summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile2
-rw-r--r--README.dbk49
-rw-r--r--README.txt44
3 files changed, 82 insertions, 13 deletions
diff --git a/Makefile b/Makefile
index f7704aa..dbfc552 100644
--- a/Makefile
+++ b/Makefile
@@ -30,5 +30,5 @@ README.txt: README.dbk
xmlto text README.dbk
README.html: README.dbk
- xmlto xhtml README.dbk
+ xmlto xhtml-nochunks README.dbk
diff --git a/README.dbk b/README.dbk
index 7fc6aff..3e8ff18 100644
--- a/README.dbk
+++ b/README.dbk
@@ -175,13 +175,52 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-
</section>
<section>
- <title>Hints (Chapter is To-do)</title>
+ <title>IPv6/IPv4 Precedence</title>
- <para>Note on ubuntu. One needs to enable prefer-family in /etc/wgetrc. after this e.g. "wget -O /dev/null
- http://ftp.se.debian.org" should connect to the IPv6 addrs of that server. Alternative: change presedence of ULAs in
- /etc/gai.conf</para>
+ <para>With (EKU)buntu and eventually with RedHat, you will notice that your browser does not show the IPv6 version of a web
+ site that is multi-homed when using ULA addresses for your IPv6 Internet connection. The reason for this is an add on to the
+ RFC 3484 rules that is compiled into the (EKU)buntu libc. The pre-installed <filename>/etc/gai.conf</filename> file will
+ give you a hint on this.</para>
- <para>Idea to think about: --salt 3b5b91c5a2 XOR client addresses for some more privacy</para>
+ <para>In short: the getaddrinfo() library function rates a private IPv4 address higher than the ULA IPv6 address when
+ choosing the transport protocol for a new Internet connection if this add on to the RFC 3484 rules is compiled in. For this
+ reason, you may want to change the precedence rules within <filename>/etc/gai.conf</filename>.</para>
+
+ <note>
+ <para>The getaddrinfo() library function manages lists of label, precedence, and scope4 type entries. If the
+ <filename>/etc/gai.conf</filename> file does not provide a single entry for a particular type, the compiled-in list is
+ used. For this reason, you cannot uncomment a single entry to overwrite the default. You need to uncomment all entries of
+ a particular type for this. The <quote>label</quote> lines compare source addresses, the precedence lines compare
+ <quote>destination</quote> addresses.</para>
+ </note>
+
+ <procedure>
+ <title>Change IPv6 Precedence</title>
+
+ <step>
+ <para>Open the <filename>/etc/gai.conf</filename> file as root user, e.g. by executing <userinput>sudo nano
+ /etc/gai.conf</userinput>.</para>
+ </step>
+
+ <step>
+ <para>Remove the leading hash character from the 8 lines starting with <quote>#label</quote>.</para>
+ </step>
+
+ <step>
+ <para>Re-add the hash character to the line stating <quote>#label fc00::/7 6</quote>.</para>
+ </step>
+
+ <step>
+ <para>Save the file.</para>
+ </step>
+
+ <step>
+ <para>Restart your browser and re-try to browse to a multi-homed web site.</para>
+ </step>
+ </procedure>
+
+ <para>The above procedure removes the difference between standard IPv6 source addresses and ULA type private IPv6 source
+ addresses. Anything else is unchanged.</para>
</section>
<section id="motivation">
diff --git a/README.txt b/README.txt
index 2e2eaf0..57abc4a 100644
--- a/README.txt
+++ b/README.txt
@@ -17,7 +17,7 @@ Configuration
Brief Version
Detailed Version
-Hints (Chapter is To-do)
+IPv6/IPv4 Precedence
Motivation
These files implement a Linux netfilter target that changes the IPv6 address of
@@ -186,14 +186,44 @@ address, you will get the answer packet back via the 6-to-4 interface. If the
above address mapping is configured, you ping one IPv6 address and get the
answer from another IPv6 address...
-Hints (Chapter is To-do)
+IPv6/IPv4 Precedence
-Note on ubuntu. One needs to enable prefer-family in /etc/wgetrc. after this
-e.g. "wget -O /dev/null http://ftp.se.debian.org" should connect to the IPv6
-addrs of that server. Alternative: change presedence of ULAs in /etc/gai.conf
+With (EKU)buntu and eventually with RedHat, you will notice that your browser
+does not show the IPv6 version of a web site that is multi-homed when using ULA
+addresses for your IPv6 Internet connection. The reason for this is an add on
+to the RFC 3484 rules that is compiled into the (EKU)buntu libc. The
+pre-installed /etc/gai.conf file will give you a hint on this.
-Idea to think about: --salt 3b5b91c5a2 XOR client addresses for some more
-privacy
+In short: the getaddrinfo() library function rates a private IPv4 address
+higher than the ULA IPv6 address when choosing the transport protocol for a new
+Internet connection if this add on to the RFC 3484 rules is compiled in. For
+this reason, you may want to change the precedence rules within /etc/gai.conf.
+
+Note
+
+The getaddrinfo() library function manages lists of label, precedence, and
+scope4 type entries. If the /etc/gai.conf file does not provide a single entry
+for a particular type, the compiled-in list is used. For this reason, you
+cannot uncomment a single entry to overwrite the default. You need to uncomment
+all entries of a particular type for this. The “label” lines compare source
+addresses, the precedence lines compare “destination” addresses.
+
+Procedure 1. Change IPv6 Precedence
+
+ 1. Open the /etc/gai.conf file as root user, e.g. by executing sudo nano /etc/
+ gai.conf.
+
+ 2. Remove the leading hash character from the 8 lines starting with “#label”.
+
+ 3. Re-add the hash character to the line stating “#label fc00::/7 6”.
+
+ 4. Save the file.
+
+ 5. Restart your browser and re-try to browse to a multi-homed web site.
+
+The above procedure removes the difference between standard IPv6 source
+addresses and ULA type private IPv6 source addresses. Anything else is
+unchanged.
Motivation