Re: [bwm-tools-tech] Where do bwmd processed packets get sent next?
Brought to you by:
nkukard
Menu
▾
▴
Re: [bwm-tools-tech] Where do bwmd processed packets get sent next?
|
From: Nigel K. <nk...@lb...> - 2008-04-09 15:05:19
|
> However, we cannot do the same with the OUTPUT chain of the filter table. If we > jump those packets over to bwmd, bwmd starts spewing messages related to > truncation. Please provide full logs. Have you tried latest snapshot? > There is an initial burst of data let through, then the stream > sputters and dies. It looks to me like it creates a loop for the data which > causes trouble. It's only processing one 256Kbit/sec flow via a fast ethernet > interface on a Celeron 2.53GHz (Pentium D generation) with 512MB RAM. The > machine is only running bwm_tools and is dedicated to this testing process. Our > production machine will be much beefier and will have multiple gigabit > interfaces run in bridge mode (packets hitting the FORWARD chains mainly). > > So, my question is, where does bwmd reinsert the packets that it processes? Kernel sends the packet header to bwmd, it then acks or nacks it back to the kernel. I think there is one or two threads which handle this, I'll have to check and make sure if you get stuck. > wire in > eth0 > raw PREROUTING > conntrack > mangle PREROUTING > routing > mangle INPUT (here we mark inbound packets for bwmd) > filter INPUT (at the end of this chain, we jump to bwmd) > application (browser, ftp client, web server, whatever) > --- > application > routing > raw OUTPUT > conntrack > mangle OUTPUT (here we mark outbound packets for bwmd) > routing (second pass in case mangle changed something) > filter OUTPUT (logically, this is what should jump to bwmd, but doesn't work) > mangle POSTROUTING > eth0 > wire out Thats the flow ..... bwmtools needs to ack or nack the packets in the kernel queue. This would occur when you jump to bwmd. Packets which are ack'd will come out of the kernel queue and carry on transversal of the chains. > I looked through the code and it was obvious to me that it just waits for > packets, checks link budgets, trims flows, but then I lose track of where that > data exits bwmd and heads back into the networking stack of the OS. I'm sure I > just missed it while skimming the code. The packet header is added to a queue after its been received. There is code there regarding the kernel queue which acks the packet ... if you have trouble finding it, let me know and I'll check the code and show you :) > Can anyone lend some insight on this? To me, it is most important that it work > well with the FORWARD chains, which seems to be the original design intent, but > it would be nice if it could be used for limiting flows originating/terminating > on the host itself, as well. Both ways should work, I've tested both :) I'm curious as to those errors you're getting. > Thanks in advance. If I've boneheaded something, please be gentle. If this > suits our basic needs, we may very well fund future development to smooth some > rough edges and extend the features (particularly, support for more threads). > Heck, I might even write a little code and/or documentation. That would be excellent and very much appreciated. We were also looking at tun/tap support so it would run on other OS's ... but unfortunately funding is a bit of an issue :( Kind regards Nigel |
