From f35d325ebaab993329e2b3f083807d184764066d Mon Sep 17 00:00:00 2001 From: Hiroki Sato Date: Sun, 23 Jan 2005 17:03:13 +0000 Subject: [PATCH] Replace IPv6 related manual pages that may have violated the IETF's copyright. Obtained from: KAME and OpenBSD (via FreeBSD) --- lib/libc/net/getaddrinfo.3 | 678 +++++++---------- lib/libc/net/getnameinfo.3 | 412 +++++----- lib/libc/net/inet6_option_space.3 | 389 +++++----- lib/libc/net/inet6_rthdr_space.3 | 314 ++++---- share/man/man4/icmp6.4 | 368 +++++---- share/man/man4/ip6.4 | 1157 ++++++++++++++--------------- 6 files changed, 1519 insertions(+), 1799 deletions(-) diff --git a/lib/libc/net/getaddrinfo.3 b/lib/libc/net/getaddrinfo.3 index fb3e87cea2..e0f5c4c6b5 100644 --- a/lib/libc/net/getaddrinfo.3 +++ b/lib/libc/net/getaddrinfo.3 @@ -1,216 +1,155 @@ -.\" $FreeBSD: src/lib/libc/net/getaddrinfo.3,v 1.2.2.10 2002/04/28 05:40:24 suz Exp $ -.\" $DragonFly: src/lib/libc/net/getaddrinfo.3,v 1.2 2003/06/17 04:26:44 dillon Exp $ -.\" $KAME: getaddrinfo.3,v 1.31 2001/08/05 18:19:38 itojun Exp $ +.\" $KAME: getaddrinfo.3,v 1.36 2005/01/05 03:23:05 itojun Exp $ +.\" $OpenBSD: getaddrinfo.3,v 1.35 2004/12/21 03:40:31 jaredy Exp $ +.\" $FreeBSD: src/lib/libc/net/getaddrinfo.3,v 1.29 2005/01/23 16:02:48 gnn Exp $ +.\" $DragonFly: src/lib/libc/net/getaddrinfo.3,v 1.3 2005/01/23 17:03:13 hrs Exp $ .\" -.\" Copyright (c) 1983, 1987, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" From: @(#)gethostbyname.3 8.4 (Berkeley) 5/25/95 -.\" -.Dd May 25, 1995 +.Dd December 20, 2004 .Dt GETADDRINFO 3 .Os -.\" .Sh NAME .Nm getaddrinfo , -.Nm freeaddrinfo , -.Nm gai_strerror -.Nd nodename-to-address translation in protocol-independent manner -.\" -.Sh LIBRARY -.Lb libc +.Nm freeaddrinfo +.Nd socket address structure to host and service name .Sh SYNOPSIS -.In sys/types.h -.In sys/socket.h -.In netdb.h +.Fd #include +.Fd #include +.Fd #include .Ft int -.Fn getaddrinfo "const char *nodename" "const char *servname" \ -"const struct addrinfo *hints" "struct addrinfo **res" +.Fn getaddrinfo "const char *hostname" "const char *servname" \ + "const struct addrinfo *hints" "struct addrinfo **res" .Ft void .Fn freeaddrinfo "struct addrinfo *ai" -.Ft "char *" -.Fn gai_strerror "int ecode" -.\" .Sh DESCRIPTION The .Fn getaddrinfo -function is defined for protocol-independent nodename-to-address translation. -It performs the functionality of +function is used to get a list of +.Tn IP +addresses and port numbers for host +.Fa hostname +and service +.Fa servname . +It is a replacement for and provides more flexibility than the .Xr gethostbyname 3 and -.Xr getservbyname 3 , -but in a more sophisticated manner. -.Pp -The -.Li addrinfo -structure is defined as a result of including the -.Aq Pa netdb.h -header: -.Bd -literal -offset -struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME, AI_NUMERICHOST */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* length of ai_addr */ - char *ai_canonname; /* canonical name for nodename */ - struct sockaddr *ai_addr; /* binary address */ - struct addrinfo *ai_next; /* next structure in linked list */ -}; -.Ed +.Xr getservbyname 3 +functions. .Pp The -.Fa nodename -and -.Fa servname -arguments are pointers to null-terminated strings or -.Dv NULL . -One or both of these two arguments must be a -.Pf non Dv -NULL -pointer. -In the normal client scenario, both the -.Fa nodename +.Fa hostname and .Fa servname -are specified. -In the normal server scenario, only the +arguments are either pointers to NUL-terminated strings or the null pointer. +An acceptable value for +.Fa hostname +is either a valid host name or a numeric host address string consisting +of a dotted decimal IPv4 address or an IPv6 address. +The .Fa servname -is specified. -A -.Pf non Dv -NULL -.Fa nodename -string can be either a node name or a numeric host address string -(i.e., a dotted-decimal IPv4 address or an IPv6 hex address). -A -.Pf non Dv -NULL +is either a decimal port number or a service name listed in +.Xr services 5 . +At least one of +.Fa hostname +and .Fa servname -string can be either a service name or a decimal port number. +must be non-null. .Pp -The caller can optionally pass an -.Li addrinfo -structure, pointed to by the third argument, -to provide hints concerning the type of socket that the caller supports. -In this .Fa hints -structure all members other than -.Fa ai_flags , -.Fa ai_family , -.Fa ai_socktype , -and -.Fa ai_protocol -must be zero or a -.Dv NULL -pointer. -A value of -.Dv PF_UNSPEC -for +is an optional pointer to a +.Li struct addrinfo , +as defined by +.Aq Pa netdb.h : +.Bd -literal +struct addrinfo { + int ai_flags; /* input flags */ + int ai_family; /* protocol family for socket */ + int ai_socktype; /* socket type */ + int ai_protocol; /* protocol for socket */ + socklen_t ai_addrlen; /* length of socket-address */ + struct sockaddr *ai_addr; /* socket-address for socket */ + char *ai_canonname; /* canonical name for service location */ + struct addrinfo *ai_next; /* pointer to next in list */ +}; +.Ed +.Pp +This structure can be used to provide hints concerning the type of socket +that the caller supports or wishes to use. +The caller can supply the following structure elements in +.Fa hints : +.Bl -tag -width "ai_socktypeXX" +.It Fa ai_family +The protocol family that should be used. +When .Fa ai_family -means the caller will accept any protocol family. -A value of 0 for +is set to +.Dv PF_UNSPEC , +it means the caller will accept any protocol family supported by the +operating system. +.It Fa ai_socktype +Denotes the type of socket that is wanted: +.Dv SOCK_STREAM , +.Dv SOCK_DGRAM , +or +.Dv SOCK_RAW . +When .Fa ai_socktype -means the caller will accept any socket type. -A value of 0 for +is zero the caller will accept any socket type. +.It Fa ai_protocol +Indicates which transport protocol is desired, +.Dv IPPROTO_UDP +or +.Dv IPPROTO_TCP . +If .Fa ai_protocol -means the caller will accept any protocol. -For example, if the caller handles only TCP and not UDP, then the -.Fa ai_socktype -member of the hints structure should be set to -.Dv SOCK_STREAM -when -.Fn getaddrinfo -is called. -If the caller handles only IPv4 and not IPv6, then the -.Fa ai_family -member of the -.Fa hints -structure should be set to -.Dv PF_INET -when -.Fn getaddrinfo -is called. -If the third argument to +is zero the caller will accept any protocol. +.It Fa ai_flags +.Fa ai_flags +is formed by +.Tn OR Ns 'ing +the following values: +.Bl -tag -width "AI_CANONNAMEXX" +.It Dv AI_CANONNAME +If the +.Dv AI_CANONNAME +bit is set, a successful call to .Fn getaddrinfo -is a -.Dv NULL -pointer, this is the same as if the caller had filled in an -.Li addrinfo -structure initialized to zero with -.Fa ai_family -set to -.Dv PF_UNSPEC . -.Pp -Upon successful return a pointer to a linked list of one or more -.Li addrinfo -structures is returned through the final argument. -The caller can process each -.Li addrinfo -structure in this list by following the -.Fa ai_next -pointer, until a -.Dv NULL -pointer is encountered. -In each returned -.Li addrinfo -structure the three members -.Fa ai_family , -.Fa ai_socktype , -and -.Fa ai_protocol -are the corresponding arguments for a call to the -.Fn socket -function. -In each +will return a NUL-terminated string containing the canonical name +of the specified hostname in the +.Fa ai_canonname +element of the first .Li addrinfo -structure the -.Fa ai_addr -member points to a filled-in socket address structure whose length is -specified by the -.Fa ai_addrlen -member. -.Pp +structure returned. +.It Dv AI_NUMERICHOST +If the +.Dv AI_NUMERICHOST +bit is set, it indicates that +.Fa hostname +should be treated as a numeric string defining an IPv4 or IPv6 address +and no name resolution should be attempted. +.It Dv AI_PASSIVE If the .Dv AI_PASSIVE -bit is set in the -.Fa ai_flags -member of the -.Fa hints -structure, then the caller plans to use the returned socket address -structure in a call to -.Fn bind . +bit is set it indicates that the returned socket address structure +is intended for use in a call to +.Xr bind 2 . In this case, if the -.Fa nodename -argument is a -.Dv NULL -pointer, then the IP address portion of the socket -address structure will be set to +.Fa hostname +argument is the null pointer, then the IP address portion of the +socket address structure will be set to .Dv INADDR_ANY for an IPv4 address or .Dv IN6ADDR_ANY_INIT @@ -218,169 +157,92 @@ for an IPv6 address. .Pp If the .Dv AI_PASSIVE -bit is not set in the -.Fa ai_flags -member of the -.Fa hints -structure, then the returned socket address structure will be ready for a -call to -.Fn connect -(for a connection-oriented protocol) -or either -.Fn connect , -.Fn sendto , +bit is not set, the returned socket address structure will be ready +for use in a call to +.Xr connect 2 +for a connection-oriented protocol or +.Xr connect 2 , +.Xr sendto 2 , or -.Fn sendmsg -(for a connectionless protocol). -In this case, if the -.Fa nodename -argument is a -.Dv NULL -pointer, then the IP address portion of the -socket address structure will be set to the loopback address. +.Xr sendmsg 2 +if a connectionless protocol was chosen. +The +.Tn IP +address portion of the socket address structure will be set to the +loopback address if +.Fa hostname +is the null pointer and +.Dv AI_PASSIVE +is not set. +.El +.El .Pp -If the -.Dv AI_CANONNAME -bit is set in the -.Fa ai_flags -member of the -.Fa hints -structure, then upon successful return the -.Fa ai_canonname -member of the first +All other elements of the .Li addrinfo -structure in the linked list will point to a null-terminated string -containing the canonical name of the specified -.Fa nodename . -.Pp -If the -.Dv AI_NUMERICHOST -bit is set in the -.Fa ai_flags -member of the +structure passed via .Fa hints -structure, then a -.Pf non Dv -NULL -.Fa nodename -string must be a numeric host address string. -Otherwise an error of -.Dv EAI_NONAME -is returned. -This flag prevents any type of name resolution service (e.g., the DNS) -from being called. +must be zero or the null pointer. .Pp -The arguments to -.Fn getaddrinfo -must be sufficiently consistent and unambiguous. -Here are some problem cases you may encounter: -.Bl -bullet -.It -.Fn getaddrinfo -will fail if the members in the +If .Fa hints -structure are not consistent. -For example, for internet address families, -.Fn getaddrinfo -will fail if you specify -.Dv SOCK_STREAM -to -.Fa ai_socktype -while you specify -.Dv IPPROTO_UDP -to -.Fa ai_protocol . -.It -If you specify a -.Fa servname -which is defined only for certain -.Fa ai_socktype , -.Fn getaddrinfo -will fail because the arguments are not consistent. -For example, -.Fn getaddrinfo -will return an error if you ask for -.Dq Li tftp -service on -.Dv SOCK_STREAM . -.It -For internet address families, if you specify -.Fa servname -while you set -.Fa ai_socktype -to -.Dv SOCK_RAW , +is the null pointer, .Fn getaddrinfo -will fail, because service names are not defined for the internet -.Dv SOCK_RAW -space. -.It -If you specify numeric -.Fa servname , -while leaving -.Fa ai_socktype -and -.Fa ai_protocol -unspecified, -.Fn getaddrinfo -will fail. -This is because the numeric -.Fa servname -does not identify any socket type, and -.Fn getaddrinfo -is not allowed to glob the argument in such case. -.El +behaves as if the caller provided a +.Li struct addrinfo +with +.Fa ai_family +set to +.Dv PF_UNSPEC +and all other elements set to zero or +.Dv NULL . .Pp -All of the information returned by -.Fn getaddrinfo -is dynamically allocated: -the +After a successful call to +.Fn getaddrinfo , +.Fa *res +is a pointer to a linked list of one or more .Li addrinfo -structures, the socket address structures, and canonical node name -strings pointed to by the addrinfo structures. -To return this information to the system the function -.Fn freeaddrinfo -is called. -The -.Fa addrinfo -structure pointed to by the -.Fa ai argument -is freed, along with any dynamic storage pointed to by the structure. -This operation is repeated until a -.Dv NULL +structures. +The list can be traversed by following the .Fa ai_next -pointer is encountered. +pointer in each +.Li addrinfo +structure until a null pointer is encountered. +The three members +.Fa ai_family, +.Fa ai_socktype, +and +.Fa ai_protocol +in each returned +.Li addrinfo +structure are suitable for a call to +.Xr socket 2 . +For each +.Li addrinfo +structure in the list, the +.Fa ai_addr +member points to a filled-in socket address structure of length +.Fa ai_addrlen . .Pp -To aid applications in printing error messages based on the -.Dv EAI_xxx -codes returned by -.Fn getaddrinfo , -.Fn gai_strerror -is defined. -The argument is one of the -.Dv EAI_xxx -values defined earlier and the return value points to a string describing -the error. -If the argument is not one of the -.Dv EAI_xxx -values, the function still returns a pointer to a string whose contents -indicate an unknown error. -.\" -.Sh EXTENSIONS -This implementation supports numeric IPv6 address notation with the -experimental scope identifier. -By appending a percent sign and scope identifier to the address, you -can specify the value of the +This implementation of +.Fn getaddrinfo +allows numeric IPv6 address notation with scope identifier, +as documented in chapter 11 of draft-ietf-ipv6-scoping-arch-02.txt. +By appending the percent character and scope identifier to addresses, +one can fill the .Li sin6_scope_id -field of the socket address. -This makes management of scoped address easier, +field for addresses. +This would make management of scoped addresses easier and allows cut-and-paste input of scoped addresses. .Pp -At the moment the code supports only link-local addresses in this format. -The scope identifier is hardcoded to name of hardware interface associated -with the link, -(such as -.Li ne0 ) . -For example, +At this moment the code supports only link-local addresses with the format. +The scope identifier is hardcoded to the name of the hardware interface +associated +with the link +.Po +such as +.Li ne0 +.Pc . +An example is .Dq Li fe80::1%ne0 , which means .Do @@ -390,25 +252,49 @@ on the link associated with the interface .Dc . .Pp -This implementation is still very experimental and non-standard. The current implementation assumes a one-to-one relationship between -interfaces and links, which is not necessarily true according to the -specification. -.