1 .\" $FreeBSD: src/share/man/man4/inet6.4,v 1.4.2.8 2001/12/17 11:30:12 ru Exp $
2 .\" $KAME: inet6.4,v 1.21 2001/04/05 01:00:18 itojun Exp $
4 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 .\" All rights reserved.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
15 .\" 3. Neither the name of the project nor the names of its contributors
16 .\" may be used to endorse or promote products derived from this software
17 .\" without specific prior written permission.
19 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 .Nd Internet protocol version 6 family
43 family is an updated version of
48 implements Internet Protocol version 4,
50 implements Internet Protocol version 6.
53 is a collection of protocols layered atop the
54 .Em Internet Protocol version 6
56 transport layer, and utilizing the IPv6 address format.
59 family provides protocol support for the
60 .Dv SOCK_STREAM , SOCK_DGRAM ,
65 interface provides access to the
69 IPv6 addresses are 16 byte quantities, stored in network standard byteorder.
73 as a discriminated union.
77 family utilize the following addressing structure:
78 .Bd -literal -offset indent
83 u_int32_t sin6_flowinfo;
84 struct in6_addr sin6_addr;
85 u_int32_t sin6_scope_id;
89 Sockets may be created with the local address
91 (which is equal to IPv6 address
95 matching on incoming messages.
97 The IPv6 specification defines scoped addresses,
98 like link-local or site-local addresses.
99 A scoped address is ambiguous to the kernel,
100 if it is specified without a scope identifier.
101 To manipulate scoped addresses properly from the userland,
102 programs must use the advanced API defined in RFC2292.
103 A compact description of the advanced API is available in
105 If a scoped address is specified without an explicit scope,
106 the kernel may raise an error.
107 Note that scoped addresses are not for daily use at this moment,
108 both from a specification and an implementation point of view.
110 The KAME implementation supports an extended numeric IPv6 address notation
111 for link-local addresses,
121 This notation is supported by
125 Some of normal userland programs, such as
129 are able to use this notation.
130 With special programs
133 you can specify the outgoing interface by an extra command line option
134 to disambiguate scoped addresses.
136 Scoped addresses are handled specially in the kernel.
137 In kernel structures like routing tables or interface structures,
138 a scoped address will have its interface index embedded into the address.
140 the address in some kernel structures is not the same as that on the wire.
141 The embedded index will become visible through a
143 socket, kernel memory accesses via
145 and on some other occasions.
146 HOWEVER, users should never use the embedded form.
147 For details please consult
149 supplied with KAME kit.
153 family is comprised of the
155 network protocol, Internet Control
156 Message Protocol version 6
158 Transmission Control Protocol
160 and User Datagram Protocol
163 is used to support the
167 is used to support the
181 by creating an Internet socket of type
185 message protocol is accessible from a raw socket.
187 .\" The 128-bit IPv6 address contains both network and host parts.
188 .\" However, direct examination of addresses is discouraged.
189 .\" For those programs which absolutely need to break addresses
190 .\" into their component parts, the following
192 .\" commands are provided for a datagram socket in the
194 .\" domain; they have the same form as the
199 .\" .Bl -tag -width SIOCSIFNETMASK
200 .\" .It Dv SIOCSIFNETMASK
201 .\" Set interface network mask.
202 .\" The network mask defines the network part of the address;
203 .\" if it contains more of the address than the address type would indicate,
204 .\" then subnets are in use.
205 .\" .It Dv SIOCGIFNETMASK
206 .\" Get interface network mask.
209 .\" The current implementation of Internet protocols includes some routing-table
210 .\" adaptations to provide enhanced caching of certain end-to-end
211 .\" information necessary for Transaction TCP and Path MTU Discovery. The
212 .\" following changes are the most significant:
215 .\" All IP routes, except those with the
217 .\" flag and those to multicast destinations, have the
218 .\" .Dv RTF_PRCLONING
219 .\" flag forcibly enabled (they are thus said to be
220 .\" .Dq "protocol cloning" ).
