New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Doesn't NAT ICMP packets #15

Closed
talex5 opened this Issue Dec 30, 2015 · 4 comments

Comments

Projects
None yet
2 participants
@talex5
Contributor

talex5 commented Dec 30, 2015

Pings don't need to survive the NAT process. Is there any support for something like https://tools.ietf.org/html/rfc5508 ?

@yomimono

This comment has been minimized.

Member

yomimono commented Dec 30, 2015

Not sure what you mean by "pings don't need to survive the NAT process" - can you elaborate?

"Is there any support" - nope, but there should be. Thanks for bringing this RFC to my attention. Splitting the ICMP code out of mirage-tcpip's IPv4 module, like we did for ARP, would make handling ICMP as it specifies easier. As far as I can tell it should be possible, albeit potentially a bit redundant, to implement at least the error packet section within the current design of both mirage-tcpip and mirage-nat, though.

Is there a specific subset of the spec you need?

@talex5

This comment has been minimized.

Contributor

talex5 commented Dec 30, 2015

Sorry, typo; I meant "don't seem to survive".

I don't have any particular requirements - the more that works the better :-) It's for https://github.com/talex5/qubes-mirage-firewall (and any comments or suggestions about my use of mirage-nat are welcome!)

@talex5

This comment has been minimized.

Contributor

talex5 commented Mar 10, 2017

(this is implemented in #20)

@yomimono

This comment has been minimized.

Member

yomimono commented Mar 14, 2017

Thanks @talex5!

@yomimono yomimono closed this Mar 14, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment