lwip-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] multiple network interfaces


From: Jim Gibbons
Subject: [lwip-users] multiple network interfaces
Date: Tue, 08 Jun 2004 16:49:56 -0700
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

We are about to add a enable a second interface on a system running lwIP.  I am concerned about DHCP and udp/tcp routing issues.

The system in question is a security product that will sit between an unsecured external network having public servers and a secured  internal network.  The internal network may be of significant size, and may itself contain multiple subnets connected by routers.  The external network is exposed to the internet as a whole.

My concern focuses on ip_route in ip.c, and upon the protocols that use it.  ip_route looks for a netif with a subnet that encompasses the destination IP address.  If it finds one, then that one is returned.  If it doesn't, then netif_default is returned.  This obviously works well for a single netif, but I'm not so sure about multiple interfaces.

For example, DHCP uses udp_send to transmit its discovery packet.  The destination address is the IP broadcast address, 255.255.255.255.  udp_send in its turn relies on ip_route to find the interface for sending the packet.  Since the convention for unassigned netif's is to set the address, gateway and mask to 0, any of the netif's with unassigned IP addresses could be selected by ip_route.  Thus the first netif in the list with an unassigned address will be returned.  I think that this would then lead to all of the DHCP discovery packets going out the same interface.

It seems that related problems could also occur for UDP and TCP transmissions.  In general, one would have to have routing tables of some kind to do a really good job.  I certainly wouldn't want lwIP to go that far.  In our case, though,  we are always responding to external transmissions.  For example, we listen on a TCP port and only respond after a connection is initiated from outside our box.  So it would seem to make sense to just use the netif that carried the inbound traffic.   But this doesn't appear to be the way that UDP and TCP transmissions work.  Instead, they seem to be using ip_route to find the destination netif, and ip_route looks only at the destination IP address.  If it isn't on the subnet for one of the netif's then netif_default will be used.  I guess this is the same as saying that lwIP can only use one gateway.  I hope to use more than one.

Again, I may be missing something in the code.  I hope I am.  Are my concerns about multiple netif's groundless, or is there really something to be worried about?


--
E-mail signature
Jim Gibbons
address@hidden
Gibbons and Associates, Inc.
TEL: (408) 984-1441
900 Lafayette, Suite 704, Santa Clara, CA
FAX: (408) 247-6395



reply via email to

[Prev in Thread] Current Thread [Next in Thread]