ydahhrk
commented
4 years ago I removed the /32 check because I had no memory of why I chose it back then. According to the #223 thread, what we originally wanted was to check for the secondary bit, not check /32 necessarily.
But now you've given a valid reason to check for /32. I don't think it breaks anything.
Ok, let me see if I got this straight:
If address is broadcast:
deny address translation
else if (address belongs to interface and (is secondary or its prefix length is 32)):
translate address
else if address belongs to interface:
deny address translation
else:
translate address(Where "broadcast" implies prefix length < 31.)
Do you anticipate that this implementation of the generic denylist will solve your problem?
PouuleT
Hello,
I'm using jool in SIIT mode with a special use case. I want my IPv6 service to be reachable using an IPv4 in a L2 network. This way the client does not have to update its network configuration to reach the service.
Example: the client wants to reach the service using an IPv4
Using jool version v4.0.9, I can put an IPv4 in the client subnet (/32) on GW's loopback, the kernel handles the ARP requests and jool handles the traffic translation without any issue.
Since the version v4.1.1, jool refuses to translate the traffic due to the IP on the loopback. It seems to be related to the latest changes on the implicit blacklist algorithm: https://github.com/NICMx/Jool/issues/223#issuecomment-652696783
Reading the code, a workaround could be to flag this IP as secondary. Unfortunately the iproute2 documentation is sparse and it is not easy to setup ( as far as I can tell, two IPs in the same subnet are needed in order for the second one to be flagged as secondary, thus using one additional useless IP in the L2 network )
Is there another way to achieve this use case? Am I doing anything wrong or missing something? How would you do it?
P.S.: Thanks for your awesome work on this project ;)