Re: (usagi-users 00728) Re: [Patch 2of2] IPv6 routers don't join/leave

To:	kuznet@xxxxxxxxxxxxx
Subject:	Re: (usagi-users 00728) Re: [Patch 2of2] IPv6 routers don't join/leave
From:	"David Stevens" <dlstevens@xxxxxxxxxx>
Date:	Thu, 30 Aug 2001 12:14:46 -0600
Cc:	pekkas@xxxxxxxxxx (Pekka Savola), usagi-users@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
Importance:	Normal
Sender:	owner-netdev@xxxxxxxxxxx


> Probably, I understand current problem incorrectly. So, elaborate,
please.

> We do not have any flag, which blocks forwarding of packets
> received on some interface. This is duty of firewall.

I think the problem is that "being a router" or "being a host" should be
per-interface, which means the global devconf6 forwarding flag should go
away. At least the checks in packet processing that make use of it.
     And router vs host decisions are input packet decisions.
Advertisements
on an interface tell hosts on that link you're willing to receive and try
to
forward their packets. If you're not, you don't send the RA's, or otherwise
behave as a router on that link.

     All of that to me means the forwarding flag should be used only per
interface (with an "all" as a convenience to set or clear them all at once,
but nothing global checked in the code for packet processing).
     Second, the per-interface forwarding flag should determine whether you
forward or drop a packet received on that interface that isn't for you.
That
also determines whether you set isRouter in NA's, send RA's on that link,
join
the all-routers multicast group, etc. etc. On each link, behaving as a
router
on that link is determined by the forwarding flag for that link.
     On links where you don't want to accept packets for forwarding, you
can
still reach them for packet delivery. So, not forwarding to them on output
makes no sense. Again, forwarding is logically an input decision.
     And unless all interfaces have the same value for "forwarding", no
global
flag for forwarding makes sense. The per-interface flags should decide
whether you appear to be a host or router to other hosts on that link. And
if
you claim to be a router, you should try to route packets you receive on
that
link, not drop them based on flags associated with some other link or
globally.
     For the case where you want to drop them based on other than the link
forwarding flag, I'd use a firewall, because generally you *want* to
deliver all
packets if you have any way to get there. Dropping them is the special
case.

my $.04
                                                   +-DLS

<Prev in Thread]	Current Thread	[Next in Thread>
Re: (usagi-users 00728) Re: [Patch 2of2] IPv6 routers don't join/leave, David Stevens <= Re: (usagi-users 00728) Re: [Patch 2of2] IPv6 routers don't join/leave, kuznet Re: (usagi-users 00745) Re: [Patch 2of2] IPv6 routers don't join/leave, YOSHIFUJI Hideaki / 吉藤英明 Re: (usagi-users 00745) Re: [Patch 2of2] IPv6 routers don't, kuznet

Previous by Date:	Re: (usagi-users 00728) Re: [Patch 2of2] IPv6 routers don't join/leave, kuznet
Next by Date:	Re: (usagi-users 00728) Re: [Patch 2of2] IPv6 routers don't join/leave, kuznet
Previous by Thread:	ICMP Destination Unreachable Message not conforming to standards?, gmarran
Next by Thread:	Re: (usagi-users 00728) Re: [Patch 2of2] IPv6 routers don't join/leave, kuznet
Indexes:	[Date] [Thread] [Top] [All Lists]