[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPv6-PMP?
On Apr 14, 2007, at 17:29, Mark Smith wrote:
Are you able to clarify the above a bit further? Are you saying
that you're planning on implementing NAT for IPv6, so that you can
"transparently" intercept connections/flows and have them processed
by middleboxes in the network?
Yes. I have to do this to make application layer gateways (ALG) for
IPv6 to be fully transparent. There are a lot of well-known problems
with trying to make ALG's operate on a packet-by-packet basis in the
IP filter before the TCP stack can reassemble the octet-stream. It's
not too bad for FTP, but it's really perilous when you're trying to
handle RTSP and other applications that have complicated interactions
between application layers and the network layer.
I figure while I'm doing that, I might as well write a general
purpose IPv6 NAT. I wish I didn't have to do this, but the security
considerations are pushing me into it.
--
j h woodyatt <jhw@apple.com>
- Follow-Ups:
- Re: IPv6-PMP?
- From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>