[Xorp-hackers] NAT support for XORP

Bruce M Simpson bms@spc.org
Sun, 16 Oct 2005 19:31:52 +0100


On Sun, Oct 16, 2005 at 01:55:07PM +0200, Kristen Nielsen wrote:
> I am considering to implement a Network Address Translation (NAT) module 
> to XORP, but as I understand it, it seems that I need to add 
> functionality to the FEA module to be able to change IP-packets that 
> flows through the router.

One big problem with this is that it requires a means of intercepting
network traffic such that the host's TCP/IP stack doesn't process it.
libpcap, for example, won't let you do this, although we'd find libpcap
functionality in the FEA very useful (for IS-IS and so on).

On FreeBSD, this can be achieved with the use of a 'divert' socket, but
once you go down this route, you may as well use kernel-space NAT anyway,
in the form of pf, ipf or iptables on Linux.

One possible place for you to start would be to work on a design for a
Click-based NAT implementation, and the control plane functionality
needed for this in the FEA.

You may find the firewall driver code (fea/pa_*) useful here.

Regards,
BMS