* Full header rewrite before local delivery
@ 2007-08-06 14:44 Christophe Jelger
2007-08-06 14:55 ` Jan Engelhardt
0 siblings, 1 reply; 2+ messages in thread
From: Christophe Jelger @ 2007-08-06 14:44 UTC (permalink / raw)
To: netfilter-devel
Hi all,
I'm doing some research on MANETs and I'm working on a Linux kernel
module (called LUNAR) that forwards packets based on an MPLS-style
forwarding scheme using local labels. One aspect of this scheme is that
IP addresses are not used for routing and only have local-scope because
the MPLS "circuits" are setup with DNS names. Basically we keep IP for
"backwards compatibility", i.e. because everything works today in an
IP-by-default mode.
Now when a packet reaches its destination the IP header is all wrong
because each node locally maintains its own "view" of the MANET: thus I
first have to NAT the IP header before I deliver the packet to the IP
stack. Note I have to NAT both the source and destination addresses.
This works fine but the problem is that I don't want to re-write all the
nice NAT-ALGs such as for FTP, SIP, etc.
This means I'd like to use ip_tables to do this full NAT but it seems
that with the existing code one can only do SNAT in the postrouting
while I need to do that before local delivery to the IP stack. Also I'd
still like to use existing modules to NAT FTP, SIP, etc ...
I have now spent quite some time looking at the ip_tables code and I
have to admit I'm still quite lost and I'm not sure what is best to
solve my problem. Basically if I still do the IP header NAT myself
(which is fine for me), how can I then pass the half-NATed packet to the
ip_tables ALGs to take care of FTP and other application-level data?
I guess another solution would be to let ip_tables do the full-NAT (IP
header + app data) but SNAT can only be used in POSTROUTING and I want
to do that before the packet is delivered to the IP stack ...
Any help/hint would be greatly appreciated.
thanks in advance and best regards,
Christophe
--
--------------------------------------------------
Dr. Christophe Jelger, http://cn.cs.unibas.ch
University of Basel, Departement Informatik
Bernoullistrasse 16, CH-4056 Basel, Switzerland
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Full header rewrite before local delivery
2007-08-06 14:44 Full header rewrite before local delivery Christophe Jelger
@ 2007-08-06 14:55 ` Jan Engelhardt
0 siblings, 0 replies; 2+ messages in thread
From: Jan Engelhardt @ 2007-08-06 14:55 UTC (permalink / raw)
To: Christophe Jelger; +Cc: netfilter-devel
On Aug 6 2007 16:44, Christophe Jelger wrote:
>
> This means I'd like to use ip_tables to do this full NAT but it
> seems that with the existing code one can only do SNAT in the
> postrouting while I need to do that before local delivery to the IP
> stack. Also I'd still like to use existing modules to NAT FTP, SIP,
> etc ...
I think you can do SNAT in the raw table (PREROUTING and OUTPUT),
before the conntrack tuple is assigned to the skb.
Jan
--
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-08-06 14:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-06 14:44 Full header rewrite before local delivery Christophe Jelger
2007-08-06 14:55 ` Jan Engelhardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.