How to redirect the package from eth0 to eth2

How to redirect the package from eth0 to eth2

[Roc Bai]

Dear all:
    in my service, there are four net card.  eth0, eth1, eth2, eth3. I
want to forward the data in from eth0 to eth1, eth2, eth3 with
different application protocol. Does some body send me some ideas on
it?

   1) where i should set the hook: pre-routing or forward?
   2) how to make the route select the target port which i hope?
   3) where i can get some simple source code to learn?

Best Regards

Bai Shuwei
-- 
------------------------

Thinking before action, but you are wasting time if you don't do action.

Re: How to redirect the package from eth0 to eth2

[Maximilian Wilhelm]

Anno domini 2011 Roc Bai scripsit:

Hi!

> Dear all:
>     in my service, there are four net card.  eth0, eth1, eth2, eth3. I
> want to forward the data in from eth0 to eth1, eth2, eth3 with
> different application protocol. Does some body send me some ideas on
> it?

So you want to route (as in IP routing) packages to different hosts
based on protocols (as in IP, GRE, etc?) or tcp/udp ports? Is this
correct?

>    1) where i should set the hook: pre-routing or forward?
>    2) how to make the route select the target port which i hope?

If you want to re-route packages, that has to happen in pre-routing.
If you want to use DNAT for examples, just add a rule to the
PREROUTING chain in the nat table.
If you want to use real routing, there should be multiple ways to
accomplish that. I'm not sure which one is the preferred now adays.
(mark packages and us 'ip rule' and multiple routing tables, ROUTE
target, ...)

>    3) where i can get some simple source code to learn?

Source code of what?

Maybe you can say a bit more about what you exactly want to do?

Ciao
Max
-- 
The real problem with C++ for kernel modules is:
the language just sucks.
-- Linus Torvalds

Re: How to redirect the package from eth0 to eth2

[Roc Bai]

2011/1/10 Maximilian Wilhelm <max@rfc2324.org>:
> Anno domini 2011 Roc Bai scripsit:
>
> Hi!
>
>> Dear all:
>>     in my service, there are four net card.  eth0, eth1, eth2, eth3. I
>> want to forward the data in from eth0 to eth1, eth2, eth3 with
>> different application protocol. Does some body send me some ideas on
>> it?
>
> So you want to route (as in IP routing) packages to different hosts
> based on protocols (as in IP, GRE, etc?) or tcp/udp ports? Is this
> correct?
>
>>    1) where i should set the hook: pre-routing or forward?
>>    2) how to make the route select the target port which i hope?
>

> If you want to re-route packages, that has to happen in pre-routing.
> If you want to use DNAT for examples, just add a rule to the
> PREROUTING chain in the nat table.
I think the DNAT should change the package data, including the IP or
higher level protocol header, isn't it?
> If you want to use real routing, there should be multiple ways to
> accomplish that. I'm not sure which one is the preferred now adays.
> (mark packages and us 'ip rule' and multiple routing tables, ROUTE
> target, ...)
I think the best idea which can redirect the package is to add/change
the route rule to do it. I have write some source codes which doesn't
work.

I add the bellow line in ip_route_input_common() function, which will
call ncf_get_entry().
int ip_route_input_common(struct sk_buff *skb, __be32 daddr, __be32 saddr,
                           u8 tos, struct net_device *dev, bool noref)
{
        struct rtable * rth;
        unsigned        hash;
        int iif = dev->ifindex;
        struct net *net;
        struct dst_entry *entry;
        int count = 0;

        if ((strncmp(dev->name, "eth0", 4) == 0) && (entry =
ncf_get_entry(skb, daddr, saddr, tos, dev)) != NULL) {
                if (noref) {
                        dst_use_noref(entry, jiffies);
                        skb_dst_set_noref(skb, entry);

                } else {
                        dst_use(entry, jiffies);
                        skb_dst_set(skb, entry);
                }

                //ip_local_out(skb);
                return 0;
        }

       ....
}


ncf_get_entry() can generate a dst_entry whose dev point to the eth2
net_device structure. But when i use tcpdum -i eth2. I cannot get the
package from eth0. So it doesn't work.

