Date: Tue, 15 Oct 2024 16:07:17 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 219918] LibAlias: implement RFC 4787 REQ 1 and 3 (full cone NAT) Message-ID: <bug-219918-7501-wr1R0wG4pk@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-219918-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-219918-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219918 --- Comment #12 from Damjan Jovanovic <damjan.jov@gmail.com> --- (In reply to Kurt Jaeger from comment #10) EIM =3D endpoint-independent mapping, same abbreviation that is also used i= n RFC 6887 (if not more RFCs). They also used EDM =3D endpoint-dependent mapping (address and port-dependent mapping in RFC 4787). There are several problems with "full cone": - The RFC that invented the term, RFC 3489, is now obsolete, and the new version of it, RFC 5389, no longer uses that term. - All the NAT types described in RFC 3489 confused 2 different concepts: mapping (how packets change going out) and filtering (what can come back in= ). See the table below for a comparison of RFC 3489 and RFC 4787 terms under different settings. - When EIM and PKT_ALIAS_DENY_INCOMING are both set, it is no longer a "full cone" NAT, it would be a "port restricted cone" NAT instead. | | = | PKT_ALIAS_ | PKT_ALIAS_ | = | EIM | DENY_INCOMING | NAT type, by RFC = | Comment -----------+---------------+-----------------------------------------------= -+----------- unset | unset | RFC 4787: address and port-dependent mapping = | These are | | address and port-dependent filtering= | the only | | RFC 3489: "symmetric" NAT = | ways that -----------+---------------+-----------------------------------------------= -| libalias unset | set | RFC 4787: address and port-dependent mapping = | works | | address and port-dependent filtering= | at | | RFC 3489: "symmetric" NAT = | present. -----------+---------------+-----------------------------------------------= -+----------- set | unset | RFC 4787: endpoint-independent mapping = | My patch | | endpoint-independent filtering = | adds | | RFC 3489: "full cone" NAT = | these -----------+---------------+-----------------------------------------------= -| bottom set | set | RFC 4787: endpoint-independent mapping = | 2 rows | | address and port-dependent filtering= | as | | RFC 3489: "port restricted cone" NAT = | options. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219918-7501-wr1R0wG4pk>