[Click] IPRewriter and ICMP packets
Eddie Kohler
kohler at cs.ucla.edu
Fri Jul 30 20:02:15 EDT 2004
Erik VandeKieft wrote:
>>The IPRewriter table is looked up using five properties: src addr, src port, dst
>>addr, dst port, protocol. Note that completely different mappings might be
>>installed for different tuples. For example you might have
>>
>> <1.0.0.1, 20, 2.0.0.2, 30, TCP> => <128.0.0.4, 929, 2.0.0.2, 30, TCP>
>> <1.0.0.1, 40, 2.0.0.2, 59, UDP> => <94.92.0.1, 40, 2.0.0.2, 59, UDP>
>>
>>Note different src addrs.
>>
>>Now an ICMP ping has three properties: source addr, dest addr, and identifier.
>>Say a ping <1.0.0.1, 2.0.0.2, 40> arrived when the IPRewriter was in the above
>>state. How should that ping be rewritten? Src addr 128.0.0.4 or 94.92.0.1?
>
>
> Hmmm. Actually, now that I think about it, I guess I could have been using
> just an IPAddrRewriter rather than an IPRewriter all this time, since I
> never translate any ports. I can always look up my mappings based on just
> the source and destination IP address.
It sounds like you want something _close_ to an IPAddrRewriter, but not quite.
IPAddrRewriter looks at the source OR destination address -- which is what you
want for conventional NAT. You want an IPAddrPairRewriter that looks at source
AND destination address. That should be pretty easy....
> Since that doesn't look at ports, couldn't that work with ICMP ping
> packets?
Yep.
The ICMPPingRewriter as its written still isn't enough because it
> wants a static NEWSRC and NEWDST; I at least want it to look in the table
> of an IPAddrRewriter.
>
> Thanks! Sorry about the confusion there...
>
> --Erik
No problem.
Eddie
More information about the click
mailing list