Difference between revisions of "GSOC2012NetworkAddressTranslationMidTermReview"
(Created page with "==Introduction== This project aims to implement IPv4 NAT support for the native IPv4 stack in ns-3. The NAT requires two prerequisite features: Netfilter and Conntrack. his pr...") |
|||
| Line 5: | Line 5: | ||
==Current Status== | ==Current Status== | ||
| + | ===Netfilter=== | ||
1) IPv4 Netfilter support is mostly done, based on a port and update of Qasim's original code. New features include tests (still to be completed), new examples, and documentation for the model library. However, the implementation revealed a soft spot in the IPv4L3Protocol implementation that must be resolved; namely, netfilter expects to operate (possibly mangle) complete IP packets, but the IPv4L3Protocol code operates by removing the IP header at an early stage in the packet processing, and adding it in a late stage of | 1) IPv4 Netfilter support is mostly done, based on a port and update of Qasim's original code. New features include tests (still to be completed), new examples, and documentation for the model library. However, the implementation revealed a soft spot in the IPv4L3Protocol implementation that must be resolved; namely, netfilter expects to operate (possibly mangle) complete IP packets, but the IPv4L3Protocol code operates by removing the IP header at an early stage in the packet processing, and adding it in a late stage of | ||
processing. Therefore, any mangle operations on the packet header must be preserved in this model. The current implementation supports a mangle operation in the PRE_ROUTING and POST_ROUTING hooks only (filters can be supported at the other states at present, but not mangle). Support at the additional hook points for mangle needs some refactoring. | processing. Therefore, any mangle operations on the packet header must be preserved in this model. The current implementation supports a mangle operation in the PRE_ROUTING and POST_ROUTING hooks only (filters can be supported at the other states at present, but not mangle). Support at the additional hook points for mangle needs some refactoring. | ||
The open issues (complete tests, and mangle at other hook points) is scheduled for 18 July. | The open issues (complete tests, and mangle at other hook points) is scheduled for 18 July. | ||
| + | ===Conntrack=== | ||
2) The conntrack module is scoped and ported from Qasim's repository, but untested. An additional aspect is that the user APIs to inspect the state has not been discussed/resolved (e.g. a conntrack-tools-likeinterface, or printouts similar to reading /proc/net/conttrack). We plan to support the necessary features for basic IPv4 NAT; protocol helpers for application-level expectations (e.g. FTP) are out of scope, and dealing with IPv4 fragmentation is out of scope. | 2) The conntrack module is scoped and ported from Qasim's repository, but untested. An additional aspect is that the user APIs to inspect the state has not been discussed/resolved (e.g. a conntrack-tools-likeinterface, or printouts similar to reading /proc/net/conttrack). We plan to support the necessary features for basic IPv4 NAT; protocol helpers for application-level expectations (e.g. FTP) are out of scope, and dealing with IPv4 fragmentation is out of scope. | ||
| Line 25: | Line 27: | ||
The open issues (complete tests, and mangle at other hook points) is scheduled for 1 August. | The open issues (complete tests, and mangle at other hook points) is scheduled for 1 August. | ||
| + | ===NAT=== | ||
3) The NAT code has not really been initiated; some aspects of it exist in the above repository but are stubbed out, to focus on the netfilter and conntrack issues. | 3) The NAT code has not really been initiated; some aspects of it exist in the above repository but are stubbed out, to focus on the netfilter and conntrack issues. | ||
Revision as of 15:44, 10 July 2012
Introduction
This project aims to implement IPv4 NAT support for the native IPv4 stack in ns-3. The NAT requires two prerequisite features: Netfilter and Conntrack. his project builds/extends work previously done by Qasim Javed (mentored by Adrian Tam) in 2009.
Current Status
Netfilter
1) IPv4 Netfilter support is mostly done, based on a port and update of Qasim's original code. New features include tests (still to be completed), new examples, and documentation for the model library. However, the implementation revealed a soft spot in the IPv4L3Protocol implementation that must be resolved; namely, netfilter expects to operate (possibly mangle) complete IP packets, but the IPv4L3Protocol code operates by removing the IP header at an early stage in the packet processing, and adding it in a late stage of processing. Therefore, any mangle operations on the packet header must be preserved in this model. The current implementation supports a mangle operation in the PRE_ROUTING and POST_ROUTING hooks only (filters can be supported at the other states at present, but not mangle). Support at the additional hook points for mangle needs some refactoring. The open issues (complete tests, and mangle at other hook points) is scheduled for 18 July.
Conntrack
2) The conntrack module is scoped and ported from Qasim's repository, but untested. An additional aspect is that the user APIs to inspect the state has not been discussed/resolved (e.g. a conntrack-tools-likeinterface, or printouts similar to reading /proc/net/conttrack). We plan to support the necessary features for basic IPv4 NAT; protocol helpers for application-level expectations (e.g. FTP) are out of scope, and dealing with IPv4 fragmentation is out of scope.
The current code for this component is available at: http://code.nsnam.org/vsindhuja/ns-3-dev-netfilter/src/internet/model: - icmpv4-conntrack-l4-protocol.{cc,h} - ip-conntrack-info.{cc,h} - ipv4-conntrack-l3-protocol.{cc,h} - netfilter-conntrack-l3-ipv4.h - netfilter-conntrack-l3-protocol.h - netfilter-conntrack-l4-protocol.h - netfilter-conntrack-tuple.{cc,h} - tcp-conntrack-l4-protocol.{cc,h} - udp-conntrack-l4-protocol.{cc,h}c
The open issues (complete tests, and mangle at other hook points) is scheduled for 1 August.
NAT
3) The NAT code has not really been initiated; some aspects of it exist in the above repository but are stubbed out, to focus on the netfilter and conntrack issues.
Future Goals
1) The first focus would be to work on packet mangling. To design callbacks that would work on changing certain fields on the header. Then observing if the packets pass through successfully.
