[Top] [All Lists]

Re: [PATCH|RFC] IPv6 netfilter: a module for complete proxy ND support

To: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
Subject: Re: [PATCH|RFC] IPv6 netfilter: a module for complete proxy ND support
From: Ville Nuorvala <vnuorval@xxxxxxxxxx>
Date: Thu, 15 Jan 2004 15:00:24 +0200 (EET)
Cc: netfilter-devel@xxxxxxxxxxxxxxxxxxx, davem@xxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20040114.210427.104284595.yoshfuji@xxxxxxxxxxxxxx>
References: <Pine.LNX.4.58.0401141250470.24125@xxxxxxxxxxxxxxx> <20040114.210427.104284595.yoshfuji@xxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Wed, 14 Jan 2004, YOSHIFUJI Hideaki / [iso-2022-jp] µÈÆ£±ÑÌÀ wrote:

> I don't think so. Proxy should not depend on netfilter.

That's not very constructive criticism, Yoshifuji-san ;)

There aren't that many ways of doing this "hack" cleanly.

The fact of the matter is: the proxy needs to scan through the unicast
packets to filter out the Neighbor Discovery packets, if it supports NUD.

I think a netfilter module is the cleanest way of doing this. It doesn't
change any interfaces either inside the kernel, or to userspace. As a
module this feature is also easy to turn on if you want it, and it doesn't
cause any preformance penalties if you don't.

What kind of solution do you propose for this problem?

Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@xxxxxxxxxx, phone: +358 (0)9 451 5257

<Prev in Thread] Current Thread [Next in Thread>