Oh! The IPv4 endgame has been triggered… right when it was projected to happen.
I'm not sure what "critical" bugs you're thinking of? There was one back in early December that was quickly solved. The current state of IPv6 in TomatoUSB git is quite functional, definitely beta-quality for the scenarios it's been tested in, and (I daresay) well ahead of most other firmware distros:
- GUI configuration options for native IPv6 (configured manually or via DHCPv6-PD), static tunnel, or entirely manually (i.e., Tomato regard IPv6 as being turned on, but it's up to you to handle everything else with your own scripts)
- radvd is automatically configured and enabled based on the above
- Stateful IPv6 firewall, enabled by default, with sane default settings
- GUI configuration page for opening ports in the firewall
- QoS settings apply to both IPv4 and IPv6 traffic, and classification settings apply to both where applicable**: there aren't IPv6 L7 and IPP2P modules, and rules that specify a IPv4 address
- Most other services running on TomatoUSB are IPv6-enabled, where possible (eg httpd, dnsmasq)
- Other stuff I'm probably forgetting ;)
**- There aren't IPv6-enabled L7 and IPP2P modules, so those rules are skipped. Similarly, rules that specify a hardcoded IPv4 address are automatically skipped. However, rules that use a hostname in the src/dst address field are applied to both IPv4 and IPv6. If there is not *both* A and AAAA DNS entries for that hostname when QoS/firewall service is started, an error will be generated (for whichever half is missing an entry). This is something that needs fixing.
Practically all of those features were added to trunk after the most recent official build, which is why they haven't shown up on any changelog.
Things yet to be implemented:
- Options under Static DHCP page to also create hostname entries for the IPv6 address of various hosts
- I've got an idea for a script that could also detect and try to do the above, automatically, when DHCP lease is requested
- IPv6 is only really supported for K26; K24 doesn't have functional conntrack for IPv6. This can be an issue for older hardware, where K26 isn't as stable, and getting everything to fit into a 4MB image is tough. (Personal opinion: the stability of K26 on my old WRT54G has improved a lot, and is quite acceptable now, but I might not be hammering it as hard as others. And fitting it into 4MB isn't impossible; disabling a few other lesser-used options in the build gives plenty of space.
- The K26 kernel version used predates the addition of 6to4 and 6rd modules, so support for those is limited (unless we move to a newer version, or backport the modules). HOWEVER, both of them basically piggyback on the SIT tunnelling module, which does work well. I think it's possible to get functional 6rd support working with a bit of scripting and manual configuration but I don't have the means to test this.
- Opening automatic pinholes in IPv6 firewall. This is not a TomatoUSB specific limitation, but rather, something that just doesn't quite exist yet. Right now, for IPv4, pinholes are opened using NAT-PMP and/or UPnP. NAT-PMP has no IPv6 equivalent defined. Meanwhile, the UPnP *just* defined a WANIPv6FirewallControl service description in December, so it will be a while before this is widely implemented/supported.
Right now, I don't think hardware is a developer constraint: the bigger issue is the nascent state of IPv6 deployment with ISPs. Only a handful of ISPs have IPv6 deployments, and many are deploying it in different ways, requiring different configuration paradigms to support it. The required code to handle each new scenario can only really be written and tested if user(s) of that ISP get involved in development.
On that note: if you're willing to be a guinea pig for quick-and-dirty 6rd/Comcast support, let me know. Or if you're in the region where Comcast just began their Phase 2 of IPv6 deployment, with native dual-stack support, could you tell me what configuration methods/information they're using for that? I tried looking it up but found no documented answers.