Subject: Re: IPF and IPv6
To: Greg Troxel <firstname.lastname@example.org>
From: Martti Kuparinen <email@example.com>
Date: 12/30/2004 08:56:04
Greg Troxel wrote:
> Which MIPv6 implementation are you running, and are you using KAME
> patches in the kernel?
The Mobile Node is not running on xBSD and it's my employer's
I'd like to participate the next TAHI interop and for that purpose I
need to setup network connectivity to our IPv6 testbed. But looks like
it will be a difficult task to do...
> A cursory look through netinet/fil.c indicates there isn't any support
> for what you want. It's likely you are on the bleeding edge, and that
> ipf needs to be extended for MIPv6.
Yeah, I though so.
> One path would be to allow expressing fairly arbitrary combinations of
> headers, such as you suggest. Another would be (somehow) to enable
> some sort of Mobile IP processing that would, for filtering purposes,
> treat destination options with only home address as not present, so
> that one's normal firewall rules would apply while mobile. But, some
> people will want to filter these, so that needs to be configurable.
I agree, it should be possible to process Home Address destination
option and Routing Header type 2 somehow.