\" +the interface and link, which is not necessarily true from the specification. +.Pp +All of the information returned by +.Fn getaddrinfo +is dynamically allocated: the +.Li addrinfo +structures themselves as well as the socket address structures and +the canonical host name strings included in the +.Li addrinfo +structures. +.Pp +Memory allocated for the dynamically allocated structures created by +a successful call to +.Fn getaddrinfo +is released by the +.Fn freeaddrinfo +function. +The +.Fa ai +pointer should be a +.Li addrinfo +structure created by a call to +.Fn getaddrinfo . +.Sh RETURN VALUES +.Fn getaddrinfo +returns zero on success or one of the error codes listed in +.Xr gai_strerror 3 +if an error occurs. .Sh EXAMPLES The following code tries to connect to .Dq Li www.kame.net service -.Dq Li http . -via stream socket. -It loops through all the addresses available, regardless of the address family. +.Dq Li http +via a stream socket. +It loops through all the addresses available, regardless of address family. If the destination resolves to an IPv4 address, it will use an .Dv AF_INET socket. Similarly, if it resolves to IPv6, an .Dv AF_INET6 socket is used. -Observe that there is no hardcoded reference to particular address family. +Observe that there is no hardcoded reference to a particular address family. The code works even if .Fn getaddrinfo returns addresses that are not IPv4/v6. @@ -427,8 +313,6 @@ if (error) { /*NOTREACHED*/ } s = -1; -cause = "no addresses"; -errno = EADDRNOTAVAIL; for (res = res0; res; res = res->ai_next) { s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); @@ -447,7 +331,7 @@ for (res = res0; res; res = res->ai_next) { break; /* okay we got one */ } if (s < 0) { - err(1, cause); + err(1, "%s", cause); /*NOTREACHED*/ } freeaddrinfo(res0); @@ -486,107 +370,50 @@ for (res = res0; res && nsock < MAXSOCK; res = res->ai_next) { close(s[nsock]); continue; } - - if (listen(s[nsock], SOMAXCONN) < 0) { - cause = "listen"; - close(s[nsock]); - continue; - } + (void) listen(s[nsock], 5); nsock++; } if (nsock == 0) { - err(1, cause); + err(1, "%s", cause); /*NOTREACHED*/ } freeaddrinfo(res0); .Ed -.\" -.Sh FILES -.Bl -tag -width /etc/resolv.conf -compact -.It Pa /etc/hosts -.It Pa /etc/host.conf -.It Pa /etc/resolv.conf -.El -.\" -.Sh DIAGNOSTICS -Error return status from -.Fn getaddrinfo -is zero on success and non-zero on errors. -Non-zero error codes are defined in -.Aq Pa netdb.h , -and as follows: -.Pp -.Bl -tag -width EAI_ADDRFAMILY -compact -.It Dv EAI_ADDRFAMILY -Address family for -.Fa nodename -not supported. -.It Dv EAI_AGAIN -Temporary failure in name resolution. -.It Dv EAI_BADFLAGS -Invalid value for -.Fa ai_flags . -.It Dv EAI_FAIL -Non-recoverable failure in name resolution. -.It Dv EAI_FAMILY -.Fa ai_family -not supported. -.It Dv EAI_MEMORY -Memory allocation failure. -.It Dv EAI_NODATA -No address associated with -.Fa nodename . -.It Dv EAI_NONAME -.Fa nodename -nor -.Fa servname -provided, or not known. -.It Dv EAI_SERVICE -.Fa servname -not supported for -.Fa ai_socktype . -.It Dv EAI_SOCKTYPE -.Fa ai_socktype -not supported. -.It Dv EAI_SYSTEM -System error returned in -.Va errno . -.El -.Pp -If called with an appropriate argument, -.Fn gai_strerror -returns a pointer to a string describing the given error code. -If the argument is not one of the -.Dv EAI_xxx -values, the function still returns a pointer to a string whose contents -indicate an unknown error. -.\" .Sh SEE ALSO +.Xr bind 2 , +.Xr connect 2 , +.Xr send 2 , +.Xr socket 2 , +.Xr gai_strerror 3 , .Xr gethostbyname 3 , .Xr getnameinfo 3 , .Xr getservbyname 3 , +.Xr resolver 3 , .Xr hosts 5 , .Xr resolv.conf 5 , .Xr services 5 , .Xr hostname 7 , .Xr named 8 -.Pp .Rs .%A R. Gilligan .%A S. Thomson .%A J. Bound +.%A J. McCann .%A W. Stevens .%T Basic Socket Interface Extensions for IPv6 -.%R RFC2553 -.%D March 1999 +.%R RFC 3493 +.%D February 2003 .Re .Rs -.%A Tatsuya Jinmei -.%A Atsushi Onoe -.%T "An Extension of Format for IPv6 Scoped Addresses" +.%A S. Deering +.%A B. Haberman +.%A T. Jinmei +.%A E. Nordmark +.%A B. Zill +.%T "IPv6 Scoped Address Architecture" .%R internet draft -.%N draft-ietf-ipngwg-scopedaddr-format-02.txt +.%N draft-ietf-ipv6-scoping-arch-02.txt .%O work in progress material .Re .Rs @@ -595,20 +422,15 @@ indicate an unknown error. .%B "Proceedings of the freenix track: 2000 USENIX annual technical conference" .%D June 2000 .Re -.\" -.Sh HISTORY -The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. -.\" .Sh STANDARDS The .Fn getaddrinfo -function is defined in -.St -p1003.1g-2000 , -and documented in -.Dq Basic Socket Interface Extensions for IPv6 -(RFC2553). -.\" +function is defined by the +.St -p1003.1g-2000 +draft specification and documented in +.Dv "RFC 3493" , +.Dq Basic Socket Interface Extensions for IPv6 . .Sh BUGS -The current implementation is not thread-safe. -.Pp -The text was shamelessly copied from RFC2553. +The implementation of +.Fn getaddrinfo +is not thread-safe. diff --git a/lib/libc/net/getnameinfo.3 b/lib/libc/net/getnameinfo.3 index 0dfcc28ffd..55f00bc8a6 100644 --- a/lib/libc/net/getnameinfo.3 +++ b/lib/libc/net/getnameinfo.3 @@ -1,202 +1,139 @@ -.\" $FreeBSD: src/lib/libc/net/getnameinfo.3,v 1.2.2.8 2001/12/14 18:33:55 ru Exp $ -.\" $DragonFly: src/lib/libc/net/getnameinfo.3,v 1.2 2003/06/17 04:26:44 dillon Exp $ -.\" $KAME: getnameinfo.3,v 1.17 2000/08/09 21:16:17 itojun Exp $ +.\" $KAME: getnameinfo.3,v 1.37 2005/01/05 03:23:05 itojun Exp $ +.\" $OpenBSD: getnameinfo.3,v 1.36 2004/12/21 09:48:20 jmc Exp $ +.\" $FreeBSD: src/lib/libc/net/getnameinfo.3,v 1.21 2005/01/23 16:02:48 gnn Exp $ +.\" $DragonFly: src/lib/libc/net/getnameinfo.3,v 1.3 2005/01/23 17:03:13 hrs Exp $ .\" -.\" Copyright (c) 1983, 1987, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" From: @(#)gethostbyname.3 8.4 (Berkeley) 5/25/95 -.\" -.Dd May 25, 1995 +.Dd December 20, 2004 .Dt GETNAMEINFO 3 .Os -.\" .Sh NAME .Nm getnameinfo -.Nd address-to-nodename translation in protocol-independent manner -.\" -.Sh LIBRARY -.Lb libc +.Nd socket address structure to hostname and service name .Sh SYNOPSIS -.In sys/types.h -.In sys/socket.h -.In netdb.h +.Fd #include +.Fd #include +.Fd #include .Ft int -.Fn getnameinfo "const struct sockaddr *sa" "socklen_t salen" \ -"char *host" "size_t hostlen" "char *serv" "size_t servlen" "int flags" -.\" +.Fn getnameinfo "const struct sockaddr *sa" "socklen_t salen" "char *host" \ + "size_t hostlen" "char *serv" "size_t servlen" "int flags" .Sh DESCRIPTION The .Fn getnameinfo -function is defined for protocol-independent address-to-nodename translation. -Its functionality is a reverse conversion of -.Xr getaddrinfo 3 , -and implements similar functionality with +function is used to convert a +.Li sockaddr +structure to a pair of host name and service strings. +It is a replacement for and provides more flexibility than the .Xr gethostbyaddr 3 and .Xr getservbyport 3 -in more sophisticated manner. -.Pp -This function looks up an IP address and port number provided by the -caller in the DNS and system-specific database, and returns text -strings for both in buffers provided by the caller. -The function indicates successful completion by a zero return value; -a non-zero return value indicates failure. +functions and is the converse of the +.Xr getaddrinfo 3 +function. .Pp -The first argument, -.Fa sa , -points to either a -.Li sockaddr_in -structure (for IPv4) or a -.Li sockaddr_in6 -structure (for IPv6) that holds the IP address and port number. The -.Fa salen -argument gives the length of the +.Li sockaddr +structure +.Fa sa +should point to either a .Li sockaddr_in or .Li sockaddr_in6 -structure. +structure (for IPv4 or IPv6 respectively) that is +.Fa salen +bytes long. .Pp -The function returns the nodename associated with the IP address in -the buffer pointed to by the +The host and service names associated with +.Fa sa +are stored in .Fa host -argument. -The caller provides the size of this buffer via the +and +.Fa serv +which have length parameters .Fa hostlen -argument. -The service name associated with the port number is returned in the buffer -pointed to by -.Fa serv , -and the -.Fa servlen -argument gives the length of this buffer. -The caller specifies not to return either string by providing a zero -value for the +and +.Fa servlen . +The maximum value for .Fa hostlen -or +is +.Dv NI_MAXHOST +and +the maximum value for .Fa servlen -arguments. -Otherwise, the caller must provide buffers large enough to hold the -nodename and the service name, including the terminating null characters. -.Pp -Unfortunately most systems do not provide constants that specify the -maximum size of either a fully-qualified domain name or a service name. -Therefore to aid the application in allocating buffers for these two -returned strings the following constants are defined in -.Aq Pa netdb.h : -.Bd -literal -offset -#define NI_MAXHOST 1025 -#define NI_MAXSERV 32 -.Ed -.Pp -The first value is actually defined as the constant -.Dv MAXDNAME -in recent versions of BIND's -.Aq Pa arpa/nameser.h -header -(older versions of BIND define this constant to be 256) -and the second is a guess based on the services listed in the current -Assigned Numbers RFC. -.Pp -The final argument is a -.Fa flag -that changes the default actions of this function. -By default the fully-qualified domain name (FQDN) for the host is -looked up in the DNS and returned. -If the flag bit -.Dv NI_NOFQDN -is set, only the nodename portion of the FQDN is returned for local hosts. -.Pp -If the -.Fa flag -bit -.Dv NI_NUMERICHOST -is set, or if the host's name cannot be located in the DNS, -the numeric form of the host's address is returned instead of its name -(e.g., by calling -.Fn inet_ntop -instead of -.Fn getnodebyaddr ) . -If the -.Fa flag -bit -.Dv NI_NAMEREQD -is set, an error is returned if the host's name cannot be located in the DNS. -.Pp -If the flag bit -.Dv NI_NUMERICSERV -is set, the numeric form of the service address is returned -(e.g., its port number) -instead of its name. -The two -.Dv NI_NUMERICxxx -flags are required to support the -.Fl n -flag that many commands provide. +is +.Dv NI_MAXSERV , +as defined by +.Aq Pa netdb.h . +If a length parameter is zero, no string will be stored. +Otherwise, enough space must be provided to store the +host name or service string plus a byte for the NUL terminator. .Pp -A fifth flag bit, -.Dv NI_DGRAM , -specifies that the service is a datagram service, and causes -.Fn getservbyport +The +.Fa flags +argument is formed by +.Tn OR Ns 'ing +the following values: +.Bl -tag -width "NI_NUMERICHOSTXX" +.It Dv NI_NOFQDN +A fully qualified domain name is not required for local hosts. +The local part of the fully qualified domain name is returned instead. +.It Dv NI_NUMERICHOST +Return the address in numeric form, as if calling +.Xr inet_ntop 3 , +instead of a host name. +.It Dv NI_NAMEREQD +A name is required. +If the host name cannot be found in DNS and this flag is set, +a non-zero error code is returned. +If the host name is not found and the flag is not set, the +address is returned in numeric form. +.It NI_NUMERICSERV +The service name is returned as a digit string representing the port number. +.It NI_DGRAM +Specifies that the service being looked up is a datagram +service, and causes +.Xr getservbyport 3 to be called with a second argument of .Dq udp instead of its default of .Dq tcp . -This is required for the few ports (512-514) -that have different services for UDP and TCP. +This is required for the few ports (512\-514) that have different services +for +.Tn UDP +and +.Tn TCP . +.El .Pp -These -.Dv NI_xxx -flags are defined in -.Aq Pa netdb.h . -.\" -.Sh EXTENSION -The implementation allows experimental numeric IPv6 address notation with -scope identifier. -IPv6 link-local address will appear as string like -.Dq Li fe80::1%ne0 , -if -.Dv NI_WITHSCOPEID -bit is enabled in -.Ar flags -argument. +This implementation allows numeric IPv6 address notation with scope identifier, +as documented in chapter 11 of draft-ietf-ipv6-scoping-arch-02.txt. +IPv6 link-local address will appear as a string like +.Dq Li fe80::1%ne0 . Refer to .Xr getaddrinfo 3 -for the notation. -.\" +for more information. +.Sh RETURN VALUES +.Fn getnameinfo +returns zero on success or one of the error codes listed in +.Xr gai_strerror 3 +if an error occurs. .Sh EXAMPLES -The following code tries to get numeric hostname, and service name, -for given socket address. -Observe that there is no hardcoded reference to particular address family. +The following code tries to get a numeric host name, and service name, +for a given socket address. +Observe that there is no hardcoded reference to a particular address family. .Bd -literal -offset indent struct sockaddr *sa; /* input */ char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; @@ -206,10 +143,10 @@ if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), sbuf, errx(1, "could not get numeric hostname"); /*NOTREACHED*/ } -printf("host=%s, serv=%s\\n", hbuf, sbuf); +printf("host=%s, serv=%s\en", hbuf, sbuf); .Ed .Pp -The following version checks if the socket address has reverse address mapping. +The following version checks if the socket address has a reverse address mapping: .Bd -literal -offset indent struct sockaddr *sa; /* input */ char hbuf[NI_MAXHOST]; @@ -219,67 +156,38 @@ if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), NULL, 0, errx(1, "could not resolve hostname"); /*NOTREACHED*/ } -printf("host=%s\\n", hbuf); +printf("host=%s\en", hbuf); .Ed -.