Discussion:
Converting between IPv4 and IPv6
(too old to reply)
Darren Reed
2008-03-02 00:03:37 UTC
Permalink
Something that I'm looking at now with IPFilter is converting IPv4 headers
into IPv6 headers and back again as part of its NAT functionality. One of
the big problems that needs to be solved is that packets coming in or going
out change protocol type in mid stream. This is not something that will be
pleasant for the rest of the kernel if left alone.

So I'm thinking through how to get the IPv4 packet that came in on fxp0
and has been converted to IPv6 in the middle of ip_input() over to
ip6_input().

I suspect that the only thing that I can do is put it on ip6intrq and
schedule
a soft interrupt for IPv6 and have it come up through IPv6 that way.

There is also a similar issue for output.

Does anyone else have any thoughts on this?

Darren


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
der Mouse
2008-03-02 00:23:08 UTC
Permalink
Post by Darren Reed
Something that I'm looking at now with IPFilter is converting IPv4
headers into IPv6 headers and back again as part of its NAT
functionality. [...]
Does anyone else have any thoughts on this?
My thoughts are "that's *so* out of scope for anything in-kernel".

Seriously. Trying to NAT between protocols, even protocols as similar
as IPv4 and IPv6, is a huge enough mess I wouldn't even try to touch
it. As well try to "NAT" between Chaosnet and DECnet - it's really
something I think should be left to application-level gateways.

If this goes in, I trust there will be a comple option to remove the
resulting trichobezoar from the kernel.

/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML ***@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Joerg Sonnenberger
2008-03-02 07:10:37 UTC
Permalink
Post by Darren Reed
Does anyone else have any thoughts on this?
Create a virtual interface and put them unto the input queue of that
just if they have arrived externally?

Joerg

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Hubert Feyrer
2008-03-02 12:48:29 UTC
Permalink
Post by Darren Reed
Something that I'm looking at now with IPFilter is converting IPv4 headers
into IPv6 headers and back again as part of its NAT functionality.
Um, I wouldn't expect Network Address Translation to also add protocol
translation... for that, I'd expect separate things like stf(4) or
faith(4).


- Hubert

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Darren Reed
2008-03-09 09:18:55 UTC
Permalink
Post by Hubert Feyrer
Post by Darren Reed
Something that I'm looking at now with IPFilter is converting IPv4 headers
into IPv6 headers and back again as part of its NAT functionality.
Um, I wouldn't expect Network Address Translation to also add protocol
translation... for that, I'd expect separate things like stf(4) or
faith(4).
So, what would the operational model be?

The network interface that is going to require two addresses:
- a destination for IPv4 traffic that comes in to be routed to
- a destination for IPv6 traffic that comes in to be routed to

But how do we control traffic?

One might say use the routing table, such that specific destinations
are routed at the IPv4 address of the interface and likewise for IPv6.

But as people are surely going to notice, this only allows selection
of packets based on the destination address when many may also
want to include the source address in that decision. This is similar
to what is done with stf(4) today.

Next we need a completely new tool - unless ifconfig is going to
be enhanced - to manage a new configuration file, kernel configuration
bits, etc.

As much as I hate to say it, this is probably a better approach
to take and means ipfilter doesn't get cluttered with lots of crap
code.

Darren


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...