ng_ip_input use case

Vladimir B. Grebenschikov vova at fbsd.ru
Fri Oct 3 06:28:12 PDT 2003 

В пт, 03.10.2003, в 03:09, Julian Elischer пишет:

> > > I have no idea what it is used for.. similar effect can be made by
> > > using the ng_iface node, but I think that they didn't want a separate
> > > interface for each packet source..
> > >
> > > I suggest we ask brooks..(cc'd).  I could imagine it somehow connected
> > > with the 300 processor FreeBSD based cluster that he is working on at
> > > hos job (especially as it has their copyright).
> > 
> > It was for a network emulator we were trying to build to allow us to
> > run real, unmodified programs in an environment where each program
> > was assumed to be an independent agent and the communication topology
> > between agents changed in realtime.  Each agent was to bind to the IP
> > address of an IP-over-IP tunnel (gif on the FreeBSD end).  We would then
> > take the packets, mangle them slightly and send them off to the emulator
> > (I think part of the goal was to let us use more or less off the shelf
> > emulation gear in the middle without needing a workstation for each
> > agent).  When we got them back, we'd remanged them and stuff them back
> > into the IP stack with ng_ip_input so it could decide which gif tunnel
> > to send it back down.  The emulation part of the project died when our
> > funding for it dried up so we've not actually using this module for
> > anything.
> 
> was there a reason to not use the ng_iface node?
> (packets enterred on the INET hook if an iface node will be injected
> into the ip stack) (from memory)

ng_iface does much more then ability to inject packets into IP-stack, as
minimum it creates interface, on hosts with dynamic routing software you
should start care about this (unused !) interface, If you have number of
ng_iface-s used for some real task and some interfaces used only as
ip_input gateway you can completely mix them all in mind. I do not think
that it is good idea to create one more interface only to inject packets
into IP-stack.

PS: 
Anyway, I can suggest one another way to do this task:
use ng_ksocket with socket type divert and ipfw divert rule.
But this way have disadvantage: packet can easy enter to infinite loop.
So use with care.


> > -- Brooks

-- 
Vladimir B. Grebenschikov <vova at fbsd.ru>
SWsoft Inc.

More information about the freebsd-net mailing list