From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf0-x244.google.com (mail-lf0-x244.google.com [IPv6:2a00:1450:4010:c07::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 1C3D33B25D; Sun, 3 Jul 2016 03:44:11 -0400 (EDT) Received: by mail-lf0-x244.google.com with SMTP id a2so14715217lfe.3; Sun, 03 Jul 2016 00:44:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=q75VXR/RWDcJNAT+AZMODpJxszIu7PjygQwQPreoA8s=; b=moOP/dL7WgDnTAPfz3DjYsBXGcpJURLWkTpMBapdel+1Vw1h9qkRy1hghvDKSMeFY/ OslqpKZ8aVcMFRKWffduyMYAOrFIeAzGPHmfMfnweP9l7PvCwtY3CHtJxwpYQwyJ+0lZ T8i48SLAlEuD9ytoHDuowVkqdA85bbSlMeBT1Hxf8dD0ZKNT/7t9UvUW6RU+LtgRdQ7l /BGoo8utg64SSX2JpbDYkYZIfBeGobvcKn8V5zgpBtED4rmA283Tf591tCODde7fantn qIfpMz2Txqcup5hcsu57uqjKGJPO7LFrdEfxiBmPH1hpTxtB9VSOSFFA33y6jAX/0fMx nvQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=q75VXR/RWDcJNAT+AZMODpJxszIu7PjygQwQPreoA8s=; b=c+vI4x/460vKibvlGkcb2GVE0Xah/UVN3hJWSZFlPUNkHKV0R5cisxwAfDE3TlP7ZD 7mqEu9LGCbksNw2bS2wxZ6IDhfXv0h0FUOBvRfHFrKbfZp4ychYBsOvEGX3XlkWkMclS I8hjwVaHmHwRr2wHNLw+0OOTti7EuknTfmpVsR8nGfpeizP7y04lu72IJ192t9Aeu/gs FfzVmzmC5jFGAN1t2kEC+VwvDfTiNZDpsaJUpUXpcqyLts9ySGncti7RxMkXmKYlX5Fv MTuY3FK0tlkOQTl23i0Fn2oUcPvT5r0W5tWfzyAgMjipaTWMKCleUKfYsHA97IdwVRLP I0ig== X-Gm-Message-State: ALyK8tIFYDY339oWM/lUaqi5Mg32t5Gdpkg7hHgVcCgwC2WCX8hDqXmjgbiqohqlra32fg== X-Received: by 10.25.125.10 with SMTP id y10mr1116249lfc.75.1467531849900; Sun, 03 Jul 2016 00:44:09 -0700 (PDT) Received: from bass.home.chromatix.fi (37-33-96-207.bb.dnainternet.fi. [37.33.96.207]) by smtp.gmail.com with ESMTPSA id g193sm1563104lfb.14.2016.07.03.00.44.08 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 03 Jul 2016 00:44:09 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Jonathan Morton In-Reply-To: Date: Sun, 3 Jul 2016 10:44:06 +0300 Cc: =?utf-8?Q?Dave_T=C3=A4ht?= , cake@lists.bufferbloat.net, cerowrt-devel@lists.bufferbloat.net Content-Transfer-Encoding: quoted-printable Message-Id: References: <57501404.5010704@darbyshire-bryant.me.uk> <6A7C70EE-906E-4624-A84A-645ED4530A07@gmail.com> <5774E766.2050302@darbyshire-bryant.me.uk> To: David Lang X-Mailer: Apple Mail (2.3124) Subject: Re: [Cerowrt-devel] [Cake] conntrack and ipv6 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jul 2016 07:44:11 -0000 > On 3 Jul, 2016, at 09:16, David Lang wrote: >=20 >> It is generally my hope that ipv6 nat will not be widely deployed. >>=20 >> Firewalls will be stateful instead, and thus there would be no need = to >> access the conntrack information for ipv6 in cake. >=20 > well, conntrack is the way that the firewall handles it's state. = Conntrack also has features to let you sync it's state from one system = to it's backup so that failover maintains the state. Yes, but the point is that in a stateful firewall (as opposed to NAT) no = changes to IP addresses occur while traversing the router. Cake can = therefore see the correct addresses without probing conntrack data. There's still a huge number of people on IPv4 NAT though. - Jonathan Morton