Sequence number translation explanations.

Sequence number translation explanations.

[Emmanuel Guiton]

Hi!

I need to translate sequence numbers between the two networks that are 
separated by the firewall. In fact, I just need to translate on of them 
(so tcph->ack_seq in one direction, and tcph->seq in the opposite 
direction).
I found the ip_nat_seq stucture and the ip_nat_seq_adjust function but I 
do not understand them. Particularly this "correction_pos", what is it?

Could someone provide me with some explanations?

             Emmanuel

Re: Sequence number translation explanations.

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1296 bytes --]

On Sat, Mar 27, 2004 at 06:00:01PM +0200, Emmanuel Guiton wrote:
> Hi!
> 
> I need to translate sequence numbers between the two networks that are 
> separated by the firewall. In fact, I just need to translate on of them 
> (so tcph->ack_seq in one direction, and tcph->seq in the opposite 
> direction).
> I found the ip_nat_seq stucture and the ip_nat_seq_adjust function but I 
> do not understand them. Particularly this "correction_pos", what is it?
> 
> Could someone provide me with some explanations?

It is for inserting/removing bytes from a TCP stream, as needed with NAT
of protocols like FTP (IP address printed in ASCII has different length,
compare strlen('1.1.1.1') to strlen('255.255.255.255').

correction_pos is the position (sequence number) where the
addition/subtraction occurred, and offset is the number of bytes added
(positive) or removed (negative).

>             Emmanuel

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: Sequence number translation explanations.

[Emmanuel Guiton]

Harald Welte wrote:

>On Sat, Mar 27, 2004 at 06:00:01PM +0200, Emmanuel Guiton wrote:
>  
>
>>Hi!
>>
>>I need to translate sequence numbers between the two networks that are 
>>separated by the firewall. In fact, I just need to translate on of them 
>>(so tcph->ack_seq in one direction, and tcph->seq in the opposite 
>>direction).
>>I found the ip_nat_seq stucture and the ip_nat_seq_adjust function but I 
>>do not understand them. Particularly this "correction_pos", what is it?
>>
>>Could someone provide me with some explanations?
>>    
>>
>
>It is for inserting/removing bytes from a TCP stream, as needed with NAT
>of protocols like FTP (IP address printed in ASCII has different length,
>compare strlen('1.1.1.1') to strlen('255.255.255.255').
>
>correction_pos is the position (sequence number) where the
>addition/subtraction occurred, and offset is the number of bytes added
>(positive) or removed (negative).
>  
>
Ok, then it does not fit my problem. I will operate the change like for 
the TCP port number.
Thanks!

           Emmanuel