22 +13722,18 @@ Folgende Optionen müssen geändert werden, damit IPv6 aktiviert wird \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { any; }; \end_layout \begin_layout Code - }; \end_layout @@ -14678,59 +13743,48 @@ Nach einem Neustart (des Dienstes) sollte z.B. \end_layout \begin_layout Code - # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code - ¬ # incoming TCP requests \end_layout \begin_layout Code - udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code - udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP request to any IPv6 \end_layout @@ -14739,7 +13793,6 @@ Ein kleiner Test sieht wie folgt aus: \end_layout \begin_layout Code - # dig localhost @::1 \end_layout @@ -14756,22 +13809,18 @@ Folgende Optionen müssen geändert werden, damit IPv6 deaktiviert wird: \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - }; \end_layout @@ -14786,67 +13835,54 @@ ACLs mit IPv6 Adressen sind realisierbar und sollten wann immer möglich \end_layout \begin_layout Code - acl internal-net { \end_layout \begin_layout Code - 127.0.0.1; \end_layout \begin_layout Code - 1.2.3.0/24; \end_layout \begin_layout Code - 2001:0db8:100::/56; \end_layout \begin_layout Code - ::1/128; \end_layout \begin_layout Code - ::ffff:1.2.3.4/128; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - acl ns-internal-net { \end_layout \begin_layout Code - 1.2.3.4; \end_layout \begin_layout Code - 1.2.3.5; \end_layout \begin_layout Code - 2001:0db8:100::4/128; \end_layout \begin_layout Code - 2001:0db8:100::5/128; \end_layout \begin_layout Code - }; \end_layout @@ -14858,32 +13894,26 @@ Diese ACLs können für Client-Anfragen und Zonentransfers zu Secondary Nameserv \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - allow-query { internal-net; }; \end_layout \begin_layout Code - allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code - }; \end_layout @@ -14909,7 +13939,6 @@ Diese Option ist nicht verpflichtend, ev. \end_layout \begin_layout Code - query-source-v6 address port ; \end_layout @@ -14930,7 +13959,6 @@ Die Transfer source Adresse wird für ausgehende Zonentransfers verwendet: \end_layout \begin_layout Code - transfer-source-v6 [port port]; \end_layout @@ -14943,7 +13971,6 @@ Die Notify source Adresse wird für ausgehende notify Mitteilungen verwendet: \end_layout \begin_layout Code - notify-source-v6 [port port]; \end_layout @@ -15100,27 +14127,22 @@ Eine IPv6 Verbindung kann durch Angabe eines dedizierten Server, der abgefragt \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -15129,7 +14151,6 @@ Aliases: \end_layout \begin_layout Code - Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -15139,17 +14160,14 @@ Ein entsprechender Log-Eintrag sieht wie folgt aus: \end_layout \begin_layout Code - Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code - ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code - query denied \end_layout @@ -15168,27 +14186,22 @@ Eine erfolgreiche IPv6 Verbindung sieht wie folgt aus: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -15197,14 +14210,12 @@ Aliases: \end_layout \begin_layout Code - www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code - 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -15249,52 +14260,42 @@ Wenn Sie nun einen "eingebauten" Service wie z.B. \end_layout \begin_layout Code - # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code - --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code - +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code - @@ -10,5 +10,5 @@ \end_layout \begin_layout Code - protocol = tcp \end_layout \begin_layout Code - user = root \end_layout \begin_layout Code - wait = no \end_layout \begin_layout Code - - disable = yes \end_layout \begin_layout Code - + disable = no \end_layout \begin_layout Code - } \end_layout @@ -15304,27 +14305,22 @@ dann sollten Sie nach einem Neustart des xinetd-Dienstes z.B. \end_layout \begin_layout Code - # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code - ¬ daytime/tcp \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -15385,27 +14381,22 @@ Virtueller Host mit IPv6 Adresse \end_layout \begin_layout Code - Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -15414,32 +14405,26 @@ Virtueller Host mit IPv4 und IPv6 Adresse \end_layout \begin_layout Code - Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code - Listen 1.2.3.4:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -15448,24 +14433,20 @@ Das Ergebnis sollten nach einen Neustart des Dienstes etwa Folgendes sein: \end_layout \begin_layout Code - # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -15572,52 +14553,42 @@ Die Konfigurationsdatei des radvd ist normalerweise die Datei /etc/radvd.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code - AdvOnLink on; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -15626,28 +14597,23 @@ Als Ergebnis auf der Client-Seite ergibt sich hieraus: \end_layout \begin_layout Code - # ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -15674,67 +14640,54 @@ Seit der Version 0.6.2pl3 wird die automatische (Neu)-Erstellung des Präfixes \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code - AdvOnLink off; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - Base6to4Interface ppp0; \end_layout \begin_layout Code - AdvPreferredLifetime 20; \end_layout \begin_layout Code - AdvValidLifetime 30; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -15744,28 +14697,23 @@ Das Ergebnis auf Clientseite ist (unter der Annahme, dass ppp0 die lokale \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -15784,7 +14732,6 @@ Achtung: wenn keine spezielle 6to4-Unterstützung der initscripts benutzt \end_layout \begin_layout Code - # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -15814,107 +14761,86 @@ radvdump \end_layout \begin_layout Code - # radvdump \end_layout \begin_layout Code - Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code - AdvCurHopLimit: 64 \end_layout \begin_layout Code - AdvManagedFlag: off \end_layout \begin_layout Code - AdvOtherConfigFlag: off \end_layout \begin_layout Code - AdvHomeAgentFlag: off \end_layout \begin_layout Code - AdvReachableTime: 0 \end_layout \begin_layout Code - AdvRetransTimer: 0 \end_layout \begin_layout Code - Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 30 \end_layout \begin_layout Code - AdvPreferredLifetime: 20 \end_layout \begin_layout Code - AdvOnLink: off \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 2592000 \end_layout \begin_layout Code - AdvPreferredLifetime: 604800 \end_layout \begin_layout Code - AdvOnLink: on \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -15980,67 +14906,54 @@ Die Konfigurationsdatei des dhcp6s ist normalerweise /etc/dhcp6s.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - server-preference 255; \end_layout \begin_layout Code - renew-time 60; \end_layout \begin_layout Code - rebind-time 90; \end_layout \begin_layout Code - prefer-life-time 130; \end_layout \begin_layout Code - valid-life-time 200; \end_layout \begin_layout Code - allow rapid-commit; \end_layout \begin_layout Code - option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code - link AAA { \end_layout \begin_layout Code - range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code - prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -16064,22 +14977,18 @@ Die Konfigurationsdatei von dhcp6c ist normalerweise /etc/dhcp6c.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - send rapid-commit; \end_layout \begin_layout Code - request domain-name-servers; \end_layout \begin_layout Code - }; \end_layout @@ -16103,7 +15012,6 @@ Starten des Servers, z.B. \end_layout \begin_layout Code - # service dhcp6s start \end_layout @@ -16121,12 +15029,10 @@ Starten des Clients im Vordergrund, z.B. \end_layout \begin_layout Code - # dhcp6c -f eth0 \end_layout \begin_layout Code - ... \end_layout @@ -16150,7 +15056,6 @@ Der Server hat einen Vordergrund und zwei Debug-Schalter (von denen beide \end_layout \begin_layout Code - # dhcp6c -d -D -f eth0 \end_layout @@ -16168,7 +15073,6 @@ Mit einem IPv6 Ping an die DHCP Multicast-Adresse kann getestet werden, \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1:2 \end_layout @@ -16179,58 +15083,47 @@ Der Client hat einen Vordergrund und zwei Debug-Schalter, hier ein Beispiel: \end_layout \begin_layout Code - # dhcp6c -d -f eth0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code - Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -16297,88 +15190,71 @@ Erstellen einer eigenen Konfigurationsdatei /etc/dhcp/dhcpd6.conf für den \end_layout \begin_layout Code - default-lease-time 600; \end_layout \begin_layout Code - max-lease-time 7200; \end_layout \begin_layout Code - log-facility local7; \end_layout \begin_layout Code - subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients \end_layout \begin_layout Code - range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout \begin_layout Code - # Additional options \end_layout \begin_layout Code - option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code - option dhcp6.domain-search "domain.example"; \end_layout \begin_layout Code - # Prefix range for delegation to sub-routers \end_layout \begin_layout Code - prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout \begin_layout Code - # Example for a fixed host address \end_layout \begin_layout Code - host specialclient { \end_layout \begin_layout Code - host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code - fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -16417,7 +15293,6 @@ dhcp6c \end_layout \begin_layout Code - # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -16443,56 +15318,46 @@ Starte den Server im Vordergrund: \end_layout \begin_layout Code - # /usr/sbin/dhcpd -6 -f -cf /etc/dhcp/dhcpd.conf eth1 \end_layout \begin_layout Code - Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code - Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code - All rights reserved. \end_layout \begin_layout Code - For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code - Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code - Wrote 0 leases to leases file. \end_layout \begin_layout Code - Bound to *:547 \end_layout \begin_layout Code - Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code - Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -16535,62 +15400,50 @@ Erstellen der Konfigurationsdatei /etc/dibbler/server.conf . \end_layout \begin_layout Code - log-level 8 \end_layout \begin_layout Code - log-mode short \end_layout \begin_layout Code - preference 0 \end_layout \begin_layout Code - iface "eth1" { \end_layout \begin_layout Code - prefered-lifetime 3600 \end_layout \begin_layout Code - valid-lifetime 7200 \end_layout \begin_layout Code - class { \end_layout \begin_layout Code - pool 2001:db8:0:1::/64 \end_layout \begin_layout Code - } \end_layout \begin_layout Code - option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code - option domain domain.example \end_layout \begin_layout Code - } \end_layout @@ -16613,148 +15466,124 @@ Start Server im Vorgergrund: \end_layout \begin_layout Code - # dibbler-server run \end_layout \begin_layout Code - | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code - | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code - | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code - | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code - 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code - 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code - 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code - 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code - 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code - 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code - 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code - 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code - 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code - 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code - 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code - 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -16819,7 +15648,6 @@ s.allow sowie /etc/hosts.deny. \end_layout \begin_layout Code - $ man hosts.allow \end_layout @@ -16834,13 +15662,11 @@ In dieser Datei wird ein Dienst pro Zeile eingetragen, der positiv gefiltert \end_layout \begin_layout Code - sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code - daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -16861,7 +15687,6 @@ In dieser Datei werden alle Einträge negativ gefiltert. \end_layout \begin_layout Code - ALL: ALL \end_layout @@ -16873,12 +15698,10 @@ Sie können bei Bedarf obige Standardzeile auch durch Folgende ersetzen, \end_layout \begin_layout Code - ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code - | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -16901,22 +15724,18 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code - Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -16927,27 +15746,22 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code - Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code - Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code - ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -16961,22 +15775,18 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem durch den xinetd \end_layout \begin_layout Code - Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -16986,22 +15796,18 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem auf zwei Ports hörenden \end_layout \begin_layout Code - Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ port 33381 ssh2 \end_layout \begin_layout Code - Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -17037,7 +15843,6 @@ listen \end_layout \begin_layout Code - listen_ipv6=yes \end_layout @@ -17072,27 +15877,22 @@ Editiere die Konfigurationsdatei, üblicherweise /etc/proftpd.conf, allerdings \end_layout \begin_layout Code - \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Bind 2001:0DB8::1 \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - \end_layout diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf index 6d1a0c7f..58d01481 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml index 2c1fd10a..3aa1a521 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml @@ -26,17 +26,17 @@ <!-- anchor id="general-copright" -->Copyright, Lizenz und anderes Copyright -Verfasst von und urheberrechtlich geschützt durch Peter Bieringer © 2001-2011. +Verfasst von und urheberrechtlich geschützt durch Peter Bieringer © 2001-2013. Deutsche Übersetzung: -Verfasst von und urheberrechtlich geschützt durch Georg Käfer © 2002-2003, weitergeführt von Peter Bieringer © 2004-2011. +Verfasst von und urheberrechtlich geschützt durch Georg Käfer © 2002-2003, weitergeführt von Peter Bieringer © 2004-2013. Lizenz Dieses Linux IPv6 HOWTO wird unter der GNU GPL Version 2 herausgegeben: Dieses Linux IPv6 HOWTO ist ein Handbuch zur Anwendung und Konfiguration von IPv6 auf Linux-Systemen. -Copyright © 2001-2011 Peter Bieringer -Deutsche Übersetzung Copyright © 2002-2003 Georg Käfer, weitergeführt von Peter Bieringer © 2004-2011. +Copyright © 2001-2013 Peter Bieringer +Deutsche Übersetzung Copyright © 2002-2003 Georg Käfer, weitergeführt von Peter Bieringer © 2004-2013. Diese Dokumentation ist freie Software; Sie können diese unter den Bedingungen der GNU General Public License, wie von der Free Software Foundation publiziert, entweder unter Version 2 oder optional jede höhere Version redistribuieren und/oder modifizieren. Dieses Programm wird in der Hoffnung verteilt, dass es für Sie nutzvoll ist, jedoch OHNE JEDWEDER GEWÄHRLEISTUNG; sogar ohne der implizierten Gewährleistung der MARKTFÄHIGKEIT oder der FÄHIGKEIT ZU EINEM BESONDEREN ZWECK bzw. VORSATZ. Weitere Details finden Sie in der GNU General Public License. @@ -1953,7 +1953,7 @@ Chain intOUT (1 references) ]]> IPv6 Destination NAT Eine dedizierte öffentliche IPv6-Adresse kann zu einer internen IPv6-Adresse weitergeleitet werden, z.B. - IPv6 Port Weiterleitung Ein dedizierter Port kann zu einem internen System weitergeleitet werden, z.B. diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html index 523040f7..a9a514e4 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.html @@ -894,7 +894,7 @@ NAME="AEN41" >1.1.1. Copyright

Written and Copyright (C) 2001-2011 by Peter Bieringer

Written and Copyright (C) 2001-2013 by Peter Bieringer

# ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345/128 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345
# ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345
0.65
0.66

2010-04-20/PB: extend QoS section with examples

2010-04-20/PB: extend QoS section with examples, 20130513/PB: add IPv6 NAT hints

0.65
\end_layout @@ -1289,7 +1287,6 @@ For real use on your system command line or in scripts this has to be replaced \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -1302,7 +1299,6 @@ Commands executable as non-root user begin with $, e.g. \end_layout \begin_layout Code - $ whoami \end_layout @@ -1311,7 +1307,6 @@ Commands executable as root user begin with #, e.g. \end_layout \begin_layout Code - # whoami \end_layout @@ -1506,72 +1501,58 @@ The first IPv6 related network code was added to the Linux kernel 2.1.8 in \end_layout \begin_layout Code - diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h \end_layout \begin_layout Code - ¬ linux/include/linux/in6.h \end_layout \begin_layout Code - --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 \end_layout \begin_layout Code - +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 \end_layout \begin_layout Code - @@ -0,0 +1,99 @@ \end_layout \begin_layout Code - +/* \end_layout \begin_layout Code - + * Types and definitions for AF_INET6 \end_layout \begin_layout Code - + * Linux INET6 implementation \end_layout \begin_layout Code - + * + * Authors: \end_layout \begin_layout Code - + * Pedro Roque <******> \end_layout \begin_layout Code - + * \end_layout \begin_layout Code - + * Source: \end_layout \begin_layout Code - + * IPv6 Program Interfaces for BSD Systems \end_layout \begin_layout Code - + * \end_layout @@ -1680,7 +1661,6 @@ As previously mentioned, IPv6 addresses are 128 bits long. \end_layout \begin_layout Code - 2^128-1: 340282366920938463463374607431768211455 \end_layout @@ -1703,7 +1683,6 @@ nibble \end_layout \begin_layout Code - 2^128-1: 0xffffffffffffffffffffffffffffffff \end_layout @@ -1721,7 +1700,6 @@ This representation is still not very convenient (possible mix-up or loss \end_layout \begin_layout Code - 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \end_layout @@ -1731,7 +1709,6 @@ A usable address (see address types later) is e.g.: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout @@ -1742,12 +1719,10 @@ For simplifications, leading zeros of each 16 bit block can be omitted: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -> \end_layout \begin_layout Code - ¬ 2001:db8:100:f101:210:a4ff:fee3:9566 \end_layout @@ -1773,7 +1748,6 @@ ion. \end_layout \begin_layout Code - 2001:0db8:100:f101:0:0:0:1 -> 2001:db8:100:f101::1 \end_layout @@ -1783,7 +1757,6 @@ The biggest reduction is seen by the IPv6 localhost address: \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 \end_layout @@ -1807,12 +1780,10 @@ target "http://www.faqs.org/rfcs/rfc1924.html" \end_layout \begin_layout Code - # ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566 \end_layout \begin_layout Code - 9R}vSQZ1W=9A_Q74Lz&R \end_layout @@ -2023,7 +1994,6 @@ This is a special address for the loopback interface, similiar to IPv4 with \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0001 \end_layout @@ -2032,7 +2002,6 @@ or compressed: \end_layout \begin_layout Code - ::1 \end_layout @@ -2068,7 +2037,6 @@ any \end_layout \begin_layout Code - 0000:0000:0000:0000:0000:0000:0000:0000 \end_layout @@ -2077,7 +2045,6 @@ or: \end_layout \begin_layout Code - :: \end_layout @@ -2113,7 +2080,6 @@ These addresses are defined with a special prefix of length 96 (a.b.c.d is \end_layout \begin_layout Code - 0:0:0:0:0:ffff:a.b.c.d/96 \end_layout @@ -2122,7 +2088,6 @@ or in compressed format \end_layout \begin_layout Code - ::ffff:a.b.c.d/96 \end_layout @@ -2131,7 +2096,6 @@ For example, the IPv4 address 1.2.3.4 looks like this: \end_layout \begin_layout Code - ::ffff:1.2.3.4 \end_layout @@ -2160,7 +2124,6 @@ reference "tunneling-6to4" \end_layout \begin_layout Code - 0:0:0:0:0:0:a.b.c.d/96 \end_layout @@ -2169,7 +2132,6 @@ or in compressed format \end_layout \begin_layout Code - ::a.b.c.d/96 \end_layout @@ -2250,22 +2212,18 @@ x \end_layout \begin_layout Code - fe8x: <- currently the only one in use \end_layout \begin_layout Code - fe9x: \end_layout \begin_layout Code - feax: \end_layout \begin_layout Code - febx: \end_layout @@ -2311,22 +2269,18 @@ It begins with: \end_layout \begin_layout Code - fecx: <- most commonly used \end_layout \begin_layout Code - fedx: \end_layout \begin_layout Code - feex: \end_layout \begin_layout Code - fefx: \end_layout @@ -2401,12 +2355,10 @@ It begins with: \end_layout \begin_layout Code - fcxx: \end_layout \begin_layout Code - fdxx: <- currently the only one in use \end_layout @@ -2429,7 +2381,6 @@ target "http://www.goebel-consult.de/ipv6/createLULA" \end_layout \begin_layout Code - fd0f:8b72:ac90::/48 \end_layout @@ -2461,12 +2412,10 @@ x \end_layout \begin_layout Code - 2xxx: \end_layout \begin_layout Code - 3xxx: \end_layout @@ -2497,7 +2446,6 @@ These were the first global addresses which were defined and in use. \end_layout \begin_layout Code - 3ffe: \end_layout @@ -2506,7 +2454,6 @@ Example: \end_layout \begin_layout Code - 3ffe:ffff:100:f102::1 \end_layout @@ -2516,7 +2463,6 @@ A special 6bone test