From owner-freebsd-net Wed Dec 4 14:55:10 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8096A37B401 for ; Wed, 4 Dec 2002 14:55:08 -0800 (PST) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2CE243E9C for ; Wed, 4 Dec 2002 14:55:07 -0800 (PST) (envelope-from julian@elischer.org) Received: from InterJet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4]) by sccrmhc01.attbi.com (sccrmhc01) with ESMTP id <2002120422550600100rnfode>; Wed, 4 Dec 2002 22:55:07 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id OAA28672; Wed, 4 Dec 2002 14:51:28 -0800 (PST) Date: Wed, 4 Dec 2002 14:51:27 -0800 (PST) From: Julian Elischer To: Don Bowman Cc: "'freebsd-net@freebsd.org'" Subject: RE: SO_DONTROUTE, arp's, ipfw fwd, etc In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 4 Dec 2002, Don Bowman wrote: > > From: Julian Elischer [mailto:julian@elischer.org] > > On Wed, 4 Dec 2002, Don Bowman wrote: > > > > Why does it think the source is local? are the routers below > > > > doing proxy > > > > arp? Did you give your interface a netmask of 0,0.0.0? > > > > > > > > Who responds to the arp? > > > > > > Its a layer-2 MAC rewrite, so it arrives on a local segment, but > > > subnetting rules don't apply. > > > No-one responds to the ARP, hence my problem :) > > > > Someone must be responding, because the SYN is eventually sent. > > Ah, its working currently with a single router. Adding the 2nd router > is breaking it. I currently have a default route back to the first > router. Adding the 2nd router, the back-path always goes through > the first router, which gets confused. (I'm using the term router, > but its actually a content switching device operating @ layer 4, > like cisco WCCP or Cisco CSM or nortel Alteon). > > > Here's my suggestion: > > > > write a netgraph node that does all the MAC rewriting. > > Code from the ng_bridge node would be useful. > > attach it to a ng_iface node. > > make the netgraph iface the default route. > > (route add default -iface ng0) > > Let me chew on that for a bit. I'm not sure where it would get the > destination mac from, wouldn't it have to cache the information > the PCB is holding? It gets the destination MAC address from the SRC AMC field of the preceding incoming packets with that IP src, dst and port combination.... i.e. the node would look within the IP header. > Wouldn't it be more efficient for me to > just create the ether-header when the SYN comes in, store it > in the PCB, and use that on each outgoing packet for that tcp > connection, add a sockopt (or use SO_DONTROUTE for this on the > listen socket)? yes and no... you would be breaking the layering in the standard code and you'd get crucified for it. start with the ng_bridge node and make it look within the IP header and use that information in it's hash tables instead of MAC addresses. It'll need some hosekeeping code too. (to flush old info, though you could reduce this by removing entries when you see the FIN packets go past.) > > Thanks for the great suggestions, keep them coming :) > > --don (don@sandvine.com www.sandvine.com) > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message