[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] multiple network interfaces

From: Leon Woestenberg
Subject: Re: [lwip-users] multiple network interfaces
Date: Wed, 09 Jun 2004 14:08:30 +0200

Hello Jim,

thanks for your input.

Yes, I think you are right that lwIP needs enhancements in these
areas. It should not be hard to add this though, the structures
are in place and the code is there (tm).

ip_route() wants to see the destination address on any of the local
networks, or otherwise will select the default gateway.

The routing code currently has no interfaces to add or remove routes
with their own gateway addresses. So this is work to be done.

Regarding sending DHCP requests: You want to direct them to a single
interface (which is not configured yet, so non-selectable by its
IP address). This would need extra info, probably in the UDP PCB's
to be carried. We probably then would have a udp_ioctl() call that
attaches the PCB to a particular network link.

Also the ARP table must be enhanced to also store the interface in
the table. (Or, have a per-interface table).

Other areas in which lwIP may scale upwards is support for bonding,
bridging, firewalling, IGMP, multicast routing etc.

However, there is a point where you are better of selecting a full
BSD (based) TCP/IP stack over lwIP, as the goals of the stacks are



On Wed, 2004-06-09 at 01:49, Jim Gibbons wrote:
> We are about to add a enable a second interface on a system running
> lwIP.  I am concerned about DHCP and udp/tcp routing issues.
> The system in question is a security product that will sit between an
> unsecured external network having public servers and a secured 
> internal network.  The internal network may be of significant size,
> and may itself contain multiple subnets connected by routers.  The
> external network is exposed to the internet as a whole.
> My concern focuses on ip_route in ip.c, and upon the protocols that
> use it.  ip_route looks for a netif with a subnet that encompasses the
> destination IP address.  If it finds one, then that one is returned. 
> If it doesn't, then netif_default is returned.  This obviously works
> well for a single netif, but I'm not so sure about multiple
> interfaces. 
> For example, DHCP uses udp_send to transmit its discovery packet.  The
> destination address is the IP broadcast address, 
> udp_send in its turn relies on ip_route to find the interface for
> sending the packet.  Since the convention for unassigned netif's is to
> set the address, gateway and mask to 0, any of the netif's with
> unassigned IP addresses could be selected by ip_route.  Thus the first
> netif in the list with an unassigned address will be returned.  I
> think that this would then lead to all of the DHCP discovery packets
> going out the same interface.
> It seems that related problems could also occur for UDP and TCP
> transmissions.  In general, one would have to have routing tables of
> some kind to do a really good job.  I certainly wouldn't want lwIP to
> go that far.  In our case, though,  we are always responding to
> external transmissions.  For example, we listen on a TCP port and only
> respond after a connection is initiated from outside our box.  So it
> would seem to make sense to just use the netif that carried the
> inbound traffic.   But this doesn't appear to be the way that UDP and
> TCP transmissions work.  Instead, they seem to be using ip_route to
> find the destination netif, and ip_route looks only at the destination
> IP address.  If it isn't on the subnet for one of the netif's then
> netif_default will be used.  I guess this is the same as saying that
> lwIP can only use one gateway.  I hope to use more than one.
> Again, I may be missing something in the code.  I hope I am.  Are my
> concerns about multiple netif's groundless, or is there really
> something to be worried about?
> -- 
> Jim Gibbons
> address@hidden
> Gibbons and Associates, Inc.
> TEL: (408) 984-1441
> 900 Lafayette, Suite 704, Santa
> Clara, CA
> FAX: (408) 247-6395
> ______________________________________________________________________
> _______________________________________________
> lwip-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/lwip-users

reply via email to

[Prev in Thread] Current Thread [Next in Thread]