address which will never be globally unique begins \end_layout \begin_layout Code - 3ffe:ffff: \end_layout @@ -2568,7 +2514,6 @@ target "http://www.faqs.org/rfcs/rfc2893.html" \end_layout \begin_layout Code - 2002: \end_layout @@ -2577,7 +2522,6 @@ For example, representing 192.168.1.1/5: \end_layout \begin_layout Code - 2002:c0a8:0101:5::1 \end_layout @@ -2587,12 +2531,10 @@ A small shell command line can help you generating such address out of a \end_layout \begin_layout Code - ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 \end_layout \begin_layout Code - ¬ | tr "." " "` $sla \end_layout @@ -2626,7 +2568,6 @@ These addresses are delegated to Internet service providers (ISP) and begin \end_layout \begin_layout Code - 2001: \end_layout @@ -2665,12 +2606,10 @@ target "http://www.faqs.org/rfcs/rfc3849.html" \end_layout \begin_layout Code - 3fff:ffff::/32 \end_layout \begin_layout Code - 2001:0DB8::/32 EXAMPLENET-WF \end_layout @@ -2699,7 +2638,6 @@ xx \end_layout \begin_layout Code - ffxy: \end_layout @@ -2788,7 +2726,6 @@ An example of this address looks like \end_layout \begin_layout Code - ff02::1:ff00:1234 \end_layout @@ -2845,7 +2782,6 @@ A simple example for an anycast address is the subnet-router anycast address. \end_layout \begin_layout Code - 2001:db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address \end_layout @@ -2855,7 +2791,6 @@ The subnet-router anycast address will be created blanking the suffix (least \end_layout \begin_layout Code - 2001:db8:100:f101::/64 <- subnet-router anycast address \end_layout @@ -2895,7 +2830,6 @@ E.g. \end_layout \begin_layout Code - 00:10:a4:01:23:45 \end_layout @@ -2913,7 +2847,6 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html" \end_layout \begin_layout Code - 0210:a4ff:fe01:2345 \end_layout @@ -2923,7 +2856,6 @@ With a given prefix, the result is the IPv6 address shown in example above: \end_layout \begin_layout Code - 2001:0db8:0100:f101:0210:a4ff:fe01:2345 \end_layout @@ -2976,7 +2908,6 @@ For servers, it's probably easier to remember simpler addresses, this can \end_layout \begin_layout Code - 2001:0db8:100:f101::1 \end_layout @@ -3068,7 +2999,6 @@ An example: \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 \end_layout @@ -3082,7 +3012,6 @@ Network: \end_layout \begin_layout Code - 2001:0db8:0100:0000:0000:0000:0000:0000 \end_layout @@ -3091,7 +3020,6 @@ Netmask: \end_layout \begin_layout Code - ffff:ffff:ffff:0000:0000:0000:0000:0000 \end_layout @@ -3110,12 +3038,10 @@ For example if a routing table shows following entries (list is not complete): \end_layout \begin_layout Code - 2001:0db8:100::/48 :: U 1 0 0 sit1 \end_layout \begin_layout Code - 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 \end_layout @@ -3125,12 +3051,10 @@ Shown destination addresses of IPv6 packets will be routed through shown \end_layout \begin_layout Code - 2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1 \end_layout \begin_layout Code - 2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4 \end_layout @@ -3194,7 +3118,6 @@ To check, whether your current running kernel supports IPv6, take a look \end_layout \begin_layout Code - /proc/net/if_inet6 \end_layout @@ -3204,7 +3127,6 @@ A short automatical test looks like: \end_layout \begin_layout Code - # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" \end_layout @@ -3223,7 +3145,6 @@ You can try to load the IPv6 module executing \end_layout \begin_layout Code - # modprobe ipv6 \end_layout @@ -3234,7 +3155,6 @@ If this is successful, this module should be listed, testable with following \end_layout \begin_layout Code - # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" \end_layout @@ -3259,7 +3179,6 @@ Its possible to automatically load the IPv6 module on demand. \end_layout \begin_layout Code - alias net-pf-10 ipv6 # automatically load IPv6 module on demand \end_layout @@ -3269,7 +3188,6 @@ It's also possible to disable automatically loading of the IPv6 module using \end_layout \begin_layout Code - alias net-pf-10 off # disable automatically load of IPv6 module on demand \end_layout @@ -3527,12 +3445,10 @@ Auto-magically check: \end_layout \begin_layout Code - # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is \end_layout \begin_layout Code - ¬ IPv6-ready" \end_layout @@ -3546,7 +3462,6 @@ route \end_layout \begin_layout Code - # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" \end_layout @@ -3565,7 +3480,6 @@ Alexey N. \end_layout \begin_layout Code - # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" \end_layout @@ -3629,17 +3543,14 @@ Usage \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 \end_layout \begin_layout Code - # ping6 [-I ] \end_layout @@ -3648,17 +3559,14 @@ Example \end_layout \begin_layout Code - # ping6 -c 1 ::1 \end_layout \begin_layout Code - PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec \end_layout @@ -3667,17 +3575,14 @@ PING ::1(::1) from ::1 : 56 data bytes \end_layout \begin_layout Code - --- ::1 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss \end_layout \begin_layout Code - round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms \end_layout @@ -3708,12 +3613,10 @@ Using link-local addresses for an IPv6 ping, the kernel does not know through \end_layout \begin_layout Code - # ping6 fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - connect: Invalid argument \end_layout @@ -3722,22 +3625,18 @@ In this case you have to specify the interface additionally like shown here: \end_layout \begin_layout Code - # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 \end_layout \begin_layout Code - PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec \end_layout @@ -3746,17 +3645,14 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from \end_layout \begin_layout Code - --- fe80::2e0:18ff:fe90:9205 ping statistics --- \end_layout \begin_layout Code - 1 packets transmitted, 1 packets received, 0% packet loss round-trip \end_layout \begin_layout Code - ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms \end_layout @@ -3770,22 +3666,18 @@ An interesting mechanism to detect IPv6-active hosts on a link is to ping6 \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1 \end_layout \begin_layout Code - PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes \end_layout \begin_layout Code - 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms \end_layout \begin_layout Code - 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) \end_layout @@ -3817,51 +3709,42 @@ iputils \end_layout \begin_layout Code - # traceroute6 www.6bone.net \end_layout \begin_layout Code - traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 \end_layout \begin_layout Code - ¬ hops max, 16 byte packets \end_layout \begin_layout Code - 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms \end_layout \begin_layout Code - 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms \end_layout \begin_layout Code - 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms \end_layout \begin_layout Code - 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms \end_layout \begin_layout Code - 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms \end_layout \begin_layout Code - 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms \end_layout @@ -3896,52 +3779,42 @@ iputils \end_layout \begin_layout Code - # tracepath6 www.6bone.net \end_layout \begin_layout Code - 1?: [LOCALHOST] pmtu 1480 \end_layout \begin_layout Code - 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms \end_layout \begin_layout Code - 2: 3ffe:b00:c18::5 267.864ms \end_layout \begin_layout Code - 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 \end_layout \begin_layout Code - 3: 3ffe:3900:5::2 asymm 4 346.632ms \end_layout \begin_layout Code - 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms \end_layout \begin_layout Code - 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms \end_layout \begin_layout Code - 6: 3ffe:3800::1:1 asymm 4 578.126ms !N \end_layout \begin_layout Code - Resume: pmtu 1280 \end_layout @@ -4030,32 +3903,26 @@ IPv6 ping to \end_layout \begin_layout Code - # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on eth0 \end_layout \begin_layout Code - 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo \end_layout \begin_layout Code - ¬ request (len 64, hlim 64) \end_layout \begin_layout Code - 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo \end_layout \begin_layout Code - ¬ reply (len 64, hlim 64) \end_layout @@ -4072,52 +3939,42 @@ IPv6 ping to \end_layout \begin_layout Code - # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 \end_layout \begin_layout Code - tcpdump: listening on ppp0 \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29887, len 124) \end_layout \begin_layout Code - 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request \end_layout \begin_layout Code - ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) \end_layout \begin_layout Code - 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len \end_layout \begin_layout Code - ¬ 64, hlim 61) (ttl 23, id 29919, len 124) \end_layout @@ -4178,7 +4035,6 @@ Because of security updates in the last years every Domain Name System (DNS) \end_layout \begin_layout Code - # host -t AAAA www.join.uni-muenster.de \end_layout @@ -4187,20 +4043,17 @@ and should show something like following: \end_layout \begin_layout Code - www.join.uni-muenster.de. is an alias for tolot.join.uni-muenster.de. \end_layout \begin_layout Code - tolot.join.uni-muenster.de. has AAAA address \end_layout \begin_layout Code - ¬ 2001:638:500:101:2e0:81ff:fe24:37c6 \end_layout @@ -4214,30 +4067,25 @@ IPv6-ready telnet clients are available. \end_layout \begin_layout Code - $ telnet 3ffe:400:100::1 80 \end_layout \begin_layout Code - Trying 3ffe:400:100::1... \end_layout \begin_layout Code - Connected to 3ffe:400:100::1. \end_layout \begin_layout Code - Escape character is '^]'. \end_layout \begin_layout Code - HEAD / HTTP/1.0 \end_layout @@ -4246,47 +4094,38 @@ HEAD / HTTP/1.0 \end_layout \begin_layout Code - HTTP/1.1 200 OK \end_layout \begin_layout Code - Date: Sun, 16 Dec 2001 16:07:21 \end_layout \begin_layout Code - GMT Server: Apache/2.0.28 (Unix) \end_layout \begin_layout Code - Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT \end_layout \begin_layout Code - ETag: "3f02-a4d-b1b3e080" \end_layout \begin_layout Code - Accept-Ranges: bytes \end_layout \begin_layout Code - Content-Length: 2637 \end_layout \begin_layout Code - Connection: close \end_layout \begin_layout Code - Content-Type: text/html; charset=ISO-8859-1 \end_layout @@ -4295,7 +4134,6 @@ Content-Type: text/html; charset=ISO-8859-1 \end_layout \begin_layout Code - Connection closed by foreign host. \end_layout @@ -4336,17 +4174,14 @@ Current versions of openssh are IPv6-ready. \end_layout \begin_layout Code - $ ssh -6 ::1 \end_layout \begin_layout Code - user@::1's password: ****** \end_layout \begin_layout Code - [user@ipv6host user]$ \end_layout @@ -4801,12 +4636,10 @@ Usage: \end_layout \begin_layout Code - # ip link set dev up \end_layout \begin_layout Code - # ip link set dev down \end_layout @@ -4819,12 +4652,10 @@ Example: \end_layout \begin_layout Code - # ip link set dev eth0 up \end_layout \begin_layout Code - # ip link set dev eth0 down \end_layout @@ -4838,12 +4669,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig up \end_layout \begin_layout Code - # /sbin/ifconfig down \end_layout @@ -4852,12 +4681,10 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 up \end_layout \begin_layout Code - # /sbin/ifconfig eth0 down \end_layout @@ -4896,7 +4723,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev \end_layout @@ -4905,27 +4731,22 @@ Example for a static configured host: \end_layout \begin_layout Code - # /sbin/ip -6 addr show dev eth0 \end_layout \begin_layout Code - 2: eth0: \end_layout @@ -4997,22 +4809,18 @@ Example (output filtered with grep to display only IPv6 addresses). \end_layout \begin_layout Code - # /sbin/ifconfig eth0 |grep "inet6 addr:" \end_layout \begin_layout Code - inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link \end_layout \begin_layout Code - inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global \end_layout \begin_layout Code - inet6 addr: fec0:0:0:f101::1/64 Scope:Site \end_layout @@ -5034,7 +4842,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr add / dev \end_layout @@ -5043,7 +4850,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5057,7 +4863,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 add / \end_layout @@ -5066,7 +4871,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64 \end_layout @@ -5089,7 +4893,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 addr del / dev \end_layout @@ -5098,7 +4901,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 \end_layout @@ -5112,7 +4914,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ifconfig inet6 del / \end_layout @@ -5121,7 +4922,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64 \end_layout @@ -5162,7 +4962,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route show [dev ] \end_layout @@ -5172,27 +4971,22 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route show dev eth0 \end_layout \begin_layout Code - 2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 \end_layout \begin_layout Code - default proto kernel metric 256 mtu 1500 advmss 1440 \end_layout @@ -5206,7 +5000,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -5218,42 +5011,34 @@ Example (output is filtered for interface eth0). \end_layout \begin_layout Code - # /sbin/route -A inet6 |grep -w "eth0" \end_layout \begin_layout Code - 2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local \end_layout \begin_layout Code - ¬ address \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast \end_layout \begin_layout Code - ¬ addresses \end_layout \begin_layout Code - ::/0 :: UDA 256 0 0 eth0 <- Automatic default route \end_layout @@ -5276,12 +5061,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5290,7 +5073,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2001:0db8:0:f101::1 \end_layout @@ -5304,12 +5086,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / gw \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5327,7 +5107,6 @@ Following shown example adds a default route through gateway \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1 \end_layout @@ -5351,12 +5130,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / via \end_layout \begin_layout Code - ¬ [dev ] \end_layout @@ -5365,7 +5142,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route del default via 2001:0db8:0:f101::1 \end_layout @@ -5379,12 +5155,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / gw [dev \end_layout \begin_layout Code - ¬ ] \end_layout @@ -5393,7 +5167,6 @@ Example for removing upper added route again: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1 \end_layout @@ -5416,12 +5189,10 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route add / dev \end_layout \begin_layout Code - ¬ metric 1 \end_layout @@ -5430,7 +5201,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route add default dev eth0 metric 1 \end_layout @@ -5473,7 +5243,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 add / dev \end_layout @@ -5482,7 +5251,6 @@ Example: \end_layout \begin_layout Code - # /sbin/route -A inet6 add default dev eth0 \end_layout @@ -5505,7 +5273,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 route del / dev \end_layout @@ -5514,7 +5281,6 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 route del default dev eth0 \end_layout @@ -5528,7 +5294,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 del / dev \end_layout @@ -5538,7 +5303,6 @@ Example: \end_layout \begin_layout Code - # /sbin/route -A inet6 del default dev eth0 \end_layout @@ -5577,17 +5341,14 @@ Client can setup a default route like prefix \end_layout \begin_layout Code - # ip -6 route show | grep ^default \end_layout \begin_layout Code - default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires \end_layout \begin_layout Code - ¬ 29sec mtu 1500 advmss 1440 \end_layout @@ -5669,7 +5430,6 @@ With following command you can display the learnt or configured IPv6 neighbors \end_layout \begin_layout Code - # ip -6 neigh show [dev ] \end_layout @@ -5678,12 +5438,10 @@ The following example shows one neighbor, which is a reachable router \end_layout \begin_layout Code - # ip -6 neigh show \end_layout \begin_layout Code - fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable \end_layout @@ -5708,7 +5466,6 @@ With following command you are able to manually add an entry \end_layout \begin_layout Code - # ip -6 neigh add lladdr dev \end_layout @@ -5717,7 +5474,6 @@ Example: \end_layout \begin_layout Code - # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5730,7 +5486,6 @@ Like adding also an entry can be deleted: \end_layout \begin_layout Code - # ip -6 neigh del lladdr dev \end_layout @@ -5739,7 +5494,6 @@ Example: \end_layout \begin_layout Code - # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 \end_layout @@ -5769,28 +5523,23 @@ help \end_layout \begin_layout Code - # ip -6 neigh help \end_layout \begin_layout Code - Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] \end_layout \begin_layout Code - [ nud { permanent | noarp | stale | reachable } ] \end_layout \begin_layout Code - | proxy ADDR } [ dev DEV ] \end_layout \begin_layout Code - ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] \end_layout @@ -5952,27 +5701,22 @@ target "http://www.faqs.org/rfcs/rfc3056.html" \end_layout \begin_layout Code - | 3+13 | 32 | 16 | 64 bits | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout \begin_layout Code - | FP+TLA | V4ADDR | SLA ID | Interface ID | \end_layout \begin_layout Code - | 0x2002 | | | | \end_layout \begin_layout Code - +---+------+-----------+--------+--------------------------------+ \end_layout @@ -6176,7 +5920,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -6185,17 +5928,14 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show \end_layout \begin_layout Code - sit0: ipv6/ip remote any local any ttl 64 nopmtudisc \end_layout \begin_layout Code - sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 \end_layout @@ -6208,7 +5948,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/route -A inet6 \end_layout @@ -6218,7 +5957,6 @@ Example (output is filtered to display only tunnels through virtual interface \end_layout \begin_layout Code - # /sbin/route -A inet6 | grep " \backslash Wsit0 @@ -6227,27 +5965,22 @@ W*$" \end_layout \begin_layout Code - ::/96 :: U 256 2 0 sit0 \end_layout \begin_layout Code - 2002::/16 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 \end_layout \begin_layout Code - fe80::/10 :: UA 256 0 0 sit0 \end_layout \begin_layout Code - ff00::/8 :: UA 256 0 0 sit0 \end_layout @@ -6313,12 +6046,10 @@ Usage for creating a tunnel device (but it's not up afterward, also a TTL \end_layout \begin_layout Code - # /sbin/ip tunnel add mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -6327,22 +6058,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit1 mode sit ttl remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit1 metric 1 \end_layout @@ -6351,22 +6078,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit2 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit2 metric 1 \end_layout @@ -6375,22 +6098,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip tunnel add sit3 mode sit ttl \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev sit3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev sit3 metric 1 \end_layout @@ -6411,7 +6130,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6420,17 +6138,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit1 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout @@ -6439,17 +6154,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit2 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit2 \end_layout @@ -6458,17 +6170,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 tunnel \end_layout \begin_layout Code - # /sbin/ifconfig sit3 up \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit3 \end_layout @@ -6494,7 +6203,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6503,32 +6211,26 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 add gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6557,7 +6259,6 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code - # /sbin/ip tunnel del \end_layout @@ -6566,17 +6267,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit1 \end_layout \begin_layout Code - # /sbin/ip link set sit1 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit1 \end_layout @@ -6585,17 +6283,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit2 \end_layout \begin_layout Code - # /sbin/ip link set sit2 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit2 \end_layout @@ -6604,17 +6299,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev sit3 \end_layout \begin_layout Code - # /sbin/ip link set sit3 down \end_layout \begin_layout Code - # /sbin/ip tunnel del sit3 \end_layout @@ -6633,12 +6325,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit3 \end_layout \begin_layout Code - # /sbin/ifconfig sit3 down \end_layout @@ -6647,12 +6337,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del dev sit2 \end_layout \begin_layout Code - # /sbin/ifconfig sit2 down \end_layout @@ -6661,12 +6349,10 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 add dev sit1 \end_layout \begin_layout Code - # /sbin/ifconfig sit1 down \end_layout @@ -6675,7 +6361,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6697,32 +6382,26 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout \begin_layout Code - # /sbin/route -A inet6 del gw \end_layout \begin_layout Code - ¬ :: dev sit0 \end_layout @@ -6731,7 +6410,6 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -6790,7 +6468,6 @@ Assuming your IPv4 address is \end_layout \begin_layout Code - 1.2.3.4 \end_layout @@ -6799,7 +6476,6 @@ the generated 6to4 prefix will be \end_layout \begin_layout Code - 2002:0102:0304:: \end_layout @@ -6818,7 +6494,6 @@ Local 6to4 gateways should (but it's not a must, you can choose an arbitrary \end_layout \begin_layout Code - 2002:0102:0304::1 \end_layout @@ -6828,7 +6503,6 @@ Use e.g. \end_layout \begin_layout Code - ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` \end_layout @@ -6850,12 +6524,10 @@ Create a new tunnel device \end_layout \begin_layout Code - # /sbin/ip tunnel add tun6to4 mode sit ttl remote any local \end_layout \begin_layout Code - ¬ \end_layout @@ -6864,7 +6536,6 @@ Bring interface up \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 up \end_layout @@ -6873,7 +6544,6 @@ Add local 6to4 address to interface (note: prefix length 16 is important!) \end_layout \begin_layout Code - # /sbin/ip -6 addr add /16 dev tun6to4 \end_layout @@ -6883,7 +6553,6 @@ Add (default) route to the global IPv6 network using the all-6to4-routers \end_layout \begin_layout Code - # /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1 \end_layout @@ -6902,7 +6571,6 @@ ip \end_layout \begin_layout Code - # /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric 1 \end_layout @@ -6929,7 +6597,6 @@ Bring generic tunnel interface sit0 up \end_layout \begin_layout Code - # /sbin/ifconfig sit0 up \end_layout @@ -6938,7 +6605,6 @@ Add local 6to4 address to interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 add /16 \end_layout @@ -6948,7 +6614,6 @@ Add (default) route to the global IPv6 network using the all-6to4-relays \end_layout \begin_layout Code - # /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0 \end_layout @@ -6965,7 +6630,6 @@ Remove all routes through this dedicated tunnel device \end_layout \begin_layout Code - # /sbin/ip -6 route flush dev tun6to4 \end_layout @@ -6974,7 +6638,6 @@ Shut down interface \end_layout \begin_layout Code - # /sbin/ip link set dev tun6to4 down \end_layout @@ -6983,7 +6646,6 @@ Remove created tunnel device \end_layout \begin_layout Code - # /sbin/ip tunnel del tun6to4 \end_layout @@ -7020,7 +6682,6 @@ Remove (default) route through the 6to4 tunnel interface \end_layout \begin_layout Code - # /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0 \end_layout @@ -7029,7 +6690,6 @@ Remove local 6to4 address to interface \end_layout \begin_layout Code - # /sbin/ifconfig sit0 del /16 \end_layout @@ -7039,7 +6699,6 @@ Shut down generic tunnel device (take care about this, perhaps it's still \end_layout \begin_layout Code - # /sbin/ifconfig sit0 down \end_layout @@ -7079,7 +6738,6 @@ Usage: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show [] \end_layout @@ -7088,28 +6746,23 @@ Example: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel show mode any \end_layout \begin_layout Code - ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 \end_layout \begin_layout Code - ¬ flowlabel 0x00000 (flowinfo 0x00000000) \end_layout \begin_layout Code - ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit 4 \end_layout \begin_layout Code - ¬ hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000) \end_layout @@ -7126,12 +6779,10 @@ Usage for creating a 4over6 tunnel device (but it's not up afterward) \end_layout \begin_layout Code - # /sbin/ip tunnel add mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout @@ -7140,22 +6791,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl1 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl1 metric 1 \end_layout @@ -7164,22 +6811,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl2 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl2 metric 1 \end_layout @@ -7188,22 +6831,18 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote \end_layout \begin_layout Code - ¬ local \end_layout \begin_layout Code - # /sbin/ip link set dev ip6tnl3 up \end_layout \begin_layout Code - # /sbin/ip -6 route add dev ip6tnl3 metric 1 \end_layout @@ -7216,7 +6855,6 @@ Usage for removing a tunnel device: \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del \end_layout @@ -7225,17 +6863,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl1 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl1 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl1 \end_layout @@ -7244,17 +6879,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl2 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl2 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl2 \end_layout @@ -7263,17 +6895,14 @@ Usage (generic example for three tunnels): \end_layout \begin_layout Code - # /sbin/ip -6 route del dev ip6tnl3 \end_layout \begin_layout Code - # /sbin/ip link set ip6tnl3 down \end_layout \begin_layout Code - # /sbin/ip -6 tunnel del ip6tnl3 \end_layout @@ -7366,7 +6995,6 @@ The /proc-filesystem had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code - CONFIG_PROC_FS=y \end_layout @@ -7375,12 +7003,10 @@ The /proc-filesystem was mounted before, which can be tested using \end_layout \begin_layout Code - # mount | grep "type proc" \end_layout \begin_layout Code - none on /proc type proc (rw) \end_layout @@ -7411,12 +7037,10 @@ cat \end_layout \begin_layout Code - # cat /proc/sys/net/ipv6/conf/all/forwarding \end_layout \begin_layout Code - 0 \end_layout @@ -7437,7 +7061,6 @@ echo \end_layout \begin_layout Code - # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \end_layout @@ -7493,7 +7116,6 @@ The sysctl-interface had to be enabled in kernel, means on compiling following \end_layout \begin_layout Code - CONFIG_SYSCTL=y \end_layout @@ -7506,12 +7128,10 @@ The value of an entry can be retrieved now: \end_layout \begin_layout Code - # sysctl net.ipv6.conf.all.forwarding \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 0 \end_layout @@ -7524,12 +7144,10 @@ A new value can be set (if entry is writable): \end_layout \begin_layout Code - # sysctl -w net.ipv6.conf.all.forwarding=1 \end_layout \begin_layout Code - net.ipv6.conf.all.forwarding = 1 \end_layout @@ -7547,12 +7165,10 @@ Note: Don't use spaces around the \end_layout \begin_layout Code - # sysctl -w net.ipv4.ip_local_port_range="32768 61000" \end_layout \begin_layout Code - net.ipv4.ip_local_port_range = 32768 61000 \end_layout @@ -8020,12 +7636,10 @@ target "http://www.zebra.org/" \end_layout \begin_layout Code - ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), \end_layout \begin_layout Code - ¬ seq=426, pid=0 \end_layout @@ -8497,27 +8111,22 @@ net/ipv6/addrconf.c \end_layout \begin_layout Code - # cat /proc/net/if_inet6 \end_layout \begin_layout Code - 00000000000000000000000000000001 01 80 10 80 lo \end_layout \begin_layout Code - +------------------------------+ ++ ++ ++ ++ ++ \end_layout \begin_layout Code - | | | | | | \end_layout \begin_layout Code - 1 2 3 4 5 6 \end_layout @@ -8608,27 +8217,22 @@ net/ipv6/route.c \end_layout \begin_layout Code - # cat /proc/net/ipv6_route \end_layout \begin_layout Code - 00000000000000000000000000000000 00 00000000000000000000000000000000 00 \end_layout \begin_layout Code - +------------------------------+ ++ +------------------------------+ ++ \end_layout \begin_layout Code - | | | | \end_layout \begin_layout Code - 1 2 3 4 \end_layout @@ -8637,22 +8241,18 @@ net/ipv6/route.c \end_layout \begin_layout Code - ¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo \end_layout \begin_layout Code - ¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ \end_layout \begin_layout Code - ¬ | | | | | | \end_layout \begin_layout Code - ¬ 5 6 7 8 9 10 \end_layout @@ -8712,27 +8312,22 @@ Statistics about used IPv6 sockets. \end_layout \begin_layout Code - # cat /proc/net/sockstat6 \end_layout \begin_layout Code - TCP6: inuse 7 \end_layout \begin_layout Code - UDP6: inuse 2 \end_layout \begin_layout Code - RAW6: inuse 1 \end_layout \begin_layout Code - FRAG6: inuse 0 memory 0 \end_layout @@ -8914,375 +8509,307 @@ Example: \end_layout \begin_layout Code - # netstat -nlptu \end_layout \begin_layout Code - Active Internet connections (only servers) \end_layout \begin_layout Code - Proto Recv-Q Send-Q Local Address Foreign Address State \end_layout \begin_layout Code - ¬ PID/Program name \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 22433/lpd Waiting \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1746/smbd \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 3551/X \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18735/junkbuster \end_layout \begin_layout Code - tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN \end_layout \begin_layout Code - ¬ 6742/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - tcp 0 0 :::22 :::* LISTEN \end_layout \begin_layout Code - ¬ 1410/sshd \end_layout \begin_layout Code - tcp 0 0 :::6010 :::* LISTEN \end_layout \begin_layout Code - ¬ 13237/sshd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32768 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1258/rpc.statd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:2049 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32770 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1502/rpc.mountd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32771 0.0.0.0:* \end_layout \begin_layout Code - ¬ - \end_layout \begin_layout Code - udp 0 0 1.2.3.1:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:137 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 1.2.3.1:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:138 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1751/nmbd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:33044 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 1.2.3.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* \end_layout \begin_layout Code - ¬ 30734/named \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:67 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1530/dhcpd \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32858 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:4827 0.0.0.0:* \end_layout \begin_layout Code - ¬ 18822/(squid) \end_layout \begin_layout Code - udp 0 0 0.0.0.0:111 0.0.0.0:* \end_layout \begin_layout Code - ¬ 1230/portmap \end_layout \begin_layout Code - udp 0 0 :::53 :::* \end_layout \begin_layout Code - ¬ 30734/named \end_layout @@ -9314,32 +8841,26 @@ Router advertisement \end_layout \begin_layout Code - 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router \end_layout \begin_layout Code - ¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, \end_layout \begin_layout Code - ¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, \end_layout \begin_layout Code - ¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, \end_layout \begin_layout Code - ¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: \end_layout \begin_layout Code - ¬ 0:12:34:12:34:50) (len 88, hlim 255) \end_layout @@ -9392,12 +8913,10 @@ Router solicitation \end_layout \begin_layout Code - 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation \end_layout \begin_layout Code - ¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) \end_layout @@ -9465,12 +8984,10 @@ fe80::212:34ff:fe12:3456 \end_layout \begin_layout Code - 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) \end_layout @@ -9487,18 +9004,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9515,18 +9029,15 @@ Node wants to configure its global address \end_layout \begin_layout Code - 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has \end_layout \begin_layout Code - ¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim \end_layout \begin_layout Code - ¬ 255) \end_layout @@ -9547,18 +9058,15 @@ Node wants to send packages to \end_layout \begin_layout Code - 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: \end_layout \begin_layout Code - ¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, \end_layout \begin_layout Code - ¬ hlim 255) \end_layout @@ -9575,12 +9083,10 @@ fe80::10 \end_layout \begin_layout Code - 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor \end_layout \begin_layout Code - ¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) \end_layout @@ -9702,7 +9208,6 @@ You can test, whether your Linux distribution contain support for persistent \end_layout \begin_layout Code - /etc/sysconfig/network-scripts/network-functions-ipv6 \end_layout @@ -9711,13 +9216,11 @@ Auto-magically test: \end_layout \begin_layout Code - # test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "Main \end_layout \begin_layout Code - ¬ IPv6 script library exists" \end_layout @@ -9727,17 +9230,14 @@ The version of the library is important if you miss some features. \end_layout \begin_layout Code - # source /etc/sysconfig/network-scripts/network-functions-ipv6 && \end_layout \begin_layout Code - ¬ getversion_ipv6_functions \end_layout \begin_layout Code - 20011124 \end_layout @@ -9776,12 +9276,10 @@ Check whether running system has already IPv6 module loaded \end_layout \begin_layout Code - # modprobe -c | grep net-pf-10 \end_layout \begin_layout Code - alias net-pf-10 off \end_layout @@ -9799,7 +9297,6 @@ off \end_layout \begin_layout Code - NETWORKING_IPV6=yes \end_layout @@ -9808,7 +9305,6 @@ Reboot or restart networking using \end_layout \begin_layout Code - # service network restart \end_layout @@ -9817,12 +9313,10 @@ Now IPv6 module should be loaded \end_layout \begin_layout Code - # modprobe -c | grep ipv6 \end_layout \begin_layout Code - alias net-pf-10 ipv6 \end_layout @@ -9882,7 +9376,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IP6ADDR="/" \end_layout @@ -9908,7 +9401,6 @@ Edit file /etc/sysconfig/network/ifcfg- and setup following \end_layout \begin_layout Code - IPADDR="/" \end_layout @@ -9949,54 +9441,44 @@ Configure your interface. \end_layout \begin_layout Code - iface eth0 inet6 static \end_layout \begin_layout Code - pre-up modprobe ipv6 \end_layout \begin_layout Code - address 2001:0db8:1234:5::1:1 \end_layout \begin_layout Code - # To suppress completely autoconfiguration: \end_layout \begin_layout Code - # up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf \end_layout \begin_layout Code - netmask 64 \end_layout \begin_layout Code - # The router is autoconfigured and has no fixed address. \end_layout \begin_layout Code - # It is magically \end_layout \begin_layout Code - # found. (/proc/sys/net/ipv6/conf/all/accept_ra). Otherwise: \end_layout \begin_layout Code - #gateway 2001:0db8:1234:5::1 \end_layout @@ -10005,7 +9487,6 @@ And you reboot or you just \end_layout \begin_layout Code - # ifup --force eth0 \end_layout @@ -10076,22 +9557,18 @@ Example: \end_layout \begin_layout Code - # ip -6 addr show dev eth0 scope link \end_layout \begin_layout Code - 2: eth0: mtu 1500 qlen1000 \end_layout \begin_layout Code - inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link \end_layout \begin_layout Code - valid_lft forever preferred_lft forever \end_layout @@ -10593,7 +10070,6 @@ Change to source directory: \end_layout \begin_layout Code - # cd /path/to/src \end_layout @@ -10602,12 +10078,10 @@ Unpack and rename kernel sources \end_layout \begin_layout Code - # tar z|jxf kernel-version.tar.gz|bz2 \end_layout \begin_layout Code - # mv linux linux-version-iptables-version+IPv6 \end_layout @@ -10616,7 +10090,6 @@ Unpack iptables sources \end_layout \begin_layout Code - # tar z|jxf iptables-version.tar.gz|bz2 \end_layout @@ -10629,7 +10102,6 @@ Change to iptables directory \end_layout \begin_layout Code - # cd iptables-version \end_layout @@ -10638,7 +10110,6 @@ Apply pending patches \end_layout \begin_layout Code - # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10649,7 +10120,6 @@ Apply additional IPv6 related patches (still not in the vanilla kernel included) \end_layout \begin_layout Code - # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ \end_layout @@ -10688,12 +10158,10 @@ Check IPv6 extensions \end_layout \begin_layout Code - # make print-extensions \end_layout \begin_layout Code - Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport \end_layout @@ -10706,7 +10174,6 @@ Change to kernel sources \end_layout \begin_layout Code - # cd /path/to/src/linux-version-iptables-version/ \end_layout @@ -10715,12 +10182,10 @@ Edit Makefile \end_layout \begin_layout Code - - EXTRAVERSION = \end_layout \begin_layout Code - + EXTRAVERSION = -iptables-version+IPv6-try \end_layout @@ -10729,99 +10194,80 @@ Run configure, enable IPv6 related \end_layout \begin_layout Code - Code maturity level options \end_layout \begin_layout Code - Prompt for development and/or incomplete code/drivers : yes \end_layout \begin_layout Code - Networking options \end_layout \begin_layout Code - Network packet filtering: yes \end_layout \begin_layout Code - The IPv6 protocol: module \end_layout \begin_layout Code - IPv6: Netfilter Configuration \end_layout \begin_layout Code - IP6 tables support: module \end_layout \begin_layout Code - All new options like following: \end_layout \begin_layout Code - limit match support: module \end_layout \begin_layout Code - MAC address match support: module \end_layout \begin_layout Code - Multiple port match support: module \end_layout \begin_layout Code - Owner match support: module \end_layout \begin_layout Code - netfilter MARK match support: module \end_layout \begin_layout Code - Aggregated address check: module \end_layout \begin_layout Code - Packet filtering: module \end_layout \begin_layout Code - REJECT target support: module \end_layout \begin_layout Code - LOG target support: module \end_layout \begin_layout Code - Packet mangling: module \end_layout \begin_layout Code - MARK target support: module \end_layout @@ -10848,7 +10294,6 @@ Rename older directory \end_layout \begin_layout Code - # mv /usr/src/linux /usr/src/linux.old \end_layout @@ -10857,7 +10302,6 @@ Create a new softlink \end_layout \begin_layout Code - # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux \end_layout @@ -10866,7 +10310,6 @@ Rebuild SRPMS \end_layout \begin_layout Code - # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm \end_layout @@ -10880,7 +10323,6 @@ On RH 7.1 systems, normally, already an older version is installed, therefore \end_layout \begin_layout Code - # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10889,7 +10331,6 @@ If not already installed, use "install" \end_layout \begin_layout Code - # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10900,7 +10341,6 @@ ts don't fit. \end_layout \begin_layout Code - # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm \end_layout @@ -10910,7 +10350,6 @@ Perhaps it's necessary to create a softlink for iptables libraries where \end_layout \begin_layout Code - # ln -s /lib/iptables/ /usr/lib/iptables \end_layout @@ -10927,7 +10366,6 @@ Load module, if so compiled \end_layout \begin_layout Code - # modprobe ip6_tables \end_layout @@ -10936,12 +10374,10 @@ Check for capability \end_layout \begin_layout Code - # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support \end_layout \begin_layout Code - ¬ 'ip6tables' firewalling (IPv6)!" \end_layout @@ -10958,7 +10394,6 @@ Short \end_layout \begin_layout Code - # ip6tables -L \end_layout @@ -10967,7 +10402,6 @@ Extended \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L \end_layout @@ -10976,7 +10410,6 @@ List specified filter \end_layout \begin_layout Code - # ip6tables -n -v --line-numbers -L INPUT \end_layout @@ -10985,12 +10418,10 @@ Insert a log rule at the input filter with options \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" \end_layout \begin_layout Code - ¬ --log-level 7 \end_layout @@ -10999,7 +10430,6 @@ Insert a drop rule at the input filter \end_layout \begin_layout Code - # ip6tables --table filter --append INPUT -j DROP \end_layout @@ -11008,7 +10438,6 @@ Delete a rule by number \end_layout \begin_layout Code - # ip6tables --table filter --delete INPUT 1 \end_layout @@ -11022,7 +10451,6 @@ Since kernel version 2.6.20 IPv6 connection tracking is well supported and \end_layout \begin_layout Code - # ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout @@ -11040,7 +10468,6 @@ Accept incoming ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11049,7 +10476,6 @@ Allow outgoing ICMPv6 through tunnels \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT \end_layout @@ -11058,7 +10484,6 @@ Newer kernels allow specifying of ICMPv6 types: \end_layout \begin_layout Code - # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT \end_layout @@ -11076,12 +10501,10 @@ Because it can happen (author already saw it to times) that an ICMPv6 storm \end_layout \begin_layout Code - # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request \end_layout \begin_layout Code - ¬ -j ACCEPT --match limit --limit 30/minute \end_layout @@ -11099,12 +10522,10 @@ Allow incoming SSH from 2001:0db8:100::1/128 \end_layout \begin_layout Code - # ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535 \end_layout \begin_layout Code - ¬ --dport 22 -j ACCEPT \end_layout @@ -11117,12 +10538,10 @@ no longer needed if connection tracking is used! \end_layout \begin_layout Code - # ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535 \end_layout \begin_layout Code - ¬ --sport 22 ! --syn -j ACCEPT \end_layout @@ -11144,7 +10563,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11153,7 +10571,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT \end_layout @@ -11167,7 +10584,6 @@ Accept incoming IPv6-in-IPv4 on interface ppp0 from tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code - # iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT \end_layout @@ -11176,7 +10592,6 @@ Allow outgoing IPv6-in-IPv4 