GRE Mux

Everyone:

I have recently been building FreeBSD VPN servers which can accept
50 to 100 PPTP connections. PPTP is, essentially, PPP over GRE
(with a TCP control connection), so we have large numbers of
packets passing in and out using GRE. Unfortunately, GRE on FreeBSD
doesn't currently have a multiplexing function as does TCP. If
userland PPP and pptpd are used to handle the PPTP sessions, each
GRE packet is passed to the first pptpd process. If the call ID
doesn't match, it's passed to the next, and then the next, and so
on. What's more, each test requires a "bounce" into and out of the
kernel. mpd, which uses netgraph, does more of the work within the
kernel, but the testing still takes place in linear time -- and the
potential delay increases with the number of PPTP sessions that
have been established. The packet is bounced from one netgraph node
to another until one of them accepts it or the packet falls off the
end of the chain.

It seems to me that it might be worth it to implement a
multiplexing function that dispatches the packet directly to the
right process or netgraph node rather than passing it from hand to
hand. Thoughts?

--Brett Glass

_______________________________________________
freebsd-net@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."

Brett Glass wrote:
if it takes you more than 1 day to write a netgraph function to do it
you are taking too many coffee breaks.

mpd could probably do it automatically as it already does a lot of
netgraph munging.


>
> --Brett Glass
>
> _______________________________________________
> freebsd-net@... mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."

_______________________________________________
freebsd-net@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."

At 12:40 PM 3/21/2008, Julian Elischer wrote:
 
>if it takes you more than 1 day to write a netgraph function to do it you are taking too many coffee breaks.

It might be possible to do it, but (a) it would break the interface to mpd and (b) if it it would not help other apps (e.g. pptpd). It would be nice to make both mpd and pptpd work properly with it....

--Brett Glass


_______________________________________________
freebsd-net@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."

On Fri, Mar 21, 2008 at 4:47 PM, Brett Glass <brett@...> wrote:
ng_gif_demux does the same it shouldn't be to hard to come with
something similar for pptp.
If you find the time and do it please share.

>  --Brett Glass
>
>  _______________________________________________
>  freebsd-net@... mailing list
>  http://lists.freebsd.org/mailman/listinfo/freebsd-net
>  To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."
>
_______________________________________________
freebsd-net@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."

At 04:50 PM 3/21/2008, Ermal Luçi wrote:

>ng_gif_demux does the same it shouldn't be to hard to come with
>something similar for pptp.
>If you find the time and do it please share.

If I do it, I certainly will. I'd need to work with the developers
of mpd to make sure that the two would work together. The main
disadvantage of doing this as a netgraph node rather than as a
direct kernel hack is that other PPTP implementations would not
be able to use the netgraph node without massive recoding. If it
was set up more like an ordinary UDP "listen", it would have
wider applicability and it would be easy to create a netgraph
stub for it.

--Brett Glass

_______________________________________________
freebsd-net@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."

ext Brett Glass wrote:
> At 12:40 PM 3/21/2008, Julian Elischer wrote:
>  
>> if it takes you more than 1 day to write a netgraph function to do it you are taking too many coffee breaks.
>
> It might be possible to do it, but (a) it would break the interface to mpd
> and (b) if it it would not help other apps (e.g. pptpd). It would be nice
 > to make both mpd and pptpd work properly with it....

mpd can attach to arbitrary netgraph things...


> --Brett Glass
>
>
> _______________________________________________
> freebsd-net@... mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."

_______________________________________________
freebsd-net@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."

At 02:42 PM 3/22/2008, Julian Elischer wrote:
 
>mpd can attach to arbitrary netgraph things...

Yes, it can; however, there's no way in its configuration language
to say, "set up a PPTP connection, but let this netgraph node do the
demultiplexing." (Or, better, let the kernel do the demultiplexing.)
So, mpd would need to be modified so that when you told it to set up
a pptp server, it did the right thing. Not hard, I'm sure, but it would
need to be coordinated.

--Brett

_______________________________________________
freebsd-net@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."

On Sun, Mar 23, 2008 at 12:31 AM, Brett Glass <brett@...> wrote: It is just a matter of connecting the right hooks, no?!
_______________________________________________
freebsd-net@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@..."