> On 3 Jul, 2016, at 09:16, David Lang <[email protected]> wrote: > >> It is generally my hope that ipv6 nat will not be widely deployed. >> >> Firewalls will be stateful instead, and thus there would be no need to >> access the conntrack information for ipv6 in cake. > > well, conntrack is the way that the firewall handles it's state. Conntrack > also has features to let you sync it's state from one system to it's backup > so that failover maintains the state.
Yes, but the point is that in a stateful firewall (as opposed to NAT) no changes to IP addresses occur while traversing the router. Cake can therefore see the correct addresses without probing conntrack data. There's still a huge number of people on IPv4 NAT though. - Jonathan Morton _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
