netgraph questions on ng_tee, ng_iface, ng_socket
Andrew Riabtsev
resident at b-o.ru
Wed Jan 21 05:10:14 PST 2004
Tuesday, January 20, 2004, 9:51:52 PM, you wrote:
DN> On Tue, 20 Jan 2004, Gleb Smirnoff wrote:
>> Isn't ng_etf(4) the one you need?
DN> ng_etf does filtering, i'm planning on doing round robin IP tranmission,
DN> with source IP address set accordingly. see ng_one2many which gives an
DN> example for ethernet frames. i want to do the same thing in ng_one2many's
DN> EXAMPLE section, but with the added functionality of changing the ip
DN> address to match the ip address bound to the interface the packet is going
DN> out from. with this ip address, the next hop router(s) wont be able to
DN> route the reply back thru the same interface, especially if they're seeing
DN> non legit src addressed packets.
DN>i presently have two NICs on the box, fxp0 (192.168.0.5) and aue0
DN>(10.1.1.25). both fxp0 and aue0 go out to different ISPs. currently,
DN>default route is thru ISP1 on fxp0, i.e. defroute to 192.168.0.1. what i
DN>want to do is to round robin outgoing packets across both ISP links, i.e.
DN>one packet out on fxp0 then the next out on aue0 and then the next out on
DN>fxp0 ad nauseaum. of course, packets going out on fxp0 will have a src
DN>address of 192.168.0.5 and packets going out on aue0 will have a src
DN>address of 10.1.1.25.
Ok, now i undestand :). I think no need to do new virtual interface ng0
and set default route to it as anyway even if u find the way connect
together ng_ether and ng_iface src ip wont be overwritten. Here is the
one example of solving this problem:
1 let default route be to fxp0
2 conncet fxp0's upper hook to "one" hook of ng_one2many
3 connect lower hooks of fxp0 and aue0 to "many" hooks of ng_one2many
4 u have what u r accept for the overwriting src ip
5 time for uber hack ng_one2many:
config parm for ng_one2many:
struct ng_one2many_config {
u_int32_t xmitAlg; /* how to distribute packets */
u_int32_t failAlg; /* how to detect link failure */
u_char enabledLinks[NG_ONE2MANY_MAX_LINKS];
};
modify array enabledLinks, let it be array of
structs per_link_conf {
u_char enabled;
struct in_addr src;
}
so finaly:
config parm for ng_one2many:
struct ng_one2many_config {
u_int32_t xmitAlg; /* how to distribute packets */
u_int32_t failAlg; /* how to detect link failure */
struct per_link_conf {
u_char enabled;
struct in_addr src;
} enabledLinks[NG_ONE2MANY_MAX_LINKS];
};
And now befor send out packet throw one of "many" hook just overwrite
ip-src address with address given in node->private->enabledLinks[hook->private->numb]
or whatever it is called in ng_one2many.c
Not many to hack, but it should work i think.
6 and the last: when u get packets from ur default routers they travel
throw hooks to the upper hook of fxp0 so kernel thinks that packets
arrived directly from fxp0, we know it is not, and as all fair
kernels, our kernel check for ethernet dst addr of arrived packets and
see that not all packets came from fxp0 (some of them came from aue0,
as he has different MAC) and drop it. All u need is just comment or
modify this terrible check in ether_demux() in net/if_ethersubr.c.
After read man ng_one2many i think this step is not necessary as looks
like ng_one2many take care about set right MAC in packet header.
Ok, two sleepless nights and u have ur router with 2 defaukt gateways
and with unpredictable work.
But, anyway this packets will be rejected by remote host as they will
be with different addresses (10.* and 192.*).
--
Andrew mailto:resident at b-o.ru
More information about the freebsd-net
mailing list