I have made a test build of the FireBrick with RFC3514 support in it. Firewall rules can test for the evil bit set or unset, and can cause the evil bit to be set on the session so that, for example, NATted sessions can have the evil bit set.
Yes, bit of fun - and I may put in a production release one day (perhaps next April). However, it has been made a semi serious suggestion (Ray Bellis) that this could be done on CGNAT systems allowing both ends to know that they are working via some sort of NAT or otherwise mangling of headers system on the way. The bit gets set on replies on the session as well for this reason.
The concept is that where a device tries IPv4 and IPv6 at the same time, and gets replies, it can tell from the replies that the IPv4 is being mangled and prefer the IPv6 even if apparently slower to reply.
So now, not only do we all know NAT is evil, but we can have the evil bit actually tell us that :-)
Subscribe to:
Post Comments (Atom)
Don't use UPS
I know I said before, but this is an update on the saga. Executive summary I had 4 parcels sent from China (same sender) via UPS, all marked...
-
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
-
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo...
-
Drivers should be aware what road signs mean. And so they need to be clear and unambiguous. But some are a tad more challenging than others,...
niiiiiiice!
ReplyDeleteI like it