Open agowa opened 2 years ago
ydahhrk
commented
1 year ago Sorry for the silence.
Yes, a lot of people has complained about this. AFAIK, the problem is not trivial to fix and it's consequence of Jool's awkward hookup to the kernel.
I'm currently writing a message to the nftables people so we can discuss this. Please be patient. Because I have to do this on my free time, I'm forced to research at a slow pace.
ydahhrk
commented
1 year ago Yes, a lot of people has complained about this. AFAIK, the problem is not trivial to fix and it's consequence of Jool's awkward hookup to the kernel.
IIRC, the problem is that Jool switches the packet's pipeline (from the IPv4 stack to the IPv6 stack or vice versa) by routing and then calling dst_output(), which sends the packet to the proper L3 layer's POSTROUTING code.
When I coded this, I was unable to find a public kernel function that would allow me to do the same for LOCAL_IN. This is the reason why I can't get any packet to the current namespace.
I'm not sure if LOCAL_OUT had a similar problem. It's been ~10 years.
Hi, because jool hooks into the PREROUTING table it doesn't handle locally originating packages. Just adding a rule to the OUTPUT table doesn't make it work either. Would it be possible to get this feature? I don't think it's fair to say that "464XLAT" is fully supported without honoring local traffic.
The issue behind this request is:
ping 64:ff9b::1.1.1.1from the jool router fails.Also related to: