summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsven-ola <sven-ola@3484d885-4da6-438d-b19d-107d078dd756>2010-10-05 15:41:12 +0200
committersven-ola <sven-ola@3484d885-4da6-438d-b19d-107d078dd756>2010-10-05 15:41:12 +0200
commita6f0e711a929a2be52d983dbfa8fda8b4b59dd73 (patch)
tree3de2d0f814f00455f25263aaf4efaf5e27852d53
parentd22cd0195d4d27efc01deba705351a46d9893628 (diff)
downloadNPTv6-a6f0e711a929a2be52d983dbfa8fda8b4b59dd73.tar
NPTv6-a6f0e711a929a2be52d983dbfa8fda8b4b59dd73.zip
added cvs props, started readme, renamed --nospoof to --nocheck
git-svn-id: https://map66.svn.sourceforge.net/svnroot/map66@2 3484d885-4da6-438d-b19d-107d078dd756
-rw-r--r--Makefile5
-rw-r--r--README12
-rw-r--r--ip6t_MAP66.c17
-rw-r--r--ip6t_MAP66.h2
-rw-r--r--libip6t_MAP66.c14
5 files changed, 32 insertions, 18 deletions
diff --git a/Makefile b/Makefile
index a3f5a2c..88d4740 100644
--- a/Makefile
+++ b/Makefile
@@ -3,9 +3,12 @@ KVERSION := $(shell uname -r)
KPATH := /lib/modules/$(KVERSION)/build
IPTABLES_VERSION := $(shell ip6tables --version|sed 's/^.*\([[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\).*/\1/')
IPTABLES_VERSION_CODE := $(shell echo $$(( $$(echo $(IPTABLES_VERSION)|sed 's/^.*\([[:digit:]]\+\)\.\([[:digit:]]\+\)\.\([[:digit:]]\+\).*/\1 * 65536 + \2 * 256 + \3/') )))
+ifeq ($(DEBUG),1)
+EXTRA_CFLAGS := -DMAP66_DEBUG
+endif
all: libip6t_MAP66.so
- $(MAKE) -C $(KPATH) M=$(PWD) modules
+ $(MAKE) -C $(KPATH) V=1 M=$(PWD) modules
libip6t_MAP66.so: libip6t_MAP66.o
gcc -shared -o $@ $<
diff --git a/README b/README
index bd54b12..45be9c5 100644
--- a/README
+++ b/README
@@ -1,3 +1,15 @@
You need "iptables-dev", "dkms" and "linux-headers". For a DKMS
template, see https://wiki.kubuntu.org/Kernel/Dev/DKMSPackaging
+Note: svn propedit svn:ignore .
+
+Note: on ubuntu, you need to enable prefer-family in /etc/wgetrc.
+after this e.g. "wget -O /dev/null http://ftp.se.debian.org" should
+connect to the IPv6 addrs of that server.
+
+/etc/gai.conf
+
+for wget --prefer-family=IPv6 -O - http://6to4.nro.net/
+ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+Mention --nocheck for speedup (if you do not expect the outer iface in the mapping range)
diff --git a/ip6t_MAP66.c b/ip6t_MAP66.c
index fb0a243..6cae5af 100644
--- a/ip6t_MAP66.c
+++ b/ip6t_MAP66.c
@@ -15,7 +15,6 @@ MODULE_AUTHOR("Sven-Ola <sven-ola()gmx.de>");
MODULE_DESCRIPTION("Xtables: MAP66 - IPv6 to IPv6 SNAT");
MODULE_LICENSE("GPL");
-#undef MAP66_DEBUG
#ifdef MAP66_DEBUG
/* Use lock to serialize, so printks don't overlap */
static DEFINE_SPINLOCK(MAP66_lock);
@@ -126,12 +125,12 @@ static unsigned int MAP66_tg6(
#ifdef MAP66_DEBUG
spin_lock_bh(&MAP66_lock);
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,28)
- printk("MAP66i: in=%s, out=%s, saddr=" NIP6_FMT ", daddr=" NIP6_FMT "\n",
+ printk("MAP66: enter in=%s, out=%s, saddr=" NIP6_FMT ", daddr=" NIP6_FMT "\n",
NULL != par->in ? par->in->name : "",
NULL != par->out ? par->out->name : "",
NIP6(hdr->saddr), NIP6(hdr->daddr));
#else
- printk("MAP66i: in=%s, out=%s, saddr=%pI6, daddr=%pI6\n",
+ printk("MAP66: enter in=%s, out=%s, saddr=%pI6, daddr=%pI6\n",
NULL != par->in ? par->in->name : "",
NULL != par->out ? par->out->name : "",
&hdr->saddr, &hdr->daddr);
@@ -141,9 +140,9 @@ static unsigned int MAP66_tg6(
switch(par->hooknum) {
case NF_INET_PRE_ROUTING:
#ifdef MAP66_DEBUG
- printk("MAP66 PRE, spoof=%d\n", 0 != (IP6T_MAP66_OPT_NOSPOOF & info->mapflags));
+ printk("MAP66 PRE, check=%d\n", 0 != (IP6T_MAP66_OPT_NOCHECK & info->mapflags));
#endif
- if (0 != (IP6T_MAP66_OPT_NOSPOOF & info->mapflags) ||
+ if (0 != (IP6T_MAP66_OPT_NOCHECK & info->mapflags) ||
!is_my_ipv6_addr(par->in, &hdr->daddr))
{
map16(&hdr->daddr, info->prefixlength, &info->prefix, info->prefixcsum);
@@ -151,10 +150,10 @@ static unsigned int MAP66_tg6(
break;
case NF_INET_POST_ROUTING:
#ifdef MAP66_DEBUG
- printk("MAP66 POST, spoof=%d\n", 0 != (IP6T_MAP66_OPT_NOSPOOF & info->mapflags));
+ printk("MAP66 POST, check=%d\n", 0 != (IP6T_MAP66_OPT_NOCHECK & info->mapflags));
#endif
map16(&hdr->saddr, info->prefixlength, &info->prefix, info->prefixcsum);
- if (0 == (IP6T_MAP66_OPT_NOSPOOF & info->mapflags) &&
+ if (0 == (IP6T_MAP66_OPT_NOCHECK & info->mapflags) &&
is_my_ipv6_addr(par->out, &hdr->saddr))
{
#ifdef MAP66_DEBUG
@@ -172,12 +171,12 @@ static unsigned int MAP66_tg6(
#ifdef MAP66_DEBUG
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,28)
- printk("MAP66i: in=%s, out=%s, saddr=" NIP6_FMT ", daddr=" NIP6_FMT "\n",
+ printk("MAP66: exit in=%s, out=%s, saddr=" NIP6_FMT ", daddr=" NIP6_FMT "\n",
NULL != par->in ? par->in->name : "",
NULL != par->out ? par->out->name : "",
NIP6(hdr->saddr), NIP6(hdr->daddr));
#else
- printk("MAP66i: in=%s, out=%s, saddr=%pI6, daddr=%pI6\n",
+ printk("MAP66: exit in=%s, out=%s, saddr=%pI6, daddr=%pI6\n",
NULL != par->in ? par->in->name : "",
NULL != par->out ? par->out->name : "",
&hdr->saddr, &hdr->daddr);
diff --git a/ip6t_MAP66.h b/ip6t_MAP66.h
index 652c1c2..21cb833 100644
--- a/ip6t_MAP66.h
+++ b/ip6t_MAP66.h
@@ -8,7 +8,7 @@
#define _IP6T_MAP66_H
#define IP6T_MAP66_OPT_TO 0x01
-#define IP6T_MAP66_OPT_NOSPOOF 0x02
+#define IP6T_MAP66_OPT_NOCHECK 0x02
struct ip6t_MAP66_info {
struct in6_addr prefix; /* The prefix to map to */
diff --git a/libip6t_MAP66.c b/libip6t_MAP66.c
index a8a0f72..1d56d7f 100644
--- a/libip6t_MAP66.c
+++ b/libip6t_MAP66.c
@@ -60,7 +60,7 @@ static void MAP66_help(void)
printf(
"MAP66 target options\n"
" --to ipv6addr/prefixlength (External IPv6 address)\n"
-" --nospoof (Disables spoof check)\n"
+" --nocheck (Disables check check)\n"
"\n"
"Note: you need two ip6tables rules to map an internal network\n"
"using ULAs to an external network with official IPv6 address.\n"
@@ -115,11 +115,11 @@ static int MAP66_parse(
return 1;
break;
case '2':
- if (0 != (IP6T_MAP66_OPT_NOSPOOF & *flags)) {
- xtables_error(PARAMETER_PROBLEM, "Multiple --nospoof not supported");
+ if (0 != (IP6T_MAP66_OPT_NOCHECK & *flags)) {
+ xtables_error(PARAMETER_PROBLEM, "Multiple --nocheck not supported");
}
- info->mapflags |= IP6T_MAP66_OPT_NOSPOOF;
- *flags |= IP6T_MAP66_OPT_NOSPOOF;
+ info->mapflags |= IP6T_MAP66_OPT_NOCHECK;
+ *flags |= IP6T_MAP66_OPT_NOCHECK;
return 1;
break;
}
@@ -140,12 +140,12 @@ static void MAP66_save(
char s[50+1];
const struct ip6t_MAP66_info* info = (struct ip6t_MAP66_info*)target->data;
printf("--to %s/%d ", inet_ntop(AF_INET6, &info->prefix, s, sizeof(s)), 16 * info->prefixlength);
- if (0 != (IP6T_MAP66_OPT_NOSPOOF & info->mapflags)) printf("--nospoof ");
+ if (0 != (IP6T_MAP66_OPT_NOCHECK & info->mapflags)) printf("--nocheck ");
}
static struct option MAP66_opts[] = {
{ .name = "to", .has_arg = 1, .flag = NULL, .val = '1' },
- { .name = "nospoof", .has_arg = 0, .flag = NULL, .val = '2' },
+ { .name = "nocheck", .has_arg = 0, .flag = NULL, .val = '2' },
{ .name = NULL }
};