diff options
author | shin <shin@FreeBSD.org> | 2000-03-11 22:55:32 +0000 |
---|---|---|
committer | shin <shin@FreeBSD.org> | 2000-03-11 22:55:32 +0000 |
commit | 741bfcbb223bc2568feb089d358567af3eea3fa9 (patch) | |
tree | 5947889cc722832f966bc26540092c728df0cc39 /share | |
parent | 3a01b4185c3b7c03e003b191feab8082fbfe69ad (diff) | |
download | FreeBSD-src-741bfcbb223bc2568feb089d358567af3eea3fa9.zip FreeBSD-src-741bfcbb223bc2568feb089d358567af3eea3fa9.tar.gz |
Import stf(6to4 interface) man from KAME.
Obtained from: KAME project
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man4/Makefile | 2 | ||||
-rw-r--r-- | share/man/man4/stf.4 | 167 |
2 files changed, 168 insertions, 1 deletions
diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index d6a3ba2..a43f753 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -13,7 +13,7 @@ MAN4= ahc.4 amd.4 amr.4 an.4 ata.4 atkbd.4 atkbdc.4 aue.4 blackhole.4 \ ppbus.4 ppi.4 ppp.4 psm.4 pt.4 pty.4 rl.4 \ route.4 sa.4 sbc.4 screen.4 scsi.4 \ sd.4 ses.4 sf.4 si.4 sio.4 sis.4 sk.4 sl.4 smb.4 smbus.4 smp.4 snp.4 \ - splash.4 sppp.4 st.4 ste.4 syscons.4 sysmouse.4 tcp.4 \ + splash.4 sppp.4 st.4 ste.4 stf.4 syscons.4 sysmouse.4 tcp.4 \ termios.4 ti.4 tl.4 ttcp.4 tty.4 tun.4 udp.4 uhci.4 ukbd.4 \ umass.4 ums.4 unix.4 update.4 usb.4 vga.4 vinum.4 vn.4 \ vpo.4 vr.4 wb.4 wx.4 worm.4 wst.4 xl.4 xpt.4 yp.4 zero.4 diff --git a/share/man/man4/stf.4 b/share/man/man4/stf.4 new file mode 100644 index 0000000..af903d6 --- /dev/null +++ b/share/man/man4/stf.4 @@ -0,0 +1,167 @@ +.\" $KAME: stf.4,v 1.6 2000/03/11 08:01:51 itojun Exp $ +.\" +.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the project nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 6, 2000 +.Dt STF 4 +.Os KAME +.Sh NAME +.Nm stf +.Nd +.Tn 6to4 tunnel interface +.Sh SYNOPSIS +.Cd "pseudo-device stf" +.Sh DESCRIPTION +The +.Nm +interface supports +.Dq 6to4 +IPv6 in IPv4 encapsulation. +It can tunnel IPv6 traffic over IPv4, as specified in +.Li draft-ietf-ngtrans-6to4-03.txt . +.Pp +Due to the way 6to4 protocol is specified, +.Nm +interface requires certain configuration to work properly. +Single +.Pq no more than 1 +valid 6to4 address needs to be configured to the interface. +.Dq A valid 6to4 address +is an address which has the following properties. +If any of the following properties are not satisfied, +.Nm stf +raises runtime error on packet transmission. +Read the specification for more details. +.Bl -bullet +.It +matches +.Li 2002:xxyy:zzuu::/48 +where +.Li xxyy:zzuu +is a hexadecimal notation of an IPv4 address for the node. +.It +The interface identifier portion +.Pq lower 64 bits +is properly filled to avoid address collisions. +.El +.Pp +If you would like the node to behave as a relay router, +the prefix length for the IPv6 interface address needs to be 16 so that +the node would consider any 6to4 destination as +.Dq on-link . +If you would like to restrict 6to4 peers to be inside certain IPv4 prefix, +you may want to configure IPv6 prefix length as +.Dq 16 + IPv4 prefix length . +.\"(Not yet implemented on 4.0) +.\".Nm +.\"interface will check the IPv4 source address on packets, +.\"if the IPv6 prefix length is larger than 16. +.Pp +.Nm +can be configured to be ECN friendly. +This can be configured by +.Dv IFF_LINK1 . +See +.Xr gif 4 +for details. +.Pp +Please note that 6to4 specification is written as +.Dq accept tunnelled packet from everyone +tunnelling device. +By enabling +.Nm +device, you are making it much easier for malicious parties to inject +fabricated IPv6 packet to your node. +Also, malicious party can inject an IPv6 packet with fabricated source address +to make your node generate improper tunnelled packet. +Administrators must take caution when enabling the interface. +It is recommended to filter/audit +incoming IPv4 packet with IP protocol number 41, as necessary. +To prevent possible DoS attacks, +.\"(No check yet on 4.0, but such packets won't go through IPv4 cloud.) +.\".Nm +.\"interface filters out packets with the following property: +.\".Bl -bullet +.\".It +.\"Packets with 6to4 address based on 0.0.0.0, as inner destination/source +.\".It +.\"Packets with 6to4 address based on 255.255.255.255, +.\" as inner destination/source +.\".El +.Pp +You may also want to reject encapsulated IPv6 packets with +suspicious 6to4 addresses, like +.Li 2002:7f00::/24. +.\" +.Sh EXAMPLES +Note that +.Li 8504:0506 +is equal to +.Li 133.4.5.6 , +written in hexadecimals. +.Bd -literal +# ifconfig ne0 inet 133.4.5.6 netmask 0xffffff00 +# ifconfig stf0 inet6 2002:8504:0506:0000:a00:5aff:fe38:6f86 \\ + prefixlen 16 alias +.Ed +.Pp +The following configuration sends packets to IPv4 destination 10.1.0.0/16 +only +.Pq IPv6 prefix length = 32 . +.Bd -literal +# ifconfig ne0 inet 10.1.2.3 netmask 0xffff0000 +# ifconfig stf0 inet6 2002:0a01:0203:0000:a00:5aff:fe38:6f86 \\ + prefixlen 32 alias +.Ed +.\" +.Sh SEE ALSO +.Xr gif 4 , +.Xr inet 4 , +.Xr inet6 4 +.Rs +.%A Brian Carpenter +.%A Keith Moore +.%T "Connection of IPv6 Domains via IPv4 Clouds without Explicit Tunnels" +.%D October 1999 +.%N draft-ietf-ngtrans-6to4-03.txt +.%O work in progress +.Re +.Rs +.%A Jun-ichiro itojun Hagino +.%T "Possible abuse against IPv6 transition technologies" +.%D March 2000 +.%N draft-itojun-ipv6-transition-abuse-00.txt +.%O work in progress +.Re +.\" +.Sh HISTORY +The +.Nm +device first appeared in WIDE/KAME IPv6 stack. |