netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Pierre Rondou <prondou@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: evyncke@cisco.com, guy.leduc@ulg.ac.be,
	Cyril Soldani <cyril.soldani@ulg.ac.be>
Subject: IPv6 reassembly in the FORWARD HOOK in Netfilter
Date: Tue, 24 May 2011 14:52:27 +0200	[thread overview]
Message-ID: <4DDBAA0B.6070406@gmail.com> (raw)

Hello,

I'm a student at the University of Liege currently developing a NAT64 
(see RFC 6146) module for Netfilter.

In order to make it compliant to the RFC specifications, the module 
needs to perform some sort of reassembly (in fact, accept out-of-order 
fragments arrival).
RFC says that the IPv6-IPv4 gateway can forward fragments as they 
arrive, but in the case the first fragment of a packet does not arrive 
first at the gateway, there will be a problem because it won't know how 
to translate the packet (don't know which IPv4 address to use).

So, the gateway needs to handle out of order fragments and maintain 
state for the following fragments.

Rather than creating many structures for that goal, I would have loved 
to use the kernel reassembly module, but it is limited to the INPUT hook.

Where this limitations may be understandable for router purpose (even 
though router admin could just kill it if they don't want it), it is a 
problem for the NAT64 module as the gateway has the reassemble 
fragmented paquet which are not destinated to it.

Is there a way to remove that specific limitation?

Regards,

Pierre Rondou

                 reply	other threads:[~2011-05-24 12:52 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DDBAA0B.6070406@gmail.com \
    --to=prondou@gmail.com \
    --cc=cyril.soldani@ulg.ac.be \
    --cc=evyncke@cisco.com \
    --cc=guy.leduc@ulg.ac.be \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).