Astro <astro@spaceboyz.net>
172.22.16.21 & 255.255.255.0 = 172.22.16.0
172.22.16.70 & 255.255.255.192 = 172.22.16.64
2001:08d8:0081:05c8:0219:dbff:fe64:81a7 & ffff:ffff:ffff:ffff:0000:0000:0000:0000 = 2001:08d8:0081:05c8:0000:0000:0000:0000
2001:8d8:81:5c8:219:dbff:fe64:81a7 & ffff:ffff:ffff:ff00:: = 2001:8d8:81:500::
default via 172.22.16.4 dev eth0 default = 0.0.0.0/0 172.22.16.0/24 dev eth0
default via 172.22.16.2 dev eth0 unreachable 172.16.0.0/12 172.22.0.0/15 via 172.22.16.1 172.22.16.0/24 via 172.22.16.4 172.22.16.0/26 dev eth0
2001:8d8:81:5c8::/64 dev eth0 fe80::/64 dev eth0 ff00::/8 dev eth0 default via fe80::2de:caff:fefb:ad03 dev eth0 2001:67c:21ec:bbbb::/64 via fe80::f00d:f00d dev dc99 2001:67c:21ec:cccc::/64 via fe80::f00d:f00d dev dc99 2001:67c:21ec:eeee::/64 via fe80::f00d:f00d dev dc99 2001:67c:21ec::/48 via fe80::cafe:cafe dev dc24
$ sipcalc 217.115.11.132/27 -[ipv4 : 217.115.11.132/27] - 0 [CIDR] Host address - 217.115.11.132 Host address (decimal) - 3648195460 Host address (hex) - D9730B84 Network address - 217.115.11.128 Network mask - 255.255.255.224 Network mask (bits) - 27 Network mask (hex) - FFFFFFE0 Broadcast address - 217.115.11.159 Cisco wildcard - 0.0.0.31 Addresses in network - 32 Network range - 217.115.11.128 - 217.115.11.159 Usable range - 217.115.11.129 - 217.115.11.158
$ sipcalc 2001:db8::c3d2:0:1/64 -[ipv6 : 2001:db8::c3d2:0:1/64] - 0 [IPV6 INFO] Expanded Address - 2001:0db8:0000:0000:0000:c3d2:0000:0001 Compressed address - 2001:db8::c3d2:0:1 Subnet prefix (masked) - 2001:db8:0:0:0:0:0:0/64 Address ID (masked) - 0:0:0:0:0:c3d2:0:1/64 Prefix address - ffff:ffff:ffff:ffff:0:0:0:0 Prefix length - 64 Address type - Aggregatable Global Unicast Addresses Network range - 2001:0db8:0000:0000:0000:0000:0000:0000 - 2001:0db8:0000:0000:ffff:ffff:ffff:ffff
Bits | 8 | 4 | 4 | 112 |
---|---|---|---|---|
Field | prefix | flags | scope | group ID |
Bit | Flag | 0 | 1 |
---|---|---|---|
0 (MSB) | (Reserved) | (Reserved) | (Reserved) |
1 | R (Rendezvous)[6] | Rendezvous point not embedded | Rendezvous point embedded |
2 | P (Prefix)[7] | Without prefix information | Address based on network prefix |
3 (LSB) | T (Transient)[8] | Well-known multicast address | Dynamically assigned multicast address |
IPv6 address[note 1] | IPv4 equivalent[9] | Scope | Purpose |
---|---|---|---|
ff00::/16-ff0f::/16 | Reserved | ||
ffx1::/16 | 127.0.0.0/8 | Interface-local | Packets with this destination address may not be sent over any network link, but must remain within the current node; this is the multicast equivalent of the unicast loopback address. |
ffx2::/16 | 224.0.0.0/24 | Link-local | Packets with this destination address may not be routed anywhere. |
ffx3::/16 | 239.255.0.0/16 | IPv4 local scope | |
ffx4::/16 | Admin-local | The smallest scope that must be administratively configured. | |
ffx5::/16 | Site-local | Restricted to the local physical network. | |
ffx8::/16 | 239.192.0.0/14 | Organization-local | Restricted to networks used by the organization administering the local network. (For example, these addresses might be used over VPNs; when packets for this group are routed over the public internet (where these addresses are not valid), they would have to be encapsulated in some other protocol.) |
ffxe::/16 | 224.0.1.0-238.255.255.255 | Global scope | Eligible to be routed over the public internet. |
