Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Oct 2004 10:19:30 -0400
From:      "Patrick D. Feighery" <feighery@mitre.org>
To:        <freebsd-ipfw@freebsd.org>
Cc:        "'Patrick D. Feighery'" <feighery@mitre.org>
Subject:   Divert and IPv6
Message-ID:  <200410201419.i9KEJbY17016@smtp-bedford.mitre.org>

Next in thread | Raw E-Mail | Index | Archive | Help
 

I have created a transparent transport layer Performance Enhancing Proxy
(PEP) application to increase the performance of TCP applications over
satellites and other challenged environment  based on the SCPS transport
layer protocol (www.scps.org).   This PEP works by spoofing TCP
applications.  Essentially, when the PEP see an incoming SYN, it spoofs the
connection and creates two separate transport layer connections,  one to the
end system and a second with an enhanced version of TCP with parameters more
appropriate and tuned for the challenged resource.  The peer PEP on the far
end of the challenged resource, terminates the enhanced TCP connection and
opens up a third TCP connection to the actual destination.   Only the source
and destination IPv4 address are present in the IP packets that are sent
though the network.   I have used the divert utility with great success to
pass packets to/from kernel and application space in the PEP boxes.

 

When I ported this application to Linux, I  created a version based on the
TAP interface and bridging.  A side effect of this method is PEP sees all
traffic.

 

Now I have been tasked to port this application to IPv6.  What is the status
of divert for IPv6?  From some postings it does not appears to be production
quality yet.  If not, are there other techniques that I could use to pass
data between the kernel and application space.  My initial implementation
would assume no extension headers are present.

 

Just for some background here are the divert rules from the IPv4 version of
the PEP,  10.20.2.4 and 10.20.4.4 and the IP addresses associated with sis0
and sis1 of the PEP box.

 

loo4# ipfw show

10002      0         0 allow ip from any to 10.20.2.4

10003      0         0 allow ip from any to 10.20.4.4

10004      0         0 allow ip from 10.20.2.4 to any

10005      0         0 allow ip from 10.20.4.4 to any

10006      0         0 divert 53000 tcp from any to any in recv sis0 setup

10007      0         0 divert 53001 tcp from any to any in recv sis1 setup

10008      0         0 divert 52000 tcp from any to any in recv sis0

10008      0         0 divert 52000 tcp from any to any in recv sis1

65535 401940 346429780 allow ip from any to any

 

And  help would be greatly appreciated.

 

Best Regards

 

            Pat Feighery

 

feighery@mitre.org

 

 



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200410201419.i9KEJbY17016>