[Please follow-up-to netfilter-devel] On Mon, Nov 10, 2003 at 12:50:12PM +0100, Christian Riechmann wrote: > I am working on a project dealing with IPv6 and Multicast. > I am trying to filter those IPv6 PDUs being sent by my host and > containing ICMPv6 Multicast Listener Discovery Protocol (MLDP) PDUs. > (In other words I want to see those Multicast Reports which > inform a router that my host wants to see those PDUs which are > sent to a specific multicast address.)These PDUs shall be queued > for some processing within a user space program. > > I tried a lot of IP6TABLES rules, but just these types of > ICMPV6 PDUs are not queued. > > I tried different rules, but none worked: > ip6tables -A OUTPUT -p icmp6 -j QUEUE > ip6tables -A OUTPUT -p icmpv6 -j QUEUE > ip6tables -A OUTPUT -p ipv6-icmp -j QUEUE they are all the same, just synonyms. > I should mention that ICMPv6 HELLO PDUs are well queued. > And: > ip6tables -A OUTPUT -p ipv6 -j QUEUE > > The last rule queues all IPv6 PDUs except those I really > want to see: MLDP-PDUs. > > All tests running on Kernels 2.4.18, 2.4.22 and 2.6.0test8 > show the same results. yes, indeed. After reading the ipv6 multicast code, I can confirm that incoming MLD packets (e.g. queries from the network) are traversing netfilter, but outgoing ones seem to be sent directly by net/ipv6/mcast.c I really don't have the time to write a patch for this right now. Could you please enter it into our bugzilla.netfilter.org bugtracking system? This way it [at least] cannot get lost. > Christian Riechmann > (riechmann@xxxxxxx) -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgp00668.pgp
Description: PGP signature
