From owner-freebsd-questions Thu Jun 27 11: 7:22 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.flarion.com (mail.flarion.com [63.103.94.23]) by hub.freebsd.org (Postfix) with ESMTP id 26FE737B48B; Thu, 27 Jun 2002 11:06:26 -0700 (PDT) Received: by rrmail01.lab.flarion.com with Internet Mail Service (5.5.2653.19) id ; Thu, 27 Jun 2002 14:06:23 -0400 Message-ID: <8C92E23A3E87FB479988285F9E22BE46FDE788@ftmail.lab.flarion.com> From: Matt Impett To: 'Randall Stewart' , Matt Impett Cc: 'Julian Elischer' , Lars Eggert , "'freebsd-net@freebsd.org'" , "'freebsd-questions@freebsd.org'" Subject: RE: source address based routing Date: Thu, 27 Jun 2002 14:06:19 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Randall Stewart wrote: > Matt: > > Curiosity drives me to ask the question... > > Where is the Foreign agent (FA)? > > In most mobile IP scenarios I have been familar with (granted a > limited set.. and I have a tiny idea of how it should work > that may be dated) the mobile has a FA. The FA is either > co-located inside the mobile.. which in that case it would > have the tunnel back to the home agent... OR the FA is a > box somewhere in your network that picks up the packets > from the wire and then encapsulates them and stuffs them > back up the tunnel to the home agent... I think this is your > "access box" if I read things correctly. I didn't know how familiar people were with MIP, so I left out some details. You are correct though that our "access box" is also our FA. > In such a case the "access box" SHOULD have a valid address > on the network and should have its tunnel going from it > to the home agent. Yes. > > All the FA needs to do is grab the packets sourced from these > mobiles. I would think the firewall should be able to redirect > these to your code much like the nat something like > > ... add divert natd all from any to any via ... > > This will get your user space code all of the packets > going by on this box. From there I would think you could > write code that would look at the sources and put them into > the right tunnels... Not sure if you could use the GIF tunnel > itself... or just write the tunneling software yourself... probably > there is a creative way to do this with one of th GIF tunnels... You are absolutely correct that all the FA needs to do is grab packets sourced from the mobile and send them out a reverse tunnel. The problem is that routing in BSD is only destination based. I could do: ... add divert natd all from any to any via ... which would divert the mobiles packets up to user space. From here, though, how do I put them into the right tunnel??? Remember that I have no routing table entry which points to one of the tunnels, because routing table entries are destination based and I have no destination IP that I want to use the tunnel, only source addresses. I guess what my user space process could do would be just to take the IP packet that was diverted up to it and send it out a RAW IP socket to the HA address. This should work!! It is a little strange, in that I will not be using a kernel level tunnel device (ie. GIF devices). Also, all reverse tunneled packets (which could be all traffic from the mobile nodes) now has to take a trip up into user space. I would hate to see what this does to the throughput, but this should work. It would be nice if I could create two ng_ksockets, one bound to a divert port, and the other bound to inet/raw/ip, so that packets diverted to the divert port would get passed to the inet/raw/ip hook and go out the IP stack. Is this possible??? thanks, matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message