#1 - Week 22
I was busy with exams that week, so I didn't have much time. Few things I did:
- getting (more) familiar with Plan 9 network stack
- studied some NAT implementations
- setup dev environment
I will be able to recover this at the end of the GSoC period, if
needed. Next week the actual coding starts.
#2 - Week 23
This week I actually put my hands on the network code itself. One
challenge was to figure out where to put the hooks in the network
stack. So far there are two hooks, one for incoming packets and one
for outgoing. Later on there might be added more, but for now this was
the starting point. The first thing I wanted to be able to do, is to
make a simple masquerading work, i.e. use one interface (connected to
the outside world) which translates all incoming packets from another
local interface to its public IP.
Hook 0 is in ipoput() and handles outgoing packets originating from
the local subnet excluding the gateway itself. In the case of TCP it
needs to check whether a packet is belonging to a previous connection,
or a start of a new one. If SYN is set, we assume this is a new
connection, and enter the relevant data into the NAT table. Relevant
data here is src and dst port, src and dst IP address. This tuple is
used in the hash function to efficiently look up connections
afterwards. The packet src address needs to be rewritten to the public
gateway address (and possibly the src port needs to be replaced with a
free src port on the gateway)
Hook 1 is in ipiput() and handles incoming packets. Here we need to
check whether an incoming packet is destined for the gateway itself or
for a previously NATted connection. If so, the destination ip address
(and possibly dst port) needs to be rewritten.
#3 - Week 24
Two important points when implementing NAT (or any kind of packet
interception that requires data from upper layers in the network
stack, e.g. TCP) are checksuming and fragmentation. While I left the
latter for later since so far I'm only dealing with small packets the
former is crucial for the correct functioning of the NAT. TCP
checksums are calculated over the TCP header, the payload and a pseudo
IP header. This pseudo header is constructed only for the purpose of
calculating the checksum. Another important fact is the this pseudo
header does only contain certain fields of the actual ip header.
This week I'm still trying to understand the checksum algorithm and
apply it correctly in my code. The difficulty lies in the combination
of multiple protocol layers (currently IP and TCP) in my code, as in
the stack it is (and it should be) separated. The challenge with NAT
is the combination of information of more then 1 network layer. When
only forwarding packets on a host between sender and receiver (as it
is the case for a LAN gateway) the machine usually is not interested
in upper layer information such as TCP checksums or ports. In NAT this
is does not hold anymore.
I tried to install packages from contrib in Plan 9 to be able to store
my code on the public repositories. I faced some problems when using
contrib. I still haven't figured out how to install python and
mercurial. When using 'contrib/install' certain packages (python from
fgb and bichued, but also others) I got an error "no such replica".
An important design decision for the NAT implementation was the data
structure to use for the hash table. Together with my mentor we
decided to use a hash table, as that seems to be the most accurate in
the current situation.
Next week I will still try to get a successful NAT of a TCP connection
to work. The major challenge will be to get the checksum alteration
right.
Thanks for the help of the community and especially my mentor, who
always provides my with valuable guidance and feedback!
Cheers,
--
/Manuel
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Plan
9 Google Summer of Code" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/plan9-gsoc?hl=en
-~----------~----~----~----~------~----~------~--~---
