Re: using loopback address as primary address
On Monday 24 July 2006 16:48, Brian Candler wrote: > On Mon, Jul 24, 2006 at 12:38:56PM +0300, Nikos Vassiliadis wrote: > > Can I somehow use lo1 address > > for connections initiated from Host_2? > > Options I know of: > > (1) the application which originates the connection can explicitly bind > to the lo1 address (see for example telnet -s and ping -S options) > I am looking for a "global just-works" sollution something like a routing/ip addressing scheme that will allow me to use individual (unrelated) IP addresses assigned to individual boxes on the same ethernet segment with a gateway to the internet > (2) the application can run in a jail(8) whose IP address is lo1, in which > case a 'bind to any' will bind to this address only > If that could happen without the jail part it would be fine... ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple NAT router
On Mon, Jul 24, 2006 at 01:40:13PM -0700, Julian Elischer wrote: > an ng_ip node :-) > I've considerred it. Then all the tools like 'netstat' and 'route' need modifying to talk to a netgraph socket, but in principle I don't see why it couldn't be done. ISTM there are a zillion userland-to-kernel and kernel-to-kernel communication interfaces: - ioctl - geom - cam - netgraph - vfs - sysctl - kmem - procfs - ... Perhaps they could all be replaced by netgraph?? Regards, Brian. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using loopback address as primary address
On Tuesday 25 July 2006 14:19, Andre Santos wrote: > On 7/25/06, Nikos Vassiliadis <[EMAIL PROTECTED]> wrote: > > > (2) the application can run in a jail(8) whose IP address is lo1, in > > > which case a 'bind to any' will bind to this address only > > > > If that could happen without the jail part it would be fine... > > Any specific reason for not using jail? You don't have to create a > jail environment for this. I didn't know that. You mean I can use a regular non-chrooted environment and still be inside a jail? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple NAT router
On Monday 24 July 2006 22:40, Julian Elischer wrote: ... > >Also, what would really suit him is a netgraph IP interface node - i.e. > >something which takes raw ethernet frames from the interface, performs IP > >encapsulation/decapsulation and ARP - and an IP forwarding node with its > > own forwarding table. Has anyone done any work in that area? It would be > > really cool for VPN edge routing, for example. > > an ng_ip node :-) > I've considerred it. The Click modular router already provides a relatively complete IP forwarding path, including ARP handlers and several flavors of IP routing lookup nodes. I think it also icludes a NAT module, but have never tried it. Most importantly, it can work as a kernel module in FreeBSD, but only on 4.x. Marko ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple NAT router
On Tuesday 25 July 2006 05:17, Brett Glass wrote: > At 08:09 AM 7/24/2006, Marko Zec wrote: > >Yes this should work with a virtualized stack - all the "outsied" > > interfaces in each jail / virtual stack could be simply bridged together > > using netgraph which is virtualization-agnostic, i.e. a global facility > > in the current implementation of "vimage". > > Does this virtualization facility virtualize the arp table? It > would need to, because there would be hosts with duplicate > addresses inside each interface. Yes. > I've been noodling over this for two weeks now, and am thinking > that the easiest thing to do might be is map every address in each > "virtual" router to a unique address from FreeBSD's point of view > (i.e. 192.168.0.2 on LAN 1 becomes 10.0.0.2, while 192.168.0.2 on > LAN 1 becomes 10.0.1.2, etc.). The translation would be done by > "hooks" as close as possible to the interfaces, so FreeBSD's stack > wouldn't know it was being done. > > All that would be needed in that case would be to do "dumb" address > translation at the interfaces -- transparently to FreeBSD -- just > before the packets entered and left. This seems to be the method > that would leverage FreeBSD's existing facilities the most, since > FreeBSD's own routing, NAT, etc. would "just work" as they always > do. I'd need to figure out what to do about protocols like DHCP > I don't know if DHCP will assign addresses that it are not on the > subnet it "thinks" it's talking to. And I might need to hack into > the content of some packets. For example, I'd have to make ARP work. > > If I were to try this, the question would of course be which "hook" > to use to capture the packets (BPF? Divert sockets? Netgraph? > Something in IPFW? A hook into the driver?)