INET6(4) | Device Drivers Manual | INET6(4) |
inet6
—
#include <sys/types.h>
#include <netinet/in.h>
inet6
family is an updated version of
inet(4) family. While
inet(4) implements Internet
Protocol version 4, inet6
implements Internet Protocol
version 6.
inet6
is a collection of protocols layered
atop the Internet Protocol version 6 (IPv6) transport
layer, and using the IPv6 address format. The inet6
family provides protocol support for the
SOCK_STREAM
, SOCK_DGRAM
, and
SOCK_RAW
socket types; the
SOCK_RAW
interface provides access to the IPv6
protocol.
<netinet/in.h>
defines this address as a discriminated union.
Sockets bound to the inet6
family use the
following addressing structure:
struct sockaddr_in6 { uint8_t sin6_len; sa_family_t sin6_family; in_port_t sin6_port; uint32_t sin6_flowinfo; struct in6_addr sin6_addr; uint32_t sin6_scope_id; };
Sockets may be created with the local address
“::
” (which is equal to IPv6 address
0:0:0:0:0:0:0:0
) to effect “wildcard”
matching on incoming messages.
The IPv6 specification defines scoped addresses, like link-local or site-local addresses. A scoped address is ambiguous to the kernel, if it is specified without a scope identifier. To manipulate scoped addresses properly from the userland, programs must use the advanced API defined in RFC 2292. A compact description of the advanced API is available in ip6(4). If a scoped address is specified without an explicit scope, the kernel may raise an error. Note that scoped addresses are not for daily use at this moment, both from a specification and an implementation point of view.
The KAME implementation supports an extended numeric IPv6 address
notation for link-local addresses, like
“fe80::1%de0
” to specify
“fe80::1
on de0
interface”. This notation is supported by
getaddrinfo(3) and
getnameinfo(3). Some of
normal userland programs, such as
telnet(1) or
ftp(1), are able to use this
notation. With special programs like
ping6(8), you can specify the
outgoing interface by an extra command line option to disambiguate scoped
addresses.
Scoped addresses are handled specially in the kernel. In kernel
structures like routing tables or interface structures, a scoped address
will have its interface index embedded into the address. Therefore, the
address in some kernel structures is not the same as that on the wire. The
embedded index will become visible through a
PF_ROUTE
socket, kernel memory accesses via
kvm(3) and on some other
occasions. HOWEVER, users should never use the embedded form. For details
please consult
http://www.kame.net/dev/cvsweb2.cgi/kame/IMPLEMENTATION.
Note that the above URL describes the situation with the latest KAME tree,
not the NetBSD tree.
inet6
family comprises the IPv6 network protocol,
Internet Control Message Protocol version 6 (ICMPv6), Transmission Control
Protocol (TCP), and User Datagram Protocol (UDP). TCP is used to support the
SOCK_STREAM
abstraction while UDP is used to support
the SOCK_DGRAM
abstraction. Note that TCP and UDP are
common to inet(4) and
inet6
. A raw interface to IPv6 is available by
creating an Internet socket of type SOCK_RAW
. The
ICMPv6 message protocol is accessible from a raw socket.
AF_INET6
sockets. The default behavior intentionally
violates RFC 2553 for security reasons. Listen to two sockets if you want to
accept both IPv4 and IPv6 traffic. IPv4 traffic may be routed with certain
per-socket/per-node configuration, however, it is not recommended to do so.
Consult ip6(4) for details.
The behavior of AF_INET6
TCP/UDP socket is
documented in RFC 2553. Basically, it says this:
AF_INET6
socket
(bind(2) with an address
specified) should accept IPv6 traffic to that address only.AF_INET6
socket (bind(2) to IPv6
address ::
), and there is no wildcard bind
AF_INET
socket on that TCP/UDP port, IPv6 traffic
as well as IPv4 traffic should be routed to that
AF_INET6
socket. IPv4 traffic should be seen as if
it came from an IPv6 address like ::ffff:10.1.1.1
.
This is called an IPv4 mapped address.AF_INET
socket
and a wildcard bind AF_INET6
socket on one TCP/UDP
port, they should behave separately. IPv4 traffic should be routed to the
AF_INET
socket and IPv6 should be routed to the
AF_INET6
socket.However, RFC 2553 does not define the ordering constraint between
calls to bind(2), nor how IPv4
TCP/UDP port numbers and IPv6 TCP/UDP port numbers relate to each other
(should they be integrated or separated). Implemented behavior is very
different from kernel to kernel. Therefore, it is unwise to rely too much
upon the behavior of AF_INET6
wildcard bind sockets.
It is recommended to listen to two sockets, one for
AF_INET
and another for
AF_INET6
, when you would like to accept both IPv4
and IPv6 traffic.
It should also be noted that malicious parties can take advantage
of the complexity presented above, and are able to bypass access control, if
the target node routes IPv4 traffic to AF_INET6
socket. Users are advised to take care handling connections from IPv4 mapped
address to AF_INET6
sockets.
Qing Li, Tatuya Jinmei, and Keiichi Shima, IPv6 Core Protocols Implementation, Morgan Kaufmann, 2006.
Qing Li, Tatuya Jinmei, and Keiichi Shima, IPv6 Advanced Protocols Implementation, Morgan Kaufmann, 2007.
inet6
protocol interfaces are defined in RFC 2553
and RFC 2292. The implementation described herein appeared in the WIDE/KAME
project.
Users are suggested to implement “version
independent” code as much as possible, as you will need to support
both inet(4) and
inet6
.
March 10, 2010 | NetBSD 9.4 |