From owner-freebsd-net Fri May 24 10:40:21 2002 Delivered-To: freebsd-net@freebsd.org Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by hub.freebsd.org (Postfix) with ESMTP id 4F70137B40A for ; Fri, 24 May 2002 10:40:09 -0700 (PDT) Received: from InterJet.elischer.org ([12.232.206.8]) by sccrmhc01.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020524174008.HWXI7675.sccrmhc01.attbi.com@InterJet.elischer.org>; Fri, 24 May 2002 17:40:08 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id KAA93292; Fri, 24 May 2002 10:31:55 -0700 (PDT) Date: Fri, 24 May 2002 10:31:54 -0700 (PDT) From: Julian Elischer To: Rocco Lucia Cc: freebsd-net@freebsd.org Subject: Re: ng_fwdswitch netgraph node In-Reply-To: <57047D2A-6ECD-11D6-A953-000393B296CE@iscanet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org some comments.. 1/ it may be more useful to not make any distinction between 'in' and 'out' hooks but just have connections.. The hooks could be given purely arbitrary names e.g. "source1" and "suspicious" a hook could be configured as being 'read-only' by command rather than by special name.. (though special names are not a very bad way of doing it.. "out-normal" and "out-dubious" for example.. I haven't looked at the code yet, just the man page.. Julian On Fri, 24 May 2002, Rocco Lucia wrote: > Hello, > I tweaked a little the one2many node to realize some different > kind of packet switching node. I needed something that would help me > to split over different IDS sensors data coming from span/mirroring > session done on the network. At first I tried to glue some bpf nodes > but I had no luck since performance was very poor and I had tons of > packets lost (p3 866MHz, ~100kpt/s inbound). > > The fwdswitch node, could be imagined as a 'many2many' node but > monodirectional only: packets flow from 'in' hooks to 'out' hooks > only. The decision about which 'out' hook to choose to forward a > packet is taken going through a forwarding table that associates > an IPaddress/netmask to an output hook index. Packets that are not > matched or frames that are not IP packets will be forwarded to the > 'default' hook. > > I just finished to fix it, made some documentation so it is still > incomplete, requires cleanup and has some bugs in the configuration > part, but it is nicely working. Let me know if it can be of any > interest. > > It's downloadable at > http://elisa.utopianet.net/~rlucia/devel/ng_fwdswitch/ > It will compile on 4-STABLE. > > Ciao :) > Rocco > > -- > Rocco Lucia - rlucia@iscanet.com Iscanet Internet Services > http://elisa.utopianet.net/~rlucia System and Network Admin > C6E6 AC9A 1361 FB38 B47A 2792 9FC4 C52F 7A68 4468 > > Free unices for a free world. Support *BSD. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message