\" -.Sh FILES -.Bl -tag -width /etc/resolv.conf -compact -.It Pa /etc/hosts -.It Pa /etc/host.conf -.It Pa /etc/resolv.conf -.El -.\" -.Sh DIAGNOSTICS -The function indicates successful completion by a zero return value; -a non-zero return value indicates failure. -Error codes are as below: -.Bl -tag -width Er -.It Bq Er EAI_AGAIN -The name could not be resolved at this time. -Future attempts may succeed. -.It Bq Er EAI_BADFLAGS -The flags had an invalid value. -.It Bq Er EAI_FAIL -A non-recoverable error occurred. -.It Bq Er EAI_FAMILY -The address family was not recognized or the address length was invalid -for the specified family. -.It Bq Er EAI_MEMORY -There was a memory allocation failure. -.It Bq Er EAI_NONAME -The name does not resolve for the supplied parameters. -.Dv NI_NAMEREQD -is set and the host's name cannot be located, -or both nodename and servname were null. -.It Bq Er EAI_SYSTEM -A system error occurred. -The error code can be found in errno. -.El -.\" .Sh SEE ALSO +.Xr gai_strerror 3 , .Xr getaddrinfo 3 , .Xr gethostbyaddr 3 , .Xr getservbyport 3 , +.Xr inet_ntop 3 , +.Xr resolver 3 , .Xr hosts 5 , +.Xr resolv.conf 5 , .Xr services 5 , .Xr hostname 7 , .Xr named 8 -.Pp .Rs .%A R. Gilligan .%A S. Thomson .%A J. Bound .%A W. Stevens .%T Basic Socket Interface Extensions for IPv6 -.%R RFC2553 +.%R RFC 2553 .%D March 1999 .Re .Rs -.%A Tatsuya Jinmei -.%A Atsushi Onoe -.%T "An Extension of Format for IPv6 Scoped Addresses" +.%A S. Deering +.%A B. Haberman +.%A T. Jinmei +.%A E. Nordmark +.%A B. Zill +.%T "IPv6 Scoped Address Architecture" .%R internet draft -.%N draft-ietf-ipngwg-scopedaddr-format-02.txt +.%N draft-ietf-ipv6-scoping-arch-02.txt .%O work in progress material .Re .Rs @@ -288,25 +196,77 @@ The error code can be found in errno. .%B "Proceedings of the freenix track: 2000 USENIX annual technical conference" .%D June 2000 .Re -.\" -.Sh HISTORY -The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. -.\" .Sh STANDARDS The -.Fn getaddrinfo -function is defined in -.St -p1003.1g-2000 , -and documented in -.Dq Basic Socket Interface Extensions for IPv6 -(RFC2553). -.\" -.Sh BUGS -The current implementation is not thread-safe. +.Fn getnameinfo +function is defined by the +.St -p1003.1g-2000 +draft specification and documented in +.Tn "RFC 2553" , +.Dq Basic Socket Interface Extensions for IPv6 . +.Sh CAVEATS +.Fn getnameinfo +can return both numeric and FQDN forms of the address specified in +.Fa sa . +There is no return value that indicates whether the string returned in +.Fa host +is a result of binary to numeric-text translation (like +.Xr inet_ntop 3 ) , +or is the result of a DNS reverse lookup. +Because of this, malicious parties could set up a PTR record as follows: +.Bd -literal -offset indent +1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 +.Ed .Pp -The text was shamelessly copied from RFC2553. +and trick the caller of +.Fn getnameinfo +into believing that +.Fa sa +is +.Li 10.1.1.1 +when it is actually +.Li 127.0.0.1 . .Pp -The type of the 2nd argument should be -.Li socklen_t -for RFC2553 conformance. -The current code is based on pre-RFC2553 specification. +To prevent such attacks, the use of +.Dv NI_NAMEREQD +is recommended when the result of +.Fn getnameinfo +is used +for access control purposes: +.Bd -literal -offset indent +struct sockaddr *sa; +socklen_t salen; +char addr[NI_MAXHOST]; +struct addrinfo hints, *res; +int error; + +error = getnameinfo(sa, salen, addr, sizeof(addr), + NULL, 0, NI_NAMEREQD); +if (error == 0) { + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_DGRAM; /*dummy*/ + hints.ai_flags = AI_NUMERICHOST; + if (getaddrinfo(addr, "0", &hints, &res) == 0) { + /* malicious PTR record */ + freeaddrinfo(res); + printf("bogus PTR record\en"); + return -1; + } + /* addr is FQDN as a result of PTR lookup */ +} else { + /* addr is numeric string */ + error = getnameinfo(sa, salen, addr, sizeof(addr), + NULL, 0, NI_NUMERICHOST); +} +.Ed +.Sh BUGS +The implementation of +.Fn getnameinfo +is not thread-safe. +.\".Pp +.\".Ox +.\"intentionally uses a different +.\".Dv NI_MAXHOST +.\"value from what +.\".Tn "RFC 2553" +.\"suggests, to avoid buffer length handling mistakes. diff --git a/lib/libc/net/inet6_option_space.3 b/lib/libc/net/inet6_option_space.3 index 538e2f11fc..4650f9a6b1 100644 --- a/lib/libc/net/inet6_option_space.3 +++ b/lib/libc/net/inet6_option_space.3 @@ -1,5 +1,9 @@ -.\" Copyright (c) 1983, 1987, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. +.\" $KAME: inet6_option_space.3,v 1.11 2005/01/05 03:00:44 itojun Exp $ +.\" $FreeBSD: src/lib/libc/net/inet6_option_space.3,v 1.16 2005/01/23 16:02:48 gnn Exp $ +.\" $DragonFly: src/lib/libc/net/inet6_option_space.3,v 1.3 2005/01/23 17:03:13 hrs Exp $ +.\" +.\" Copyright (C) 2004 WIDE Project. +.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -9,18 +13,14 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the project nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -29,11 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: inet6_option_space.3,v 1.4 2000/02/05 10:32:24 jinmei Exp $ -.\" $FreeBSD: src/lib/libc/net/inet6_option_space.3,v 1.1.2.7 2002/12/29 16:35:34 schweikh Exp $ -.\" $DragonFly: src/lib/libc/net/inet6_option_space.3,v 1.2 2003/06/17 04:26:44 dillon Exp $ -.\" -.Dd December 10, 1999 +.Dd December 23, 2004 .Dt INET6_OPTION_SPACE 3 .Os .\" @@ -44,7 +40,7 @@ .Nm inet6_option_alloc , .Nm inet6_option_next , .Nm inet6_option_find -.Nd IPv6 Hop-by-Hop and Destination Options manipulation +.Nd IPv6 Hop-by-Hop and Destination Option Manipulation .\" .Sh LIBRARY .Lb libc @@ -66,347 +62,343 @@ .\" .Sh DESCRIPTION .\" -Building and parsing the Hop-by-Hop and Destination options is -complicated due to alignment constraints, padding and -ancillary data manipulation. -RFC2292 defines a set of functions to help the application. -The function prototypes for -these functions are all in the -.Aq Li netinet/in.h -header. +Manipulating and parsing IPv6's Hop-by-Hop and Destination options is +complicated by the need to properly align and pad data as well as the +need to manipulate ancillary information that is not part of the data +stream. +RFC2292 defines a set of functions, which are implemented as +part of the Kame libraries, to support help developers create, change, +and parse Hop-by-Hope and Destination options. +All of the prototypes +for the option functions are defined in the +.In netinet/in.h +header file. .\" .Ss inet6_option_space +In order to determine the amount of space necessary to hold any option +the .Fn inet6_option_space -returns the number of bytes required to hold an option when it is stored as -ancillary data, including the +function is called. +It returns the number of bytes required to hold +an option when it is stored as ancillary data, including the .Li cmsghdr -structure at the beginning, -and any padding at the end -(to make its size a multiple of 8 bytes). -The argument is the size of the structure defining the option, -which must include any pad bytes at the beginning -(the value +structure at the beginning, and any necessary padding at the end. +The +.Li nbytes +argument indicates the size of the structure defining the option, +and must include any pad bytes at the beginning (the value .Li y in the alignment term .Dq Li "xn + y" ) , the type byte, the length byte, and the option data. .Pp Note: If multiple options are stored in a single ancillary data -object, which is the recommended technique, this function -overestimates the amount of space required by the size of +object, which is the recommended technique, the +.Fn inet6_option_space +function overestimates the amount of space required by the size of .Li N-1 .Li cmsghdr -structures, -where +structures, where .Li N is the number of options to be stored in the object. -This is of little consequence, since it is assumed that most -Hop-by-Hop option headers and Destination option headers carry only -one option -(appendix B of [RFC-2460]). +Usually this has +no impact because it is assumed that most Hop-by-Hop and Destination +option headers carry only one option as indicated in appendix B of RFC2460. .\" .Ss inet6_option_init +The .Fn inet6_option_init -is called once per ancillary data object that will -contain either Hop-by-Hop or Destination options. +function is called to initialize any ancillary data object that will contain +a Hop-by-Hop or Destination option. It returns .Li 0 -on success or +on success and .Li -1 -on an error. +when an error occurs. .Pp +The .Fa bp -is a pointer to previously allocated space that will contain the -ancillary data object. -It must be large enough to contain all the -individual options to be added by later calls to +argument points to a previously allocated area of memory which must be +large enough to contain all the arguments that the application indents +to add later via .Fn inet6_option_append and -.Fn inet6_option_alloc . +.Fn inet6_option_alloc +routines. .Pp +The .Fa cmsgp -is a pointer to a pointer to a +argument is a pointer to a pointer to a .Li cmsghdr structure. +The .Fa *cmsgp -is initialized by this function to point to the +argument +points to a .Li cmsghdr -structure constructed by this function in the buffer pointed to by +structure which is constructed by this function and stored in the +area of memory pointed to by .Fa bp . .Pp +The .Fa type is either .Dv IPV6_HOPOPTS or -.Dv IPV6_DSTOPTS . -This -.Fa type -is stored in the +.Dv IPV6_DSTOPTS +and is stored in the .Li cmsg_type member of the .Li cmsghdr -structure pointed to by -.Fa *cmsgp . +structure mentioned above. .\" .Ss inet6_option_append -This function appends a Hop-by-Hop option or a Destination option -into an ancillary data object that has been initialized by +This function appends a Hop-by-Hop option or a Destination option into +an ancillary data object previously initialized by a call to .Fn inet6_option_init . -This function returns +The +.Fn inet6_option_append function returns .Li 0 if it succeeds or .Li -1 -on an error. +when an error occurs. .Pp +The .Fa cmsg -is a pointer to the +argument is a pointer to the .Li cmsghdr -structure that must have been -initialized by +structure that was initialized by a call to .Fn inet6_option_init . .Pp +The +.Fa typep +argument is a pointer to the 8-bit option type. +All options are +encoded as type-length-value tuples and it is assumed that +the .Fa typep -is a pointer to the 8-bit option type. -It is assumed that this field is immediately followed by the 8-bit option data length field, -which is then followed immediately by the option data. -The caller -initializes these three fields -(the type-length-value, or TLV) -before calling this function. +which is then followed by the option data. .Pp -The option type must have a value from -.Li 2 -to -.Li 255 , -inclusive. -.Li ( 0 +The option types of +.Li 0 and -.Li 1 -are reserved for the +.Li 1 are reserved for the .Li Pad1 and .Li PadN -options, respectively.) +options respectively. +All other values from +.Li 2 +through +.Li 255 +are available for applications to use. .Pp -The option data length must have a value between +The option data length, since it is stored in 8 bites, must have a +value between .Li 0 and .Li 255 , -inclusive, and is the length of the option data that follows. +inclusive. .Pp +The .Fa multx +argument is the value .Li x in the alignment term -.Dq Li xn + y . -It must have a value of +.Dq Li xn + y +and indicates the byte alignment necessary for the data. +Alignments may be specified as .Li 1 , .Li 2 , .Li 4 , or -.Li 8 . +.Li 8 +bytes, which is no alignment, 16 bit, 32 bit and 64 bit alignments +respectively. .Pp +The .Fa plusy +argument is the value .Li y in the alignment term -.Dq Li xn + y . -It must have a value between +.Dq Li xn + y +and must have a value between .Li 0 and .Li 7 , -inclusive. +inclusive, indicating the amount of padding that is necessary for an +option. .\" .Ss inet6_option_alloc -This function appends a Hop-by-Hop option or a Destination option -into an ancillary data object that has been initialized by +The +.Fn inet6_option_alloc +function appends a Hop-by-Hop option or a Destination option into an +ancillary data object that has previously been initialized by a call to .Fn inet6_option_init . -This function returns a pointer to the 8-bit -option type field that starts the option on success, or +The +.Fn inet6_option_alloc +function returns a pointer to the 8-bit option type field that at the +beginning of the allocated the option on success, or .Dv NULL on an error. .Pp -The difference between this function and +The difference between the +.Fn inet6_option_alloc +and .Fn inet6_option_append -is that the latter copies the contents of a previously built option into -the ancillary data object while the current function returns a -pointer to the space in the data object where the option's TLV must -then be built by the caller. +functions is that the latter copies the contents of a previously built +option into the ancillary data object while the former returns a +pointer to the place in the data object where the option's TLV must +then be built by the application. .Pp +The .Fa cmsg -is a pointer to the +argument is a pointer to a .Li cmsghdr -structure that must have been -initialized by +structure that was initialized by .Fn inet6_option_init . .Pp +The .Fa datalen -is the value of the option data length byte for this option. +argument is the value of the option data length byte for this option. This value is required as an argument to allow the function to determine if padding must be appended at the end of the option. (The .Fn inet6_option_append function does not need a data length argument -since the option data length must already be stored by the caller.) +since the option data length must already be stored by the caller) .Pp +The .Fa multx -is the value -.Li x -in the alignment term -.Dq Li xn + y . -It must have a value of -.Li 1 , -.Li 2 , -.Li 4 , -or -.Li 8 . -.Pp -.Fa plusy -is the value -.Li y -in the alignment term -.Dq Li xn + y . -It must have a value between -.Li 0 and -.Li 7 , -inclusive. +.Fa plusy +arguments +are identical to the arguments of the same name described in the +.Fn inet6_option_init +function above. .