I have been tasked with coding a IPv4-IPv6 translator (RFC 6146) for the Linux kernel. In short, it's a gateway that stands between IPv4 and IPv6 networks and allows transparent communication between them by switching packet headers and masking addresses.
Seeing that the kernel has Netfilter, a framework for altering packets, originally I thought I could just write a Netfilter module and translate from there. I could intercept all packets, resize them using the usual skb_pull/skb_push operations, override some bytes and finally return them happily to the kernel.
As it turns out, switching protocols is too extreme for Netfilter. Because the code that processes IPv4 packets is completely independent from the one that processes IPv6 packets, code both prior and subsequent of Netfilter modules assume the header of the network protocol survives. So if I change the IPv4 header for a IPv6 one, the kernel will go nuts because it will keep reading the header as if it was a IPv4 one.
(Or at least, that's what I believe after reading net/ipv4/ip_input.c; the first thing the kernel does after the call to NF_HOOK is extract the IPv4 header during ip_rcv_finish().)
I see a second option: Deducing a new sk_buff from scratch, ask Netfilter to NF_DROP the original packet, and then send the new packet somehow.
Here's where my limited familiarity with the kernel's principles and style stagnate me: I'd like to minimize frowning upon my solution, yet replacing the entire packet instead of altering its headers seems unnatural, inneficient, and even blasphemous to Netfilter's design. But I can't tell for sure, and I would like experienced advise. Also, I see no other choice.
Questions: Are there other options? What would the most natural approach be?
I would like to support all kernel versions since 2.6. If that's impossible, newer is better.
