Hi guys, Now, I''m looking for a method to modify packet headers/contents when they arrive at xen bridges (e.g. xenbr0). For example, I consider a following operation; when a xen bridge recieves a packet(frame), it firstly encrypts the content using a predefined key, and then forwards it to other host/router. Is is possible to add such functionality to the xen bridge ? Any ideas, comments or suggestions are welcome. Thanks in advance. -- View this message in context: http://www.nabble.com/Packet-modification-on-Xen-virutal-Bridge-tp24234052p24234052.html Sent from the Xen - User mailing list archive at Nabble.com. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Thaddeus Hogan
2009-Jun-27 23:45 UTC
Re: [Xen-users] Packet modification on Xen virutal Bridge
I''m not sure how you would generically intercept and modify packets short of writing a module for netfilter. But if you are looking specifically to encrypt in tunnel packets to another location I would recommend OpenVPN. Xen bridges are just Linux bridge interfaces, and so can be used to bridge any networking devices. For example you could run OpenVPN and create a tap0 device for the VPN, then add that device to xenbr0. Now when you connect an OpenVPN client to that host, all traffic on the xenbr0 bridge will be mirrored to tap0, which will then be present on tap0 on the other side of the VPN link. I would suggest thought that you try to accomplish your task at layer-3 since IMHO routing is simpler in implementation than bridging over a VPN. Can you provide more details on what it is you''re trying to do? ----- Original Message ----- From: "nikki-2009" <n.kawaguti@gmail.com> To: xen-users@lists.xensource.com Sent: Saturday, June 27, 2009 10:28:12 AM GMT -06:00 US/Canada Central Subject: [Xen-users] Packet modification on Xen virutal Bridge Hi guys, Now, I''m looking for a method to modify packet headers/contents when they arrive at xen bridges (e.g. xenbr0). For example, I consider a following operation; when a xen bridge recieves a packet(frame), it firstly encrypts the content using a predefined key, and then forwards it to other host/router. Is is possible to add such functionality to the xen bridge ? Any ideas, comments or suggestions are welcome. Thanks in advance. -- View this message in context: http://www.nabble.com/Packet-modification-on-Xen-virutal-Bridge-tp24234052p24234052.html Sent from the Xen - User mailing list archive at Nabble.com. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
nikki-2009
2009-Jun-28 12:40 UTC
Re: [Xen-users] Packet modification on Xen virutal Bridge
Thank you for prompt response. So, what i actually try to do is to append data to payloads of packets whcih are sent by domain U, and then restransmit the packets to the destinations. After I posted the first message of this thread, I found that libipq API provided by Netfilter might suit my purpose. Thaddeus Hogan wrote:> > I''m not sure how you would generically intercept and modify packets short > of writing a module for netfilter. But if you are looking specifically to > encrypt in tunnel packets to another location I would recommend OpenVPN. > > Xen bridges are just Linux bridge interfaces, and so can be used to bridge > any networking devices. For example you could run OpenVPN and create a > tap0 device for the VPN, then add that device to xenbr0. Now when you > connect an OpenVPN client to that host, all traffic on the xenbr0 bridge > will be mirrored to tap0, which will then be present on tap0 on the other > side of the VPN link. > > I would suggest thought that you try to accomplish your task at layer-3 > since IMHO routing is simpler in implementation than bridging over a VPN. > > Can you provide more details on what it is you''re trying to do? > > > ----- Original Message ----- > From: "nikki-2009" <n.kawaguti@gmail.com> > To: xen-users@lists.xensource.com > Sent: Saturday, June 27, 2009 10:28:12 AM GMT -06:00 US/Canada Central > Subject: [Xen-users] Packet modification on Xen virutal Bridge > > > Hi guys, > > Now, I''m looking for a method to modify packet headers/contents when they > arrive at xen bridges (e.g. xenbr0). For example, I consider a following > operation; when a xen bridge recieves a packet(frame), it firstly encrypts > the content using a predefined key, and then forwards it to other > host/router. > > Is is possible to add such functionality to the xen bridge ? > Any ideas, comments or suggestions are welcome. > > Thanks in advance. > > -- > View this message in context: > http://www.nabble.com/Packet-modification-on-Xen-virutal-Bridge-tp24234052p24234052.html > Sent from the Xen - User mailing list archive at Nabble.com. > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >-- View this message in context: http://www.nabble.com/Packet-modification-on-Xen-virutal-Bridge-tp24234052p24241186.html Sent from the Xen - User mailing list archive at Nabble.com. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users