[Top] [All Lists]

Re: [PATCH|RFC] IPv6 netfilter: a module for complete proxy ND support

To: "YOSHIFUJI Hideaki / ?$B5HF#1QL@" <yoshfuji@xxxxxxxxxxxxxx>
Subject: Re: [PATCH|RFC] IPv6 netfilter: a module for complete proxy ND support
From: Harald Welte <laforge@xxxxxxxxxxxxx>
Date: Sat, 17 Jan 2004 12:33:58 +0100
Cc: vnuorval@xxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, davem@xxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20040114.210427.104284595.yoshfuji@xxxxxxxxxxxxxx>
Mail-followup-to: Harald Welte <laforge@xxxxxxxxxxxxx>, "YOSHIFUJI Hideaki / ?$B5HF#1QL@" <yoshfuji@xxxxxxxxxxxxxx>, vnuorval@xxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, davem@xxxxxxxxxx, netdev@xxxxxxxxxxx
References: <Pine.LNX.4.58.0401141250470.24125@xxxxxxxxxxxxxxx> <20040114.210427.104284595.yoshfuji@xxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.4i
On Wed, Jan 14, 2004 at 09:04:27PM +0900, YOSHIFUJI Hideaki / ?$B5HF#1QL@ wrote:
> In article <Pine.LNX.4.58.0401141250470.24125@xxxxxxxxxxxxxxx> (at Wed, 14 
> Jan 2004 13:25:42 +0200 (EET)), Ville Nuorvala <vnuorval@xxxxxxxxxx> says:
> > the packets for local processing. I think the cleanest solution for this
> > is a netfilter module (which I have incidentally written already :)
> I don't think so. Proxy should not depend on netfilter.

Where is the problem?  It doesn't depend on hevyweight functions like
iptables/conntrack/whatever... it just depends on the netfilter hooks in
the core network stack (which are very lightweight, compared to what the
rest of the packet filtering subsystem does).

> --yoshfuji

- Harald Welte <laforge@xxxxxxxxxxxxx>   
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: signature.asc
Description: Digital signature

<Prev in Thread] Current Thread [Next in Thread>