\" .Ss inet6_option_next -This function processes the next Hop-by-Hop option or Destination -option in an ancillary data object. -If another option remains to be -processed, the return value of the function is +The +.Fn inet6_option_next +function is used to process Hop-by-Hop and Destination options that +are present in an ancillary data object. +When an option remains to +be processed, the return value of the +.Fn inet6_option_next +function is .Li 0 -and +and the .Fa *tptrp -points to -the 8-bit option type field -(which is followed by the 8-bit option -data length, followed by the option data). -If no more options remain -to be processed, the return value is +argument points to the 8-bit option type field, which is followed by +the 8-bit option data length, and then the option data. +When no more +options remain to be processed, the return value is .Li -1 and .Fa *tptrp is -.Dv NULL . -If an error occurs, the return value is +.Dv NULL +and when an error occurs, the return value is .Li -1 -and +but the .Fa *tptrp -is not +argument is not .Dv NULL . +This set of return values allows a program to easily loop through all +the options in an ancillary data object, checking for the error and +end of stream conditions along the way. .Pp +When a valid option is returned the .Fa cmsg -is a pointer to +argument points to a .Li cmsghdr -structure of which +where the .Li cmsg_level equals .Dv IPPROTO_IPV6 and .Li cmsg_type -equals either +is either .Dv IPV6_HOPOPTS or .Dv IPV6_DSTOPTS . .Pp +The .Fa tptrp -is a pointer to a pointer to an 8-bit byte and +argument is a pointer to a pointer to an 8-bit byte and .Fa *tptrp -is used -by the function to remember its place in the ancillary data object -each time the function is called. -The first time this function is -called for a given ancillary data object, +is used by the function to remember its place in the ancillary data +object each time the function is called. +When the +.Fn inet6_option_next +function is called for the first time on a given ancillary data object, .Fa *tptrp must be set to .Dv NULL . .Pp -Each time this function returns success, +Each time the function returns success, +the .Fa *tptrp -points to the 8-bit -option type field for the next option to be processed. +argument points to the 8-bit option type field for the next option to +be processed. .\" .Ss inet6_option_find -This function is similar to the previously described -.Fn inet6_option_next -function, except this function lets the caller -specify the option type to be searched for, instead of always -returning the next option in the ancillary data object. +The +.Fn inet6_option_find +function allows an application to search for a particular option type +in an ancillary data object. +The .Fa cmsg -is a -pointer to +argument is a pointer to .Li cmsghdr -structure of which +structure in which the .Li cmsg_level -equals +element equals .Dv IPPROTO_IPV6 -and +and the .Li cmsg_type -equals either +element is either .Dv IPV6_HOPOPTS or .Dv IPV6_DSTOPTS . .Pp +The .Fa tptrp -is a pointer to a pointer to an 8-bit byte and -.Fa *tptrp -is used -by the function to remember its place in the ancillary data object -each time the function is called. -The first time this function is -called for a given ancillary data object, -.Fa *tptrp -must be set to -.Dv NULL . +argument is handled exactly as in the +.Fn inet6_option_next +function described above. .Pa -This function starts searching for an option of the specified type +The +.fn inet6_option_find +function starts searching for an option of the specified type beginning after the value of .Fa *tptrp . -If an option of the specified -type is located, this function returns -.Li 0 -and -.Fa *tptrp -points to the 8- -bit option type field for the option of the specified type. -If an -option of the specified type is not located, the return value is -.Li -1 -and -.Fa *tptrp -is -.Dv NULL . -If an error occurs, the return value is -.Li -1 -and -.Fa *tptrp -is not -.Dv NULL . .\" .Sh DIAGNOSTICS +The .Fn inet6_option_init and .Fn inet6_option_append -return +functions return .Li 0 on success or .Li -1 on an error. .Pp +The .Fn inet6_option_alloc -returns +function returns .Dv NULL on an error. .Pp -On errors, +When .Fn inet6_option_next -and +or .Fn inet6_option_find -return +detect an error they return .Li -1 setting .Fa *tptrp @@ -437,10 +429,7 @@ RFC2292 gives comprehensive examples in chapter 6. The implementation first appeared in KAME advanced networking kit. .\" .Sh STANDARDS -The functions -are documented in +The functions are documented in .Dq Advanced Sockets API for IPv6 (RFC2292). .\" -.Sh BUGS -The text was shamelessly copied from RFC2292. diff --git a/lib/libc/net/inet6_rthdr_space.3 b/lib/libc/net/inet6_rthdr_space.3 index 46b8852930..7a81cda677 100644 --- a/lib/libc/net/inet6_rthdr_space.3 +++ b/lib/libc/net/inet6_rthdr_space.3 @@ -1,5 +1,9 @@ -.\" Copyright (c) 1983, 1987, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. +.\" $KAME: inet6_rthdr_space.3,v 1.11 2005/01/05 03:00:44 itojun Exp $ +.\" $FreeBSD: src/lib/libc/net/inet6_rthdr_space.3,v 1.14 2005/01/23 16:02:48 gnn Exp $ +.\" $DragonFly: src/lib/libc/net/inet6_rthdr_space.3,v 1.3 2005/01/23 17:03:13 hrs Exp $ +.\" +.\" Copyright (C) 2004 WIDE Project. +.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -9,18 +13,14 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the project nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -29,11 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: inet6_rthdr_space.3,v 1.5 2000/02/05 13:19:07 jinmei Exp $ -.\" $FreeBSD: src/lib/libc/net/inet6_rthdr_space.3,v 1.1.2.6 2001/12/14 18:33:55 ru Exp $ -.\" $DragonFly: src/lib/libc/net/inet6_rthdr_space.3,v 1.2 2003/06/17 04:26:44 dillon Exp $ -.\" -.Dd December 10, 1999 +.Dd December 27, 2004 .Dt INET6_RTHDR_SPACE 3 .Os .\" @@ -46,7 +42,7 @@ .Nm inet6_rthdr_segments , .Nm inet6_rthdr_getaddr , .Nm inet6_rthdr_getflags -.Nd IPv6 Routing Header Options manipulation +.Nd IPv6 Routing Header Options Manipulation .\" .Sh LIBRARY .Lb libc @@ -71,223 +67,211 @@ .Fn inet6_rthdr_getflags "const struct cmsghdr *cmsg" "int index" .\" .Sh DESCRIPTION -RFC2292 IPv6 advanced API defines eight -functions that the application calls to build and examine a Routing -header. Four functions build a Routing header: -.Bl -hang -.It Fn inet6_rthdr_space -return #bytes required for ancillary data -.It Fn inet6_rthdr_init -initialize ancillary data for Routing header -.It Fn inet6_rthdr_add -add IPv6 address & flags to Routing header -.It Fn inet6_rthdr_lasthop -specify the flags for the final hop -.El -.Pp -Four functions deal with a returned Routing header: -.Bl -hang -.It Fn inet6_rthdr_reverse -reverse a Routing header -.It Fn inet6_rthdr_segments -return #segments in a Routing header -.It Fn inet6_rthdr_getaddr -fetch one address from a Routing header -.It Fn inet6_rthdr_getflags -fetch one flag from a Routing header -.El -.Pp +.\"The RFC 2292 IPv6 Advanced API has been deprecated in favor of the +.\"newer, RFC 3542 APIs. +.\"On platforms that support it, currently only +.\"FreeBSD, please use the newer API to manipulate routing header +.\"options. +.\".Pp +The RFC 2292 IPv6 Advanced API defined eight functions for +applications to use for building and parsing routing headers. +The +eight functions are split into two groups, the first of which builds +the header and the second of which can parse it. The function prototypes for these functions are all in the -.Aq Li netinet/in.h +.In netinet/in.h header. +Although direct manipulation of a routing header is possible +this set of APIs make it unnecessary and such direct manipulation +should be avoided so that changes to the underlying structures do not +break applications. +.Pp +Please note that RFC 2292 uses the term +.Dq segments +instead of the term +.Dq addresses +but they are considered equivalent for this manual page. .\" .Ss inet6_rthdr_space -This function returns the number of bytes required to hold a Routing -header of the specified +The +.Fn inet6_rthdr_space +function returns the number of bytes required to hold a routing header +of the specified .Fa type -containing the specified number of -.Fa segments -(addresses). -For an IPv6 Type 0 Routing header, the number -of segments must be between 1 and 23, inclusive. The return value -includes the size of the cmsghdr structure that precedes the Routing -header, and any required padding. +and containing the specified number of +.Fa segments . +Only one +.Fa type +is supported, +.Dv IPV6_RTHDR_TYPE_0 , +and it can hold from 1 to 23 segments. +The return value includes the +size of the cmsghdr structure that precedes the routing header, and +any required padding. .Pp -If the return value is 0, then either the type of the Routing header -is not supported by this implementation or the number of segments is -invalid for this type of Routing header. +A return value of 0 indicates an error. +Either the type was specified +incorrectly, or the number of segments was less than one or greater +than 23. .Pp -Note: This function returns the size but does not allocate the space -required for the ancillary data. -This allows an application to -allocate a larger buffer, if other ancillary data objects are -desired, since all the ancillary data objects must be specified to -.Xr sendmsg 2 -as a single -.Li msg_control -buffer. +Note: The +.Fn inet6_rthdr_space +function only returns the size required by the routing header and does +not allocate memory for the caller. .\" .Ss inet6_rthdr_init -This function initializes the buffer pointed to by +The +.Fn inet6_rthdr_init +function initializes a buffer, pointed to by .Fa bp -to contain a +with an appropriate .Li cmsghdr -structure followed by a Routing header of the specified +structure followed by a routing header of the specified .Fa type . -The -.Li cmsg_len -member of the -.Li cmsghdr -structure is initialized to the -size of the structure plus the amount of space required by the -Routing header. -The -.Li cmsg_level -and -.Li cmsg_type -members are also initialized as required. .Pp -The caller must allocate the buffer and its size can be determined by -calling -.Fn inet6_rthdr_space . +The caller must use the +.Fn inet6_rthdr_space +function to determine the size of the buffer, and then allocate that +buffer before calling +.Fn inet6_rthdr_init . .Pp -Upon success the return value is the pointer to the +The return value is a pointer to a .Li cmsghdr -structure, and this is then used as the first argument to the next -two functions. -Upon an error the return value is +structure, which is used as the first argument to the +.Fn inet6_rthdr_add +and +.Fn inet6_rthdr_lasthop +functions in order to construct the routing header. +When an error occurs the return value is .Dv NULL . .\" .Ss inet6_rthdr_add -This function adds the address pointed to by +The +.Fn inet6_rthdr_add +function adds the IPv6 address pointed to by .Fa addr to the end of the -Routing header being constructed and sets the type of this hop to the +routing header being constructed and sets the type of this address to the value of .Fa flags . -For an IPv6 Type 0 Routing header, +The .Fa flags -must be -either +must be either .Dv IPV6_RTHDR_LOOSE or -.Dv IPV6_RTHDR_STRICT . +.Dv IPV6_RTHDR_STRICT +indicating whether loose or strict source routing is required. .Pp -If successful, the -.Li cmsg_len -member of the -.Li cmsghdr -structure is -updated to account for the new address in the Routing header and the -return value of the function is 0. -Upon an error the return value of -the function is -1. +When the function succeeds it returns 0, otherwise \-1 is returned. .\" .Ss inet6_rthdr_lasthop -This function specifies the Strict/Loose flag for the final hop of a -Routing header. -For an IPv6 Type 0 Routing header, +The +.Fn inet6_rthdr_lasthop +function specifies the strict or loose flag for the final hop of a +routing header. +The .Fa flags must be either .Dv IPV6_RTHDR_LOOSE or .Dv IPV6_RTHDR_STRICT . .Pp -The return value of the function is 0 upon success, or -1 upon an error. +The return value of the function is 0 upon success, and \-1 when an +error has occurred. .Pp -Notice that a Routing header specifying +Please note that a routing header specifying .Li N intermediate nodes requires .Li N+1 -Strict/Loose flags. -This requires -.Li N -calls to +strict or loose flags meaning that .Fn inet6_rthdr_add -followed by one call to -.Fn inet6_rthdr_lasthop . +must be called +.Li N +times and then +.Fn inet6_rthdr_lasthop +must be called once. .\" .Ss inet6_rthdr_reverse -This function is not yet implemented. -When implemented, this should behave as follows. -.Pp -This function takes a Routing header that was received as ancillary -data -(pointed to by the first argument, -.Fa in ) -and writes a new Routing -header that sends datagrams along the reverse of that route. -Both -arguments are allowed to point to the same buffer -(that is, the reversal can occur in place). +This function was never implemented. .Pp -The return value of the function is 0 on success, or -1 upon an -error. +The following four functions provide an API for parsing a received +routing header. .