Although an IPv6 only environment is ideal, the path to migration from an IPv4 environment is gradual and will present situations where an IPv6 client will need ongoing connectivity to an IPv4-only server. Such a communication path will need to use one of the existing IPv6 to IPv4 transition mechanisms (such as NAT or a dual IPv4 + IPv6 stack).
We will demonstrate a novel approach to this migration, that uses a unique transition mechanism utilizing the new
SECCOMP_IOCTL_NOTIF_ADDFD flag introduced to the
seccomp() system call, to intercept egress connect calls to opportunistically use a transition IPv4 address when possible, saving applications the pain of dealing with the end host not being reachable, while still living in an IPv6-only environment. Once applied at the beginning of connection establishment, the data path proceeds uninterrupted between the client and the server distinguishing this approach from many other transition/translation mechanisms.
We will also share a performance analysis of this approach, limitations of what we can do with
seccomp(), and future work using this mechanism.
|I agree to abide by the anti-harassment policy