Hello, On Sun, 30 Jun 2002, Juan Luis Baptiste wrote:
> Hi, > > I'm working in a IPv4/IPv6 address translator with the Click Project > at http://www.pdos.lcs.mit.edu/click/ . In this moment I'm dealing with the > translation of FTP/DNS packets, and I have a question. > > If I change the packet content, for example changing PORT 172.25.0.1 for EPRT > 3ffe:1ce1:202:200::1, the packet size is going to change (shrink or grow), are > the seq and ack numbers going be affected by the translating process so I > would have to update them? in both cases (yes or no) why? and if they have to > be updated, wich would be the procedure for doing it? > RFC 2766 "NAT-PT" in section 6.3 "Header updates for FTP control packets" describes the procedure for such case. You need to keep TCP sequence numbers deltas to correct the TCP sequence and acknowledgement numbers in the TCP header for control packets in both directions. Furthermore you need to correct the IP packet length (IPv4 Total Length or IPv6 Payload Length). But it's not clear how this correction can be implement. I try to explain my decision. Denominate: Dout - delta for output connection Din - delta for input connection L4 - length of IPv4 FTP command L6 - length of IPv6 FTP command SN - TCP sequence number AN - TCP acknowledgement number Assume we have a FTP connection IPv4<->IPv6 and a translator ipv4/ipv6 between them. In 1) we have an IPv6 FTP command with length L4=50, SN=100, AN=500 (from IPv6 to IPv4), after translator we have an IPv4 FTP command with length L4=20, SN=100, AN=500. We calculate D'out (L4 - L6) and D'in (not affected) and correct base deltas Dout and Din after translation. In 2) We calculate D'out (not affected) and D'in (L6 - L4) and correct SN and AN in translated packet and then correct base deltas Dout and Din (after translation). In each case a delta is a result command length (after translation) minus an origin command length (before translation). 1) (OUT) IPv4 <- IPv6 Dout = 0, Din = 0 L4 = 20 <- L6 = 50 D'out = -30, D'in = 0 SN'out = SNout + Dout = 100 <- SNout = 100 AN'out = ANout - Din = 500 <- ANout = 500 Result: Dout += D'out = -30, Din += D'in = 0 2) (IN) IPv4 -> IPv6 Dout = -30, Din = 0 L4 = 40 -> L6 = 60 D'out = 0, D'in = 20 SNin = 500 -> SN'in = SNin + Din = 500 ANin = 120 -> AN'in = ANin - Dout = 150 Result: Dout += D'out = -30, Din += D'in = 20 3) (OUT) IPv4 <- IPv6 Dout = -30, Din = 20 L4 = 40 <- L6 = 40 D'out = 0, D'in = 0 SN'out = SNout + Dout = 120 <- SNout = 150 AN'out = ANout - Din = 540 <- ANout = 560 Result: Dout += D'out = -30, Din += D'in = 20 4) (IN) IPv4 -> IPv6 Dout = -30, Din = 20 L4 = 40 -> L6 = 60 D'out = 0, D'in = 20 SNin = 540 -> SN'in = SNin + Din = 560 ANin = 160 -> AN'in = ANin - Dout = 190 Result: Dout += D'out = -30, Din += D'in = 40 5) (OUT) IPv4 <- IPv6 Dout = -30, Din = 40 L4 = 30 <- L6 = 40 D'out = -10, D'in = 0 SN'out = SNout + Dout = 160 <- SNout = 190 AN'out = ANout - Din = 580 <- ANout = 620 Result: Dout += D'out = -40, Din += D'in = 40 ---------------------------------------------------- Any comments... Best regards, Grigory Klyuchnikov, System Engineer, Institute for System Programming Russian Academy of Sciences --------------------------------------------------------------------- The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
