[Click] kerneltun bypassing system routing table?

Shaddi Hasan shaddi at berkeley.edu
Mon Jul 11 16:41:43 EDT 2011 

This turned out to be a foolish mistake on my part. I needed to
disable "accept_local", as my encapsulated packets had a source IP
address of one of the local interfaces. Sorry for the extra traffic.

Shaddi

On Mon, Jul 11, 2011 at 8:57 AM, Shaddi Hasan <shaddi at berkeley.edu> wrote:
> Hi all,
>
>
> I have a simple IP-level forwarder, consisting of the following
> configuration on two directly-connected machines. What I'd like to
> have happen is all packets destined for 192.168.100.0/24 are routed
> through Click, ipip encapsulated and forwarded to the second machine
> (192.168.15.1) which is running a second instance of Click, listening
> on the tun device at 192.168.35.1 (see routing table below).
>
> Using tcpdump on the tun device, I see my traffic is being properly
> encapsulated by Click with the proper destination address,
> 192.168.35.1, but no packets are routed through the eth1 device to the
> other machine. I have verified no packets are getting transferred with
> a physical tap (not KernelTap) on the line. What's confusing me is
> that if I ping 192.168.35.1, I *do* get a response.
>
> Is there something I am missing about the KernelTun element that would
> cause packets sent to it in Click to bypass the system's routing
> table? I'm not sure if this issue is due to a misconfiguration of
> routing rules, misunderstanding of Click, misunderstanding of the tun
> device, or a combination of the three, so apologies if this is not
> actually a Click-related issue.
>
> Thanks!
> Shaddi
>
>
> Click conf:
> -------------------------------
> AddressInfo(tun0 192.168.25.0/24);
> tun :: KernelTun(tun0, DEVNAME tun0);
>
> //Click interface from outside Tunnel to Tunnel
> AddressInfo(tunIn 192.168.20.0/24);
> kTunIn :: KernelTun(tunIn, DEVNAME tun_in);
>
> kTunIn -> MarkIPHeader -> IPPrint(TUN_IN, LENGTH true) -> IPEncap(253,
> 192.168.25.1, 192.168.35.1) -> tun;
>
> tun -> StripIPHeader -> MarkIPHeader -> IPPrint(TUN, LENGTH true) -> kTunIn;
> -------------------------------
>
> The relevant lines in my routing table look like this:
>
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 192.168.35.1    0.0.0.0         255.255.255.255 UH    0      0        0 eth1
> 192.168.100.0   192.168.20.1    255.255.255.0   UG    0      0        0 tun_in
> 192.168.20.0    0.0.0.0         255.255.255.0   U     0      0        0 tun_in
> 192.168.35.0    192.168.15.1    255.255.255.0   UG    0      0        0 eth1
> 192.168.15.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
> 192.168.25.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0
>

More information about the click mailing list