Hi Rémi, Rémi Denis-Courmont <[email protected]> writes:
> IIRC, the DoCoMo implementation is basically a proof-of-concept-grade hack. > It works with user-space packet filtering hooks, instead of being built > into the real IPv6 neighbor discovery code. Your IIRC is valid. It uses libnetfilter_queue to access the interesting ICMPv6 packets (RS, RA, NS, NA and redirect) from userspace (INPUT and OUTPUT). Based on configuration, the packets are checked or mangled, and possibly passed back to the firewall to continue their journey. I don't think the daemon is ready for prime time but the idea of doing things in userland is not completely broken. It has some advantages. At least, I kind of hope we will never have X.509 Cert handling and ASN.1 parsing in the kernel. Cheers, a+ -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
