Roadmap for IPv6 stateful filtering

Roadmap for IPv6 stateful filtering

[Gregor Maier]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I just wanted to ask if there is any roadmap or a plan when (if at all)
stateful filtering (and maybe connection tracking) for IPv6 will be
available in netfilter.
I found a page that claimed that stateful IPv6 filtering will be
available in the 2.6.15 kernel release (unfortunaly I misplaced the link
to the page somewhere :-(  ). Is this info correct? Or is there another
kernel version targeted?



Best Regards

Gregor
- --
Gregor Maier                                      Lehrstuhl Informatik 8
gregor@net.in.tum.de                              Tel: +49 89  289-18010
http://www.net.in.tum.de                                     TU Muenchen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDb7zfdGiwgbikMYMRAshnAJ9oPh5BoUDPfMaj4FmH2JtOytcC6ACfcFW2
t5xdDhv0TVn2kSxL558rfrk=
=eWQz
-----END PGP SIGNATURE-----

Re: Roadmap for IPv6 stateful filtering

[Pablo Neira]

Gregor Maier wrote:
> I just wanted to ask if there is any roadmap or a plan when (if at all)
> stateful filtering (and maybe connection tracking) for IPv6 will be
> available in netfilter.
> I found a page that claimed that stateful IPv6 filtering will be
> available in the 2.6.15 kernel release (unfortunaly I misplaced the link
> to the page somewhere :-(  ). Is this info correct? Or is there another
> kernel version targeted?

nf_conntrack got pushed forward to 2.6.15, so you'll have that feature
in the next release candidate.

-- 
Pablo

Re: Roadmap for IPv6 stateful filtering

[KOVACS Krisztian]

  Hi,

On Tuesday 08 November 2005 14.14, Pablo Neira wrote:
> Gregor Maier wrote:
> > I just wanted to ask if there is any roadmap or a plan when (if at all)
> > stateful filtering (and maybe connection tracking) for IPv6 will be
> > available in netfilter.
> > I found a page that claimed that stateful IPv6 filtering will be
> > available in the 2.6.15 kernel release (unfortunaly I misplaced the
> > link to the page somewhere :-(  ). Is this info correct? Or is there
> > another kernel version targeted?
>
> nf_conntrack got pushed forward to 2.6.15, so you'll have that feature
> in the next release candidate.

  Unfortunately I'm not quite sure about that... It's not yet in Linus' tree 
and it did not made it into Arnaldo's net-2.6 tree either. Maybe Harald has 
more information about it, but it seems quite a bit uncertain whether or 
not it will be merged in 2.6.15...

-- 
 Regards,
  Krisztian Kovacs

Re: Roadmap for IPv6 stateful filtering

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1509 bytes --]

On Tue, Nov 08, 2005 at 03:02:03PM +0100, KOVACS Krisztian wrote:
> 
>   Hi,
> 
> On Tuesday 08 November 2005 14.14, Pablo Neira wrote:
> > Gregor Maier wrote:
> > > I just wanted to ask if there is any roadmap or a plan when (if at all)
> > > stateful filtering (and maybe connection tracking) for IPv6 will be
> > > available in netfilter.
> > > I found a page that claimed that stateful IPv6 filtering will be
> > > available in the 2.6.15 kernel release (unfortunaly I misplaced the
> > > link to the page somewhere :-(  ). Is this info correct? Or is there
> > > another kernel version targeted?
> >
> > nf_conntrack got pushed forward to 2.6.15, so you'll have that feature
> > in the next release candidate.
> 
>   Unfortunately I'm not quite sure about that... It's not yet in Linus' tree 
> and it did not made it into Arnaldo's net-2.6 tree either. Maybe Harald has 
> more information about it, but it seems quite a bit uncertain whether or 
> not it will be merged in 2.6.15...

*sigh*

Nobody has yet bothered to respond to me.  I have no news from neither
Linus, nor Acme, nor Davem.  

Sorry.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Roadmap for IPv6 stateful filtering

[Deti Fliegl]

Harald Welte wrote:
> Nobody has yet bothered to respond to me.  I have no news from neither
> Linus, nor Acme, nor Davem.  
Well - IMHO it's a bit more than a 'nice to have'... why does nobody bother?

Re: Roadmap for IPv6 stateful filtering

[David S. Miller]

From: Harald Welte <laforge@netfilter.org>
Date: Tue, 8 Nov 2005 15:19:15 +0100

> Nobody has yet bothered to respond to me.  I have no news from neither
> Linus, nor Acme, nor Davem.  

You expect news from me when I know nothing of the discussions that
occurred or the specifics of the objections raised by Linus.  That's a
kind of unreasonable expectation.

You haven't personally contacted me _once_ about this matter.  How can
you expect a response when I don't have anything to respond to? :-)

Given what I actually do know about the situation I've told Arnaldo
that we should probably just hold off on nf conntrack until 2.6.16,
it's not the end of the world.

Re: Roadmap for IPv6 stateful filtering

[Krzysztof Oledzki]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 554 bytes --]



On Tue, 8 Nov 2005, David S. Miller wrote:

> Given what I actually do know about the situation I've told Arnaldo
> that we should probably just hold off on nf conntrack until 2.6.16,
> it's not the end of the world.

For most of netfilter _users_ this means that nf_conntrack is going to be 
accessible after 4-5 months (2.6.16.x) and usable after more than half a 
year (2.6.17.x), with no clear reason. :(

Please note that currently nf_conntrack is one the most expected netfilter 
feature.


Best regards,

 				Krzysztof Olędzki