c3d2/c3d2-web
c3d2/c3d2-web
38
3
Fork 1
Code Issues 1 Pull Requests 1 Releases Wiki Activity
373dc4ae8c
c3d2-web/content/static/media/ta-dt-ipv6-scapy/ipv6-folien.html

688 lines
1.9 MiB
HTML
Raw Normal View History

ta-dt-ipv6-scapy: ipv6 slides
2012-04-03 02:16:42 +02:00
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>IPv6</title>
<link rel="stylesheet" type="text/css" media="screen, projection, print"
href="http://www.w3.org/Talks/Tools/Slidy2/styles/slidy.css" />
<script src="http://www.w3.org/Talks/Tools/Slidy2/scripts/slidy.js"
charset="utf-8" type="text/javascript"></script>
<style>
.cover {
text-align: center;
}
div.cover h1 {
font-size: 200%;
padding: 0;
margin: 0;
}
div.slide {
max-width: 52em;
margin: auto;
}
div.slide h2 {
text-align: center;
margin: 1em auto;
}
.false {
text-decoration: line-through;
color: #700;
}
.left, .right {
width: 47%;
padding: 0;
margin: 2em 0;
display: inline-block;
vertical-align: top;
}
pre {
white-space: pre-wrap;
}
div dt {
margin: 0;
}
div dd {
margin-bottom: 0.2em;
}
.wikitable {
border-collapse: collapse;
}
.wikitable caption {
font-weight: bold;
margin-top: 1em;
}
.wikitable td, .wikitable th {
border: 1px solid #333;
}
</style>
</head>
<body>
<div class="slide cover">
<h1>IPv6 Crash Course</h1>
<p>
<a href="http://spaceboyz.net/~astro/">Astro</a>
&lt;astro@spaceboyz.net&gt;
</p>
</div>
<div class="slide">
<h2>Warum IPv6?</h2>
<!-- TODO: End-to-End -->
<ul>
<li>Mehr Adressen</li>
<li class="false">Multicast</li>
<li class="false">IPSec</li>
<li class="false">Autokonfiguration</li>
</ul>
</div>
<div class="slide" style="text-align: center">
<h2>IPv6 Packet Header</h2>
<img src="data:image/svg+xml,%3C?xml%20version=%221.0%22%20encoding=%22UTF-8%22?%3E%0A%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20width=%22642pt%22%20height=%22502pt%22%20viewBox=%220%200%20642%20502%22%20version=%221.1%22%3E%0A%3Cdefs%3E%0A%3Cg%3E%0A%3Csymbol%20overflow=%22visible%22%20id=%22glyph0-0%22%3E%0A%3Cpath%20style=%22stroke:none;%22%20d=%22M%200.84375%203%20L%200.84375%20-11.984375%20L%209.34375%20-11.984375%20L%209.34375%203%20L%200.84375%203%20Z%20M%201.796875%202.0625%20L%208.40625%202.0625%20L%208.40625%20-11.03125%20L%201.796875%20-11.03125%20L%201.796875%202.0625%20Z%20M%201.796875%202.0625%20%22/%3E%0A%3C/symbol%3E%0A%3Csymbol%20overflow=%22visible%22%20id=%22glyph0-1%22%3E%0A%3Cpath%20style=%22stroke:none;%22%20d=%22M%204.859375%200%20L%200.140625%20-12.390625%20L%201.890625%20-12.390625%20L%205.8125%20-1.953125%20L%209.75%20-12.390625%20L%2011.484375%20-12.390625%20L%206.765625%200%20L%204.859375%200%20Z%20M%204.859375%200%20%22/%3E%0A%3C/symbol%3E%0A%3Csymbol%20overflow=%22visible%22%20id=%22glyph0-2%22%3E%0A%3Cpath%20style=%22stroke:none;%22%20d=%22M%209.546875%20-5.03125%20L%209.546875%20-4.28125%20L%202.53125%20-4.28125%20C%202.589844%20-3.226562%202.90625%20-2.425781%203.46875%20-1.875%20C%204.039062%20-1.320312%204.835938%20-1.046875%205.859375%20-1.046875%20C%206.441406%20-1.046875%207.007812%20-1.117188%207.5625%20-1.265625%20C%208.113281%20-1.410156%208.660156%20-1.628906%209.203125%20-1.921875%20L%209.203125%20-0.46875%20C%208.648438%20-0.238281%208.085938%20-0.0664062%207.515625%200.046875%20C%206.941406%200.167969%206.355469%200.234375%205.765625%200.234375%20C%204.273438%200.234375%203.097656%20-0.191406%202.234375%20-1.046875%20C%201.367188%20-1.910156%200.9375%20-3.082031%200.9375%20-4.5625%20C%200.9375%20-6.082031%201.347656%20-7.285156%202.171875%20-8.171875%20C%202.992188%20-9.066406%204.101562%20-9.515625%205.5%20-9.515625%20C%206.746094%20-9.515625%207.734375%20-9.113281%208.453125%20-8.3125%20C%209.179688%20-7.507812%209.546875%20-6.414062%209.546875%20-5.03125%20Z%20M%208.03125%20-5.484375%20C%208.019531%20-6.316406%207.785156%20-6.976562%207.328125%20-7.46875%20C%206.867188%20-7.964844%206.261719%20-8.21875%205.515625%20-8.21875%20C%204.660156%20-8.21875%203.976562%20-7.976562%203.46875%20-7.5%20C%202.957031%20-7.019531%202.660156%20-6.339844%202.578125%20-5.46875%20L%208.03125%20-5.484375%20Z%20M%208.03125%20-5.484375%20%22/%3E%0A%3C/symbol%3E%0A%3Csymbol%20overflow=%22visible%22%20id=%22glyph0-3%22%3E%0A%3Cpath%20style=%22stroke:none;%22%20d=%22M%206.984375%20-7.875%20C%206.816406%20-7.964844%206.628906%20-8.035156%206.421875%20-8.078125%20C%206.222656%20-8.128906%206.003906%20-8.15625%205.765625%20-8.15625%20C%204.898438%20-8.15625%204.230469%20-7.871094%203.765625%20-7.3125%20C%203.304688%20-6.75%203.078125%20-5.941406%203.078125%20-4.890625%20L%203.078125%200%20L%201.546875%200%20L%201.546875%20-9.296875%20L%203.078125%20-9.296875%20L%203.078125%20-7.859375%20C%203.398438%20-8.417969%203.816406%20-8.835938%204.328125%20-9.109375%20C%204.847656%20-9.378906%205.472656%20-9.515625%206.203125%20-9.515625%20C%206.304688%20-9.515625%206.421875%20-9.507812%206.546875%20-9.5%20C%206.679688%20-9.488281%206.828125%20-9.464844%206.984375%20-9.4375%20L%206.984375%20-7.875%20Z%20M%206.984375%20-7.875%20%22/%3E%0A%3C/symbol%3E%0A%3Csymbol%20overflow=%22visible%22%20id=%22glyph0-4%22%3E%0A%3Cpath%20style=%22stroke:none;%22%20d=%22M%207.53125%20-9.015625%20L%207.53125%20-7.578125%20C%207.09375%20-7.792969%206.636719%20-7.960938%206.171875%20-8.078125%20C%205.710938%20-8.191406%205.230469%20-8.25%204.734375%20-8.25%20C%203.984375%20-8.25%203.414062%20-8.128906%203.03125%20-7.890625%20C%202.65625%20-7.660156%202.46875%20-7.308594%202.46875%20-6.84375%20C%202.46875%20-6.488281%202.601562%20-6.210938%202.875%20-6.015625%20C%203.144531%20-5.816406%203.6875%20-5.621094%204.5%20-5.4375%20L%205.03125%20-5.328125%20C%206.113281%20-5.085938%206.882812%20-4.753906%207.34375%20-4.328125%20C%207.800781%20-3.910156%208.03125%20-3.320312%208.031
