dsr testing

bparli · bparli · Feb 8, 2019 · Jan 14, 2019 · Jan 19, 2019 · Jan 21, 2019
commit 83f788c8d4fbf372337b95c6f7f5170134f26442
diff --git a/README.md b/README.md
@@ -26,8 +26,20 @@ Options:
 
 ### Passthrough mode
 
-`sudo iptables -t raw -A PREROUTING -p tcp --sport 8080 --dport 32768:61000 -j DROP`
-`sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST --dport 8000:8090 -j DROP`
+```
+For passthrough and dsr
+sudo iptables -t raw -A PREROUTING -p tcp --sport 8080 --dport 32768:61000 -j DROP
+
+Only for passthrough
+sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST --dport 8000:8090 -j DROP
+
+Required on backend servers for dsr to work
+sudo tc qdisc add dev enp0s8 root handle 10: htb
+
+sudo tc filter add dev enp0s8 parent 10: protocol ip prio 1 u32 match ip src 192.168.1.117 match ip sport 3000 0xffff match ip dst 192.168.1.136 action ok
+
+sudo tc filter add dev enp0s8 parent 10: protocol ip prio 10 u32 match ip src 192.168.1.117 match ip sport 3000 0xffff action nat egress 192.168.1.117 192.168.1.136
+```
 
 <!-- references -->
 [tokio]: https://tokio.rs
diff --git a/src/passthrough/mod.rs b/src/passthrough/mod.rs
@@ -244,6 +244,7 @@ impl LB {
 
                 match tx.send_to(new_ipv4, client_addr.ip()) {
                     Ok(n) => {
+                        debug!("Sent {} bytes to Client", n);
                         // update stats connections
                         let mut mssg = StatsMssg{frontend: Some(self.name.clone()),
                                             backend: self.backend.name.clone(),
@@ -311,14 +312,16 @@ impl LB {
                 IpAddr::V4(node_ipv4) => {
                     let fwd_ipv4 = node_ipv4.clone();
                     if self.backend.get_server_health(conn.backend_srv.clone()) {
+                        new_tcp.set_destination(conn.backend_srv.port);
+
                         // leave original tcp source if dsr
                         if !self.dsr {
                             new_tcp.set_source(conn.ephem_port);
+                            new_tcp.set_checksum(tcp::ipv4_checksum(&new_tcp.to_immutable(), &self.listen_ip, &fwd_ipv4));
+                        } else {
+                            new_tcp.set_checksum(tcp::ipv4_checksum(&new_tcp.to_immutable(), &ip_header.get_source(), &fwd_ipv4));
                         }
 
-                        new_tcp.set_destination(conn.backend_srv.port);
-                        new_tcp.set_checksum(tcp::ipv4_checksum(&new_tcp.to_immutable(), &self.listen_ip, &fwd_ipv4));
-
                         new_ipv4.set_payload(&new_tcp.packet());
                         new_ipv4.set_destination(fwd_ipv4);
                         new_ipv4.set_checksum(checksum(&new_ipv4.to_immutable()));
@@ -362,6 +365,7 @@ impl LB {
             match node.host {
                 IpAddr::V4(node_ipv4) => {
                     let fwd_ipv4 = node_ipv4.clone();
+                    new_tcp.set_destination(node.port);
 
                     // leave original tcp source if dsr
                     let mut ephem_port = 0 as u16;
@@ -373,11 +377,11 @@ impl LB {
                             self.port_mapper.lock().unwrap().insert(ephem_port, Client{ip: IpAddr::V4(ip_header.get_source()), port: tcp_header.get_source()});
                         }
                         new_tcp.set_source(ephem_port);
+                        new_tcp.set_checksum(tcp::ipv4_checksum(&new_tcp.to_immutable(), &self.listen_ip, &fwd_ipv4));
+                    } else {
+                        new_tcp.set_checksum(tcp::ipv4_checksum(&new_tcp.to_immutable(), &ip_header.get_source(), &fwd_ipv4));
                     }
 
-                    new_tcp.set_destination(node.port);
-                    new_tcp.set_checksum(tcp::ipv4_checksum(&new_tcp.to_immutable(), &self.listen_ip, &fwd_ipv4));
-
                     new_ipv4.set_payload(&new_tcp.packet());
                     new_ipv4.set_destination(fwd_ipv4);
                     new_ipv4.set_checksum(checksum(&new_ipv4.to_immutable()));
@@ -434,9 +438,13 @@ impl LB {
                 Ok(n) => debug!("Sent {} bytes to Client", n),
                 Err(e) => error!("failed to send packet: {}", e),
             }
+            let mut connections = 0;
+            if !self.dsr {
+                connections = -1;
+            }
             let mssg = StatsMssg{frontend: Some(self.name.clone()),
                                 backend: self.backend.name.clone(),
-                                connections: -1,
+                                connections: connections,
                                 bytes_tx: 0,
                                 bytes_rx: 0,
                                 servers: None};
@@ -480,7 +488,7 @@ fn process_packets(lb: &mut LB, rx: crossbeam_channel::Receiver<EthernetPacket>,
     loop {
         match rx.recv() {
             Ok(ethernet) => {
-                match Ipv4Packet::new(ethernet.payload()) {
+                match Ipv4Packet::owned(ethernet.payload().iter().cloned().collect()) {
                     Some(ip_header) => {
                         let ip_addr = ip_header.get_destination();
                         if ip_addr == lb.listen_ip {