Changes for package: IPV6
===============================================================================
$Id$
===============================================================================


3.1.3-ow [2005-07-01]:
    - tag: TW-2007-09-12
    - original OPT_IPV6 package from Oliver Walter <owb@gmx.de>

3.1.3-tw [2007-09-12]:
    - tag: TW-2007-09-12
    - modifications by Tobias Weller <fli4l@phutan.de>
    - small heartbeat changes
    - prefixcalc6 recompiled for fli4l 3.x

3.1.3-cs-2007-09-16 [2007-09-16]:
    - tag: CS-2007-09-16
    - adapted to fli4l 3.1.3
    - files converted to DOS line endings
    - iptables for IPv6 included
    - opt/files/sbin/ip deleted (is part of fli4l 3.x)
    - do_insmod --> do_modprobe, MTU can be configured, enabling forwarding
      moved to new rc360.fwrules.new.ipv6
    - netfilter configuration for IPv6 added
    - new regular expressions introduced, checks improved
    - config/ipv6.txt: MTU setting and netfilter settings added, LOCALV4 is
      "dynamic" by default (the most common case, I presume)
    - changes/ipv6.txt added

3.1.3-cs-2007-11-15 [2007-11-15]:
    - tag: CS-2007-11-15
    - allowed ICMPv6 packet size increased to 150 bytes (thanks to Jörg
      Fischer for reporting this)
    - added default iptables input acceptance rule for ipv6 protocol packets
      coming from the PoP (thanks to Jörg Fischer for reporting this)
    - added IPv6 compatible dnsmasq
    - added support for assigning IPv6 addresses with hosts and generating the
      corresponding /etc/hosts entries
    - added support for assigning names to IPv6 networks (via IPV6_NET_%_NAME)
    - added support for assigning MAC addresses to IPv6 interfaces
      (via IPV6_NET_%_MAC)
    - reversed order of commands for network configuration to match that one
      of rc001.base
    - (internal) fwrules-helper.ipv6: moved translate_ip6_net to
      etc/rc.d/base-helper.ipv6
    - changed HOST_%_IPV6 array to have optional entries, such that IPv6 hosts
      using auto-configuration do not have to appear in the configuration file
      with an empty value (consequently, empty values are now invalid in
      HOST_%_IPV6 entries)
    - mangle_ip_params6: corrected handling of (bracketed) IPv6 addresses
    - do6_default: consider IPv6 constructs as "[...]/..." as source net
      descriptions rather than destinations
    - added DHCPv6 server
    - TODO: supplying DNS resolvers does not work yet

3.1.3-cs-2007-11-20 [2007-11-20]:
    - tag: CS-2007-11-20
    - corrected some mkfli4l checks (thanks to Jörg Fischer for reporting
      this)

2008-05-25:
    - adapted to fli4l 3.3.0-rev14924

3.6.0
-----
    - [jw5] fix ICMPv6 packet filter rules
    - [kristov] added support for IPv6 RDNSS (RFC5006);
      thanks to Lars Bußmann <fli4l@kill-you.net> and Michael Zenke
      <mzenke@gmx.de> for providing the necessary patches
    - [rresch] added default packet filter rules for INPUT in order to accept
      ICMPv6 NDP packets
    - [rresch] radvd's run-time behaviour improved when interfaces are down at
      boot time
    - [rresch/kristov] added documentation and commented configuration
    - [kristov] configuration of login data for tunnel broker simplified
    - [kristov] DHCPv6 support reimplemented and improved, using it for
      providing domain and DNS information ONLY
    - [kristov] hosts' IPv6 addresses are automatically computed when MAC
      addresses are provided in dns_dhcp's configuration
    - [kristov] added web GUI for IPv6 packet filter tables

3.6.0:
------
2011-04-29
    - release of stable version

3.6.1:
------

3.7.0:
------
2012-02-02 kristov
(bugfixes)
    - unreachable route is now added for assigned subnet prefix
      (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562077 and RFC
      6204, section 4.2, "Prefix delegation requirements", point WPD-6, for
      details)
(user-visible improvements)
    - support added for the tunnel provider Hurricane Electric
    - improved logging
(developer-visible improvements)
    - new providers can be integrated easily by putting a script into
      /etc/rc.d/ipv6-tunnel-provider/
    - many improvements and corrections under the hood

2012-03-11 kristov
    - moving ahead to new uClibc/fli4l buildroot!
    - radvd updated to 1.8.3
    - dhcpd updated to 4.2.2 (same version as in package dns_dhcp)
2012-03-23 kristov
    - (SixXS) allow arbitrarily sized echo request packets from the tunnel peer
      (thanks to Lars Bußmann <fli4l@kill-you.net> for providing the solution)
2012-06-24 kristov
    - OPT_IPV6 depends on OPT_HOSTS
2012-07-17 kristov
    - corrected handling of rules without a port following rules with a port
2012-09-17 kristov
    - don't add an unreachable route more than once for a given prefix
2012-10-23 kristov
    - allow more than one IPv6 prefix per interface
2012-10-31 kristov
    - size and frequency limits for accepting ICMPv6 echo packets by the
      firewall are now configurable (PF6_INPUT_ICMP_ECHO_REQ_SIZE and
      PF6_INPUT_ICMP_ECHO_REQ_LIMIT)
2012-10-31 kristov
    - use new function lookup_name_ipv6() which returns the IPv6 address for
      a host name used in a firewall rule
2012-10-31 kristov
    - default configuration fixed by removing references to undefined networks
2012-10-31 kristov
    - fixed EUI-64 computation for certain MAC addresses
2012-11-08 kristov
    - disable file name globbing when working with IPv6 firewall rules which
      may contain IPv6 addresses in square brackets [...] interpreted otherwise
      as character classes by the shell
2012-12-19 kristov
    - allow raw tunnels without an associated IPv6 prefix
2012-12-23 kristov
    - FFL-264: IPV6_NET_x_DEV can now contain a reference to IP_NET_y_DEV
2012-12-24 kristov
    - FFL-265: firewall rules can now contain a reference to IPV6_TUNNEL_x_DEV
2012-12-24 kristov
    - FFL-271: configure IPv6 only for devices which have IPv6 networks
      attached, via IPV6_NET_x, or are 6in4 tunnel devices; if OPT_IPV6='no',
      disable IPv6 addresses completely

**************
**** TODO ****
**************
    - support properly tearing down 6in4 tunnels when IPv4 connection breaks
      due to scheduled hangup
    - lower validity and preferred lifetime of dynamically assigned prefixes
    - add possibility to register addresses served by DHCPv6 daemon in the DNS
    - add support for NAT64 (e.g. TAYGA) and DNS64 (e.g. totd) in order to
      allow IPv6-only LANs
    - add support for native IPv6 providers that only supply a /64 prefix;
      here, the external and internal interfaces share the same subnet prefix
      so routing has to be setup very carefully
    - update documentation

3.10.1:
-------
FFL-261:       IPV6 Tunnel können nur für Incoming benutzt werden
FFL-264:       Verwendung von IP_NET_x_DEV in IPV6_NET_x_DEV
FFL-265:       Nutzen des Tunnel-Interface-devices in den firewall-Regeln
FFL-274:       Hosts mit bestimmten Adressen erhalten keine korrekten IPv6-Adressen im DNS zugewiesen
FFL-298:       Anpassung von iptables-Regeln für neue Kernel
FFL-337:       Abhängigkeit OPT_IPV6 --> OPT_HOSTS entfernen
FFL-345:       Update dibbler auf Version 0.8.3
FFL-372:       IPV6 - Heartbeat stört DSL HUPTIMEOUT
FFL-418:       /sbin/ip akzeptiert nicht Tunnelnamen "he"
FFL-446:       Angleichung und Überarbeitung des IPv4- und IPv6-Firewall-Codes und Einbau von IPv6-NAT
FFL-447:       Unterstützung für die OUTPUT-Kette fehlt im Paketfilter
FFL-465:       IPv6-Dialup via PPPoE
FFL-473:       IPV6_NET_x_DHCP='yes' prüft nicht, ob der DHCP-Server verfügbar ist
FFL-474:       Reine IPv6-Schnittstellen werden nicht aktiviert
FFL-481:       tool netcalc um ipv6 Support erweitern
FFL-483:       Firewall-Regeln mit tmpl: und BIDIRECTIONAL führen ggf. zu nicht beabsichtigtem Verhalten
FFL-485:       Im Paketfilter kann man 'dynamic' weder in der PREROUTING_CT- noch in der OUTPUT_CT-Kette nutzen
FFL-487:       Port-Weiterleitung mit dynamischer Firewall umsetzen
FFL-494:       ip-up-Ereignisse werden nicht nach Protokoll (IPv4/IPv6) unterschieden
FFL-496:       HOST_x_IP6='auto' führt zu unerwünschten Nebeneffekten
FFL-497:       HOST_x_IP6='auto' sollte nur mit dem ipv6-Paket zusammen funktionieren
FFL-500:       Beim Herunterfahren des DHCP-Clients werden die PPP-Skripte immer mit is_default_route='no' ausgeführt
FFL-511:       IPv6 Route in OpenVPN kollidiert mit IP_ROUTE_x aus der base.txt
FFL-513:       Regeln im VPN Tunnel werden nicht richtig angelegt
FFL-515:       mkfli4l-Fehlermeldung bei OPT_IPV6='yes' und OPT_DNS='no'
FFL-525:       mkfli4l-Fehlermeldung bei OPT_IPV6='no' und OPT_DNS='no'
FFL-600:       Probleme bei IPv6-Tunnel-Update bei Provider Hurricane Electric
FFL-621:       Firewall nutzt falschen Test für Prüfung, ob Host-Name existiert
FFL-753:       bei IPv6 funktionieren @$HOST Angaben nicht
FFL-794:       Firewall: NETMAP akzeptiert keine logischen Netze (IP(V6)?_x_NET)
FFL-829:       Kombination von REJECT/DROP und LOG in Firewall-Regeln funktioniert nicht
FFL-906:       Kleinere OPT_LOGIP-Korrekturen in Bezug auf IPv6 und WebGUI

3.10.2:
-------
FFL-756:       Firewall generiert bei Verwendung von Templates falsche PREROUTING-Regeln

3.10.3:
-------
(keine Änderungen)

3.10.4:
-------
FFL-1471:      Wenn IPV6 nicht aktiviert ist, funktioniert das dynamische Forwarding mittels plink nicht.

3.10.5:
-------
(keine Änderungen)

3.10.6:
-------
(keine Änderungen)

3.10.7:
-------
(keine Änderungen)

3.10.8:
-------
(keine Änderungen)

3.10.9:
-------
(keine Änderungen)

3.10.10:
--------
(keine Änderungen)

3.10.11:
--------
FFL-1912:       Unterstützung für SixXS-Tunnel ausbauen

3.10.12:
--------
FFL-2029:       Paketfilterregeln können keine IPv6-Adressen verarbeiten, die mit a-f beginnen
FFL-2030:       Tests für die IPv4- und IPv6-Paketfilter werden nicht sauber getrennt