Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NAT64 support #722

Merged
merged 1 commit into from May 1, 2023
Merged

NAT64 support #722

merged 1 commit into from May 1, 2023
+528 −17

Conversation

eqvinox
Copy link
Contributor

@eqvinox eqvinox commented Jul 23, 2022
edited

This implements #721. It's not really polished but does work.

TODO:

  • clean up code formatting
  • make NAT64 prefix configurable instead of hardcoding it
  • tests

All done, maybe? 😆

@eqvinox eqvinox force-pushed the nat64 branch 2 times, most recently from cb3faae to 3c93de1 Compare November 5, 2022 13:30
@eqvinox eqvinox marked this pull request as ready for review November 5, 2022 13:31
@eqvinox
Copy link
Contributor Author

eqvinox commented Nov 5, 2022

Sidenote: I'm perfectly happy with anyone rewriting, mangling, whatever else, this code in order to get it merged. I'll try to respond to comments/change requests/… but if it's something you can just fix in a few minutes, please, go ahead!

eqvinox
eqvinox commented Nov 7, 2022
View reviewed changes
iterator/iterator.c Outdated Show resolved Hide resolved
@eqvinox
NAT64 support
64fb06f 
This implements NLnetLabs#721.  Includes documentation and some very basic tests.
Please refer to doc for further detail.
@eqvinox
Copy link
Contributor Author

eqvinox commented Nov 7, 2022

Fixed non-/96 prefixes & added a test using a /48.

@gthess gthess added this to the 1.17.1 milestone Nov 29, 2022
@gthess gthess self-assigned this Nov 29, 2022
@agowa agowa mentioned this pull request Dec 30, 2022
Open
@gthess gthess modified the milestones: 1.17.1, 1.18.0 Jan 3, 2023
@momoka0122y
Copy link

When this feature is used prefer-ip6 shoud be changed to "prefer-ip6: yes" instead of the default.
Or else it may synthesize and IPv4 address even when there is an IPv6 address.

@gthess
Copy link
Member

gthess commented Apr 5, 2023

@momoka0122y in principle you are right and I was thinking of implicitly enabling the prefer-ip6 option but on second thought I would leave it to the user to explicitly use that.
Unbound keeps track of DNS RTT values to the different upstream IPs and it may be the case that a synthesized IPv4 connection is more favorable than an IPv6 one.
I will add your remark in the documentation though.

@agowa
Copy link

agowa commented Apr 5, 2023
edited

That sounds suspiciously like RFC 8305 behavior (Sections 3 and 4). https://www.rfc-editor.org/rfc/rfc8305#section-3

And section 7 would explain how to handle NAT64/DNS64 in that context.

gthess
gthess approved these changes May 1, 2023
View reviewed changes
Copy link
Member

@gthess gthess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
Some minor fixes, formatting and refactoring that I will address on a follow up commit.
Thanks for this!

gthess added a commit that referenced this pull request May 1, 2023
@gthess
- For #722: Minor fixes, formatting and refactoring.
adb4aeb
gthess added a commit that referenced this pull request May 1, 2023
@gthess
Changelog entry for #722:
2695eb9 
- Merge #722 from David 'eqvinox' Lamparter: NAT64 support.
- For #722: minor fixes, formatting, refactoring.
@gthess gthess merged commit e1ec3cf into NLnetLabs:master May 1, 2023
jedisct1 added a commit to jedisct1/unbound that referenced this pull request May 25, 2023
@jedisct1
Merge remote-tracking branch 'nlnet/master'
cb8d41e 
* nlnet/master: (39 commits)
  - Fix unbound-dnstap-socket time fraction conversion for printout.
  - Fix unbound-dnstap-socket printout when no query is present.
  - Fix to remove unused variables from RPZ clientip data structure.
  - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR.
  - Fix to print debug log for ancillary data with correct IP address.
  - Fix NLnetLabs#888: [FR] Use kernel timestamps for dnstap.
  - Fix warning in windows compile, in set_recvtimestamp.
  - Fix doxygen in addr_to_nat64 header definition.
  - Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
  - Fix NLnetLabs#885: Error: util/configlexer.c: No such file or directory,   adds error messages explaining to install flex and bison.
  Changelog entry for NLnetLabs#722: - Merge NLnetLabs#722 from David 'eqvinox' Lamparter: NAT64 support. - For NLnetLabs#722: minor fixes, formatting, refactoring.
  - For NLnetLabs#722: Minor fixes, formatting and refactoring.
  - Fix RPZ IP responses with trigger rpz-drop on cache entries, that   they are dropped.
  Changelog for NLnetLabs#860
  Remove msg_del_for_0ttl, call msg_cache_remove directly
  - Fix for NLnetLabs#882: document variable to stop doxygen warning.
  - Fix for NLnetLabs#882: small changes, date updated in Copyright for   util/timeval_func.c and util/timeval_func.h. Man page entries and   example entry.
  stats: add query max wait time metric
  stats: add counter for timed out queries
  config: add sock_queue_timeout configuration
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gthess gthess gthess approved these changes

Assignees

@gthess gthess

Labels
None yet
Projects
None yet
Milestone
1.18.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@eqvinox @momoka0122y @gthess @agowa