Date: Wed, 21 Jan 2004 17:27:22 +0300 From: Andrew Riabtsev <resident@b-o.ru> To: freebsd-net@freebsd.org Subject: netgraph: bridge with fwd and divert Message-ID: <172109099707.20040121172722@b-o.ru>
next in thread | raw e-mail | index | archive | help
Hi, All
I'm trying to let my FreeBSD 4.9 box, working as bridge, divert and fwd
bridged packets. As i undestand it is not realized in FreeBSD 4.9. I
was thinking about to do it (realize), but im too lazy and when i see
this huge amount of work i start thinking :)
Befor i continue my work i just want u to look at what come on my
mind and tell me what you think about it. Maybe i missed something and
it wont work and so on...
Thats came on my mind. If we cant realize fwd and divert on bridged
packets lets just send packets we need to layer 3 and let system fwd
and divert them as other layer 3 packets. And here is the plan:
for example, we have box with 2 ethernet devices: fxp0 and fxp1,
have one ip 64.64.64.64/24 on fxp0 and default gw to 64.64.64.1
Lets make the following netgraph:
+------+ lower +---------+ left +---------------+ right +------+
| fxp1 |<----->|ng_bridge|<----->|ng_ether_divert|<------->| fxp0 |
+------+ link0 +---------+ link1 +---------------+ lower +------+
/\ /\
|| upper ||
+---------------------+
divert
point is that ng_ether_divert (the one im working on)
analyze packets coming from left and right hooks and checks set of
rules if it should be send to divert hook, if no packet sends to left
hook if come for right and to the right if come from left. And so with
packets came from divert hook if there is a rule to send packet to the
right hook packet sends if no rule - to the left.
And rule format is src_ip, dst_ip, masks, proto, src_port, dst_port, some
flags for NOT extentions in address, ports and poroto,
from_hook (came from), to_hook (should be send to).
So how it should work: if no rules everything works just like bridge
should work with ng_bridge, but when adding the following rules:
ip from 192.168.0.0/16 to 0.0.0.0/0 via left --> divert
(packets from private network sends to layer 3 for divert and/or fwd in
kernel using ipfw)
ip from 0.0.0.0/0 to 64.64.64.64/32 from left -->divert
ip from 0.0.0.0/0 to 64.64.64.64/32 from right -->divert
(let box get packets directed to it)
ip from 0.0.0.0/0 to ip_u_want_to_be_send from divert --->hook_on_what_that_ip_should_be
(ether route to other hosts in local ethernet and gateways on other
known local routes (layer3))
ip from 0.0.0.0/0 to 0.0.0.0/0 from divert --->right
(default ether gateway :) just send other packets to the interfase
where default (layer3) gateway placed)
--
With best regards,
Andrew mailto:resident@b-o.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?172109099707.20040121172722>