ipnatctl

Xuan Baldauf xuan--reiserfs@baldauf.org
Fri, 23 Jun 2000 18:12:31 +0200 


Rusty Russell wrote:

> In message <39537EE3.D82D3FA9@baldauf.org> you write:
> > Rusty Russell wrote:
> >
> > > In message <394FDFEB.E1A6AB7F@baldauf.org> you write:
> > > > Hello,
> > > >
> > > > does anybody know where I can find ipnatctl (in order to list and
> > > > manipulate masquerading related data)?
> > >
> > > It's been obsoleted by the `nat' table, controlled by iptables.
> > >
> > > cat /proc/net/ip_conntrack: the ones for which the reply != the
> > > inverse of the outgoing have been NAT'ed.
> >
> > Thank you. Is there any way to change the entries from userspace?
>
> No, but I see what you're getting at (dial-on-demand IP address
> changes).  It's fairly easy to write a module which adds a sockopt to
> do this (you really want to `forget' all those previous connections,
> see ipt_MASQUERADE.c).
>
> The other option is to use MASQUERADE, but change line 130 of
> ipt_MASQUERADE.c from:
>
>         if (event == NETDEV_DOWN) {
>
> to
>
>         if (event == NETDEV_DOWN || event == NETDEV_CHANGEADDR) {
>
> which make sense...

Oh, this is a very good idea. :o) Maybe you can make it the default in the
future.

What I initially aimed to implement is the feature which Win98 boxes have:
If you (or you programs) want to access the internet, you are prompted for
connecting, and if you say "OK", no packet seems to get lost.

With linux+isdn, you loose all packets until the IP address is set. With
your patch above, even more packets would be lost (because they have wrong
srcIP addresses). My initial idea was: do not ever loose a packet, just
queue them until the interface has its real IP address.

I'm not a kernel hacker (so please correct me if I'm wrong), but queueing
seems to be fairly easy. If net_device->hard_start_xmit()!=0, the packet is
queued. But even if the packets were queued, they were still with the wrong
src ip. One approach is to rewrite the packets after the interface has the
correct IP address. The cleaner approach would be for me to have SNAT
between the queue and the device, not before it. Therefore, when the packet
is re-sent, it gets the correct IP address assigned.

Is this possible?

>
>
> Rusty.
> --
> Hacking time.

Xuân. :o)