</div>
<div class="slide">
<h2>Adressen</h2>
<div class="left">
<h3>IPv4</h3>
<ul>
<li>4 × 8 bits = 32 bits</li>
<li>192.0.2.11</li>
<li>10.0.0.1</li>
<li>(Meist) Dezimalschreibweise</li>
</ul>
</div>
<div class="right">
<h3>IPv6</h3>
<ul>
<li>8 × 16 bits = 128 bits</li>
<li>2001:8d8:81:5c8:219:dbff:fe64:81a7</li>
<li>2001:db8::c3d2:0:1</li>
<li>:<span style="color: #77f">(</span>0:<span style="color: #77f">)*</span> kann 1× durch :: abgekürzt werden.</li>
<li>Führende Nullen können weggelassen werden</li>
</ul>
</div>
</div>
<div class="slide">
<h2>Subnets &amp; Subnet Masks</h2>
<div class="left">
<h3>IPv4</h3>
<pre> 172.22.16.21
&amp; 255.255.255.0
= 172.22.16.0</pre>
<pre> 172.22.16.70
&amp; 255.255.255.192
= 172.22.16.64</pre>
</div>
<div class="right">
<h3>IPv6</h3>
<pre> 2001:08d8:0081:05c8:0219:dbff:fe64:81a7
&amp; ffff:ffff:ffff:ffff:0000:0000:0000:0000
= 2001:08d8:0081:05c8:0000:0000:0000:0000</pre>
<pre> 2001:8d8:81:5c8:219:dbff:fe64:81a7
&amp; ffff:ffff:ffff:ff00::
= 2001:8d8:81:500::</pre>
</div>
</div>
<div class="slide">
<h2>CIDR Notation</h2>
<div class="left">
<h3>IPv4 (Netmask bits)</h3>
<dl>
<dt>a.b.c.d/0</dt>
<dd>0.0.0.0</dd>
<dt>a.b.c.d/8</dt>
<dd>255.0.0.0</dd>
<dt>a.b.c.d/16</dt>
<dd>255.255.0.0</dd>
<dt>a.b.c.d/24</dt>
<dd>255.255.255.0</dd>
<dt>a.b.c.d/25</dt>
<dd>255.255.255.128</dd>
<dt>a.b.c.d/26</dt>
<dd>255.255.255.192</dd>
<dt>a.b.c.d/27</dt>
<dd>255.255.255.224</dd>
<dt>a.b.c.d/28</dt>
<dd>255.255.255.240</dd>
<dt>a.b.c.d/29</dt>
<dd>255.255.255.248</dd>
<dt>a.b.c.d/30</dt>
<dd>255.255.255.252</dd>
<dt>a.b.c.d/31</dt>
<dd>255.255.255.254</dd>
<dt>a.b.c.d/32</dt>
<dd>255.255.255.255</dd>
</dl>
</div>
<div class="right">
<h3>IPv6 (Prefix length)</h3>
<dl>
<dt>::/0</dt>
<dd>::</dd>
<dt>a:b:c:d:e:f:g:h/60</dt>
<dd>ffff:ffff:ffff:fff0::</dd>
<dt>a:b:c:d:e:f:g:h/61</dt>
<dd>ffff:ffff:ffff:fff8::</dd>
<dt>a:b:c:d:e:f:g:h/62</dt>
<dd>ffff:ffff:ffff:fffc::</dd>
<dt>a:b:c:d:e:f:g:h/63</dt>
<dd>ffff:ffff:ffff:fffe::</dd>
<dt>a:b:c:d:e:f:g:h/64</dt>
<dd>ffff:ffff:ffff:ffff::</dd>
<dt>a:b:c:d:e:f:g:h/128</dt>
<dd>ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff</dd>
</dl>
</div>
</div>
<div class="slide">
<h2>Routing-Tabelle</h2>
<div class="incremental">
<pre>default via 172.22.16.4 dev eth0 <i style="color: #36f">default = 0.0.0.0/0</i>
172.22.16.0/24 dev eth0</pre>
<pre>default via 172.22.16.2 dev eth0
unreachable 172.16.0.0/12
172.22.0.0/15 via 172.22.16.1
172.22.16.0/24 via 172.22.16.4
172.22.16.0/26 dev eth0</pre>
<pre>2001:8d8:81:5c8::/64 dev eth0
fe80::/64 dev eth0
ff00::/8 dev eth0
default via fe80::2de:caff:fefb:ad03 dev eth0
2001:67c:21ec:bbbb::/64 via fe80::f00d:f00d dev dc99
2001:67c:21ec:cccc::/64 via fe80::f00d:f00d dev dc99
2001:67c:21ec:eeee::/64 via fe80::f00d:f00d dev dc99
2001:67c:21ec::/48 via fe80::cafe:cafe dev dc24</pre>
</div>
</div>
<div class="slide">
<h2>sipcalc</h2>
<div>
<h3>IPv4</h3>
<pre>$ sipcalc 217.115.11.132/27
-[ipv4 : 217.115.11.132/27] - 0
[CIDR]
Host address - 217.115.11.132
Host address (decimal) - 3648195460
Host address (hex) - D9730B84
Network address - 217.115.11.128
Network mask - 255.255.255.224
Network mask (bits) - 27
Network mask (hex) - FFFFFFE0
Broadcast address - 217.115.11.159
Cisco wildcard - 0.0.0.31
Addresses in network - 32
Network range - 217.115.11.128 - 217.115.11.159
Usable range - 217.115.11.129 - 217.115.11.158</pre>
</div>
<div>
<h3>IPv6</h3>
<pre>$ sipcalc 2001:db8::c3d2:0:1/64
-[ipv6 : 2001:db8::c3d2:0:1/64] - 0
[IPV6 INFO]
Expanded Address - 2001:0db8:0000:0000:0000:c3d2:0000:0001
Compressed address - 2001:db8::c3d2:0:1
Subnet prefix (masked) - 2001:db8:0:0:0:0:0:0/64
Address ID (masked) - 0:0:0:0:0:c3d2:0:1/64
Prefix address - ffff:ffff:ffff:ffff:0:0:0:0
Prefix length - 64
Address type - Aggregatable Global Unicast Addresses
Network range - 2001:0db8:0000:0000:0000:0000:0000:0000 -
2001:0db8:0000:0000:ffff:ffff:ffff:ffff</pre>
</div>
</div>
<div class="slide">
<h2>Scopes (1/2)</h2>
<div class="left">
<h3>IPv4 (RFC5735)</h3>
<dl>
<dt>0.0.0.0/8</dt>
<dd>"This" network</dd>
<dt>10.0.0.0/8</dt>
<dd>Private use (RFC1918)</dd>
<dt>127.0.0.1/8</dt>
<dd>Loopback</dd>
<dt>169.254.0.0/16</dt>
<dd>Link-local (Zeroconf)</dd>
<dt>172.16.0.0/12</dt>
<dd>Private use (RFC1918)</dd>
<dt>192.0.0.0/24</dt>
<dd>Reserved</dd>
<dt>192.0.2.0/24</dt>
<dd>TEST-NET-1</dd>
<dt>192.88.99.0/24</dt>
<dd>6to4 relay anycast</dd>
<dt>192.168.0.0/16</dt>
<dd>Private use (RFC1918)</dd>
<dt>198.18.0.0/15</dt>
<dd>SPECIAL-IPV4-BENCHMARK-TESTING-IANA-RESERVED</dd>
<dt>198.51.100.0/24</dt>
<dd>TEST-NET-2</dd>
<dt>203.0.113.0/24</dt>
<dd>TEST-NET-3</dd>
<dt>224.0.0.0/4</dt>
<dd>Multicast</dd>
</dl>
</div>
<div class="right">
<h3>IPv6 (RFC4291)</h3>
<dl>
<dt>::1</dt>
<dd>Loopback</dd>
<dt>ff00::/8</dt>
<dd>Multicast</dd>
<dt>fe80::/8</dt>
<dd>Link-local</dd>
<dt>Alles andere</dt>
<dd>Global Unicast</dd>
<dd>Aktuelles Unicast Prefix: <b>2000::/3</b> (2000:: - 3fff:ffff:…)</dd>
<dt>fec0::/10, 0200::/7, ::/96, 5f00::/8, 3ffe::/16</dt>
<dd>Deprecated</dd>
</dl>
</div>
</div>
<div class="slide">
<h2>Scopes (2/2)</h2>
<table class="wikitable" style="width: 750px"><caption>General multicast address format</caption><tbody><tr><th style="width: 0%">Bits</th><td style="text-align: center; width: 6.2%;">8</td><td style="text-align: center; width: 3.1%;">4</td><td style="text-align: center; width: 3.1%;">4</td><td style="text-align: center; width: 87.5%;">112</td></tr><tr><th style="width: 0%">Field</th><td style="text-align: center;"><i>prefix</i></td><td style="text-align: center;"><i>flags</i></td><td style="text-align: center;"><i>scope</i></td><td style="text-align: center;"><i>group ID</i></td></tr></tbody></table>
