NAME
inet6 —
Internet protocol version 6
family
SYNOPSIS
#include <sys/types.h>
#include <netinet/in.h>
DESCRIPTION
The
inet6 family is an updated version of
inet(4) family. While
inet(4) implements Internet
Protocol version 4,
inet6 implements Internet Protocol
version 6.
inet6 is a collection of protocols layered atop the
Internet Protocol version 6 (IPv6) transport layer, and
using the IPv6 address format. The
inet6 family provides
protocol support for the
SOCK_STREAM
,
SOCK_DGRAM
, and
SOCK_RAW
socket types; the
SOCK_RAW
interface provides access
to the IPv6 protocol.
ADDRESSING
IPv6 addresses are 16 byte quantities, stored in network standard byteorder. The
include file
<netinet/in.h> defines
this address as a discriminated union.
Sockets bound to the
inet6 family use the following addressing
structure:
struct sockaddr_in6 {
uint8_t sin6_len;
sa_family_t sin6_family;
in_port_t sin6_port;
uint32_t sin6_flowinfo;
struct in6_addr sin6_addr;
uint32_t sin6_scope_id;
};
Sockets may be created with the local address
“
::
” (which is equal to IPv6 address
0:0:0:0:0:0:0:0
) to effect “wildcard”
matching on incoming messages.
The IPv6 specification defines scoped addresses, like link-local or site-local
addresses. A scoped address is ambiguous to the kernel, if it is specified
without a scope identifier. To manipulate scoped addresses properly from the
userland, programs must use the advanced API defined in RFC 2292. A compact
description of the advanced API is available in
ip6(4). If a scoped address is
specified without an explicit scope, the kernel may raise an error. Note that
scoped addresses are not for daily use at this moment, both from a
specification and an implementation point of view.
The KAME implementation supports an extended numeric IPv6 address notation for
link-local addresses, like “
fe80::1%de0
”
to specify “
fe80::1
on
de0
interface”. This notation is supported by
getaddrinfo(3) and
getnameinfo(3). Some of
normal userland programs, such as
telnet(1) or
ftp(1), are able to use this
notation. With special programs like
ping6(8), you can specify the
outgoing interface by an extra command line option to disambiguate scoped
addresses.
Scoped addresses are handled specially in the kernel. In kernel structures like
routing tables or interface structures, a scoped address will have its
interface index embedded into the address. Therefore, the address in some
kernel structures is not the same as that on the wire. The embedded index will
become visible through a
PF_ROUTE
socket, kernel
memory accesses via
kvm(3) and on
some other occasions. HOWEVER, users should never use the embedded form. For
details please consult
http://www.kame.net/dev/cvsweb2.cgi/kame/IMPLEMENTATION.
Note that the above URL describes the situation with the latest KAME tree, not
the
NetBSD tree.
PROTOCOLS
The
inet6 family comprises the IPv6 network protocol, Internet
Control Message Protocol version 6 (ICMPv6), Transmission Control Protocol
(TCP), and User Datagram Protocol (UDP). TCP is used to support the
SOCK_STREAM
abstraction while UDP is used to support
the
SOCK_DGRAM
abstraction. Note that TCP and UDP are
common to
inet(4) and
inet6. A raw interface to IPv6 is available by creating an
Internet socket of type
SOCK_RAW
. The ICMPv6 message
protocol is accessible from a raw socket.
Interaction between
IPv4/v6 sockets
By default,
NetBSD does not route IPv4 traffic to
AF_INET6
sockets. The default behavior intentionally
violates RFC 2553 for security reasons. Listen to two sockets if you want to
accept both IPv4 and IPv6 traffic. IPv4 traffic may be routed with certain
per-socket/per-node configuration, however, it is not recommended to do so.
Consult
ip6(4) for details.
The behavior of
AF_INET6
TCP/UDP socket is documented in
RFC 2553. Basically, it says this:
- A specific bind on an
AF_INET6
socket
(bind(2) with an address
specified) should accept IPv6 traffic to that address only.
- If you perform a wildcard
bind on an
AF_INET6
socket
(bind(2) to IPv6 address
::
), and there is no wildcard bind
AF_INET
socket on that TCP/UDP port, IPv6 traffic
as well as IPv4 traffic should be routed to that
AF_INET6
socket. IPv4 traffic should be seen as if
it came from an IPv6 address like ::ffff:10.1.1.1
.
This is called an IPv4 mapped address.
- If there are both a wildcard
bind
AF_INET
socket and a wildcard bind
AF_INET6
socket on one TCP/UDP port, they should
behave separately. IPv4 traffic should be routed to the
AF_INET
socket and IPv6 should be routed to the
AF_INET6
socket.
However, RFC 2553 does not define the ordering constraint between calls to
bind(2), nor how IPv4 TCP/UDP port
numbers and IPv6 TCP/UDP port numbers relate to each other (should they be
integrated or separated). Implemented behavior is very different from kernel
to kernel. Therefore, it is unwise to rely too much upon the behavior of
AF_INET6
wildcard bind sockets. It is recommended to
listen to two sockets, one for
AF_INET
and another for
AF_INET6
, when you would like to accept both IPv4 and
IPv6 traffic.
It should also be noted that malicious parties can take advantage of the
complexity presented above, and are able to bypass access control, if the
target node routes IPv4 traffic to
AF_INET6
socket.
Users are advised to take care handling connections from IPv4 mapped address
to
AF_INET6
sockets.
SEE ALSO
ioctl(2),
socket(2),
sysctl(3),
icmp6(4),
intro(4),
ip6(4),
tcp(4),
udp(4)
Qing Li, Tatuya
Jinmei, and Keiichi Shima, IPv6
Core Protocols Implementation, Morgan Kaufmann,
2006.
Qing Li, Tatuya
Jinmei, and Keiichi Shima, IPv6
Advanced Protocols Implementation, Morgan Kaufmann,
2007.
STANDARDS
Tatuya Jinmei and
Atsushi Onoe, An Extension of
Format for IPv6 Scoped Addresses, internet
draft,
draft-ietf-ipngwg-scopedaddr-format-02.txt,
June 2000, work in progress
material.
HISTORY
The
inet6 protocol interfaces are defined in RFC 2553 and RFC
2292. The implementation described herein appeared in the WIDE/KAME project.
BUGS
The IPv6 support is subject to change as the Internet protocols develop. Users
should not depend on details of the current implementation, but rather the
services exported.
Users are suggested to implement “version independent” code as much
as possible, as you will need to support both
inet(4) and
inet6.