\" .Ss inet6_rthdr_segments -This function returns the number of segments -(addresses) -contained in -the Routing header described by -.Fa cmsg . -On success the return value is -between 1 and 23, inclusive. -The return value of the function is -1 upon an error. +The +.Fn inet6_rthdr_segments +function returns the number of segments contained in the Routing +header pointed to by the +.Fa cmsg +argument. +On success the return value is from 1 to 23. +When an error occurs \-1 is returned. .\" .Ss inet6_rthdr_getaddr -This function returns a pointer to the IPv6 address specified by +The +.Fn inet6_rthdr_getaddr +function returns a pointer to the IPv6 address specified by the .Fa index -(which must have a value between 1 and the value returned by -.Fn inet6_rthdr_segments ) -in the Routing header described by +argument from the routing header pointed to by .Fa cmsg . -An -application should first call +The index must be between 1 and the number returned by .Fn inet6_rthdr_segments -to obtain the number of segments in the Routing header. +described above. +An application must call +.Fn inet6_rthdr_segments +to obtain the number of segments in the routing header. .Pp -Upon an error the return value of the function is -.Dv NULL . +If an error occurs the +.Dv NULL +is returned. .\" .Ss inet6_rthdr_getflags -This function returns the flags value specified by +The +.Fn inet6_rthdr_getflags +function returns the flags value of the segment specified by .Fa index -(which must -have a value between 0 and the value returned by -.Fn inet6_rthdr_segments ) -in the Routing header described by +of the routing header pointed to by .Fa cmsg . -For an IPv6 Type 0 Routing header the return value will be either +The +.Fa index +argument must be between 0 and the value returned by +.Fn inet6_rthdr_segments . +The return value will be either .Dv IPV6_RTHDR_LOOSE or -.Dv IPV6_RTHDR_STRICT . +.Dv IPV6_RTHDR_STRICT +indicating whether loose or strict source routing was requested for +that segment. .Pp -Upon an error the return value of the function is -1. +When an error occurs \-1 is returned. .Pp -Note: Addresses are indexed starting at 1, and flags starting at 0, -to maintain consistency with the terminology and figures in RFC2460. +Note: Flags begin at index 0 while segments begin at index 1, to +maintain consistency with the terminology and figures in RFC2460. .\" .Sh DIAGNOSTICS +The .Fn inet6_rthdr_space -returns 0 on errors. +function returns 0 when an error occurs. .Pp +The .Fn inet6_rthdr_add , .Fn inet6_rthdr_lasthop -and -.Fn inet6_rthdr_reverse -return 0 on success, and returns -1 on error. +functions return 0 on success, and \-1 on error. .Pp +The .Fn inet6_rthdr_init and .Fn inet6_rthdr_getaddr +functions return .Dv NULL on error. .Pp +The .Fn inet6_rthdr_segments and .Fn inet6_rthdr_getflags -return -1 on error. +functions return -1 on error. .\" .Sh EXAMPLES RFC2292 gives comprehensive examples in chapter 8. @@ -311,14 +295,12 @@ RFC2292 gives comprehensive examples in chapter 8. .Sh HISTORY The implementation first appeared in KAME advanced networking kit. .\" -.Sh STANDARDS -The functions -are documented in -.Dq Advanced Sockets API for IPv6 -(RFC2292). -.\" .Sh BUGS -The text was shamelessly copied from RFC2292. -.Pp +The .Fn inet6_rthdr_reverse -is not implemented yet. +function was never implemented. +.\".Pp +.\"This API is deprecated in favor of +.\".Xr inet6_rth_space 3 +.\".Sh SEE ALSO +.\".Xr inet6_rth_space 3 diff --git a/share/man/man4/icmp6.4 b/share/man/man4/icmp6.4 index 0149ab9f55..7cdad83fdd 100644 --- a/share/man/man4/icmp6.4 +++ b/share/man/man4/icmp6.4 @@ -1,32 +1,10 @@ -.\" Copyright (C) 1999 WIDE Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the project nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" $KAME: icmp6.4,v 1.6 2004/12/27 05:30:56 itojun Exp $ +.\" $OpenBSD: icmp6.4,v 1.19 2004/12/23 20:33:03 jaredy Exp $ +.\" $FreeBSD: src/share/man/man4/icmp6.4,v 1.16 2005/01/23 16:02:48 gnn Exp $ +.\" $DragonFly: src/share/man/man4/icmp6.4,v 1.3 2005/01/23 17:03:13 hrs Exp $ .\" .\" Copyright (c) 1986, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. +.\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -36,11 +14,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -55,53 +29,42 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. -.\" -.\" KAME $Id: icmp6.4,v 1.1 1999/12/17 09:47:01 itojun Exp $ -.\" $FreeBSD: src/share/man/man4/icmp6.4,v 1.1.2.7 2001/12/17 11:30:12 ru Exp $ -.\" $DragonFly: src/share/man/man4/icmp6.4,v 1.2 2003/06/17 04:36:59 dillon Exp $ -.\" -.Dd March 13, 2000 +.Dd December 20, 2004 .Dt ICMP6 4 .Os -.\" .Sh NAME .Nm icmp6 .Nd Internet Control Message Protocol for IPv6 -.\" .Sh SYNOPSIS -.In sys/types.h .In sys/socket.h .In netinet/in.h .In netinet/icmp6.h .Ft int -.Fn socket AF_INET6 SOCK_RAW proto -.\" +.Fn socket AF_INET6 SOCK_RAW IPPROTO_ICMPV6 .Sh DESCRIPTION -.Tn ICMPv6 -is the error and control message protocol used -by -.Tn IPv6 -and the Internet protocol family. +ICMPv6 is the error and control message protocol used by IPv6 and the +IPv6 protocol family (see +.Xr ip6 4 +and +.Xr inet6 4 ) . It may be accessed through a .Dq raw socket for network monitoring and diagnostic functions. +.Pp The .Fa proto -parameter to the socket call to create an -.Tn ICMPv6 -socket is obtained from -.Xr getprotobyname 3 , -or you can use -.Dv IPPROTO_ICMPV6 . -.Tn ICMPv6 -sockets are connectionless, and are normally used with the +parameter to the +.Xr socket 2 +call to create an ICMPv6 socket may be obtained from +.Xr getprotobyname 3 . +ICMPv6 sockets are connectionless, and are normally used with the .Xr sendto 2 and .Xr recvfrom 2 calls, though the .Xr connect 2 call may also be used to fix the destination for future packets -(in which case the +(in which case .Xr read 2 or .Xr recv 2 @@ -111,158 +74,183 @@ or .Xr send 2 system calls may be used). .Pp -Outgoing packets automatically have an -.Tn IPv6 -header prepended to them +Outgoing packets automatically have an IPv6 header prepended to them (based on the destination address). -.Tn ICMPv6 -pseudo header checksum field -.Pq Li icmp6_cksum -will be filled automatically by the kernel. -Incoming packets are received without the -.Tn IPv6 -header nor IPv6 extension headers. -Notice that this behavior is opposite from -.Tn IPv4 -raw sockets and. -.Tn ICMPv4 -sockets. +Incoming packets on the socket are received with the IPv6 header and any +extension headers removed. +.Ss Types +ICMPv6 messages are classified according to the type and code fields +present in the ICMPv6 header. +The abbreviations for the types and codes may be used in rules in +.Xr pf.conf 5 . +The following types are defined: +.Bl -column x xxxxxxxxxxxx -offset indent +.It Sy Num Ta Sy Abbrev. Ta Sy Description +.It 1 Ta unreach Ta "Destination unreachable" +.It 2 Ta toobig Ta "Packet too big" +.It 3 Ta timex Ta "Time exceeded" +.It 4 Ta paramprob Ta "Invalid IPv6 header" +.It 128 Ta echoreq Ta "Echo service request" +.It 129 Ta echorep Ta "Echo service reply" +.It 130 Ta groupqry Ta "Group membership query" +.It 130 Ta listqry Ta "Multicast listener query" +.It 131 Ta grouprep Ta "Group membership report" +.It 131 Ta listenrep Ta "Multicast listener report" +.It 132 Ta groupterm Ta "Group membership termination" +.It 132 Ta listendone Ta "Multicast listerner done" +.It 133 Ta routersol Ta "Router solicitation" +.It 134 Ta routeradv Ta "Router advertisement" +.It 135 Ta neighbrsol Ta "Neighbor solicitation" +.It 136 Ta neighbradv Ta "Neighbor advertisement" +.It 137 Ta redir Ta "Shorter route exists" +.It 138 Ta routrrenum Ta "Route renumbering" +.It 139 Ta fqdnreq Ta "FQDN query" +.It 139 Ta niqry Ta "Node information query" +.It 139 Ta wrureq Ta "Who-are-you request" +.It 140 Ta fqdnrep Ta "FQDN reply" +.It 140 Ta nirep Ta "Node information reply" +.It 140 Ta wrurep Ta "Who-are-you reply" +.It 200 Ta mtraceresp Ta "mtrace response" +.It 201 Ta mtrace Ta "mtrace messages" +.El +.Pp +The following codes are defined: +.Bl -column x xxxxxxxxxxxx xxxxxxxx -offset indent +.It Sy Num Ta Sy Abbrev. Ta Sy Type Ta +.Sy Description +.It 0 Ta noroute-unr Ta unreach Ta "No route to destination" +.It 1 Ta admin-unr Ta unreach Ta "Administratively prohibited" +.It 2 Ta beyond-unr Ta unreach Ta "Beyond scope of source address" +.It 2 Ta notnbr-unr Ta unreach Ta "Not a neighbor (obselete)" +.It 3 Ta addr-unr Ta unreach Ta "Address unreachable" +.It 4 Ta port-unr Ta unreach Ta "Port unreachable" +.It 0 Ta transit Ta timex Ta "Time exceeded in transit" +.It 1 Ta reassemb Ta timex Ta "Time exceeded in reassembly" +.It 0 Ta badhead Ta paramprob Ta "Erroneous header field" +.It 1 Ta nxthdr Ta paramprob Ta "Unrecognized next header" +.It 2 Ta "" Ta redir Ta "Unrecognized option" +.It 0 Ta redironlink Ta redir Ta "Redirection to on-link node" +.It 1 Ta redirrouter Ta redir Ta "Redirection to better router" +.El +.Ss Headers +All ICMPv6 messages are prefixed with an ICMPv6 header. +This header corresponds to the +.Vt icmp6_hdr +structure and has the following definition: +.Bd -literal -offset indent +struct icmp6_hdr { + u_int8_t icmp6_type; /* type field */ + u_int8_t icmp6_code; /* code field */ + u_int16_t icmp6_cksum; /* checksum field */ + union { + u_int32_t icmp6_un_data32[1]; /* type-specific */ + u_int16_t icmp6_un_data16[2]; /* type-specific */ + u_int8_t icmp6_un_data8[4]; /* type-specific */ + } icmp6_dataun; +} __packed; + +#define icmp6_data32 icmp6_dataun.icmp6_un_data32 +#define icmp6_data16 icmp6_dataun.icmp6_un_data16 +#define icmp6_data8 icmp6_dataun.icmp6_un_data8 +#define icmp6_pptr icmp6_data32[0] /* parameter prob */ +#define icmp6_mtu icmp6_data32[0] /* packet too big */ +#define icmp6_id icmp6_data16[0] /* echo request/reply */ +#define icmp6_seq icmp6_data16[1] /* echo request/reply */ +#define icmp6_maxdelay icmp6_data16[0] /* mcast group membership*/ +.Ed .Pp -.Ss ICMPv6 type/code filter -Each -.Tn ICMPv6 -raw socket has an associated filter whose datatype is defined as -.Li struct icmp6_filter ; +.Va icmp6_type +describes the type of the message. +Suitable values are defined in +.Aq Pa netinet/icmp6.h . +.Va icmp6_code +describes the sub-type of the message and depends on +.Va icmp6_type . +.Va icmp6_cksum +contains the checksum for the message and is filled in by the +kernel on outgoing messages. +The other fields are used for type-specific purposes. +.Ss Filters +Because of the extra functionality of ICMPv6 in comparison to ICMPv4, +a larger number of messages may be potentially received on an ICMPv6 +socket. +Input filters may therefore be used to restrict input to a subset of the +incoming ICMPv6 messages so only interesting messages are returned by the +.Xr recv 2 +family of calls to an application. .Pp -This structure, along with the macros and constants defined later in -this section, are defined as a result of including the -.Aq Li netinet/icmp6.h -header. +The +.Vt icmp6_filter +structure may be used to refine the input message set according to the +ICMPv6 type. +By default, all messages types are allowed on newly created raw ICMPv6 +sockets. +The following macros may be used to refine the input set: +.Bl -tag -width Ds +.It Fn "void ICMP6_FILTER_SETPASSALL" "struct icmp6_filter *filterp" +Allow all incoming messages. +.Va filterp +is modified to allow all message types. +.It Fn "void ICMP6_FILTER_SETBLOCKALL" "struct icmp6_filter *filterp" +Ignore all incoming messages. +.Va filterp +is modified to ignore all message types. +.It Fn "void ICMP6_FILTER_SETPASS" "int type" \ + "struct icmp6_filter *filterp" +Allow ICMPv6 messages with the given +.Fa type . +.Va filterp +is modified to allow such messages. +.It Fn "void ICMP6_FILTER_SETBLOCK" "int type" \ + "struct icmp6_filter *filterp" +Ignore ICMPv6 messages with the given +.Fa type . +.Va filterp +is modified to ignore such messages. +.It Fn "int ICMP6_FILTER_WILLPASS" "int type" \ + "const struct icmp6_filter *filterp" +Determine if the given filter will allow an ICMPv6 message of the given +type. +.It Fn "int ICMP6_FILTER_WILLBLOCK" "int type" \ + "const struct icmp6_filter *filterp" +Determine if the given filter will ignore an ICMPv6 message of the given +type. +.El .Pp -The current filter is fetched and stored using +The .Xr getsockopt 2 and .Xr setsockopt 2 -with a level of +calls may be used to obtain and install the filter on ICMPv6 sockets at +option level .Dv IPPROTO_ICMPV6 -and an option name of -.Dv ICMP6_FILTER . -.Pp -Six macros operate on an icmp6_filter structure: -.\" is "Fn" legal for macros? -.Bl -item -offset indent -.It -.Ft void -.Fn ICMP6_FILTER_SETPASSALL "struct icmp6_filter *filterp" -.It -.Ft void -.Fn ICMP6_FILTER_SETBLOCKALL "struct icmp6_filter *filterp" -.It -.Ft void -.Fn ICMP6_FILTER_SETPASS "int type" "struct icmp6_filter *filterp" -.It -.Ft void -.Fn ICMP6_FILTER_SETBLOCK "int type" "struct icmp6_filter *filterp" -.It -.Ft int -.Fn ICMP6_FILTER_WILLPASS "int type" "const struct icmp6_filter *filterp" -.It -.Ft int -.Fn ICMP6_FILTER_WILLBLOCK "int type" "const struct icmp6_filter *filterp" -.El -.Pp -The first argument to the last four macros -(an integer) -is an -.Tn ICMPv6 -message type, between 0 and 255. -The pointer argument to all six -macros is a pointer to a filter that is modified by the first four -macros examined by the last two macros. -.Pp -The first two macros, -.Dv SETPASSALL -and -.Dv SETBLOCKALL , -let us specify that -all -.Tn ICMPv6 -messages are passed to the application or that all -.Tn ICMPv6 -messages are blocked from being passed to the application. -.Pp -The next two macros, -.Dv SETPASS -and -.Dv SETBLOCK , -let us specify that -messages of a given -.Tn ICMPv6 -type should be passed to the application -or not passed to the application -(blocked). -.Pp -The final two macros, -.Dv WILLPASS -and -.Dv WILLBLOCK , -return true or false -depending whether the specified message type is passed to the -application or blocked from being passed to the application by the -filter pointed to by the second argument. -.Pp -When an -.Tn ICMPv6 -raw socket is created, it will by default pass all -.Tn ICMPv6 -message types to the application. -.Pp -For further discussions see RFC2292. -.