Re: [Ietf-behave] GoogleWifi NAT
Le Saturday 14 October 2006 09:42, ext David Barrett a écrit :
> That's right, A can apparently send to any number of remote hosts, but can
> only receive from the first one it sends to. Each remote host is assigned
> a different mapping (ie, if you send to two different STUN servers, each
> server sees a different port for A), but only the first server contacted
> can actually reply back along the route it sees.
I've seen worst NATs yet. Whenever it sees a UDP packet with a new internal
IP/port tuple, slirp will record the destination IP/port tuple of that
packet, and then NAT it. Then, whenever it receives a packet coming from the
same internal IP/port tuple, it rewrites not only the source IP/port, but
also the destination IP/port the same as with the first packet. As such, not
only can you only reach one external host, but you will send it packets that
were not intended to it...
FYI, while slirp is very old, you can at least still find it in real use in
the QEMU emulator networking code.
I think it might make sense to document this limitation of some NATs (that
they can only reach one destination). It might actually have some consequence
as to how to handle TURN redirect message for instance: with such a NAT,
you'd better open a new UDP socket and get a different internal source port
if you switch TURN server.
--
Rémi Denis-Courmont <Remi.Denis-Courmont@xxxxxxxxx>
Assistant Research Engineer
