ITPub博客

首页 > Linux操作系统 > Linux操作系统 > linux ipv6 test/debug programs [转]

linux ipv6 test/debug programs [转]

原创 Linux操作系统 作者:serapy 时间:2011-08-17 11:37:44 0 删除 编辑

4.1. IPv6-ready kernel

Modern Linux distributions already contain IPv6-ready kernels, the IPv6 capability is generally compiled as a module, but it's possible that this module is not loaded automatically on startup.

Note: you shouldn't anymore use kernel series 2.2.x, because it's not IPv6-up-to-date anymore. Also the IPv6 support in series 2.4.x is no longer improved according to definitions in latest RFCs. It's recommend to use series 2.6.x now.

4.1.1. Check for IPv6 support in the current running kernel

To check, whether your current running kernel supports IPv6, take a look into your /proc-file-system. Following entry must exists:

/proc/net/if_inet6

A short automatical test looks like:

# test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"

If this fails, it is quite likely, that the IPv6 module is not loaded.

4.1.2. Try to load IPv6 module

You can try to load the IPv6 module executing

# modprobe ipv6

If this is successful, this module should be listed, testable with following auto-magically line:

# lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded"

And the check shown above should now run successfully.

Note: unloading the module is currently not supported and can result, under some circumstances, in a kernel crash.

4.1.2.1. Automatically loading of module

Its possible to automatically load the IPv6 module on demand. You only have to add following line in the configuration file of the kernel module loader (normally /etc/modules.conf or /etc/conf.modules):

alias net-pf-10 ipv6  # automatically load IPv6 module on demand

It's also possible to disable automatically loading of the IPv6 module using following line

alias net-pf-10 off   # disable automatically load of IPv6 module on demand

Additional note: in kernels series 2.6.x, the module loader mechanism was changed. The new configuration file has to be named /etc/modprobe.conf instead of /etc/modules.conf.

4.1.3. Compile kernel with IPv6 capabilities

If both above shown results were negative and your kernel has no IP6 support, than you have the following options:

  • Update your distribution to a current one which supports IPv6 out-of-the-box (recommended for newbies)

  • Compile a new vanilla kernel (easy, if you know which options you needed)

  • Recompile kernel sources given by your Linux distribution (sometimes not so easy)

  • Compile a kernel with USAGI extensions

If you decide to compile a kernel, you should have previous experience in kernel compiling and read the Linux Kernel HOWTO.

A comparison between vanilla and USAGI extended kernels is available on IPv6+Linux-Status-Kernel.

4.1.3.1. Compiling a vanilla kernel

More detailed hints about compiling an IPv6-enabled kernel can be found e.g. on IPv6-HOWTO-2#kernel.

Note: you should use whenever possible kernel series 2.6.x or above, because the IPv6 support in series 2.4.x only will no longer get backported features from 2.6.x and IPv6 support in series 2.2.x is hopeless outdated.

4.1.3.2. Compiling a kernel with USAGI extensions

Same as for vanilla kernel, only recommend for advanced users, which are already familiar with IPv6 and kernel compilation. See also USAGI project / FAQ and Obtaining the best IPv6 support with Linux (Article) (Mirror).

4.1.4. IPv6-ready network devices

Not all existing network devices have already (or ever) the capability to transport IPv6 packets. A current status can be found at IPv6+Linux-status-kernel.html#transport.

A major issue is that because of the network layer structure of kernel implementation an IPv6 packet isn't really recognized by it's IP header number (6 instead of 4). It's recognized by the protocol number of the Layer 2 transport protocol. Therefore any transport protocol which doesn't use such protocol number cannot dispatch IPv6 packets. Note: the packet is still transported over the link, but on receivers side, the dispatching won't work (you can see this e.g. using tcpdump).

4.1.4.1. Currently known never “IPv6 capable links”

  • Serial Line IP (SLIP, RFC 1055 / SLIP), should be better called now to SLIPv4, device named: slX

  • Parallel Line IP (PLIP), same like SLIP, device names: plipX

  • ISDN with encapsulation rawip, device names: isdnX

4.1.4.2. Currently known “not supported IPv6 capable links”

  • ISDN with encapsulation syncppp, device names: ipppX (design issue of the ipppd, will be merged into more general PPP layer in kernel series 2.5.x)

4.2. IPv6-ready network configuration tools

You wont get very far, if you are running an IPv6-ready kernel, but have no tools to configure IPv6. There are several packages in existence which can configure IPv6.

4.2.1. net-tools package

The net-tool package includes some tools like ifconfig and route, which helps you to configure IPv6 on an interface. Look at the output of ifconfig -? or route -?, if something is shown like IPv6 or inet6, then the tool is IPv6-ready.

Auto-magically check:

# /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is
¬ IPv6-ready"

Same check can be done for route:

# /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready"

4.2.2. iproute package

Alexey N. Kuznetsov (current a maintainer of the Linux networking code) created a tool-set which configures networks through the netlink device. Using this tool-set you have more functionality than net-tools provides, but its not very well documented and isn't for the faint of heart.

# /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready"

If the program /sbin/ip isn't found, then I strongly recommend you install the iproute package.

