* Questions regarding routing in the stack
@ 2005-07-21 14:30 JC
2005-07-21 16:24 ` Carl Holtje ;021;vcsg6;
0 siblings, 1 reply; 10+ messages in thread
From: JC @ 2005-07-21 14:30 UTC (permalink / raw)
To: netfilter
I was hoping someone could possibly shed some light into this or at
least point me to the right direction...
I am trying to develop a kernel module level solution for dynamic host
multihoming. This requires that I mangle packets from specific
applications running on the system right in the stack and basically
change the interface the packets are sent from (at least two
interfaces).
I understand that I need to register my mangling function with one of
the 5 netfilter hooks (the ROUTING one?), grab the interesting packets
and change..... something in the skbuff.
What really evades me is where/when does routing *exactly* happen. If
I know at which point it happens, I should tap right after it and
change the interface to the one I want. Or this whole idea could be
bad and I end up breaking something in the
packet and it gets dropped...
Of course, that needs to happen for both locally generated traffic and
incoming traffic, so that I link the incoming packets to the right
applications.
regards,
JC
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Questions regarding routing in the stack
2005-07-21 14:30 Questions regarding routing in the stack JC
@ 2005-07-21 16:24 ` Carl Holtje ;021;vcsg6;
2005-07-21 17:18 ` JC
2005-07-21 17:42 ` Jan Engelhardt
0 siblings, 2 replies; 10+ messages in thread
From: Carl Holtje ;021;vcsg6; @ 2005-07-21 16:24 UTC (permalink / raw)
To: JC; +Cc: netfilter
On Thu, 21 Jul 2005, JC wrote:
> I was hoping someone could possibly shed some light into this or at
> least point me to the right direction...
>
> I am trying to develop a kernel module level solution for dynamic host
> multihoming. This requires that I mangle packets from specific
> applications running on the system right in the stack and basically
> change the interface the packets are sent from (at least two
> interfaces).
>
> I understand that I need to register my mangling function with one of
> the 5 netfilter hooks (the ROUTING one?), grab the interesting packets
> and change..... something in the skbuff.
>
> What really evades me is where/when does routing *exactly* happen. If
> I know at which point it happens, I should tap right after it and
> change the interface to the one I want. Or this whole idea could be
> bad and I end up breaking something in the
> packet and it gets dropped...
At some point, I found this and squirreled it away:
# .========================================================.
# | PACKET PROCESSING PATH |
# +========================================================+
#
# Arriving Packets
# ==========================================================
# No. | Table | Chain | Description
# ----------------------------------------------------------
# 1 | | | On the wire
# 2 | | | At interface
# 3 | Mangle | PREROUTING |
# 4 | NAT | PREROUTING |
# 5 | | | Routing descision
# 6 | Mangle | INPUT |
# 7 | Filter | INPUT |
# 8 | | | To application
#
# Departing Packets
# ==========================================================
# No. | Table | Chain | Description
# ----------------------------------------------------------
# 1 | | | From Application
# 2 | | | Routing decision
# 3 | Mangle | OUTPUT |
# 4 | NAT | OUTPUT |
# 5 | Filter | OUTPUT |
# 6 | Mangle | POSTROUTING |
# 7 | | | At interface
# 8 | | | On the wire
#
# Forwarding Packets
# ==========================================================
# No. | Table | Chain | Description
# ----------------------------------------------------------
# 1 | | | From Application
# 2 | | | Routing
# 3 | Mangle | PREROUTING |
# 4 | NAT | PREROUTING |
# 5 | | | Routing decision
# 6 | Mangle | FORWARD |
# 7 | Filter | FORWARD |
# 8 | Mangle | POSTROUTING |
# 9 | NAT | POSTROUTING |
# 10 | | | At interface
# 11 | | | On the wire
> Of course, that needs to happen for both locally generated traffic and
> incoming traffic, so that I link the incoming packets to the right
> applications.
Why does this sound like NAT, where you take data from one interface and
spit it out on another (receive is done the same way)?
Hope this helps..
