On Thu, Aug 02, 2001 at 11:08:50AM +0530, Imran Patel wrote:
> > > I am currently completing a port of the Netfilter connection
> > > tracking subsystem from IPv4 to IPv6. Most of the features in this
> > > port are complete, except for fragment handling,
> >
> > This is the last thing to complete transition from IPv6 back
> > to IPv4 wickedness. :-)
>
> On the contrary, it might be useful for transition from IPv4 to IPv6 ;-)
> IPv6 connection tracking is useful for NAT-PT. However, other options on top
> of IPv6 conntrack like masquerading, v6-v6 NAT, etc look useless and silly.
I agree, only IPv6 related NAT worth thinking about is NAT-PT. But you
should only need to check port numbers on the IPv4 side, on the IPv6
side you should only be interested in the IPv6 address, so no need to
defragment IPv6. You may need to defragment in the other direction for
two reasons I think. First of all to know the port number, secondly to
stay above the minimum IPv6 MTU.
Stig
|