All of lore.kernel.org
 help / color / mirror / Atom feed
* Source based routing using LKM
@ 2012-02-11  9:15 vivek rajagopalan
  2012-02-11 15:27 ` Jan Engelhardt
  0 siblings, 1 reply; 4+ messages in thread
From: vivek rajagopalan @ 2012-02-11  9:15 UTC (permalink / raw)
  To: netfilter

Hi,

I am trying to set the source ip of an RX packet to a local IP in a
pre_route filter (from within a kernel module) but the kernel drops
such a packet during routing phase. By local IP I mean one of the IP
addresses defined on the system running my kernel module. At what
point is the kernel dropping the packet? Is it that the kernel doesn't
like a packet received from the network with a local source IP? Can
this behavior be overridden?

The bigger picture is the following. I have a linux box with 4
interfaces each having multiple local IPs. This box needs to route
packets to multiple remote subnets. In order to successfully route
packets i had to create multiple routing table entries towards every
new remote subnet encountered. However the remote subnets far exceed
the local IPs and hence I was exploring the usage of policy based
source routing so as to minimize the creation of routing entries. With
a destination based routing system i used to modify destination IP in
pre_route hook and source IP in forward_hook. I was wondering how to
mangle the packet in a source based routing scheme

Thanks,
Vivek

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Source based routing using LKM
  2012-02-11  9:15 Source based routing using LKM vivek rajagopalan
@ 2012-02-11 15:27 ` Jan Engelhardt
  2012-02-12  2:12   ` vivek rajagopalan
  0 siblings, 1 reply; 4+ messages in thread
From: Jan Engelhardt @ 2012-02-11 15:27 UTC (permalink / raw)
  To: vivek rajagopalan; +Cc: netfilter

On Saturday 2012-02-11 10:15, vivek rajagopalan wrote:

>I am trying to set the source ip of an RX packet to a local IP in a
>pre_route filter (from within a kernel module) but the kernel drops
>such a packet during routing phase. By local IP I mean one of the IP
>addresses defined on the system running my kernel module. At what
>point is the kernel dropping the packet?

rp_filter comes to mind.

>Is it that the kernel doesn't like a packet received from the network 
>with a local source IP?

It would indicate a spoofing attempt.

>The bigger picture is the following. I have a linux box with 4
>interfaces each having multiple local IPs. This box needs to route
>packets to multiple remote subnets. In order to successfully route
>packets i had to create multiple routing table entries towards every
>new remote subnet encountered. However the remote subnets far exceed
>the local IPs and hence I was exploring the usage of policy based
>source routing so as to minimize the creation of routing entries.

Changing the addresses in-flight breaks end-to-end connectivity. It will 
be better if you would, for example, mark the packets in the RX 
path, based upon your desired criteria, and reuse this mark value to 
select the routing table.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Source based routing using LKM
  2012-02-11 15:27 ` Jan Engelhardt
@ 2012-02-12  2:12   ` vivek rajagopalan
  2012-02-27 19:59     ` vivek rajagopalan
  0 siblings, 1 reply; 4+ messages in thread
From: vivek rajagopalan @ 2012-02-12  2:12 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter

> rp_filter comes to mind.

I did reset rp_filter on all interfaces but it didn't help, not sure
if that is what you suggested

> Changing the addresses in-flight breaks end-to-end connectivity. It will
> be better if you would, for example, mark the packets in the RX
> path, based upon your desired criteria, and reuse this mark value to
> select the routing table.

I will explore this, thanks

Vivek

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Source based routing using LKM
  2012-02-12  2:12   ` vivek rajagopalan
@ 2012-02-27 19:59     ` vivek rajagopalan
  0 siblings, 0 replies; 4+ messages in thread
From: vivek rajagopalan @ 2012-02-27 19:59 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter

>> Changing the addresses in-flight breaks end-to-end connectivity. It will
>> be better if you would, for example, mark the packets in the RX
>> path, based upon your desired criteria, and reuse this mark value to
>> select the routing table.
>
> I will explore this, thanks

Usage of mark (skb->mark in my case) along with policy based routing
helped me achieve what i wanted to do with source address based
routing. Thanks a ton for the pointer

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-02-27 19:59 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-02-11  9:15 Source based routing using LKM vivek rajagopalan
2012-02-11 15:27 ` Jan Engelhardt
2012-02-12  2:12   ` vivek rajagopalan
2012-02-27 19:59     ` vivek rajagopalan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.