From: Christophe Jelger <Christophe.Jelger@unibas.ch>
To: netfilter-devel@lists.netfilter.org
Subject: Full header rewrite before local delivery
Date: Mon, 06 Aug 2007 16:44:56 +0200 [thread overview]
Message-ID: <46B733E8.20803@unibas.ch> (raw)
Hi all,
I'm doing some research on MANETs and I'm working on a Linux kernel
module (called LUNAR) that forwards packets based on an MPLS-style
forwarding scheme using local labels. One aspect of this scheme is that
IP addresses are not used for routing and only have local-scope because
the MPLS "circuits" are setup with DNS names. Basically we keep IP for
"backwards compatibility", i.e. because everything works today in an
IP-by-default mode.
Now when a packet reaches its destination the IP header is all wrong
because each node locally maintains its own "view" of the MANET: thus I
first have to NAT the IP header before I deliver the packet to the IP
stack. Note I have to NAT both the source and destination addresses.
This works fine but the problem is that I don't want to re-write all the
nice NAT-ALGs such as for FTP, SIP, etc.
This means I'd like to use ip_tables to do this full NAT but it seems
that with the existing code one can only do SNAT in the postrouting
while I need to do that before local delivery to the IP stack. Also I'd
still like to use existing modules to NAT FTP, SIP, etc ...
I have now spent quite some time looking at the ip_tables code and I
have to admit I'm still quite lost and I'm not sure what is best to
solve my problem. Basically if I still do the IP header NAT myself
(which is fine for me), how can I then pass the half-NATed packet to the
ip_tables ALGs to take care of FTP and other application-level data?
I guess another solution would be to let ip_tables do the full-NAT (IP
header + app data) but SNAT can only be used in POSTROUTING and I want
to do that before the packet is delivered to the IP stack ...
Any help/hint would be greatly appreciated.
thanks in advance and best regards,
Christophe
--
--------------------------------------------------
Dr. Christophe Jelger, http://cn.cs.unibas.ch
University of Basel, Departement Informatik
Bernoullistrasse 16, CH-4056 Basel, Switzerland
next reply other threads:[~2007-08-06 14:44 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-06 14:44 Christophe Jelger [this message]
2007-08-06 14:55 ` Full header rewrite before local delivery Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46B733E8.20803@unibas.ch \
--to=christophe.jelger@unibas.ch \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.