Changeset View
Changeset View
Standalone View
Standalone View
share/man/man4/stf.4
Show All 23 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd December 28, 2012 | .Dd November 16, 2021 | ||||
.Dt STF 4 | .Dt STF 4 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm stf | .Nm stf | ||||
.Nd | .Nd | ||||
.Tn 6to4 | .Tn 6to4 | ||||
tunnel interface | tunnel interface | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.Cd "device stf" | .Cd "device stf" | ||||
.Sh DESCRIPTION | .Sh DESCRIPTION | ||||
The | The | ||||
.Nm | .Nm | ||||
interface supports | interface supports | ||||
.Dq 6to4 | .Dq 6to4 | ||||
and | |||||
.Dq 6rd | |||||
IPv6 in IPv4 encapsulation. | IPv6 in IPv4 encapsulation. | ||||
It can tunnel IPv6 traffic over IPv4, as specified in | It can tunnel IPv6 traffic over IPv4, as specified in | ||||
.Li RFC3056 . | .Li RFC3056 | ||||
or | |||||
.Li RFC5969 . | |||||
.Pp | .Pp | ||||
For ordinary nodes in 6to4 site, you do not need | For ordinary nodes in a 6to4 or 6RD site, you do not need | ||||
.Nm | .Nm | ||||
interface. | interface. | ||||
The | The | ||||
.Nm | .Nm | ||||
interface is necessary for site border router | interface is necessary for site border router | ||||
pauamma_gundo.com: While you're touching that page: should be "a site border router" or "site border routers". | |||||
Done Inline ActionsI'll post a separate review for this remark and the next one. I'd like to keep this review/commit for the 6rd changes only. kp: I'll post a separate review for this remark and the next one. I'd like to keep this… | |||||
(called | (called | ||||
.Dq 6to4 router | .Dq 6to4 router | ||||
or | |||||
.Dq 6rd Customer Edge (CE) | |||||
Not Done Inline ActionsIs there an expansion for CE? emaste: Is there an expansion for CE?
| |||||
in the specification). | in the specification). | ||||
.Pp | .Pp | ||||
Each | Each | ||||
.Nm | .Nm | ||||
interface is created at runtime using interface cloning. | interface is created at runtime using interface cloning. | ||||
This is | This is | ||||
most easily done with the | most easily done with the | ||||
.Xr ifconfig 8 | .Xr ifconfig 8 | ||||
.Cm create | .Cm create | ||||
command or using the | command or using the | ||||
.Va cloned_interfaces | .Va cloned_interfaces | ||||
variable in | variable in | ||||
.Xr rc.conf 5 . | .Xr rc.conf 5 . | ||||
.Sh 6to4 | |||||
.Pp | .Pp | ||||
Due to the way 6to4 protocol is specified, | Due to the way 6to4 protocol is specified, | ||||
.Nm | .Nm | ||||
interface requires certain configuration to work properly. | interface requires certain configuration to work properly. | ||||
Single | Single | ||||
(no more than 1) | (no more than 1) | ||||
valid 6to4 address needs to be configured to the interface. | valid 6to4 address needs to be configured to the interface. | ||||
.Dq A valid 6to4 address | .Dq A valid 6to4 address | ||||
▲ Show 20 Lines • Show All 95 Lines • ▼ Show 20 Lines | |||||
flag on the | flag on the | ||||
.Nm | .Nm | ||||
interface, it is possible to disable the input path, | interface, it is possible to disable the input path, | ||||
making the direct attacks from the outside impossible. | making the direct attacks from the outside impossible. | ||||
Note, however, there are other security risks exist. | Note, however, there are other security risks exist. | ||||
If you wish to use the configuration, | If you wish to use the configuration, | ||||
you must not advertise your 6to4 address to others. | you must not advertise your 6to4 address to others. | ||||
.\" | .\" | ||||
.Sh 6rd | |||||
Like | |||||
.Dq 6to4 | |||||
.Dq 6rd | |||||
also requires configuration before it can be used. | |||||
The required configuration parameters are: | |||||
.Bl -bullet | |||||
.It | |||||
The IPv6 address and prefix length. | |||||
.It | |||||
The border router IPv4 address. | |||||
.It | |||||
The IPv4 WAN address. | |||||
.It | |||||
The prefix length of the IPv4 WAN address. | |||||
.El | |||||
.Pp | |||||
These can parameters are all configured through | |||||
.Xr ifconfig 8 . | |||||
.Pp | |||||
The IPv6 address and prefix length can be configured like any other IPv6 address. | |||||
Note that the prefix length is the IPv6 prefix length excluding the embedded | |||||
IPv4 address bits. | |||||
The prefix length of the delegated network is the sum of the IPv6 prefix length | |||||
and the IPv4 prefix length. | |||||
.Pp | |||||
The border router IPv4 address is configured with the | |||||
.Xr ifconfig 8 | |||||
.Cm stfv4br | |||||
command. | |||||
.Pp | |||||
The IPv4 WAN address and IPv4 prefix length are configured using the | |||||
.Xr ifconfig 8 | |||||
.Cm stfv4net | |||||
command. | |||||
.Sh SYSCTL VARIABLES | .Sh SYSCTL VARIABLES | ||||
The following | The following | ||||
.Xr sysctl 8 | .Xr sysctl 8 | ||||
variables can be used to control the behavior of the | variables can be used to control the behavior of the | ||||
.Nm stf . | .Nm stf . | ||||
The default value is shown next to each variable. | The default value is shown next to each variable. | ||||
.Bl -tag -width indent | .Bl -tag -width indent | ||||
.It Va net.link.stf.permit_rfc1918 : No 0 | .It Va net.link.stf.permit_rfc1918 : No 0 | ||||
▲ Show 20 Lines • Show All 44 Lines • ▼ Show 20 Lines | |||||
.Pq Li 2002:8504:0506::/48 , | .Pq Li 2002:8504:0506::/48 , | ||||
and not to use your 6to4 prefix as a source. | and not to use your 6to4 prefix as a source. | ||||
.Bd -literal | .Bd -literal | ||||
# ifconfig ne0 inet 133.4.5.6 netmask 0xffffff00 | # ifconfig ne0 inet 133.4.5.6 netmask 0xffffff00 | ||||
# ifconfig stf0 inet6 2002:8504:0506:0000:a00:5aff:fe38:6f86 \\ | # ifconfig stf0 inet6 2002:8504:0506:0000:a00:5aff:fe38:6f86 \\ | ||||
prefixlen 16 alias deprecated link0 | prefixlen 16 alias deprecated link0 | ||||
# route add -inet6 2002:: -prefixlen 16 ::1 | # route add -inet6 2002:: -prefixlen 16 ::1 | ||||
# route change -inet6 2002:: -prefixlen 16 ::1 -ifp stf0 | # route change -inet6 2002:: -prefixlen 16 ::1 -ifp stf0 | ||||
.Ed | |||||
.Pp | |||||
The following example configures a | |||||
.Dq 6rd | |||||
tunnel on a | |||||
.Dq 6rd CE | |||||
where the ISP's | |||||
.Dq 6rd | |||||
IPv6 prefix is 2001:db8::/32. | |||||
The border router is 192.0.2.1. | |||||
The | |||||
.Dq 6rd CE | |||||
has a WAN address of 192.0.2.2 and the full IPv4 address is embedded in the | |||||
.Dq 6rd IPv6 address: | |||||
.Bd -literal | |||||
# ifconfig stf0 inet6 2001:db8:c000:0202:: prefixlen 32 up | |||||
# ifconfig stf0 stfv4br 192.0.2.1 | |||||
# ifconfig stf0 stfv4net 192.0.2.2/32 | |||||
.Ed | .Ed | ||||
.\" | .\" | ||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
.Xr gif 4 , | .Xr gif 4 , | ||||
.Xr inet 4 , | .Xr inet 4 , | ||||
.Xr inet6 4 | .Xr inet6 4 | ||||
.Pp | .Pp | ||||
.Pa http://www.ipv6day.org/action.php?n=En.IPv6day | .Pa http://www.ipv6day.org/action.php?n=En.IPv6day | ||||
Not Done Inline ActionsIs it worth keeping that URL still? 6bone was completely phased out 15 years ago.. pauamma_gundo.com: Is it worth keeping that URL still? 6bone was completely phased out 15 years ago.. | |||||
Done Inline ActionsIt's probably time to remove this yes. Like the other remark I'll do this in a separate commit. kp: It's probably time to remove this yes. Like the other remark I'll do this in a separate commit. | |||||
.Rs | .Rs | ||||
.%A Brian Carpenter | .%A Brian Carpenter | ||||
.%A Keith Moore | .%A Keith Moore | ||||
.%T "Connection of IPv6 Domains via IPv4 Clouds" | .%T "Connection of IPv6 Domains via IPv4 Clouds" | ||||
.%D February 2001 | .%D February 2001 | ||||
.%R RFC | .%R RFC | ||||
.%N 3056 | .%N 3056 | ||||
.Re | .Re | ||||
Show All 26 Lines |
While you're touching that page: should be "a site border router" or "site border routers".