netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Interconnect virtual device?

from [jamal] [Permanent Link][Original]
To: Ben Greear <greearb@xxxxxxxxxxxxxxx>
Subject: Re: Interconnect virtual device?
From: jamal <hadi@xxxxxxxxxx>
Date: 02 Mar 2005 19:27:05 -0500
Cc: "'netdev@xxxxxxxxxxx'" <netdev@xxxxxxxxxxx>
In-reply-to: <42263F6A.3020405@xxxxxxxxxxxxxxx>
Organization: jamalopolous
References: <4222A8F2.6080004@xxxxxxxxxxxxxxx> <1109592365.2188.914.camel@xxxxxxxxxxxxxxxx> <422353C9.6050001@xxxxxxxxxxxxxxx> <1109800554.1091.213.camel@xxxxxxxxxxxxxxxx> <42263F6A.3020405@xxxxxxxxxxxxxxx>
Reply-to: hadi@xxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx 
On Wed, 2005-03-02 at 17:34, Ben Greear wrote:
> jamal wrote:
> 
> > There are two ways to do this:
> > 
> > a) You could redirect to a packet socket - a small extension needed to
> > the redirect action (mostly mechanical details involved like keeping
> > state of which sockets are open etc).
> 
> I'd rather not take this approach, as I'd like to have this
> functionality available in a kernel module as well as user-space.  Netdevices
> are easy to work with in both user-space and kernel-space.

sure - you have modules and user space interface. But lets drop 
it here - I dont like it either because it may end up being a lot of
work.

> > tc filter add dev eth0 .... \
> > match ip src 10.0.0.1/32 \
> > action mirred egress redirect dev ring0
> > 
> > Assuming you have a program running on user space you should receive all
> > packets incoming and/or outgoing on eth0.
> > 
> > And no, you dont need the eth device to have a ip address attached.
> 
> Just mirror-ing will not meet my goal. 

The above was a total redirect, not mirroring; to mirror you would
say "action mirred egress mirror dev ring0"
And for fun you could mirror to multiple devices if you wanted.

>  I may also wish to drop packets
> entirely, before they ever reach any of the protocol stacks.

Of course thats what the actions are for. 

tc packets coming on dev XXXX before stack
 match some header ..
   action drop 

Or to add to the fun factor:

match some header ...
// randomly allow every 10th packet
action drop random netrand ok 10
// and redirect the lucky packet to user space
action mirred egress redirect dev ring0

> That said, a brief glance at the ntop page leads me to believe that
> his packet socket might be interesting for other reasons.  But, I have
> enough fun trying to push my own stuff into the kernel... probably
> won't bother trying to push his stuff in too :)
> 

Clearly above you are trying to reinvent whats already available.
And i pointed to that gent because i think hes done a good job already -
theres no point in reinventing what he already has in particular since
hes spent time to debug it and hes got people using it already (he seems
to be selling some product based on it). If he fails to cooperate then
by all means replicating his work should be fine.

cheers,
jamal
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ip -6 addr flush dev <device> flushes also the autogenerated link-local address, YOSHIFUJI Hideaki / 吉藤英明
Next by Date:  Re: Interconnect virtual device?, jamal
Previous by Thread:  Re: Interconnect virtual device?, Ben Greear
Next by Thread:  Re: Interconnect virtual device?, Thomas Graf
Indexes:  [Date] [Thread] [Top] [All Lists]