Re: [PATCH 0/2] IPv6 conntrack support for neighbour discovery

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
Cc: eric@inl.fr, Marek.Szuba@if.pw.edu.pl,
	netfilter-devel@vger.kernel.org, vstinner@inl.fr,
	pablo@netfilter.org
Subject: Re: [PATCH 0/2] IPv6 conntrack support for neighbour discovery
Date: Mon, 26 Jan 2009 14:11:37 +0100	[thread overview]
Message-ID: <497DB689.3020109@trash.net> (raw)
In-Reply-To: <200901231110.n0NBAR7Z000645@toshiba.co.jp>

Yasuyuki KOZAKAI wrote:
> From: Eric Leblond <eric@inl.fr>
> Date: Fri, 23 Jan 2009 11:51:30 +0100
> 
>>> I prefer 'NEW' rather than 'UNTRACKED' as other protocols which
>>> validation is unclear. So another solution is to let the connection
>>> tracking subsystem to create a new conntrack and to make
>>> nf_contrack_proto_icmpv6 assign 0 as timeout. How do you think ?
>> If we do that, we can have nfnetlink messages (NEW, DESTROY) send to
>> userspace. Personnaly, I don't think they are necessary. But there is an
>> other issue: as we can't invert the tuple, the information provided to
>> userspace will be false.
>>
>> Once we agree on this last point, I will send a reworked patchset (with
>> at least the removal of sysctl stuff).
> 
> Thank you. I understand why ICMPv6 packets are special here and
> I agree to assign UNTRACKED to them. Indeed non-invertible tuple might
> bring issues.

How about adding a flag to indicate that only one direction of
the tuple exists? It makes sense to support this for other kinds
of simplex flows as well in my opinion and it somewhat goes in the
same direction as the patch I talked about during the workshop
to have only a single tuple within the conntrack and have reply
tuples or potentially other tuples that relate to a connection
within the ct_extend area. And using NEW and having netlink
events seems more consistent to me.

next prev parent reply	other threads:[~2009-01-26 13:11 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-30 13:52 IPv6 conntrack support for neighbour discovery Marek Szuba
2008-11-04 14:06 ` Patrick McHardy
2008-11-05  4:44   ` Yasuyuki KOZAKAI
     [not found]   ` <200811050444.mA54i7F8028119@toshiba.co.jp>
2008-11-05  9:50     ` Patrick McHardy
2008-11-05 12:40       ` Marek Szuba
2008-11-05 12:48         ` Patrick McHardy
2008-11-05 13:01         ` Yasuyuki KOZAKAI
     [not found]   ` <200811050444.mA54i7XU020102@toshiba.co.jp>
2008-11-05 12:35     ` Marek Szuba
2009-01-21 23:41       ` [PATCH 0/2] " Eric Leblond
2009-01-21 23:43         ` [PATCH 1/2] netfilter: use sysctl to choose icmpv6 autoconf behaviour Eric Leblond
2009-01-21 23:43         ` [PATCH 2/2] netfilter: don't track ICMPv6 negotiation message Eric Leblond
2009-01-21 23:49           ` Eric Leblond
2009-01-21 23:51             ` [Resend PATCH " Eric Leblond
2009-01-23 10:21           ` [PATCH 0/2] IPv6 conntrack support for neighbour discovery Yasuyuki KOZAKAI
2009-01-23  7:40         ` Yasuyuki KOZAKAI
2009-01-23  9:02           ` Eric Leblond
2009-01-23  9:42             ` Jozsef Kadlecsik
2009-01-23  9:50               ` Jozsef Kadlecsik
2009-01-23 10:42                 ` Yasuyuki KOZAKAI
     [not found]             ` <200901231021.n0NALINO007201@toshiba.co.jp>
2009-01-23 10:51               ` Eric Leblond
2009-01-23 11:10                 ` Yasuyuki KOZAKAI
2009-01-24 10:32                   ` [PATCH] netfilter: don't track ICMPv6 negotiation message Eric Leblond
2009-01-27 10:07                     ` Yasuyuki KOZAKAI
     [not found]                 ` <200901231110.n0NBAR7Z000645@toshiba.co.jp>
2009-01-26 13:11                   ` Patrick McHardy [this message]
2009-01-27 10:09                     ` [PATCH 0/2] IPv6 conntrack support for neighbour discovery Yasuyuki KOZAKAI
     [not found]                     ` <200901271009.n0RA9d4I025010@toshiba.co.jp>
2009-01-27 10:14                       ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=497DB689.3020109@trash.net \
    --to=kaber@trash.net \
    --cc=Marek.Szuba@if.pw.edu.pl \
    --cc=eric@inl.fr \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=vstinner@inl.fr \
    --cc=yasuyuki.kozakai@toshiba.co.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).