... and whether I could > use existing code to do the bilateral translation or would have to > hack an "address smasher". > > --Brett Glass ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple NAT router
On Mon, Jul 24, 2006 at 09:17:37PM -0600, Brett Glass wrote: > I've been noodling over this for two weeks now, and am thinking > that the easiest thing to do might be is map every address in each > "virtual" router to a unique address from FreeBSD's point of view > (i.e. 192.168.0.2 on LAN 1 becomes 10.0.0.2, while 192.168.0.2 on > LAN 1 becomes 10.0.1.2, etc.). The translation would be done by > "hooks" as close as possible to the interfaces, so FreeBSD's stack > wouldn't know it was being done. > > All that would be needed in that case would be to do "dumb" address > translation at the interfaces -- transparently to FreeBSD -- just > before the packets entered and left. One problem is managing the allocation of the translated addresses. But why not do dumb mapping of IPv4 addresses to IPv6 ? That would let you have up to 2^96 "virtual routers", and finally provide a reason for the IPv6 code to exist :-) ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SCTP
Greetings all: After much work with Pawel.. I figured out and fixed/simplified/made better a lot of what was happening for him... Turns out he had some of Roberts latest changes to the sockets code :-0 (which I knew would break SCTP). Now I have fixed these in the latest patch/and or download. Please find the patch either at: http://www.sctp.org/July25.patch.bz2 OR you can find it hanging off the http://www.sctp.org download tab. Note: thanks to all of you that have tested and played with SCTP.. keep up the good work.. and for those of you that have not gotten around to it.. please do so :-D R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 815-342-5222 (cell) ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple NAT router
Brett Glass wrote: At 08:09 AM 7/24/2006, Marko Zec wrote: Yes this should work with a virtualized stack - all the "outsied" interfaces in each jail / virtual stack could be simply bridged together using netgraph which is virtualization-agnostic, i.e. a global facility in the current implementation of "vimage". Does this virtualization facility virtualize the arp table? It would need to, because there would be hosts with duplicate addresses inside each interface. yes it virtuialises the entire network system look for 'vimage FreeBSD ' under google, unfortunatly it is 4.x only at the moment but you may be able to use a 4.x machine. I've been noodling over this for two weeks now, and am thinking that the easiest thing to do might be is map every address in each "virtual" router to a unique address from FreeBSD's point of view (i.e. 192.168.0.2 on LAN 1 becomes 10.0.0.2, while 192.168.0.2 on LAN 1 becomes 10.0.1.2, etc.). The translation would be done by "hooks" as close as possible to the interfaces, so FreeBSD's stack wouldn't know it was being done. netgraph shims? netgraph can shim into the interfaces the way you suggest. man ng_ether. All that would be needed in that case would be to do "dumb" address translation at the interfaces -- transparently to FreeBSD -- just before the packets entered and left. This seems to be the method that would leverage FreeBSD's existing facilities the most, since FreeBSD's own routing, NAT, etc. would "just work" as they always do. I'd need to figure out what to do about protocols like DHCP I don't know if DHCP will assign addresses that it are not on the subnet it "thinks" it's talking to. And I might need to hack into the content of some packets. For example, I'd have to make ARP work. If I were to try this, the question would of course be which "hook" to use to capture the packets (BPF? Divert sockets? Netgraph? Something in IPFW? A hook into the driver?)... and whether I could use existing code to do the bilateral translation or would have to hack an "address smasher". --Brett Glass ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple NAT router
