-
Notifications
You must be signed in to change notification settings - Fork 1
/
u6rd.8.in
274 lines (274 loc) · 8.17 KB
/
u6rd.8.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
.\" $Id$
.\"
.\" Copyright (c) 2012 KAMADA Ken'ichi.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd April 16, 2015
.Dt U6RD 8
.Os
.\" ----------------------------------------------------------------
.Sh NAME
.Nm u6rd
.Nd user-space 6rd (RFC 5569) implementation
.\" ----------------------------------------------------------------
.Sh SYNOPSIS
.Nm
.Op Fl dFhV
.Op Fl r Ar v4_common_len
.\" .Op Fl s Li capsicum
.Op Fl u Ar user
.Ar tunN
.Ar prefix Ns No / Ns Ar prefixlen
.Ar relay_v4_addr
.Ar my_v4_addr
.\" ----------------------------------------------------------------
.Sh DESCRIPTION
The
.Nm
daemon is a userland implementation of 6rd (RFC 5569)
for 6rd customer edge routers.
It does not provide the functionality of 6rd relay routers.
.Pp
It runs in the user-space using the
.Xr tun 4
interface and the raw socket interface.
.Pp
The following options are available:
.Bl -tag -width "-a 012"
.It Fl d
Output debug messages to stderr.
This option is usually combined with
.Fl F ,
which prevents stderr from being redirected to
.Pa /dev/null .
.It Fl F
Run in the foreground.
The
.Nm
program does not detach itself from the terminal and does not become a daemon.
Log messages are output to the stderr in addition to syslog.
No PID file is created.
.It Fl h
Show simple help messages and exit.
.It Fl r Ar v4_common_len
Specify the common prefix length of the IPv4 addresses
in your 6rd addressing domain.
This should not be confused with the length of the netmask.
The default value is 0.
.\" .It Fl s Li capsicum
.\" Enable Capsicum capability mode.
.\" This option is available only on supported platforms.
.It Fl u Ar user
Run with the privilege of the specified user instead of root.
.It Fl V
Show the version and exit.
.El
.Pp
The argument
.Ar prefix Ns No / Ns Ar prefixlen
specifies the 6rd prefix,
which does not count the embedded IPv4 address part.
.Ar relay_v4_addr
is the IPv4 address of the 6rd relay router.
.Ar my_v4_addr
is your global IPv4 address.
.Pp
Currently,
.Nm
does only minimal preparation;
.Bl -bullet -compact
.It
setting the MTU of the interface to 1280, and
.It
setting UP and RUNNING flags on it.
.El
You need to create a tun interface, set parameters on it,
and modify the routing table by yourself.
See
.Sx EXAMPLES
section.
.Pp
The
.Nm
daemon exits on
.Dv SIGTERM
or
.Dv SIGINT .
Packet counts are logged to syslog (with LOG_INFO priority) on
.Dv SIGINFO .
.\" ----------------------------------------------------------------
.Sh FILES
.Bl -tag -width "01234567" -compact
.It Pa @exp_localstatedir@/run/u6rd.pid
The PID file of the current instance of the daemon.
.El
.\" ----------------------------------------------------------------
.Sh EXAMPLES
Example parameters in this section:
.Bl -tag -width Ds -compact
.It The 6rd prefix from your ISP
2001:db8::/32
.It The 6rd relay router of your ISP
198.51.100.1
.It Your global IPv4 address
203.0.113.1
.El
.Pp
Your 6rd delegated prefix is calculated to be 2001:db8:cb00:7101::/64.
Note that, converting from IPv4 decimal to IPv6 colon hexadecimal notation,
203.0.113.1 corresponds to cb00:7101.
.Pp
The IPv6 default route in the following examples (2001:db8::1) was
chosen semi-arbitrary
within the 6rd prefix but outside of delegated prefix,
so that all IPv6 packets are routed into the tun0 interface.
It could be specified explicitly by the
.Qq -ifp tun0
option.
.Ss FreeBSD 9.0
.Bd -literal
# ifconfig tun0 create
# ifconfig tun0 inet6 2001:db8:cb00:7101::1/32
# ifconfig tun0 inet6 -nud
# route add -inet6 default 2001:db8::1
# u6rd -u nobody tun0 2001:db8::/32 198.51.100.1 203.0.113.1
.Ed
.Pp
FreeBSD's tun driver will reset its address
after the owning process exits.
When you restart
.Nm ,
remember to reconfigure the address.