222 .\" When the last reference to an IP route is dropped, the route is
223 .\" examined to determine if it was created by cloning such a route. If
224 .\" this is the case, the
226 .\" flag is turned on, and the expiration timer is initialized to go off
227 .\" in net.inet.ip.rtexpire seconds. If such a route is re-referenced,
228 .\" the flag and expiration timer are reset.
230 .\" A kernel timeout runs once every ten minutes, or sooner if there are
231 .\" soon-to-expire routes in the kernel routing table, and deletes the
235 .\" A dynamic process is in place to modify the value of
236 .\" net.inet.ip.rtexpire if the number of cached routes grows too large.
237 .\" If after an expiration run there are still more than
238 .\" net.inet.ip.rtmaxcache unreferenced routes remaining, the rtexpire
239 .\" value is multiplied by 3/4, and any routes which have longer
240 .\" expiration times have those times adjusted. This process is damped
241 .\" somewhat by specification of a minimum rtexpire value
242 .\" (net.inet.ip.rtminexpire), and by restricting the reduction to once in
243 .\" a ten-minute period.
245 .\" If some external process deletes the original route from which a
246 .\" protocol-cloned route was generated, the ``child route'' is deleted.
247 .\" (This is actually a generic mechanism in the routing code support for
248 .\" protocol-requested cloning.)
250 .\" No attempt is made to manage routes which were not created by protocol
251 .\" cloning; these are assumed to be static, under the management of an
252 .\" external routing process, or under the management of a link layer
257 .\" Only certain types of network activity will result in the cloning of a
258 .\" route using this mechanism. Specifically, those protocols (such as
262 .\" which themselves cache a long-lasting reference to route for a destination
263 .\" will trigger the mechanism; whereas raw
265 .\" packets, whether locally-generated or forwarded, will not.
267 A number of variables are implemented in the net.inet6 branch of the
270 In addition to the variables supported by the transport protocols
271 (for which the respective manual pages may be consulted),
272 the following general variables are defined:
273 .Bl -tag -width IPV6CTL_MAXFRAGPACKETS
274 .It Dv IPV6CTL_FORWARDING
276 Boolean: enable/disable forwarding of
279 Also, identify if the node is acting as a router.
281 .It Dv IPV6CTL_SENDREDIRECTS
283 Boolean: enable/disable sending of
285 redirects in response to unforwardable
288 This option is ignored unless the node is routing
291 and should normally be enabled on all systems.
293 .It Dv IPV6CTL_DEFHLIM
295 Integer: default hop limit value to use for outgoing
298 This value applies to all the transport protocols on top of
300 There are APIs to override the value.
301 .It Dv IPV6CTL_MAXFRAGPACKETS
302 .Pq ip6.maxfragpackets
303 Integer: default maximum number of fragmented packets the node will accept.
304 0 means that the node will not accept any fragmented packets.
305 -1 means that the node will accept as many fragmented packets as it receives.
306 The flag is provided basically for avoiding possible DoS attacks.
307 .It Dv IPV6CTL_ACCEPT_RTADV
309 Boolean: enable/disable receiving of
311 router advertisement packets,
312 and autoconfiguration of address prefixes and default routers.
313 The node must be a host
315 for the option to be meaningful.
317 .\".It Dv IPV6CTL_KEEPFAITH
319 .\"Boolean: enable/disable
321 .\"TCP relay IPv6-to-IPv4 translator code in the kernel.
328 .It Dv IPV6CTL_LOG_INTERVAL
330 Integer: default interval between
332 packet forwarding engine log output
334 .It Dv IPV6CTL_HDRNESTLIMIT
336 Integer: default number of the maximum
339 permitted on incoming
342 If set to 0, the node will accept as many extension headers as possible.
343 .It Dv IPV6CTL_DAD_COUNT
345 Integer: default number of
348 .Pq duplicated address detection
350 The packets will be generated when
352 interface addresses are configured.
353 .It Dv IPV6CTL_AUTO_FLOWLABEL
354 .Pq ip6.auto_flowlabel
355 Boolean: enable/disable automatic filling of
357 flowlabel field, for outstanding connected transport protocol packets.
