conducting TCP sessions with non-local IPs

conducting TCP sessions with non-local IPs

[Bryan Rittmeyer]

Hello linux-kernel,

Is there any way to conduct TCP sessions (IE have a userland process
connect out, or accept connections) using non-local IPs? By "non-local"
I just mean IPs that aren't assigned to an interface, but do fall into
the network range of a running interface (so netmask, gateway, etc are
"known").

For example, I want to bring up an interface for 10.0.0.0/255.255.255.0
and assign it IP 10.0.0.1 Then, I want a process to accept TCP
connections on, say, 10.0.0.2:1234 or 10.0.0.200:4567 even though these
IPs are not assigned to any interface. Also, I want to be able to
connect out with source IP 10.0.0.2 or 10.0.0.200, etc. I will need to
be able to do this for potentially all IPs in the network, so bringing
up a new IP-aliased interface (eth0:0, eth0:1, etc) is not feasible.
Compound that with the fact that I could need to do this for many
networks, and clearly doing an "ifconfig up" on all possible IPs is not
a very efficient option.

I have tried enabling "ip_nonlocal_bind" and that prevents a bind call
to a non-local IP from failing. However, I don't think that's sufficient
to conduct full TCP/IP sessions from any IP on the network.

This is a really wierd question, but I'm curious if its possible with
current 2.4.X kernels and, if it's not, how difficult would it be to add
support for. What areas of the network stack would require modification?

Thanks!

Regards,

Bryan Rittmeyer

-- 
Bryan Rittmeyer
mailto:bryan@ixiacom.com
Ixia Communications
26601 W. Agoura Rd.
Calabasas, CA 91302

Re: conducting TCP sessions with non-local IPs

[Gregory Maxwell]

On Tue, Mar 06, 2001 at 12:30:58PM -0800, Bryan Rittmeyer wrote:
> Hello linux-kernel,
> 
> Is there any way to conduct TCP sessions (IE have a userland process
> connect out, or accept connections) using non-local IPs? By "non-local"
> I just mean IPs that aren't assigned to an interface, but do fall into
> the network range of a running interface (so netmask, gateway, etc are
> "known").
> 
> For example, I want to bring up an interface for 10.0.0.0/255.255.255.0
> and assign it IP 10.0.0.1 Then, I want a process to accept TCP
[snip]

/sbin/ip addr add 10.2.0.0/24 dev eth0

Tada

Re: conducting TCP sessions with non-local IPs

[Mike Fedyk]

Gregory Maxwell wrote:
> 
> On Tue, Mar 06, 2001 at 12:30:58PM -0800, Bryan Rittmeyer wrote:
> > Hello linux-kernel,
> >
> > Is there any way to conduct TCP sessions (IE have a userland process
> > connect out, or accept connections) using non-local IPs? By "non-local"
> > I just mean IPs that aren't assigned to an interface, but do fall into
> > the network range of a running interface (so netmask, gateway, etc are
> > "known").
> >
> > For example, I want to bring up an interface for 10.0.0.0/255.255.255.0
> > and assign it IP 10.0.0.1 Then, I want a process to accept TCP
> [snip]
> 
> /sbin/ip addr add 10.2.0.0/24 dev eth0
> 
> Tada
How would you deal with the other computer responding to the host "port not
reachable"?

Re: conducting TCP sessions with non-local IPs

[Gregory Maxwell]

On Tue, Mar 06, 2001 at 05:46:39PM -0800, Mike Fedyk wrote:
> Gregory Maxwell wrote:
> > 
> > On Tue, Mar 06, 2001 at 12:30:58PM -0800, Bryan Rittmeyer wrote:
> > > Hello linux-kernel,
> > >
> > > Is there any way to conduct TCP sessions (IE have a userland process
> > > connect out, or accept connections) using non-local IPs? By "non-local"
> > > I just mean IPs that aren't assigned to an interface, but do fall into
> > > the network range of a running interface (so netmask, gateway, etc are
> > > "known").
> > >
> > > For example, I want to bring up an interface for 10.0.0.0/255.255.255.0
> > > and assign it IP 10.0.0.1 Then, I want a process to accept TCP
> > [snip]
> > 
> > /sbin/ip addr add 10.2.0.0/24 dev eth0
> > 
> > Tada
> How would you deal with the other computer responding to the host "port not
> reachable"?

