Date: Wed, 19 Nov 2008 15:22:36 -0500 From: Randall Stewart <rrs@lakerest.net> To: Max Laier <max@love2party.net> Cc: freebsd-net@freebsd.org Subject: Re: Thinking about UDP and tunneling Message-ID: <9E86085F-ECAC-4C2E-ABE4-10AFB28480B3@lakerest.net> In-Reply-To: <200811191645.26701.max@love2party.net> References: <D72E9703-C8E7-4A21-A71E-A4B4C2D7E8F4@lakerest.net> <200811191645.26701.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 19, 2008, at 10:45 AM, Max Laier wrote: > On Wednesday 19 November 2008 16:00:27 Randall Stewart wrote: >> Dear All: >> >> I have been contemplating UDP and tunneling. One of the >> things that is a nice feature in MacOS is the ability of >> a kernel module/extension to open a kernel level socket >> and have the mbuf chain that arrives for that port be passed >> in via a function. >> >> We use this in our MacOS version of the SCTP stack to do the >> UDP de-tunneling of SCTP packets. This is becoming a more and >> more common thing i.e. having transport protocols like SCTP and DCCP >> be tunneled over UDP to get by NAT's.... this actually sucks that >> this is necessary .. but it is what it is.... >> >> So, I am contemplating adding a similar sort of feature... basically >> provide an interface in UDP that a consumer (such as SCTP or DCCP) >> could >> use to "bind" a port and get UDP packets directly. >> >> What do you all think of the idea? > > What is wrong with the existing socket(9) API? The problem with this is many fold.. 1) This works nicely for NFS and other FS based things that it was designed for I think. 2) A transport DCCP/SCTP/Next-Tunneled-Transport would need to have a thread reading, and would then need to enable the options to get the to addresses as well.. then reconstruct an IP header. Rather ugly when all you want is the mbuf chain passed in to the transport so that it can m_adj out the udp header and then its got the full IP plus the transport.... same as if it has arrived on the wire. What a transport being tunneled really wants is an easy way to have normal ip_input call it.. but also have a way to get the mbuf chain, supply a minor routine that strips udp, and then call the same routine as ip_input... giving the same look/and/feel as if it had come in off the wire.. > > >> That also reminds me.. who owns the ipfw code.. we actually >> have SCTP nat support that Jason But has done that we need to >> get in... >> >> I would be more than glad to shepherd this in if the owner >> of the code does not have the time... > > "Depends ..." ... for ipfw2 core you might be looking for luigi@, > for the > libalias stuff: piso@ did the kernel inclusion more or less > recently ... other > than that: > > svn log -qr HEAD:\{2006-01-01\} | grep ^r | cut -d"|" -f2 | sort | \ > uniq -c | sort > > in sys/netinet/libalias gives a list of people who touched that code > recently > (for some definition of recently). > > I'd be happy to take a look, too ... though I might need some time > for a > proper review. > > In general, you touch it you bought it! I have not reviewed the code myself.. and I will download it shortly and do so.. I think this is a ipfw (not 2) thing.. but I will have to check... more eyes is a good thing though.. R > > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News > ------------------------------ Randall Stewart 803-317-4952 (cell) 803-345-0391(direct)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9E86085F-ECAC-4C2E-ABE4-10AFB28480B3>