Date: Wed, 12 Apr 2006 13:22:35 +0200 From: Ed Schouten <ed@fxq.nl> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: NAT-PT using pfil and if_clone - have fun :) Message-ID: <20060412112235.GF87726@hoeg.nl>
next in thread | raw e-mail | index | archive | help
--UlsYxwg8UDQn+EKZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello folks, The last few weeks I've been hacking on a NAT-PT implementation for the FreeBSD operating system in my spare time. I tried to use the NAT-PT code in KAME's tree, but that was for FreeBSD 5.4 and didn't compile properly. Because its implementation was also quite evil (hooks in the ip_input and ip6_input functions to capture packets), I thought: why not capture IPv4 traffic using pfil? That way we can also build it as a module. I also thought it would be more useful to send and receive IPv6 packets through a pseudo-interface, just like faith (except that you don't need the faithd). Today I'm releasing this code. It's also my 20th birthday, so instead of getting presents, I also have the honour of giving one away: http://g-rave.nl/projects/freebsd/natpt/distfiles/freebsd-natpt-20060412-bi= rthday.diff One note: there are still a few caveats in this code: - IPv4 source port is the same as IPv6 source port - ICMP and FTP are not translated - Timeout value for the state table is just a guess (15 minutes). Any feedback would be welcome. :) Yours, --=20 Ed Schouten <ed@fxq.nl> WWW: http://g-rave.nl/ --UlsYxwg8UDQn+EKZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEPOL752SDGA2eCwURAv/GAJ0Shi5KR2tURsqZgeAJ0Y0xfHGfjwCfcczZ VDS3k0Bmw3tWs8hlWKVWuZc= =RdIG -----END PGP SIGNATURE----- --UlsYxwg8UDQn+EKZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060412112235.GF87726>