6to4, stf and shoebox NAT routers

Lapo Luchini lapo at lapo.it
Fri Aug 3 08:20:08 UTC 2007

Hajimu UMEMOTO wrote:
> I posted my proposed patch to current@ for review in the past.  But,
> no one responded.  Could you test this?  This is for 6-CURRENT at Feb 1.
> If it doesn't apply cleanly, please let me know.

It applied cleanly to 6.2-STABLE and seems to work perfectly... outbound
at least.

I have a box at home called cyberx which has static IPv4 but is NATted
(and is thus using your patch).
The other test box is a server called motoko which has static IPv4
assigned to one of his interfaces directly (no patches here).

The wl500g router correctly forwards the protocol 41 packets to cyberx.

Pinging from cyberx to motoko (and using tcpdump on both) I can see that:
a. cyberx if producing correct IPv4 packets that are from his local
NATted address to the real motoko address, but containing a IPv6 packet
that contains the '2002:'-encoding of both real IPv4 addresses
b. motoko is receiving the echo request correctly
c. motoko is sending the echo reply correctly
d. cyberx is receiving the echo reply encapsulated in IPv4 packets correctly
e. cyberx's stf0 interface IS NOT RECEIVING his IPv6 echo reply
f. the 'ping' command thinks that all packets are lost

Does you patch address incoming packets too?
Can I do some ipfw magic to convince stf to receive also incoming
packets with a mismatched IPv4-IPv6 address?


More information about the freebsd-hackers mailing list