Stateless NAT, Port Address Translation: implement translation #1089
Description
Implement stateless Port Address Translation
Some items to take into consideration:
-
If reusing the same mapping as for stateless NAT (same-size virtually-flattened lists of IP addresses on both sides, with a 1:1 mapping), we'll need integers larger than
u128s to map the space of IPv6 addresses * available ports. We'll probably look at BigUInt or one of the alternatives. -
If reusing the stateless NAT infra, the table structure and lookup need to change, because we'll no longer have consecutive ranges in the table (when dealing with IPs only, we had non-overlapping CIDRs that are always ordered; adding ports, we can have colliding CIDRs with different port ranges). To convert a given IP and port, we'll probably need:
- A prefix-based LPM, where we store lists of associated port ranges as values
- An iterator over all prefixes covering any given IP address - it looks like the underlying crate we use has a
covermethod to do this - Walking the iterator backward to find the longest matching prefixes that also has matching port ranges
The context-building step will need to process the config to build this trie.