summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.dbk119
-rw-r--r--ip6t_MAP66.c1
-rw-r--r--libip6t_MAP66.c2
3 files changed, 74 insertions, 48 deletions
diff --git a/README.dbk b/README.dbk
index 5009c94..4c58cb5 100644
--- a/README.dbk
+++ b/README.dbk
@@ -41,8 +41,8 @@
may cause oopses.</para>
</warning>
- <section>
- <title>Installation</title>
+ <section id="install">
+ <title id="install-title">Installation</title>
<para>MAP66 implements two pieces of software: a shared library that
extends the ip6tables command and a Linux kernel module. The shared
@@ -70,8 +70,8 @@
</note>
</section>
- <section>
- <title>DKMS Integration</title>
+ <section id="dkms">
+ <title id="dkms-title">DKMS Integration</title>
<para>If the next system update needs to install a new kernel version, you
also need to re-compile/re-install the MAP66 kernel module. With
@@ -94,11 +94,11 @@ sudo dkms install -m ip6t_MAP66 -v &VERSION;</programlisting>
url="Read DKMS details here: https://wiki.kubuntu.org/Kernel/Dev/DKMSPackaging">https://wiki.kubuntu.org/Kernel/Dev/DKMSPackaging</ulink></para>
</section>
- <section>
- <title>Configuration</title>
+ <section id="config">
+ <title id="config-title">Configuration</title>
- <section>
- <title>Brief Version</title>
+ <section id="config-brief">
+ <title id="config-brief-title">Brief Version</title>
<para>You always need to add two ip6tables-rules to your netfilter
configuration. One rule matches outgoing packets and changes their IPv6
@@ -128,8 +128,8 @@ ip6tables -t mangle -I PREROUTING -i eth0 -d 2001:0DB8:0001::/48 -j MAP66 &OPTD
this.</para>
</section>
- <section>
- <title>Detailed Version</title>
+ <section id="config-detailed">
+ <title id="config-detailed-title">Detailed Version</title>
<para>The following explanation details a living example from the
wireless mesh network that is mentioned under <xref
@@ -225,8 +225,8 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-
</section>
</section>
- <section>
- <title>IPv6/IPv4 Precedence</title>
+ <section id="precedence">
+ <title id="precedence-title">IPv6/IPv4 Precedence</title>
<para>With (EKU)buntu and eventually with RedHat, you will notice that
your browser does not show the IPv6 version of a web site that is
@@ -240,9 +240,14 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-
address higher than the ULA IPv6 address when choosing the transport
protocol for a new Internet connection if this add on to the RFC 3484
rules is compiled in. For this reason, you may want to change the
- precedence rules within <filename>/etc/gai.conf</filename>.</para>
+ precedence rules within <filename>/etc/gai.conf</filename> (see <xref
+ endterm="precedence-gai-title" linkend="precedence-gai" />) or use another
+ prefix (see <xref endterm="precedence-6to4-title"
+ linkend="precedence-6to4" />).</para>
+
+ <section id="precedence-gai">
+ <title id="precedence-gai-title">Change gai.conf</title>
- <note>
<para>The getaddrinfo() library function manages lists of label,
precedence, and scope4 type entries. If the
<filename>/etc/gai.conf</filename> file does not provide a single entry
@@ -251,40 +256,60 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-
to uncomment all entries of a particular type for this. The
<quote>label</quote> lines compare source addresses, the
<quote>precedence</quote> lines compare destination addresses.</para>
- </note>
- <procedure>
- <title>Change IPv6 Precedence</title>
-
- <step>
- <para>Open the <filename>/etc/gai.conf</filename> file as root user,
- e.g. by executing <userinput>sudo nano
- /etc/gai.conf</userinput>.</para>
- </step>
-
- <step>
- <para>Remove the leading hash character from the 8 lines starting with
- <quote>#label</quote>.</para>
- </step>
-
- <step>
- <para>Re-add the hash character to the line stating <quote>#label
- fc00::/7 6</quote>.</para>
- </step>
-
- <step>
- <para>Save the file.</para>
- </step>
-
- <step>
- <para>Restart your browser and re-try to browse to a multi-homed web
- site.</para>
- </step>
- </procedure>
-
- <para>The above procedure removes the difference between standard IPv6
- source addresses and ULA type private IPv6 source addresses. Anything else
- is unchanged.</para>
+ <procedure>
+ <title>Change IPv6 Precedence</title>
+
+ <step>
+ <para>Open the <filename>/etc/gai.conf</filename> file as root user,
+ e.g. by executing <userinput>sudo nano
+ /etc/gai.conf</userinput>.</para>
+ </step>
+
+ <step>
+ <para>Remove the leading hash character from the 8 lines starting
+ with <quote>#label</quote>.</para>
+ </step>
+
+ <step>
+ <para>Re-add the hash character to the line stating <quote>#label
+ fc00::/7 6</quote>.</para>
+ </step>
+
+ <step>
+ <para>Save the file.</para>
+ </step>
+
+ <step>
+ <para>Restart your browser and re-try to browse to a multi-homed web
+ site.</para>
+ </step>
+ </procedure>
+
+ <para>The above procedure removes the difference between standard IPv6
+ source addresses and ULA type private IPv6 source addresses. Anything
+ else is unchanged.</para>
+ </section>
+
+ <section id="precedence-6to4">
+ <title id="precedence-6to4-title">Use 6to4 Internal Address</title>
+
+ <para>As an alternative solution, you may use 6to4 addresses in your
+ LAN. While the well known IPv4 adresses 10.0.0.0/8, 172.16.0.0/12, and
+ 192.168.0.0/16 still exist, it is unlikely that their 6to4 counterparts
+ 2002:0a00::/24, 2002:ac10::/28, and 2002:c0a8::/32 will be routed on the
+ Internet. Because 6to4 adresses are part of the official 2002::/3
+ address prefix for the Internet, no difference between these addresses
+ and other Internet addresses are made by getaddrinfo().</para>
+
+ <para>If you already deployed ULA adresses in your network, you may be
+ interested in a solution that runs on my Freifunk router. The router
+ uses the IPv4 192.168.65.65/26 on it's LAN interface. The OLSR-based
+ mesh network uses an fdca:ffee:babe::/64 prefix. The following internal
+ mapping is configured for this: </para>
+
+ <programlisting></programlisting>
+ </section>
</section>
<section id="motivation">
diff --git a/ip6t_MAP66.c b/ip6t_MAP66.c
index 5f94f81..6446927 100644
--- a/ip6t_MAP66.c
+++ b/ip6t_MAP66.c
@@ -165,7 +165,6 @@ static bool MAP66_tg6_check(
{
const struct ip6t_MAP66_info *info = par->targinfo;
-
if (0 == ((IP6T_MAP66_OPT_DST_TO | IP6T_MAP66_OPT_SRC_TO) & info->mapflags)) {
printk("MAP66: No --" IP6T_MAP66_DST_TO " nor --" IP6T_MAP66_SRC_TO "\n");
return false;
diff --git a/libip6t_MAP66.c b/libip6t_MAP66.c
index 219252d..a5502c3 100644
--- a/libip6t_MAP66.c
+++ b/libip6t_MAP66.c
@@ -100,6 +100,7 @@ static int MAP66_parse(
xtables_error(PARAMETER_PROBLEM, "Multiple --" IP6T_MAP66_DST_TO " not supported");
}
*flags |= IP6T_MAP66_OPT_DST_TO;
+ info->mapflags |= IP6T_MAP66_OPT_DST_TO;
if (NULL == (p = strchr(optarg, '/'))) {
xtables_error(PARAMETER_PROBLEM, "Missing '/' character in --" IP6T_MAP66_DST_TO ": \"%s\"", optarg);
}
@@ -130,6 +131,7 @@ static int MAP66_parse(
xtables_error(PARAMETER_PROBLEM, "Multiple --" IP6T_MAP66_SRC_TO " not supported");
}
*flags |= IP6T_MAP66_OPT_SRC_TO;
+ info->mapflags |= IP6T_MAP66_OPT_SRC_TO;
if (NULL == (p = strchr(optarg, '/'))) {
xtables_error(PARAMETER_PROBLEM, "Missing '/' character in --" IP6T_MAP66_SRC_TO ": \"%s\"", optarg);
}