Date: Thu, 28 Oct 2004 15:32:29 -0700 From: Bruce M Simpson <bms@spc.org> To: Gleb Smirnoff <glebius@freebsd.org>, Julian Elischer <julian@elischer.org>, freebsd-net@freebsd.org Subject: Re: Implementing IP_SENDIF (like SO_BINDTODEVICE) Message-ID: <20041028223229.GC2063@empiric.icir.org> In-Reply-To: <20041028114134.GC50262@cell.sick.ru> References: <20041027073858.GC719@empiric.icir.org> <417FF6D6.4010201@elischer.org> <20041027195233.GC770@empiric.icir.org> <20041028114134.GC50262@cell.sick.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--NtwzykIc2mflq5ck
Content-Type: multipart/mixed; boundary="tqI+Z3u+9OQ7kwn0"
Content-Disposition: inline
--tqI+Z3u+9OQ7kwn0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Thu, Oct 28, 2004 at 03:41:34PM +0400, Gleb Smirnoff wrote:
> ng_device can be attached to "orphans" hook of ng_ether. /dev/ngdX opened
> by dhcpd, and packets processed.
This seems to me like pure configuration overkill. It would require that
people compile and load netgraph to run dhclient, and that the netgraph
graph be created and populated correctly.
> What is benefit to get rid of bpf? What is problem with it?
IPV6_NEXTHOP is intended to support this for IPv6. It doesn't right
now, it returns EAFNOSUPPORT.
Please see my attached game plan.
BMS
--tqI+Z3u+9OQ7kwn0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ip-unnumbered.txt"
The story with FreeBSD and 'ip unnumbered' in IPv4 land
- Multicast group membership
- Dealt with in ip_multicast_if()
(can specify ifIndex in 0/8 as per RFC1724 hack)
- IP forwarding FIB
- Routes can be specified with the rt_gate field set to an
sockaddr_dl (AF_LINK) filled out only with an interface name
and no RTF_GATEWAY or RTF_LLINFO flag set for an unnumbered
serial interface.
- For host mode, sending packets to destinations whose prefix
and next-hop match such a route in the FIB are OK, but the
source address may need to be explicitly specified (it may
default to INADDR_ANY otherwise).
- Unicast sends
- Currently no way to explicitly send a udp datagram to such
an interface without specifying a destination with a route
pointing to that interface.
- Running BGP over an unnumbered interface is possible.
For an active session open, there has to be a route to one of
the addresses configured on the remote peer which traverses
the unnumbered interface, and this address must be specified
during connect().
For a passive session open, it would probably require that
net.inet.ip.check_interface is 0, so that incoming sessions
can be accepted on the unnumbered interface for passive open.
The IP address for the passive open (seen during accept() will
of course have to correspond to one of the other addresses
configured on the local host.
- For a protocol which needs to send broadcasts via the existing
unicast path and which cannot use multicast, there is no way
of doing this in the current iteration of the code.
TODO:
- Add support for explicitly specifying the interface used during
ip_output(). This would require SO_DONTROUTE and IP_SENDIF to
be set. SO_BINDTODEVICE could be emulated.
IP_SENDIF specified as a control message would be purely
temporary and only necessary for an unconnected datagram
socket send.
The inpcb already has an interface index field for IPv6. This
should be unravelled for IPv4 too.
IP_SENDIF passed to setsockopt() would be like SO_BINDTODEVICE
only instead of specifying an interface name, the interface
index is specified and cached in the inpcb.
SO_BINDTODEVICE would perform a lookup of the interface index
by name, just like Linux, then perform the same action as
IP_SENDIF when used as a socket option. This means calling
ifunit() to resolve the name to an ifnet, then just cache
ifnet->if_index in the inpcb.
SO_BINDTODEVICE can either be implemented purely in the
Linuxulator, or within src/sys/net/ itself.
The actual hack in ip_output() would need to check if the
interface had gone away, and if it had, drop the datagram -
this stuff only takes effect if SO_DONTROUTE is specified.
This is easily done...
(SO_DONTROUTE of course implies IP_ROUTETOIF - they are
defined to be identical).
--tqI+Z3u+9OQ7kwn0--
--NtwzykIc2mflq5ck
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Comment: ''
iD8DBQFBgXN8ueUpAYYNtTsRAqsvAJ9JK2Jjpe2wzXWyj+HjwFtW7TvP/wCgiv1L
8kTrLdrMgwGT8Cnz+9qkoa0=
=sFOf
-----END PGP SIGNATURE-----
--NtwzykIc2mflq5ck--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041028223229.GC2063>