diff options
Diffstat (limited to 'share/man/man4/inet6.4')
-rw-r--r-- | share/man/man4/inet6.4 | 457 |
1 files changed, 457 insertions, 0 deletions
diff --git a/share/man/man4/inet6.4 b/share/man/man4/inet6.4 new file mode 100644 index 0000000..93015e0 --- /dev/null +++ b/share/man/man4/inet6.4 @@ -0,0 +1,457 @@ +.\" $KAME: inet6.4,v 1.21 2001/04/05 01:00:18 itojun Exp $ +.\" +.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the project nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd September 2, 2009 +.Dt INET6 4 +.Os +.Sh NAME +.Nm inet6 +.Nd Internet protocol version 6 family +.Sh SYNOPSIS +.In sys/types.h +.In netinet/in.h +.Sh DESCRIPTION +The +.Nm +family is an updated version of +.Xr inet 4 +family. +While +.Xr inet 4 +implements Internet Protocol version 4, +.Nm +implements Internet Protocol version 6. +.Pp +.Nm +is a collection of protocols layered atop the +.Em Internet Protocol version 6 +.Pq Tn IPv6 +transport layer, and utilizing the IPv6 address format. +The +.Nm +family provides protocol support for the +.Dv SOCK_STREAM , SOCK_DGRAM , +and +.Dv SOCK_RAW +socket types; the +.Dv SOCK_RAW +interface provides access to the +.Tn IPv6 +protocol. +.Sh ADDRESSING +IPv6 addresses are 16 byte quantities, stored in network standard byteorder. +The include file +.In netinet/in.h +defines this address +as a discriminated union. +.Pp +Sockets bound to the +.Nm +family utilize the following addressing structure: +.Bd -literal -offset indent +struct sockaddr_in6 { + uint8_t sin6_len; + sa_family_t sin6_family; + in_port_t sin6_port; + uint32_t sin6_flowinfo; + struct in6_addr sin6_addr; + uint32_t sin6_scope_id; +}; +.Ed +.Pp +Sockets may be created with the local address +.Dq Dv :: +(which is equal to IPv6 address +.Dv 0:0:0:0:0:0:0:0 ) +to affect +.Dq wildcard +matching on incoming messages. +.Pp +The IPv6 specification defines scoped addresses, +like link-local or site-local addresses. +A scoped address is ambiguous to the kernel, +if it is specified without a scope identifier. +To manipulate scoped addresses properly from the userland, +programs must use the advanced API defined in RFC2292. +A compact description of the advanced API is available in +.Xr ip6 4 . +If a scoped address is specified without an explicit scope, +the kernel may raise an error. +Note that scoped addresses are not for daily use at this moment, +both from a specification and an implementation point of view. +.Pp +The KAME implementation supports an extended numeric IPv6 address notation +for link-local addresses, +like +.Dq Li fe80::1%de0 +to specify +.Do +.Li fe80::1 +on +.Li de0 +interface +.Dc . +This notation is supported by +.Xr getaddrinfo 3 +and +.Xr getnameinfo 3 . +Some of normal userland programs, such as +.Xr telnet 1 +or +.Xr ftp 1 , +are able to use this notation. +With special programs +like +.Xr ping6 8 , +you can specify the outgoing interface by an extra command line option +to disambiguate scoped addresses. +.Pp +Scoped addresses are handled specially in the kernel. +In kernel structures like routing tables or interface structures, +a scoped address will have its interface index embedded into the address. +Therefore, +the address in some kernel structures is not the same as that on the wire. +The embedded index will become visible through a +.Dv PF_ROUTE +socket, kernel memory accesses via +.Xr kvm 3 +and on some other occasions. +HOWEVER, users should never use the embedded form. +For details please consult +.Pa IMPLEMENTATION +supplied with KAME kit. +.Sh PROTOCOLS +The +.Nm +family is comprised of the +.Tn IPv6 +network protocol, Internet Control +Message Protocol version 6 +.Pq Tn ICMPv6 , +Transmission Control Protocol +.Pq Tn TCP , +and User Datagram Protocol +.Pq Tn UDP . +.Tn TCP +is used to support the +.Dv SOCK_STREAM +abstraction while +.Tn UDP +is used to support the +.Dv SOCK_DGRAM +abstraction. +Note that +.Tn TCP +and +.Tn UDP +are common