IPv6 hosts allow|deny

Dave Dykstra dwd at drdykstra.us
Mon Jan 20 23:13:00 EST 2003


Thanks for the quick tutorial.  I submitted your patch, changing eth0
to link1 as Hideaki suggested.

- Dave

On Mon, Jan 20, 2003 at 06:35:09PM +0100, Bert Vermeulen wrote:
> On Mon, 20 Jan 2003, Dave Dykstra wrote:
> 
> > On Fri, Jan 17, 2003 at 12:31:26AM +0100, Bert Vermeulen wrote:
> > > On Mon, 13 Jan 2003, Dave Dykstra wrote:
> > >
> > > > I don't understand enough how that syntax works in order to be able
> > > > to write an explanation for people.  Could you please try to write
> > > > something up based on the current version checked in to CVS?
> > >
> > > Here's a patch for the manpage:
> > >
> > > 	http://biot.com/patches/rsync-ipv6-acl-doc.patch
> >
> > I have never been introduced to IPv6 addresses before and there are some
> > things about your documentation that baffle me.  Perhaps I just need to
> > be educated a little, or perhaps it would be useful to include a little
> > more explnation in the documentation.
> >
> > Your patch includes this:
> > > -  it() a dotted decimal IP address of the form a.b.c.d for IPv4 and
> > > -  a.b.c.d.e.f for IPv6. In this case the incoming machine's IP address
> > > +  it() a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address
> > > +  of the form a:b:c::d:e:f. In this case the incoming machine's IP address
> > >    must match exactly.
> >
> > Why is there a blank field between "c" and "d"?    Do you think you
> > should you say something about the fields being hexadecimal for IPv6,
> > or is that obvious to anyone who has seen IPv6 addresses before?
> 
> What Hideaki said, RFC 2373 describes the address format for IPv6.
> 
> But yes, if you've ever dealt with IPv6, certainly this is obvious. I don't
> think it really needs explaining in the rsync docs as such...  If you have
> IPv6 working on the machine, you pretty much already know the address
> format.
> 
> Anyway, briefly... :: denotes a number of 0 values, it's an abbreviation.
> You can only do this once per IPv6 address. It's exactle the same as writing
> this:
> 
> 	000a:000b:000c:0000:0000:000d:000e:000f
> 
> So you can see how a:b:c::d:e:f is easier to type. This is standardized
> stuff, so you're guaranteed to be able to type that into anything that
> parses IPv6 addresses.
> 
> > Your patch also includes this:
> > > +  it() an address/mask in the form ipaddr/n where ipaddr is the IP address
> > > +  and n is the number of one bits in the netmask.  All IP addresses which
> > > +  match the masked IP address will be allowed in.
> > > +
> > > +  it() an address/mask in the form ipaddr/maskaddr where ipaddr is the
> > > +  IP address and maskaddr is the netmask in dotted decimal notation for IPv4,
> > > +  or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP
> > > +  addresses which match the masked IP address will be allowed in.
> >
> >
> > How come a mask includes 4 fields followed by 2 blanks?   What do you
> > mean by "/64"?
> 
> The /64 is just CIDR notation as used in IPv4 as well, i.e. the number of 1
> bits in the network mask. In IPv4, they go up to 32, where a /32 means a
> host. With IPv6, they go up to /128 for a host, however /64 is the
> "standard" netmask for a subnet.
> 
> > Your patch also has this addition:
> > > +Note IPv6 link-local addresses can have a scope in the address specification:
> > > +
> > > +quote(fe80::1%eth0)
> > > +quote(fe80::%eth0/64)
> > > +quote(fe80::%eth0/ffff:ffff:ffff:ffff::)
> >
> > What's a link-local address?
> 
> An address that is only valid for a certain link, i.e. only reachable
> through that interface. Thus the special prefix (fe80) -- and naturally,
> those are only useful if you specify the interface as well, as you might
> have the same link-local address on two different interfaces.
> 
> > What's a scope?
> 
> In the case of a link-local address, the scope of an interface would be the
> subnet behind it.
> 
> > I think I get that the parts after the '/' are masks, but what does it
> > mean to have just two colons in the address, with one field blank and the
> > third one either 1%eth0 or %eth0?
> 
> The 1 is the last part of the address. It goes on until the "%", which
> denotes the start of the interface specification. The "/64" after the
> interface is indeed the netmask.
> 
> 
> Bert Vermeulen
> bert at biot.com



More information about the rsync mailing list