netgraph arp issues vs linux veth

[Guy Helmer]

David Yeske wrote on April 26, 2004 1:23 PM
> I made another attempt with netgraph and I think I'm almost there, but I'm
> still having some issues.  I found a linux solution called veth
> http://www.geocities.com/nestorjpg/veth/ which might do the job,
> but I would
> prefer to use netgraph if possible.  Here is some more detailed config
> information.
>
> I ran this on the spoof machine
>
> # ngctl mkpeer . eiface hook ether
> # ifconfig ngeth0 link 00:bd:03:12:12:12
> # ifconfig ngeth0 192.168.10.3 netmask 255.255.255.0
> ...

Yes, I initially thought this would be a great solution until I remembered
how the machine would route 192.168.10.3, as you found below:

> on the remote machine an arp -a lists this
> ? (192.168.10.3) at 00:bd:03:12:12:12 on rl0 [ethernet]
> ? (192.168.10.1) at 00:00:e8:5b:13:44 on rl0 permanent [ethernet]
> ...
> a sniff on the spoof machine listed this while pinging the remote machine
>
> # tcpdump -i ngeth0 'ether host 00:00:e8:5b:13:44'
> tcpdump: listening on ngeth0
> 14:03:30.519263 arp reply 192.168.10.1 is-at 0:0:e8:5b:13:44
> ...
>
> a sniff on the remote machine listed this while pinging the spoof machine
>
> # tcpdump -i rl0 'ether host 00:bd:03:12:12:12'
> tcpdump: listening on rl0
> 14:02:24.918804 192.168.10.1 > 192.168.10.3: icmp: echo request
> 14:02:29.179263 arp reply 192.168.10.1 is-at 0:0:e8:5b:13:44

Doug Ambrisko and I discussed this routing issue a couple of years ago.
Doug wrote a layer-2 network address translator to work around the fact that
multiple IP addresses in a single subnet on a computer will route all
traffic for that subnet through one interface, resulting in the same
Ethernet MAC address irrespective of the IP address.

I didn't have the time or hard requirement to implement Doug's solution,
though.  Perhaps Doug would be willing to help; I've Cc:ed him.

Guy Helmer, Ph.D.
Principal System Architect
Palisade Systems, Inc.