to +.Xr inet 4 +and +.Nm . +A raw interface to +.Tn IPv6 +is available +by creating an Internet socket of type +.Dv SOCK_RAW . +The +.Tn ICMPv6 +message protocol is accessible from a raw socket. +.Ss MIB Variables +A number of variables are implemented in the net.inet6 branch of the +.Xr sysctl 3 +MIB. +In addition to the variables supported by the transport protocols +(for which the respective manual pages may be consulted), +the following general variables are defined: +.Bl -tag -width IPV6CTL_MAXFRAGPACKETS +.It Dv IPV6CTL_FORWARDING +.Pq ip6.forwarding +Boolean: enable/disable forwarding of +.Tn IPv6 +packets. +Also, identify if the node is acting as a router. +Defaults to off. +.It Dv IPV6CTL_SENDREDIRECTS +.Pq ip6.redirect +Boolean: enable/disable sending of +.Tn ICMPv6 +redirects in response to unforwardable +.Tn IPv6 +packets. +This option is ignored unless the node is routing +.Tn IPv6 +packets, +and should normally be enabled on all systems. +Defaults to on. +.It Dv IPV6CTL_DEFHLIM +.Pq ip6.hlim +Integer: default hop limit value to use for outgoing +.Tn IPv6 +packets. +This value applies to all the transport protocols on top of +.Tn IPv6 . +There are APIs to override the value. +.It Dv IPV6CTL_MAXFRAGPACKETS +.Pq ip6.maxfragpackets +Integer: default maximum number of fragmented packets the node will accept. +0 means that the node will not accept any fragmented packets. +-1 means that the node will accept as many fragmented packets as it receives. +The flag is provided basically for avoiding possible DoS attacks. +.It Dv IPV6CTL_ACCEPT_RTADV +.Pq ip6.accept_rtadv +Boolean: the default value of a per-interface flag to +enable/disable receiving of +.Tn ICMPv6 +router advertisement packets, +and autoconfiguration of address prefixes and default routers. +The node must be a host +(not a router) +for the option to be meaningful. +Defaults to off. +.It Dv IPV6CTL_AUTO_LINKLOCAL +.Pq ip6.auto_linklocal +Boolean: the default value of a per-interface flag to +enable/disable performing automatic link-local address configuration. +Defaults to on. +.It Dv IPV6CTL_KEEPFAITH +.Pq ip6.keepfaith +Boolean: enable/disable +.Dq FAITH +TCP relay IPv6-to-IPv4 translator code in the kernel. +Refer +.Xr faith 4 +and +.Xr faithd 8 +for detail. +Defaults to off. +.It Dv IPV6CTL_LOG_INTERVAL +.Pq ip6.log_interval +Integer: default interval between +.Tn IPv6 +packet forwarding engine log output +(in seconds). +.It Dv IPV6CTL_HDRNESTLIMIT +.Pq ip6.hdrnestlimit +Integer: default number of the maximum +.Tn IPv6 +extension headers +permitted on incoming +.Tn IPv6 +packets. +If set to 0, the node will accept as many extension headers as possible. +.It Dv IPV6CTL_DAD_COUNT +.Pq ip6.dad_count +Integer: default number of +.Tn IPv6 +DAD +.Pq duplicated address detection +probe packets. +The packets will be generated when +.Tn IPv6 +interface addresses are configured. +.It Dv IPV6CTL_AUTO_FLOWLABEL +.Pq ip6.auto_flowlabel +Boolean: enable/disable automatic filling of +.Tn IPv6 +flowlabel field, for outstanding connected transport protocol packets. +The field might be used by intermediate routers to identify packet flows. +Defaults to on. +.It Dv IPV6CTL_DEFMCASTHLIM +.Pq ip6.defmcasthlim +Integer: default hop limit value for an +.Tn IPv6 +multicast packet sourced by the node. +This value applies to all the transport protocols on top of +.Tn IPv6 . +There are APIs to override the value as documented in +.Xr ip6 4 . +.It Dv IPV6CTL_GIF_HLIM +.Pq ip6.gifhlim +Integer: default maximum hop limit value for an +.Tn IPv6 +packet generated by +.Xr gif 4 +tunnel interface. +.It Dv IPV6CTL_KAME_VERSION +.Pq ip6.kame_version +String: identifies the version of KAME +.Tn IPv6 +stack implemented in the kernel. +.It Dv IPV6CTL_USE_DEPRECATED +.Pq ip6.use_deprecated +Boolean: enable/disable use of deprecated address, +specified in RFC2462 5.5.4. +Defaults to on. +.It Dv IPV6CTL_RR_PRUNE +.Pq ip6.rr_prune +Integer: default interval between +.Tn IPv6 +router renumbering prefix babysitting, in seconds. +.It Dv IPV6CTL_V6ONLY +.Pq ip6.v6only +Boolean: enable/disable the prohibited use of +.Tn IPv4 +mapped address on +.Dv AF_INET6 +sockets. +Defaults to on. +.It Dv IPV6CTL_RTEXPIRE +.Pq ip6.rtexpire +Integer: lifetime in seconds of protocol-cloned +.Tn IP +routes after the last reference drops (default one hour). +.