____________________________________________________________________________ IPv6NOTE.txt IPv6-DeleGate Implementation Note Current version: DeleGate/9.0.0 ftp://ftp.delegate.org/pub/DeleGate/alpha/ Yutaka Sato April 22, 2005 ____________________________________________________________________________ DeleGate version 9 started supporting IPv6 as the first step of it. But since I don't have a practical IPv6 environment, nor necessity of it (I'm developing it on MacOS X without IPv6 connection to Internet), I'm not sure if or not it is applicable for practical use. So comments from practical users will be appreciated. Your comments are welcome to be posted to the open feedback board at http://www.delegate.org/feedback/ (via feedback@delegate.org) This note is written for users familiar with DeleGate. If you are not, see the reference manual I expect that just reading 1.1 and 1.2 below is enough for most users of DeleGate who use it as a proxy server for usual application protocol on TCP/IP(v4/v6) like HTTP or so. 1. Common Issue 1.1 IPv6 address notation in DeleGate Use "_" for ":". "%" for scope Id can be used 'as is' in most situation. Example: "__" for "::" "fe80__12_34_56" for "fe80::12:34:56" "fe80__12_34_56%en0" for "fe80::12:34:56%en0" (with scope id name) "fe80__12_34_56%5" for "fe80::12:34:56%5" (with numeric scope id) 1.2 Accepting at IPv6/IPv4 port Specify IPv6 host name or address in -Phost:port option. Example: -P9999 ... accept IPv4 only (for -P0.0.0.0:9999) -P__:9999 ... accept IPv6 only -P__0:9999 ... accept IPv4 and IPv6 together -P9999,__:9999 ... accept IPv4 and IPv6 respectively -Pfe80__12_34%en0:9999 ... accept IPv6 link local address -Pme:9999 HOSTS=me/fe80__12_34%en0 ... by host name "__0" means using IPv4-mapped IPv6 address if it's available on the host. 1.3 Host name resolution to IPv6/IPv4 address By default, IPv4 address is retrieved first. If it's not available, IPv6 next. This order can be controlled with the RES_AF parameter. Example: RES_AF=46 ... retrieve IPv4 address first (default) RES_AF=64 ... retrieve IPv6 address first RES_AF=4 ... retrieve IPv4 address only RES_AF=6 ... retrieve IPv6 address only Or it can be controlled by adding special prefixes for each hostname. Example: hostname ... follows RES_TYPES setting _46.hostname ... retrieve IPv4 address first _64.hostname ... retrieve IPv6 address first _4.hostname ... retrieve IPv4 address only _6.hostname ... retrieve IPv6 address only 1.4 Default access control 64bits mask is used for "on the same networks with me". That is, ".localnet" includes "./ffff_ffff_ffff_ffff__" 1.5 Connecting to IPv6 port Done automatically in most situation. When "%scopeid" cannot be used as in URL, it is necessary to be escaped using HOSTS parameter. Example: HOSTS=v6host/fe80__12_34_56_78%ifn SERVER=ftp://v6host 1.6 Routing by address family of destination host "_6." and "_4." prefix to each host in HostList is introduced. Example: PROXY="v6gw:8080:_6.*" ... forward to the proxy if the server is IPv6 SOCKS="v6gw:1080:_6.*" ... forward to the SOCKS if the server is IPv6 2. Application Protocol Specific Issue 2.1 DNS (RFC1886) The following RR are relayed by DNS-DeleGate as a proxy resolver (with SERVER=dns) AAAA x.x.x...x.x.x.IP6.INT 2.2 FTP (RFC2428) The following commands are supported to represent IPv6 address. EPSV EPRT 2.3 SOCKS (RFC1928) The following methods (for TCP) accept addresses represented in IPv6. CONNECT BIND 2.4 HTTP http://xxxx--yy-zz.ipv6 for xxxx::yy:zz 3. NOT SUPPORTED (YET) subin/dgbind "subin/dgbind", as an executable file with the setuid bit set and owned by super-user, is used to bind a socket to a privileged port, without running the DeleGate itself under super-user. but when this is used with IPv6 address, like -P__:80, it fails because of EACCESS, at least on MacOSX. [must be supported] HOSTS="v46host/{192.168.1.1,ABCD__12_34_56_78} defining a host with mixture of IPv4 and IPv6 addresses. [will not be supported] UDP/IPv6 over SOCKS [should be supported, if someone need it] DNS over UDP over IPv6 [should be supported, if someone need it] http://[x:x:x:x:x:x:x:x] [will not be supported] ____________________________________________________________________________