-
Notifications
You must be signed in to change notification settings - Fork 9
Toy framework for creating a VPN
License
vmt/layer2
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
+-----------------+ | Layer2 - README | +-----------------+ Layer2 is a tiny program which can sniff ethernet frames from network interface devices and transport them to another instance of Layer2 where it is redistributed, all based on a set of (routing+filtering) rules specified through a configuration file. Layer2 uses libpcap for packet capturing, and libnet for creating IP packets and injecting them into the network. A machine that hosts layer2 is said to be the border gateway and listens to all interfaces under its management for ethernet frames, filtering and capturing only those which are of interest. Based on the rules, an ethernet frame which is destined for a remote node, behind another border gateway, is captured and packed inside an IP packet with an upper layer protocol number set to L2_PROTO_NUM (defined in layer2.h). This packet is then sent to the remote border gateway (which must host another instance of layer2) using normal internet routing mechanisms. Once the remote instance of layer2 obtains the frame containing this packet, it unpacks it and writes the frame to the appropriate interface device, again based on the local specifications. Using "layer2" -------------- $ ./layer2 < config.conf layer2 reads the STDIN for configuration specifications. Configuration ------------- The configuration plays a crucial role in the functioning of layer2. The strucuture of the configuration file is simple and straightforward. - Anything after the '#' till the newline is a comment. - A routing rule must be associated with frames captured at an interface device. The interface must be defined as follows, [iface-dev-name: protocols] where `iface-dev-name' could be eth0, eth1, rl0 etc. and `protocols' are one or more of, ip, arp, rarp, dec. Example [eth0: ip arp] specifies that layer2 should only capture ethernet frames of type IP and ARP from device eth0. - Following the interface definitions, the rules of routing for packets captured from it must be specified. The format for that is - Destination-IP Net-Mask Border-Gateway-IP Interface * Destination-IP: This is the destination ip address of the captured packet. This field is used for filtering the packets to be transported. * Net-Mask: The mask to be applied. * Border-Gateway-IP: The ip address of the remote border gateway to which the packet is to be packed and transported to, for redistribution. It can be a valid IP address or '*' which denotes NONE. * Interface: The interface device to which the packet is to be written. This is when the border gateway is set to '*'. The value could be a valid device name or '*' denoting NONE. NOTE: Atleast one of gateway-ip and interface must be specified. Based on this routing rule, layer2 compiles filter rules and routes packets seen at the interface. Example ======= This is an example of config files for the following setup, 192.168.1.0/24 150.1.1.1 ---o(eth0):linux-box1:(eth1)o---. \ \ (IP network) / / ---o(eth0):linux-box2:(eth1)o---' 192.168.2.0/24 152.1.1.2 Both linux-boxes must run layer2 configured as follows - config.conf at linux-box1 ------------------------- [eth0: ip arp] 192.168.2.0 255.255.255.0 152.1.1.2 * [eth1: ip] 192.168.1.0 255.255.255.0 * eth0 config.conf at linux-box2 ------------------------- [eth0: ip arp] 192.168.1.0 255.255.255.0 150.1.1.1 * [eth1: ip] 192.168.2.0 255.255.255.0 * eth0
About
Toy framework for creating a VPN
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published