Date: Tue, 15 Oct 2024 16:07:17 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 219918] LibAlias: implement RFC 4787 REQ 1 and 3 (full cone NAT) Message-ID: <bug-219918-7501-wr1R0wG4pk@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-219918-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-219918-7501@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219918 --- Comment #12 from Damjan Jovanovic <damjan.jov@gmail.com> --- (In reply to Kurt Jaeger from comment #10) EIM = endpoint-independent mapping, same abbreviation that is also used in RFC 6887 (if not more RFCs). They also used EDM = endpoint-dependent mapping (address and port-dependent mapping in RFC 4787). There are several problems with "full cone": - The RFC that invented the term, RFC 3489, is now obsolete, and the new version of it, RFC 5389, no longer uses that term. - All the NAT types described in RFC 3489 confused 2 different concepts: mapping (how packets change going out) and filtering (what can come back in). See the table below for a comparison of RFC 3489 and RFC 4787 terms under different settings. - When EIM and PKT_ALIAS_DENY_INCOMING are both set, it is no longer a "full cone" NAT, it would be a "port restricted cone" NAT instead. | | | PKT_ALIAS_ | PKT_ALIAS_ | | EIM | DENY_INCOMING | NAT type, by RFC | Comment -----------+---------------+------------------------------------------------+----------- unset | unset | RFC 4787: address and port-dependent mapping | These are | | address and port-dependent filtering | the only | | RFC 3489: "symmetric" NAT | ways that -----------+---------------+------------------------------------------------| libalias unset | set | RFC 4787: address and port-dependent mapping | works | | address and port-dependent filtering | at | | RFC 3489: "symmetric" NAT | present. -----------+---------------+------------------------------------------------+----------- set | unset | RFC 4787: endpoint-independent mapping | My patch | | endpoint-independent filtering | adds | | RFC 3489: "full cone" NAT | these -----------+---------------+------------------------------------------------| bottom set | set | RFC 4787: endpoint-independent mapping | 2 rows | | address and port-dependent filtering | as | | RFC 3489: "port restricted cone" NAT | options. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219918-7501-wr1R0wG4pk>