static struct dst_entry gdst;
static int ncfflag = 0;
static struct dst_entry *ncf_get_entry(struct sk_buff *skb,
        __be32 daddr, __be32 saddr, u8 tos, struct net_device *dev)
{
        struct net_device *out_dev = dev_get_by_name(&init_net, "eth2");

        if (out_dev == NULL) {
                return NULL;
        }
        /* Init the gdst dst_entry */
        if (ncfflag == 0) {
                memset(&gdst, 0, sizeof(gdst));

                gdst.ops = &ipv4_dst_ops;
                gdst.lastuse = jiffies;
                gdst.path = &gdst;
                atomic_inc(&ipv4_dst_ops.entries);

                atomic_set(&gdst.__refcnt, 1);

                gdst.flags = DST_HOST;
                gdst.flags |= DST_NOPOLICY;
                gdst.flags |= DST_NOXFRM;
                gdst.dev  = out_dev;
                dev_hold(gdst.dev);

                gdst.obsolete = -1;
                gdst.input = ip_forward;
                gdst.output = ip_output;
                ncfflag = 1;
        } else {
                /* I don't know whether they are correct */
                atomic_set(&gdst.__refcnt, 1);
                dev_hold(gdst.dev);
        }

        return &gdst;
}

I hope somebody can fix the issues on the above source code. Thanks!

>
>>    3) where i can get some simple source code to learn?
I want to find some sample code to modify the skb, which can redirect
the skb from one port to another port.
>
> Source code of what?
>
> Maybe you can say a bit more about what you exactly want to do?
>
> Ciao
> Max
> --
> The real problem with C++ for kernel modules is:
> the language just sucks.
> -- Linus Torvalds
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



-- 
------------------------

Thinking before action, but you are wasting time if you don't do action.

Re: How to redirect the package from eth0 to eth2

[Jan Engelhardt]

On Tuesday 2011-01-11 04:22, Roc Bai wrote:
>>> Dear all:
>>>     in my service, there are four net card.  eth0, eth1, eth2, eth3. I
>>> want to forward the data in from eth0 to eth1, eth2, eth3 with
>>> different application protocol. Does some body send me some ideas on
>>> it?
>>
>> If you want to re-route packages, that has to happen in pre-routing.
>> If you want to use DNAT for examples, just add a rule to the
>> PREROUTING chain in the nat table.
>
>I think the DNAT should change the package data, including the IP or
>higher level protocol header, isn't it?

That is the point of NAT. NAT is _not_ routing/forwarding (dammit).
And it's "packet", not "package".

>I think the best idea which can redirect the package is to add/change
>the route rule to do it. I have write some source codes which doesn't
>work.

That's redundant (and as you can see, error prone). Just use
the iproute utilities to define extra rules and routes, which
are known to work.

>ncf_get_entry() can generate a dst_entry whose dev point to the eth2
>net_device structure. But when i use tcpdum -i eth2. I cannot get the
>package from eth0. So it doesn't work.

I don't expect it to. You are using a global variable, which is not
SMP-safe without a lock.
You might find Paul McKenny's Parallel Programming Book helping.

>static struct dst_entry gdst;
>static int ncfflag = 0;

Re: How to redirect the package from eth0 to eth2

[Roc Bai]

2011/1/11 Jan Engelhardt <jengelh@medozas.de>:
>
> On Tuesday 2011-01-11 04:22, Roc Bai wrote:
>>>> Dear all:
>>>>     in my service, there are four net card.  eth0, eth1, eth2, eth3. I
>>>> want to forward the data in from eth0 to eth1, eth2, eth3 with
>>>> different application protocol. Does some body send me some ideas on
>>>> it?
>>>
>>> If you want to re-route packages, that has to happen in pre-routing.
>>> If you want to use DNAT for examples, just add a rule to the
>>> PREROUTING chain in the nat table.
>>
>>I think the DNAT should change the package data, including the IP or
>>higher level protocol header, isn't it?
>
> That is the point of NAT. NAT is _not_ routing/forwarding (dammit).
> And it's "packet", not "package".
>
>>I think the best idea which can redirect the package is to add/change
>>the route rule to do it. I have write some source codes which doesn't
>>work.
>
> That's redundant (and as you can see, error prone). Just use
> the iproute utilities to define extra rules and routes, which
> are known to work.
>
>>ncf_get_entry() can generate a dst_entry whose dev point to the eth2
>>net_device structure. But when i use tcpdum -i eth2. I cannot get the
>>package from eth0. So it doesn't work.
>
> I don't expect it to. You are using a global variable, which is not
> SMP-safe without a lock.
> You might find Paul McKenny's Parallel Programming Book helping.
Jan, thanks your comments.
I want to make the packet ( I think it's right now:) ) redirected to
an anticipant port, so I haven't consider the concurrent problem now.