- --
"There are 10 types of people in the world: Those who understand binary
and those that don't."
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Questions regarding routing in the stack
2005-07-21 16:24 ` Carl Holtje ;021;vcsg6;
@ 2005-07-21 17:18 ` JC
2005-07-21 17:42 ` Jan Engelhardt
1 sibling, 0 replies; 10+ messages in thread
From: JC @ 2005-07-21 17:18 UTC (permalink / raw)
To: Carl Holtje ,021,vcsg6,; +Cc: netfilter
The diagram is helpfull, thank you. I'll give it a thorough look...
> > Of course, that needs to happen for both locally generated traffic and
> > incoming traffic, so that I link the incoming packets to the right
> > applications.
>
> Why does this sound like NAT, where you take data from one interface and
> spit it out on another (receive is done the same way)?
It is a kind of NATing, just changing the IP/interface. The thing is
the rules are not static, they can change at a high rate. Definitely
not confident changing the rules with a script rewritting/reloading
the ruleset will not break it at some point. I am currently thinking
of writting a netfilter module of some sort that will handle this out.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Questions regarding routing in the stack
2005-07-21 16:24 ` Carl Holtje ;021;vcsg6;
2005-07-21 17:18 ` JC
@ 2005-07-21 17:42 ` Jan Engelhardt
2005-07-22 22:45 ` Donald Murray
1 sibling, 1 reply; 10+ messages in thread
From: Jan Engelhardt @ 2005-07-21 17:42 UTC (permalink / raw)
To: Carl Holtje ;021;vcsg6;; +Cc: netfilter
>At some point, I found this and squirreled it away:
http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
this one is just as good ;)
Jan Engelhardt
--
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Questions regarding routing in the stack
2005-07-21 17:42 ` Jan Engelhardt
@ 2005-07-22 22:45 ` Donald Murray
2005-07-23 0:26 ` R. DuFresne
0 siblings, 1 reply; 10+ messages in thread
From: Donald Murray @ 2005-07-22 22:45 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
On 7/21/05, Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
*SNIP*
>
> http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
> this one is just as good ;)
>
>
>
> Jan Engelhardt
> --
>
>
Just as good? It's awesome.
I'm sending all my ASCII diagrams to the shredder.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Questions regarding routing in the stack
2005-07-22 22:45 ` Donald Murray
@ 2005-07-23 0:26 ` R. DuFresne
2005-07-23 11:11 ` Jan Engelhardt
0 siblings, 1 reply; 10+ messages in thread
From: R. DuFresne @ 2005-07-23 0:26 UTC (permalink / raw)
To: Donald Murray; +Cc: netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 22 Jul 2005, Donald Murray wrote:
> On 7/21/05, Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
> *SNIP*
>>
>> http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
>> this one is just as good ;)
>>
>>
>>
>> Jan Engelhardt
>> --
>>
>>
>
> Just as good? It's awesome.
>
> I'm sending all my ASCII diagrams to the shredder.
>
>
bummer us folks that have been around awhile prefer ascii, and hate
web/html based mail, scourge of the net...point and click is fer windows
and browsing on the toy OS....
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC4Y7Mst+vzJSwZikRAlACAJ9ZtQ9BcUVIs68vvNnX1LFOu2yLxQCfYwpG
x1vItV/db06m1IXk1GH2jjA=
=suVX
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Questions regarding routing in the stack
2005-07-23 0:26 ` R. DuFresne
@ 2005-07-23 11:11 ` Jan Engelhardt
2005-07-23 22:25 ` R. DuFresne
0 siblings, 1 reply; 10+ messages in thread
From: Jan Engelhardt @ 2005-07-23 11:11 UTC (permalink / raw)
To: R. DuFresne; +Cc: netfilter
>> > http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
>> Just as good? It's awesome.
>> I'm sending all my ASCII diagrams to the shredder.
>
> bummer us folks that have been around awhile prefer ascii, and hate web/html
> based mail, scourge of the net...point and click is fer windows and browsing on
> the toy OS....
png is not html. and for anything else, you can use some bmp2txt.
it is not point&click either. I have a ton of xterms open and graphics is
only done when required. I doubt you can display such a detailed flow chart
in 80x25.
