ip_route_me_harder question...

ip_route_me_harder question...

[Pablo Cingolani]

Refered to a question posted by "Zeeshan Ali <zeelists@yahoo.com>" a couple of days ago, I've suggested him to
use ip_route_me_harder after changing a packet's saddr/daddr (at NF_IP_PRE_ROUTING).
I've noticed that it doesn't work because after the hook changes the packet, ip_rcv_finish() calls
 skb->dst->input(skb) which seems to setted to something like 'dst_discard' (instead of 'ip_forward()' which is
what I was expecting).
Can someone give me a hint on what is wrong / what should be done to (correctly) change the routes 
so that the packet is forwarded? 
Thank you
   Pablo

P.S.: Packet's saddr is changed to a local one.

Re: ip_route_me_harder question...

[Jon]

This is a good question. I've noticed that sometimes it's needed and 
sometimes it isn't. We implemented a routing protocol where all the 
packets were bumped up to userspace and after fiddling with the routing 
system for a long time, we ended up using some code from iproute2 to 
change the table before reinjecting the packet (unmodified). This 
alleviated our route_me_harder() issues. But another protocol we were 
looking at during our implementation used route_me_harder() and it 
seemed to work fine. Very confusing.

Regards,
Jon Webb
Computer Communications Research Group
University of California at Santa Cruz

Pablo Cingolani wrote:

>Refered to a question posted by "Zeeshan Ali <zeelists@yahoo.com>" a couple of days ago, I've suggested him to
>use ip_route_me_harder after changing a packet's saddr/daddr (at NF_IP_PRE_ROUTING).
>I've noticed that it doesn't work because after the hook changes the packet, ip_rcv_finish() calls
> skb->dst->input(skb) which seems to setted to something like 'dst_discard' (instead of 'ip_forward()' which is
>what I was expecting).
>Can someone give me a hint on what is wrong / what should be done to (correctly) change the routes 
>so that the packet is forwarded? 
>Thank you
>   Pablo
>
>P.S.: Packet's saddr is changed to a local one.
>
>  
>

Re: ip_route_me_harder question...

[Zeeshan Ali]

Hello,
  I thought your reply implicitly suggested to try
route_me_hard () instead of ip_route_me_hard (), so i
gave it a try. The compiler is happy but not the
kernel. Most probably because the route_me_hard () is
not accessible to all? Bye.

--- Jon <jon_webb@binary-one.com> wrote:
> This is a good question. I've noticed that sometimes
> it's needed and 
> sometimes it isn't. We implemented a routing
> protocol where all the 
> packets were bumped up to userspace and after
> fiddling with the routing 
> system for a long time, we ended up using some code
> from iproute2 to 
> change the table before reinjecting the packet
> (unmodified). This 
> alleviated our route_me_harder() issues. But another
> protocol we were 
> looking at during our implementation used
> route_me_harder() and it 
> seemed to work fine. Very confusing.
> 
> Regards,
> Jon Webb
> Computer Communications Research Group
> University of California at Santa Cruz



__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

ip_route_me_harder question

[Giant Sand Fan's]

Hi,

I have a netfilter module that needs to reroute a packet after
unpacking it (minimal encap) in NF_IP_PRE_ROUTING, because the dst
changes. But even when a ip_route_me_harder with RTN_LOCAL works
(ret==0) the packet disappears.

The question is , do i need to use ip_route_me_harder? because when
the dst of encapsulated packet is the local machine it works.

thanks.

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Re: ip_route_me_harder question

[Patrick McHardy]

Giant Sand Fan's wrote:
> Hi,
> 
> I have a netfilter module that needs to reroute a packet after
> unpacking it (minimal encap) in NF_IP_PRE_ROUTING, because the dst
> changes. But even when a ip_route_me_harder with RTN_LOCAL works
> (ret==0) the packet disappears.
> 
> The question is , do i need to use ip_route_me_harder? because when
> the dst of encapsulated packet is the local machine it works.

You don't need rerouting in *PRE*ROUTING, regular routing will
take care of this.

Re: ip_route_me_harder question

[Giant Sand Fan's]

Thanks, yes, i had check the sk_buff->entry in prerouting and post and
saw how it changes.

I understand that only had to call ip_route_me_harder in a hook
handler after a "routing block" if you have change the ip addresses.

2009/1/12 Patrick McHardy <kaber@trash.net>:
> Giant Sand Fan's wrote:
>>
>> Hi,
>>
>> I have a netfilter module that needs to reroute a packet after
>> unpacking it (minimal encap) in NF_IP_PRE_ROUTING, because the dst
>> changes. But even when a ip_route_me_harder with RTN_LOCAL works
>> (ret==0) the packet disappears.
>>
>> The question is , do i need to use ip_route_me_harder? because when
>> the dst of encapsulated packet is the local machine it works.
>
> You don't need rerouting in *PRE*ROUTING, regular routing will
> take care of this.
>



-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html