Conversation
|
Ok, I don't mind this PR in spirit. But I do mind the implementation. So basically - more and nicer abstractions please. The PCAP_D_IN part could be merged right away, so please pull these 4 lines to a separate PR. Finally, I think the same stuff can be achieved with iptables TEE module: ... -t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1 Am I right? |
|
Ad a), b), and e) I assume this refers to almost the entire changeset.
I'll pluck it out and put it in net.c. Would an interface such
as make_peerlist(), free_peerlist(), sendto_peerlist() seem appropriate
or were you thinking something different? As far as I understand your
concern is main.c knowing about network objects such as sockaddrs
(apart from low level stuff in handle_packet), right?
Ad c) I don't know why I missed updating the README, that is an
oversight. Would you like a man-page contribution as well or do you
consider them overrated?
Ad d) I generally object to fixed size arrays, but if you think it
prettier it will be done.
Ad f) While changing and checking the source addresses should prevent
loops among the different peers, best practice is to decrease TTL
when forwarding packets. This will also prevent storms in case of
misconfigurations.
Regarding the TEE module, it will only work on the local network
(meaning layer two). In the layer three the redirected gateway would
just send it back again.
|
Instead of broadcasting mtu messages in the L2 domain, enable L3 forwarding to a list of peers specified on the command line (--peers). If using a peer_list open a raw socket to delegate routing to the OS. Introduce additional check if the packet is sourced from a peer in peer_list, before transmitting. Also pluck the TTL from the inbound packet in order to decrease it before forwarding.
martintopholm
force-pushed
the
l3-forward
branch
from
f4263d0 to
8c63a24
Compare
|
I have tried to work in the requested changes in the recent push to the l3-forward branch. |
2 participants
First patch will add support for resending mtu messages to designated L3 peers. Second patch will add a direction filter to pcap, so only inboud packets are considered.