On Wed, 14 Jan 2004, YOSHIFUJI Hideaki / [iso-2022-jp] µÈÆ£±ÑÌÀ wrote:

I don't think so. Proxy should not depend on netfilter.

That's not very constructive criticism, Yoshifuji-san ;)

There aren't that many ways of doing this "hack" cleanly.

The fact of the matter is: the proxy needs to scan through the unicast
packets to filter out the Neighbor Discovery packets, if it supports NUD.

I think a netfilter module is the cleanest way of doing this. It doesn't
change any interfaces either inside the kernel, or to userspace. As a
module this feature is also easy to turn on if you want it, and it doesn't
cause any preformance penalties if you don't.

What kind of solution do you propose for this problem?

Regards,
Ville
--
Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257