In the requirement, redirect the packet with protocal is the first
step, and in the second step, the system should redirect the packet
with application packet content, such as GET in HTTP.

eth0 ---------- if (GET in  SKB), redirect to ----------> eth2

So i think i have to write my module to redirect the packet now, and
then i can change little in the future. That's the key why i thouldn't
to use the exist nat/diverter tool.

Maybe i want to know  how to set the SKB in the
ip_route_input_common() routine. Then the SKB can be send out from
eth2 port. So
whether my plan is right, to create a dst-entry and add it to
skb->_skb_refdst? and Whether the dst_entry optiosn values are
corrent?



>
>>static struct dst_entry gdst;
>>static int ncfflag = 0;
>



-- 
------------------------

Thinking before action, but you are wasting time if you don't do action.

Re: How to redirect the package from eth0 to eth2

[Amos Jeffries]

On 12/01/11 04:26, Roc Bai wrote:
 > 2011/1/11 Jan Engelhardt<jengelh@medozas.de>:
 >>
 >> On Tuesday 2011-01-11 04:22, Roc Bai wrote:
 >>>>> Dear all:
 >>>>>      in my service, there are four net card.  eth0, eth1, eth2, 
eth3. I
 >>>>> want to forward the data in from eth0 to eth1, eth2, eth3 with
 >>>>> different application protocol. Does some body send me some ideas on
 >>>>> it?
 >>>>
 >>>> If you want to re-route packages, that has to happen in pre-routing.
 >>>> If you want to use DNAT for examples, just add a rule to the
 >>>> PREROUTING chain in the nat table.
 >>>
 >>> I think the DNAT should change the package data, including the IP or
 >>> higher level protocol header, isn't it?
 >>
 >> That is the point of NAT. NAT is _not_ routing/forwarding (dammit).
 >> And it's "packet", not "package".
 >>
 >>> I think the best idea which can redirect the package is to add/change
 >>> the route rule to do it. I have write some source codes which doesn't
 >>> work.
 >>
 >> That's redundant (and as you can see, error prone). Just use
 >> the iproute utilities to define extra rules and routes, which
 >> are known to work.
 >>
 >>> ncf_get_entry() can generate a dst_entry whose dev point to the eth2
 >>> net_device structure. But when i use tcpdum -i eth2. I cannot get the
 >>> package from eth0. So it doesn't work.
 >>
 >> I don't expect it to. You are using a global variable, which is not
 >> SMP-safe without a lock.
 >> You might find Paul McKenny's Parallel Programming Book helping.
 > Jan, thanks your comments.
 > I want to make the packet ( I think it's right now:) ) redirected to
 > an anticipant port, so I haven't consider the concurrent problem now.
 >
 > In the requirement, redirect the packet with protocal is the first
 > step, and in the second step, the system should redirect the packet
 > with application packet content, such as GET in HTTP.
 >
 > eth0 ---------- if (GET in  SKB), redirect to ---------->  eth2
 >
 > So i think i have to write my module to redirect the packet now, and
 > then i can change little in the future. That's the key why i thouldn't
 > to use the exist nat/diverter tool.
 >
 > Maybe i want to know  how to set the SKB in the
 > ip_route_input_common() routine. Then the SKB can be send out from
 > eth2 port. So
 > whether my plan is right, to create a dst-entry and add it to
 > skb->_skb_refdst? and Whether the dst_entry optiosn values are
 > corrent?
 >

This discussion is showing signs of being an XYZ problem.
http://www.perlmonks.org/index.pl?node_id=542341

Roc Bai, are you attempting to do this redirection for *any* protocol? 
or just for some specific ones related to a not mentioned task?


