diff options
| -rw-r--r-- | README.dbk | 119 | ||||
| -rw-r--r-- | ip6t_MAP66.c | 1 | ||||
| -rw-r--r-- | libip6t_MAP66.c | 2 |
3 files changed, 74 insertions, 48 deletions
@@ -41,8 +41,8 @@ may cause oopses.</para> </warning> - <section> - <title>Installation</title> + <section id="install"> + <title id="install-title">Installation</title> <para>MAP66 implements two pieces of software: a shared library that extends the ip6tables command and a Linux kernel module. The shared @@ -70,8 +70,8 @@ </note> </section> - <section> - <title>DKMS Integration</title> + <section id="dkms"> + <title id="dkms-title">DKMS Integration</title> <para>If the next system update needs to install a new kernel version, you also need to re-compile/re-install the MAP66 kernel module. With @@ -94,11 +94,11 @@ sudo dkms install -m ip6t_MAP66 -v &VERSION;</programlisting> url="Read DKMS details here: https://wiki.kubuntu.org/Kernel/Dev/DKMSPackaging">https://wiki.kubuntu.org/Kernel/Dev/DKMSPackaging</ulink></para> </section> - <section> - <title>Configuration</title> + <section id="config"> + <title id="config-title">Configuration</title> - <section> - <title>Brief Version</title> + <section id="config-brief"> + <title id="config-brief-title">Brief Version</title> <para>You always need to add two ip6tables-rules to your netfilter configuration. One rule matches outgoing packets and changes their IPv6 @@ -128,8 +128,8 @@ ip6tables -t mangle -I PREROUTING -i eth0 -d 2001:0DB8:0001::/48 -j MAP66 &OPTD this.</para> </section> - <section> - <title>Detailed Version</title> + <section id="config-detailed"> + <title id="config-detailed-title">Detailed Version</title> <para>The following explanation details a living example from the wireless mesh network that is mentioned under <xref @@ -225,8 +225,8 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- </section> </section> - <section> - <title>IPv6/IPv4 Precedence</title> + <section id="precedence"> + <title id="precedence-title">IPv6/IPv4 Precedence</title> <para>With (EKU)buntu and eventually with RedHat, you will notice that your browser does not show the IPv6 version of a web site that is @@ -240,9 +240,14 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- address higher than the ULA IPv6 address when choosing the transport protocol for a new Internet connection if this add on to the RFC 3484 rules is compiled in. For this reason, you may want to change the - precedence rules within <filename>/etc/gai.conf</filename>.</para> + precedence rules within <filename>/etc/gai.conf</filename> (see <xref + endterm="precedence-gai-title" linkend="precedence-gai" />) or use another + prefix (see <xref endterm="precedence-6to4-title" + linkend="precedence-6to4" />).</para> + + <section id="precedence-gai"> + <title id="precedence-gai-title">Change gai.conf</title> - <note> <para>The getaddrinfo() library function manages lists of label, precedence, and scope4 type entries. If the <filename>/etc/gai.conf</filename> file does not provide a single entry @@ -251,40 +256,60 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- to uncomment all entries of a particular type for this. The <quote>label</quote> lines compare source addresses, the <quote>precedence</quote> lines compare destination addresses.</para> - </note> - <procedure> - <title>Change IPv6 Precedence</title> - - <step> - <para>Open the <filename>/etc/gai.conf</filename> file as root user, - e.g. by executing <userinput>sudo nano - /etc/gai.conf</userinput>.</para> - </step> - - <step> - <para>Remove the leading hash character from the 8 lines starting with - <quote>#label</quote>.</para> - </step> - - <step> - <para>Re-add the hash character to the line stating <quote>#label - fc00::/7 6</quote>.</para> - </step> - - <step> - <para>Save the file.</para> - </step> - - <step> - <para>Restart your browser and re-try to browse to a multi-homed web - site.</para> - </step> - </procedure> - - <para>The above procedure removes the difference between standard IPv6 - source addresses and ULA type private IPv6 source addresses. Anything else - is unchanged.</para> + <procedure> + <title>Change IPv6 Precedence</title> + + <step> + <para>Open the <filename>/etc/gai.conf</filename> file as root user, + e.g. by executing <userinput>sudo nano + /etc/gai.conf</userinput>.</para> + </step> + + <step> + <para>Remove the leading hash character from the 8 lines starting + with <quote>#label</quote>.</para> + </step> + + <step> + <para>Re-add the hash character to the line stating <quote>#label + fc00::/7 6</quote>.</para> + </step> + + <step> + <para>Save the file.</para> + </step> + + <step> + <para>Restart your browser and re-try to browse to a multi-homed web + site.</para> + </step> + </procedure> + + <para>The above procedure removes the difference between standard IPv6 + source addresses and ULA type private IPv6 source addresses. Anything + else is unchanged.</para> + </section> + + <section id="precedence-6to4"> + <title id="precedence-6to4-title">Use 6to4 Internal Address</title> + + <para>As an alternative solution, you may use 6to4 addresses in your + LAN. While the well known IPv4 adresses 10.0.0.0/8, 172.16.0.0/12, and + 192.168.0.0/16 still exist, it is unlikely that their 6to4 counterparts + 2002:0a00::/24, 2002:ac10::/28, and 2002:c0a8::/32 will be routed on the + Internet. Because 6to4 adresses are part of the official 2002::/3 + address prefix for the Internet, no difference between these addresses + and other Internet addresses are made by getaddrinfo().</para> + + <para>If you already deployed ULA adresses in your network, you may be + interested in a solution that runs on my Freifunk router. The router + uses the IPv4 192.168.65.65/26 on it's LAN interface. The OLSR-based + mesh network uses an fdca:ffee:babe::/64 prefix. The following internal + mapping is configured for this: </para> + + <programlisting></programlisting> + </section> </section> <section id="motivation"> diff --git a/ip6t_MAP66.c b/ip6t_MAP66.c index 5f94f81..6446927 100644 --- a/ip6t_MAP66.c +++ b/ip6t_MAP66.c @@ -165,7 +165,6 @@ static bool MAP66_tg6_check( { const struct ip6t_MAP66_info *info = par->targinfo; - if (0 == ((IP6T_MAP66_OPT_DST_TO | IP6T_MAP66_OPT_SRC_TO) & info->mapflags)) { printk("MAP66: No --" IP6T_MAP66_DST_TO " nor --" IP6T_MAP66_SRC_TO "\n"); return false; diff --git a/libip6t_MAP66.c b/libip6t_MAP66.c index 219252d..a5502c3 100644 --- a/libip6t_MAP66.c +++ b/libip6t_MAP66.c @@ -100,6 +100,7 @@ static int MAP66_parse( xtables_error(PARAMETER_PROBLEM, "Multiple --" IP6T_MAP66_DST_TO " not supported"); } *flags |= IP6T_MAP66_OPT_DST_TO; + info->mapflags |= IP6T_MAP66_OPT_DST_TO; if (NULL == (p = strchr(optarg, '/'))) { xtables_error(PARAMETER_PROBLEM, "Missing '/' character in --" IP6T_MAP66_DST_TO ": \"%s\"", optarg); } @@ -130,6 +131,7 @@ static int MAP66_parse( xtables_error(PARAMETER_PROBLEM, "Multiple --" IP6T_MAP66_SRC_TO " not supported"); } *flags |= IP6T_MAP66_OPT_SRC_TO; + info->mapflags |= IP6T_MAP66_OPT_SRC_TO; if (NULL == (p = strchr(optarg, '/'))) { xtables_error(PARAMETER_PROBLEM, "Missing '/' character in --" IP6T_MAP66_SRC_TO ": \"%s\"", optarg); } |