Thinking about UDP and tunneling

Maksim Yevmenkin maksim.yevmenkin at
Wed Nov 19 13:51:25 PST 2008


> > > just those that go to that ksocket.  we hook on at the socketbuf point.
> > >
> >
> > that's right. basically, use ng_ksocket(4). that would be your tunnel
> > (outer) endpoint which you would bind to udp protocol, given address
> > and port. now everything that remote tunnel (outer) endpoint will send
> > via udp (payload) will end up in ng_ksocket(4) node and will be sent
> > out to ksocket's hook.  you can connect whatever you want to that
> > hook. either move payload back into userspace, or use another ng node,
> > or just inject the data directly into sctp/etc. input routine. reverse
> > path is the same. playload comes from the hook and gets sent out via
> > udp
> >
>  Ok, let me go read the ng_ man..
>  I would not use the reverse path.. the ability to send
>  encap'd udp packets is already in sctp.. after all all you
>  are doing is dropping an extra header on it.. SCTP (and other
>  transports) will want to control the way the IP header looks.. at
>  least if they are multi-homed... so I don't think one would
>  want to do output via ng.. just getting the data in is all
>  thats missing in FreeBSD..

in this case its even easier. if you do not need reverse path, then
all you need to do is to write a very small ng_ node that would

1) connect to the ng_ksocket(4) node's hook; and
2) inject received data into sctp/etc. input path

so, you graph would look like

[ng_ksocket] <- inet/dgram/udp -> [ng_sctp_injector]

you might need an injector node do decouple netgraph from the rest of
the sctp/etc. stack. alternatively, you may wish to provide netgraph
hooks into sctp/etc. stack.

>  As long as netgraph is in generic this may work..

it is generic to some degree. if inner protocol (i.e. sctp etc.) is
not aware of netgraph, then you will need to write an injector node
specific to each inner protocol (basically that knows how to inject
data into the stack).  since injector node is simple, you could teach
it to deal with multiple inner transports. for example, you could have
an injector node that have multiple input hooks, one for each
supported inner transport, named "sctp", etc. the idea would be that
everything received from "sctp" hook will be injected into sctp stack,
etc. then you could have only one injector node that could deal with
multiple ng_ksockets for different inner transports.


More information about the freebsd-net mailing list