Skip to content

Instantly share code, notes, and snippets.

@darkk
Created April 12, 2012 08:53
Show Gist options
  • Save darkk/2365694 to your computer and use it in GitHub Desktop.
Save darkk/2365694 to your computer and use it in GitHub Desktop.
Thinking about UDP packet routing (redsocks+TPROXY)
digraph routing {
subgraph interfaces {
node [shape = folder];
host_if_inet;
host_if_lxc;
lxc_if;
lxc_if;
}
lxc_default_route [label = "default route"];
host_default_route [label = "default route"];
internet [style = filled, fillcolor = green, shape = hexagon];
app [style = filled, fillcolor = yellow, shape = tab];
redsocks [style = filled, fillcolor = yellow, shape = tab];
subgraph cluster_host {
label = "host";
edge [style = dashed];
// req
app -> "mangle/OUTPUT -j MARK" -> "ip rule fwmark …" -> host_if_lxc [color = red];
host_if_lxc -> "nat/POSTROUTING -j MASQUERADE" -> host_default_route -> host_if_inet [color = orange];
// reply
host_if_inet -> "demasq-dnat" -> host_if_lxc [color = lightblue];
host_if_lxc -> "rp_filter" -> app [color = blue];
}
host_if_lxc -> lxc_if [color = red];
lxc_if -> host_if_lxc [color = orange];
host_if_inet -> internet [color = orange];
internet -> host_if_inet [color = lightblue];
host_if_lxc -> lxc_if [color = lightblue];
lxc_if -> host_if_lxc [color = blue];
subgraph cluster_lxc {
label = "lxc";
edge [style = dashed];
lxc_if -> "PREROUTING: ! -d me -j TPROXY" -> redsocks [color = red];
redsocks -> lxc_default_route -> lxc_if [color = orange];
lxc_if -> redsocks [color = lightblue];
subgraph cluster_redsocks {
label = "redsocks";
redsocks -> "bind(nonlocal)" [color = blue];
}
"bind(nonlocal)" -> lxc_default_route -> lxc_if [color = blue];
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment