diff options
-rw-r--r-- | README.dbk | 4 | ||||
-rw-r--r-- | README.html | 8 | ||||
-rw-r--r-- | README.txt | 4 | ||||
-rw-r--r-- | ip6t_MAP66.c | 12 | ||||
-rw-r--r-- | ip6t_MAP66.h | 2 | ||||
-rw-r--r-- | libip6t_MAP66.c | 16 |
6 files changed, 23 insertions, 23 deletions
@@ -308,8 +308,8 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- OLSR-based mesh network, any interface uses an fdca:ffee:babe::/64 prefix. The following internal mapping is configured for this: </para> - <programlisting>ip6tables -t mangle -I PREROUTING -i br0 -s 2002:c0a8:4141::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --unbalanced -ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2002:c0a8:4141::/64 --unbalanced</programlisting> + <programlisting>ip6tables -t mangle -I PREROUTING -i br0 -s 2002:c0a8:4141::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum +ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2002:c0a8:4141::/64 --csum</programlisting> </section> </section> diff --git a/README.html b/README.html index 75d1e91..337f6ca 100644 --- a/README.html +++ b/README.html @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>MAP66 (NAT from IPv6 to IPv6, NAT66) for Linux</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="MAP66 (NAT from IPv6 to IPv6, NAT66) for Linux"><div class="titlepage"><div><div><h2 class="title"><a id="id2830125"></a>MAP66 (NAT from IPv6 to IPv6, NAT66) for Linux</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Sven-Ola</span> <span class="surname">Tuecke</span></h3><div class="affiliation"><span class="orgname">Freifunk<br /></span></div></div></div><div><p class="pubdate">13-OCT-2010</p></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="#install">Installation</a></span></dt><dt><span class="section"><a href="#dkms">DKMS Integration</a></span></dt><dt><span class="section"><a href="#config">Configuration</a></span></dt><dd><dl><dt><span class="section"><a href="#config-brief">Brief Version</a></span></dt><dt><span class="section"><a href="#config-detailed">Detailed Version</a></span></dt></dl></dd><dt><span class="section"><a href="#precedence">IPv6/IPv4 Precedence</a></span></dt><dd><dl><dt><span class="section"><a href="#precedence-gai">Change gai.conf</a></span></dt><dt><span class="section"><a href="#precedence-6to4">Use 6to4 Internal Address</a></span></dt></dl></dd><dt><span class="section"><a href="#motivation">Motivation</a></span></dt></dl></div><p>These files implement a Linux netfilter target that changes the IPv6 +<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>MAP66 (NAT from IPv6 to IPv6, NAT66) for Linux</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="MAP66 (NAT from IPv6 to IPv6, NAT66) for Linux"><div class="titlepage"><div><div><h2 class="title"><a id="id2964483"></a>MAP66 (NAT from IPv6 to IPv6, NAT66) for Linux</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Sven-Ola</span> <span class="surname">Tuecke</span></h3><div class="affiliation"><span class="orgname">Freifunk<br /></span></div></div></div><div><p class="pubdate">13-OCT-2010</p></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="#install">Installation</a></span></dt><dt><span class="section"><a href="#dkms">DKMS Integration</a></span></dt><dt><span class="section"><a href="#config">Configuration</a></span></dt><dd><dl><dt><span class="section"><a href="#config-brief">Brief Version</a></span></dt><dt><span class="section"><a href="#config-detailed">Detailed Version</a></span></dt></dl></dd><dt><span class="section"><a href="#precedence">IPv6/IPv4 Precedence</a></span></dt><dd><dl><dt><span class="section"><a href="#precedence-gai">Change gai.conf</a></span></dt><dt><span class="section"><a href="#precedence-6to4">Use 6to4 Internal Address</a></span></dt></dl></dd><dt><span class="section"><a href="#motivation">Motivation</a></span></dt></dl></div><p>These files implement a Linux netfilter target that changes the IPv6 address of packets. The address change is done checksum neutral, thus no checksum re-calculation for the packet is necessary. You can change the IPv6 source address of outgoing packets as well as the IPv6 destination address @@ -135,7 +135,7 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- you cannot uncomment a single entry to overwrite the default. You need to uncomment all entries of a particular type for this. The <span class="quote">“<span class="quote">label</span>”</span> lines compare source addresses, the - <span class="quote">“<span class="quote">precedence</span>”</span> lines compare destination addresses.</p><div class="procedure" title="Procedure 1. Change IPv6 Precedence"><a id="id2877432"></a><p class="title"><b>Procedure 1. Change IPv6 Precedence</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>Open the <code class="filename">/etc/gai.conf</code> file as root user, + <span class="quote">“<span class="quote">precedence</span>”</span> lines compare destination addresses.</p><div class="procedure" title="Procedure 1. Change IPv6 Precedence"><a id="id3013740"></a><p class="title"><b>Procedure 1. Change IPv6 Precedence</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>Open the <code class="filename">/etc/gai.conf</code> file as root user, e.g. by executing <strong class="userinput"><code>sudo nano /etc/gai.conf</code></strong>.</p></li><li class="step" title="Step 2"><p>Remove the leading hash character from the 8 lines starting with <span class="quote">“<span class="quote">#label</span>”</span>.</p></li><li class="step" title="Step 3"><p>Re-add the hash character to the line stating <span class="quote">“<span class="quote">#label @@ -152,8 +152,8 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- interested in a solution that runs on my Freifunk router. The router uses the IPv4 192.168.65.65/26 on it's LAN interface. WIthin the OLSR-based mesh network, any interface uses an fdca:ffee:babe::/64 - prefix. The following internal mapping is configured for this: </p><pre class="programlisting">ip6tables -t mangle -I PREROUTING -i br0 -s 2002:c0a8:4141::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --unbalanced -ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2002:c0a8:4141::/64 --unbalanced</pre></div></div><div class="section" title="Motivation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="motivation"></a>Motivation</h2></div></div></div><p>My Internet access at home is realized by a wireless community mesh + prefix. The following internal mapping is configured for this: </p><pre class="programlisting">ip6tables -t mangle -I PREROUTING -i br0 -s 2002:c0a8:4141::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum +ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2002:c0a8:4141::/64 --csum</pre></div></div><div class="section" title="Motivation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="motivation"></a>Motivation</h2></div></div></div><p>My Internet access at home is realized by a wireless community mesh network not owned by me. The mesh is operated with small embedded devices (nodes aka. WLAN routers) that are interconnected via radio links (WLAN IBSS / AdHoc). Routing is done with a specialized protocol such as Batman @@ -251,8 +251,8 @@ a solution that runs on my Freifunk router. The router uses the IPv4 interface uses an fdca:ffee:babe::/64 prefix. The following internal mapping is configured for this: -ip6tables -t mangle -I PREROUTING -i br0 -s 2002:c0a8:4141::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --unbalanced -ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2002:c0a8:4141::/64 --unbalanced +ip6tables -t mangle -I PREROUTING -i br0 -s 2002:c0a8:4141::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum +ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2002:c0a8:4141::/64 --csum Motivation diff --git a/ip6t_MAP66.c b/ip6t_MAP66.c index 30a83fc..66f5172 100644 --- a/ip6t_MAP66.c +++ b/ip6t_MAP66.c @@ -156,7 +156,7 @@ static unsigned int MAP66_tg6( if (0 != (IP6T_MAP66_OPT_NOCHECK & info->mapflags) || !is_my_ipv6_addr( NF_INET_PRE_ROUTING == par->hooknum ? par->in : par->out, &hdr->daddr)) { - if (0 != (IP6T_MAP66_OPT_UNBALANCED & info->mapflags)) { + if (0 != (IP6T_MAP66_OPT_CSUM & info->mapflags)) { memcpy(&hdr->daddr, &info->pfix_dst_to, sizeof(u_int16_t) * info->pfix_dst_len); } else { @@ -167,7 +167,7 @@ static unsigned int MAP66_tg6( if (0 != (IP6T_MAP66_OPT_SRC_TO & info->mapflags)) { pr_devel("MAP66: SRC_TO, ip_summed=%d\n", skb->ip_summed); - if (0 != (IP6T_MAP66_OPT_UNBALANCED & info->mapflags)) { + if (0 != (IP6T_MAP66_OPT_CSUM & info->mapflags)) { memcpy(&hdr->saddr, &info->pfix_src_to, sizeof(u_int16_t) * info->pfix_src_len); } else { @@ -199,10 +199,10 @@ static bool MAP66_tg6_check( } if (0 != (IP6T_MAP66_OPT_DST_TO & info->mapflags) && (0 >= info->pfix_dst_len || - (0 != (IP6T_MAP66_OPT_UNBALANCED & info->mapflags) ? 8 : 7) < info->pfix_dst_len)) + (0 != (IP6T_MAP66_OPT_CSUM & info->mapflags) ? 8 : 7) < info->pfix_dst_len)) { if (8 == info->pfix_dst_len) { - printk("MAP66: --" IP6T_MAP66_DST_TO " prefix length /%d only possible with --unbalanced\n", 16 * info->pfix_dst_len); + printk("MAP66: --" IP6T_MAP66_DST_TO " prefix length /%d only possible with --csum\n", 16 * info->pfix_dst_len); } else { printk("MAP66: Unsupported --" IP6T_MAP66_DST_TO " prefix length /%d\n", 16 * info->pfix_dst_len); @@ -211,10 +211,10 @@ static bool MAP66_tg6_check( } if (0 != (IP6T_MAP66_OPT_SRC_TO & info->mapflags) && (0 >= info->pfix_src_len || - (0 != (IP6T_MAP66_OPT_UNBALANCED & info->mapflags) ? 8 : 7) < info->pfix_src_len)) + (0 != (IP6T_MAP66_OPT_CSUM & info->mapflags) ? 8 : 7) < info->pfix_src_len)) { if (8 == info->pfix_src_len) { - printk("MAP66: --" IP6T_MAP66_SRC_TO " prefix length /%d only possible with --unbalanced\n", 16 * info->pfix_src_len); + printk("MAP66: --" IP6T_MAP66_SRC_TO " prefix length /%d only possible with --csum\n", 16 * info->pfix_src_len); } else { printk("MAP66: Unsupported --" IP6T_MAP66_SRC_TO " prefix length /%d\n", 16 * info->pfix_src_len); diff --git a/ip6t_MAP66.h b/ip6t_MAP66.h index 482ac8c..b29592c 100644 --- a/ip6t_MAP66.h +++ b/ip6t_MAP66.h @@ -13,7 +13,7 @@ #define IP6T_MAP66_OPT_DST_TO 0x01 #define IP6T_MAP66_OPT_SRC_TO 0x02 #define IP6T_MAP66_OPT_NOCHECK 0x04 -#define IP6T_MAP66_OPT_UNBALANCED 0x08 +#define IP6T_MAP66_OPT_CSUM 0x08 struct ip6t_MAP66_info { struct in6_addr pfix_dst_to; /* The prefix to map destination addrs to */ diff --git a/libip6t_MAP66.c b/libip6t_MAP66.c index 0639646..647a92d 100644 --- a/libip6t_MAP66.c +++ b/libip6t_MAP66.c @@ -65,7 +65,7 @@ static void MAP66_help(void) " --" IP6T_MAP66_DST_TO " ipv6addr/prefixlength (Prefix to map IPv6 destination address to)\n" " --" IP6T_MAP66_SRC_TO " ipv6addr/prefixlength (Prefix to map IPv6 source address to)\n" " --nocheck (Disables the do-not-map-to-my-addr check)\n" -" --unbalanced (Don't balance address for csum neutrality)\n" +" --csum (No csum neutral address change, calc csum)\n" "\n" "Note: you need two ip6tables rules to map an internal network\n" "using ULAs to/from external network with official IPv6 address.\n" @@ -160,11 +160,11 @@ static int MAP66_parse( return 1; break; case '4': - if (0 != (IP6T_MAP66_OPT_UNBALANCED & *flags)) { - xtables_error(PARAMETER_PROBLEM, "Multiple --unbalanced not supported"); + if (0 != (IP6T_MAP66_OPT_CSUM & *flags)) { + xtables_error(PARAMETER_PROBLEM, "Multiple --csum not supported"); } - info->mapflags |= IP6T_MAP66_OPT_UNBALANCED; - *flags |= IP6T_MAP66_OPT_UNBALANCED; + info->mapflags |= IP6T_MAP66_OPT_CSUM; + *flags |= IP6T_MAP66_OPT_CSUM; return 1; break; } @@ -193,8 +193,8 @@ static void MAP66_save( if (0 != (IP6T_MAP66_OPT_NOCHECK & info->mapflags)) { printf("--nocheck "); } - if (0 != (IP6T_MAP66_OPT_UNBALANCED & info->mapflags)) { - printf("--unbalanced "); + if (0 != (IP6T_MAP66_OPT_CSUM & info->mapflags)) { + printf("--csum "); } } @@ -202,7 +202,7 @@ static struct option MAP66_opts[] = { { .name = IP6T_MAP66_DST_TO, .has_arg = 1, .flag = NULL, .val = '1' }, { .name = IP6T_MAP66_SRC_TO, .has_arg = 1, .flag = NULL, .val = '2' }, { .name = "nocheck", .has_arg = 0, .flag = NULL, .val = '3' }, - { .name = "unbalanced", .has_arg = 0, .flag = NULL, .val = '4' }, + { .name = "csum", .has_arg = 0, .flag = NULL, .val = '4' }, { .name = NULL } }; |