inet6.4 (68962) | inet6.4 (78064) |
---|---|
1.\" $FreeBSD: head/share/man/man4/inet6.4 68962 2000-11-20 18:41:33Z ru $ 2.\" $KAME: inet6.4,v 1.16 2000/07/05 08:18:42 itojun Exp $ | 1.\" $FreeBSD: head/share/man/man4/inet6.4 78064 2001-06-11 12:39:29Z ume $ 2.\" $KAME: inet6.4,v 1.21 2001/04/05 01:00:18 itojun Exp $ |
3.\" 4.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright --- 58 unchanged lines hidden (view full) --- 69IPv6 addresses are 16 byte quantities, stored in network standard byteorder. 70The include file 71.Aq Pa netinet/in.h 72defines this address 73as a discriminated union. 74.Pp 75Sockets bound to the 76.Nm | 3.\" 4.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright --- 58 unchanged lines hidden (view full) --- 69IPv6 addresses are 16 byte quantities, stored in network standard byteorder. 70The include file 71.Aq Pa netinet/in.h 72defines this address 73as a discriminated union. 74.Pp 75Sockets bound to the 76.Nm |
77family utilize the following addressing structure, | 77family utilize the following addressing structure: |
78.Bd -literal -offset indent 79struct sockaddr_in6 { 80 u_int8_t sin6_len; 81 u_int8_t sin6_family; 82 u_int16_t sin6_port; 83 u_int32_t sin6_flowinfo; 84 struct in6_addr sin6_addr; 85 u_int32_t sin6_scope_id; --- 4 unchanged lines hidden (view full) --- 90.Dq Dv :: 91.Po 92which is equal to IPv6 address 93.Dv 0:0:0:0:0:0:0:0 94.Pc 95to effect 96.Dq wildcard 97matching on incoming messages. | 78.Bd -literal -offset indent 79struct sockaddr_in6 { 80 u_int8_t sin6_len; 81 u_int8_t sin6_family; 82 u_int16_t sin6_port; 83 u_int32_t sin6_flowinfo; 84 struct in6_addr sin6_addr; 85 u_int32_t sin6_scope_id; --- 4 unchanged lines hidden (view full) --- 90.Dq Dv :: 91.Po 92which is equal to IPv6 address 93.Dv 0:0:0:0:0:0:0:0 94.Pc 95to effect 96.Dq wildcard 97matching on incoming messages. |
98The address in a 99.Xr connect 2 100or 101.Xr sendto 2 102call may be given as 103.Dq Dv :: 104to mean 105.Dq this host . 106.Dq Dv :: 107can be obtained by setting 108.Dv sin6_addr 109field into 0, or by using the address contained in variable 110.Dv in6addr_any . | |
111.Pp | 98.Pp |
112IPv6 specification defines scoped address, 113like link-local or site-local address. | 99The IPv6 specification defines scoped addresses, 100like link-local or site-local addresses. |
114A scoped address is ambiguous to the kernel, | 101A scoped address is ambiguous to the kernel, |
115if it is specified without scope identifier. | 102if it is specified without a scope identifier. |
116To manipulate scoped addresses properly from the userland, | 103To manipulate scoped addresses properly from the userland, |
117programs must use advanced API defined in RFC2292. 118Compact description on the advanced API is available in | 104programs must use the advanced API defined in RFC2292. 105A compact description of the advanced API is available in |
119.Xr ip6 4 . | 106.Xr ip6 4 . |
120If scoped addresses are specified without explicit scope, 121the kernel may raise error. | 107If a scoped address is specified without an explicit scope, 108the kernel may raise an error. |
122Note that scoped addresses are not for daily use at this moment, | 109Note that scoped addresses are not for daily use at this moment, |
123both from specification and implementation point of view. | 110both from a specification and an implementation point of view. |
124.Pp | 111.Pp |
125KAME implementation supports extended numeric IPv6 address notation | 112The KAME implementation supports an extended numeric IPv6 address notation |
126for link-local addresses, 127like 128.Dq Li fe80::1%de0 129to specify 130.Do 131.Li fe80::1 132on 133.Li de0 134interface 135.Dc . | 113for link-local addresses, 114like 115.Dq Li fe80::1%de0 116to specify 117.Do 118.Li fe80::1 119on 120.Li de0 121interface 122.Dc . |
136The notation is supported by | 123This notation is supported by |
137.Xr getaddrinfo 3 138and 139.Xr getnameinfo 3 . 140Some of normal userland programs, such as 141.Xr telnet 1 142or 143.Xr ftp 1 , | 124.Xr getaddrinfo 3 125and 126.Xr getnameinfo 3 . 127Some of normal userland programs, such as 128.Xr telnet 1 129or 130.Xr ftp 1 , |
144are able to use the notation. | 131are able to use this notation. |
