From owner-freebsd-ipfw@FreeBSD.ORG Wed Oct 20 14:19:39 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3259016A4CE for ; Wed, 20 Oct 2004 14:19:39 +0000 (GMT) Received: from smtp-bedford.mitre.org (smtpproxy1.mitre.org [192.160.51.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B80443D39 for ; Wed, 20 Oct 2004 14:19:38 +0000 (GMT) (envelope-from feighery@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.11.6/8.11.6) with SMTP id i9KEJb017095 for ; Wed, 20 Oct 2004 10:19:37 -0400 Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (Postfix) with ESMTP id 6D67EBF86 for ; Wed, 20 Oct 2004 10:19:37 -0400 (EDT) Received: from MAILHUB2 (mailhub2.mitre.org [129.83.221.18]) by smtp-bedford.mitre.org (8.11.6/8.11.6) with ESMTP id i9KEJbY17016 for ; Wed, 20 Oct 2004 10:19:37 -0400 Message-Id: <200410201419.i9KEJbY17016@smtp-bedford.mitre.org> Received: from mm110211-pc.mitre.org (128.29.14.12) by mailhub2.mitre.org with SMTP id 5348562; Wed, 20 Oct 2004 10:19:30 -0400 From: "Patrick D. Feighery" To: Date: Wed, 20 Oct 2004 10:19:30 -0400 Organization: The MITRE Corporation MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Thread-index: AcS2r8/mHLeOtEp8Rm2QIL1mZO3iRg== Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: "'Patrick D. Feighery'" Subject: Divert and IPv6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Oct 2004 14:19:39 -0000 I have created a transparent transport layer Performance Enhancing Proxy (PEP) application to increase the performance of TCP applications over satellites and other challenged environment based on the SCPS transport layer protocol (www.scps.org). This PEP works by spoofing TCP applications. Essentially, when the PEP see an incoming SYN, it spoofs the connection and creates two separate transport layer connections, one to the end system and a second with an enhanced version of TCP with parameters more appropriate and tuned for the challenged resource. The peer PEP on the far end of the challenged resource, terminates the enhanced TCP connection and opens up a third TCP connection to the actual destination. Only the source and destination IPv4 address are present in the IP packets that are sent though the network. I have used the divert utility with great success to pass packets to/from kernel and application space in the PEP boxes. When I ported this application to Linux, I created a version based on the TAP interface and bridging. A side effect of this method is PEP sees all traffic. Now I have been tasked to port this application to IPv6. What is the status of divert for IPv6? From some postings it does not appears to be production quality yet. If not, are there other techniques that I could use to pass data between the kernel and application space. My initial implementation would assume no extension headers are present. Just for some background here are the divert rules from the IPv4 version of the PEP, 10.20.2.4 and 10.20.4.4 and the IP addresses associated with sis0 and sis1 of the PEP box. loo4# ipfw show 10002 0 0 allow ip from any to 10.20.2.4 10003 0 0 allow ip from any to 10.20.4.4 10004 0 0 allow ip from 10.20.2.4 to any 10005 0 0 allow ip from 10.20.4.4 to any 10006 0 0 divert 53000 tcp from any to any in recv sis0 setup 10007 0 0 divert 53001 tcp from any to any in recv sis1 setup 10008 0 0 divert 52000 tcp from any to any in recv sis0 10008 0 0 divert 52000 tcp from any to any in recv sis1 65535 401940 346429780 allow ip from any to any And help would be greatly appreciated. Best Regards Pat Feighery feighery@mitre.org