.Ss FreeBSD 9.0 (configuring at start up)
.Pa /etc/rc.conf
.Bd -literal -offset indent -compact
cloned_interfaces="tun0"
ifconfig_tun0_ipv6="inet6 2001:db8:cb00:7101::1/32 -nud"
ipv6_defaultrouter="2001:db8::1"
.Ed
.Pa /etc/start_if.tun0
.Bd -literal -offset indent -compact
/usr/local/sbin/u6rd -u nobody tun0 2001:db8::/32 \e
198.51.100.1 203.0.113.1
.Ed
.Ss NetBSD 5.1
.Bd -literal
# ifconfig tun0 create
# ifconfig tun0 inet6 2001:db8:cb00:7101::1/32
# ndp -i tun0 -- -nud
# sysctl -w net.inet6.tcp6.mss_ifmtu=1
# route add -inet6 default 2001:db8::1
# u6rd -u nobody tun0 2001:db8::/32 198.51.100.1 203.0.113.1
.Ed
.Pp
Setting net.inet6.tcp6.mss_ifmtu to 1 is recommended.
.Ss Mac OS X 10.7 (Darwin 11.3.0)
.Bd -literal
# u6rd -u nobody utun0 2001:db8::/32 198.51.100.1 203.0.113.1
# ifconfig utun0 inet6 2001:db8:cb00:7101::1/32
# ndp -i utun0 -- -nud
# route add -inet6 default 2001:db8::1
.Ed
.Pp
The utun device, instead of tun, is used on Mac OS X.
A utun interface is created by the daemon (cannot be created with ifconfig),
so the interface address and the default route
need to be configured after executing the daemon.
.\" .Ss Debian GNU/Linux 7.1
.\" .Bd -literal
.\" # u6rd -u nobody tun0 2001:db8::/32 198.51.100.1 203.0.113.1
.\" # ifconfig tun0 inet6 add 2001:db8:cb00:7101::1/32
.\" # route -A inet6 add default gw 2001:db8:c633:6401::1
.\" .Ed
.\" .Pp
.\" A tun interface is created by the daemon,
.\" so the interface address and the default route
.\" need to be configured after executing the daemon.
.Ss More complex example on FreeBSD
Parameters are same except that the common prefix length is 8 bits
in your 6rd addressing domain.
In this case, the delegated prefix is concatenation of
the 6rd prefix (32 bits) and
unique bits of your IPv4 address (32 - 8 = 24 bits),
so its length is 56 bits.
.Bd -literal
# ifconfig tun0 create
# ifconfig tun0 inet6 2001:db8:71:100::1/32
# ifconfig tun0 inet6 -nud
# ifconfig em0 inet6 2001:db8:71:101::1/64
# route add -inet6 default 2001:db8::1
# route add -inet6 2001:db8:71:100:: -prefixlen 56 ::1 -reject
# u6rd -u nobody -r 8 tun0 2001:db8::/32 198.51.100.1 203.0.113.1
.Ed
.\" ----------------------------------------------------------------
.Sh SEE ALSO
.Xr tun 4 ,
.Xr ifconfig 8 ,
.Xr route 8 ,
.Xr sysctl 8
.Rs
.%A B. Carpenter
.%A K. Moore
.%T Connection of IPv6 Domains via IPv4 Clouds
.%R RFC 3056
.%D February 2001
.Re
.Rs
.%A P. Savola
.%A C. Patel
.%T Security Considerations for 6to4
.%R RFC 3964
.%D December 2004
.Re
.Rs
.%A R. Despres
.%T "IPv6 Rapid Deployment on IPv4 Infrastructures (6rd)"
.%R RFC 5569
.%D January 2010
.Re
.Rs
.%A W. Townsley
.%A O. Troan
.%T "IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) -- Protocol Specification"
.%R RFC 5969
.%D August 2010
.Re
.\" ----------------------------------------------------------------
.Sh AUTHORS
.An "KAMADA Ken'ichi" .
.\" ----------------------------------------------------------------
.Sh BUGS
.Bl -bullet -compact
.It
Relay router functionality is not (and will never be) implemented.
.It
Some policies (e.g., rejecting private addresses) are hard-coded.
You need to modify the source code to change those policies,
when, for example,
you want to use private addresses as described in Section 4 of RFC 5569.
.It
Packets are discarded silently without returning ICMPv6 messages.
.El
.\"
.\" EOF