Hello Clicklist, I recently worked on a couple of assignments in a course about wireless routing. While programming my static click router I stumbled upon something about which I'd like to know whether it works as intended or should be changed.
When creating a FromDevice element in userspace, we disabled the sniffer mode via "SNIFFER false" to prevent the kernel from receiving and routing packets itself. We wanted all the traffic to pass through our click router. Though this resulted in the correct placement of a drop all rule in the iptables INPUT chain we encountered quite an amount of duplicate packets in our network when routing over more than one hop. After some debugging we detected the kernel to be the culprit. Though our click router was doing fine, packets that arrived at an interface but were not destined for this node, i.e. needed to be forwarded, were still sent to the kernel. This being due to the routers having ip_forwarding enabled in /proc/sys/net/ipv4/ip_forward and packets not for the local system never passing the INPUT chain but instead going directly to the FORWARD chain. Thus they elude the drop rule and appeared in our FromHost element that was supposed to grab locally generated traffic. For example a ping packet was then received once on a device, went through our click router and sent out on another device. At the same time the packet was received by the kernel, routed through its routing table, sent to our FromHost element, routed through click and sent out via a ToDevice. And so one ping becomes two... My question resulting from that is; Does this work as intended? If so, should there be a comment or note in the click documentation of the FromDevice element that informs the user about this. E.g. "When using click it is assumed that packet forwarding of the underlying kernel is disabled" or "SNIFFER false only blocks packets destined for the local machine". Greetings Bernd PS.: Below is a more complete description of our setup The setup contains of three wireless nodes running openwrt-backfire, each with an ethernet interface and two wireless ones. Goal of the assignment was to connect the nodes via wireless networks, one of them taking the role of a gateway router to the other networks. Click has to run in userspace. example: 10.69.1.1 <- node1 -> 10.69.2.1, 10.69.2.2 <- node2 -> 10.69.3.1, 10.69.3.2 <- node3 Also all of the nodes are attached to a stepping stone via their ethernet interface, node1 was supposed to route the traffic for the eth0 of node2 and node3 also. All networks are /24. The click router is supposed to route all traffic, locally generated and otherwise received. I can provide a sample configuration of the nodes if required. _______________________________________________ click mailing list [email protected] https://amsterdam.lcs.mit.edu/mailman/listinfo/click
