lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 24 Jul 2008 10:34:47 +0200
From:	Ignacy Gawedzki <lkml@...t.net>
To:	Marek Kierdelewicz <marek@...sta.pl>
Cc:	NetDev <netdev@...r.kernel.org>
Subject: Re: TUN/TAP hacking

On Thu, Jul 24, 2008 at 08:50:06AM +0200, thus spake Marek Kierdelewicz:
> Hi Ignacy & netdev,
> 
> > I thought I'd be able to use the TAP interfaces to create some sort
> > of a network emulator.  For a start I just "bridged" two tap
> > interfaces, much in the same way as the example of br_select.c from
> > http://vtun.sf.net , assigned both interfaces different IPv4
> > addresses (both with a /32 prefix),
> 
> As far as I understand you're trying to bridge two interfaces of the
> same host. It's no good for a test network, because local traffic
> (from/to the same host) will always be forwarded locally (via lo?) and
> will never reach any ethX or tapX interface (not without kernel
> hacking).

Well... surely this would happen without a little hack as you say.  Here I
thought that I could use multiple routing tables + ip rules + iptables, but
I'm not 100% convinced that locally generated packets could be marked with
iptables and directed by ip rules to the correct routing table (which would
make no mention of the destination address as a local interface).  I made a
few tests with ping (using -I to specify the outgoing interface), but ARP
resolution failed and I see no way to force the destination stack reply to
echo-requests using a specific routing table (as I intended to do for normal
applications).

>           There's another way... You can use QEMU[1]/KQEMU[2]/KVM[3] for
> guest system virtualization with options that create tapX interfaces
> on host and ethX on guests. Then you can bridge taps the way you want
> (even with eths on your host system) as described in [4][5]. For guest
> system I'd recommend openwrt kamikaze[6]. It's small in terms of system
> image size and memory consumption so you can build a complex virtual
> network of 10+ hosts using only 200MB of disk space and 320MB of ram.

Yeah, I also thought about that one, but if I could avoid the additional
overhead, it would be better.

> Cheers,
> Marek Kierdelewicz

Dzięki anyway. =)

-- 
NO CARRIER
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