Add Hard NAT ↔ Easy NAT (mapvarydest) to our network topology test #13194

bpmct · 2024-05-07T04:36:46Z

Build a network topology integration test where peers are behind NATs, and one of the NATs uses destination-dependent mapping.

Some ideas on how to get this done:

iptables

In a netns that does the NAT, create a fixed set of IP rewriting rules for each IP in the test configuration. The rule matches on the destination IP address and assigns a fixed source port (in addition to the source IP shared by all rules).

I'm not sure if Linux will automatically add the right conntrack entries to translate the return packets. If not, we might need to configure the peers to use a fixed source port for the UDP connections, so that we can add a fixed set of rules to translate (de-NAT) the reverse packets.

NAT in userspace

Create a simple NAT in userspace with two TUN devices, and push the device ends of the TUNs into the peer and main router netns. The userspace program reads IP packets and rewrites the source IP and port, with a destination-dependent mapping.

bpmct added the networking Area: networking label May 7, 2024

coder-labeler bot added the chore Non-customer facing refactors, cleanup, or technical debt. label May 7, 2024

bpmct assigned deansheather May 7, 2024

spikecurtis mentioned this issue May 7, 2024

Add STUN to network topology test suite #13193

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Hard NAT ↔ Easy NAT (mapvarydest) to our network topology test #13194

Add Hard NAT ↔ Easy NAT (mapvarydest) to our network topology test #13194

bpmct commented May 7, 2024 •

edited by spikecurtis

Add Hard NAT ↔ Easy NAT (mapvarydest) to our network topology test #13194

Add Hard NAT ↔ Easy NAT (mapvarydest) to our network topology test #13194

Comments

bpmct commented May 7, 2024 • edited by spikecurtis

iptables

NAT in userspace

bpmct commented May 7, 2024 •

edited by spikecurtis