Re: [mpls-linux-general] BETA: mpls-linux 1.127

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Jim,

James R. Leu wrote:

> A new beta is availble for download via CVS (tag mpls-linux_1_127).
> 

I start looking at this new release (i'haven't any time before do look 
at previous release ie. 1.126 and 1.108).

I hope i've sufficient time next week to make some test. Meanwhile, can 
you explain me a little your iptable approach. If i'm right, iptables, 
in fact netfilter, look at all packet and mark it with a key.
In your code, you take the opportunities to setup the skb->dst->output 
to mpls_output. I see that the mplsinfo key has migrate from skbuff to 
dst structure. To be sure, (and it's normal) you test that the dst field 
is not null to do this and not previously setup.

My trouble is that in the case of PRE_ROUTING nf_hook (ie. before the 
packet is route) the dst field is not set for the packet. So, if you 
would use the PRE_ROUTING netfilter hook, i think this scenario will 
happen :

  - first packet arrive, dst field is null because no such flow raise 
this Ingress node.
  - PRE_ROUTING netfilter doesn't setup the mpls stuff because the dst 
filed is null
  - the packet continue its journey and get a dst field after calling 
ip_route_input function. The skb->dst->output remain unchange to 
ip_route_output, so this packet is process as usual and not labeled.
  - second packet arrive, dst field is null, and the packet retrieve its 
dst field from the route hash table.

In the case of PRE_ROUTING netfilter setup, (iptables -A INPUT) the 
packets is never labeled.

If it's not a bug, it's preferable to avoid setting mpls-key with 
iptable for the PRE_ROUTING nf_hook.

Second trouble, and i think it's more serious. You can't make difference

for two flows with same IP src and dst address but with different port 
src and/or dst number. PRE_ROUTING dosen't work, so 2 packets comming 
from the same machine to the same machine get the same dst field :-(
The ip_route_input function use IP src, dst address, input/output 
interface number, tos fied and optionnaly fwmark. So, you can't make any 
difference based on the source or destination port number or protocol.

Solution: I'll follow the PRE_ROUTING trak. I think it's possible to 
setup the dst field in netfilter mpls hook. So,

1/ we can make difference between packet based on all field header
2/ we skipp low routing process

What do you think about this ? I am wrong ?

Regards,

Olivier

PS. Your L2CC stuff seems very great.
-- 
  FTR&D/DAC/CPN
  Technopole Anticipa     | mailto:Oli...@fr...
  2, Avenue Pierre Marzin | Phone:  +(33) 2 96 05 28 80
  F-22307 LANNION         | Fax:    +(33) 2 96 05 18 52