GSOC2012NetworkAddressTranslationMidTermReview

Introduction

This project aims to implement IPv4 NAT support for the native IPv4 stack in ns-3. The NAT requires two prerequisite features: Netfilter and Conntrack. his project builds/extends work previously done by Qasim Javed (mentored by Adrian Tam) in 2009.

Current Status

Netfilter

1) IPv4 Netfilter support is mostly done, based on a port and update of Qasim's original code. New features include tests (still to be completed), new examples, and documentation for the model library. However, the implementation revealed a soft spot in the IPv4L3Protocol implementation that must be resolved; namely, netfilter expects to operate (possibly mangle) complete IP packets, but the IPv4L3Protocol code operates by removing the IP header at an early stage in the packet processing, and adding it in a late stage of processing. Therefore, any mangle operations on the packet header must be preserved in this model. The current implementation supports a mangle operation in the PRE_ROUTING and POST_ROUTING hooks only (filters can be supported at the other states at present, but not mangle). Support at the additional hook points for mangle needs some refactoring. The open issues (complete tests, and mangle at other hook points) is scheduled for 18 July.

Conntrack

2) The conntrack module is scoped and ported from Qasim's repository, but untested. An additional aspect is that the user APIs to inspect the state has not been discussed/resolved (e.g. a conntrack-tools-likeinterface, or printouts similar to reading /proc/net/conttrack). We plan to support the necessary features for basic IPv4 NAT; protocol helpers for application-level expectations (e.g. FTP) are out of scope, and dealing with IPv4 fragmentation is out of scope.

The current code for this component is available at: http://code.nsnam.org/vsindhuja/ns-3-dev-netfilter/src/internet/model: - icmpv4-conntrack-l4-protocol.{cc,h} - ip-conntrack-info.{cc,h} - ipv4-conntrack-l3-protocol.{cc,h} - netfilter-conntrack-l3-ipv4.h - netfilter-conntrack-l3-protocol.h - netfilter-conntrack-l4-protocol.h - netfilter-conntrack-tuple.{cc,h} - tcp-conntrack-l4-protocol.{cc,h} - udp-conntrack-l4-protocol.{cc,h}c

The open issues (complete tests, and mangle at other hook points) is scheduled for 1 August.

NAT

3) The NAT code has not really been initiated; some aspects of it exist in the above repository but are stubbed out, to focus on the netfilter and conntrack issues.

Future Goals

1) Implement the ability to mangle the packets. The next focus would be to get on working with altering the header of the packets and proceed withpassing them through the nodes to see if the changes made are effective. This would be the predecessor to the actual implementation of NAT as that would require packet mangling as a feature.

2) Conntrack must be modeled in a way that is not very protocol dependent. Decide on a more robust way to deal with packets that do not have the conntrack helpers in place. Examples and tests in place for conn track. The examples for conn track are envisioned to be able to basically dump the connection tables over the period of connection between nodes.

3) Another important part to look into would be to get packet filtering also working in place. This would provide a solid filtering operation for the NS-3 framework.

4)NAT modeling must be evaluated on the basis of the existing Netfilter and Conntrack code and taking into consideration their limitations as well.