I didn't pick-up on the fact that you planned on have other computers
listening with those addresses.

This won't work without support from your routing device if you actually
have hosts on the addresses, just because of ARP.

You can make this work, if, you can control and configure the router
  1. You can configure your router to direct the needed ports to your Linux
	box and not the real hosts. (Linux can do this)

If you can firewall on the victim boxes, you could block their 'not
reachable' reply, but that doesn't solve ARP. You could probably make a
trivial change to Linux and run it in promiscuous mode to achieve this. It's
more likely the first will be a better option for you.

What are you doing anyways? :)

Re: conducting TCP sessions with non-local IPs

[Jeremy Jackson]

Mike Fedyk wrote:

> > [snip]
> >
> > /sbin/ip addr add 10.2.0.0/24 dev eth0
> >
> > Tada
> How would you deal with the other computer responding to the host "port not
> reachable"?

What the hell kind of monster are you making?  There's got to be another way.

Re: conducting TCP sessions with non-local IPs

[Bryan Rittmeyer]

Jeremy Jackson wrote:

> What the hell kind of monster are you making?  There's got to be another way.

heh. As I mentioned in my other response, we're doing TCP/IP load
balance testing--so we need one linux system to act as many hosts. The
only solution, short of using bind/connect/accept/etc with non-local
IPs, is to use raw sockets (libpcap+libnet) and handle all of the TCP
protocol layer in userland. For speed reasons, that's clearly not
desireable, so I am seeking a kernel solution for acting as many hosts
(10,000+) without having to bring up network interfaces for each one....

Kind of sick, isn't it? :) In any case we will definitely be pushing the
2.4 network code to the extreme.

Regards,

Bryan

-- 
Bryan Rittmeyer
mailto:bryan@ixiacom.com
Ixia Communications
26601 W. Agoura Rd.
Calabasas, CA 91302

Re: conducting TCP sessions with non-local IPs

[Bryan Rittmeyer]

Gregory Maxwell wrote:

> I didn't pick-up on the fact that you planned on have other computers
> listening with those addresses.

We won't--without getting into the specifics (NDA) we are developing a
TCP/IP load balance tester that needs to act--similtaneously--as many
machines. It is certainly not designed to run on your average LAN, but
rather on a carefully prepared test network using data assigned by a
user who (presumably) has ensured the IPs we are using are not already
assigned to other machines.

> This won't work without support from your routing device if you actually
> have hosts on the addresses, just because of ARP.

We have hacks in place for promiscous ARPing on any of the IPs we may
want to use :)

So, if I configure the interface as suggested ("/sbin/ip addr add
10.0.0.0/24 dev eth0") can I really bind to any IP in 10.0.0.0/24 and
conduct TCP sessions (as a client or server) using that IP--assuming all
the ARP, etc, issues are worked out?

Regards,

Bryan
-- 
Bryan Rittmeyer
mailto:bryan@ixiacom.com
Ixia Communications
26601 W. Agoura Rd.
Calabasas, CA 91302

Re: conducting TCP sessions with non-local IPs

[David]

> So, if I configure the interface as suggested ("/sbin/ip addr add
> 10.0.0.0/24 dev eth0") can I really bind to any IP in 10.0.0.0/24 and
> conduct TCP sessions (as a client or server) using that IP--assuming all
> the ARP, etc, issues are worked out?


hostA: ip a a 10.0.0.0/24 brd + dev lo
hostB: ip r a 10.0.0.0/24 dev eth0

hostB: telnet 10.0.0.27
<connected as normal>

hostB: ssh 10.0.0.91
<connected as normal>

'tis a little magic I like.  nothing special needed anywhere.  does that 
help?

-d