From owner-freebsd-net Fri May 24 7:28:11 2002 Delivered-To: freebsd-net@freebsd.org Received: from merlino.iscanet.com (merlino.iscanet.com [217.59.173.229]) by hub.freebsd.org (Postfix) with ESMTP id 5346537B403 for ; Fri, 24 May 2002 07:28:00 -0700 (PDT) Received: from d37.cs.tin.it (beta.tin.it [194.243.154.46]) (authenticated bits=0) by merlino.iscanet.com (8.12.2/8.12.2) with ESMTP id g4OESNUq018811; Fri, 24 May 2002 16:28:24 +0200 (CEST) (envelope-from rlucia@iscanet.com) Date: Fri, 24 May 2002 16:27:55 +0200 Subject: Re: ng_fwdswitch netgraph node Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v481) Cc: To: "Yuri Victorovich" From: Rocco Lucia In-Reply-To: <007501c20324$40ca4920$6c00a8c0@OPTIMA.HQ> Message-Id: <7014E592-6F22-11D6-9500-000393B296CE@iscanet.com> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.481) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Re, On Friday, May 24th, 2002, alle 03:09 PM, Yuri Victorovich wrote: > And why make it one-directional only? It shouldn't improve performance. > So it's rather an "IP router" than "fwdswitch". > many2many IP routing node would be useful in many situations. > > Yuri > Well I needed a node that would have forwarded IP packets from a source interface pool to a destination interface pool analyzing source and destination addresses. The very task this node had to accomplish was to nicely behave as an IDS load balancer, whence the monodirectional nature. The source pool would be hooked to the span/mirroring ports to monitor, and the destination pool would be hooked to the IDS sensors. Because of the way a distributed IDS is working I needed to forward them packets in some coherent fashion. The quickest idea to implement was just tag or identify packets flowing to/from an IP network to monitor and forward them to the sensor which is supposed to analyze that data. In this case for each IP network we configure we have a destination hook to forward the traffic. Needless to say that if you want to monitor two different networks and forward them to different destination hooks, since the module does not copy data, it will forward to the first match when we sniff packets which come from one of those and go to the other one. As for treating ng_fwdswitch more like an IP router, well it is not intended to be that. I agree with you about the misleading name, I think I'd have called it something like "basicsrcdstpacketfwd" :-) I'm sorry about that. Rocco -- Rocco Lucia - rlucia@iscanet.com Iscanet Internet Services http://elisa.utopianet.net/~rlucia System and Network Admin C6E6 AC9A 1361 FB38 B47A 2792 9FC4 C52F 7A68 4468 Free unices for a free world. Support *BSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message