-1

I have a problem in which I need to process some packets and send out to more than one interface/network.

My solution is to send the packet to a loopback/dummy interface and based on the Linux routing table packet shall be forwarded to corresponding interface/network.

Problem: packets from the application are sent to loopback/dummy interface but its not forwarded based on routing table.

Is there any way to forward a packet from loopback/dummy interface based on routing table.?

I have tried accept the packet in FORWARD chain in iptables, but packet was not coming here. I tired enabling /ipv4/ip_forwarding, this also didnt help.

edit My device is an intermediate device that collect packet from One interface (WAN) and manipulates each packet and forward it to proper destination (different LAN). Now my problem is I don't know which interface to send as there are n number of out interface. I need to direct the packet based on the ip.dst in the incoming packet.

hardillb
  • 1,552
  • 2
  • 12
  • 23
Shihab Pullissery
  • 47
  • 7
  • Not exactly. i process packets which have multiple destination ip.eg : 10.10.10.1 or 20.20.20.1 or 30.30.30.1 , and in my system i have 3 interface corresponding to these subnets. now i want to send packets to each interface based on its subnet. I cannot create socket with all the 3 interface and check the destination ip and forward it. – Shihab Pullissery Nov 24 '20 at 13:42
  • I can have more than 3 or 4 destination subnet. so i was thinking to send all the packets to a loopback interface and then based on linux routing system shall forward the packet to correct interface. – Shihab Pullissery Nov 24 '20 at 13:43
  • This is all I have. one application that generates packets to different ip address. I need to route the packets to each interface based on routing table. Im looking for a solution. I though of using loopback which is not working – Shihab Pullissery Nov 24 '20 at 14:07
  • Lan interface is dynamic. An admin can add/remove interface or network. So i cannot create a single socket in my application which will server only 1 network/interface. – Shihab Pullissery Nov 24 '20 at 14:11
  • let me state this way. An admin controls the interface/network list in the device. I own the application that will generate packet to every LAN interface, that Admin create. I cannot use broadcast/multicast. Need to send unicast packets. So if admin creates 3 network. my application generates packet and shall send to 3 network gateway. and he removes 1 my application need to send to 2 network gateway. So what i can think of is only routing using routing table. so every time Admin creates/deletes network routing table will be updated automatically. – Shihab Pullissery Nov 24 '20 at 14:18
  • The application must know how many destinations are available anyway to know how many packets to send. So Anyway the application has to be aware of the dynamic topology and has to adapt. Take a bind9 (DNS) server: it detects itself when a new interface appears and adapts accordingly. Here's an example from logs I just triggered `Nov 24 14:21:52 host named[401040]: listening on IPv4 interface test1, 192.0.2.2#53` – A.B Nov 24 '20 at 14:23
  • deleted the interface => `Nov 24 14:24:57 host named[401040]: no longer listening on 192.0.2.2#53` . Have the application handle this. – A.B Nov 24 '20 at 14:25
  • Thankyou for your comments. But this is not going to help. the number of lan interface is not limited to 1 or 2. it can be 100, so its not possible to listen/send to each interface separately. – Shihab Pullissery Nov 24 '20 at 14:34
  • 1
    You need to [edit](https://serverfault.com/posts/1043729/edit) the question to explain in more detail the problem you are actually trying to solve here. Also with TCP you can't send a single packet to multiple destinations, as the TCP stack will only be expecting a sync/ack handshake with a single target – hardillb Nov 25 '20 at 11:15
  • I never said its TCP packet. And am sending out the packet with raw socket. – Shihab Pullissery Nov 26 '20 at 05:51
  • Question refracted with actual scenario. – Shihab Pullissery Nov 26 '20 at 05:56

3 Answers3

0

I think you are over thinking this.

If your application is a server then you just bind to 0.0.0.0 which will listen on ALL available local interfaces (this will work as interfaces are added/removed). If you just reply on the socket returned by accept() when a client connects it will automatically pick the right local IP address to reply from and it will be routed out via the correct interface.

If your application is initiating a connection to a remote machine, then you will need to know the host address ahead of time to set the correct destination address, you can't just send a single packet and expect the OS to send that via all the interfaces if you are using unicast. For this you WILL need to keep track of all the live interfaces on your machine and then derive the destination IP address based on the local address/subnet.

hardillb
  • 1,552
  • 2
  • 12
  • 23
  • Thanks for the answer. But this is not the case. My application is an intermediate application that collects packet from WAN manipulates and forward packet to LAN> so I don't make any connection. just collect using raw socket and send using raw socket. – Shihab Pullissery Nov 26 '20 at 05:58
  • OK, so you are doing Deep Packet Inspection, you should have said so to start with. – hardillb Nov 26 '20 at 08:47
  • No Am not doing DPI.am just forwarding packet with small modification. – Shihab Pullissery Nov 26 '20 at 10:25
0

Given the comments I think you probably want to be looking at extending iptables as that will let you intercept/modify/resend a packet on the fly and just let normal routing do it's thing.

e.g. something like this

hardillb
  • 1,552
  • 2
  • 12
  • 23
  • Thanks! can I move a packet from OUTPUT/POSTROUITNG to FORWARD chain.? even using a netfilter hook? Is that something possible.? – Shihab Pullissery Nov 26 '20 at 11:34
  • You wouldn't move from OUTPUT/POSTROUTING to FORWARD, you'd apply the changes either in the INPUT or FORWARD chains and let everything else just work normally – hardillb Nov 26 '20 at 11:58
  • This is my problem!! I'm sending the packet from the application. so its locally generated packet. This go to OUTPUT and then to POSTROUTING. it will not go to INPUT and FORWARD. That's the reason why I have this problem. – Shihab Pullissery Nov 26 '20 at 13:53
  • Yes, but if done from within iptables, the output won't be in the OUTPUT/POSTROUTING because it's not an output from an application, the packet is getting modified inflight. – hardillb Nov 26 '20 at 14:34
0

Issue solved using VETH and namespace instead for dummy/loopback interface.

Shihab Pullissery
  • 47
  • 7