Recently I was trying to get the vPath library to work in user-space. What I wanted was to try it out before working on the production code, so I decided that I wanted it as a simple user-space program. The thing with exercising the library as it would be worked out in the real world code is that we need to get packets to it, make it do stuff and then return the packets back.
There are many ways to get packets into user-space, we have netmap, Intel DPDK, TUN/TAP interface, etc. (more can be found here). My first choice was netmap, the challenge with that is to get just a few packets into my program it sounded like lot of work. So I have put a pin in it to come back to it later.
Other way to do it would be to use tools like TCPreplay, wireplay, hping3, Scapy, Unix Raw Sockets, etc. in which we can craft packets like we want and send them to the target. But that was a no go too. Because even if I did have access to previous versions of TCP traffic, it’s nothing like the real world traffic. After a significant overhead the rewards are but a few in this case. Though these tools are like gold when it comes to recreating customer cases, for my current scenario, the overhead was too much for too little benefit.
To get a quick and dirty 5 min solution, I turned to TUN/TAP interfaces. These are neat little buggers, fitted the purpose nicely. You can read more about how to program them here.
As is the case in real world, I solved one problem just to get to the next one :-). Now the thing is even if we have TUN/TAP we need the real world traffic to come to it without any modifications. For the purposes of my exercise I needed the L2 header to be intact. That’s when after searching around for a solution, playing around with linux bridge and Openvswitch, I found out this neat little utility – netsniff-ng. And that was the answer to (almost) all of my problems.
Now the one feature of netsniff-ng I ended up using was its “—mmap”, and as per the authors it is “Useful to have raw access to network packet data in user space”.
The netsniff-ng website states – “netsniff-ng, a fast zero-copy analyzer, pcap capturing and replaying tool”, the only part I have used is the fast zero-copy analyzer.
This is the way I hooked up the tap0 to eth1 -
ifconfig tap0 up ; /root/netsniff-ng/netsniff-ng/netsniff-ng –in eth1 –out tap0 –mmap –prio-high
Finally, the problem I did not solve -
I just wanted to exercise my state machine by feeding it traffic, so I was not really worried about sending the traffic back, though I did manage to send it back this way -
ifconfig tap0 up ; ( /root/netsniff-ng/netsniff-ng/netsniff-ng –in eth1 –out tap0 –mmap –prio-high & /root/netsniff-ng/netsniff-ng/netsniff-ng –in tap0 –out eth1 –mmap –prio-high )
But I know it can be done in a better way. Thats slated for another day, another venture.