From: Quantum Scientific <Info@Quantum-Sci.com>
To: netdev@oss.sgi.com
Subject: Kernel 2.6 IPV6 Busted
Date: Sun, 27 Feb 2005 09:28:44 -0600 [thread overview]
Message-ID: <200502270928.44402.Info@Quantum-Sci.com> (raw)
After a week of intensive research and full-time study, it's become clear that
IPV6 support, as it comes in standard Linux 2.6 kernels, is effectively
non-functional.
I have a properly working firewall, but it appears there is no stateful
filtering nor connection tracking in the IPV6 stack. I send out an
echo-request, but have to open icmpv6-129 in order to get the response back.
Same with http. We can't open all our incoming ports. There is no
IP6_NF_CONNTRACK nor IP6_NF_MATCH_STATE in the kernel. And if this
functionality is supposed to be inherent in IPV6, it is not working.
The native IPV6 stack seems to come from oss.sgi.com . Subscribing to your
mailing list yields:
List context changed to 'netdev' by following command.
>> appsub netdev Info@Quantum-Sci.com 4221DB53:15AB.1:argqri
Subscribed.
---
Ecartis v1.0.0 - job execution complete.
AH! But wait... there's no indication of what the list's address is. Going
to www.oss.sgi.com gives no indication of where the mailing lists are either.
So this email is addressed to a guess.
OK, so I subscribed to USAGI. It was recommended on that list that I install
the USAGI kernel, but I want to only patch the Debian kernel. So I DLed
usagi.snap.split-tool-s20050214.tar.bz2
... however this has no kernel patch within.
So I DLed
usagi.snap.kit-linux26-s20050214.tar.bz2
... and no kernel patch here either. Only the kernel and tools. I would have
to run a USAGI-specific kernel, in order to have proper IPV6 support. I must
stay with the Debian kernel.
I can't believe the native kernel's IPV6 is so primitive. I can't believe any
kernel developers are actually using IPV6. And I can't believe that anyone
is actually using IPV6 with the Debian kernel. The Debian IPV6 mailing list
is full of spam, and brought viruses and scams to my door when I subscribed.
No one I've asked questions of has mentioned any of this at all, so if there
is an answer, it is clearly a secret.
So is there something I'm missing? Am I completely fscked-up when I say that
it doesn't work in practice, because there is no stateful packet filtering
nor connection tracking?
Carl Cook
next reply other threads:[~2005-02-27 15:28 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-27 15:28 Quantum Scientific [this message]
2005-02-27 16:10 ` Kernel 2.6 IPV6 Busted YOSHIFUJI Hideaki / 吉藤英明
2005-02-27 16:29 ` Quantum Scientific
2005-02-27 17:28 ` YOSHIFUJI Hideaki / 吉藤英明
2005-02-27 18:08 ` Quantum Scientific
2005-03-15 5:00 ` Horms
2005-02-27 17:40 ` Andre Tomt
2005-02-27 18:20 ` Quantum Scientific
2005-02-27 18:59 ` Jeff Garzik
2005-02-27 19:10 ` Quantum Scientific
2005-02-27 19:58 ` Jeff Garzik
2005-02-27 20:10 ` Quantum Scientific
2005-02-27 21:35 ` David S. Miller
2005-03-01 10:07 ` Denis Vlasenko
2005-03-01 13:50 ` Quantum Scientific
2005-03-01 16:26 ` Jeff Garzik
2005-03-01 20:46 ` Tomasz Torcz
2005-03-01 23:55 ` Quantum Scientific
2005-03-02 14:02 ` Denis Vlasenko
2005-03-02 19:12 ` Jeff Garzik
2005-03-01 21:50 ` Andre Tomt
2005-03-01 23:59 ` Quantum Scientific
2005-02-27 18:12 ` Jeff Garzik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200502270928.44402.Info@Quantum-Sci.com \
--to=info@quantum-sci.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).