Experiments
Replicating Packets to RTMaps
| Solution | Feasability | Comment | Issue |
|---|---|---|---|
| Direct copy |  | See xt_TEE | No native support |
| (x)l2tp |  | Doesn't seem practical | |
| TUN + bridge | | Can't bridge over TUNs | |
| TAP + bridge | | Involves userland and has encapsulation issues | Bridge optimizations only send traffic on the relevant interface () |
| xtables TEE target from xtables-addons |  | May be the best option (only DST MAC is changed) |
TUN
Router Configuration
To ease thigs, the router is configured as a mobilerouters. The HoA is 2001:660:3013:f100::dead:beef and the MNP is 2001:660:3013:dead::/64
$ sudo ip6tables -A INPUT --proto 41 -j ACCEPT # Allow ip6ip6 tunnels $ sudo ip -6 tunnel add stat mode ip6ip6 local 2001:660:3013:dead::1 remote 2001:660:3013:dead:a00:46ff:fee0:dfcc $ sudo ip addr add FDBC:3A78:83C0:1::1/64 dev stat $ sudo ip link set dev stat up
RTMaps Computer Configuration
$ sudo ip -6 tunnel add stat mode ip6ip6 remote 2001:660:3013:dead::1 $ sudo ip addr add FDBC:3A78:83C0:1::2/64 dev stat $ sudo ip link set dev stat up
TAP
Tunnelling Application
See SVN repository.
Promiscuous mode?
$ sudo modprobe tun $ sudo ./stap info: TAP stap0 interface created info: UDP socket openned and bound on port 7473 info: waiting for activity...
Bridge Setup
$ sudo brctl addbr stap
$ sudo brctl addif stap stap0
$ sudo brctl addif stap eth0
$ sudo brctl show
bridge name bridge id STP enabled interfaces
stap 8000.001cbf996497 no stap0
eth0
$ sudo /sbin/ifconfig stap0 up
$ sudo /sbin/ifconfig stap up
Client Application
$ nc6 -u ::1 7473
nc6: using datagram socket
33���d���^�������d�����^rb_dns-sd_udplocal
_presence_tcp�
�
(...)
When the first carriage return is sent from the client to the server, the following is displayed.
info: new client connected (::1)
xt_TEE
Every packet seen on the router's egress interface is replicated verbatim (except for the destination MAC address as this is akin to IP routing) to the logging computer.
It may be necessary to drop router advertisements to avoid configuring wrong prefixes.
$ EGRESS=eth0
$ STATADDR=2001:660:3013:dead::2 # it is important that ${STATADDR} is not on ${EGRESS} to avoid infinite replications
$ sudo modprobe ip6table_mangle compat_xtables xt_TEE # avoid error "No chain/target/match by that name." by loading the modules before trying to use them...
$ sudo ip6tables -t mangle -A OUTPUT -o ${EGRESS} -j TEE --gateway ${STATADDR}
$ sudo ip6tables -t mangle -A PREROUTING -i ${EGRESS} -p icmpv6 \! --icmpv6-type router-advertisement -j TEE --gateway ${STATADDR}
$ sudo ip6tables -t mangle -A PREROUTING -i ${EGRESS} \! -p icmpv6 -j TEE --gateway ${STATADDR}