\" -.Sh ERRORS -A socket operation may fail with one of the following errors returned: -.Bl -tag -width Er -.It Bq Er EISCONN -when trying to establish a connection on a socket which -already has one, or when trying to send a datagram with the destination -address specified and the socket is already connected; -.It Bq Er ENOTCONN -when trying to send a datagram, but -no destination address is specified, and the socket hasn't been -connected; -.It Bq Er ENOBUFS -when the system runs out of memory for -an internal data structure; -.It Bq Er EADDRNOTAVAIL -when an attempt is made to create a -socket with a network address for which no network interface exists. -.El -.\" +and name +.Dv ICMPV6_FILTER +with a pointer to the +.Vt icmp6_filter +structure as the option value. .Sh SEE ALSO +.Xr getsockopt 2 , .Xr recv 2 , .Xr send 2 , +.Xr setsockopt 2 , +.Xr socket 2 , +.Xr getprotobyname 3 , .Xr inet6 4 , -.Xr intro 4 , -.Xr ip6 4 +.Xr ip6 4 , +.Xr netintro 4 .Rs .%A W. Stevens .%A M. Thomas -.%R RFC -.%N 2292 +.%T Advanced Sockets API for IPv6 +.%N RFC 2292 .%D February 1998 -.%T "Advanced Sockets API for IPv6" .Re .Rs .%A A. Conta .%A S. Deering -.%R RFC -.%N 2463 +.%T "Internet Control Message Protocol (ICMPv6) for the Internet" \ + "Protocol Version 6 (IPv6) Specification" +.%N RFC 2463 .%D December 1998 -.%T "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification" .Re -.\" -.Sh HISTORY -The implementation is based on KAME stack -(which is descendant of WIDE hydrangea IPv6 stack kit). -.Pp -Part of the document was shamelessly copied from RFC2292. diff --git a/share/man/man4/ip6.4 b/share/man/man4/ip6.4 index 4daec1fe43..329fddd6ee 100644 --- a/share/man/man4/ip6.4 +++ b/share/man/man4/ip6.4 @@ -1,31 +1,7 @@ -.\" $KAME: ip6.4,v 1.14 2001/02/26 09:31:39 itojun Exp $ -.\" -.\" Copyright (C) 1999 WIDE Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the project nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" $KAME: ip6.4,v 1.23 2005/01/11 05:56:25 itojun Exp $ +.\" $OpenBSD: ip6.4,v 1.21 2005/01/06 03:50:46 itojun Exp $ +.\" $FreeBSD: src/share/man/man4/ip6.4,v 1.18 2005/01/23 16:02:48 gnn Exp $ +.\" $DragonFly: src/share/man/man4/ip6.4,v 1.3 2005/01/23 17:03:13 hrs Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -38,11 +14,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -57,652 +29,659 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/share/man/man4/ip6.4,v 1.1.2.8 2001/12/17 11:30:12 ru Exp $ -.\" $DragonFly: src/share/man/man4/ip6.4,v 1.2 2003/06/17 04:36:59 dillon Exp $ -.\" -.Dd March 13, 2000 +.Dd December 29, 2004 .Dt IP6 4 .Os -.\" .Sh NAME .Nm ip6 -.Nd Internet Protocol version 6 (IPv6) -.\" +.Nd Internet Protocol version 6 (IPv6) network layer .Sh SYNOPSIS -.In sys/types.h .In sys/socket.h .In netinet/in.h .Ft int .Fn socket AF_INET6 SOCK_RAW proto -.\" .Sh DESCRIPTION -.Tn IPv6 -is the network layer protocol used by the Internet protocol version 6 family -.Pq Dv AF_INET6 . -Options may be set at the -.Tn IPv6 -level when using higher-level protocols that are based on -.Tn IPv6 -(such as -.Tn TCP +The IPv6 network layer is used by the IPv6 protocol family for +transporting data. +IPv6 packets contain an IPv6 header that is not provided as part of the +payload contents when passed to an application. +IPv6 header options affect the behavior of this protocol and may be used +by high-level protocols (such as the +.Xr tcp 4 and -.Tn UDP ) . -It may also be accessed through a -.Dq raw socket -when developing new protocols, or special-purpose applications. -.Pp -There are several -.Tn IPv6-level -.Xr setsockopt 2 Ns / Ns Xr getsockopt 2 -options. -They are separated into the basic IPv6 sockets API -(defined in RFC2553), -and the advanced API -(defined in RFC2292). -The basic API looks very similar to the API presented in -.Xr ip 4 . -Advanced API uses ancillary data and can handle more complex cases. +.Xr udp 4 +protocols) as well as directly by +.Dq raw sockets , +which process IPv6 messages at a lower-level and may be useful for +developing new protocols and special-purpose applications. +.Ss Header +All IPv6 packets begin with an IPv6 header. +When data received by the kernel are passed to the application, this +header is not included in buffer, even when raw sockets are being used. +Likewise, when data are sent to the kernel for transmit from the +application, the buffer is not examined for an IPv6 header: +the kernel always constructs the header. +To directly access IPv6 headers from received packets and specify them +as part of the buffer passed to the kernel, link-level access +.Po +.Xr bpf 4 , +for example +.Pc +must instead be utilized. .Pp -To specify some of socket options, certain privilege -(i.e. root privilege) is required. -.\" -.Ss Basic IPv6 sockets API -.Dv IPV6_UNICAST_HOPS -may be used to set the hoplimit field in the -.Tn IPv6 -header. -As symbol name suggests, the option controls hoplimit field on unicast packets. -If -1 is specified, the kernel will use a default value. -If a value of 0 to 255 is specified, the packet will have the specified -value as hoplimit. -Other values are considered invalid, and -.Er EINVAL -will be returned. -For example: +The header has the following definition: .Bd -literal -offset indent -int hlim = 60; /* max = 255 */ -setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &hlim, sizeof(hlim)); +struct ip6_hdr { + union { + struct ip6_hdrctl { + u_int32_t ip6_un1_flow; /* 20 bits of flow ID */ + u_int16_t ip6_un1_plen; /* payload length */ + u_int8_t ip6_un1_nxt; /* next header */ + u_int8_t ip6_un1_hlim; /* hop limit */ + } ip6_un1; + u_int8_t ip6_un2_vfc; /* version and class */ + } ip6_ctlun; + struct in6_addr ip6_src; /* source address */ + struct in6_addr ip6_dst; /* destination address */ +} __packed; + +#define ip6_vfc ip6_ctlun.ip6_un2_vfc +#define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow +#define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen +#define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt +#define ip6_hlim ip6_ctlun.ip6_un1.ip6_un1_hlim +#define ip6_hops ip6_ctlun.ip6_un1.ip6_un1_hlim .Ed .Pp -.Tn IPv6 -multicasting is supported only on -.Dv AF_INET6 -sockets of type -.Dv SOCK_DGRAM +All fields are in network-byte order. +Any options specified (see +.Sx Options +below) must also be specified in network-byte order. +.Pp +.Va ip6_flow +specifies the flow ID. +.Va ip6_plen +specifies the payload length. +.Va ip6_nxt +specifies the type of the next header. +.Va ip6_hlim +specifies the hop limit. +.Pp +The top 4 bits of +.Va ip6_vfc +specify the class and the bottom 4 bits specify the version. +.Pp +.Va ip6_src and -.Dv SOCK_RAW, -and only on networks where the interface driver supports multicasting. +.Va ip6_dst +specify the source and destination addresses. .Pp -The -.Dv IPV6_MULTICAST_HOPS -option changes the hoplimit for outgoing multicast datagrams -in order to control the scope of the multicasts: +The IPv6 header may be followed by any number of extension headers that start +with the following generic definition: .Bd -literal -offset indent -unsigned int hlim; /* range: 0 to 255, default = 1 */ -setsockopt(s, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &hlim, sizeof(hlim)); +struct ip6_ext { + u_int8_t ip6e_nxt; + u_int8_t ip6e_len; +} __packed; .Ed -.Pp -Datagrams with a hoplimit of 1 are not forwarded beyond the local network. -Multicast datagrams with a hoplimit of 0 will not be transmitted on any network, -but may be delivered locally if the sending host belongs to the destination -group and if multicast loopback has not been disabled on the sending socket -(see below). -Multicast datagrams with hoplimit greater than 1 may be forwarded -to other networks if a multicast router is attached to the local network. -.Pp -For hosts with multiple interfaces, each multicast transmission is -sent from the primary network interface. -The -.Dv IPV6_MULTICAST_IF -option overrides the default for -subsequent transmissions from a given socket: -.Bd -literal -offset indent -unsigned int outif; -outif = if_nametoindex("ne0"); -setsockopt(s, IPPROTO_IPV6, IPV6_MULTICAST_IF, &outif, sizeof(outif)); -.Ed -.Pp -where "outif" is an interface index of the desired interface, -or 0 to specify the default interface. -.Pp -If a multicast datagram is sent to a group to which the sending host itself -belongs (on the outgoing interface), a copy of the datagram is, by default, -looped back by the IPv6 layer for local delivery. -The -.Dv IPV6_MULTICAST_LOOP -option gives the sender explicit control -over whether or not subsequent datagrams are looped back: -.Bd -literal -offset indent -u_char loop; /* 0 = disable, 1 = enable (default) */ -setsockopt(s, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &loop, sizeof(loop)); -.Ed -.Pp -This option -improves performance for applications that may have no more than one -instance on a single host (such as a router daemon), by eliminating -the overhead of receiving their own transmissions. -It should generally not be used by applications for which there -may be more than one instance on a single host (such as a conferencing -program) or for which the sender does not belong to the destination -group (such as a time querying program). -.Pp -A multicast datagram sent with an initial hoplimit greater than 1 may be delivered -to the sending host on a different interface from that on which it was sent, -if the host belongs to the destination group on that other interface. -The loopback control option has no effect on such delivery. -.Pp +.Ss Options +IPv6 allows header options on packets to manipulate the behavior of the +protocol. +These options and other control requests are accessed with the +.Xr getsockopt 2 +and +.Xr setsockopt 2 +system calls at level +.Dv IPPROTO_IPV6 +and by using ancillary data in +.Xr recvmsg 2 +and +.Xr sendmsg 2 . +They can be used to access most of the fields in the IPv6 header and +extension headers. +.Pp +The following socket options are supported: +.Bl -tag -width Ds +.\" .It Dv IPV6_OPTIONS +.It Dv IPV6_UNICAST_HOPS Fa "int *" +Get or set the default hop limit header field for outgoing unicast +datagrams sent on this socket. +A value of \-1 resets to the default value. +.\" .It Dv IPV6_RECVOPTS Fa "int *" +.\" Get or set the status of whether all header options will be +.\" delivered along with the datagram when it is received. +.\" .It Dv IPV6_RECVRETOPTS Fa "int *" +.\" Get or set the status of whether header options will be delivered +.\" for reply. +.\" .It Dv IPV6_RECVDSTADDR Fa "int *" +.\" Get or set the status of whether datagrams are received with +.\" destination addresses. +.\" .It Dv IPV6_RETOPTS +.\" Get or set IPv6 options. +.It Dv IPV6_MULTICAST_IF Fa "u_int *" +Get or set the interface from which multicast packets will be sent. +For hosts with multiple interfaces, each multicast transmission is sent +from the primary network interface. +The interface is specified as its index as provided by +.Xr if_nametoindex 3 . +A value of zero specifies the default interface. +.It Dv IPV6_MULTICAST_HOPS Fa "int *" +Get or set the default hop limit header field for outgoing multicast +datagrams sent on this socket. +This option controls the scope of multicast datagram transmissions. +.Pp +Datagrams with a hop limit of 1 are not forwarded beyond the local +network. +Multicast datagrams with a hop limit of zero will not be transmitted on +any network but may be delivered locally if the sending host belongs to +the destination group and if multicast loopback (see below) has not been +disabled on the sending socket. +Multicast datagrams with a hop limit greater than 1 may be forwarded to +the other networks if a multicast router (such as +.Xr mrouted 8 ) +is attached to the local network. +.It Dv IPV6_MULTICAST_LOOP Fa "u_int *" +Get or set the status of whether multicast datagrams will be looped back +for local delivery when a multicast datagram is sent to a group to which +the sending host belongs. +.Pp +This option improves performance for applications that may have no more +than one instance on a single host (such as a router daemon) by +eliminating the overhead of receiving their own transmissions. +It should generally not be used by applications for which there may be +more than one instance on a single host (such as a conferencing program) +or for which the sender does not belong to the destination group +(such as a time-querying program). +.Pp +A multicast datagram sent with an initial hop limit greater than 1 may +be delivered to the sending host on a different interface from that on +which it was sent if the host belongs to the destination group on that +other interface. +The multicast loopback control option has no effect on such delivery. +.It Dv IPV6_JOIN_GROUP Fa "struct ipv6_mreq *" +Join a multicast group. A host must become a member of a multicast group before it can receive datagrams sent to the group. -To join a multicast group, use the -.Dv IPV6_JOIN_GROUP -option: -.Bd -literal -offset indent -struct ipv6_mreq mreq6; -setsockopt(s, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq6, sizeof(mreq6)); +.Bd -literal +struct ipv6_mreq { + struct in6_addr ipv6mr_multiaddr; + unsigned int ipv6mr_interface; +}; .Ed .Pp -where -.Fa mreq6 -is the following structure: -.Bd -literal -offset indent -struct ipv6_mreq { - struct in6_addr ipv6mr_multiaddr; - u_int ipv6mr_interface; +.Va ipv6mr_interface +may be set to zeroes to choose the default multicast interface or to the +index of a particular multicast-capable interface if the host is +multihomed. +Membership is associated with a single interface; programs running on +multihomed hosts may need to join the same group on more than one +interface. +.Pp +If the multicast address is unspecified (i.e., all zeroes), messages +from all multicast addresses will be accepted by this group. +Note that setting to this value requires superuser privileges. +.It Dv IPV6_LEAVE_GROUP Fa "struct ipv6_mreq *" +Drop membership from the associated multicast group. +Memberships are automatically dropped when the socket is closed or when +the process exits. +.It Dv IPV6_PORTRANGE Fa "int *" +Get or set the allocation policy of ephemeral ports for when the kernel +automatically binds a local address to this socket. +The following values are available: +.Pp +.Bl -tag -width IPV6_PORTRANGE_DEFAULT -compact +.It Dv IPV6_PORTRANGE_DEFAULT +Use the regular range of non-reserved ports (varies, see +.Xr sysctl 8 ) . +.It Dv IPV6_PORTRANGE_HIGH +Use a high range (varies, see +.Xr sysctl 8 ) . +.It Dv IPV6_PORTRANGE_LOW +Use a low, reserved range (600\-1023). +.El +.It Dv IPV6_PKTINFO Fa "int *" +Get or set whether additional information about subsequent packets will +be provided as ancillary data along with the payload in subsequent +.Xr recvmsg 2 +calls. +The information is stored in the following structure in the ancillary +data returned: +.Bd -literal +struct in6_pktinfo { + struct in6_addr ipi6_addr; /* src/dst IPv6 address */ + unsigned int ipi6_ifindex; /* send/recv if index */ }; .Ed +.It Dv IPV6_HOPLIMIT Fa "int *" +Get or set whether the hop limit header field from subsequent packets +will be provided as ancillary data along with the payload in subsequent +.Xr recvmsg 2 +calls. +The value is stored as an +.Vt int +in the ancillary data returned. +.