% ping6 ff02::1%eth0 PING ff02::1%eth0(ff02::1) 56 data bytes 64 bytes from fe80::219:dbff:fe64:81a7: icmp_seq=1 ttl=64 time=0.022 ms 64 bytes from fe80::2de:caff:fefb:ad07: icmp_seq=1 ttl=64 time=0.852 ms (DUP!) 64 bytes from fe80::21b:21ff:fe0e:5592: icmp_seq=1 ttl=64 time=0.978 ms (DUP!) ^C
% ssh fe80::21b:21ff:fe0e:5592%eth0 blaster:~$
$ ip Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } ip [ -force ] -batch filename where OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm | netns | l2tp } OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -t[imestamp] | -b[atch] [filename] | -rc[vbuf] [size]}
$ ip a help Usage: ip addr {add|change|replace} IFADDR dev STRING [ LIFETIME ] [ CONFFLAG-LIST ] ip addr del IFADDR dev STRING ip addr {show|flush} [ dev STRING ] [ scope SCOPE-ID ] [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ] IFADDR := PREFIX | ADDR peer PREFIX [ broadcast ADDR ] [ anycast ADDR ] [ label STRING ] [ scope SCOPE-ID ] SCOPE-ID := [ host | link | global | NUMBER ] FLAG-LIST := [ FLAG-LIST ] FLAG FLAG := [ permanent | dynamic | secondary | primary | tentative | deprecated | dadfailed | temporary | CONFFLAG-LIST ] CONFFLAG-LIST := [ CONFFLAG-LIST ] CONFFLAG CONFFLAG := [ home | nodad ] LIFETIME := [ valid_lft LFT ] [ preferred_lft LFT ] LFT := forever | SECONDS
Adresse konfigurieren:
ip addr add fe80::fefe:fa7/64 dev wlan0
Adresse entfernen:
ip a d fe80::fefe:fa7/64 dev wlan0
IPv4-Routingtabelle anzeigen:
ip route
IPv6-Routingtabelle anzeigen:
ip -6 route
Route setzen:
ip r a 2000::/3 dev wlan0 via fe80::2de:caff:fefb:ad03
Route löschen:
ip r d 2000::/3
3. Frame Format IPv6 packets are transmitted in IPv4 packets [RFC 791] with an IPv4 protocol type of 41, the same as has been assigned in [RFC 1933] for IPv6 packets that are tunneled inside of IPv4 frames. The IPv4 header contains the Destination and Source IPv4 addresses. The IPv4 packet body contains the IPv6 header followed immediately by the payload. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol 41 | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv6 header and payload ... / +-------+-------+-------+-------+-------+------+------+
Auf 1.2.3.4:
ip tunnel add sit1 mode sit remote 5.6.7.8
Auf 5.6.7.8:
ip tunnel add sit1 mode sit remote 1.2.3.4
Danach:
ip link set sit1 up ip route add 2001:db8:c3d2:cafe::/64 dev sit0
https://www.sixxs.net/ — Seit 1999
apt-get install aiccu
username SMA2-SIXXS password *** protocol tic server tic.sixxs.net ipv6_interface sixxs tunnel_id T74093 daemonize true automatic true
Bits | 0 - 31 | 32 - 63 | 64 - 79 | 80 - 95 | 96 - 127 |
---|---|---|---|---|---|
Length | 32 bits | 32 bits | 16 bits | 16 bits | 32 bits |
Description | Prefix | Teredo server IPv4 | Flags | Obfuscated UDP port | Obfuscated Client public IPv4 |
Part | 2001:0000 | 4136:e378 | 8000 | 63bf | 3fff:fdd2 |
Decoded | 65.54.227.120 | cone NAT | 40000 | 192.0.2.45 |
17:29:36.297044 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::a800:42ff:fe7a:3246 > fe80::a800:5bff:fe08:f05b: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::a800:5bff:fe08:f05b source link-address option (1), length 8 (1): aa:00:42:7a:32:46 0x0000: aa00 427a 3246 17:29:36.297199 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) fe80::a800:5bff:fe08:f05b > fe80::a800:42ff:fe7a:3246: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is fe80::a800:5bff:fe08:f05b, Flags [solicited]
