| To: | YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH|RFC] IPv6 netfilter: a module for complete proxy ND support |
| From: | Ville Nuorvala <vnuorval@xxxxxxxxxx> |
| Date: | Thu, 15 Jan 2004 15:00:24 +0200 (EET) |
| Cc: | netfilter-devel@xxxxxxxxxxxxxxxxxxx, davem@xxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <20040114.210427.104284595.yoshfuji@xxxxxxxxxxxxxx> |
| References: | <Pine.LNX.4.58.0401141250470.24125@xxxxxxxxxxxxxxx> <20040114.210427.104284595.yoshfuji@xxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Wed, 14 Jan 2004, YOSHIFUJI Hideaki / [iso-2022-jp] µÈÆ£±ÑÌÀ wrote: > I don't think so. Proxy should not depend on netfilter. That's not very constructive criticism, Yoshifuji-san ;) There aren't that many ways of doing this "hack" cleanly. The fact of the matter is: the proxy needs to scan through the unicast packets to filter out the Neighbor Discovery packets, if it supports NUD. I think a netfilter module is the cleanest way of doing this. It doesn't change any interfaces either inside the kernel, or to userspace. As a module this feature is also easy to turn on if you want it, and it doesn't cause any preformance penalties if you don't. What kind of solution do you propose for this problem? Regards, Ville -- Ville Nuorvala Research Assistant, Institute of Digital Communications, Helsinki University of Technology email: vnuorval@xxxxxxxxxx, phone: +358 (0)9 451 5257 |
| Previous by Date: | [PATCH 2] IPV6: Don't change indexes depends on configuration, YOSHIFUJI Hideaki / 吉藤英明 |
|---|---|
| Next by Date: | Re: [PATCH] IPV6: added sysctl for maximum number of addresses, Ville Nuorvala |
| Previous by Thread: | Re: [PATCH|RFC] IPv6 netfilter: a module for complete proxy ND support, YOSHIFUJI Hideaki / 吉藤英明 |
| Next by Thread: | Re: [PATCH|RFC] IPv6 netfilter: a module for complete proxy ND support, YOSHIFUJI Hideaki / 吉藤英明 |
| Indexes: | [Date] [Thread] [Top] [All Lists] |