Idea to think about: --salt 3b5b91c5a2 XOR client addresses for some more privacy the salt can be added e.g. when restarting router/iptables or may be generated for a particular host once. Purpose: hide MAC addresses behind the address mapping gateway Check compat with tcpdump. Linux2.4 needs to copy skb() for that, but it oopses Update csum, see http://www.faqs.org/rfcs/rfc1624.html for these protos (see http://www.firstpr.com.au/ip/ivip/checksums/ ): IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP, IPPROTO_AH?, IPPROTO_ICMPV6, IPPROTO_UDPLITE break NEXTHDR_NONE Evnt mit ipv6_gso_pull_exthdrs() oder ipv6_find_hdr() oder nf_ct_ipv6_skip_exthdr() Evnt linux-2.4: mit ipv6_skip_exthdr() unsigned int ptr = skb_network_offset(skb) + sizeof(struct ipv6hdr); u_int8_t c = ipv6hdr.nexthdr; while (c != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) { const struct ipv6_opt_hdr *hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr); switch(c) { case IPPROTO_FRAGMENT: hdrlen = 8; break; case IPPROTO_DSTOPTS: case IPPROTO_ROUTING: case IPPROTO_HOPOPTS: hdrlen = ipv6_optlen(hp); break; case IPPROTO_AH: hdrlen = (hp->hdrlen+2)<<2; break; default: return; } c = hp->nexthdr; ptr += hdrlen; } gai.conf ip ranges: ::1/128 0 (localhost) ::/0 1 (?all IPv6, including global unicast?) 2002::/16 2 (6to4) ::/96 3 (ipv4 compat, deprecated) ::ffff:0:0/96 4 (ipv4 mapped) fec0::/10 5 (ubuntu, site local unicast, deprecated) fc00::/7 6 (ubuntu, unique local unicast) 2001:0::/32 7 (ubuntu, teredo) 2000::/3 (global unicast) 2001::/16 (for ISPs) 2001:db8::/32 (doku) 3ffe::/16 (6bone)