<table class="wikitable"><caption>Multicast address flags<sup id="cite_ref-IPv6Essentials_4-0" class="reference"><a href="#cite_note-IPv6Essentials-4"><span>[</span>5<span>]</span></a></sup></caption><tbody><tr><th>Bit</th><th>Flag</th><th>0</th><th>1</th></tr><tr><td>0 (MSB)</td><td>(Reserved)</td><td>(Reserved)</td><td>(Reserved)</td></tr><tr><td>1</td><td>R (Rendezvous)<sup id="cite_ref-5" class="reference"><a href="#cite_note-5"><span>[</span>6<span>]</span></a></sup></td><td>Rendezvous point not embedded</td><td>Rendezvous point embedded</td></tr><tr><td>2</td><td>P (Prefix)<sup id="cite_ref-6" class="reference"><a href="#cite_note-6"><span>[</span>7<span>]</span></a></sup></td><td>Without prefix information</td><td>Address based on network prefix</td></tr><tr><td>3 (LSB)</td><td>T (Transient)<sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span>[</span>8<span>]</span></a></sup></td><td>Well-known multicast address</td><td>Dynamically assigned multicast address</td></tr></tbody></table>
<table class="wikitable"><caption>Multicast address scope</caption><tbody><tr><th>IPv6 address<sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span>[</span>note 1<span>]</span></a></sup></th><th>IPv4 equivalent<sup id="cite_ref-9" class="reference"><a href="#cite_note-9"><span>[</span>9<span>]</span></a></sup></th><th>Scope</th><th>Purpose</th></tr><tr><td><tt>ff00::/16-ff0f::/16</tt></td><td></td><td>Reserved</td></tr><tr><td><tt>ffx1::/16</tt></td><td><tt>127.0.0.0/8</tt></td><td>Interface-local</td><td>Packets with this destination address may not be sent over any network link, but must remain within the current node; this is the multicast equivalent of the unicast <a href="/wiki/Loopback_address" title="Loopback address" class="mw-redirect">loopback address</a>.</td></tr><tr><td><tt>ffx2::/16</tt></td><td><tt>224.0.0.0/24</tt></td><td>Link-local</td><td>Packets with this destination address may not be routed anywhere.</td></tr><tr><td><tt>ffx3::/16</tt></td><td><tt>239.255.0.0/16</tt></td><td>IPv4 local scope</td></tr><tr><td><tt>ffx4::/16</tt></td><td></td><td>Admin-local</td><td>The smallest scope that must be administratively configured.</td></tr><tr><td><tt>ffx5::/16</tt></td><td></td><td>Site-local</td><td>Restricted to the local physical network.</td></tr><tr><td><tt>ffx8::/16</tt></td><td><tt>239.192.0.0/14</tt></td><td>Organization-local</td><td>Restricted to networks used by the organization administering the local network. (For example, these addresses might be used over <a href="/wiki/VPN" title="VPN" class="mw-redirect">VPNs</a>; when packets for this group are routed over the public internet (where these addresses are not valid), they would have to be encapsulated in some other protocol.)</td></tr><tr><td><tt>ffxe::/16</tt></td><td><tt>224.0.1.0-238.255.255.255</tt></td><td>Global scope</td><td>Eligible to be routed over the public internet.</td></tr></tbody></table>
</div>
<div class="slide">
<h2>Verkonfiguriert?</h2>
<pre>% ping6 ff02::1%eth0
PING ff02::1%eth0(ff02::1) 56 data bytes
64 bytes from fe80::219:dbff:fe64:81a7: icmp_seq=1 ttl=64 time=0.022 ms
64 bytes from fe80::2de:caff:fefb:ad07: icmp_seq=1 ttl=64 time=0.852 ms (DUP!)
64 bytes from fe80::21b:21ff:fe0e:5592: icmp_seq=1 ttl=64 time=0.978 ms (DUP!)
^C</pre>
<pre>% ssh fe80::21b:21ff:fe0e:5592%eth0
blaster:~$ </pre>
</div>
<div class="slide">
<h2>iproute2 (1/3)</h2>
<pre>$ ip
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm |
netns | l2tp }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-f[amily] { inet | inet6 | ipx | dnet | link } |
-l[oops] { maximum-addr-flush-attempts } |
-o[neline] | -t[imestamp] | -b[atch] [filename] |
-rc[vbuf] [size]}</pre>
<pre>$ ip a help
Usage: ip addr {add|change|replace} IFADDR dev STRING [ LIFETIME ]
[ CONFFLAG-LIST ]
ip addr del IFADDR dev STRING
ip addr {show|flush} [ dev STRING ] [ scope SCOPE-ID ]
[ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ]
IFADDR := PREFIX | ADDR peer PREFIX
[ broadcast ADDR ] [ anycast ADDR ]
[ label STRING ] [ scope SCOPE-ID ]
SCOPE-ID := [ host | link | global | NUMBER ]
FLAG-LIST := [ FLAG-LIST ] FLAG
FLAG := [ permanent | dynamic | secondary | primary |
tentative | deprecated | dadfailed | temporary |
CONFFLAG-LIST ]
CONFFLAG-LIST := [ CONFFLAG-LIST ] CONFFLAG
CONFFLAG := [ home | nodad ]
LIFETIME := [ valid_lft LFT ] [ preferred_lft LFT ]
LFT := forever | SECONDS</pre>
</div>
<div class="slide">
<h2>iproute2 (2/3)</h2>
<p>Adresse konfigurieren:</p>
<pre>ip addr add fe80::fefe:fa7/64 dev wlan0</pre>
<p>Adresse entfernen:</p>
<pre>ip a d fe80::fefe:fa7/64 dev wlan0</pre>
</div>
<div class="slide">
<h2>iproute2 (3/3)</h2>
<p>IPv4-Routingtabelle anzeigen:</p>
<pre>ip route</pre>
<p>IPv6-Routingtabelle anzeigen:</p>
<pre>ip -6 route</pre>
<p>Route setzen:</p>
<pre>ip r a 2000::/3 dev wlan0 via fe80::2de:caff:fefb:ad03</pre>
<p>Route löschen:</p>
<pre>ip r d 2000::/3</pre>
</div>
<div class="slide cover">
<h2>Transition Mechanisms</h2>
