From: KOVACS Krisztian <hidden@sch.bme.hu>
To: Khoa Nguyen <khoa.coffee@gmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: SNAT round-robin broken?
Date: Mon, 13 Feb 2006 22:30:45 +0100 [thread overview]
Message-ID: <200602132230.48764@krak> (raw)
In-Reply-To: <3d00e6dc0602131301y75cf0398y8c887289b8c994d3@mail.gmail.com>
Hi,
On Monday 13 February 2006 22:01, Khoa Nguyen wrote:
> Before 2.6.11 kernel, the SNAT box was mapping every new socket from
> the Client to a new source IP address. With this, I was able to
> simulate several thousands "virtual" clients. Now with the new
> behaviour, every socket from the Client to the Server is mapped to the
> same random but fixed source IP address. I am sure the new NAT
> implementation is better and cleaner than the old one, but it also
> takes away a nice round-robin feature per socket. Is there any way I
> can achieve the previous behaviour without modifying the kernel source
> code :-( or downgrading to a pre-2.6.11 kernel? (I am writing some
> ip_conntrack/ip_nat modules based on the new 2.6.11+ API, so
> downgrading the kernel is going to be painful)
I see. Well, I don't think this is possible without modifying the kernel
source. However, you could try either modifying the client to use
different IP addresses (by configuring a few thousand IP addresses to the
client and having the client bind() to different IP addresses), or
modifying the kernel to do what you'd like.
I think both of these should be relatively easy (in case you have access
to the client source code). About the kernel: take a look at
find_best_ips_proto() in ip_nat_core.c. At the end of the function
there's a jhash_2words() call, this is responsible for choosing an IP
inside the address range specified. You could easily modify it to produce
a hash value based on the (src, src port, dst) tuple instead of just
(src, dst).
--
KOVACS Krisztian
next prev parent reply other threads:[~2006-02-13 21:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-10 15:22 SNAT round-robin broken? Khoa Nguyen
2006-02-10 21:12 ` KOVACS Krisztian
[not found] ` <3d00e6dc0602130610j3ccc1c2cseaf06598999ab0b2@mail.gmail.com>
2006-02-13 20:45 ` KOVACS Krisztian
2006-02-13 21:01 ` Khoa Nguyen
2006-02-13 21:30 ` KOVACS Krisztian [this message]
2006-02-15 21:47 ` Khoa Nguyen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200602132230.48764@krak \
--to=hidden@sch.bme.hu \
--cc=khoa.coffee@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox