[Click] IPRewriter and ICMP packets

Eddie Kohler kohler at cs.ucla.edu
Fri Jul 30 16:44:05 EDT 2004 

Erik VandeKieft wrote:
>>Can you be more clear about what semantics you want here?  IPRewriter is a NAPT
>>(network address/port translator), so it requires port numbers on its input
>>packets.  ICMP ping packets don't have ports.
> 
> 
> I basically need an ICMPPingRewriter that has the ability to rewrite
> source and destination addresses based on the contents of an IPRewriter
> element, just as ICMPRewriter can.
> 
> (I use a NAPT IPRewriter because I want flows to be distinguished by the
> 4-tuple of sourceaddr/srcport/dstaddr/dstport, but I never actually
> translate any ports. I have my own classes that extend IPMapper, but they
> never change ports around.)

The IPRewriter table is looked up using five properties: src addr, src port, dst 
addr, dst port, protocol.  Note that completely different mappings might be 
installed for different tuples.  For example you might have

    <1.0.0.1, 20, 2.0.0.2, 30, TCP>  =>  <128.0.0.4, 929, 2.0.0.2, 30, TCP>
    <1.0.0.1, 40, 2.0.0.2, 59, UDP>  =>  <94.92.0.1, 40, 2.0.0.2, 59, UDP>

Note different src addrs.

Now an ICMP ping has three properties: source addr, dest addr, and identifier. 
Say a ping <1.0.0.1, 2.0.0.2, 40> arrived when the IPRewriter was in the above 
state.  How should that ping be rewritten?  Src addr 128.0.0.4 or 94.92.0.1?

>>The ICMPRewriter class *does* rewrite packet headers as well as packet contents,
>>or at least it should.  But it only applies to error packets (i.e. not pings).
> 
> So I guess basically my question is, why is it ICMPRewriter can take an
> IPRewriter element as input but ICMPPingRewriter cannot? 

Because ICMP errors contain embedded transport headers, *including protocol and 
ports*, allowing ICMPRewriter to look up a mapping for the full 5-tuple.

And what's the
> easiest way to get that kind of functionality for ICMP pings?

I still don't understand what functionality you mean.  Maybe you need to explain 
exactly what kinds of mappings are in your IPRewriter.

Eddie

> 
> --Erik
> 
> On Fri, 30 Jul 2004, Eddie Kohler wrote:
> 
> 
>>Erik VandeKieft wrote:
>>
>>>I noticed that ICMP packets that enter an IPRewriter element disappear and
>>>don't make it out any of the outputs. What happens to them, are they
>>>dropped on the floor? Why?
>>>
>>>I know that there is a seperate ICMPRewriter class, but I that only seems
>>>to rewrite the packet contents, not the actual IP headers. I need to
>>>rewrite the source and destinations of ICMP packets, including pings, and
>>>ICMPPingRewriter only allows you to do it for one static source and
>>>destination, whereas I need it to be dynamic based on an IPRewriter's
>>>table.
>>>
>>>Do I need to implement this myself or can click already accomplish this?

More information about the click mailing list