\" .It Dv IPV6_NEXTHOP Fa "int *" +.\" Get or set whether the address of the next hop for subsequent +.\" packets will be provided as ancillary data along with the payload in +.\" subsequent +.\" .Xr recvmsg 2 +.\" calls. +.\" The option is stored as a +.\" .Vt sockaddr +.\" structure in the ancillary data returned. +.\" .Pp +.\" This option requires superuser privileges. +.It Dv IPV6_HOPOPTS Fa "int *" +Get or set whether the hop-by-hop options from subsequent packets will be +provided as ancillary data along with the payload in subsequent +.Xr recvmsg 2 +calls. +The option is stored in the following structure in the ancillary data +returned: +.Bd -literal +struct ip6_hbh { + u_int8_t ip6h_nxt; /* next header */ + u_int8_t ip6h_len; /* length in units of 8 octets */ +/* followed by options */ +} __packed; +.Ed .Pp -.Dv ipv6mr_interface -should be 0 to choose the default multicast interface, or the -interface index of a particular multicast-capable interface if -the host is multihomed. -Membership is associated with a single interface; -programs running on multihomed hosts may need to -join the same group on more than one interface. +The +.Fn inet6_option_space +routine and family of routines may be used to manipulate this data. .Pp -To drop a membership, use: -.Bd -literal -offset indent -struct ipv6_mreq mreq6; -setsockopt(s, IPPROTO_IPV6, IPV6_LEAVE_GROUP, &mreq6, sizeof(mreq6)); +This option requires superuser privileges. +.It Dv IPV6_DSTOPTS Fa "int *" +Get or set whether the destination options from subsequent packets will +be provided as ancillary data along with the payload in subsequent +.Xr recvmsg 2 +calls. +The option is stored in the following structure in the ancillary data +returned: +.Bd -literal +struct ip6_dest { + u_int8_t ip6d_nxt; /* next header */ + u_int8_t ip6d_len; /* length in units of 8 octets */ +/* followed by options */ +} __packed; .Ed .Pp -where -.Fa mreq6 -contains the same values as used to add the membership. -Memberships are dropped when the socket is closed or the process exits. +The +.Fn inet6_option_space +routine and family of routines may be used to manipulate this data. .Pp -.Dv IPV6_PORTRANGE -controls how ephemeral ports are allocated for -.Dv SOCK_STREAM -and -.Dv SOCK_DGRAM -sockets. -For example, -.Bd -literal -offset indent -int range = IPV6_PORTRANGE_LOW; /* see */ -setsockopt(s, IPPROTO_IPV6, IPV6_PORTRANGE, &range, sizeof(range)); +This option requires superuser privileges. +.It Dv IPV6_RTHDR Fa "int *" +Get or set whether the routing header from subsequent packets will be +provided as ancillary data along with the payload in subsequent +.Xr recvmsg 2 +calls. +The header is stored in the following structure in the ancillary data +returned: +.Bd -literal +struct ip6_rthdr { + u_int8_t ip6r_nxt; /* next header */ + u_int8_t ip6r_len; /* length in units of 8 octets */ + u_int8_t ip6r_type; /* routing type */ + u_int8_t ip6r_segleft; /* segments left */ +/* followed by routing-type-specific data */ +} __packed; .Ed .Pp -.Dv IPV6_V6ONLY -controls behavior of -.Dv AF_INET6 -wildcard listening socket. -The following example sets the option to 1: -.Bd -literal -offset indent -int on = 1; -setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)); -.Ed +The +.Fn inet6_option_space +routine and family of routines may be used to manipulate this data. +.Pp +This option requires superuser privileges. +.It Dv IPV6_PKTOPTIONS Fa "struct cmsghdr *" +Get or set all header options and extension headers at one time on the +last packet sent or received on the socket. +All options must fit within the size of an mbuf (see +.Xr mbuf 9 ) . +Options are specified as a series of +.Vt cmsghdr +structures followed by corresponding values. +.Va cmsg_level +is set to +.Dv IPPROTO_IPV6 , +.Va cmsg_type +to one of the other values in this list, and trailing data to the option +value. +When setting options, if the length +.Va optlen +to +.Xr setsockopt 2 +is zero, all header options will be reset to their default values. +Otherwise, the length should specify the size the series of control +messages consumes. .Pp -If set to 1, -.Dv AF_INET6 -wildcard listening socket will accept IPv6 traffic only. -If set to 0, it will accept IPv4 traffic as well, -as if it was from IPv4 mapped address like -.Li ::ffff:10.1.1.1 . -.\" RFC2553 defines the behavior when the variable is set to 0. -Note that if you set it this to 0, -IPv4 access control gets much more complicated. -For example, even if you have no listening -.Dv AF_INET -listening socket on port -.Li X , -you will end up accepting IPv4 traffic by -.Dv AF_INET6 -listening socket on the same port. -The default value for this flag is copied at socket instantiation time, -from -.Li net.inet6.ip6.v6only -.Xr sysctl 3 -variable. -The option affects -.Tn TCP -and -.Tn UDP -sockets only. -.\" -.Ss Advanced IPv6 sockets API -The advanced IPv6 sockets API lets userland programs specify or obtain -details about the IPv6 header and the IPv6 extension headers on packets. -The advanced API uses ancillary data for passing data from/to the kernel. +Instead of using +.Xr sendmsg 2 +to specify option values, the ancillary data used in these calls that +correspond to the desired header options may be directly specified as +the control message in the series of control messages provided as the +argument to +.Xr setsockopt 2 . +.It Dv IPV6_CHECKSUM Fa "int *" +Get or set the byte offset into a packet where the 16-bit checksum is +located. +When set, this byte offset is where incoming packets will be expected +to have checksums of their data stored and where outgoing packets will +have checksums of their data computed and stored by the kernel. +A value of \-1 specifies that no checksums will be checked on incoming +packets and that no checksums will be computed or stored on outgoing +packets. +The offset of the checksum for ICMPv6 sockets cannot be relocated or +turned off. +.It Dv IPV6_V6ONLY Fa "int *" +Get or set whether only IPv6 connections can be made to this socket. +For wildcard sockets, this can restrict connections to IPv6 only. +.\"With +.\".Ox +.\"IPv6 sockets are always IPv6-only, so the socket option is read-only +.\"(not modifiable). +.It Dv IPV6_FAITH Fa "int *" +Get or set the status of whether +.Xr faith 4 +connections can be made to this socket. +.It Dv IPV6_USE_MIN_MTU Fa "int *" +Get or set whether the minimal IPv6 maximum transmission unit (MTU) size +will be used to avoid fragmentation from occurring for subsequent +outgoing datagrams. +.It Dv IPV6_AUTH_LEVEL Fa "int *" +Get or set the +.Xr ipsec 4 +authentication level. +.It Dv IPV6_ESP_TRANS_LEVEL Fa "int *" +Get or set the ESP transport level. +.It Dv IPV6_ESP_NETWORK_LEVEL Fa "int *" +Get or set the ESP encapsulation level. +.It Dv IPV6_IPCOMP_LEVEL Fa "int *" +Get or set the +.Xr ipcomp 4 +level. +.El .Pp -There are -.Xr setsockopt 2 Ns / Ns Xr getsockopt 2 -options to get optional information on incoming packets. -They are +The .Dv IPV6_PKTINFO , +.\" .Dv IPV6_NEXTHOP , .Dv IPV6_HOPLIMIT , .Dv IPV6_HOPOPTS , .Dv IPV6_DSTOPTS , and -.Dv IPV6_RTHDR . -.Bd -literal -offset indent -int on = 1; - -setsockopt(fd, IPPROTO_IPV6, IPV6_PKTINFO, &on, sizeof(on)); -setsockopt(fd, IPPROTO_IPV6, IPV6_HOPLIMIT, &on, sizeof(on)); -setsockopt(fd, IPPROTO_IPV6, IPV6_HOPOPTS, &on, sizeof(on)); -setsockopt(fd, IPPROTO_IPV6, IPV6_DSTOPTS, &on, sizeof(on)); -setsockopt(fd, IPPROTO_IPV6, IPV6_RTHDR, &on, sizeof(on)); -.Ed -.Pp -When any of these options are enabled, the corresponding data is -returned as control information by -.Xr recvmsg 2 , -as one or more ancillary data objects. -.Pp -If -.Dv IPV6_PKTINFO -is enabled, the destination IPv6 address and the arriving interface index -will be available via -.Li struct in6_pktinfo -on ancillary data stream. -You can pick the structure by checking for an ancillary data item with -.Li cmsg_level -equals to -.Dv IPPROTO_IPV6 , -and -.Li cmsg_type -equals to -.Dv IPV6_PKTINFO . -.Pp -If -.Dv IPV6_HOPLIMIT -is enabled, hoplimit value on the packet will be made available to the -userland program. -Ancillary data stream will contain an integer data item with -.Li cmsg_level -equals to -.Dv IPPROTO_IPV6 , -and -.Li cmsg_type -equals to -.Dv IPV6_HOPLIMIT . -.Pp -.Xr inet6_option_space 3 -and friends will help you parse ancillary data items for -.Dv IPV6_HOPOPTS -and -.Dv IPV6_DSTOPTS . -Similarly, -.Xr inet6_rthdr_space 3 -and friends will help you parse ancillary data items for -.Dv IPV6_RTHDR . -.Pp -.Dv IPV6_HOPOPTS +.Dv IPV6_RTHDR +options will return ancillary data along with payload contents in subsequent +.Xr recvmsg 2 +calls with +.Va cmsg_level +set to +.Dv IPPROTO_IPV6 and -.Dv IPV6_DSTOPTS -may appear multiple times on an ancillary data stream -(note that the behavior is slightly different than the specification). -Other ancillary data item will appear no more than once. -.Pp -For outgoing direction, -you can pass ancillary data items with normal payload data, using -.Xr sendmsg 2 . -Ancillary data items will be parsed by the kernel, and used to construct -the IPv6 header and extension headers. -For the 5 -.Li cmsg_level -values listed above, ancillary data format is the same as inbound case. -Additionally, you can specify -.Dv IPV6_NEXTHOP -data object. -The -.Dv IPV6_NEXTHOP -ancillary data object specifies the next hop for the -datagram as a socket address structure. -In the -.Li cmsghdr -structure -containing this ancillary data, the -.Li cmsg_level -member will be -.Dv IPPROTO_IPV6 , -the -.Li cmsg_type -member will be -.Dv IPV6_NEXTHOP , -and the first byte of -.Li cmsg_data[] -will be the first byte of the socket address structure. -.Pp -If the socket address structure contains an IPv6 address (e.g., the -sin6_family member is -.Dv AF_INET6 ) , -then the node identified by that -address must be a neighbor of the sending host. -If that address -equals the destination IPv6 address of the datagram, then this is -equivalent to the existing -.Dv SO_DONTROUTE -socket option. -.Pp -For applications that do not, or unable to use -.Xr sendmsg 2 -or -.Xr recvmsg 2 , -.Dv IPV6_PKTOPTIONS -socket option is defined. -Setting the socket option specifies any of the optional output fields: -.Bd -literal -offset indent -setsockopt(fd, IPPROTO_IPV6, IPV6_PKTOPTIONS, &buf, len); -.Ed -.Pp -The fourth argument points to a buffer containing one or more -ancillary data objects, and the fifth argument is the total length of -all these objects. -The application fills in this buffer exactly as -if the buffer were being passed to +.Va cmsg_type +set to respective option name value (e.g., +.Dv IPV6_HOPTLIMIT ) . +These options may also be used directly as ancillary +.Va cmsg_type +values in .Xr sendmsg 2 -as control information. -.Pp -The options set by calling -.Xr setsockopt 2 -for -.Dv IPV6_PKTOPTIONS -are -called "sticky" options because once set they apply to all packets -sent on that socket. -The application can call -.Xr setsockopt 2 -again to -change all the sticky options, or it can call -.Xr setsockopt 2 -with a -length of 0 to remove all the sticky options for the socket. -.Pp -The corresponding receive option -.Bd -literal -offset indent -getsockopt(fd, IPPROTO_IPV6, IPV6_PKTOPTIONS, &buf, &len); -.Ed -.Pp -returns a buffer with one or more ancillary data objects for all the -optional receive information that the application has previously -specified that it wants to receive. -The fourth argument points to -the buffer that is filled in by the call. -The fifth argument is a -pointer to a value-result integer: when the function is called the -integer specifies the size of the buffer pointed to by the fourth -argument, and on return this integer contains the actual number of -bytes that were returned. -The application processes this buffer -exactly as if the buffer were returned by -.Xr recvmsg 2 -as control information. -.\" -.Ss Advanced API and TCP sockets -When using -.Xr getsockopt 2 -with the -.Dv IPV6_PKTOPTIONS -option and a -.Tn TCP -socket, only the options from the most recently received segment are -retained and returned to the caller, and only after the socket option -has been set. -.\" That is, -.\" .Tn TCP -.\" need not start saving a copy of the options until the application says -.