From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 12 11:22:36 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F12D16A400 for ; Wed, 12 Apr 2006 11:22:36 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: from palm.hoeg.nl (mx0.hoeg.nl [83.98.131.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3262E43D48 for ; Wed, 12 Apr 2006 11:22:36 +0000 (GMT) (envelope-from ed@hoeg.nl) Received: by palm.hoeg.nl (Postfix, from userid 1000) id 18DEA171C0; Wed, 12 Apr 2006 13:22:35 +0200 (CEST) Date: Wed, 12 Apr 2006 13:22:35 +0200 From: Ed Schouten To: FreeBSD Hackers Message-ID: <20060412112235.GF87726@hoeg.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UlsYxwg8UDQn+EKZ" Content-Disposition: inline User-Agent: Mutt/1.5.11 X-Mailman-Approved-At: Wed, 12 Apr 2006 11:39:30 +0000 Subject: NAT-PT using pfil and if_clone - have fun :) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Apr 2006 11:22:36 -0000 --UlsYxwg8UDQn+EKZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello folks, The last few weeks I've been hacking on a NAT-PT implementation for the FreeBSD operating system in my spare time. I tried to use the NAT-PT code in KAME's tree, but that was for FreeBSD 5.4 and didn't compile properly. Because its implementation was also quite evil (hooks in the ip_input and ip6_input functions to capture packets), I thought: why not capture IPv4 traffic using pfil? That way we can also build it as a module. I also thought it would be more useful to send and receive IPv6 packets through a pseudo-interface, just like faith (except that you don't need the faithd). Today I'm releasing this code. It's also my 20th birthday, so instead of getting presents, I also have the honour of giving one away: http://g-rave.nl/projects/freebsd/natpt/distfiles/freebsd-natpt-20060412-bi= rthday.diff One note: there are still a few caveats in this code: - IPv4 source port is the same as IPv6 source port - ICMP and FTP are not translated - Timeout value for the state table is just a guess (15 minutes). Any feedback would be welcome. :) Yours, --=20 Ed Schouten WWW: http://g-rave.nl/ --UlsYxwg8UDQn+EKZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEPOL752SDGA2eCwURAv/GAJ0Shi5KR2tURsqZgeAJ0Y0xfHGfjwCfcczZ VDS3k0Bmw3tWs8hlWKVWuZc= =RdIG -----END PGP SIGNATURE----- --UlsYxwg8UDQn+EKZ--