Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-22-2007, 02:14 AM
|
#1
|
LQ Newbie
Registered: Dec 2007
Posts: 3
Rep:
|
Selective ethernet frame forwarding via userspace / kernel space program
Hello everyone,
I have a scenario in which I would like to selectively forward ethernet frames across the network.
Here's what I intend to do :
1. Recieve ALL incoming ethernet frames (promiscious NIC)
2. Check if the ethernet frame has ip/mac of this machine, then let pass on the packet to the kernel and let it do the processing.
3. If its not for this machine, check to see if the frame is for a machine given in the list. If it is, do some sort of re-stamping such as changing the mac address/ ip address and send it to the target machine
4. If not , drop the packet.
The attached schematic will make things clear.
Since I am pretty new to linux, I want to know which will be the easiest way to do it. And whether or not it is possible or not.
hxxp://img155.imageshack.us/img155/93/virtnicdx1.jpg
Any help would be highly appreciated.
|
|
|
12-23-2007, 08:17 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
try this for the userspace interface... http://www.penguin-soft.com/penguin/man/3/libipq.html
what you say about the ip addresses and such is confusing... though. if you are looking in promisc mode then those frames willl keep doing whatever they are meant to... you'll just duplicate and modify existing traffic. maybe if you added a bit more context...?
|
|
|
12-23-2007, 10:26 AM
|
#3
|
LQ Newbie
Registered: Dec 2007
Posts: 3
Original Poster
Rep:
|
Thanks for your reply Mr. acid_kewpie,
I'll try to make myself more precise..
Say, I have 4 machines, alpha , beta and gamma ,delta.
having ip and MAC addresses :-{ ip-alpha mac-alpha},{ ip-beta mac-beta} ,{ ip-gamma mac-gamma} , {ip-delta and mac-delta}.Each machine, knows the ip-mac binding of the others.
Now suppose that my machine alpha is running the frame forwarding program.
Say machine beta goes down for whatever reason, alpha sees beta not responding for certain amount of time, then beta's ip-mac pair is added to a "REPLY FOR" list.
Next time a packet comes with {ip-beta,mac-beta} from the INTERNET , alpha picks up the frame and restamps it as {ip-alpha,mac-alpha} and sends it out on the local network.
When a frame comes for beta from the local network, alpha picks it up and restamps it from {ip-beta,mac-beta} to {ip-alpha,mac-alpha} and sends it out on to the INTERNET.
Thereby seamlessly channeling traffic.
The same thing happens if more than one primary computers go down.
Next,
Whenever alpha receives a gratuitous ARP from a machine in the "REPLY FOR" list, the entry is immediately deleted from the list.
It is for this reason that I want to grab the frames before they get to the kernel , because the kernel might relpy to unwanted packets.
I know it sounds a little complicated, but well, so is my network !! [ ]
Hope I've made things clearer instead of cloudier !
Happy Christmas !
|
|
|
12-23-2007, 12:42 PM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
ok, i see what you're trying to do, but it seems that you're trying to reinvent the wheel, and doesn't really sound supportable. and to do that in userspace would require a huge amount of optimized intelligent programming. you can chuck simple load load stuff through userspace, but there are huge implications of doing much more.
initially there are a few complications and errors in what you want. a packet from the interne t will *never* contain the mac address for an internal machine, as mac's and ethernet are network segment technologies, and are below things like IP addresses and IP routing. ethernet frames do not contain IP addresses apart from the layer 3 payload which is irrelevant to ethernet, so there are complications in terms of which part of the OSI model you are trying to broach, layer 2 (ethernet frames / mac addresses ) or layer 3 (IP packets / IP addressing).
you probably don't really want to mess with mac addresses at all. in a standard server HA environment it's the IP addresses that are shifted about, not the MAC's, although at times some ultra critical systems will migrate or share MAC addresses and synchronize their ARP responses. this sounds above and beyond what you need. have a google for "simple ip takeover" and there's a really useful article on o'reilly (i think) about using next to no tools to monitor for ip outages and assume responsibilities with gratuitous arp's and such. above that linuxha.org is a great starting point for more advanced HA solutions.
another soution you might prefer the sound of is a virtual service, http://www.linuxvirtualserver.org where you can actively handle failovers and load balancing in an abstracted layer...
Last edited by acid_kewpie; 12-23-2007 at 12:46 PM.
|
|
|
12-24-2007, 11:27 AM
|
#5
|
LQ Newbie
Registered: Dec 2007
Posts: 3
Original Poster
Rep:
|
First of all, thanks a lot for your extremely valuable time.
Quote:
you can chuck simple load load stuff through userspace, but there are huge implications of doing much more.
|
I could'nt really get the meaning of that, told you , im pretty new to linux :P
And yeah, i really want to be messing with the mac, since all my systems are allowed / restricted access based on ip/mac binding, i.e. 1 ip with its specific mac.
And that rule cannot be changed , since the router is not my property.
plus, as far as i can imagine, all this problem would have been easily solved if i could ailas my eth0 with different ip each with a different mac, but well it isnt supported by linux.
I'll check up on all the directions you've pointed me to and will get back.
Thanks for your help,
Merry christmas.
neur0tic
|
|
|
12-24-2007, 03:52 PM
|
#6
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
well sorry for the very dubious english... i think i meant "you can chuck simple, low load stuff through userspace, but there are huge implications of doing much more." i.e. you want to inspect any dns request... dns is light and takes of a fraction of a percentage of network throughput, absolutely tiny. so screwing with DNS isn't too bad. screwing with heavy application traffic, http etc... will have massive issues without extremely clever programming techniques and substantial processing and IO power.
I do think you need to take a few steps back and work out what you want. i've been there so so many times and will be again. i'm the king of hair-brained ideas, and i'm slowly weening myself off of them. but don't work around issues, improve them. hacks to get around other hacks is a horrible state to be in.
|
|
|
All times are GMT -5. The time now is 07:20 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|