AYJ

Re: How to redirect the package from eth0 to eth2

[Roc Bai]

2011/1/12 Amos Jeffries <squid3@treenet.co.nz>:
>
> On 12/01/11 04:26, Roc Bai wrote:
>> 2011/1/11 Jan Engelhardt<jengelh@medozas.de>:
>>>
>>> On Tuesday 2011-01-11 04:22, Roc Bai wrote:
>>>>>> Dear all:
>>>>>>      in my service, there are four net card.  eth0, eth1, eth2, eth3.
>>>>>> I
>>>>>> want to forward the data in from eth0 to eth1, eth2, eth3 with
>>>>>> different application protocol. Does some body send me some ideas on
>>>>>> it?
>>>>>
>>>>> If you want to re-route packages, that has to happen in pre-routing.
>>>>> If you want to use DNAT for examples, just add a rule to the
>>>>> PREROUTING chain in the nat table.
>>>>
>>>> I think the DNAT should change the package data, including the IP or
>>>> higher level protocol header, isn't it?
>>>
>>> That is the point of NAT. NAT is _not_ routing/forwarding (dammit).
>>> And it's "packet", not "package".
>>>
>>>> I think the best idea which can redirect the package is to add/change
>>>> the route rule to do it. I have write some source codes which doesn't
>>>> work.
>>>
>>> That's redundant (and as you can see, error prone). Just use
>>> the iproute utilities to define extra rules and routes, which
>>> are known to work.
>>>
>>>> ncf_get_entry() can generate a dst_entry whose dev point to the eth2
>>>> net_device structure. But when i use tcpdum -i eth2. I cannot get the
>>>> package from eth0. So it doesn't work.
>>>
>>> I don't expect it to. You are using a global variable, which is not
>>> SMP-safe without a lock.
>>> You might find Paul McKenny's Parallel Programming Book helping.
>> Jan, thanks your comments.
>> I want to make the packet ( I think it's right now:) ) redirected to
>> an anticipant port, so I haven't consider the concurrent problem now.
>>
>> In the requirement, redirect the packet with protocal is the first
>> step, and in the second step, the system should redirect the packet
>> with application packet content, such as GET in HTTP.
>>
>> eth0 ---------- if (GET in  SKB), redirect to ---------->  eth2
>>
>> So i think i have to write my module to redirect the packet now, and
>> then i can change little in the future. That's the key why i thouldn't
>> to use the exist nat/diverter tool.
>>
>> Maybe i want to know  how to set the SKB in the
>> ip_route_input_common() routine. Then the SKB can be send out from
>> eth2 port. So
>> whether my plan is right, to create a dst-entry and add it to
>> skb->_skb_refdst? and Whether the dst_entry optiosn values are
>> corrent?
>>
>
> This discussion is showing signs of being an XYZ problem.
> http://www.perlmonks.org/index.pl?node_id=542341
>
> Roc Bai, are you attempting to do this redirection for *any* protocol? or
> just for some specific ones related to a not mentioned task?
Any protocol, such as

packets in from eth0 ----> Http to eth1
                              -----> Ftp to eth2
                              -----> RTSP to eth3

Note, I thould check the content (But not the app port, such as 80 for
http, as it doesn't work all the time) which the packet use which
kinds of protocol, then i redirect it.
>
>
> AYJ
>



-- 
------------------------

Thinking before action, but you are wasting time if you don't do action.

How to redirect the package from eth0 to eth2

[Roc Bai]

Dear all:
    in my service, there are four net card.  eth0, eth1, eth2, eth3. I
want to forward the data in from eth0 to eth1, eth2, eth3 with
different application protocol. Does some body send me some ideas on
it?

   1) where i should set the hook: pre-routing or forward?
   2) how to make the route select the target port which i hope?
   3) where i can get some simple source code to learn?

Best Regards

Bai Shuwei
-- 
------------------------

Thinking before action, but you are wasting time if you don't do action.