Re: Node Requirements: Issue 13 - CGA/SeND support

To: Rémi Denis-Courmont <remi at remlab.net>
Subject: Re: Node Requirements: Issue 13 - CGA/SeND support
From: arno at natisbad.org (Arnaud Ebalard)
Date: Fri, 24 Jul 2009 13:36:31 +0200
Cc: Thomas Narten <narten at us.ibm.com>, john.loughney at nokia.com, julienl at qualcomm.com, ipv6 at ietf.org, hesham at elevatemobile.com, Brian E Carpenter <brian.e.carpenter at gmail.com>
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <ab12ee18ac26214652d10c088ff61c2f at chewa.net> ("Rémi Denis-Courmont"'s message of "Fri, 24 Jul 2009 13:14:29 +0200")
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <BF345F63074F8040B58C00A186FCA57F1C22ACCA8D at NALASEXMB04.na.qualcomm.com> <C68E1A01.E678%hesham at elevatemobile.com> <1F18D6510CF0474A8C9500565A7E41A2054A3322A4 at NOK-EUMSG-02.mgdnok.nokia.com> <4A67E7B8.1090909 at gmail.com> <200907231300.n6ND0CjL005744 at cichlid.raleigh.ibm.com> <87k51y7ch7.fsf at small.ssi.corp> <ab12ee18ac26214652d10c088ff61c2f at chewa.net>
User-agent: Gnus/5.110009 (No Gnus v0.9) Emacs/23.0.92 (gnu/linux)

Hi Rémi,

Rémi Denis-Courmont <remi at remlab.net> writes:

> IIRC, the DoCoMo implementation is basically a proof-of-concept-grade hack.
> It works with user-space packet filtering hooks, instead of being built
> into the real IPv6 neighbor discovery code.

Your IIRC is valid. It uses libnetfilter_queue to access the interesting
ICMPv6 packets (RS, RA, NS, NA and redirect) from userspace (INPUT and
OUTPUT). Based on configuration, the packets are checked or mangled, and
possibly passed back to the firewall to continue their journey.

I don't think the daemon is ready for prime time but the idea of doing
things in userland is not completely broken. It has some advantages. At
least, I kind of hope we will never have X.509 Cert handling and ASN.1
parsing in the kernel. 

Cheers,

a+

References:
- RE: Node Requirements: Issue 13 - CGA/SeND support
  - From: Laganier, Julien
- Re: Node Requirements: Issue 13 - CGA/SeND support
  - From: Hesham Soliman
- RE: Node Requirements: Issue 13 - CGA/SeND support
  - From: john.loughney
- Re: Node Requirements: Issue 13 - CGA/SeND support
  - From: Brian E Carpenter
- Re: Node Requirements: Issue 13 - CGA/SeND support
  - From: Thomas Narten
- Re: Node Requirements: Issue 13 - CGA/SeND support
  - From: Arnaud Ebalard
- Re: Node Requirements: Issue 13 - CGA/SeND support
  - From: Rémi Denis-Courmont

Prev by Date: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by Date: Re: Node Requirements: Issue 13 - CGA/SeND support
Previous by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Index(es):
- Date
- Thread

Re: Node Requirements: Issue 13 - CGA/SeND support

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.