Service Communautaire d'Information sur la Recherche et le Développement - CORDIS

Realizing connection tracking functionality in the Linux kernel for IPv6

Packet Handling is done in the Linux Kernel (v2.4) using the Netfilter framework, an abstract and generalized framework, which is not only protocol independent, but also modular and extensible.

When IPv6 was incorporated into the TORRENT, one of the aims was to realize as much as possible of the packet handling functionality for IPv4 and IPv6 in the same way. As the available functionality of the Netfilter/iptables framework for IPv4 and IPv6 was and still is very different, it was decided to enhance the available IPv6 functionality to better fit the projects requirements.

In a first step the connection tracking functionality was ported to IPv6. The actual flow information is exported to the user space as in IPv4 by means of the process file system of Linux.

Connection tracking on IPv6 then was enhanced with a patch available on IPv4 to add byte (and later packet) counts of flows to the connection-tracking table, and additionally with the ctnetlink functionality to send the flow states together with the counters to the user space. A logging daemon in the user space also was ported to IPv6 for logging the respective information. As a last step to allow for stateful firewalling in IPv6, the “state” match was ported as well.

The functionality being useful to TORRENT are the means to examine and modify packets to influence routing and queueing of packets, stateful filtering of packets to realize a firewall functionality, and the possibility to indicate packet flows and associated traffic volumes to the user space, all of that in IPv6.

More information on the Torrent project can be found at:

Informations connexes

Reported by

Universität Stuttgart
Pfaffenwaldring 47
70569 Stuttgart
See on map