to interface ppp0 to tunnel endpoint 192.0.2.2 \end_layout \begin_layout Code - # iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT \end_layout @@ -11199,7 +10614,6 @@ Block incoming TCP connection requests to this host \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP \end_layout @@ -11208,7 +10622,6 @@ Block incoming TCP connection requests to hosts behind this router \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP \end_layout @@ -11241,7 +10654,6 @@ Block incoming UDP packets which cannot be responses of outgoing requests \end_layout \begin_layout Code - # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11251,7 +10663,6 @@ Block incoming UDP packets which cannot be responses of forwarded requests \end_layout \begin_layout Code - # ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP \end_layout @@ -11279,7 +10690,6 @@ tracking \end_layout \begin_layout Code - File: /etc/sysconfig/ip6tables \end_layout @@ -11288,87 +10698,70 @@ File: /etc/sysconfig/ip6tables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11377,7 +10770,6 @@ For completeness also the IPv4 configuration is shown here: \end_layout \begin_layout Code - File: /etc/sysconfig/iptables \end_layout @@ -11386,88 +10778,71 @@ File: /etc/sysconfig/iptables \end_layout \begin_layout Code - *filter :INPUT ACCEPT [0:0] \end_layout \begin_layout Code - :FORWARD ACCEPT [0:0] \end_layout \begin_layout Code - :OUTPUT ACCEPT [0:0] \end_layout \begin_layout Code - :RH-Firewall-1-INPUT - [0:0] \end_layout \begin_layout Code - -A INPUT -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A FORWARD -j RH-Firewall-1-INPUT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -i lo -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 50 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p 51 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT \end_layout \begin_layout Code - -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited \end_layout \begin_layout Code - COMMIT \end_layout @@ -11484,12 +10859,10 @@ Activate IPv4 & IPv6 firewalling \end_layout \begin_layout Code - # service iptables start \end_layout \begin_layout Code - # service ip6tables start \end_layout @@ -11498,12 +10871,10 @@ Enable automatic start after reboot \end_layout \begin_layout Code - # chkconfig iptables on \end_layout \begin_layout Code - # chkconfig ip6tables on \end_layout @@ -11522,578 +10893,472 @@ but still stateless filter \end_layout \begin_layout Code - # ip6tables -n -v -L \end_layout \begin_layout Code - Chain INPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - 0 0 extIN all sit+ * ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intIN all eth0 * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all lo * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `INPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain FORWARD (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 int2ext all eth0 sit+ ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ext2int all sit+ eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `FORWARD-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain OUTPUT (policy DROP 0 packets, 0 bytes) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 extOUT all * sit+ ::/0 ::/0 \end_layout \begin_layout Code - 4 384 intOUT all * eth0 ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::1/128 ::1/128 \end_layout \begin_layout Code - 0 0 ACCEPT all * lo ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `OUTPUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain ext2int (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `ext2int-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:512:65535 dpt:22 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1:65535 dpts:1024:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain extOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 \end_layout \begin_layout Code - ¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 ACCEPT udp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ udp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `extOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain int2ext (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT icmpv6 * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 ACCEPT tcp * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ tcp spts:1024:65535 dpts:1:65535 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `int2ext-default:' \end_layout \begin_layout Code - 0 0 DROP tcp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP udp * * ::/0 ::/0 \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intIN (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - \end_layout \begin_layout Code - Chain intOUT (1 references) \end_layout \begin_layout Code - pkts bytes target prot opt in out source destination \end_layout \begin_layout Code - ¬ \end_layout \begin_layout Code - 0 0 ACCEPT all * * ::/0 \end_layout \begin_layout Code - ¬ fe80::/ffc0:: \end_layout \begin_layout Code - 4 384 ACCEPT all * * ::/0 ff02::/16 \end_layout \begin_layout Code - 0 0 LOG all * * ::/0 ::/0 \end_layout \begin_layout Code - ¬ LOG flags 0 level 7 prefix `intOUT-default:' \end_layout \begin_layout Code - 0 0 DROP all * * ::/0 ::/0 \end_layout @@ -12123,7 +11388,6 @@ Like in IPv4 clients behind a router can be hided by using IPv6 masquerading \end_layout \begin_layout Code - # ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE \end_layout @@ -12137,9 +11401,8 @@ A dedicated public IPv6 address can be forwarded to an internal IPv6 address, \end_layout \begin_layout Code - -# ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345/128 -i - sixxs -j DNAT --to-destination fec0::5054:ff:fe01:2345 +# ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs + -j DNAT --to-destination fec0::5054:ff:fe01:2345 \end_layout \begin_layout Subsection @@ -12151,7 +11414,6 @@ A dedicated specified port can be forwarded to an internal system, e.g. \end_layout \begin_layout Code - # ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti nation [fec0::1234]:80 \end_layout @@ -12260,12 +11522,10 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # nc6 ::1 daytime \end_layout \begin_layout Code - 13 JUL 2002 11:22:22 CEST \end_layout @@ -12287,53 +11547,43 @@ target "http://www.insecure.org/nmap/" \end_layout \begin_layout Code - # nmap -6 -sT ::1 \end_layout \begin_layout Code - Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) \end_layout \begin_layout Code - Interesting ports on localhost6 (::1): \end_layout \begin_layout Code - (The 1600 ports scanned but not shown below are in state: closed) \end_layout \begin_layout Code - Port State Service \end_layout \begin_layout Code - 22/tcp open ssh \end_layout \begin_layout Code - 53/tcp open domain \end_layout \begin_layout Code - 515/tcp open printer \end_layout \begin_layout Code - 2401/tcp open cvspserver \end_layout \begin_layout Code - Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds \end_layout @@ -12356,32 +11606,26 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se \end_layout \begin_layout Code - # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . \end_layout \begin_layout Code - ::1 2401 unassigned unknown \end_layout \begin_layout Code - ::1 22 ssh Secure Shell - RSA encrypted rsh \end_layout \begin_layout Code - ::1 515 printer spooler (lpd) \end_layout \begin_layout Code - ::1 6010 unassigned unknown \end_layout \begin_layout Code - ::1 53 domain Domain Name Server \end_layout @@ -12645,27 +11889,22 @@ Example for an end-to-end encrypted connection in transport mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; \end_layout @@ -12678,37 +11917,30 @@ Example for a end-to-end encrypted connection in tunnel mode \end_layout \begin_layout Code - #!/sbin/setkey -f \end_layout \begin_layout Code - flush; \end_layout \begin_layout Code - spdflush; \end_layout \begin_layout Code - spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; \end_layout \begin_layout Code - spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec \end_layout \begin_layout Code - ¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; \end_layout @@ -12770,22 +12002,18 @@ File: /etc/racoon/racoon.conf \end_layout \begin_layout Code - # Racoon IKE daemon configuration file. \end_layout \begin_layout Code - # See 'man racoon.conf' for a description of the format and entries. \end_layout \begin_layout Code - path include "/etc/racoon"; \end_layout \begin_layout Code - path pre_shared_key "/etc/racoon/psk.txt"; \end_layout @@ -12794,22 +12022,18 @@ path pre_shared_key "/etc/racoon/psk.txt"; \end_layout \begin_layout Code - listen \end_layout \begin_layout Code - { \end_layout \begin_layout Code - isakmp 2001:db8:1:1::1; \end_layout \begin_layout Code - } \end_layout @@ -12818,62 +12042,50 @@ listen \end_layout \begin_layout Code - remote 2001:db8:2:2::2 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exchange_mode main; \end_layout \begin_layout Code - lifetime time 24 hour; \end_layout \begin_layout Code - proposal \end_layout \begin_layout Code - { \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - hash_algorithm md5; \end_layout \begin_layout Code - authentication_method pre_shared_key; \end_layout \begin_layout Code - dh_group 2; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -12882,42 +12094,34 @@ remote 2001:db8:2:2::2 \end_layout \begin_layout Code - # gateway-to-gateway \end_layout \begin_layout Code - sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -12926,37 +12130,30 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any \end_layout \begin_layout Code - sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any \end_layout \begin_layout Code - { \end_layout \begin_layout Code - lifetime time 1 hour; \end_layout \begin_layout Code - encryption_algorithm 3des; \end_layout \begin_layout Code - authentication_algorithm hmac_md5; \end_layout \begin_layout Code - compression_algorithm deflate; \end_layout \begin_layout Code - } \end_layout @@ -12969,12 +12166,10 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - # file for pre-shared keys used for IKE authentication \end_layout \begin_layout Code - # format is: 'identifier' 'key' \end_layout @@ -12983,7 +12178,6 @@ File: /etc/racoon/psk.txt \end_layout \begin_layout Code - 2001:db8:2:2::2 verysecret \end_layout @@ -13007,104 +12201,84 @@ At least the daemon needs to be started. \end_layout \begin_layout Code - # racoon -F -v -f /etc/racoon/racoon.conf \end_layout \begin_layout Code - Foreground mode. \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 \end_layout \begin_layout Code - ¬ (http://ipsec-tools.sourceforge.net) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: @(#)This product linked \end_layout \begin_layout Code - ¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) \end_layout \begin_layout Code - 2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 \end_layout \begin_layout Code - ¬ queued due to no phase1 found. \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] \end_layout \begin_layout Code - 2005-01-01 20:31:06: INFO: begin Identity Protection mode. \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: ISAKMP-SA established \end_layout \begin_layout Code - ¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 1 \end_layout \begin_layout Code - 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: \end_layout \begin_layout Code - ¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) \end_layout \begin_layout Code - 2005-01-01 20:31:10: INFO: IPsec-SA established: \end_layout \begin_layout Code - ¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) \end_layout @@ -13122,12 +12296,10 @@ tcpdump \end_layout \begin_layout Code - 20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) \end_layout \begin_layout Code - 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) \end_layout @@ -13148,117 +12320,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd \end_layout \begin_layout Code - A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 540(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=22358 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) \end_layout \begin_layout Code - E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce \end_layout \begin_layout Code - A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e \end_layout \begin_layout Code - seq=0x00000000 replay=4 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 \end_layout \begin_layout Code - diff: 577(s) hard: 3600(s) soft: 2880(s) \end_layout \begin_layout Code - last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 312(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 3 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=22358 refcnt=0 \end_layout @@ -13351,22 +12500,18 @@ File: /etc/ipsec.conf \end_layout \begin_layout Code - # /etc/ipsec.conf - Openswan IPsec configuration file \end_layout \begin_layout Code - # \end_layout \begin_layout Code - # Manual: ipsec.conf.5 \end_layout \begin_layout Code - version 2.0 # conforms to second version of ipsec.conf specification \end_layout @@ -13375,27 +12520,22 @@ version 2.0 # conforms to second version of ipsec.conf specification \end_layout \begin_layout Code - # basic configuration \end_layout \begin_layout Code - config setup \end_layout \begin_layout Code - # Debug-logging controls: "none" for (almost) none, "all" for lots. \end_layout \begin_layout Code - # klipsdebug=none \end_layout \begin_layout Code - # plutodebug="control parsing" \end_layout @@ -13404,12 +12544,10 @@ config setup \end_layout \begin_layout Code - #Disable Opportunistic Encryption \end_layout \begin_layout Code - include /etc/ipsec.d/examples/no_oe.conf \end_layout @@ -13418,68 +12556,55 @@ include /etc/ipsec.d/examples/no_oe.conf \end_layout \begin_layout Code - conn ipv6-p1-p2 \end_layout \begin_layout Code - connaddrfamily=ipv6 # Important for IPv6, but no longer needed since StrongSwan 4 \end_layout \begin_layout Code - left=2001:db8:1:1::1 \end_layout \begin_layout Code - right=2001:db8:2:2::2 \end_layout \begin_layout Code - authby=secret \end_layout \begin_layout Code - esp=aes128-sha1 \end_layout \begin_layout Code - ike=aes128-sha-modp1024 \end_layout \begin_layout Code - type=transport \end_layout \begin_layout Code - #type=tunnel \end_layout \begin_layout Code - compress=no \end_layout \begin_layout Code - #compress=yes \end_layout \begin_layout Code - auto=add \end_layout \begin_layout Code - #auto=up \end_layout @@ -13496,7 +12621,6 @@ File: /etc/ipsec.secrets \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" \end_layout @@ -13518,7 +12642,6 @@ If installation of Openswan was successfully, an initscript should exist \end_layout \begin_layout Code - # /etc/rc.d/init.d/ipsec start \end_layout @@ -13536,42 +12659,34 @@ IPsec SA established \end_layout \begin_layout Code - # ipsec auto --up ipv6-peer1-peer2 \end_layout \begin_layout Code - 104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate \end_layout \begin_layout Code - 106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 \end_layout \begin_layout Code - 108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established \end_layout \begin_layout Code - 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate \end_layout \begin_layout Code - 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, \end_layout \begin_layout Code - ¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} \end_layout @@ -13589,117 +12704,94 @@ setkey \end_layout \begin_layout Code - # setkey -D \end_layout \begin_layout Code - 2001:db8:1:1::1 2001:db8:2:2::2 \end_layout \begin_layout Code - esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 \end_layout \begin_layout Code - A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 348(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=1 pid=23825 refcnt=0 \end_layout \begin_layout Code - 2001:db8:2:2::2 2001:db8:1:1::1 \end_layout \begin_layout Code - esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) \end_layout \begin_layout Code - E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 \end_layout \begin_layout Code - A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b \end_layout \begin_layout Code - seq=0x00000000 replay=64 flags=0x00000000 state=mature \end_layout \begin_layout Code - created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 \end_layout \begin_layout Code - diff: 349(s) hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - last: hard: 0(s) soft: 0(s) \end_layout \begin_layout Code - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) \end_layout \begin_layout Code - allocated: 0 hard: 0 soft: 0 \end_layout \begin_layout Code - sadb_seq=0 pid=23825 refcnt=0 \end_layout @@ -13721,12 +12813,10 @@ ip \end_layout \begin_layout Code - # ip xfrm policy \end_layout \begin_layout Code - ... \end_layout @@ -13735,12 +12825,10 @@ ip \end_layout \begin_layout Code - # ip xfrm state \end_layout \begin_layout Code - ... \end_layout @@ -13787,39 +12875,32 @@ Proper working QoS is only possible on the outgoing interface of a router \end_layout \begin_layout Code - -------------->------- \end_layout \begin_layout Code - Queue 1 \backslash \end_layout \begin_layout Code - --->--- ---->--------->--------->--------------- \end_layout \begin_layout Code - Big pipe Queue 2 Queue 1 / Queue 2 / Queue 3 Thin Pipe \end_layout \begin_layout Code - --->---- ---->--------->--------->--------------- \end_layout \begin_layout Code - Queue 3 / \end_layout \begin_layout Code - -------------->------- \end_layout @@ -13888,7 +12969,6 @@ Define root qdisc with a bandwidth of 1000 MBit/s on eth1 \end_layout \begin_layout Code - # tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit \end_layout @@ -13901,7 +12981,6 @@ Define a class 1:1 with 1 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 bounded \end_layout @@ -13911,7 +12990,6 @@ Define a class 1:2 with 50 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 bounded \end_layout @@ -13921,7 +12999,6 @@ Define a class 1:3 with 10 MBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 bounded \end_layout @@ -13931,7 +13008,6 @@ Define a class 1:4 with 200 kBit/s \end_layout \begin_layout Code - # tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 bounded \end_layout @@ -13957,7 +13033,6 @@ match ip dport 5001 0xffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol 6 0xff match ip dport 5001 0xffff flowid 1:1 \end_layout @@ -13975,7 +13050,6 @@ match ip6 protocol 6 0xff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 5001 0xffff flowid 1:2 \end_layout @@ -13989,7 +13063,6 @@ match ip6 flowlabel 12345 0x3ffff \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel 12345 0x3ffff flowid 1:3 \end_layout @@ -14003,7 +13076,6 @@ handle 32 fw \end_layout \begin_layout Code - # tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 \end_layout @@ -14013,7 +13085,6 @@ The last filter definition requires an entry in the ip6tables to mark a \end_layout \begin_layout Code - # ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark 32 \end_layout @@ -14027,17 +13098,14 @@ Start on server side each one one separate console: \end_layout \begin_layout Code - # iperf -V -s -p 5001 \end_layout \begin_layout Code - # iperf -V -s -p 5002 \end_layout \begin_layout Code - # iperf -V -s -p 5003 \end_layout @@ -14046,35 +13114,29 @@ Start on client side and compare results: \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5001 (expected: 1 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5001 (expected: 50 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv4 -p 5003 (expected: >> 50 MBit/s && <= 1000 MBit/s) \end_layout \begin_layout Code - # iperf -V -c SERVER-IPv6 -p 5003 (expected: 200 kBit/s) \end_layout @@ -14150,22 +13212,18 @@ To enable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { any; }; \end_layout \begin_layout Code - }; \end_layout @@ -14174,59 +13232,48 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "named \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 :::53 :::* LISTEN 1234/named \end_layout \begin_layout Code - ¬ # incoming TCP requests \end_layout \begin_layout Code - udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 1.2.3.4 \end_layout \begin_layout Code - udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP requests to IPv4 localhost \end_layout \begin_layout Code - udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named \end_layout \begin_layout Code - ¬ # dynamic chosen port for outgoing queries \end_layout \begin_layout Code - udp 0 0 :::53 :::* 1234/named \end_layout \begin_layout Code - ¬ # incoming UDP request to any IPv6 \end_layout @@ -14235,7 +13282,6 @@ And a simple test looks like \end_layout \begin_layout Code - # dig localhost @::1 \end_layout @@ -14252,22 +13298,18 @@ To disable IPv6 for listening, following options are requested to change \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - }; \end_layout @@ -14281,67 +13323,54 @@ IPv6 enabled ACLs are possible and should be used whenever it's possible. \end_layout \begin_layout Code - acl internal-net { \end_layout \begin_layout Code - 127.0.0.1; \end_layout \begin_layout Code - 1.2.3.0/24; \end_layout \begin_layout Code - 2001:0db8:100::/56; \end_layout \begin_layout Code - ::1/128; \end_layout \begin_layout Code - ::ffff:1.2.3.4/128; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - acl ns-internal-net { \end_layout \begin_layout Code - 1.2.3.4; \end_layout \begin_layout Code - 1.2.3.5; \end_layout \begin_layout Code - 2001:0db8:100::4/128; \end_layout \begin_layout Code - 2001:0db8:100::5/128; \end_layout \begin_layout Code - }; \end_layout @@ -14353,32 +13382,26 @@ This ACLs can be used e.g. \end_layout \begin_layout Code - options { \end_layout \begin_layout Code - # sure other options here, too \end_layout \begin_layout Code - listen-on-v6 { none; }; \end_layout \begin_layout Code - allow-query { internal-net; }; \end_layout \begin_layout Code - allow-transfer { ns-internal-net; }; \end_layout \begin_layout Code - }; \end_layout @@ -14403,7 +13426,6 @@ This option is not required, but perhaps needed: \end_layout \begin_layout Code - query-source-v6 address port ; \end_layout @@ -14424,7 +13446,6 @@ Transfer source address is used for outgoing zone transfers: \end_layout \begin_layout Code - transfer-source-v6 [port port]; \end_layout @@ -14437,7 +13458,6 @@ Notify source address is used for outgoing notify messages: \end_layout \begin_layout Code - notify-source-v6 [port port]; \end_layout @@ -14590,27 +13610,22 @@ Specifying a dedicated server for the query, an IPv6 connect can be forced: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -14619,7 +13634,6 @@ Aliases: \end_layout \begin_layout Code - Host www.6bone.net. not found: 5(REFUSED) \end_layout @@ -14629,17 +13643,14 @@ Related log entry looks like following: \end_layout \begin_layout Code - Jan 3 12:43:32 gate named[12347]: client \end_layout \begin_layout Code - ¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770: \end_layout \begin_layout Code - query denied \end_layout @@ -14657,27 +13668,22 @@ A successful IPv6 connect looks like following: \end_layout \begin_layout Code - $ host -t aaaa www.6bone.net 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Using domain server: \end_layout \begin_layout Code - Name: 2001:0db8:200:f101::1 \end_layout \begin_layout Code - Address: 2001:0db8:200:f101::1#53 \end_layout \begin_layout Code - Aliases: \end_layout @@ -14686,14 +13692,12 @@ Aliases: \end_layout \begin_layout Code - www.6bone.net. is an alias for 6bone.net. \end_layout \begin_layout Code - 6bone.net. has AAAA address 3ffe:b00:c18:1::10 \end_layout @@ -14737,52 +13741,42 @@ If you enable a built-in service like e.g. \end_layout \begin_layout Code - # diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime \end_layout \begin_layout Code - --- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 \end_layout \begin_layout Code - +++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 \end_layout \begin_layout Code - @@ -10,5 +10,5 @@ \end_layout \begin_layout Code - protocol = tcp \end_layout \begin_layout Code - user = root \end_layout \begin_layout Code - wait = no \end_layout \begin_layout Code - - disable = yes \end_layout \begin_layout Code - + disable = no \end_layout \begin_layout Code - } \end_layout @@ -14791,27 +13785,22 @@ After restarting the xinetd you should get a positive result like: \end_layout \begin_layout Code - # netstat -lnptu -A inet6 |grep "xinetd*" \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6 \end_layout \begin_layout Code - tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service \end_layout \begin_layout Code - ¬ daytime/tcp \end_layout \begin_layout Code - tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6 \end_layout @@ -14866,27 +13855,22 @@ Virtual host listen on an IPv6 address only \end_layout \begin_layout Code - Listen [2001:0db8:100::1]:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6only.