netdev
[Top] [All Lists]

Re: IPv6 fragmentation and IPv6 header parsing

To: Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>
Subject: Re: IPv6 fragmentation and IPv6 header parsing
From: Brad Chapman <kakadu@xxxxxxxxxxxxx>
Date: Wed, 01 Aug 2001 13:13:17 -0400
Cc: netdev@xxxxxxxxxxx
References: <200107312208.CAA00330@mops.inr.ac.ru>
Sender: owner-netdev@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux 2.4.7 i586; en-US; C-UPD: MaxLinux0301) Gecko/20001107 Netscape6/6.0
Mr. Kuznetsov,

Alexey Kuznetsov wrote:

Hello!

   I am currently completing a port of the Netfilter connection
tracking subsystem from IPv4 to IPv6. Most of the features in this
port are complete, except for fragment handling,


This is the last thing to complete transition from IPv6 back
to IPv4 wickedness. :-)

Eeek! Sorry ;-) I have already been properly chastised about on-the-fly
fragmenting and have been discussing ideas with Harald Welte that will probably
appear in some form in 2.5.





I would appreciate any feedback at all regarding this.


Feedback follows: make this and do not show to anyone, especially
to your mother. :-)

Well, my mother is not particularly interested in netfilter hacking, so no worry there.



If you have some problem, which is not solvable without defragmenation
in the middle, go to ipng wg to discuss how to make this.

I was merely attempting to follow the 1:1 idea of portation I had set out
for myself. If you're not familiar with the ip6_conntrack code, here is a quick
answer on the question of why it would need on-the-fly fragmenting: 1.) to make
it's life easier when tracking layer-3/4 headers and messing with packet data (in
NAT, but that's not important anymore) and 2.) in case the idiot on the other
end won't allow an MTU of 1500 ;-)



Particularly, NAT rewriting ports for IPv6 is full non-sense.

Well, I suppose now that IPv6 has about 36 bugazillion adresses, it's not
a major sticking point anymore ;-) Mostly I'm doing this so that people can match
packet states (NEW, ESTABLISHED, RELATED, INVALID) and maybe, later on, direction
(ORIGINAL, REPLY), if anyone expresses a desire to have it.
BTW: where is the nearest place where I can find the real number of addresses
IPv6 supports?




Alexey

Brad




<Prev in Thread] Current Thread [Next in Thread>