Code release of ipfw NAT support for SCTP in FreeBSD-8

Jason But jbut at
Sun Jun 29 10:49:22 UTC 2008

The Centre for Advanced Internet Architectures (CAIA -
is proud to announce the release of alias_sctp version 0.1, a SCTP NAT 
patch to
FreeBSD 8.x.

Alias_sctp provides SCTP NAT functionality to the ipfw/ipfw_nat/libalias 
It is part of the CAIA SONATA project (
The code has been intentionally kept as separate as possible from the base
modules to aid testing and debugging, and make it easier to port to other

This project has been made possible in part by a grant from the Cisco
University Research Program Fund at Community Foundation Silicon Valley.

We welcome and value feedback and comments.
Please forward feedback to dahayes at and jbut at

Download patch from

Features of alias_sctp version 0.1:

- Basic configuration through "ipfw nat ... config" commands.

- Forwarding of incoming SCTP associations through
  "ipfw nat ... redirect_addr ..." commands.

- A variety of log levels (currently #define, but sysctl in version 0.2).

- Stateful SCTP association management.

- Tested on single-homed hosts, but should work when the multi-homed 
host is on
  the global side of the NAT (same mechanism for address translation).

- Dynamic hash table size allocation (currently #define, but sysctl in
  version 0.2).

- Initial testing has been for up to 10000 concurrent flows arriving and 
  at about 2000/second. Tested for periods of up to 72 hours.

Features in the pipline for further releases:

- Sysctl interface for logging, timeouts, hash table size.
  Status - mostly complete.

- Port forwarding and load sharing.
  Status - mostly complete.

- Support for, soon to be specified, enhancements of SCTP to aid 
  with NATs.

- New AddIP ASCONF chunks.
  Status - preliminary coding and investigation.
  (Requires finalised standards to be completed)

- AbortM and ErrorM NAT originated messages.
  Status - preliminary coding, with work starting on the ipfw send interface

- IPv6 support.
  Status - preliminary investigation.

- Global IP address tracing.
  Status - preliminary investigation.

Other tasks:

- Exaustive testing of the various configurations and scenarios.

- Stress and load testing.

- Performance analysis.


Dr. Jason But
Telecommunications Engineering Academic Group
Faculty of Information and Communication Technologies
Swinburne University of Technology

More information about the freebsd-ipfw mailing list