<img src="data:application/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD/4SGwRXhpZgAASUkqAAgAAAAJAA8BAgAQAAAAegAAABABAgAeAAAAigAAABIBAwABAAAAAQAAABoBBQABAAAAqAAAABsBBQABAAAAsAAAACgBAwABAAAAAgAAADIBAgAUAAAAuAAAABMCAwABAAAAAQAAAGmHBAABAAAAzAAAADANAABIZXdsZXR0LVBhY2thcmQASFAgUGhvdG9TbWFydCBSODE3ICAoVjAxLjAwKWQASAAAAAEAAABIAAAAAQAAADIwMTI6MDQ6MDIgMTc6MjU6NDgAKgCaggUAAQAAAMoCAACdggUAAQAAANICAAAiiAMAAQAAAAMAAAAniAMAAQAAADIAAAAoiAcAFAgAANoCAAAAkAcABAAAADAyMjADkAIAFAAAAO4KAAAEkAIAFAAAAAILAAABkQcABAAAADAzMjEBkgoAAQAAABYLAAACkgUAAQAAAB4LAAADkgoAAQAAACYLAAAEkgoAAQAAAC4LAAAFkgUAAQAAADYLAAAHkgMAAQAAAAIAAAAIkgMAAQAAABQAAAAJkgMAAQAAABAAAAAKkgUAAQAAAD4LAAB8kgcABQAAAEYLAAAAoAcABAAAADAwMTABoAMAAQAAAAEAAAACoAQAAQAAACAKAAADoAQAAQAAAJAHAAAFoAQAAQAAAAwNAAAOogUAAQAAAEwLAAAPogUAAQAAAFQLAAAQogMAAQAAAAMAAAAVogUAAQAAAFwLAAAXogMAAQAAAAEAAAAAowcAAQAAAAMAAAABowcAAQAAAAEAAAABpAMAAQAAAAAAAAACpAMAAQAAAAAAAAADpAMAAQAAAAEAAAAFpAMAAQAAAHUAAAAGpAMAAQAAAAAAAAAHpAMAAQAAAAEAAAAIpAMAAQAAAAAAAAAJpAMAAQAAAAAAAAAKpAMAAQAAAAAAAAALpAcAqAEAAGQLAAAMpAMAAQAAAAMAAAAAAAAAaQAAAKCGAQAgAwAAZAAAAAIAgQAAAAAAAQAAAAAAAAABAAAACAAAAAEAAAAAAAAAAQAAABAAAAABAAAAAAAAAAEAAAAYAAAAAQAAAAEAAAABAAAAIAAAAAEAAAABAAAAAQAAACgAAAABAAAAAgAAAAEAAAAwAAAAAQAAAAMAAAABAAAAOAAAAAEAAAAEAAAAAQAAAEAAAAABAAAABgAAAAEAAABIAAAAAQAAAAkAAAABAAAAUAAAAAEAAAANAAAAAQAAAFgAAAABAAAAEQAAAAEAAABgAAAAAQAAABYAAAABAAAAaAAAAAEAAAAdAAAAAQAAAHAAAAABAAAAJAAAAAEAAAB4AAAAAQAAAC0AAAABAAAAgAAAAAEAAAA2AAAAAQAAAIgAAAABAAAAQAAAAAEAAACQAAAAAQAAAEoAAAABAAAAmAAAAAEAAABUAAAAAQAAAKAAAAABAAAAXwAAAAEAAACoAAAAAQAAAGoAAAABAAAAsAAAAAEAAAB2AAAAAQAAALgAAAABAAAAgwAAAAEAAADAAAAAAQAAAJEAAAABAAAAyAAAAAEAAACfAAAAAQAAANAAAAABAAAArQAAAAEAAADYAAAAAQAAALwAAAABAAAA4AAAAAEAAADMAAAAAQAAAOgAAAABAAAA3AAAAAEAAADwAAAAAQAAAOwAAAABAAAA+AAAAAEAAAD8AAAAAQAAAAABAAABAAAACwEAAAEAAAAQAQAAAQAAACYBAAABAAAAIAEAAAEAAABAAQAAAQAAADABAAABAAAAWAEAAAEAAABAAQAAAQAAAG4BAAABAAAAUAEAAAEAAACEAQAAAQAAAGABAAABAAAAmAEAAAEAAABwAQAAAQAAAKwBAAABAAAAgAEAAAEAAAC+AQAAAQAAAJABAAABAAAA0AEAAAEAAACgAQAAAQAAAOEBAAABAAAAsAEAAAEAAADyAQAAAQAAAMABAAABAAAAAwIAAAEAAADQAQAAAQAAABQCAAABAAAA4AEAAAEAAAAlAgAAAQAAAPABAAABAAAANQIAAAEAAAAAAgAAAQAAAEUCAAABAAAAIAIAAAEAAABkAgAAAQAAAEACAAABAAAAggIAAAEAAABgAgAAAQAAAJ8CAAABAAAAgAIAAAEAAAC7AgAAAQAAAKACAAABAAAA1wIAAAEAAADAAgAAAQAAAPICAAABAAAA4AIAAAEAAAAMAwAAAQAAAAADAAABAAAAJgMAAAEAAAAgAwAAAQAAAEADAAABAAAAQAMAAAEAAABZAwAAAQAAAGADAAABAAAAcQMAAAEAAACAAwAAAQAAAIkDAAABAAAAoAMAAAEAAACgAwAAAQAAAMADAAABAAAAtwMAAAEAAADgAwAAAQAAAM4DAAABAAAAAAQAAAEAAADkAwAAAQAAAEAEAAABAAAAEAQAAAEAAACABAAAAQAAADsEAAABAAAAwAQAAAEAAABlBAAAAQAAAAAFAAABAAAAjgQAAAEAAABABQAAAQAAALcEAAABAAAAgAUAAAEAAADeBAAAAQAAAMAFAAABAAAABQUAAAEAAAAABgAAAQAAACsFAAABAAAAQAYAAAEAAABRBQAAAQAAAIAGAAABAAAAdwUAAAEAAADABgAAAQAAAJwFAAABAAAAAAcAAAEAAADBBQAAAQAAAEAHAAABAAAA5AUAAAEAAACABwAAAQAAAAUGAAABAAAAwAcAAAEAAAAmBgAAAQAAAAAIAAABAAAARwYAAAEAAACACAAAAQAAAIYGAAABAAAAAAkAAAEAAADFBgAAAQAAAIAJAAABAAAAAgcAAAEAAAAACgAAAQAAADsHAAABAAAAgAoAAAEAAAByBwAAAQAAAAALAAABAAAApgcAAAEAAACACwAAAQAAANgHAAABAAAAAAwAAAEAAAAICAAAAQAAAIAMAAABAAAAOAgAAAEAAAAADQAAAQAAAGcIAAABAAAAgA0AAAEAAACWCAAAAQAAAAAOAAABAAAAxQgAAAEAAACADgAAAQAAAPMIAAABAAAAAA8AAAEAAAAgCQAAAQAAAIAPAAABAAAATAkAAAEAAAAAEAAAAQAAAHcJAAABAAAAABEAAAEAAADCCQAAAQAAAAASAAABAAAACwoAAAEAAAAAEwAAAQAAAFIKAAABAAAAABQAAAEAAACVCgAAAQAAAAAVAAABAAAA1QoAAAEAAAAAFgAAAQAAABALAAABAAAAABcAAAEAAABKCwAAAQAAAAAYAAABAAAAgwsAAAEAAAAAGQAAAQAAALwLAAABAAAAABoAAAEAAADxCwAAAQAAAAAbAAABAAAAIQwAAAEAAAAAHAAAAQAAAFIMAAABAAAAAB0AAAEAAACBDAAAAQAAAAAeAAABAAAArwwAAAEAAAAAHwAAAQAAAN0MAAABAAAAACAAAAEAAAAJDQAAAQAAAAAiAAABAAAAVA0AAAEAAAAAJAAAAQAAAJ0NAAABAAAAACYAAAEAAADkDQAAAQAAAAAoAAABAAAAJg4AAAEAAAAAKgAAAQAAAGUOAAABAAAAACwAAAEAAACdDgAAAQAAAAAuAAABAAAA0w4AAAEAAAAAMAAAAQAAAAMPAAABAAAAADIAAAEAAAAzDwAAAQAAAAA0AAABAAAAXw8AAAEAAAAANgAAAQAAAIcPAAABAAAAADgAAAEAAACwDwAAAQAAAAA6AAABAAAA1g8AAAEAAAAAPAAAAQAAAOcPAAABAAAAAD4AAAEAAAD4DwAAAQAAAP8/AAABAAAA/w8AAAEAAAAyMDEyOjAzOjIzIDE3OjE3OjIwADIwMTI6MDM6MjMgMTc6MTc6MjAA5AkAAAABAAC+BQAAAAEAAKILAAAAAQAAAAAAAAABAAAYAQAAZAAAAHQJAABkAAAASFBNZXQA1woAAADh9QXXCgAAAOH1BTIAAAABAAAAAQAPADAwMDBBMDAwMDdBMDAwMDhBMEhQU0kwMDAyAAAwMDExQTAwMDAxQTAwMDAxQTAwMDAwMDAwMAAAMDAyMUEwMDAwMEEwMDAwMEEwMDAwMDAwMDAAADAwMzFB
</div>
<div class="slide">
<h2>IPv6 over IPv4 Tunnels: RFC2529</h2>
<pre>3. Frame Format
IPv6 packets are transmitted in IPv4 packets [RFC 791] with an IPv4
protocol type of 41, the same as has been assigned in [RFC 1933] for
IPv6 packets that are tunneled inside of IPv4 frames. The IPv4
header contains the Destination and Source IPv4 addresses. The IPv4
packet body contains the IPv6 header followed immediately by the
payload.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Protocol 41 | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 header and payload ... /
+-------+-------+-------+-------+-------+------+------+</pre>
</div>
<div class="slide">
<h2>IPv6 over IPv4 Tunnels: Linux</h2>
<p>Auf 1.2.3.4:</p>
<pre>ip tunnel add sit1 mode sit remote 5.6.7.8</pre>
<p>Auf 5.6.7.8:</p>
<pre>ip tunnel add sit1 mode sit remote 1.2.3.4</pre>
<p>Danach:</p>
<pre>ip link set sit1 up
ip route add 2001:db8:c3d2:cafe::/64 dev sit0</pre>
</div>
<div class="slide">
<h2>Tunneln mit SixXS</h2>
<p>https://www.sixxs.net/ — Seit 1999</p>
<pre>apt-get install aiccu</pre>
<h3>/etc/aiccu.conf</h3>
<pre>username SMA2-SIXXS
password ***
protocol tic
server tic.sixxs.net
ipv6_interface sixxs
tunnel_id T74093
daemonize true
automatic true</pre>
<ul>
<li>/64 auf Interface sixxs</li>
<li>Default-Route</li>
<li>Punkte durch Uptime sammeln, größeres Netz beantragen</li>
</ul>
</div>
<div class="slide">
<h2>Tunneln mit 6to4</h2>
<ul>
<li>Tunnel Remote: 192.88.99.1 (Anycast-Adresse)</li>
<li>
Beispiel:
<ul>
<li>Öffentliche IPv4-Adresse: <span style="color: #900">217</span>.<span style="color: #070">115</span>.<span style="color: #007">11</span>.<span style="color: #707">132</span></li>
<li>Hexadezimal: 0x<span style="color: #900">d9</span>, 0x<span style="color: #070">73</span>, 0x<span style="color: #007">b</span>, 0x<span style="color: #707">84</span></li>
<li>Diese Adresse erhält Pakete für 2002:<span style="color: #900">d9</span><span style="color: #070">73</span>:<span style="color: #007">b</span><span style="color: #707">84</span>::/48</li>
</ul>
</li>
</ul>
</div>
<div class="slide">
<h2>Tunneln mit Teredo</h2>
<ul>
<li>UDP statt Protokoll 41, besser NAT-bar</li>
<li>Teredo Server: Konfiguration</li>
<li>Teredo Relay: Router</li>
</ul>
<table class="wikitable"><caption>Teredo IPv6 example table: 2001:0:4136:e378:8000:63bf:3fff:fdd2</caption><tbody><tr><th>Bits</th><th>0 - 31</th><th>32 - 63</th><th>64 - 79</th><th>80 - 95</th><th>96 - 127</th></tr><tr><td>Length</td><td>32 bits</td><td>32 bits</td><td>16 bits</td><td>16 bits</td><td>32 bits</td></tr><tr><td>Description</td><td>Prefix</td><td>Teredo<br>server IPv4</td><td>Flags</td><td>Obfuscated<br>UDP port</td><td>Obfuscated Client<br>public IPv4</td></tr><tr><td>Part</td><td>2001:0000</td><td>4136:e378</td><td>8000</td><td>63bf</td><td>3fff:fdd2</td></tr><tr><td>Decoded</td><td></td><td>65.54.227.120</td><td>cone NAT</td><td>40000</td><td>192.0.2.45</td></tr></tbody></table>
<h3>Public Teredo Servers</h3>
<ul>
<li>teredo.remlab.net / teredo-debian.remlab.net (France)</li>
<li>teredo.autotrans.consulintel.com (Spain)</li>
<li>teredo.ipv6.microsoft.com (USA, Redmond) (default for WindowsXP/2003/Vista/2008 OS)</li>
<li>teredo.ngix.ne.kr (South Korea)</li>
<li>teredo.managemydedi.com (USA, Chicago)</li>
<li>teredo.trex.fi (Finland)</li>
</ul>
</div>
<div class="slide">
<h2>6rd: IPv6 Rapid Deployment (RFC5569)</h2>
<ul>
<li>Mehr Kontrolle für Provider, bessere Erreichbarkeit</li>
<li>Statt 2002::/16 beliebiges Provider-Prefix, ggf. mit weniger als 32 Bit der IPv4-Adresse</li>
<li>Andere Anycast-Adresse, je nach Provider (Bsp. free.fr: 192.88.99.201)</li>
<li>free.fr seit Dezember 2007 (innerhalb von 5 Wochen)</li>
</ul>
</div>
<div class="slide cover">
<h2>Im lokalen Netz</h2>
<img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD/4ScORXhpZgAASUkqAAgAAAALAA8BAgAKAAAAkgAAABABAgAJAAAAnAAAABIBAwABAAAAAQAAABoBBQABAAAApgAAABsBBQABAAAArgAAACgBAwABAAAAAgAAADEBAgAIAAAAtgAAADIBAgAUAAAAvgAAABMCAwABAAAAAgAAAGmHBAABAAAAogEAAKXEBwDQAAAA0gAAABoaAABQYW5hc29uaWMARE1DLUZaMjAAAEgAAAABAAAASAAAAAEAAABWZXIxLjAgADIwMDc6MDE6MjEgMTk6Mjg6MjQAUHJpbnRJTQAwMjUwAAAOAAEAFgAWAAIAAAAAAAMAZAAAAAcAAAAAAAgAAAAAAAkAAAAAAAoAAAAAAAsArAAAAAwAAAAAAA0AAAAAAA4AxAAAAAABBQAAAAEBAQAAABABgAAAAAkRAAAQJwAACw8AABAnAACXBQAAECcAALAIAAAQJwAAARwAABAnAABeAgAAECcAAIsAAAAQJwAAywMAABAnAADlGwAAECcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIAmoIFAAEAAABAAwAAnYIFAAEAAABIAwAAIogDAAEAAAABAAAAJ4gDAAEAAABQAAAAAJAHAAQAAAAwMjIwA5ACABQAAABQAwAABJACABQAAABkAwAAAZEHAAQAAAABAgMAApEFAAEAAAB4AwAABJIKAAEAAACAAwAABZIFAAEAAACIAwAAB5IDAAEAAAAFAAAACJIDAAEAAAAAAAAACZIDAAEAAAAQAAAACpIFAAEAAACQAwAAfJIHAFwWAACYAwAAAKAHAAQAAAAwMTAwAaADAAEAAAABAAAAAqAEAAEAAAAACgAAA6AEAAEAAACABwAABaAEAAEAAAD8GQAAF6IDAAEAAAACAAAAAKMHAAEAAAADAAAAAaMHAAEAAAABAAAAAaQDAAEAAAAAAAAAAqQDAAEAAAABAAAAA6QDAAEAAAABAAAABKQFAAEAAAD0GQAABaQDAAEAAAAkAAAABqQDAAEAAAAAAAAAB6QDAAEAAAAAAAAACKQDAAEAAAACAAAACaQDAAEAAAAAAAAACqQDAAEAAAAAAAAAAAAAABQAAAAKAAAAUAAAAAoAAAAyMDA3OjAxOjIxIDE5OjI4OjI0ADIwMDc6MDE6MjEgMTk6Mjg6MjQABAAAAAEAAAAAAAAAZAAAAB4AAAAKAAAAPAAAAAoAAABQYW5hc29uaWMAAAAYAAEAAwABAAAAAgAAAAIABwAEAAAAAAEAEgMAAwABAAAABQAAAAcAAwABAAAAAQAAAA8AAQACAAAAEAAAABoAAwABAAAABAAAABwAAwABAAAAAgAAAB8AAwABAAAACwAAACAAAwABAAAAAgAAACEABwAeFQAAxgQAACIAAwABAAAAAAAAACMAAwABAAAAAAAAACQAAwABAAAAAAAAACUABwAQAAAA5BkAACYABwAEAAAAMDEwMCcAAwABAAAAAAAAACgAAwABAAAAAQAAACkABAABAAAA1iEAACoAAwABAAAAAAAAACsABAABAAAAAAAAACwAAwABAAAAAgAAAC0AAwABAAAAAAAAAC4AAwABAAAAAwAAAC8AAwABAAAAAQAAAERWAQJFUAEA8D9EQqYD8D9BRm4AYEcgkGJHIIJkRzEAZkcAAE5HIgByRwcAdEcCAHpH//98RwMAfkcDAEBHsgdCR9QJTEddAFxH1gF2RzwAeEcAAFJHigJWRx8AVEdvAIxHAQCORwIAikfRCZBHAACSRwIAlEcAAJZHAADwP1NUPgCkRgAApkYAAKhGAACqRgAArEYAAK5GAACwRgAAskYAALRGAAC2RgAAuEYAALpGAAD0RwAA9kcAAPA/QUWyADxFAAAURSsBKEXzACxF8wAkRYABEEWCABpFgAESRYACIEUoADZFJwAiRdoBOkUKADtFCgAmRREAKkXQAC5FAAAwRQAAMkUAAEBFAABBRQAAQkUAAENFAAA+RTwAHEUcPg5FAAAiSjEBwlniA8BZAQDBWQAA6EallcxGAADURgAAzkYAANBGAADWRgAAVlgAAFtYAABYWAAAWlgAAFRYAABQWAAA2EYAAMVZAADwP1dC2gAARBEBAkQ8A1xENAEERFYABkQXABJFgAIaRP//EkT//xRE//8WRP//GET//8xEEgHOROsB0ESPAdJEKAG0RAAAtkQAADBEYwA4RHgAMkRwADpEcwA0RPD/PEQYADZEKAA+RHAATET//05E///ARP//wkT//+pEAACARXwAgkVJAINFTACERQAAhkV0AIdFZwCIRQAAikV0AItFZwCMRQAAjkV0AI9FZwCQRQAAkkV0AJNFZwBSRI4AVESZAFZEmQBYRJkA1ERkANZEUADYRGQA2kRQAPA/WUNeAaBFBQGiRTxQpEUACqZFgpaoRX+BqkUd56xFJtquRX+BsEUAALJF8/O0RRQUtkUFALhFPFC6RQAKvEWClr5FgX/ARTuywkVQsMRFgX/GRQAAyEXl1spFKyvMRWQAYEUDAGJFAQBkRQQAZkUHAGhFDwBqRQ8AbEUMAG5FDABwRQwAckUMAHRFDAB2RRQAeEUUAHpFFAB8RRQA0EUDANJFCADURQgA1kUIAPBFAwPyRQMD9EUDAPBGd4jyRoiZ9EaqqvZGusz4RkAA+kY0APxGXAD+RkgAAEc4AAJHLAAER0AABkc8AAhHbAAKR1QADEdEAA5HNAAQRywAEkdAABRHRAAWRzAAGEd3iBpHiJkcR6qqHke62yBHIAAiRyAAJEdAACZHQAAoR0AAKkc4ACxHXAAuR0gAMEd0ADJHXAA0R0gANkc4ADhHMAA6R0AAPEcsAD5HYADORQAA8D9DTQoA/EUA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEFFQk00ACQANwA4ADkAOgA7ADsAPAA8ADwAOwA0ACYAMgA3ADgAOQA6ADsAOwA7ADsAOgAzAC8AJAA3ADgAOQA5ADsAOgA7ADsAOgAzADMAHwApADUAOQA5ADoAOgA7ADsAOgAxADIALQAUABkAIAAkADYAOgA6ADoAOQAwADEAMQAnACIAFQAYAB8ANwA4ADgAOAAuAC8ALwAtACMAGQAWABMAKAA3ADcANgAsAC0ALAArACUAGgAMAA4AEQAzADUANQAqACoAKgAoACMAGQAQAAoADAAhADMAMwAoACgAJwAlACIAGQAXAA0ADwApADIAMQAmACUAJAAiAB8AGQAXABsAIwAtAC8ALwAjACIAIQAgAB4AGQAWABwAJQAqACwALABQUlNUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
</div>
<div class="slide">
<h2>NDP statt ARP</h2>
<pre>17:29:36.297044 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::a800:42ff:fe7a:3246 > fe80::a800:5bff:fe08:f05b: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::a800:5bff:fe08:f05b
source link-address option (1), length 8 (1): aa:00:42:7a:32:46
0x0000: aa00 427a 3246
17:29:36.297199 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) fe80::a800:5bff:fe08:f05b > fe80::a800:42ff:fe7a:3246: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is fe80::a800:5bff:fe08:f05b, Flags [solicited]</pre>
</div>
<div class="slide">
<h2>Stateless Autoconfiguration mit radvd</h2>
<h3>/etc/radvd.conf</h3>
<pre>interface eth0
{
AdvSendAdvert on;
prefix 2001:8d8:81:5c8::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
AdvPreferredLifetime 60;
AdvValidLifetime 600;
};
};</pre>
</div>
<div class="slide">
<h2>Router Advertisements empfangen</h2>
<ul>
<li>Linux: <code>echo 1 &gt; /proc/sys/net/ipv6/conf/.../accept_ra</code></li>
<li>BSD: <code>rtsol</code> &amp; <code>rtsold</code></li>
</ul>
<pre>15:33:55.051275 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::2de:caff:fefb:ad03 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
hop limit 64, Flags [none], pref high, router lifetime 15s, reachable time 0s, retrans time 0s
prefix info option (3), length 32 (4): 2001:8d8:81:5c8::/64, Flags [onlink, auto, router], valid time 600s, pref. time 60s
0x0000: 40e0 0000 0258 0000 003c 0000 0000 2001
0x0010: 08d8 0081 05c8 0000 0000 0000 0000
source link-address option (1), length 8 (1): 00:de:ca:fb:ad:03
0x0000: 00de cafb ad03</pre>
<pre>$ ip -6 r
2001:8d8:81:5c8::/64 dev eth0 proto kernel metric 256 expires 599sec
fe80::/64 dev eth0 proto kernel metric 256
default via fe80::2de:caff:fefb:ad03 dev eth0 proto kernel metric 1024 expires 14sec</pre>
</div>
<div class="slide">
<h2>Verwendung von MAC-Adressen</h2>
<ul>
<li>Lokale Netze sollen /64 sein</li>
<li>EUI64: Einfügen von FF:FE</li>
<li>Invertieren des 7. MSB des EUI64</li>
<li>Beispiel:
<ul>
<li>MAC: <code>00:1f:16:13:17:ba</code></li>
<li>IPv6: <code>fe80::<span style="color: #700">2</span>1f:16<span style="color: #700">ff:fe</span>13:17ba</code></li>
</ul>
</li>
<li>
Tracking anhand MAC-Adresse vermeiden: <i>Privacy Extensions</i>
<ul>
<li><pre>echo 1 &gt; /proc/sys/net/ipv6/conf/.../use_tempaddr</pre></li>
</ul>
</li>
</ul>
</div>
<div class="slide">
<h2>DNS type: “Quad-A”</h2>
<pre>www.c3d2.de. 86400 IN A 46.4.11.4
www.c3d2.de. 86400 IN AAAA 2a01:4f8:131:30e1::c3d2</pre>
</div>
<div class="slide">
<h2>DNS Reverse Lookups</h2>
<div>
<h3>IPv4</h3>
<dl>
<dt>127.0.0.1</dt>
<dd><pre>1.0.0.127.in-addr.arpa. IN PTR localhost.</pre></dd>
<dt>192.0.2.23</dt>
<dd><pre>23.2.0.192.in-addr.arpa. IN PTR example.com.</pre></dd>
</dl>
</div>
<div>
<h3>IPv6</h3>
<dl>
<dt>::1</dt>
<dd><pre>1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa IN PTR localhost.</pre></dd>
<dt>2001:db8:32e:12c:aa30:2:fff8:e7a</dt>
<dd><pre>a.7.e.0.8.f.f.f.2.0.0.0.0.3.a.a.c.2.1.0.e.2.3.0.8.b.d.0.1.0.0.2.ip6.arpa IN PTR example.com.</pre></dd>
</dl>
</div>
</div>
<div class="slide">
<h2>NAT64 (RFC6052)</h2>
<pre>+-----------------------+------------+------------------------------+
| Network-Specific | IPv4 | IPv4-embedded IPv6 address |
| Prefix | address | |
+-----------------------+------------+------------------------------+
| 2001:db8::/32 | 192.0.2.33 | 2001:db8:c000:221:: |
| 2001:db8:100::/40 | 192.0.2.33 | 2001:db8:1c0:2:21:: |
| 2001:db8:122::/48 | 192.0.2.33 | 2001:db8:122:c000:2:2100:: |
| 2001:db8:122:300::/56 | 192.0.2.33 | 2001:db8:122:3c0:0:221:: |
| 2001:db8:122:344::/64 | 192.0.2.33 | 2001:db8:122:344:c0:2:2100:: |
| 2001:db8:122:344::/96 | 192.0.2.33 | 2001:db8:122:344::192.0.2.33 |
+-----------------------+------------+------------------------------+</pre>
<h3>NAT64-Implementationen</h3>
<ul>
<li>Portable Transport Relay Translator Daemon (pTRTd) — declared dead December 2010</li>
<li>TAYGA</li>
<li>Ecdysis</li>
</ul>
<h3>DNS64-Implementationen</h3>
<ul>
<li>Trick or Treat Daemon (totd)</li>
<li>Ecdysis</li>
</ul>
<img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD//gAcU29mdHdhcmU6IE1pY3Jvc29mdCBPZmZpY2X/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAIcAtADASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAUGAwQHAgEI/8QAZRAAAQMDAgIEBgsJBxEHAwQDAQACAwQFERIhBjETIkFRBxQVMmHwFhdSVXGBkaGx0dIjQlSTlJWjpNMzNlZidLPiJDQ1N0NTZXJ1goSSsrTB1OFERldzosPxJSaDCGNm42R2wv/EABoBAQADAQEBAAAAAAAAAAAAAAABAgMEBQb/xAA+EQACAQIDAwgIBAYCAwEAAAAAAQIDEQQhMRJBUQUTYXGBkaHRFBUiMlOxwfAjUpLhJUJiY6LxBnIzgsKy/90ABAAo/9oADAMBAAIRAxEAPwDv6IiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiA//9Dv6IiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiA//9Hv6IiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiA//9Lv6IiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAqRx34Q/YVPSw+SJazp2l3SdL0bG74xnScn0K7ogOM+33/wDxr9e//rXuLw8dJKxnsZcdTgOpW6j8Q6Pcrx4Q/wC3Xwr/AKJ/vD12ZAara6EWxtfUHxWHoRM/p+r0Yxk6u7HaucXjw32eiqJIbbb56/QcdIXiJjvSDgn5gtfwq3GtvN+tfBFucWmrc2SoONjk9UH0N0lxHwLoPDnDFs4XtkdFboGtwPukxHXld2ucfUDsQFRsHhksV3q4qSsgnt00uAHyODotXdqG4+EgD4Fv8deEMcFT0kQtMlb4wwv6TpejYN+WdJyfQtXwv2ihqeBqu4yU8fjdI6N0Uwbhw1SNaRnuIdy9AU14O7jLdOALPVTkmToTES52S7Q4syT6dOUBQPb7/wD41+vf/wBa9xeHjpJWM9jLjqcB1K3UfiHR7lePCH/br4V/0T/eHrsyAqHFvhApOE7Xbauoop5Ja/DmU/mOY0BpcXZ5Eaht2n5Vs8PcfcO8SiNlHXsjqn7eKznRJnGcAHzv83K5/wCHv/u//pP/ALSvPE/g7sXEodM6AUlw5tq6caXauwuHJ3Ic9+4hAW1FzbgfiW623iGXgriV/SVsLc0lUT+7NAzgk89tweexB3C6SgCqfHfHEHBVugkNP4zV1Di2GHXpGBzcT3DI+VWarllgop5oIHTyxxucyFpAMjgMhoJ23Oy/OPFXE/Ed44vtdVcLM6mq6ZzHUdC+neDJ18jIPWdqcNO2OWBvlAde4F4m4n4gnqvLlh8n07W6oZeifHq3HVw877b5GyuypnBN64xulVUt4lssNFTiMOilY0scXZ83SXHO2/ZjHbnaBv8A4Va43aotXCdmfc56clsk3RPkbkHfDGbkcxnI+MIDqKKj8B+EEcWTVVvraPxG6Uu74cnDwDgkA7gg7EHlkb91TpvDfU1DZoYrC6esfLiljiccFn8Ybku+D5kB2RFz3we+EGu4pu1wtV2oYqSspmmRrY2uaQ0ODXNcHE4cCR3c+Wy6EgMFdWQ2631NdUOLYKaJ00hAyQ1oJO3wBUKw+GPh67TGGuElskLiGOnOqNwycdYcjjnnA35lWvi/95V+/wAnVH825c88Eljtl+8H9dS3SihqojcZMB7d2/co92nm0+kIDrFPUQ1dOyoppo5oZBqZJG4Oa4d4I2Kg+MeK6fg+xG5VED53OkEUUTTjW8gnBO+Bhp39C5/cqK5eCO5RXK2TT1nDVRIGVFJI7JiJzy7vQfiPYt3wzVcNd4PbZV00gkgnropI3jkWmKQgoC+cNcR0PFNliuVA7qO6skbvOieObT6fpBBUuvzrwneLj4Nr3RPuDZDaLrTRTu0jLS1zQQ9v8ZucEf8ARfoWnqIaumiqaeVksMrQ9kjDkOaeRBQH/9PrfBvGNNxlQ1dVTU74BT1Bi0vdnU3m13oyOzs9KwcW+EGy8IObBVOfPWubqFNAAXAd7idmj51RfAI4lvEDcnSDTkDO2fun1BQNk4hg4P4zvFVxjaJqm6Sya45GsDujOXaizWR1SCACDyGEBcrN4bbTX1rKauttTR9JJoZIx4lbvyJwAR8QK6iue27wncFcQV1OypjNPUtk+4Or6dvVdjYhwLg3mRnIXQgcjIQBERAFVOLuPrVwfUUdPVh0s9Q4F0cZ3jjzgvPo7h24Pcpy83elsVoqbnWvDIIGaj3k9gHpJwPjX5pvMF64morlxnWNd4uapsIzyAIOzfQ3DG8vvvhQH6lBBGQchVXgzjmj408oeK00sHib2jrnOtrs6XejzTspLhS4m68JWmucQXzUrC8t5asYd84K5j4BP+8H+jf+6gOzLDV1dPQ0ktVVTMhgiaXPkecBoHaVmXI/CTWVfFXFtu4Hts2hpIlq3DcA4yNQHMNb1sdpIQGaq8OlpiuAiprVVT0gcQ6cvDHEdhaztz6SFfeG+KbVxXbzV2yZzg3Akje3S+MnscPqyF4oLZYOHLM21t8UhpWsw9sxaOk23Ls8yfSsfDbeFKbxin4bmthL3dLLHRztefhIBOB8yAsCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiAIiIAiIgCIiA4z4Q/7dfCv+if7w9dmVI4m4EmvvHNk4hirWRMoDH0sTmklwjkLxp+HJG6u6A4zf5o7B4fKK6XOYx0MzGlkj86WAxGLn3B257s5XZQQ4Aggg7gjtUFxVwjauLqBtNcY3B8eTDPGcPiJ54PaDtkHbYdwXOz4LOM6Do6W18YvbRDYt6eaHS30MaSO/bIQG74YeIWS0VPwpQYnr62ZnSxt3LRkaW+gl2n4h6QuhcO2vyJw5brYXBzqaBkbnDkXAbn5cqr8G+DKi4ZrXXSsqnXG6uyRM9uGsJ5kA5Oo53JPybq9oDjPhD/ALdfCv8Aon+8PXZlSOJuBJr7xzZOIYq1kTKAx9LE5pJcI5C8afhyRurugOM+Hv8A7v8A+k/+0uzKj+EjgWfjSjozSVbIKqjMhY2QHQ8O05BI3HmjfftVWFB4ZHymkdXxNhAwKjVBg/GG6/m7EB84ol8oeHmww0ErelpmRNmLd8aXPe4H/MOPjXYlRuAvB63hWSa5XCq8cu9S3Eku5azJy7BO5JPMnnhXlAFxnwh/26+Ff9E/3h67MuXcW8N3W6+F/h6uhpJTQQMie+pa3LG9HI55BPYTkAZ79s4KA6DfZKiLh65SUbdVUylldCO94YdPz4XO/AXBTjhm41DWt8ZdWaHu++0BjS0fBku+ddUIBGCMhcnuvgmulLdJ6rhG+utsNS7MsHSviDRknALOYGdgR8aA/9Sft4fL/wDqLrnUb29CyMmfHaOgaCPh14+RafgHpYJKu91T4munhbCyN5G7Q7XqA+HSPk
</div>
<div class="slide">
<h2>DHCPv6</h2>
<ul>
<li><i>Stateful</i> Autoconfiguration</li>
<li>Mehr Informationen, z.B. DNS-Server</li>
<li>In this example, the server's link-local address is fe80::0011:22ff:fe33:5566/64 and the client's link-local address is fe80::aabb:ccff:fedd:eeff/64.
<ol>
<li>DHCPv6 client sends a Solicit from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547.</li>
<li>DHCPv6 server replies with an Advertise from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.</li>
<li>DHCPv6 client replies with a Request from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547.</li>
<li>DHCPv6 server finishes with an Reply from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.</li>
</ol>
</li>
</ul>
</div>
<div class="slide">
<h2>Secure Neighbor Discover (SEND)</h2>
<ul>
<li>Unabhängig von IPSec</li>
<li>Patentiert</li>
<li>http://amnesiak.org/NDprotector/</li>
<li>The Neighbor Discovery protocol (RFC 4861 and RFC 4862) for IPv6 which is equivalent to IPv4 ARP (RFC 826), is prone to many different attacks. RFC 3756 describes and categorizes these attacks. Well aware of this issue, the IETF developped an extension to the Neighbor Discovery protocol. It is named Secure Neighbor Discover (SEND). It relies on a new format of IPV6 addresses described in RFC 3972 named Cryptographically Generated Addresses (CGA). A CGA address securely binds a Public Key to an address. SEND further completes the mechanism and carries new Neighbor Discovery options (Nonce, RSA Signature, ...), that allow the node to prove its address ownership (thus preventing address spoofing) and that the content of the message is unaltered.</li>
<li>When a Neighbor Discovery message (i.e. an ICMPv6 packet) is received or is emitted on/by an interface, a hook set by ip6tables redirect the packet to the userspace before it goes to the kernel/network card. This extraction is performed by the libnetfilter_queue. We then use a modified version of scapy6 (Arnaud Ebalard added SEND messages format, CGA generation procedure and X.509 certificate processing to the original scapy6). Scapy6 dissects each intercepted messages. We inspect each "important" field and decide if we need to modify the message (add an RSA signature option for outgoing packets) or let the message pass (for ingoing packet with a correct signature).<br>Each assigned address is bound to a Public Key/Private Key. Whenever a message comes from this address, the implementation uses the Private Key and adds an RSA signature option to it.</li>
</ul>
</div>
<div class="slide">
<h2>ip6tables</h2>
<pre>ip6tables -F INPUT
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -p udp --dport 5353 -j ACCEPT
ip6tables -P INPUT DROP
</pre>
<p>NAT is no firewall!</p>
</div>
<div class="slide">
<h2>Programmieren für die Zukunft</h2>
</div>
<div class="slide">
<h2>One Server Socket To Rule Them All</h2>
<ul>
<li><pre>echo 0 &gt; /proc/sys/net/ipv6/bindv6only</pre></li>
<li><code>bind()</code> mit <code>::</code> (IN6ADDR_ANY)</li>
<li><pre>% ncat -6vlp 6667
Ncat: Version 5.21 ( http://nmap.org/ncat )
Ncat: Listening on :::6667
Ncat: Connection from ::ffff:127.0.0.1.</pre></li>
</ul>
</div>
<div class="slide">
<h2>Internet Clients (1/2)</h2>
<pre>struct sockaddr_in
{
sa_family_t sin_family;
in_port_t sin_port; /* Port number. */
struct in_addr sin_addr; /* Internet address. */
/* Pad to size of `struct sockaddr'. */
unsigned char sin_zero[sizeof (struct sockaddr) -
__SOCKADDR_COMMON_SIZE -
sizeof (in_port_t) -
sizeof (struct in_addr)];
};</pre>
<pre>/* Ditto, for IPv6. */
struct sockaddr_in6
{
sa_family_t sin6_family;
in_port_t sin6_port; /* Transport layer port # */
uint32_t sin6_flowinfo; /* IPv6 flow information */
struct in6_addr sin6_addr; /* IPv6 address */
uint32_t sin6_scope_id; /* IPv6 scope-id */
};</pre>
</div>
<div class="slide">
<h2>Internet Clients (2/2)</h2>
<ul>
<li>
<a href="http://www.kame.net/newsletter/19980604/">Implementing
AF-independent application:</a>
<ol>
<li>
avoid struct in_addr and struct in6_addr.
