NAT-PT using pfil and if_clone - have fun :)
Ed Schouten
ed at fxq.nl
Wed Apr 12 11:22:36 UTC 2006
Hello folks,
The last few weeks I've been hacking on a NAT-PT implementation for the
FreeBSD operating system in my spare time. I tried to use the NAT-PT
code in KAME's tree, but that was for FreeBSD 5.4 and didn't compile
properly.
Because its implementation was also quite evil (hooks in the ip_input
and ip6_input functions to capture packets), I thought: why not
capture IPv4 traffic using pfil? That way we can also build it as a
module. I also thought it would be more useful to send and receive IPv6
packets through a pseudo-interface, just like faith (except that you
don't need the faithd).
Today I'm releasing this code. It's also my 20th birthday, so instead of
getting presents, I also have the honour of giving one away:
http://g-rave.nl/projects/freebsd/natpt/distfiles/freebsd-natpt-20060412-birthday.diff
One note: there are still a few caveats in this code:
- IPv4 source port is the same as IPv6 source port
- ICMP and FTP are not translated
- Timeout value for the state table is just a guess (15 minutes).
Any feedback would be welcome. :)
Yours,
--
Ed Schouten <ed at fxq.nl>
WWW: http://g-rave.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20060412/0298e3ee/attachment.pgp
More information about the freebsd-hackers
mailing list