(no subject)

From: Ivo Vachkov (ivo_at_bsdmail.org)
Date: 11/30/03

  • Next message: Louis A. Mamakos: "Re:" 
    To: freebsd-ipfw@freebsd.org
Date: Sun, 30 Nov 2003 14:26:31 +0200

    Hi all,

    I've been trying to write some code using divert(4) sockets, but i meet the following difficulties:
        - when i get diverted packet it has both source and destination IP addresses the same. The attached code shows:

        192.168.0.2 -> 192.168.0.2
        getting 84 bytes, real: 84

    and the way I run it is (on 192.168.0.2):

        ipfw add 100 divert 8670 ip from any to 192.168.0.1
        burstd

    then on 192.168.0.2 I issue "ping 192.168.0.1"

        - the manual says this happens with recvfrom()/sendto(), but recv() is mentioned to be same as recvfrom() and read()/write() sometimes fail.

    After digging some kernel code I've found that around line 167 in ip_divert.c we have:

            /*
             * Record receive interface address, if any.
             * But only for incoming packets.
             */
            divsrc.sin_addr.s_addr = 0;
            if (incoming) {
                    struct ifaddr *ifa;

                    /* Sanity check */
                    KASSERT((m->m_flags & M_PKTHDR), ("%s: !PKTHDR", __FUNCTION__));

                    /* Find IP address for receive interface */
                    TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
                            if (ifa->ifa_addr == NULL)
                                    continue;
                            if (ifa->ifa_addr->sa_family != AF_INET)
                                    continue;
                            divsrc.sin_addr =
                                ((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
                            break;
                    }
            }

    which (as I think) changes the address of diverted packet. What is the reason for that and are there any workarounds to get real source and destination IP addresses from a diverted packet. I need both because I try to make connection tracking based on src<->dst .

    Any help with that is appretiated. Any divert code welcome. I've looked through natd.c and it was helpfull.

        Ivo Vachkov

    P.S. Excuse my:
        - English
        - long pastes
        - (sometimes) lack of kernel code understanding 

    -- 
_______________________________________________
Get your free email from http://mymail.bsdmail.com
Powered by Outblaze

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Louis A. Mamakos: "Re:"