<ul>
<li><pre>struct sockaddr_storage
{
sa_family_t ss_family;
__ss_aligntype __ss_align; /* Force desired alignment. */
char __ss_padding[_SS_PADSIZE];
};</pre></li>
</ul>
</li>
<li>
use getaddrinfo() and getnameinfo() everywhere.
<ul>
<li><pre>int getaddrinfo(const char *node, const char *service, const struct addrinfo *hints, struct addrinfo **res);</pre></li>
<li><pre>int getnameinfo(const struct sockaddr *sa, socklen_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags);</pre></li>
</ul>
</li>
<li>do not hardcode knowledge about particular AF.</li>
</ol>
</li>
</ul>
</div>
<div class="slide cover">
<img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAgEAZABkAAD/7QAsUGhvdG9zaG9wIDMuMAA4QklNA+0AAAAAABAAZAAAAAEAAQBkAAAAAQAB/+4AE0Fkb2JlAGQAAAAAAQUAAuF8/9sAhAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAgICAgICAgICAgIDAwMDAwMDAwMDAQEBAQEBAQIBAQIDAgICAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMEBAQEBAMEBAQEBAQEBAQEBAQEBAQEBAQEBAT/wAARCAK8AfQDAREAAhEBAxEB/8QBogAAAAYCAwEAAAAAAAAAAAAABwgGBQQJAwoCAQALAQAABgMBAQEAAAAAAAAAAAAGBQQDBwIIAQkACgsQAAIBAwQBAwMCAwMDAgYJdQECAwQRBRIGIQcTIgAIMRRBMiMVCVFCFmEkMxdScYEYYpElQ6Gx8CY0cgoZwdE1J+FTNoLxkqJEVHNFRjdHYyhVVlcassLS4vJkg3SThGWjs8PT4yk4ZvN1Kjk6SElKWFlaZ2hpanZ3eHl6hYaHiImKlJWWl5iZmqSlpqeoqaq0tba3uLm6xMXGx8jJytTV1tfY2drk5ebn6Onq9PX29/j5+hEAAgEDAgQEAwUEBAQGBgVtAQIDEQQhEgUxBgAiE0FRBzJhFHEIQoEjkRVSoWIWMwmxJMHRQ3LwF+GCNCWSUxhjRPGisiY1GVQ2RWQnCnODk0Z0wtLi8lVldVY3hIWjs8PT4/MpGpSktMTU5PSVpbXF1eX1KEdXZjh2hpamtsbW5vZnd4eXp7fH1+f3SFhoeIiYqLjI2Oj4OUlZaXmJmam5ydnp+So6SlpqeoqaqrrK2ur6/9oADAMBAAIRAxEAPwDf49+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3XvfuvdaHfxX+K/zy/mnfPL+cfisV/OP+fXxV2b8Vfn13D1zsTYnXPcPcmc2pBtTOdyd302FweDwtN3fsnFbPwWz8Vsmno6Gho6c00VMVjjWNI1U3JpTHTCqzs3cRQ9WLf9A8fz2/76Mv5m3/ocdzf/AHUnvWr5Dq3hn+I9e/6B4/nt/wB9GX8zb/0OO5v/ALqT37V8h17wz/Eevf8AQPH89v8Avoy/mbf+hx3N/wDdSe/avkOveGf4j17/AKB4/nt/30ZfzNv/AEOO5v8A7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/AKHHc3/3Unv2r5Dr3hn+I9e/6B4/nt/30ZfzNv8A0OO5v/upPftXyHXvDP8AEevf9A8fz2/76Mv5m3/ocdzf/dSe/avkOveGf4j17/oHj+e3/fRl/M2/9Djub/7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/ocdzf/AHUnv2r5Dr3hn+I9e/6B4/nt/wB9GX8zb/0OO5v/ALqT37V8h17wz/Eevf8AQPH89v8Avoy/mbf+hx3N/wDdSe/avkOveGf4j17/AKB4/nt/30ZfzNv/AEOO5v8A7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/AKHHc3/3Unv2r5Dr3hn+I9e/6B4/nt/30ZfzNv8A0OO5v/upPftXyHXvDP8AEevf9A8fz2/76Mv5m3/ocdzf/dSe/avkOveGf4j17/oHj+e3/fRl/M2/9Djub/7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/ocdzf/AHUnv2r5Dr3hn+I9e/6B4/nt/wB9GX8zb/0OO5v/ALqT37V8h17wz/Eevf8AQPH89v8Avoy/mbf+hx3N/wDdSe/avkOveGf4j17/AKB4/nt/30ZfzNv/AEOO5v8A7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/AKHHc3/3Unv2r5Dr3hn+I9e/6B4/nt/30ZfzNv8A0OO5v/upPftXyHXvDP8AEevf9A8fz2/76Mv5m3/ocdzf/dSe/avkOveGf4j17/oHj+e3/fRl/M2/9Djub/7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/ocdzf/AHUnv2r5Dr3hn+I9e/6B4/nt/wB9GX8zb/0OO5v/ALqT37V8h17wz/Eevf8AQPH89v8Avoy/mbf+hx3N/wDdSe/avkOveGf4j17/AKB4/nt/30ZfzNv/AEOO5v8A7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/AKHHc3/3Unv2r5Dr3hn+I9e/6B4/nt/30ZfzNv8A0OO5v/upPftXyHXvDP8AEevf9A8fz2/76Mv5m3/ocdzf/dSe/avkOveGf4j17/oHj+e3/fRl/M2/9Djub/7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/ocdzf/AHUnv2r5Dr3hn+I9e/6B4/nt/wB9GX8zb/0OO5v/ALqT37V8h17wz/Eevf8AQPH89v8Avoy/mbf+hx3N/wDdSe/avkOveGf4j17/AKB4/nt/30ZfzNv/AEOO5v8A7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/AKHHc3/3Unv2r5Dr3hn+I9e/6B4/nt/30ZfzNv8A0OO5v/upPftXyHXvDP8AEevf9A8fz2/76Mv5m3/ocdzf/dSe/avkOveGf4j17/oHj+e3/fRl/M2/9Djub/7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/ocdzf/AHUnv2r5Dr3hn+I9e/6B4/nt/wB9GX8zb/0OO5v/ALqT37V8h17wz/Eevf8AQPH89v8Avoy/mbf+hx3N/wDdSe/avkOveGf4j17/AKB4/nt/30ZfzNv/AEOO5v8A7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/AKHHc3/3Unv2r5Dr3hn+I9e/6B4/nt/30ZfzNv8A0OO5v/upPftXyHXvDP8AEevf9A8fz2/76Mv5m3/ocdzf/dSe/avkOveGf4j17/oHj+e3/fRl/M2/9Djub/7qT37V8h17wz/Eevf9A8fz2/76Mv5m3/ocdzf/AHUnv2r5Dr3hn+I9e/6B4/nt/wB9GX
</img>
</body>
</html>
Reference in New Issue Copy Permalink