Re: npf bug(?)

To: 6bone%6bone.informatik.uni-leipzig.de@localhost
Subject: Re: npf bug(?)
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Mon, 3 Apr 2017 08:34:58 -0400

On Apr 3,  7:49am, 6bone%6bone.informatik.uni-leipzig.de@localhost (6bone%6bone.informatik.uni-leipzig.de@localhost) wrote:
-- Subject: Re: npf bug(?)

| On Sun, 2 Apr 2017, Christos Zoulas wrote:
| 
| >
| > I am trying to understand the use case here:
| > 1. you want to have V4 DNS and 6to4 service that can generate V4 fragments
| > 2. you want V4 fragments dropped.
| > 3. you can't put V4 rules in your firewall to restrict traffic to only
| >   those services.
| >
| > Is that correct?
| 
| That is not completely right. I want to filter IPv6 with npf. IPv4 should 
| not be filtered. After the activation of npf the statistics shows:
| 
| Fragmentation:
|          1296 fragments
|          1104 reassembled
|          7160 failed reassembly
| 
| Since IPv6 is no longer reassambling, it must be IPv4 packets. I want to 
| make sure that the reassembly errors do not lead to packet losses, 
| especially at 6to4.

I understand now. You want the V4 packets to be left alone, and processed
by the V4 regular stack. I will look into it.

christos

References:
- Re: npf bug(?)
  - From: 6bone

Prev by Date: Re: npf bug(?)
Next by Date: Re: npf bug(?)
Previous by Thread: Re: npf bug(?)
Next by Thread: Re: npf bug(?)
Indexes:

Home | Main Index | Thread Index | Old Index