Hello! And there are some issues with several protocols, as Marc points out. In FTP, for example, possibly the new packet will be larger than original one. (IP Addresses are codified in the data payload as text). So, it's possible the router has to fragment the packet. And that's not a simple header rewrite.
Francisco Sedano Informatica Pronet. "Marc Thach Xuan Ky" cc: Enviado por: Asunto: Re: NAT [7:60784] [EMAIL PROTECTED] 10/01/2003 12:08 Por favor, responda a "Marc Thach Xuan Ky" Dwayne, it's most likely that any NAT implementation would overwrite the header data that it wishes to change, rather than rewrites the header in its entirety. Of course the end result would look the same when you view the packet, however you can recalculate the checksum from the old and new IP addresses without reading the entire packet, so that's a gain for not using the full header creation code. Note though that some protocols which don't pass well through NAT are handled by an ALG (Application Level Gateway), and these modules will rewrite the IP data. Now if I were coding an ALG I'd certainly create the entire header for scratch, and I might need to do the same with the data. Think of an FTP ALG for example. Here the length of the data may be changed, in particular it may grow. The buffer that is currently allocated for the packet may not have room to grow, so in that case, you'd need to copy the data into a larger buffer probably as you parse and alter the data. rgds Marc Dwayne Saunders wrote: > > Hi all, > Was just wondering if any one could put me on to a good link in > regards NAT and packet headers, simply what I am trying to find out is the > packet header total rewritten or just the ip address part of the header and > checksum, Or is a new header written to envelope the original header. > > Or does each application do it differently. > > Any help would be great. > > Regards > > D'Wayne Saunders Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60803&t=60784 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]