On Thu, 2005-03-31 at 15:41, Ben Greear wrote:
> I created a new virtual ethernet device that solves a problem
> I faced. I thought I'd see if anyone else sees a use for this,
> and if so, I'll work to polish the patch so that it can be
> accepted into the kernel.
> The redirect device is fairly simple:
> You create a pair of them, each associated with each other.
> When you transmit on one, the other one receives a packet.
> The devices are presented as regular ethernet devices, and they
> have MACs, will do ARP, and other such things.
> I use these in the following manner:
> I have a software bridge that works by registering a protocol for all
> packets on, for example, eth1, and it will forward these packets to another
> device. In my case, the other device will be one of the re-direct interfaces
> (rdd0). Both eth1 and rdd0 will NOT have any IP configuration. This keeps
> the stacks from interfering with my bridge. rdd1 will have the IP address
> would normally be associated with eth1.
> This allows me to have total control of the packets flowing between the
> ethernet interface and the ethernet and higher level protocols on the rdd1
> I believe this is the only way to have such total control of packets, for
> both inspection
> and arbitrary modification, before the packets hit the protocol handlers.
I must be missing something: What is it that this device can do that the
mirred action cant do?
Or in general the action framework on the ingress side?
We can redirect to any arbitrary device; we can mirror to any arbitray
device; we can drop, mangle packets identified via classification rules
in any arbitrary way etc