Enabling IPv6 assist for IPv4-only apps on Linux


To show that IPv6 is prepared for manufacturing use, I’ve been utilizing an IPv6-only setup on my Ubuntu PC for greater than 4 months. To entry the legacy IPv4 Web, I take advantage of a NAT64 gateway primarily based on Tayga deployed on a RockPro64 SBC in my cabinet:
Many of the apps I take advantage of assist IPv6 however there are some instances when a scarcity of IPv4 connectivity on my machine negatively impacts the expertise.
One of many instances that have an effect on my every day expertise is the fixed have to manually prepend IPv4 addresses for SSH as direct makes an attempt to make use of SSH with an IPv4 deal with fail:
ssh 1.3.3.7
ssh: hook up with host 1.3.3.7 port 22: Community is unreachable
As a substitute, I’ve to continuously append my IPv6 NAT64 prefix:
ssh 64:ff9b::1.3.3.7
pavel@64:ff9b::103:307's password:
Fortunately, Linux supplies an exceptionally straightforward technique to intercept some particular library features utilizing a easy dynamically linked library: LD_PRELOAD.

When an app wants to hook up with the community it makes use of Linux system features reminiscent of socket(), connect(), getpeername(), and getsockname(), and by overriding them with features that explicitly rework all IPv4 connection makes an attempt to particular IPv6 addresses crafted utilizing a NAT64 prefix, we will robotically add IPv6 assist for apps with IPv6 assist.
Fortunately, that’s precisely how a instrument referred to as TNAT64 works. You’ll find this instrument within the Debian or Ubuntu official repositories and set up is straightforward:
sudo apt set up -y tnat64
TNAT64 supplies a single dynamic library out there on the next path:
/usr/lib/tnat64/libtnat64.so.
To allow it for a selected session within the terminal, we have to run the next instructions:
export LD_PRELOAD=/usr/lib/tnat64/libtnat64.so TNAT64_DEBUG=10 TNAT64_DEBUG_FILE=/tmp/tnat64.log
The one necessary requirement right here is that LD_PRELOAD, TNAT64_DEBUG, and TNAT64_DEBUG_FILE allow debugging to offer extra data on how this library works.
After that, if you run any app in the identical terminal session it should load libtnat64.so first. Then all calls to community features can be intercepted, and as a consequence, any try to hook up with IPv4 will work simply positive even on a machine with out exterior IPv4 connectivity:
ssh 1.3.3.7
pavel@1.3.3.7's password:
I like to recommend utilizing this strategy just for apps with clear IPv6 assist points. Makes an attempt to allow this logic might result in some points as some apps might have points with syscalls.
To get extra details about the runtime exercise of TNAT64 you may verify the content material of its log file /tmp/tnat64.log:

Our international present success with IPv6 deployment is the results of a colossal quantity of labor during the last 20 years from an unbelievable variety of very proficient engineers. I’d wish to acknowledge the creator of TNAT64, Andrej Shadura, which was written round 2011.
Pavel Odintsov is a software program engineer with a ardour for laptop networks, having labored in area registry, cloud internet hosting, Web alternate, and international cyber safety. He’s the technical lead of the FastNetMon challenge.
Tailored from the unique at Pavel’s blog.
The views expressed by the authors of this weblog are their very own
and don’t essentially replicate the views of APNIC. Please be aware a Code of Conduct applies to this weblog.