Date: Fri, 24 May 2002 16:27:55 +0200 From: Rocco Lucia <rlucia@iscanet.com> To: "Yuri Victorovich" <yvictorovich@optima-hyper.com> Cc: <freebsd-net@freebsd.org> Subject: Re: ng_fwdswitch netgraph node Message-ID: <7014E592-6F22-11D6-9500-000393B296CE@iscanet.com> In-Reply-To: <007501c20324$40ca4920$6c00a8c0@OPTIMA.HQ>
next in thread | previous in thread | raw e-mail | index | archive | help
Re, On Friday, May 24th, 2002, alle 03:09 PM, Yuri Victorovich wrote: > And why make it one-directional only? It shouldn't improve performance. > So it's rather an "IP router" than "fwdswitch". > many2many IP routing node would be useful in many situations. > > Yuri > Well I needed a node that would have forwarded IP packets from a source interface pool to a destination interface pool analyzing source and destination addresses. The very task this node had to accomplish was to nicely behave as an IDS load balancer, whence the monodirectional nature. The source pool would be hooked to the span/mirroring ports to monitor, and the destination pool would be hooked to the IDS sensors. Because of the way a distributed IDS is working I needed to forward them packets in some coherent fashion. The quickest idea to implement was just tag or identify packets flowing to/from an IP network to monitor and forward them to the sensor which is supposed to analyze that data. In this case for each IP network we configure we have a destination hook to forward the traffic. Needless to say that if you want to monitor two different networks and forward them to different destination hooks, since the module does not copy data, it will forward to the first match when we sniff packets which come from one of those and go to the other one. As for treating ng_fwdswitch more like an IP router, well it is not intended to be that. I agree with you about the misleading name, I think I'd have called it something like "basicsrcdstpacketfwd" :-) I'm sorry about that. Rocco -- Rocco Lucia - rlucia@iscanet.com Iscanet Internet Services http://elisa.utopianet.net/~rlucia System and Network Admin C6E6 AC9A 1361 FB38 B47A 2792 9FC4 C52F 7A68 4468 Free unices for a free world. Support *BSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7014E592-6F22-11D6-9500-000393B296CE>