![]() This is separated from, + but required by, the NAT layer it can also be used by an iptables + extension. +++ -0,0 +1,159 _NF_CONNTRACK_COMMON_H +#define _NF_CONNTRACK_COMMON_H +/* Connection state tracking for netfilter. ![]() Stuff will get placed into the feature-removal-schedule and we willĭiff -git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h The ipv4 specific conntrack helpers are ported over to nf_conntrackĪnd it is feature complete. When one of the interfaces (or routes) becomes unavailable, all connections that were using it have to be dropped, and subsequent traffic has to be routed through the still working connection. VoIP, through specific interface - to a distinct provider. The ipv4 specific conntrack layer is kept around, until all of in a multi-ISP configuration, Im routing and NATing specific traffic, e.g. No provisions for this in the existing connection tracking (which the existing ipv4 connection tracking does) approach simplyģ) ipv6 extension header parsing must occur at the correct spotsīefore and after connection tracking decisions, and there were The simplistic "defrag, connection track and NAT, refrag" In connection tracking since effectively they are like ARPĢ) fragmentation must be handled differently in ipv6, because Ipv6 thus some messages such as these should not participate For example, these issues include:ġ) ICMPv6 handling, which is used for neighbour discovery in TCP connections In this section and the upcoming ones, we will take a closer. With the pecularities of doing connection tracking on ipv6, This gives a list of all the current entries in your conntrack database. ![]() The existing ipv4 specific conntrack code could also not deal In fact nf_conntrack is capable of working with any layer 3 (TCP, UDP, etc.) connection tracking helper module to be written. Of the ipv4 connection tracking code into an ipv6 counterpart, or (theĬhoice taken by these patches) we could design a generic layer thatĬould handle both ipv4 and ipv6 and thus requiring only one sub-protocol There were basically two choices present to addĬonnection tracking support for ipv6. The existing connection tracking subsystem in netfilter can only
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |