From owner-svn-src-head@freebsd.org  Wed May  9 12:25:25 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA0E9FB7591;
 Wed,  9 May 2018 12:25:24 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7E854760DD;
 Wed,  9 May 2018 12:25:24 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 45E4E11727;
 Wed,  9 May 2018 12:25:24 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w49CPOYk021700;
 Wed, 9 May 2018 12:25:24 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w49CPOro021699;
 Wed, 9 May 2018 12:25:24 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201805091225.w49CPOro021699@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Wed, 9 May 2018 12:25:24 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r333406 - head/sbin/ipfw
X-SVN-Group: head
X-SVN-Commit-Author: ae
X-SVN-Commit-Paths: head/sbin/ipfw
X-SVN-Commit-Revision: 333406
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 12:25:25 -0000

Author: ae
Date: Wed May  9 12:25:23 2018
New Revision: 333406
URL: https://svnweb.freebsd.org/changeset/base/333406

Log:
  Update NAT64 documentation, now we support any IPv6 prefixes.
  
  MFC after:	1 month

Modified:
  head/sbin/ipfw/ipfw.8

Modified: head/sbin/ipfw/ipfw.8
==============================================================================
--- head/sbin/ipfw/ipfw.8	Wed May  9 12:09:08 2018	(r333405)
+++ head/sbin/ipfw/ipfw.8	Wed May  9 12:25:23 2018	(r333406)
@@ -1,7 +1,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 19, 2018
+.Dd May 9, 2018
 .Dt IPFW 8
 .Os
 .Sh NAME
@@ -3048,13 +3048,6 @@ After translation NAT64 translator sends packets throu
 queue.
 Thus translator host should be configured as IPv4 and IPv6 router.
 .Pp
-Currently both stateful and stateless NAT64 translators use Well-Known IPv6
-Prefix
-.Ar 64:ff9b::/96
-to represent IPv4 addresses in the IPv6 address.
-Thus DNS64 service and routing should be configured to use Well-Known IPv6
-Prefix.
-.Pp
 The stateful NAT64 configuration command is the following:
 .Bd -ragged -offset indent
 .Bk -words
@@ -3067,7 +3060,7 @@ The stateful NAT64 configuration command is the follow
 .Pp
 The following parameters can be configured:
 .Bl -tag -width indent
-.It Cm prefix4 Ar ipv4_prefix/mask
+.It Cm prefix4 Ar ipv4_prefix/plen
 The IPv4 prefix with mask defines the pool of IPv4 addresses used as
 source address after translation.
 Stateful NAT64 module translates IPv6 source address of client to one
@@ -3075,6 +3068,12 @@ IPv4 address from this pool.
 Note that incoming IPv4 packets that don't have corresponding state entry
 in the states table will be dropped by translator.
 Make sure that translation rules handle packets, destined to configured prefix.
+.It Cm prefix6 Ar ipv6_prefix/length
+The IPv6 prefix defines IPv4-embedded IPv6 addresses used by translator
+to represent IPv4 addresses. This IPv6 prefix should be configured in DNS64.
+The translator implementation follows RFC6052, that restricts the length of
+prefixes to one of following: 32, 40, 48, 56, 64, or 96.
+The Well-Known IPv6 Prefix 64:ff9b:: must be 96 bits long.
 .It Cm max_ports Ar number
 Maximum number of ports reserved for upper level protocols to one IPv6 client.
 All reserved ports are divided into chunks between supported protocols.
@@ -3174,6 +3173,9 @@ The stateless NAT64 configuration command is the follo
 .Pp
 The following parameters can be configured:
 .Bl -tag -width indent
+.It Cm prefix6 Ar ipv6_prefix/length
+The IPv6 prefix defines IPv4-embedded IPv6 addresses used by translator
+to represent IPv4 addresses. This IPv6 prefix should be configured in DNS64.
 .It Cm table4 Ar table46
 The lookup table
 .Ar table46