Christophe.Jelger at unibas
Aug 6, 2007, 7:44 AM
Post #1 of 2
Full header rewrite before local delivery
I'm doing some research on MANETs and I'm working on a Linux kernel
module (called LUNAR) that forwards packets based on an MPLS-style
forwarding scheme using local labels. One aspect of this scheme is that
IP addresses are not used for routing and only have local-scope because
the MPLS "circuits" are setup with DNS names. Basically we keep IP for
"backwards compatibility", i.e. because everything works today in an
Now when a packet reaches its destination the IP header is all wrong
because each node locally maintains its own "view" of the MANET: thus I
first have to NAT the IP header before I deliver the packet to the IP
stack. Note I have to NAT both the source and destination addresses.
This works fine but the problem is that I don't want to re-write all the
nice NAT-ALGs such as for FTP, SIP, etc.
This means I'd like to use ip_tables to do this full NAT but it seems
that with the existing code one can only do SNAT in the postrouting
while I need to do that before local delivery to the IP stack. Also I'd
still like to use existing modules to NAT FTP, SIP, etc ...
I have now spent quite some time looking at the ip_tables code and I
have to admit I'm still quite lost and I'm not sure what is best to
solve my problem. Basically if I still do the IP header NAT myself
(which is fine for me), how can I then pass the half-NATed packet to the
ip_tables ALGs to take care of FTP and other application-level data?
I guess another solution would be to let ip_tables do the full-NAT (IP
header + app data) but SNAT can only be used in POSTROUTING and I want
to do that before the packet is delivered to the IP stack ...
Any help/hint would be greatly appreciated.
thanks in advance and best regards,
Dr. Christophe Jelger, http://cn.cs.unibas.ch
University of Basel, Departement Informatik
Bernoullistrasse 16, CH-4056 Basel, Switzerland