Re: netgraph(4) divert(4) to UDP Tunnel

From: Crist J. Clark (cristjc_at_comcast.net)
Date: 11/14/03

  • Next message: Crist J. Clark: "Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess)" 
    Date: Fri, 14 Nov 2003 08:10:40 -0800
To: Ruslan Ermilov <ru@freebsd.org>

    On Fri, Nov 14, 2003 at 10:35:53AM +0200, Ruslan Ermilov wrote:
    > On Thu, Nov 13, 2003 at 12:24:35PM -0800, Crist J. Clark wrote:
    > > I'm trying to play around with netgraph(4) for the first time and
    > > there seem to be some aspects of it that haven't "clicked" in my head
    > > just yet.
    > >
    > > What I want to do seems like it should be pretty easy. I want to
    > > send some packets through a UDP tunnel. There is an
    > > /usr/share/examples/netgraph/udp.tunnel file that is close to what I
    > > want, but not quite. I want to send packets that have been divert(4)ed
    > > to the tunnel.
    > >
    > > I can make my two ng_ksocket(8) nodes via the ngctl(8) interface,
    > >
    > > + mkpeer ksocket d0 inet/dgram/udp
    > > + name d0 udptun
    > > + msg d0 bind inet/192.168.64.70:10000
    > > + msg d0 connect inet/192.168.64.50:10000
    > > + mkpeer ksocket d1 inet/raw/divert
    > > + name d1 divtun
    > > + msg d1 bind inet/0.0.0.0:8668
    > >
    > > But how do I then connect the two of them up? I assume that I use
    > > 'connect' within ngctl(8), but I haven't figured out what the
    > > arguments need to be with the documentation and examples I've found.
    > >
    > > The other thing I suspect I should be doing, is actually running the
    > > 'mkpeer' through the first node I create in ngctl(8), but I can't seem
    > > to get that to work,
    > >
    > > + mkpeer ksocket d0 inet/dgram/udp
    > > + name d0 udptun
    > > + msg d0 bind inet/192.168.64.70:10000
    > > + msg d0 connect inet/192.168.64.50:10000
    > > + mkpeer d0 ksocket d1 inet/raw/divert
    > > ngctl: send msg: Socket is already connected
    > >
    > > I think it is actually complaining about the hook between my ngctl
    > > node and the udptun node and not the creation of the divert socket?
    > >
    > > Basically, I think my conceptual problem is with the fact that you
    > > start with the ngctl(8) node in the middle of everything. How do I
    > > create my new nodes and get the ngctl(8) node out of the middle?
    > >
    > I don't think this is currently possible (I'd like to be mistaken).
    > The main difference between ng_iface (from the classical tunnel
    > example) and ng_ksocket is that the first is so-called ``persistent''
    > node, i.e., when the number of hooks becomes zero, the node does
    > not get removed automatically. This same is not true for ksocket.
    >
    > But I think this could be a work around:
    >
    > ngctl
    > + mkpeer tee dummy left2right
    > + name dummy mytee
    > + mkpeer mytee: ksocket left inet/dgram/udp
    > + name mytee:left udp1
    > + mkpeer mytee: ksocket right inet/dgram/udp
    > + name mytee:right udp2
    > + exit

    Thanks for the suggestion. I had already tried this, and it did indeed
    work. However, you actually can do one better. If you now shutdown the
    ng_tee(8) node, the two ksockets end up directly attached. I found
    that out by accident and haven't looked to see where that interesting
    behavior is documented. Here're the commands I used,

      #!/usr/sbin/ngctl -f

      mkpeer tee hub left2right

      mkpeer hub ksocket right inet/dgram/udp
      name hub.right udptun
      msg hub.right bind inet/192.168.64.70:10000
      msg hub.right connect inet/192.168.64.50:10000

      mkpeer hub ksocket left inet/raw/divert
      name hub.left divtun
      msg hub.left bind inet/0.0.0.0:8668

      shutdown hub

    After I run this,

      # ngctl list
      There are 3 total nodes:
        Name: ngctl13605 Type: socket ID: 0000003b Num hooks: 0
        Name: divtun Type: ksocket ID: 0000003a Num hooks: 1
        Name: udptun Type: ksocket ID: 00000039 Num hooks: 1
      # ngctl show divtun:
        Name: divtun Type: ksocket ID: 0000003a Num hooks: 1
        Local hook Peer name Peer type Peer ID Peer hook
        ---------- --------- --------- ------- ---------
        inet/raw/divert udptun ksocket 00000039 inet/dgram/udp

    Which is exactly what I wanted. 

    -- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: Crist J. Clark: "Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess)"

    Relevant Pages