From: Logan B <mrbojangles3@gmail.com>
To: Rob Roschewsk <rob@pabut.org>
Cc: Martin Tonusoo <martin@tonusoo.ee>, netfilter@vger.kernel.org
Subject: Re: Unusual packet forwarding task
Date: Thu, 31 Oct 2024 10:45:43 -0400 [thread overview]
Message-ID: <CAFR4Civ3JngUGA04eV3hD1_Z8tpJN09LPa6x-qf3CAyLcJet1g@mail.gmail.com> (raw)
In-Reply-To: <CAE1O4xpVpX94Lt9P8JoYgVf7vcuwhv06oR5Lt3ipHRsHWr7p2w@mail.gmail.com>
Rob,
I have a feeling that this can be accomplished with some manually
added match/actions inside of ovs. Specifically using ovs-ofctl.
I would add both ports into an ovs bridge
Using your criteria to specify the match and action. Writing a flow
match by hand involves some trial and error. Something like the
following, though I haven't tried it out
ovs-ofctl add-flow br0
in_port=0,udp,nw_src=192.168.17.36,nw_dst=172.16.20.3
actions=mod_nw_src:10.0.0.2,mod_nw_dst:10.0.0.1,output:1
This there is a lot of flexibility on matching [1] and the actions
[2]. If the network is is full of traffic that you don't care about,
you could add a rule to drop a lot of traffic that you don't care
about.
I hope this helps.
[1] https://www.man7.org/linux/man-pages/man7/ovs-fields.7.html
[2] https://www.man7.org/linux/man-pages/man7/ovs-actions.7.html
On Fri, Oct 25, 2024 at 9:57 AM Rob Roschewsk <rob@pabut.org> wrote:
>
> Thanks Martin!
>
> I'm not at the point of adding code to this project yet ... close but
> not yet :) This will certainly give me a head start if that happens.
> -> Rob
>
>
> On Fri, Oct 25, 2024 at 4:39 AM Martin Tonusoo <martin@tonusoo.ee> wrote:
> >
> > Hi Rob,
> >
> > perhaps something like this will do:
> > https://gist.github.com/tonusoo/0490bc5cf564689f3999f1de4eef098d
> >
> > On Debian based distributions the dependencies can be installed with
> > "apt install --no-install-recommends python3-pcapy python3-scapy".
> > Pcapy is a wrapper library for libpcap which processes the filter in
> > Berkeley Packet Filter syntax, builds the binary bytecode and
> > eventually sends it to the kernel via the SO_ATTACH_FILTER. Thus,
> > there should be very little impact on throughput or CPU usage.
> >
> > I used a following systemd service to manage the script:
> >
> > root@deb12-1:~# systemctl cat packet-forwarder
> > # /etc/systemd/system/packet-forwarder.service
> > [Unit]
> > Description=Forwards certain packets received on eth0 out from eth1
> > After=network.target
> >
> > [Service]
> > Type=simple
> > Restart=always
> > ExecStart=/usr/local/sbin/packet-forwarder.py
> >
> > [Install]
> > WantedBy=multi-user.target
> > root@deb12-1:~#
> >
> >
> > Martin
>
--
Logan
prev parent reply other threads:[~2024-10-31 14:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-24 22:21 Unusual packet forwarding task Rob Roschewsk
2024-10-25 8:38 ` Martin Tonusoo
2024-10-25 13:56 ` Rob Roschewsk
2024-10-31 14:45 ` Logan B [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFR4Civ3JngUGA04eV3hD1_Z8tpJN09LPa6x-qf3CAyLcJet1g@mail.gmail.com \
--to=mrbojangles3@gmail.com \
--cc=martin@tonusoo.ee \
--cc=mr.bo.jangles3@gmail.com \
--cc=netfilter@vger.kernel.org \
--cc=rob@pabut.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).