\" to do so. -The application is not allowed to specify ancillary data in a call to +to set options on the packet being transmitted by the call. +The +.Va cmsg_level +value must be +.Dv IPPROTO_IPV6 . +For these options, the ancillary data object value format is the same +as the value returned as explained for each when received with +.Xr recvmsg 2 . +.Pp +Note that using .Xr sendmsg 2 -on a -.Tn TCP -socket, and none of the ancillary data that we -described above is ever returned as control information by -.Xr recvmsg 2 -on a -.Tn TCP -socket. -.\" -.Ss Conflict resolution -In some cases, there are multiple APIs defined for manipulating -a IPv6 header field. -A good example is the outgoing interface for multicast datagrams: -it can be manipulated by +to specify options on particular packets works only on UDP and raw sockets. +To manipulate header options for packets on TCP sockets, only the socket +options may be used. +.Pp +In some cases, there are multiple APIs defined for manipulating an IPv6 +header field. +A good example is the outgoing interface for multicast datagrams, which +can be set by the .Dv IPV6_MULTICAST_IF -in basic API, +socket option, through the .Dv IPV6_PKTINFO -in advanced API, and -.Li sin6_scope_id -field of the socket address passed to -.Xr sendto 2 . -.Pp -When conflicting options are given to the kernel, -the kernel will get the value in the following preference: -(1) options specified by using ancillary data, -(2) options specified by a sticky option of the advanced API, -(3) options specified by using the basic API, and lastly -(4) options specified by a socket address. -Note that the conflict resolution is undefined in the API specifcation -and implementation dependent. -.\" -.Ss "Raw IPv6 Sockets" -Raw -.Tn IPv6 -sockets are connectionless, and are normally used with the +option, and through the +.Va sin6_scope_id +field of the socket address passed to the +.Xr sendto 2 +system call. +.Pp +Resolving these conflicts is implementation dependent. +This implementation determines the value in the following way: +options specified by using ancillary data (i.e., +.Xr sendmsg 2 ) +are considered first, +options specified by using +.Dv IPV6_PKTOPTIONS +to set +.Dq sticky +options are considered second, +options specified by using the individual, basic, and direct socket +options (e.g., +.Dv IPV6_UNICAST_HOPS ) +are considered third, +and options specified in the socket address supplied to +.Xr sendto 2 +are the last choice. +.Ss Multicasting +IPv6 multicasting is supported only on +.Dv AF_INET6 +sockets of type +.Dv SOCK_DGRAM +and +.Dv SOCK_RAW , +and only on networks where the interface driver supports +multicasting. +Socket options (see above) that manipulate membership of +multicast groups and other multicast options include +.Dv IPV6_MULTICAST_IF , +.Dv IPV6_MULTICAST_HOPS , +.Dv IPV6_MULTICAST_LOOP , +.Dv IPV6_LEAVE_GROUP , +and +.Dv IPV6_JOIN_GROUP . +.Ss Raw Sockets +Raw IPv6 sockets are connectionless and are normally used with the .Xr sendto 2 and .Xr recvfrom 2 -calls, though the +calls, although the .Xr connect 2 -call may also be used to fix the destination for future -packets (in which case the -.Xr read 2 -or -.Xr recv 2 -and -.Xr write 2 -or +call may be used to fix the destination address for future outgoing +packets so that .Xr send 2 -system calls may be used). -.Pp -If -.Fa proto -is 0, the default protocol -.Dv IPPROTO_RAW -is used for outgoing packets, and only incoming packets destined -for that protocol are received. -If -.Fa proto -is non-zero, that protocol number will be used on outgoing packets -and to filter incoming packets. -.Pp -Outgoing packets automatically have an -.Tn IPv6 -header prepended to them (based on the destination address and the -protocol number the socket is created with). -Incoming packets are received without -.Tn IPv6 -header nor extension headers. -.Pp -All data sent via raw sockets MUST be in network byte order and all -data received via raw sockets will be in network byte order. -This differs from the IPv4 raw sockets, which did not specify a byte -ordering and typically used the host's byte order. -.Pp -Another difference from IPv4 raw sockets is that complete packets -(that is, IPv6 packets with extension headers) cannot be read or -written using the IPv6 raw sockets API. -Instead, ancillary data -objects are used to transfer the extension headers, as described above. -Should an application need access to the -complete IPv6 packet, some other technique, such as the datalink -interfaces, such as -.Xr bpf 4 , -must be used. -.Pp -All fields in the IPv6 header that an application might want to -change (i.e., everything other than the version number) can be -modified using ancillary data and/or socket options by the -application for output. -All fields in a received IPv6 header (other -than the version number and Next Header fields) and all extension -headers are also made available to the application as ancillary data -on input. -Hence there is no need for a socket option similar to the -IPv4 -.Dv IP_HDRINCL -socket option. -.Pp -When writing to a raw socket the kernel will automatically fragment -the packet if its size exceeds the path MTU, inserting the required -fragmentation headers. On input the kernel reassembles received -fragments, so the reader of a raw socket never sees any fragment -headers. +may instead be used and the +.Xr bind 2 +call may be used to fix the source address for future outgoing +packets instead of having the kernel choose a source address. .Pp -Most IPv4 implementations give special treatment to a raw socket -created with a third argument to +By using +.Xr connect 2 +or +.Xr bind 2 , +raw socket input is constrained to only packets with their +source address matching the socket destination address if +.Xr connect 2 +was used and to packets with their destination address +matching the socket source address if +.Xr bind 2 +was used. +.Pp +If the +.Ar proto +argument to .Xr socket 2 -of -.Dv IPPROTO_RAW , -whose value is normally 255. -We note that this value has no special meaning to -an IPv6 raw socket (and the IANA currently reserves the value of 255 -when used as a next-header field). -.\" Note: This feature was added to -.\" IPv4 in 1988 by Van Jacobson to support traceroute, allowing a -.\" complete IP header to be passed by the application, before the -.\" .Dv IP_HDRINCL -.\" socket option was added. -.Pp -For ICMPv6 raw sockets, -the kernel will calculate and insert the ICMPv6 checksum for -since this checksum is mandatory. +is zero, the default protocol +.Pq Dv IPPROTO_RAW +is used for outgoing packets. +For incoming packets, protocols recognized by kernel are +.Sy not +passed to the application socket (e.g., +.Xr tcp 4 +and +.Xr udp 4 ) +except for some ICMPv6 messages. +The ICMPv6 messages not passed to raw sockets include echo, timestamp, +and address mask requests. +If +.Ar proto +is non-zero, only packets with this protocol will be passed to the +socket. .Pp -For other raw IPv6 sockets (that is, for raw IPv6 sockets created -with a third argument other than IPPROTO_ICMPV6), the application -must set the new IPV6_CHECKSUM socket option to have the kernel (1) -compute and store a psuedo header checksum for output, -and (2) verify the received -pseudo header checksum on input, -discarding the packet if the checksum is in error. -This option prevents applications from having to perform source -address selection on the packets they send. -The checksum will -incorporate the IPv6 pseudo-header, defined in Section 8.1 of RFC2460. -This new socket option also specifies an integer offset into -the user data of where the checksum is located. -.Bd -literal -offset indent -int offset = 2; -setsockopt(fd, IPPROTO_IPV6, IPV6_CHECKSUM, &offset, sizeof(offset)); +IPv6 fragments are also not passed to application sockets until +they have been reassembled. +If reception of all packets is desired, link-level access (such as +.Xr bpf 4 ) +must be used instead. +.Pp +Outgoing packets automatically have an IPv6 header prepended to them +(based on the destination address and the protocol number the socket +was created with). +Incoming packets are received by an application without the IPv6 header +or any extension headers. +.Pp +Outgoing packets will be fragmented automatically by the kernel if they +are too large. +Incoming packets will be reassembled before being sent to the raw socket, +so packet fragments or fragment headers will never be seen on a raw socket. +.Sh EXAMPLES +The following determines the hop limit on the next packet received: +.Bd -literal +struct iovec iov[2]; +u_char buf[BUFSIZ]; +struct cmsghdr *cm; +struct msghdr m; +int found, optval; +u_char data[2048]; + +/* Create socket. */ + +(void)memset(&m, 0, sizeof(m)); +(void)memset(&iov, 0, sizeof(iov)); + +iov[0].iov_base = data; /* buffer for packet payload */ +iov[0].iov_len = sizeof(data); /* expected packet length */ + +m.msg_name = &from; /* sockaddr_in6 of peer */ +m.msg_namelen = sizeof(from); +m.msg_iov = iov; +m.msg_iovlen = 1; +m.msg_control = (caddr_t)buf; /* buffer for control messages */ +m.msg_controllen = sizeof(buf); + +/* + * Enable the hop limit value from received packets to be + * returned along with the payload. + */ +optval = 1; +if (setsockopt(s, IPPROTO_IPV6, IPV6_HOPLIMIT, &optval, + sizeof(optval)) == -1) + err(1, "setsockopt"); + +found = 0; +while (!found) { + if (recvmsg(s, &m, 0) == -1) + err(1, "recvmsg"); + for (cm = CMSG_FIRSTHDR(&m); cm != NULL; + cm = CMSG_NXTHDR(&m, cm)) { + if (cm->cmsg_level == IPPROTO_IPV6 && + cm->cmsg_type == IPV6_HOPLIMIT && + cm->cmsg_len == CMSG_LEN(sizeof(int))) { + found = 1; + (void)printf("hop limit: %d\en", + *(int *)CMSG_DATA(cm)); + break; + } + } +} .Ed -.Pp -By default, this socket option is disabled. Setting the offset to -1 -also disables the option. By disabled we mean (1) the kernel will -not calculate and store a checksum for outgoing packets, and (2) the -kernel will not verify a checksum for received packets. -.Pp -Note: Since the checksum is always calculated by the kernel for an -ICMPv6 socket, applications are not able to generate ICMPv6 packets -with incorrect checksums (presumably for testing purposes) using this -API. -.\" -.Sh ERRORS +.Sh DIAGNOSTICS A socket operation may fail with one of the following errors returned: -.Bl -tag -width Er +.Bl -tag -width EADDRNOTAVAILxx .It Bq Er EISCONN -when trying to establish a connection on a socket which already -has one, or when trying to send a datagram with the destination -address specified and the socket is already connected; +when trying to establish a connection on a socket which +already has one or when trying to send a datagram with the destination +address specified and the socket is already connected. .It Bq Er ENOTCONN -when trying to send a datagram, but no destination address is -specified, and the socket hasn't been connected; +when trying to send a datagram, but +no destination address is specified, and the socket hasn't been +connected. .It Bq Er ENOBUFS -when the system runs out of memory for an internal data structure; +when the system runs out of memory for +an internal data structure. .It Bq Er EADDRNOTAVAIL -when an attempt is made to create a socket with a network address -for which no network interface exists. +when an attempt is made to create a +socket with a network address for which no network interface +exists. .It Bq Er EACCES -when an attempt is made to create a raw IPv6 socket by a non-privileged process. +when an attempt is made to create +a raw IPv6 socket by a non-privileged process. .El .Pp -The following errors specific to -.Tn IPv6 -may occur: +The following errors specific to IPv6 may occur when setting or getting +header options: .Bl -tag -width EADDRNOTAVAILxx .It Bq Er EINVAL An unknown socket option name was given. .It Bq Er EINVAL -The ancillary data items were improperly formed, or option name was unknown. +An ancillary data object was improperly formed. .El -.\" .Sh SEE ALSO .Xr getsockopt 2 , .Xr recv 2 , .Xr send 2 , .Xr setsockopt 2 , -.Xr inet6_option_space 3 , -.Xr inet6_rthdr_space 3 , +.Xr socket 2 , +.\" .Xr inet6_option_space 3 , +.\" .Xr inet6_rthdr_space 3 , +.Xr if_nametoindex 3 , +.Xr bpf 4 , .Xr icmp6 4 , .Xr inet6 4 , -.Xr intro 4 +.Xr netintro 4 , +.Xr tcp 4 , +.Xr udp 4 .Rs .%A W. Stevens .%A M. Thomas -.%R RFC -.%N 2292 +.%T Advanced Sockets API for IPv6 +.%R RFC 2292 .%D February 1998 -.%T "Advanced Sockets API for IPv6" .Re .Rs .%A S. Deering .%A R. Hinden -.%R RFC -.%N 2460 +.%T Internet Protocol, Version 6 (IPv6) Specification +.%R RFC 2460 .%D December 1998 -.%T "Internet Protocol, Version 6 (IPv6) Specification" .Re .Rs .%A R. Gilligan .%A S. Thomson .%A J. Bound .%A W. Stevens -.%R RFC -.%N 2553 +.%T Basic Socket Interface Extensions for IPv6 +.%R RFC 2553 .%D March 1999 -.%T "Basic Socket Interface Extensions for IPv6" .Re -.\" +.Rs +.%A W. Stevens +.%A B. Fenner +.%A A. Rudoff +.%T UNIX Network Programming, third edition +.Re .Sh STANDARDS -Most of the socket options are defined in -RFC2292 and/or RFC2553. -.Pp +Most of the socket options are defined in RFC 2292 or RFC 2553. +The .Dv IPV6_V6ONLY -socket option is defined in draft-ietf-ipngwg-rfc2553bis-03. -.Dv IPV6_PORTRANGE -socket option -and -conflict resolution rule -are not defined in the RFCs and should be considered implementation dependent. -.\" -.Sh HISTORY -The implementation is based on KAME stack -(which is descendant of WIDE hydrangea IPv6 stack kit). -.Pp -Part of the document was shamelessly copied from RFC2553 and RFC2292. -.\" -.Sh BUGS +socket option is defined in RFC 3542. The -.Dv IPV6_NEXTHOP -object/option is not fully implemented as of writing this. +.Dv IPV6_PORTRANGE +socket option and the conflict resolution rule are not defined in the +RFCs and should be considered implementation dependent. -- 2.41.0