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -14895,32 +13879,26 @@ Virtual host listen on an IPv6 and on an IPv4 address \end_layout \begin_layout Code - Listen [2001:0db8:100::2]:80 \end_layout \begin_layout Code - Listen 1.2.3.4:80 \end_layout \begin_layout Code - \end_layout \begin_layout Code - ServerName ipv6andipv4.yourdomain.yourtopleveldomain \end_layout \begin_layout Code - # ...sure more config lines \end_layout \begin_layout Code - \end_layout @@ -14929,24 +13907,20 @@ This should result after restart in e.g. \end_layout \begin_layout Code - # netstat -lnptu |grep "httpd2 \backslash W*$" \end_layout \begin_layout Code - tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2 \end_layout \begin_layout Code - tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2 \end_layout @@ -15046,52 +14020,42 @@ Radvd's config file is normally /etc/radvd.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 2001:0db8:0100:f101::/64 { \end_layout \begin_layout Code - AdvOnLink on; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -15100,28 +14064,23 @@ This results on client side in \end_layout \begin_layout Code - # ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 2591992sec preferred_lft 604792sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -15144,67 +14103,54 @@ Version since 0.6.2pl3 support the automatic (re)-generation of the prefix \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - AdvSendAdvert on; \end_layout \begin_layout Code - MinRtrAdvInterval 3; \end_layout \begin_layout Code - MaxRtrAdvInterval 10; \end_layout \begin_layout Code - prefix 0:0:0:f101::/64 { \end_layout \begin_layout Code - AdvOnLink off; \end_layout \begin_layout Code - AdvAutonomous on; \end_layout \begin_layout Code - AdvRouterAddr on; \end_layout \begin_layout Code - Base6to4Interface ppp0; \end_layout \begin_layout Code - AdvPreferredLifetime 20; \end_layout \begin_layout Code - AdvValidLifetime 30; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -15214,28 +14160,23 @@ This results on client side in (assuming, ppp0 has currently 1.2.3.4 as local \end_layout \begin_layout Code - # /sbin/ip -6 addr show eth0 \end_layout \begin_layout Code - 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 \end_layout \begin_layout Code - inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic \end_layout \begin_layout Code - valid_lft 22sec preferred_lft 12sec \end_layout \begin_layout Code - inet6 fe80::2e0:12ff:fe34:1234/10 scope link \end_layout @@ -15252,7 +14193,6 @@ Additional note: if you do not used special 6to4 support in initscripts, \end_layout \begin_layout Code - # /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1 \end_layout @@ -15279,107 +14219,86 @@ radvdump \end_layout \begin_layout Code - # radvdump \end_layout \begin_layout Code - Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255) \end_layout \begin_layout Code - AdvCurHopLimit: 64 \end_layout \begin_layout Code - AdvManagedFlag: off \end_layout \begin_layout Code - AdvOtherConfigFlag: off \end_layout \begin_layout Code - AdvHomeAgentFlag: off \end_layout \begin_layout Code - AdvReachableTime: 0 \end_layout \begin_layout Code - AdvRetransTimer: 0 \end_layout \begin_layout Code - Prefix 2002:0102:0304:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 30 \end_layout \begin_layout Code - AdvPreferredLifetime: 20 \end_layout \begin_layout Code - AdvOnLink: off \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - Prefix 2001:0db8:100:f101::/64 \end_layout \begin_layout Code - AdvValidLifetime: 2592000 \end_layout \begin_layout Code - AdvPreferredLifetime: 604800 \end_layout \begin_layout Code - AdvOnLink: on \end_layout \begin_layout Code - AdvAutonomous: on \end_layout \begin_layout Code - AdvRouterAddr: on \end_layout \begin_layout Code - AdvSourceLLAddress: 00 80 12 34 56 78 \end_layout @@ -15431,67 +14350,54 @@ dhcp6s's config file is normally /etc/dhcp6s.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - server-preference 255; \end_layout \begin_layout Code - renew-time 60; \end_layout \begin_layout Code - rebind-time 90; \end_layout \begin_layout Code - prefer-life-time 130; \end_layout \begin_layout Code - valid-life-time 200; \end_layout \begin_layout Code - allow rapid-commit; \end_layout \begin_layout Code - option dns_servers 2001:db8:0:f101::1 sub.domain.example; \end_layout \begin_layout Code - link AAA { \end_layout \begin_layout Code - range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64; \end_layout \begin_layout Code - prefix 2001:db8:0:f101::/64; \end_layout \begin_layout Code - }; \end_layout \begin_layout Code - }; \end_layout @@ -15509,22 +14415,18 @@ dhcp6c's config file is normally /etc/dhcp6c.conf. \end_layout \begin_layout Code - interface eth0 { \end_layout \begin_layout Code - send rapid-commit; \end_layout \begin_layout Code - request domain-name-servers; \end_layout \begin_layout Code - }; \end_layout @@ -15541,7 +14443,6 @@ Start server, e.g. \end_layout \begin_layout Code - # service dhcp6s start \end_layout @@ -15554,7 +14455,6 @@ Start client in foreground, e.g. \end_layout \begin_layout Code - # dhcp6c -f eth0 \end_layout @@ -15572,7 +14472,6 @@ The server has one foreground and two debug toggles (both should be used \end_layout \begin_layout Code - # dhcp6s -d -D -f eth0 \end_layout @@ -15586,7 +14485,6 @@ As general debugging for test whether the IPv6 DHCP server is reable on \end_layout \begin_layout Code - # ping6 -I eth0 ff02::1:2 \end_layout @@ -15595,63 +14493,51 @@ The client has one foreground and two debug toggles, here is an example: \end_layout \begin_layout Code - # dhcp6c -d -f eth0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 doesn't support sit0 address family 0 \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code for this address is: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 status code: success \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error \end_layout \begin_layout Code - Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not \end_layout \begin_layout Code - ¬ in any RAs prefix length using 64 bit instead \end_layout \begin_layout Code - Oct/03/2005 17:18:17 renew time 60, rebind time 9 \end_layout @@ -15702,88 +14588,71 @@ Create a dedicated configuration file /etc/dhcp/dhcpd6.conf for the IPv6 \end_layout \begin_layout Code - default-lease-time 600; \end_layout \begin_layout Code - max-lease-time 7200; \end_layout \begin_layout Code - log-facility local7; \end_layout \begin_layout Code - subnet6 2001:db8:0:1::/64 { \end_layout \begin_layout Code - # Range for clients \end_layout \begin_layout Code - range6 2001:db8:0:1::129 2001:db8:0:1::254; \end_layout \begin_layout Code - # Additional options \end_layout \begin_layout Code - option dhcp6.name-servers fec0:0:0:1::1; \end_layout \begin_layout Code - option dhcp6.domain-search "domain.example"; \end_layout \begin_layout Code - # Prefix range for delegation to sub-routers \end_layout \begin_layout Code - prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; \end_layout \begin_layout Code - # Example for a fixed host address \end_layout \begin_layout Code - host specialclient { \end_layout \begin_layout Code - host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01: 23:45; \end_layout \begin_layout Code - fixed-address6 2001:db8:0:1::127; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } \end_layout @@ -15819,7 +14688,6 @@ dhcp6c \end_layout \begin_layout Code - # hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" " \backslash n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01 @@ -15839,56 +14707,46 @@ Start server in foreground: \end_layout \begin_layout Code - # /usr/sbin/dhcpd -6 -f -cf /etc/dhcp/dhcpd.conf eth1 \end_layout \begin_layout Code - Internet Systems Consortium DHCP Server 4.1.0 \end_layout \begin_layout Code - Copyright 2004-2008 Internet Systems Consortium. \end_layout \begin_layout Code - All rights reserved. \end_layout \begin_layout Code - For info, please visit http://www.isc.org/sw/dhcp/ \end_layout \begin_layout Code - Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file \end_layout \begin_layout Code - Wrote 0 leases to leases file. \end_layout \begin_layout Code - Bound to *:547 \end_layout \begin_layout Code - Listening on Socket/5/eth1/2001:db8:0:1::/64 \end_layout \begin_layout Code - Sending on Socket/5/eth1/2001:db8:0:1::/64 \end_layout @@ -15921,68 +14779,55 @@ Create a dedicated configuration file /etc/dibbler/server.conf . \end_layout \begin_layout Code - log-level 8 \end_layout \begin_layout Code - log-mode short \end_layout \begin_layout Code - preference 0 \end_layout \begin_layout Code - iface "eth1" { \end_layout \begin_layout Code - // also ranges can be defines, instead of exact values t1 1800-2000 t2 2700-3000 \end_layout \begin_layout Code - prefered-lifetime 3600 \end_layout \begin_layout Code - valid-lifetime 7200 \end_layout \begin_layout Code - class { \end_layout \begin_layout Code - pool 2001:6f8:12d8:1::/64 \end_layout \begin_layout Code - } \end_layout \begin_layout Code - option dns-server fec0:0:0:1::1 \end_layout \begin_layout Code - option domain domain.example \end_layout \begin_layout Code - } \end_layout @@ -15999,148 +14844,124 @@ Start server in foreground: \end_layout \begin_layout Code - # dibbler-server run \end_layout \begin_layout Code - | Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port) \end_layout \begin_layout Code - | Authors : Tomasz Mrugalski,Marek Senderski \end_layout \begin_layout Code - | Licence : GNU GPL v2 only. Developed at Gdansk University of Technology. \end_layout \begin_layout Code - | Homepage: http://klub.com.pl/dhcpv6/ \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s erver.pid \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Skipping database loading. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started, expecting 0 entries. \end_layout \begin_layout Code - 2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config file... \end_layout \begin_layout Code - 18:48 Server Debug Setting 0 generic option(s). \end_layout \begin_layout Code - 18:48 Server Debug 0 per-client configurations (exceptions) added. \end_layout \begin_layout Code - 18:48 Server Debug Parsing /etc/dibbler/server.conf done. \end_layout \begin_layout Code - 18:48 Server Info 0 client class(es) defined. \end_layout \begin_layout Code - 18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf \end_layout \begin_layout Code - 18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny entries in total. \end_layout \begin_layout Code - 18:48 Server Info Interface eth1/2 configuration has been loaded. \end_layout \begin_layout Code - 18:48 Server Notice Running in stateful mode. \end_layout \begin_layout Code - 18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab. \end_layout \begin_layout Code - 18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2) interface. \end_layout \begin_layout Code - 18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size is 87 bytes, so maximum 12052 address-client pair(s) may be cached. \end_layout \begin_layout Code - 18:48 Server Notice Accepting connections. Next event in 4294967295 second(s). \end_layout @@ -16202,7 +15023,6 @@ tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny \end_layout \begin_layout Code - $ man hosts.allow \end_layout @@ -16216,13 +15036,11 @@ In this file, each service which should be positive filtered (means connects \end_layout \begin_layout Code - sshd: 1.2.3. [2001:0db8:100:200::]/64 \end_layout \begin_layout Code - daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 \end_layout @@ -16243,7 +15061,6 @@ This file contains all negative filter entries and should normally deny \end_layout \begin_layout Code - ALL: ALL \end_layout @@ -16255,12 +15072,10 @@ If this node is a more sensible one you can replace the standard line above \end_layout \begin_layout Code - ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`" \end_layout \begin_layout Code - | tee -a /var/log/tcp.deny.log | mail root@localhost) \end_layout @@ -16283,22 +15098,18 @@ A refused connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -16308,27 +15119,22 @@ A refused connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ (::ffff:1.2.3.4) \end_layout \begin_layout Code - Jan 2 20:39:33 gate sshd[12345]: refused connect \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 \end_layout \begin_layout Code - ¬ (2001:0db8:100:200::212:34ff:fe12:3456) \end_layout @@ -16342,22 +15148,18 @@ A permitted connection via IPv4 to an xinetd covered daytime service produces \end_layout \begin_layout Code - Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - ¬ from=::ffff:1.2.3.4 \end_layout \begin_layout Code - Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0 \end_layout \begin_layout Code - from=2001:0db8:100:200::212:34ff:fe12:3456 \end_layout @@ -16367,22 +15169,18 @@ A permitted connection via IPv4 to an dual-listen sshd produces a line like \end_layout \begin_layout Code - Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4 \end_layout \begin_layout Code - ¬ port 33381 ssh2 \end_layout \begin_layout Code - Jan 2 20:42:19 gate sshd[12345]: Accepted password for user \end_layout \begin_layout Code - from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2 \end_layout @@ -16406,7 +15204,6 @@ Edit the configuration file, ususally /etc/vsftpd/vsftpd.conf, and adjust \end_layout \begin_layout Code - listen_ipv6=yes \end_layout @@ -16434,27 +15231,22 @@ Edit the configuration file, ususally /etc/proftpd.conf, but take care, not \end_layout \begin_layout Code - \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - Bind 2001:0DB8::1 \end_layout \begin_layout Code - ... \end_layout \begin_layout Code - \end_layout @@ -16654,37 +15446,30 @@ struct sockaddr_in \end_layout \begin_layout Code - struct sockaddr_in \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin_family; \end_layout \begin_layout Code - in_port_t sin_port; \end_layout \begin_layout Code - struct in_addr sin_addr; \end_layout \begin_layout Code - /* Plus some padding for alignment */ \end_layout \begin_layout Code - }; \end_layout @@ -16736,42 +15521,34 @@ struct sockaddr_in6 \end_layout \begin_layout Code - struct sockaddr_in6 \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sa_family_t sin6_family; \end_layout \begin_layout Code - in_port_t sin6_port; \end_layout \begin_layout Code - uint32_t sin6_flowinfo; \end_layout \begin_layout Code - struct in6_addr sin6_addr; \end_layout \begin_layout Code - uint32_t sin6_scope_id; \end_layout \begin_layout Code - }; \end_layout @@ -16885,7 +15662,6 @@ fe80::1%eth1 \end_layout \begin_layout Code - Host A (fe80::1) ---- eth0 ---- Host B ---- eth1 ---- Host C (fe80::1) \end_layout @@ -16994,32 +15770,26 @@ recvfrom(2) \end_layout \begin_layout Code - ssize_t recvfrom( int s, \end_layout \begin_layout Code - void *buf, \end_layout \begin_layout Code - size_t len, \end_layout \begin_layout Code - int flags, \end_layout \begin_layout Code - struct sockaddr *from, \end_layout \begin_layout Code - socklen_t *fromlen ); \end_layout @@ -17045,104 +15815,84 @@ struct sockaddr_storage \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read a message from a remote peer, and return a buffer pointer to \end_layout \begin_layout Code - ** the caller. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** 's' is the file descriptor for the socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char *rcvMsg( int s ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - static char bfr[ 1025 ]; /* Where the msg is stored. */ \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct sockaddr_storage ss; /* Where the peer adr goes. */ \end_layout \begin_layout Code - socklen_t sslen; \end_layout \begin_layout Code - sslen = sizeof( ss ); \end_layout \begin_layout Code - count = recvfrom( s, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ) - 1, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - (struct sockaddr*) &ss, \end_layout \begin_layout Code - &sslen ); \end_layout \begin_layout Code - bfr[ count ] = ' \backslash 0'; /* Null-terminates the message. @@ -17150,12 +15900,10 @@ char *rcvMsg( int s ) \end_layout \begin_layout Code - return bfr; \end_layout \begin_layout Code - } /* End rcvMsg() */ \end_layout @@ -17222,22 +15970,18 @@ getaddrinfo(3) \end_layout \begin_layout Code - int getaddrinfo( const char *node, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - const struct addrinfo *hints, \end_layout \begin_layout Code - struct addrinfo **res ); \end_layout @@ -17296,57 +16040,46 @@ struct addrinfo \end_layout \begin_layout Code - struct addrinfo \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int ai_flags; \end_layout \begin_layout Code - int ai_family; \end_layout \begin_layout Code - int ai_socktype; \end_layout \begin_layout Code - int ai_protocol; \end_layout \begin_layout Code - socklen_t ai_addrlen; \end_layout \begin_layout Code - struct sockaddr *ai_addr; \end_layout \begin_layout Code - char *ai_canonname; \end_layout \begin_layout Code - struct addrinfo *ai_next; \end_layout \begin_layout Code - }; \end_layout @@ -17755,37 +16488,30 @@ struct sockaddr \end_layout \begin_layout Code - int getnameinfo( const struct sockaddr *sa, \end_layout \begin_layout Code - socklen_t salen, \end_layout \begin_layout Code - char *host, \end_layout \begin_layout Code - size_t hostlen, \end_layout \begin_layout Code - char *serv, \end_layout \begin_layout Code - size_t servlen, \end_layout \begin_layout Code - int flags ); \end_layout @@ -17884,7 +16610,6 @@ For security reasons that this author won't pretend to understand, "IPv4 \end_layout \begin_layout Code - ::ffff:192.0.2.1 \end_layout @@ -17955,22 +16680,18 @@ It is possible to assign a hostname to an IPv6 network address in \end_layout \begin_layout Code - ::1 localhost \end_layout \begin_layout Code - 127.0.0.1 localhost \end_layout \begin_layout Code - fe80::2c0:8cff:fe01:2345 pt141 \end_layout \begin_layout Code - 192.0.2.1 pt141 \end_layout @@ -18075,7 +16796,6 @@ The server code is found in file tod6d.c (time-of-day IPv6 daemon). \end_layout \begin_layout Code - tod6d [-v] [service] \end_layout @@ -18102,314 +16822,257 @@ The server handles both TCP and UDP requests on the network. \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6d.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' server. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer, \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration & error codes. */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) et al. */ \end_layout \begin_layout Code - #include /* sockaddr_in & sockaddr_in6 definition. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation & memory functions. */ \end_layout \begin_layout Code - #include /* poll(2) and related definitions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), bind(2), etc). */ \end_layout \begin_layout Code - #include /* time(2) & ctime(3). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file descriptor. */ \end_layout \begin_layout Code - #define MAXCONNQLEN 3 /* Max nbr of connection requests to queue. */ \end_layout \begin_layout Code - #define MAXTCPSCKTS 2 /* One TCP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define MAXUDPSCKTS 2 /* One UDP socket for IPv4 & one for IPv6. */ \end_layout \begin_layout Code - #define VALIDOPTS "v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Simple boolean type definition. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ); \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static char hostBfr[ NI_MAXHOST ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name w/o dir prefix. */ \end_layout \begin_layout Code - static char servBfr[ NI_MAXSERV ]; /* For use w/getnameinfo(3). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode indication. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro for command syntax violations. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "Usage: %s [-v] [service] \backslash n", @@ -18418,44 +17081,37 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash \end_layout \begin_layout Code - exit( 127 ); \backslash \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Macro to terminate the program if a system call error occurs. The system \end_layout \begin_layout Code - ** call must be one of the usual type that returns -1 on error. This macro is \end_layout \begin_layout Code - ** a modified version of a macro authored by Dr. V. Vinge, SDSU Dept. @@ -18463,66 +17119,56 @@ n", \end_layout \begin_layout Code - ** Computer Science (retired)... best professor I ever had. I hear he writes \end_layout \begin_layout Code - ** great science fiction in addition to robust code, too. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define CHK(expr) \backslash \end_layout \begin_layout Code - do \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - if ( (expr) == -1 ) \backslash \end_layout \begin_layout Code - { \backslash \end_layout \begin_layout Code - fprintf( stderr, \backslash \end_layout \begin_layout Code - "%s (line %d): System call ERROR - %s. \backslash n", @@ -18531,35 +17177,30 @@ n", \end_layout \begin_layout Code - pgmName, \backslash \end_layout \begin_layout Code - __LINE__, \backslash \end_layout \begin_layout Code - strerror( errno ) ); \backslash \end_layout \begin_layout Code - exit( 1 ); \backslash \end_layout \begin_layout Code - } /* End IF system call failed. */ \backslash @@ -18567,436 +17208,352 @@ n", \end_layout \begin_layout Code - } while ( false ) \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Set up a time-of-day server and handle network requests. This server \end_layout \begin_layout Code - * handles both TCP and UDP requests. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc and argv parameters to a main() function. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This is a daemon program and never returns. However, in the degenerate \end_layout \begin_layout Code - * case where no sockets are created, the function returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - int tSckt[ MAXTCPSCKTS ]; /* Array of TCP socket descriptors. */ \end_layout \begin_layout Code - size_t tScktSize = MAXTCPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - int uSckt[ MAXUDPSCKTS ]; /* Array of UDP socket descriptors. */ \end_layout \begin_layout Code - size_t uScktSize = MAXUDPSCKTS; /* Size of uSckt (# of elements). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName + 1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) >= 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line arguments. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: break; \end_layout \begin_layout Code - case 1: service = argv[ optind ]; break; \end_layout \begin_layout Code - default: USAGE; \end_layout \begin_layout Code - } /* End SWITCH on number of command line arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open both a TCP and UDP socket, for both IPv4 & IPv6, on which to receive \end_layout \begin_layout Code - ** service requests. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( openSckt( service, "tcp", tSckt, &tScktSize ) < 0 ) || \end_layout \begin_layout Code - ( openSckt( service, "udp", uSckt, &uScktSize ) < 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Run the time-of-day server. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( tScktSize > 0 ) || ( uScktSize > 0 ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - tod( tSckt, /* tod() never returns. */ \end_layout \begin_layout Code - tScktSize, \end_layout \begin_layout Code - uSckt, \end_layout \begin_layout Code - uScktSize ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Since tod() never returns, execution only gets here if no sockets were \end_layout \begin_layout Code - ** created. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: No sockets opened... terminating. \backslash @@ -19004,354 +17561,286 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Open passive (server) sockets for the indicated inet service & protocol. \end_layout \begin_layout Code - * Notice in the last sentence that "sockets" is plural. During the interim \end_layout \begin_layout Code - * transition period while everyone is switching over to IPv6, the server \end_layout \begin_layout Code - * application has to open two sockets on which to listen for connections... \end_layout \begin_layout Code - * one for IPv4 traffic and one for IPv6 traffic. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * service - Pointer to a character string representing the well-known port \end_layout \begin_layout Code - * on which to listen (can be a service name or a decimal number). \end_layout \begin_layout Code - * protocol - Pointer to a character string representing the transport layer \end_layout \begin_layout Code - * protocol (only "tcp" or "udp" are valid). \end_layout \begin_layout Code - * desc - Pointer to an array into which the socket descriptors are \end_layout \begin_layout Code - * placed when opened. \end_layout \begin_layout Code - * descSize - This is a value-result parameter. On input, it contains the \end_layout \begin_layout Code - * max number of descriptors that can be put into 'desc' (i.e. the \end_layout \begin_layout Code - * number of elements in the array). Upon return, it will contain \end_layout \begin_layout Code - * the number of descriptors actually opened. Any unused slots in \end_layout \begin_layout Code - * 'desc' are set to INVALID_DESC. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * 0 on success, -1 on error. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *service, \end_layout \begin_layout Code - const char *protocol, \end_layout \begin_layout Code - int desc[ ], \end_layout \begin_layout Code - size_t *descSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints = { .ai_flags = AI_PASSIVE, /* Server mode. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - .ai_family = PF_UNSPEC }; /* IPv4 or IPv6. \end_layout \begin_layout Code - ¬ */ \end_layout \begin_layout Code - size_t maxDescs = *descSize; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize output parameters. When the loop completes, *descSize is 0. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( *descSize > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ --( *descSize ) ] = INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Check which protocol is selected (only TCP and UDP are valid). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( strcmp( protocol, "tcp" ) == 0 ) /* TCP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else if ( strcmp( protocol, "udp" ) == 0 ) /* UDP protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - else /* Invalid protocol. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown transport " \end_layout \begin_layout Code - "layer protocol \backslash "%s @@ -19362,235 +17851,191 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - protocol ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the service's well-known port number. Notice that NULL is being \end_layout \begin_layout Code - ** passed for the 'node' parameter, and that the AI_PASSIVE flag is set in \end_layout \begin_layout Code - ** 'hints'. Thus, the program is requesting passive address information. \end_layout \begin_layout Code - ** The network address is initialized to :: (all zeros) for IPv6 records, or \end_layout \begin_layout Code - ** 0.0.0.0 for IPv4 records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( NULL, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** For each of the address records returned, attempt to set up a passive \end_layout \begin_layout Code - ** socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead; \end_layout \begin_layout Code - ( ai != NULL ) && ( *descSize < maxDescs ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the current address info. Start with the protocol- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Setting up a passive socket based on the " \end_layout \begin_layout Code - "following address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -19598,7 +18043,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -19606,629 +18050,512 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Now display the protocol-specific formatted socket address. Note \end_layout \begin_layout Code - ** that the program is requesting that getnameinfo(3) convert the \end_layout \begin_layout Code - ** host & service into numeric strings. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return -1; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket using the info in the addrinfo structure. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( desc[ *descSize ] = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Here is the code that prevents "IPv4 mapped addresses", as discussed \end_layout \begin_layout Code - ** in Section 22.1.3.1. If an IPv6 socket was just created, then set the \end_layout \begin_layout Code - ** IPV6_V6ONLY socket option. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - #if defined( IPV6_V6ONLY ) \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Disable IPv4 mapped addresses. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - int v6Only = 1; \end_layout \begin_layout Code - CHK( setsockopt( desc[ *descSize ], \end_layout \begin_layout Code - IPPROTO_IPV6, \end_layout \begin_layout Code - IPV6_V6ONLY, \end_layout \begin_layout Code - &v6Only, \end_layout \begin_layout Code - sizeof( v6Only ) ) ); \end_layout \begin_layout Code - #else \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPV6_V6ONLY is not defined, so the socket option can't be set and \end_layout \begin_layout Code - ** thus IPv4 mapped addresses can't be disabled. Print a warning \end_layout \begin_layout Code - ** message and close the socket. Design note: If the \end_layout \begin_layout Code - ** #if...#else...#endif construct were removed, then this program \end_layout \begin_layout Code - ** would not compile (because IPV6_V6ONLY isn't defined). That's an \end_layout \begin_layout Code - ** acceptable approach; IPv4 mapped addresses are certainly disabled \end_layout \begin_layout Code - ** if the program can't build! However, since this program is also \end_layout \begin_layout Code - ** designed to work for IPv4 sockets as well as IPv6, I decided to \end_layout \begin_layout Code - ** allow the program to compile when IPV6_V6ONLY is not defined, and \end_layout \begin_layout Code - ** turn it into a run-time warning rather than a compile-time error. \end_layout \begin_layout Code - ** IPv4 mapped addresses are still disabled because _all_ IPv6 traffic \end_layout \begin_layout Code - ** is disabled (all IPv6 sockets are closed here), but at least this \end_layout \begin_layout Code - ** way the server can still service IPv4 network traffic. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Cannot set IPV6_V6ONLY socket " \end_layout \begin_layout Code - "option. Closing IPv6 %s socket. \backslash @@ -20236,690 +18563,556 @@ n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_protocol == IPPROTO_TCP ? "TCP" : "UDP" ); \end_layout \begin_layout Code - CHK( close( desc[ *descSize ] ) ); \end_layout \begin_layout Code - continue; /* Go to top of FOR loop w/o updating *descSize! */ \end_layout \begin_layout Code - #endif /* IPV6_V6ONLY */ \end_layout \begin_layout Code - } /* End IF this is an IPv6 socket. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Bind the socket. Again, the info from the addrinfo structure is used. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - CHK( bind( desc[ *descSize ], \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** If this is a TCP socket, put the socket into passive listening mode \end_layout \begin_layout Code - ** (listen is only valid on connection-oriented sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_socktype == SOCK_STREAM ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - CHK( listen( desc[ *descSize ], \end_layout \begin_layout Code - MAXCONNQLEN ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Socket set up okay. Bump index to next descriptor array element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - *descSize += 1; \end_layout \begin_layout Code - } /* End FOR each address info structure returned. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Dummy check for unused address records. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose && ( ai != NULL ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): WARNING - Some address records were " \end_layout \begin_layout Code - "not processed due to insufficient array space. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__ ); \end_layout \begin_layout Code - } /* End IF verbose and some address records remain unprocessed. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Listen on a set of sockets and send the current time-of-day to any \end_layout \begin_layout Code - * clients. This function never returns. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * tSckt - Array of TCP socket descriptors on which to listen. \end_layout \begin_layout Code - * tScktSize - Size of the tSckt array (nbr of elements). \end_layout \begin_layout Code - * uSckt - Array of UDP socket descriptors on which to listen. \end_layout \begin_layout Code - * uScktSize - Size of the uSckt array (nbr of elements). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int tSckt[ ], \end_layout \begin_layout Code - size_t tScktSize, \end_layout \begin_layout Code - int uSckt[ ], \end_layout \begin_layout Code - size_t uScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ 256 ]; \end_layout \begin_layout Code - ssize_t count; \end_layout \begin_layout Code - struct pollfd *desc; \end_layout \begin_layout Code - size_t descSize = tScktSize + uScktSize; \end_layout \begin_layout Code - int idx; \end_layout \begin_layout Code - int newSckt; \end_layout \begin_layout Code - struct sockaddr *sadr; \end_layout \begin_layout Code - socklen_t sadrLen; \end_layout \begin_layout Code - struct sockaddr_storage sockStor; \end_layout \begin_layout Code - int status; \end_layout \begin_layout Code - size_t timeLen; \end_layout \begin_layout Code - char *timeStr; \end_layout \begin_layout Code - time_t timeVal; \end_layout \begin_layout Code - ssize_t wBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Allocate memory for the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - desc = malloc( descSize * sizeof( struct pollfd ) ); \end_layout \begin_layout Code - if ( desc == NULL ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - strerror( ENOMEM ) ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the poll(2) array. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - desc[ idx ].fd = idx < tScktSize ? tSckt[ idx ] \end_layout \begin_layout Code - : uSckt[ idx - tScktSize ]; \end_layout \begin_layout Code - desc[ idx ].events = POLLIN; \end_layout \begin_layout Code - desc[ idx ].revents = 0; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Main time-of-day server loop. Handles both TCP & UDP requests. This is \end_layout \begin_layout Code - ** an interative server, and all requests are handled directly within the \end_layout \begin_layout Code - ** main loop. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - while ( true ) /* Do forever. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Wait for activity on one of the sockets. The DO..WHILE construct is \end_layout \begin_layout Code - ** used to restart the system call in the event the process is \end_layout \begin_layout Code - ** interrupted by a signal. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - status = poll( desc, \end_layout \begin_layout Code - descSize, \end_layout \begin_layout Code - -1 /* Wait indefinitely for input. */ ); \end_layout \begin_layout Code - } while ( ( status < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( status ); /* Check for a bona fide system call error. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the current time. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - timeVal = time( NULL ); \end_layout \begin_layout Code - timeStr = ctime( &timeVal ); \end_layout \begin_layout Code - timeLen = strlen( timeStr ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Indicate that there is new network activity. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char *s = malloc( timeLen+1 ); \end_layout \begin_layout Code - strcpy( s, timeStr ); \end_layout \begin_layout Code - s[ timeLen-1 ] = ' \backslash 0'; /* Overwrite ' @@ -20929,913 +19122,743 @@ n' in date string. \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: New network activity on %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - s ); \end_layout \begin_layout Code - free( s ); \end_layout \begin_layout Code - } /* End IF verbose. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process sockets with input available. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( idx = 0; idx < descSize; idx++ ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( desc[ idx ].revents ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 0: /* No activity on this socket; try the next. */ \end_layout \begin_layout Code - continue; \end_layout \begin_layout Code - case POLLIN: /* Network activity. Go process it. */ \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - default: /* Invalid poll events. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Invalid poll event (0x%02X). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - desc[ idx ].revents ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on returned poll events. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine if this is a TCP request or UDP request. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( idx < tScktSize ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** TCP connection requested. Accept it. Notice the use of \end_layout \begin_layout Code - ** the sockaddr_storage data type. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( newSckt = accept( desc[ idx ].fd, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - CHK( shutdown( newSckt, /* Server never recv's anything. */ \end_layout \begin_layout Code - SHUT_RD ) ); \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Begin with \end_layout \begin_layout Code - ** the address-independent fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Sockaddr info for new TCP client: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific fields. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Notice that we're switching on an address family now, not a \end_layout \begin_layout Code - ** protocol family. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the TOD to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = write( newSckt, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes ); \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - CHK( close( newSckt ) ); \end_layout \begin_layout Code - } /* End IF this was a TCP connection request. */ \end_layout \begin_layout Code - else \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This is a UDP socket, and a datagram is available. The funny \end_layout \begin_layout Code - ** thing about UDP requests is that this server doesn't require any \end_layout \begin_layout Code - ** client input; but it can't send the TOD unless it knows a client \end_layout \begin_layout Code - ** wants the data, and the only way that can occur with UDP is if \end_layout \begin_layout Code - ** the server receives a datagram from the client. Thus, the \end_layout \begin_layout Code - ** server must receive _something_, but the content of the datagram \end_layout \begin_layout Code - ** is irrelevant. Read in the datagram. Again note the use of \end_layout \begin_layout Code - ** sockaddr_storage to receive the address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - sadrLen = sizeof( sockStor ); \end_layout \begin_layout Code - sadr = (struct sockaddr*) &sockStor; \end_layout \begin_layout Code - CHK( count = recvfrom( desc[ idx ].fd, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - sizeof( bfr ), \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, \end_layout \begin_layout Code - &sadrLen ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display whatever was received on stdout. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - ssize_t rBytes = count; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: UDP datagram received (%d bytes). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - count ); \end_layout \begin_layout Code - while ( count > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fputc( bfr[ rBytes - count-- ], \end_layout \begin_layout Code - stdout ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - if ( bfr[ rBytes-1 ] != ' \backslash n' ) \end_layout \begin_layout Code - fputc( ' \backslash n', stdout ); /* Newline also flushes stdout. @@ -21843,493 +19866,403 @@ n', stdout ); /* Newline also flushes stdout. \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the socket address of the remote client. Address- \end_layout \begin_layout Code - ** independent fields first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Remote client's sockaddr info: \backslash n" \end_layout \begin_layout Code - " sa_family = %d (AF_INET = %d, AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " addr len = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - sadr->sa_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address-specific information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( sadr, \end_layout \begin_layout Code - sadrLen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( sadr->sa_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case AF_INET: /* IPv4 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in *p = (struct sockaddr_in*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin_addr = sin_family: %d \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - p->sin_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 address. */ \end_layout \begin_layout Code - case AF_INET6: /* IPv6 address. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct sockaddr_in6 *p = (struct sockaddr_in6*) sadr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " sin6_addr = sin6_family: %d \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - p->sin6_family, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - p->sin6_flowinfo, \end_layout \begin_layout Code - p->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 address. */ \end_layout \begin_layout Code - default: /* Can never get here, but for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown address " \end_layout \begin_layout Code - "family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sadr->sa_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown address family). */ \end_layout \begin_layout Code - } /* End SWITCH on address family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send the time-of-day to the client. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - wBytes = timeLen; \end_layout \begin_layout Code - while ( wBytes > 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - count = sendto( desc[ idx ].fd, \end_layout \begin_layout Code - timeStr, \end_layout \begin_layout Code - wBytes, \end_layout \begin_layout Code - 0, \end_layout \begin_layout Code - sadr, /* Address & address length */ \end_layout \begin_layout Code - sadrLen ); /* received in recvfrom(). */ \end_layout \begin_layout Code - } while ( ( count < 0 ) && ( errno == EINTR ) ); \end_layout \begin_layout Code - CHK( count ); /* Check for a bona fide error. */ \end_layout \begin_layout Code - wBytes -= count; \end_layout \begin_layout Code - } /* End WHILE there is data to send. */ \end_layout \begin_layout Code - } /* End ELSE a UDP datagram is available. */ \end_layout \begin_layout Code - desc[ idx ].revents = 0; /* Clear the returned poll events. */ \end_layout \begin_layout Code - } /* End FOR each socket descriptor. */ \end_layout \begin_layout Code - } /* End WHILE forever. */ \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -22344,7 +20277,6 @@ The TCP client code is found in file tod6tc.c (time-of-day IPv6 TCP client). \end_layout \begin_layout Code - tod6tc [-v] [-s scope_id] [host [service]] \end_layout @@ -22385,265 +20317,216 @@ The TCP client source code contained in tod6tc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6tc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' TCP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), read(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -22651,7 +20534,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -22659,7 +20541,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -22667,7 +20548,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -22676,7 +20556,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -22684,7 +20563,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -22692,24 +20570,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -22717,669 +20591,540 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connection could not be established. \backslash @@ -23387,646 +21132,524 @@ n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a TCP connection to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to set up the connection. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a connection could not be \end_layout \begin_layout Code - * established. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_STREAM; /* Connection-oriented byte stream. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_TCP; /* TCP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -24034,7 +21657,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -24042,751 +21664,608 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Connect to the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** The client never sends anything, so shut down the write side of the \end_layout \begin_layout Code - ** connection. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "shutdown", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - shutdown( sckt, SHUT_WR ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - do \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -24794,23 +22273,19 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - } while ( inBytes > 0 ); \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -24827,7 +22302,6 @@ The UDP client code is found in file tod6uc.c (time-of-day IPv6 UDP client). \end_layout \begin_layout Code - tod6uc [-v] [-s scope_id] [host [service]] \end_layout @@ -24868,265 +22342,216 @@ The UDP client source code contained in tod6uc.c follows: \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * File: tod6uc.c \end_layout \begin_layout Code - * Description: Contains source code for an IPv6-capable 'daytime' UDP client. \end_layout \begin_layout Code - * Author: John Wenker, Sr. Software Engineer \end_layout \begin_layout Code - * Performance Technologies, San Diego, USA \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** System header files. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #include /* errno declaration and error codes. */ \end_layout \begin_layout Code - #include /* if_nametoindex(3). */ \end_layout \begin_layout Code - #include /* getaddrinfo(3) and associated definitions. */ \end_layout \begin_layout Code - #include /* sockaddr_in and sockaddr_in6 definitions. */ \end_layout \begin_layout Code - #include /* printf(3) et al. */ \end_layout \begin_layout Code - #include /* exit(2). */ \end_layout \begin_layout Code - #include /* String manipulation and memory functions. */ \end_layout \begin_layout Code - #include /* Socket functions (socket(2), connect(2), etc). */ \end_layout \begin_layout Code - #include /* getopt(3), recvfrom(2), sendto(2), etc. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Constants & macros. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define DFLT_HOST "localhost" /* Default server name. */ \end_layout \begin_layout Code - #define DFLT_SCOPE_ID "eth0" /* Default scope identifier. */ \end_layout \begin_layout Code - #define DFLT_SERVICE "daytime" /* Default service name. */ \end_layout \begin_layout Code - #define INVALID_DESC -1 /* Invalid file (socket) descriptor. */ \end_layout \begin_layout Code - #define MAXBFRSIZE 256 /* Max bfr sz to read remote TOD. */ \end_layout \begin_layout Code - #define VALIDOPTS "s:v" /* Valid command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Type definitions (for convenience). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - typedef enum { false = 0, true } boolean; \end_layout \begin_layout Code - typedef struct sockaddr_in sockaddr_in_t; \end_layout \begin_layout Code - typedef struct sockaddr_in6 sockaddr_in6_t; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Prototypes for internal helper functions. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ); \end_layout \begin_layout Code - static void tod( int sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Global (within this file only) data objects. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static const char *pgmName; /* Program name (w/o directory). */ \end_layout \begin_layout Code - static boolean verbose = false; /* Verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Usage macro. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - #define USAGE \backslash @@ -25134,7 +22559,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - { \backslash @@ -25142,7 +22566,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - fprintf( stderr, \backslash @@ -25150,7 +22573,6 @@ static boolean verbose = false; /* Verbose mode. \end_layout \begin_layout Code - "Usage: %s [-v] [-s scope_id] [host [service]] \backslash n", @@ -25159,7 +22581,6 @@ n", \end_layout \begin_layout Code - pgmName ); \backslash @@ -25167,7 +22588,6 @@ n", \end_layout \begin_layout Code - exit( 127 ); \backslash @@ -25175,24 +22595,20 @@ n", \end_layout \begin_layout Code - } /* End USAGE macro. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** This "macro" (even though it's really a function) is loosely based on the \end_layout \begin_layout Code - ** CHK() macro by Dr. V. Vinge (see server code). @@ -25200,1316 +22616,1065 @@ n", \end_layout \begin_layout Code - ** a boolean expression indicating the return code from one of the usual system \end_layout \begin_layout Code - ** calls that returns -1 on error. If a system call error occurred, an alert \end_layout \begin_layout Code - ** is written to stderr. It returns a boolean value indicating success/failure \end_layout \begin_layout Code - ** of the system call. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Example: if ( !SYSCALL( "write", \end_layout \begin_layout Code - ** count = write( fd, bfr, size ) ) ) \end_layout \begin_layout Code - ** { \end_layout \begin_layout Code - ** // Error processing... but SYSCALL() will have already taken \end_layout \begin_layout Code - ** // care of dumping an error alert to stderr. \end_layout \begin_layout Code - ** } \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - static __inline boolean SYSCALL( const char *syscallName, \end_layout \begin_layout Code - int lineNbr, \end_layout \begin_layout Code - int status ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - if ( ( status == -1 ) && verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): System call failed ('%s') - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - lineNbr, \end_layout \begin_layout Code - syscallName, \end_layout \begin_layout Code - strerror( errno ) ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - return status != -1; /* True if the system call was successful. */ \end_layout \begin_layout Code - } /* End SYSCALL() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: main \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Connect to a remote time-of-day service and write the remote host's TOD to \end_layout \begin_layout Code - * stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * The usual argc & argv parameters to a main() program. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * This function always returns zero. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - int main( int argc, \end_layout \begin_layout Code - char *argv[ ] ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - const char *host = DFLT_HOST; \end_layout \begin_layout Code - int opt; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - unsigned int scopeId = if_nametoindex( DFLT_SCOPE_ID ); \end_layout \begin_layout Code - const char *service = DFLT_SERVICE; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Determine the program name (w/o directory prefix). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - pgmName = (const char*) strrchr( argv[ 0 ], '/' ); \end_layout \begin_layout Code - pgmName = pgmName == NULL ? argv[ 0 ] : pgmName+1; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command line options. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - opterr = 0; /* Turns off "invalid option" error messages. */ \end_layout \begin_layout Code - while ( ( opt = getopt( argc, argv, VALIDOPTS ) ) != -1 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - switch ( opt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 's': /* Scope identifier (IPv6 kluge). */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - scopeId = if_nametoindex( optarg ); \end_layout \begin_layout Code - if ( scopeId == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Unknown network interface (%s). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - optarg ); \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 'v': /* Verbose mode. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - verbose = true; \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on command option. */ \end_layout \begin_layout Code - } /* End WHILE processing command options. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Process command arguments. At the end of the above loop, optind is the \end_layout \begin_layout Code - ** index of the first NON-option argv element. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - switch ( argc - optind ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case 2: /* Both host & service are specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - service = argv[ optind + 1 ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 1: /* Host is specified on the command line. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - host = argv[ optind ]; \end_layout \begin_layout Code - /***** Fall through *****/ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - case 0: /* Use default host & service. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - default: \end_layout \begin_layout Code - { \end_layout \begin_layout Code - USAGE; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End SWITCH on number of command arguments. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Open a connection to the indicated host/service. \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Note that if all three of the following conditions are met, then the \end_layout \begin_layout Code - ** scope identifier remains unresolved at this point. \end_layout \begin_layout Code - ** 1) The default network interface is unknown for some reason. \end_layout \begin_layout Code - ** 2) The -s option was not used on the command line. \end_layout \begin_layout Code - ** 3) An IPv6 "scoped address" was not specified for the hostname on the \end_layout \begin_layout Code - ** command line. \end_layout \begin_layout Code - ** If the above three conditions are met, then only an IPv4 socket can be \end_layout \begin_layout Code - ** opened (connect(2) fails without the scope ID properly set for IPv6 \end_layout \begin_layout Code - ** sockets). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( sckt = openSckt( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - scopeId ) ) == INVALID_DESC ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s: Sorry... a connectionless socket could " \end_layout \begin_layout Code - "not be set up. \backslash n", \end_layout \begin_layout Code - pgmName ); \end_layout \begin_layout Code - exit( 1 ); \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Get the remote time-of-day. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - tod( sckt ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Close the connection and terminate. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - (void) SYSCALL( "close", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - close( sckt ) ); \end_layout \begin_layout Code - return 0; \end_layout \begin_layout Code - } /* End main() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: openSckt \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Sets up a UDP socket to a remote server. Getaddrinfo(3) is used to \end_layout \begin_layout Code - * perform lookup functions and can return multiple address records (i.e. a \end_layout \begin_layout Code - * list of 'struct addrinfo' records). This function traverses the list and \end_layout \begin_layout Code - * tries to establish a connection to the remote server. The function ends \end_layout \begin_layout Code - * when either a connection has been established or all records in the list \end_layout \begin_layout Code - * have been processed. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * host - A pointer to a character string representing the hostname or IP \end_layout \begin_layout Code - * address (IPv4 or IPv6) of the remote server. \end_layout \begin_layout Code - * service - A pointer to a character string representing the service name or \end_layout \begin_layout Code - * well-known port number. \end_layout \begin_layout Code - * scopeId - For IPv6 sockets only. This is the index corresponding to the \end_layout \begin_layout Code - * network interface on which to exchange datagrams. This \end_layout \begin_layout Code - * parameter is ignored for IPv4 sockets or when an IPv6 "scoped \end_layout \begin_layout Code - * address" is specified in 'host' (i.e. where the colon-hex \end_layout \begin_layout Code - * network address is augmented with the scope ID). \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: \end_layout \begin_layout Code - * Returns the socket descriptor for the connection, or INVALID_DESC if all \end_layout \begin_layout Code - * address records have been processed and a socket could not be initialized. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static int openSckt( const char *host, \end_layout \begin_layout Code - const char *service, \end_layout \begin_layout Code - unsigned int scopeId ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - struct addrinfo *ai; \end_layout \begin_layout Code - int aiErr; \end_layout \begin_layout Code - struct addrinfo *aiHead; \end_layout \begin_layout Code - struct addrinfo hints; \end_layout \begin_layout Code - sockaddr_in6_t *pSadrIn6; \end_layout \begin_layout Code - int sckt; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Initialize the 'hints' structure for getaddrinfo(3). \end_layout \begin_layout Code - ** \end_layout \begin_layout Code - ** Notice that the 'ai_family' field is set to PF_UNSPEC, indicating to \end_layout \begin_layout Code - ** return both IPv4 and IPv6 address records for the host/service. Most of \end_layout \begin_layout Code - ** the time, the user isn't going to care whether an IPv4 connection or an \end_layout \begin_layout Code - ** IPv6 connection is established; the user simply wants to exchange data \end_layout \begin_layout Code - ** with the remote host and doesn't care how it's done. Sometimes, however, \end_layout \begin_layout Code - ** the user might want to explicitly specify the type of underlying socket. \end_layout \begin_layout Code - ** It is left as an exercise for the motivated reader to add a command line \end_layout \begin_layout Code - ** option allowing the user to specify the IP protocol, and then process the \end_layout \begin_layout Code - ** list of addresses accordingly (it's not that difficult). \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - memset( &hints, 0, sizeof( hints ) ); \end_layout \begin_layout Code - hints.ai_family = PF_UNSPEC; /* IPv4 or IPv6 records (don't care). */ \end_layout \begin_layout Code - hints.ai_socktype = SOCK_DGRAM; /* Connectionless communication. */ \end_layout \begin_layout Code - hints.ai_protocol = IPPROTO_UDP; /* UDP transport layer protocol only. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Look up the host/service information. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ( aiErr = getaddrinfo( host, \end_layout \begin_layout Code - service, \end_layout \begin_layout Code - &hints, \end_layout \begin_layout Code - &aiHead ) ) != 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - %s. \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - gai_strerror( aiErr ) ); \end_layout \begin_layout Code - return INVALID_DESC; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Go through the list and try to open a connection. Continue until either \end_layout \begin_layout Code - ** a connection is established or the entire list is exhausted. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - for ( ai = aiHead, sckt = INVALID_DESC; \end_layout \begin_layout Code - ( ai != NULL ) && ( sckt == INVALID_DESC ); \end_layout \begin_layout Code - ai = ai->ai_next ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** IPv6 kluge. Make sure the scope ID is set. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( ai->ai_family == PF_INET6 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - if ( pSadrIn6->sin6_scope_id == 0 ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id = scopeId; \end_layout \begin_layout Code - } /* End IF the scope ID wasn't set. */ \end_layout \begin_layout Code - } /* End IPv6 kluge. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address info for the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( verbose ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Temporary character string buffers for host & service. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - char hostBfr[ NI_MAXHOST ]; \end_layout \begin_layout Code - char servBfr[ NI_MAXSERV ]; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the address information just fetched. Start with the \end_layout \begin_layout Code - ** common (protocol-independent) stuff first. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "Address info: \backslash n" \end_layout \begin_layout Code - " ai_flags = 0x%02X \backslash n" \end_layout \begin_layout Code - " ai_family = %d (PF_INET = %d, PF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " ai_socktype = %d (SOCK_STREAM = %d, SOCK_DGRAM = %d) \backslash @@ -26517,7 +23682,6 @@ n" \end_layout \begin_layout Code - " ai_protocol = %d (IPPROTO_TCP = %d, IPPROTO_UDP = %d) \backslash @@ -26525,748 +23689,606 @@ n" \end_layout \begin_layout Code - " ai_addrlen = %d (sockaddr_in = %d, " \end_layout \begin_layout Code - "sockaddr_in6 = %d) \backslash n", \end_layout \begin_layout Code - ai->ai_flags, \end_layout \begin_layout Code - ai->ai_family, \end_layout \begin_layout Code - PF_INET, \end_layout \begin_layout Code - PF_INET6, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - SOCK_STREAM, \end_layout \begin_layout Code - SOCK_DGRAM, \end_layout \begin_layout Code - ai->ai_protocol, \end_layout \begin_layout Code - IPPROTO_TCP, \end_layout \begin_layout Code - IPPROTO_UDP, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - sizeof( struct sockaddr_in ), \end_layout \begin_layout Code - sizeof( struct sockaddr_in6 ) ); \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Display the protocol-specific formatted address. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - getnameinfo( ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - sizeof( hostBfr ), \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - sizeof( servBfr ), \end_layout \begin_layout Code - NI_NUMERICHOST | NI_NUMERICSERV ); \end_layout \begin_layout Code - switch ( ai->ai_family ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - case PF_INET: /* IPv4 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sockaddr_in_t *pSadrIn = (sockaddr_in_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin_addr: %s \backslash n" \end_layout \begin_layout Code - " sin_port: %s \backslash n", \end_layout \begin_layout Code - pSadrIn->sin_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv4 record. */ \end_layout \begin_layout Code - case PF_INET6: /* IPv6 address record. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - pSadrIn6 = (sockaddr_in6_t*) ai->ai_addr; \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - " ai_addr = sin6_family: %d (AF_INET = %d, " \end_layout \begin_layout Code - "AF_INET6 = %d) \backslash n" \end_layout \begin_layout Code - " sin6_addr: %s \backslash n" \end_layout \begin_layout Code - " sin6_port: %s \backslash n" \end_layout \begin_layout Code - " sin6_flowinfo: %d \backslash n" \end_layout \begin_layout Code - " sin6_scope_id: %d \backslash n", \end_layout \begin_layout Code - pSadrIn6->sin6_family, \end_layout \begin_layout Code - AF_INET, \end_layout \begin_layout Code - AF_INET6, \end_layout \begin_layout Code - hostBfr, \end_layout \begin_layout Code - servBfr, \end_layout \begin_layout Code - pSadrIn6->sin6_flowinfo, \end_layout \begin_layout Code - pSadrIn6->sin6_scope_id ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End CASE of IPv6 record. */ \end_layout \begin_layout Code - default: /* Can never get here, but just for completeness. */ \end_layout \begin_layout Code - { \end_layout \begin_layout Code - fprintf( stderr, \end_layout \begin_layout Code - "%s (line %d): ERROR - Unknown protocol family (%d). \backslash n", \end_layout \begin_layout Code - pgmName, \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - ai->ai_family ); \end_layout \begin_layout Code - break; \end_layout \begin_layout Code - } /* End DEFAULT case (unknown protocol family). */ \end_layout \begin_layout Code - } /* End SWITCH on protocol family. */ \end_layout \begin_layout Code - } /* End IF verbose mode. */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Create a socket. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "socket", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - sckt = socket( ai->ai_family, \end_layout \begin_layout Code - ai->ai_socktype, \end_layout \begin_layout Code - ai->ai_protocol ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Set the target destination for the remote host on this socket. That \end_layout \begin_layout Code - ** is, this socket only communicates with the specified host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "connect", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - connect( sckt, \end_layout \begin_layout Code - ai->ai_addr, \end_layout \begin_layout Code - ai->ai_addrlen ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - (void) close( sckt ); /* Could use SYSCALL() again here, but why? */ \end_layout \begin_layout Code - sckt = INVALID_DESC; \end_layout \begin_layout Code - continue; /* Try the next address record in the list. */ \end_layout \begin_layout Code - } \end_layout \begin_layout Code - } /* End FOR each address record returned by getaddrinfo(3). */ \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Clean up & return. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - freeaddrinfo( aiHead ); \end_layout \begin_layout Code - return sckt; \end_layout \begin_layout Code - } /* End openSckt() */ \end_layout \begin_layout Code - /****************************************************************************** \end_layout \begin_layout Code - * Function: tod \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Description: \end_layout \begin_layout Code - * Receive the time-of-day from the remote server and write it to stdout. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Parameters: \end_layout \begin_layout Code - * sckt - The socket descriptor for the connection. \end_layout \begin_layout Code - * \end_layout \begin_layout Code - * Return Value: None. \end_layout \begin_layout Code - ******************************************************************************/ \end_layout \begin_layout Code - static void tod( int sckt ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - char bfr[ MAXBFRSIZE+1 ]; \end_layout \begin_layout Code - int inBytes; \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Send a datagram to the server to wake it up. The content isn't \end_layout \begin_layout Code - ** important, but something must be sent to let it know we want the TOD. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "write", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - write( sckt, "Are you there?", 14 ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - /* \end_layout \begin_layout Code - ** Read the time-of-day from the remote host. \end_layout \begin_layout Code - */ \end_layout \begin_layout Code - if ( !SYSCALL( "read", \end_layout \begin_layout Code - __LINE__, \end_layout \begin_layout Code - inBytes = read( sckt, \end_layout \begin_layout Code - bfr, \end_layout \begin_layout Code - MAXBFRSIZE ) ) ) \end_layout \begin_layout Code - { \end_layout \begin_layout Code - return; \end_layout \begin_layout Code - } \end_layout \begin_layout Code - bfr[ inBytes ] = ' \backslash 0'; /* Null-terminate the received string. @@ -27274,18 +24296,15 @@ static void tod( int sckt ) \end_layout \begin_layout Code - fputs( bfr, stdout ); /* Null string if EOF (inBytes == 0). */ \end_layout \begin_layout Code - fflush( stdout ); \end_layout \begin_layout Code - } /* End tod() */ \end_layout @@ -31551,7 +28570,8 @@ Releases 0.x \end_layout \begin_layout Description -0.65 2010-04-20/PB: extend QoS section with examples +0.66 2010-04-20/PB: extend QoS section with examples, 20130513/PB: add IPv6 + NAT hints \end_layout \begin_layout Description diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf index 2a52f692..6b3c7494 100644 Binary files a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf and b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.pdf differ diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml index 1f975846..10236993 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml @@ -26,7 +26,7 @@ <!-- anchor id="general-copright" -->Copyright, license and others Copyright -Written and Copyright (C) 2001-2011 by Peter Bieringer +Written and Copyright (C) 2001-2013 by Peter Bieringer License This Linux IPv6 HOWTO is published under GNU GPL version 2: @@ -1961,7 +1961,7 @@ Chain intOUT (1 references) ]]> IPv6 Destination NAT A dedicated public IPv6 address can be forwarded to an internal IPv6 address, e.g. - IPv6 Port Forwarding A dedicated specified port can be forwarded to an internal system, e.g. @@ -5011,7 +5011,7 @@ Publisher: MarketResearch.com; ISBN B00006334Y; (November 1, 2001) Versions x.y.z are work-in-progress and published as LyX and SGML file on CVS. Because Deep Space 6 mirrors these SGML files and generate independend from TLDP public versions, this versions will show up there and also on its mirrors. Releases 0.x -0.652010-04-20/PB: extend QoS section with examples0.652009-12-13/PB: minor fixes0.642009-06-11/PB: extend DHCP server examples (ISC DHCP, Dibbler)0.632009-02-14/PB: Fix FSF address, major update on 4in6 tunnels, add new section for address resolving, add some URLs, remove broken URLs0.622008-11-09/PB: Adjust URL to Turkish howto, add some HIP related URLs, remove broken URLs0.61.12007-11-11/PB: fix broken description of shortcut BIND0.612007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update.0.60.22007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail)0.60.12007-06-16/PB: speling fixes (credits to Larry W. Burton)0.602007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes0.522007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes0.512006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich)0.50.22006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto)0.50.12006-09-23/PB: add some URLs0.502006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing0.49.52006-08-23/PB: fix/remove broken URLs0.49.42006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones.0.49.32006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter0.49.22006-08-20/PB: update and cleanup of maillist entries0.49.12006-06-13/PB: major update of mobility section (contributed by Benjamin Thery)0.492005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel)0.48.12005-01-15/PB: minor fixes0.482005-01-11/PB: grammar check and minor review of IPv6 IPsec section0.47.12005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs0.472004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation0.46.42004-07-19/PB: minor fixes0.46.32004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation0.46.22004-05-22/PB: minor fixes0.46.12004-04-18/PB: minor fixes0.462004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates0.45.12004-01-12/PB: add note about the official example address space0.452004-01-11/PB: minor fixes, add/fix some URLs, some extensions0.44.22003-10-30/PB: fix some copy&paste text bugs0.44.12003-10-19/PB: add note about start of Italian translation0.442003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache20.43.42003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs0.43.32003-06-19/PB: fix typos0.43.22003-06-11/PB: fix URL0.43.12003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec0.432003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation0.422003-05-09/PB: minor fixes, announce French translation0.41.42003-05-02/PB: Remove a broken URL, update some others.0.41.32003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation0.41.22003-04-13/PB: Fix some typos, add a note about a French translation is in progress0.41.12003-03-31/PB: Remove a broken URL, fix another0.412003-03-22/PB: Add URL of German translation0.40.22003-02-27/PB: Fix a misaddressed URL0.40.12003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations0.402003-02-10/PB: Announcing available German version0.39.22003-02-10/GK: Minor syntax and spelling fixes0.39.12003-01-09/PB: fix an URL (draft adopted to an RFC)0.392003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul)0.38.12003-01-09/PB: a minor fix0.382003-01-06/PB: minor fixes0.37.12003-01-05/PB: minor updates0.372002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections0.36.12002-12-20/PB: Minor fixes0.362002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes0.352002-12-11/PB: Some fixes and extensions0.34.12002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs)0.342002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books0.332002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example0.322002-11-03/PB: Add information about Taiwanese translation0.31.12002-10-06/PB: Add another maillist0.312002-09-29/PB: Extend information in proc-filesystem entries0.302002-09-27/PB: Add some maillists0.292002-09-18/PB: Update statement about nmap (triggered by Fyodor)0.28.12002-09-16/PB: Add note about ping6 to multicast addresses, add some labels0.282002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle0.272002-08-10/PB: Some minor updates0.26.22002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters0.26.12002-07-13/PB: Update nmap/IPv6 information0.262002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only0.25.22002-07-11/PB: Minor spelling fixes0.25.12002-06-23/PB: Minor spelling and other fixes0.252002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX0.242002-05-02/PB: Add entries in URL list, minor spelling fixes0.232002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL0.222002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists0.212002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.42002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.32002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan0.20.22002-02-05/PB: Add mipl to maillist table0.20.12002-01-31/PB: Add a hint how to generate 6to4 addresses0.202002-01-30/PB: Add a hint about default route problem, some minor updates0.19.22002-01-29/PB: Add many new URLs0.19.12002-01-27/PB: Add some forgotten URLs0.192002-01-25/PB: Add two German books, fix quote entinities in exported SGML code0.18.22002-01-23/PB: Add a FAQ on the program chapter0.18.12002-01-23/PB: Move “the end” to the end, add USAGI to maillists0.182002-01-22/PB: Fix bugs in explanation of multicast address types0.17.22002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document0.17.12002-01-20/PB: Add a reference, fix URL text in online-test-tools0.172002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses0.162002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs.0.152002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document0.142002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements0.132002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions0.122002-01-03/PB: Merge review of David Ranch0.112002-01-02/PB: Spell checking and merge review of Pekka Savola0.102002-01-02/PB: First public release of chapter 1 +0.662010-04-20/PB: extend QoS section with examples, 20130513/PB: add IPv6 NAT hints0.652009-12-13/PB: minor fixes0.642009-06-11/PB: extend DHCP server examples (ISC DHCP, Dibbler)0.632009-02-14/PB: Fix FSF address, major update on 4in6 tunnels, add new section for address resolving, add some URLs, remove broken URLs0.622008-11-09/PB: Adjust URL to Turkish howto, add some HIP related URLs, remove broken URLs0.61.12007-11-11/PB: fix broken description of shortcut BIND0.612007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update.0.60.22007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail)0.60.12007-06-16/PB: speling fixes (credits to Larry W. Burton)0.602007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes0.522007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes0.512006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich)0.50.22006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto)0.50.12006-09-23/PB: add some URLs0.502006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing0.49.52006-08-23/PB: fix/remove broken URLs0.49.42006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones.0.49.32006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter0.49.22006-08-20/PB: update and cleanup of maillist entries0.49.12006-06-13/PB: major update of mobility section (contributed by Benjamin Thery)0.492005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel)0.48.12005-01-15/PB: minor fixes0.482005-01-11/PB: grammar check and minor review of IPv6 IPsec section0.47.12005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs0.472004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation0.46.42004-07-19/PB: minor fixes0.46.32004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation0.46.22004-05-22/PB: minor fixes0.46.12004-04-18/PB: minor fixes0.462004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates0.45.12004-01-12/PB: add note about the official example address space0.452004-01-11/PB: minor fixes, add/fix some URLs, some extensions0.44.22003-10-30/PB: fix some copy&paste text bugs0.44.12003-10-19/PB: add note about start of Italian translation0.442003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache20.43.42003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs0.43.32003-06-19/PB: fix typos0.43.22003-06-11/PB: fix URL0.43.12003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec0.432003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation0.422003-05-09/PB: minor fixes, announce French translation0.41.42003-05-02/PB: Remove a broken URL, update some others.0.41.32003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation0.41.22003-04-13/PB: Fix some typos, add a note about a French translation is in progress0.41.12003-03-31/PB: Remove a broken URL, fix another0.412003-03-22/PB: Add URL of German translation0.40.22003-02-27/PB: Fix a misaddressed URL0.40.12003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations0.402003-02-10/PB: Announcing available German version0.39.22003-02-10/GK: Minor syntax and spelling fixes0.39.12003-01-09/PB: fix an URL (draft adopted to an RFC)0.392003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul)0.38.12003-01-09/PB: a minor fix0.382003-01-06/PB: minor fixes0.37.12003-01-05/PB: minor updates0.372002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections0.36.12002-12-20/PB: Minor fixes0.362002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes0.352002-12-11/PB: Some fixes and extensions0.34.12002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs)0.342002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books0.332002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example0.322002-11-03/PB: Add information about Taiwanese translation0.31.12002-10-06/PB: Add another maillist0.312002-09-29/PB: Extend information in proc-filesystem entries0.302002-09-27/PB: Add some maillists0.292002-09-18/PB: Update statement about nmap (triggered by Fyodor)0.28.12002-09-16/PB: Add note about ping6 to multicast addresses, add some labels0.282002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle0.272002-08-10/PB: Some minor updates0.26.22002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters0.26.12002-07-13/PB: Update nmap/IPv6 information0.262002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only0.25.22002-07-11/PB: Minor spelling fixes0.25.12002-06-23/PB: Minor spelling and other fixes0.252002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX0.242002-05-02/PB: Add entries in URL list, minor spelling fixes0.232002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL0.222002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists0.212002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.42002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.32002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan0.20.22002-02-05/PB: Add mipl to maillist table0.20.12002-01-31/PB: Add a hint how to generate 6to4 addresses0.202002-01-30/PB: Add a hint about default route problem, some minor updates0.19.22002-01-29/PB: Add many new URLs0.19.12002-01-27/PB: Add some forgotten URLs0.192002-01-25/PB: Add two German books, fix quote entinities in exported SGML code0.18.22002-01-23/PB: Add a FAQ on the program chapter0.18.12002-01-23/PB: Move “the end” to the end, add USAGI to maillists0.182002-01-22/PB: Fix bugs in explanation of multicast address types0.17.22002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document0.17.12002-01-20/PB: Add a reference, fix URL text in online-test-tools0.172002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses0.162002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs.0.152002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document0.142002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements0.132002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions0.122002-01-03/PB: Merge review of David Ranch0.112002-01-02/PB: Spell checking and merge review of Pekka Savola0.102002-01-02/PB: First public release of chapter 1 <!-- anchor id="credits" -->Credits The quickest way to be added to this nice list is to send bug fixes, corrections, and/or updates to me ;-). If you want to do a major review, you can use the native LyX file (see original source) and send diffs against it, because diffs against SGML don't help too much.