358 The field might be used by intermediate routers to identify packet flows.
360 .It Dv IPV6CTL_DEFMCASTHLIM
362 Integer: default hop limit value for an
364 multicast packet sourced by the node.
365 This value applies to all the transport protocols on top of
367 There are APIs to override the value as documented in
369 .It Dv IPV6CTL_GIF_HLIM
371 Integer: default maximum hop limit value for an
376 .It Dv IPV6CTL_KAME_VERSION
378 String: identifies the version of KAME
380 stack implemented in the kernel.
381 .It Dv IPV6CTL_USE_DEPRECATED
382 .Pq ip6.use_deprecated
383 Boolean: enable/disable use of deprecated address,
384 specified in RFC2462 5.5.4.
386 .It Dv IPV6CTL_RR_PRUNE
388 Integer: default interval between
390 router renumbering prefix babysitting, in seconds.
391 .It Dv IPV6CTL_MAPPED_ADDR
393 Boolean: enable/disable use of
399 .It Dv IPV6CTL_RTEXPIRE
401 Integer: lifetime in seconds of protocol-cloned
403 routes after the last reference drops (default one hour).
404 .\"This value varies dynamically as described above.
405 .It Dv IPV6CTL_RTMINEXPIRE
407 Integer: minimum value of ip.rtexpire (default ten seconds).
408 .\"This value has no effect on user modifications, but restricts the dynamic
409 .\"adaptation described above.
410 .It Dv IPV6CTL_RTMAXCACHE
412 Integer: trigger level of cached, unreferenced, protocol-cloned routes
413 which initiates dynamic adaptation (default 128).
415 .Ss Interaction between IPv4/v6 sockets
418 TCP/UDP socket is documented in RFC2553.
419 Basically, it says this:
422 A specific bind on an
426 with an address specified)
427 should accept IPv6 traffic to that address only.
429 If you perform a wildcard bind
436 and there is no wildcard bind
438 socket on that TCP/UDP port, IPv6 traffic as well as IPv4 traffic
439 should be routed to that
442 IPv4 traffic should be seen as if it came from an IPv6 address like
443 .Li ::ffff:10.1.1.1 .
444 This is called an IPv4 mapped address.
446 If there are both a wildcard bind
448 socket and a wildcard bind
450 socket on one TCP/UDP port, they should behave separately.
451 IPv4 traffic should be routed to the
453 socket and IPv6 should be routed to the
458 However, RFC2553 does not define the ordering constraint between calls to
460 nor how IPv4 TCP/UDP port numbers and IPv6 TCP/UDP port numbers
462 (should they be integrated or separated).
463 Implemented behavior is very different from kernel to kernel.
464 Therefore, it is unwise to rely too much upon the behavior of
466 wildcard bind sockets.
467 It is recommended to listen to two sockets, one for
471 when you would like to accept both IPv4 and IPv6 traffic.
473 It should also be noted that
474 malicious parties can take advantage of the complexity presented above,
475 and are able to bypass access control,
476 if the target node routes IPv4 traffic to
479 Users are advised to take care handling connections
480 from IPv4 mapped address to
484 .\"Because of the above, by default,
485 .\"KAME/NetBSD and KAME/OpenBSD
486 .\"does not route IPv4 traffic to
489 .\"Listen to two sockets if you want to accept both IPv4 and IPv6 traffic.
490 .\"On KAME/NetBSD, IPv4 traffic may be routed with certain
491 .\"per-socket/per-node configuration, however, it is not recommended.
509 .%T "An Extension of Format for IPv6 Scoped Addresses"
512 .%N draft-ietf-ipngwg-scopedaddr-format-02.txt
513 .%O work in progress material
518 protocol interfaces are defined in RFC2553 and RFC2292.
519 The implementation described herein appeared in the WIDE/KAME project.
521 The IPv6 support is subject to change as the Internet protocols develop.
522 Users should not depend on details of the current implementation,
523 but rather the services exported.
525 Users are suggested to implement
526 .Dq version independent
527 code as much as possible, as you will need to support both