Jan Engelhardt
--
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Questions regarding routing in the stack
2005-07-23 11:11 ` Jan Engelhardt
@ 2005-07-23 22:25 ` R. DuFresne
2005-07-24 7:33 ` Jan Engelhardt
0 siblings, 1 reply; 10+ messages in thread
From: R. DuFresne @ 2005-07-23 22:25 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 23 Jul 2005, Jan Engelhardt wrote:
>>>> http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
>>> Just as good? It's awesome.
>>> I'm sending all my ASCII diagrams to the shredder.
>>
>> bummer us folks that have been around awhile prefer ascii, and hate web/html
>> based mail, scourge of the net...point and click is fer windows and browsing on
>> the toy OS....
>
> png is not html. and for anything else, you can use some bmp2txt.
> it is not point&click either. I have a ton of xterms open and graphics is
> only done when required. I doubt you can display such a detailed flow chart
> in 80x25.
>
though I recall a few recent sploits on the *nix side that would be
crafted wth png files, no?
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC4sPBst+vzJSwZikRAmhZAJ4yFqI2L9ZasNTlx9n9Ep5IZPpsGwCg1P3+
3nTA9/Pt3gBTqSJ+Kkj8tsE=
=IiPD
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Questions regarding routing in the stack
2005-07-23 22:25 ` R. DuFresne
@ 2005-07-24 7:33 ` Jan Engelhardt
2005-07-24 11:18 ` R. DuFresne
0 siblings, 1 reply; 10+ messages in thread
From: Jan Engelhardt @ 2005-07-24 7:33 UTC (permalink / raw)
To: R. DuFresne; +Cc: netfilter
>
> though I recall a few recent sploits on the *nix side that would be crafted wth
> png files, no?
You did update, did not you?
Jan Engelhardt
--
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Questions regarding routing in the stack
2005-07-24 7:33 ` Jan Engelhardt
@ 2005-07-24 11:18 ` R. DuFresne
0 siblings, 0 replies; 10+ messages in thread
From: R. DuFresne @ 2005-07-24 11:18 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 24 Jul 2005, Jan Engelhardt wrote:
>>
>> though I recall a few recent sploits on the *nix side that would be crafted wth
>> png files, no?
>
> You did update, did not you?
>
oh, yes, of course, but, was that a one timer or repeat? Snedmail/ftp
used to be things like bind that had to be watched daily, now days it is
openssh/openssl and others, and if yer in the M$ world, yer updating
things that the *nix workd learned ten yearts bask with rcp and such. So,
these are not fix once and forget kinds of issues.
e-mail was meant to push text, plain and simple, what makes things complex
tends to make things not function ass we as or even at all like they were
intended. And html and ports 80/443 are the scourge of security admins
these days, everything gets pushed over those ports and is near impossible
to control in any reasonable manner. besides, some of the poorer mua's
folks use and use in public lists like this tend to push html in ishy ways
that makes my reading pleasure not...those folks I just tend to not read,
and perhaps miss something that might be interesting or inportant, but, I
just don't have the time to wsate trying to fix the crap that those mua's
pushout...
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC43j1st+vzJSwZikRArrbAJ9c4PQSqftT4ONEIJElzdBiiUtzhgCgqBD2
sXVrHrG3nXPK+UFOBSVr+xA=
=7jSn
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2005-07-24 11:18 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-21 14:30 Questions regarding routing in the stack JC
2005-07-21 16:24 ` Carl Holtje ;021;vcsg6;
2005-07-21 17:18 ` JC
2005-07-21 17:42 ` Jan Engelhardt
2005-07-22 22:45 ` Donald Murray
2005-07-23 0:26 ` R. DuFresne
2005-07-23 11:11 ` Jan Engelhardt
2005-07-23 22:25 ` R. DuFresne
2005-07-24 7:33 ` Jan Engelhardt
2005-07-24 11:18 ` R. DuFresne
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.