Brian Candler wrote: On Mon, Jul 24, 2006 at 01:40:13PM -0700, Julian Elischer wrote: an ng_ip node :-) I've considerred it. Then all the tools like 'netstat' and 'route' need modifying to talk to a netgraph socket, but in principle I don't see why it couldn't be done. ISTM there are a zillion userland-to-kernel and kernel-to-kernel communication interfaces: - ioctl - geom - cam - netgraph - vfs - sysctl - kmem - procfs - ... Perhaps they could all be replaced by netgraph?? no, netgraph's interface is very specialised in its characteristics. though you could replace tun, tap and gif very easily. Regards, Brian. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SCTP
Another interesting thing, I did see this before as well. System freezes in the middle of a NPsctp run. This does not happen when I run over loopback but occasionally when run over crossover network. I enabled WITNESS, INVARIANTS and INVARIANTS_SCTP, no complains from any of them. I can break to ddb and here is some random debugging. I also have a manual dump of this. db> ps pid uid ppid pgrp state wmesg wchancmd 10770 1002 1077 R+ NPsctp 10080 835 835 S pause0xc2757034 ntpd 10020 998 1002 S+ pause0xc2703904 csh 10010 1 1001 Ss+ ttyin0xc25cd410 getty 10000 1 1000 Ss+ ttyin0xc25cd010 getty 9990 1 999 Ss+ ttyin0xc25ce010 getty 9980 1 998 Ss+ wait 0xc2574d38 login 9170 1 917 Ss nanslp 0xc07c1784 cron 9060 1 906 Ss select 0xc080b04c sshd 8420 1 842 Ss select 0xc080b04c powerd 8350 1 835 Ss select 0xc080b04c ntpd 7610 0 0 SL mdwait 0xc282b800 [md0] 7180 1 718 Ss select 0xc080b04c syslogd 6170 1 617 Ss select 0xc080b04c devd 1740 1 174 Ss pause0xc2703d6c adjkerntz 460 0 0 SL geli:w 0xc26f7c00 [g_eli[0] ad0s2d] 450 0 0 SL -0xd480dcf8 [schedcpu] 440 0 0 SL sdflush 0xc08164ec [softdepflush] 430 0 0 SL syncer 0xc07c154c [syncer] --More-- 420 0 0 SL vlruwt 0xc27018d0 [vnlru] 410 0 0 SL psleep 0xc080b4d4 [bufdaemon] 400 0 0 SL pollid 0xc07c0c18 [idlepoll] 390 0 0 SL pgzero 0xc081ee30 [pagezero] 380 0 0 SL psleep 0xc0816d60 [vmdaemon] 370 0 0 SL psleep 0xc0816d20 [pagedaemon] 360 0 0 WL [swi0: sio] 350 0 0 WL [irq12: psm0] 340 0 0 RL CPU 0 [irq1: atkbd0] 330 0 0 SL cooling 0xc257acd4 [acpi_cooling0] 320 0 0 SL tzpoll 0xc09d6520 [acpi_thermal] 310 0 0 WL [irq15: ata1] 300 0 0 WL [irq14: ata0] 290 0 0 SL -0xc2578080 [ath0 taskq] 280 0 0 SL usbevt 0xc24e9a10 [usb3] 270 0 0 SL usbevt 0xc2567210 [usb2] 260 0 0 SL usbevt 0xc2552210 [usb1] 250 0 0 SL usbtsk 0xc07bece4 [usbtask] 240 0 0 SL usbevt 0xc24fa210 [usb0] 230 0 0 WL [irq11: pcm0 em0++*] --More-- 220 0 0 WL [irq9: acpi0] 210 0 0 WL [swi2: cambio] 200 0 0 SL -0xc24f6400 [acpi_task_2] 190 0 0 SL -0xc24f6400 [acpi_task_1] 90 0 0 SL -0xc24f6400 [acpi_task_0] 80 0 0 SL -0xc24f6500 [kqueue taskq] 180 0 0 WL [swi5: +] 70 0 0 SL -0xc2463480 [thread taskq] 170 0 0 WL [swi6: Giant taskq] 160 0 0 WL [swi6: task queue] 150 0 0 SL seqstate 0xc245fc54 [sequencer 00] 140 0 0 SL -0xc07be580 [yarrow] 60 0 0 SL -0xc07bf03c [g_down] 50 0 0 SL -0xc07bf038 [g_up] 40 0 0 SL -0xc07bf030 [g_event] 30 0 0 SL crypto_r 0xc0816254 [crypto returns] 20 0 0 SL crypto_w 0xc081622c [crypto] 130 0 0 WL [swi3: vm] 120 0 0 RL [swi4: clock sio] 110 0 0 LL *so_rcv 0xc2466140 [swi1: net] --More-- 100 0 0 RL [idle] 10 0 1 SLs wait 0xc246a000 [init] 00 0 0 WLs [swapper] db> show alllocks Process 1077 (NPsctp) thread 0xc25706c0 (100038) exclusive sleep mutex so_rcv r = 0 (0xc2780458) locked @ /usr/src/sys/netinet/sctputil.c:4042 Process 34 (irq1: atkbd0) thread 0xc246b6c0 (100031) exclusive sleep mutex Giant r = 0 (0xc07c0b08) locked @ /usr/src/sys/kern/kern_intr.c:661 Process 11 (swi1: net) thread 0xc24656c0 (15) exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xc29a5498) locked @ /usr/src/sys/netinet/sctp_pcb.c:191 db> tr 1077 Tracing pid 1077 tid 100038 td 0xc25706c0 sched_switch(c25706c0,c246b6c0,6,158,417a95,...) at sched_switch+0x1a0 mi_switch(6,c246b6c0,c07563d7,290,c246b850,...