145With special programs 146like 147.Xr ping6 8 , | 132With special programs 133like 134.Xr ping6 8 , |
148you can specify outgoing interface by extra command line option | 135you can specify the outgoing interface by an extra command line option |
149to disambiguate scoped addresses. 150.Pp 151Scoped addresses are handled specially in the kernel. | 136to disambiguate scoped addresses. 137.Pp 138Scoped addresses are handled specially in the kernel. |
152In the kernel structures like routing tables or interface structure, 153scoped addresses will have its interface index embedded into the address. | 139In kernel structures like routing tables or interface structures, 140a scoped address will have its interface index embedded into the address. |
154Therefore, | 141Therefore, |
155the address on some of the kernel structure is not the same as that on the wire. 156The embedded index will become visible on | 142the address in some kernel structures is not the same as that on the wire. 143The embedded index will become visible through a |
157.Dv PF_ROUTE 158socket, kernel memory accesses via 159.Xr kvm 3 | 144.Dv PF_ROUTE 145socket, kernel memory accesses via 146.Xr kvm 3 |
160and some other occasions. | 147and on some other occasions. |
161HOWEVER, users should never use the embedded form. 162For details please consult 163.Pa IMPLEMENTATION 164supplied with KAME kit. 165.Sh PROTOCOLS 166The 167.Nm 168family is comprised of the --- 257 unchanged lines hidden (view full) --- 426.Pq ip6.rtmaxcache 427Integer: trigger level of cached, unreferenced, protocol-cloned routes 428which initiates dynamic adaptation (default 128). 429.El 430.Ss Interaction between IPv4/v6 sockets 431The behavior of 432.Dv AF_INET6 433TCP/UDP socket is documented in RFC2553. | 148HOWEVER, users should never use the embedded form. 149For details please consult 150.Pa IMPLEMENTATION 151supplied with KAME kit. 152.Sh PROTOCOLS 153The 154.Nm 155family is comprised of the --- 257 unchanged lines hidden (view full) --- 413.Pq ip6.rtmaxcache 414Integer: trigger level of cached, unreferenced, protocol-cloned routes 415which initiates dynamic adaptation (default 128). 416.El 417.Ss Interaction between IPv4/v6 sockets 418The behavior of 419.Dv AF_INET6 420TCP/UDP socket is documented in RFC2553. |
434Basically, it says as follows: | 421Basically, it says this: |
435.Bl -bullet -compact 436.It | 422.Bl -bullet -compact 423.It |
437Specific bind on | 424A specific bind on an |
438.Dv AF_INET6 439socket 440.Po 441.Xr bind 2 | 425.Dv AF_INET6 426socket 427.Po 428.Xr bind 2 |
442with address specified | 429with an address specified |
443.Pc 444should accept IPv6 traffic to that address only. 445.It | 430.Pc 431should accept IPv6 traffic to that address only. 432.It |
446If you perform wildcard bind 447on | 433If you perform a wildcard bind 434on an |
448.Dv AF_INET6 449socket 450.Po 451.Xr bind 2 452to IPv6 address 453.Li :: 454.Pc , 455and there is no wildcard bind 456.Dv AF_INET 457socket on that TCP/UDP port, IPv6 traffic as well as IPv4 traffic 458should be routed to that 459.Dv AF_INET6 460socket. | 435.Dv AF_INET6 436socket 437.Po 438.Xr bind 2 439to IPv6 address 440.Li :: 441.Pc , 442and there is no wildcard bind 443.Dv AF_INET 444socket on that TCP/UDP port, IPv6 traffic as well as IPv4 traffic 445should be routed to that 446.Dv AF_INET6 447socket. |
461IPv4 traffic should be seen as if it came from IPv6 address like | 448IPv4 traffic should be seen as if it came from an IPv6 address like |
462.Li ::ffff:10.1.1.1 . | 449.Li ::ffff:10.1.1.1 . |
463This is called IPv4 mapped address. | 450This is called an IPv4 mapped address. |
464.It | 451.It |
465If there are both wildcard bind | 452If there are both a wildcard bind |
466.Dv AF_INET | 453.Dv AF_INET |
467socket and wildcard bind | 454socket and a wildcard bind |
468.Dv AF_INET6 469socket on one TCP/UDP port, they should behave separately. | 455.Dv AF_INET6 456socket on one TCP/UDP port, they should behave separately. |
470IPv4 traffic should be routed to | 457IPv4 traffic should be routed to the |
471.Dv AF_INET | 458.Dv AF_INET |
472socket and IPv6 should be routed to | 459socket and IPv6 should be routed to the |