interface eth0 { AdvSendAdvert on; prefix 2001:8d8:81:5c8::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; AdvPreferredLifetime 60; AdvValidLifetime 600; }; };
echo 1 > /proc/sys/net/ipv6/conf/.../accept_ra
rtsol
& rtsold
15:33:55.051275 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::2de:caff:fefb:ad03 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56 hop limit 64, Flags [none], pref high, router lifetime 15s, reachable time 0s, retrans time 0s prefix info option (3), length 32 (4): 2001:8d8:81:5c8::/64, Flags [onlink, auto, router], valid time 600s, pref. time 60s 0x0000: 40e0 0000 0258 0000 003c 0000 0000 2001 0x0010: 08d8 0081 05c8 0000 0000 0000 0000 source link-address option (1), length 8 (1): 00:de:ca:fb:ad:03 0x0000: 00de cafb ad03
$ ip -6 r 2001:8d8:81:5c8::/64 dev eth0 proto kernel metric 256 expires 599sec fe80::/64 dev eth0 proto kernel metric 256 default via fe80::2de:caff:fefb:ad03 dev eth0 proto kernel metric 1024 expires 14sec
00:1f:16:13:17:ba
fe80::21f:16ff:fe13:17ba
echo 1 > /proc/sys/net/ipv6/conf/.../use_tempaddr
www.c3d2.de. 86400 IN A 46.4.11.4 www.c3d2.de. 86400 IN AAAA 2a01:4f8:131:30e1::c3d2
1.0.0.127.in-addr.arpa. IN PTR localhost.
23.2.0.192.in-addr.arpa. IN PTR example.com.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa IN PTR localhost.
a.7.e.0.8.f.f.f.2.0.0.0.0.3.a.a.c.2.1.0.e.2.3.0.8.b.d.0.1.0.0.2.ip6.arpa IN PTR example.com.
+-----------------------+------------+------------------------------+ | Network-Specific | IPv4 | IPv4-embedded IPv6 address | | Prefix | address | | +-----------------------+------------+------------------------------+ | 2001:db8::/32 | 192.0.2.33 | 2001:db8:c000:221:: | | 2001:db8:100::/40 | 192.0.2.33 | 2001:db8:1c0:2:21:: | | 2001:db8:122::/48 | 192.0.2.33 | 2001:db8:122:c000:2:2100:: | | 2001:db8:122:300::/56 | 192.0.2.33 | 2001:db8:122:3c0:0:221:: | | 2001:db8:122:344::/64 | 192.0.2.33 | 2001:db8:122:344:c0:2:2100:: | | 2001:db8:122:344::/96 | 192.0.2.33 | 2001:db8:122:344::192.0.2.33 | +-----------------------+------------+------------------------------+
ip6tables -F INPUT ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A INPUT -p icmpv6 -j ACCEPT ip6tables -A INPUT -p udp --dport 5353 -j ACCEPT ip6tables -P INPUT DROP
NAT is no firewall!
echo 0 > /proc/sys/net/ipv6/bindv6only
bind()
mit ::
(IN6ADDR_ANY)% ncat -6vlp 6667 Ncat: Version 5.21 ( http://nmap.org/ncat ) Ncat: Listening on :::6667 Ncat: Connection from ::ffff:127.0.0.1.
struct sockaddr_in { sa_family_t sin_family; in_port_t sin_port; /* Port number. */ struct in_addr sin_addr; /* Internet address. */ /* Pad to size of `struct sockaddr'. */ unsigned char sin_zero[sizeof (struct sockaddr) - __SOCKADDR_COMMON_SIZE - sizeof (in_port_t) - sizeof (struct in_addr)]; };
/* Ditto, for IPv6. */ struct sockaddr_in6 { sa_family_t sin6_family; in_port_t sin6_port; /* Transport layer port # */ uint32_t sin6_flowinfo; /* IPv6 flow information */ struct in6_addr sin6_addr; /* IPv6 address */ uint32_t sin6_scope_id; /* IPv6 scope-id */ };
struct sockaddr_storage { sa_family_t ss_family; __ss_aligntype __ss_align; /* Force desired alignment. */ char __ss_padding[_SS_PADSIZE]; };
int getaddrinfo(const char *node, const char *service, const struct addrinfo *hints, struct addrinfo **res);
int getnameinfo(const struct sockaddr *sa, socklen_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags);