if_stf bug/feature
SUZUKI Shinsuke
suz at crl.hitachi.co.jp
Thu May 6 00:01:05 PDT 2004
Hello, and Sorry for a delayed answer.
>>>>> On Tue, 4 May 2004 20:16:20 +0200
>>>>> Lukasz.Stelmach at telmark.waw.pl(Lukasz Stelmach) said:
> stf interface has one feature, very inconvinient for me. As far as i could
> read the source it returns ENETDOWN if the inet4 address of the machine's
> net interface (primary or the one would be used) does not match proper
> part of stf's address. This is ok if one has public, routable ip4 address.
> Since my machine is behind a firewall that forwards and nats all proto
> 41 ip packets I'd rather stf didn't complain about it.
>
> Now what would you suggest? I may comment out the "if" in if_stf.c:348.
> However this check should be done in general but there also should be
> some at-runtime method to overide it (maybe sysctl
> net.inet6.ip6.strictstfaddr?).
6to4 is not designed for a node with private IPv4 address, as is
hexplicitly stated in section 2 of RFC3056.
Suppose that a subscriber site has at least one valid, globally
unique 32-bit IPv4 address, referred to in this document as V4ADDR.
This address MUST be duly allocated to the site by an address
registry (possibly via a service provider) and it MUST NOT be a
private address [RFC 1918].
So my suggestion to tackle such situation in FreeBSD-4.x is either of
the following two.
- configure a static gif tunnel toward a site.
Although it's a "static" tunnel, some site provides a tool
to automatically configure gif tunnel even behind NAT
(e.g. ports/net/freenet6)
- enable 6to4 on your NAT-box and let it advertise an IPv6
prefix (if not possible, please ask the vendor to support
such feature! :-))
Thanks,
----
SUZUKI, Shinsuke @ Hitachi / KAME Project
More information about the freebsd-net
mailing list