Thinking about UDP and tunneling

Randall Stewart rrs at
Wed Nov 19 12:22:40 PST 2008

On Nov 19, 2008, at 10:45 AM, Max Laier wrote:

> On Wednesday 19 November 2008 16:00:27 Randall Stewart wrote:
>> Dear All:
>> I have been contemplating UDP and tunneling. One of the
>> things that is a nice feature in MacOS is the ability of
>> a kernel module/extension to open a kernel level socket
>> and have the mbuf chain that arrives for that port be passed
>> in via a function.
>> We use this in our MacOS version of the SCTP stack to do the
>> UDP de-tunneling of SCTP packets. This is becoming a more and
>> more common thing i.e. having transport protocols like SCTP and DCCP
>> be tunneled over UDP to get by NAT's.... this actually sucks that
>> this is necessary .. but it is what it is....
>> So, I am contemplating adding a similar sort of feature... basically
>> provide an interface in UDP that a consumer (such as SCTP or DCCP)  
>> could
>> use to "bind" a port and get UDP packets directly.
>> What do you all think of the idea?
> What is wrong with the existing socket(9) API?

The problem with this is many fold..

1) This works nicely for NFS and other FS based things that
    it was designed for I think.
2) A transport DCCP/SCTP/Next-Tunneled-Transport would need to have
    a thread reading, and would then need to enable the options to
    get the to addresses as well.. then reconstruct an IP header. Rather
    ugly when all you want is the mbuf chain passed in to the transport
    so that it can m_adj out the udp header and then its got the
    full IP plus the transport.... same as if it has arrived on the  

What a transport being tunneled really wants is an easy way to
have normal ip_input call it.. but also have a way to get the
mbuf chain, supply a minor routine that strips udp, and then
call the same routine as ip_input... giving the same look/and/feel
as if it had come in off the wire..

>> That also reminds me.. who owns the ipfw code.. we actually
>> have SCTP nat support that Jason But has done that we need to
>> get in...
>> I would be more than glad to shepherd this in if the owner
>> of the code does not have the time...
> "Depends ..." ... for ipfw2 core you might be looking for luigi@,  
> for the
> libalias stuff: piso@ did the kernel inclusion more or less  
> recently ... other
> than that:
> svn log -qr HEAD:\{2006-01-01\} | grep ^r | cut -d"|" -f2 | sort | \
>   uniq -c | sort
> in sys/netinet/libalias gives a list of people who touched that code  
> recently
> (for some definition of recently).
> I'd be happy to take a look, too ... though I might need some time  
> for a
> proper review.
> In general, you touch it you bought it!

I have not reviewed the code myself.. and I will download it shortly
and do so.. I think this is a ipfw (not 2) thing.. but I will have to
check... more eyes is a good thing though..


> -- 
> /"\  Best regards,                      | mlaier at
> \ /  Max Laier                          | ICQ #67774661
> X  | mlaier at EFnet
> / \  ASCII Ribbon Campaign              | Against HTML Mail and News

Randall Stewart
803-317-4952 (cell)

More information about the freebsd-net mailing list