netgraph questions on ng_tee, ng_iface, ng_socket

Dinesh Nair dinesh at alphaque.com
Mon Jan 19 01:34:49 PST 2004 

hey all,

am beginning to learn on how to manipulate netgraph nodes. i've read
archie cobbs' paper at http://www.daemonnews.org/200003/netgraph.html and
it provided a good backgrounder on using netgraph. i'm now playing around
with ng_socket, ng_tee, ng_one2many and ng_iface to accomplish round
robin routing for a freebsd box with two interfaces going to two ISPs.
what i intent to achieve in principle is to have packets going out
alternately over each of the two interfaces with source ip address set to
the appropriate interface so the reply packets come back in properly.

i looked at the examples which archie gave in the daemonnews paper, and am
a little stumped at the behaviour of the whole thing. this could be due to
my lack of understanding of the whole thing.

what i want do is similar to this:

i presently have two NICs on the box, fxp0 (192.168.0.5) and aue0
(10.1.1.25). both fxp0 and aue0 go out to different ISPs. currently,
default route is thru ISP1 on fxp0, i.e. defroute to 192.168.0.1. what i
want to do is to round robin outgoing packets across both ISP links, i.e.
one packet out on fxp0 then the next out on aue0 and then the next out on
fxp0 ad nauseaum. of course, packets going out on fxp0 will have a src
address of 192.168.0.5 and packets going out on aue0 will have a src
address of 10.1.1.25.

create a new interface (presumably using ng_iface). give this iface an
ip address, set the default route thru this iface (ng0).

then, using ng_one2many, chain ng0 to both fxp0 and aue0. an example to do
this for ethernet frames is given in the ng_one2many(4) man page, however
i want to do it for IP packets with the underlying src address being
changed where appropriate.

i need some understanding on what exactly ng_iface achieves, as it makes a
reference to the hook inet being connected to something. however,
connecting the ng_iface hook inet to ng_ether's upper or lower doesnt make
any sense because ng_ether itself does not do an encasulation of the IP
packet into an ethernet frame. or am i wrong here, and just configuring it
wrongly ?

any pointers/explanations would sure help a lot. thanx in advance.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque.com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+

More information about the freebsd-net mailing list