Idea to think about: --salt 3b5b91c5a2 XOR client addresses for some more privacy
the salt can be added e.g. when restarting router/iptables or may be generated for
a particular host once. Purpose: hide MAC addresses behind the address mapping
gateway 

Check compat with tcpdump. Linux2.4 needs to copy skb() for that, but it oopses

Update csum, see http://www.faqs.org/rfcs/rfc1624.html for these
protos (see http://www.firstpr.com.au/ip/ivip/checksums/ ):

IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP, IPPROTO_AH?, IPPROTO_ICMPV6, IPPROTO_UDPLITE
break NEXTHDR_NONE

Evnt mit ipv6_gso_pull_exthdrs() oder ipv6_find_hdr() oder nf_ct_ipv6_skip_exthdr()
Evnt linux-2.4: mit ipv6_skip_exthdr()

unsigned int ptr = skb_network_offset(skb) + sizeof(struct ipv6hdr);
u_int8_t c = ipv6hdr.nexthdr;
while (c != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) {
  const struct ipv6_opt_hdr *hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
  switch(c) {
    case IPPROTO_FRAGMENT:
      hdrlen = 8;
      break;
    case IPPROTO_DSTOPTS:
    case IPPROTO_ROUTING:
    case IPPROTO_HOPOPTS:
      hdrlen = ipv6_optlen(hp);
      break;
    case IPPROTO_AH:
      hdrlen = (hp->hdrlen+2)<<2;
      break;
    default:
      return;
  }
  c = hp->nexthdr;
  ptr += hdrlen;
}

gai.conf ip ranges:
::1/128       0	(localhost)
::/0          1	(?all IPv6, including global unicast?)
2002::/16     2	(6to4)
::/96         3	(ipv4 compat, deprecated)
::ffff:0:0/96 4	(ipv4 mapped)
fec0::/10     5	(ubuntu, site local unicast, deprecated)
fc00::/7      6	(ubuntu, unique local unicast)
2001:0::/32   7	(ubuntu, teredo)

2000::/3	(global unicast)
2001::/16	(for ISPs)
2001:db8::/32	(doku)
3ffe::/16	(6bone)