  • You can get it from your Linux distribution (if contained)

  • You're able to look for a proper RPM package at RPMfind/iproute (sometimes rebuilding of a SRPMS package is recommended)

4.3. IPv6-ready test/debug programs

After you have prepared your system for IPv6, you now want to use IPv6 for network communications. First you should learn how to examine IPv6 packets with a sniffer program. This is strongly recommended because for debugging/troubleshooting issues this can aide in providing a diagnosis very quickly.

4.3.1. IPv6 ping

This program is normally included in package iputils. It is designed for simple transport tests sending ICMPv6 echo-request packets and wait for ICMPv6 echo-reply packets.

Usage

# ping6 
# ping6 
# ping6 [-I ] 

Example

# ping6 -c 1 ::1 
PING ::1(::1) from ::1 : 56 data bytes 
64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec

--- ::1 ping statistics --- 
1 packets transmitted, 1 packets received, 0% packet loss 
round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms

Hint: ping6 needs raw access to socket and therefore root permissions. So if non-root users cannot use ping6 then there are two possible problems:

  1. ping6 is not in users path (probably, because ping6 is generally stored in /usr/sbin -> add path (not really recommended)

  2. ping6 doesn't execute properly, generally because of missing root permissions -> chmod u+s /usr/sbin/ping6

4.3.1.1. Specifying interface for IPv6 ping

Using link-local addresses for an IPv6 ping, the kernel does not know through which (physically or virtual) device it must send the packet - each device has a link-local address. A try will result in following error message:

# ping6 fe80::212:34ff:fe12:3456 
connect: Invalid argument

In this case you have to specify the interface additionally like shown here:

# ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 
PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from
¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes 
64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec

--- fe80::2e0:18ff:fe90:9205 ping statistics --- 
1 packets transmitted, 1 packets received, 0% packet loss round-trip
¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms

4.3.1.2. Ping6 to multicast addresses

An interesting mechanism to detect IPv6-active hosts on a link is to ping6 to the link-local all-node multicast address:

# ping6 -I eth0 ff02::1
PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) 

Unlike in IPv4, where replies to a ping on the broadcast address can be disabled, in IPv6 currently this behavior. cannot be disable except by local IPv6 firewalling.

4.3.2. IPv6 traceroute6

This program is normally included in package iputils. It's a program similar to IPv4 traceroute. Below you will see an example:

# traceroute6 www.6bone.net 
traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30
¬ hops max, 16 byte packets 
 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms 
 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms 
 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms 
 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms 
 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms 
 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms

Note: unlike some modern versions of IPv4 traceroute, which can use ICMPv4 echo-request packets as well as UDP packets (default), current IPv6-traceroute is only able to send UDP packets. As you perhaps already know, ICMP echo-request packets are more accepted by firewalls or ACLs on routers inbetween than UDP packets.

4.3.3. IPv6 tracepath6

This program is normally included in package iputils. It's a program like traceroute6 and traces the path to a given destination discovering the MTU along this path. Below you will see an example:

# tracepath6 www.6bone.net 
 1?: [LOCALHOST] pmtu 1480 
 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms 
 2: 3ffe:b00:c18::5 267.864ms 
 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 
 3: 3ffe:3900:5::2 asymm 4 346.632ms 
 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms 
 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms 
 6: 3ffe:3800::1:1 asymm 4 578.126ms !N 
Resume: pmtu 1280

4.3.4. IPv6 tcpdump

On Linux, tcpdump is the major tool for packet capturing. Below you find some examples. IPv6 support is normally built-in in current releases of version 3.6.

tcpdump uses expressions for filtering packets to minimize the noise:

  • icmp6: filters native ICMPv6 traffic

  • ip6: filters native IPv6 traffic (including ICMPv6)

  • proto ipv6: filters tunneled IPv6-in-IPv4 traffic

  • not port ssh: to suppress displaying SSH packets for running tcpdump in a remote SSH session

Also some command line options are very useful to catch and print more information in a packet, mostly interesting for digging into ICMPv6 packets:

  • “-s 512”: increase the snap length during capturing of a packet to 512 bytes

  • “-vv”: really verbose output

  • “-n”: don't resolve addresses to names, useful if reverse DNS resolving isn't working proper

4.3.4.1. IPv6 ping to 2001:0db8:100:f101::1 native over a local link

# tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 
tcpdump: listening on eth0 
2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo
¬ request (len 64, hlim 64) 
2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo
¬ reply (len 64, hlim 64)

4.3.4.2. IPv6 ping to 2001:0db8:100::1 routed through an IPv6-in-IPv4-tunnel

1.2.3.4 and 5.6.7.8 are tunnel endpoints (all addresses are examples)

# tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 
tcpdump: listening on ppp0 
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request
¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 
5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
¬ 64, hlim 61) (ttl 23, id 29887, len 124) 
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request
¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 
5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
¬ 64, hlim 61) (ttl 23, id 29919, len 124)

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/14766028/viewspace-705080/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2008-10-26

  • 博文量
    38
  • 访问量
    166565