First a little background.. I've got a 2.1.82 box with two interfaces, eth0
and tap0. 209.75.166.65 is my net gateway to the rest of the world,
attached to eth0. It (the gateway/router) is routing
209.75.166.32/255.255.255.224 to 209.75.166.83 (eth0 on the linux box). IP
forwarding is on via a "1" to /proc/sys/net/ipv4/ip_forwarding.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
209.75.166.32 0.0.0.0 255.255.255.224 U 0 0 0 tap0
209.75.166.64 0.0.0.0 255.255.255.224 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 209.75.166.65 0.0.0.0 UG 0 0 0 eth0
eth0 Link encap:Ethernet HWaddr 02:60:8C:8D:0D:4E
inet addr:209.75.166.83 Bcast:209.75.166.95 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
tap0 Link encap:Ethernet HWaddr FD:FD:D1:4B:A6:54
inet addr:209.75.166.33 Bcast:209.75.166.63 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
(yes, arp is ON on tap0)
I've been playing with a program that I've written that reads and writes to
/dev/tap0. The program is "emulating" 209.75.166.40. I have successfully
interpreted ARP requests coming from .33 looking for the HW addr of 40, and
replied to them. After doing so, the kernel arp cache contains:
209.75.166.40 ether 2A:2B:2C:2D:2E:2F C * tap0
and subsequent packets to .40 don't generate new arps -- so I know that is
working.
My next step is ICMP echo and reply. I have successfully sent echo requests
from the program at .40 to both .33 and .83 and received a reply. To do so,
I am setting the ethernet header to [2A:2B:2C:2D:2E:2F] -> [FD:FD:D1:4B:A6:54]
and the IP header to (209.75.166.40) -> (209.75.166.33). The reply from the
linux kernel is (correctly) the opposite.
Taking it one step further, if I send an ICMP echo (ping) from off-net to
209.75.166.40, it successfully routes through my internet gateway, in eth0,
and out tap0, and my program receives the echo request. This works as I
expect.
HOWEVER, the one thing I am not able to do is send packets back OUT to the
rest of the world. This is where I am not sure if I am doing something
wrong, or 2.1.82 is just broken :) I believe I am generating proper IP and
ICMP checksums. To send packets, I am setting the ethernet header the same
as before, [2A:2B:2C:2D:2E:2F] -> [FD:FD:D1:4B:A6:54], and setting the IP
header to (209.75.166.40) -> (any.other.internet.ip) .. The packets don't
seem to ever hit the eth0 wire at all. I have run sniffers on the ethernet
on independent machines and I never see the packets from 209.75.166.40. So
far I have only been trying to send ICMP packets (specifically, echos and
echo replys), but i would imagine the problem exists for any IP packet.
Do I have everything set up correctly? Or is there a routing problem in the
kernel here? I am starting to go insane from looking through hex-dumps of packets :)
Thank you in advance for any suggestions...
Jason Harper
jsh@truedesign.com
Oh, on a similar note, I would like to work on a set of tools for using the
ethertap device for creating a "virtual ethernet", tunneling (and
encrypting) the data over ip (tcp?) connections on the net. The main
difference between this and other tunneling solutions is that this would
work at the MAC layer (it would kinda emulate an etherswitch or smart bridge
to cut down on traffic), allowing bridging of any protocol. Before I take
it too far, Is there anyone else working on something similar?