473.Dv AF_INET6 474socket. 475.El 476.Pp | 460.Dv AF_INET6 461socket. 462.El 463.Pp |
477However, RFC2553 does not define the constraint between the order of | 464However, RFC2553 does not define the ordering constraint between calls to |
478.Xr bind 2 , | 465.Xr bind 2 , |
479nor how IPv4 TCP/UDP port number and IPv6 TCP/UDP port number 480relate each other | 466nor how IPv4 TCP/UDP port numbers and IPv6 TCP/UDP port numbers 467relate to each other |
481.Po 482should they be integrated or separated 483.Pc . | 468.Po 469should they be integrated or separated 470.Pc . |
484Implemented behavior is very different across kernel to kernel. | 471Implemented behavior is very different from kernel to kernel. |
485Therefore, it is unwise to rely too much upon the behavior of 486.Dv AF_INET6 | 472Therefore, it is unwise to rely too much upon the behavior of 473.Dv AF_INET6 |
487wildcard bind socket. | 474wildcard bind sockets. |
488It is recommended to listen to two sockets, one for 489.Dv AF_INET 490and another for 491.Dv AF_INET6 , 492when you would like to accept both IPv4 and IPv6 traffic. 493.Pp 494It should also be noted that 495malicious parties can take advantage of the complexity presented above, 496and are able to bypass access control, 497if the target node routes IPv4 traffic to 498.Dv AF_INET6 499socket. | 475It is recommended to listen to two sockets, one for 476.Dv AF_INET 477and another for 478.Dv AF_INET6 , 479when you would like to accept both IPv4 and IPv6 traffic. 480.Pp 481It should also be noted that 482malicious parties can take advantage of the complexity presented above, 483and are able to bypass access control, 484if the target node routes IPv4 traffic to 485.Dv AF_INET6 486socket. |
500Users are advised to take caution handling connections | 487Users are advised to take care handling connections |
501from IPv4 mapped address to 502.Dv AF_INET6 503sockets. 504.\".Pp 505.\"Because of the above, by default, 506.\"KAME/NetBSD and KAME/OpenBSD 507.\"does not route IPv4 traffic to 508.\".Dv AF_INET6 | 488from IPv4 mapped address to 489.Dv AF_INET6 490sockets. 491.\".Pp 492.\"Because of the above, by default, 493.\"KAME/NetBSD and KAME/OpenBSD 494.\"does not route IPv4 traffic to 495.\".Dv AF_INET6 |
509.\"socket. | 496.\"sockets. |
510.\"Listen to two sockets if you want to accept both IPv4 and IPv6 traffic. 511.\"On KAME/NetBSD, IPv4 traffic may be routed with certain 512.\"per-socket/per-node configuration, however, it is not recommended. 513.\"Consult 514.\".Xr ip6 4 515.\"for details. 516.Sh SEE ALSO 517.Xr ioctl 2 , --- 13 unchanged lines hidden (view full) --- 531.%R internet draft 532.%D June 2000 533.%N draft-ietf-ipngwg-scopedaddr-format-02.txt 534.%O work in progress material 535.Re 536.Sh HISTORY 537The 538.Nm | 497.\"Listen to two sockets if you want to accept both IPv4 and IPv6 traffic. 498.\"On KAME/NetBSD, IPv4 traffic may be routed with certain 499.\"per-socket/per-node configuration, however, it is not recommended. 500.\"Consult 501.\".Xr ip6 4 502.\"for details. 503.Sh SEE ALSO 504.Xr ioctl 2 , --- 13 unchanged lines hidden (view full) --- 518.%R internet draft 519.%D June 2000 520.%N draft-ietf-ipngwg-scopedaddr-format-02.txt 521.%O work in progress material 522.Re 523.Sh HISTORY 524The 525.Nm |
539protocol interface are defined in RFC2553 and RFC2292. 540The implementation described herein appeared in WIDE/KAME project. | 526protocol interfaces are defined in RFC2553 and RFC2292. 527The implementation described herein appeared in the WIDE/KAME project. |
541.Sh BUGS 542The IPv6 support is subject to change as the Internet protocols develop. 543Users should not depend on details of the current implementation, 544but rather the services exported. 545.Pp 546Users are suggested to implement 547.Dq version independent 548code as much as possible, as you will need to support both 549.Xr inet 4 550and 551.Nm . | 528.Sh BUGS 529The IPv6 support is subject to change as the Internet protocols develop. 530Users should not depend on details of the current implementation, 531but rather the services exported. 532.Pp 533Users are suggested to implement 534.Dq version independent 535code as much as possible, as you will need to support both 536.Xr inet 4 537and 538.Nm . |