* IPv6 reassembly in the FORWARD HOOK in Netfilter
@ 2011-05-24 12:52 Pierre Rondou
0 siblings, 0 replies; only message in thread
From: Pierre Rondou @ 2011-05-24 12:52 UTC (permalink / raw)
To: netfilter-devel; +Cc: evyncke, guy.leduc, Cyril Soldani
Hello,
I'm a student at the University of Liege currently developing a NAT64
(see RFC 6146) module for Netfilter.
In order to make it compliant to the RFC specifications, the module
needs to perform some sort of reassembly (in fact, accept out-of-order
fragments arrival).
RFC says that the IPv6-IPv4 gateway can forward fragments as they
arrive, but in the case the first fragment of a packet does not arrive
first at the gateway, there will be a problem because it won't know how
to translate the packet (don't know which IPv4 address to use).
So, the gateway needs to handle out of order fragments and maintain
state for the following fragments.
Rather than creating many structures for that goal, I would have loved
to use the kernel reassembly module, but it is limited to the INPUT hook.
Where this limitations may be understandable for router purpose (even
though router admin could just kill it if they don't want it), it is a
problem for the NAT64 module as the gateway has the reassemble
fragmented paquet which are not destinated to it.
Is there a way to remove that specific limitation?
Regards,
Pierre Rondou
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-05-24 12:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-05-24 12:52 IPv6 reassembly in the FORWARD HOOK in Netfilter Pierre Rondou
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).