\"This value varies dynamically as described above. +.It Dv IPV6CTL_RTMINEXPIRE +.Pq ip6.rtminexpire +Integer: minimum value of ip.rtexpire (default ten seconds). +.\"This value has no effect on user modifications, but restricts the dynamic +.\"adaptation described above. +.It Dv IPV6CTL_RTMAXCACHE +.Pq ip6.rtmaxcache +Integer: trigger level of cached, unreferenced, protocol-cloned routes +which initiates dynamic adaptation (default 128). +.El +.Ss Interaction between IPv4/v6 sockets +By default, +.Fx +does not route IPv4 traffic to +.Dv AF_INET6 +sockets. +The default behavior intentionally violates RFC2553 for security reasons. +Listen to two sockets if you want to accept both IPv4 and IPv6 traffic. +IPv4 traffic may be routed with certain +per-socket/per-node configuration, however, it is not recommended to do so. +Consult +.Xr ip6 4 +for details. +.Pp +The behavior of +.Dv AF_INET6 +TCP/UDP socket is documented in RFC2553. +Basically, it says this: +.Bl -bullet -compact +.It +A specific bind on an +.Dv AF_INET6 +socket +.Xr ( bind 2 +with an address specified) +should accept IPv6 traffic to that address only. +.It +If you perform a wildcard bind +on an +.Dv AF_INET6 +socket +.Xr ( bind 2 +to IPv6 address +.Li :: ) , +and there is no wildcard bind +.Dv AF_INET +socket on that TCP/UDP port, IPv6 traffic as well as IPv4 traffic +should be routed to that +.Dv AF_INET6 +socket. +IPv4 traffic should be seen as if it came from an IPv6 address like +.Li ::ffff:10.1.1.1 . +This is called an IPv4 mapped address. +.It +If there are both a wildcard bind +.Dv AF_INET +socket and a wildcard bind +.Dv AF_INET6 +socket on one TCP/UDP port, they should behave separately. +IPv4 traffic should be routed to the +.Dv AF_INET +socket and IPv6 should be routed to the +.Dv AF_INET6 +socket. +.El +.Pp +However, RFC2553 does not define the ordering constraint between calls to +.Xr bind 2 , +nor how IPv4 TCP/UDP port numbers and IPv6 TCP/UDP port numbers +relate to each other +(should they be integrated or separated). +Implemented behavior is very different from kernel to kernel. +Therefore, it is unwise to rely too much upon the behavior of +.Dv AF_INET6 +wildcard bind sockets. +It is recommended to listen to two sockets, one for +.Dv AF_INET +and another for +.Dv AF_INET6 , +when you would like to accept both IPv4 and IPv6 traffic. +.Pp +It should also be noted that +malicious parties can take advantage of the complexity presented above, +and are able to bypass access control, +if the target node routes IPv4 traffic to +.Dv AF_INET6 +socket. +Users are advised to take care handling connections +from IPv4 mapped address to +.Dv AF_INET6 +sockets. +.Sh SEE ALSO +.Xr ioctl 2 , +.Xr socket 2 , +.Xr sysctl 3 , +.Xr icmp6 4 , +.Xr intro 4 , +.Xr ip6 4 , +.Xr tcp 4 , +.Xr udp 4 +.Sh STANDARDS +.Rs +.%A Tatsuya Jinmei +.%A Atsushi Onoe +.%T "An Extension of Format for IPv6 Scoped Addresses" +.%R internet draft +.%D June 2000 +.%N draft-ietf-ipngwg-scopedaddr-format-02.txt +.%O work in progress material +.Re +.Sh HISTORY +The +.Nm +protocol interfaces are defined in RFC2553 and RFC2292. +The implementation described herein appeared in the WIDE/KAME project. +.Sh BUGS +The IPv6 support is subject to change as the Internet protocols develop. +Users should not depend on details of the current implementation, +but rather the services exported. +.Pp +Users are suggested to implement +.Dq version independent +code as much as possible, as you will need to support both +.Xr inet 4 +and +.Nm . |