From owner-freebsd-net@FreeBSD.ORG Mon Nov 25 23:57:46 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 39056CE4 for ; Mon, 25 Nov 2013 23:57:46 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id EA3ED233D for ; Mon, 25 Nov 2013 23:57:45 +0000 (UTC) Received: from jre-mbp.elischer.org (ppp121-45-246-96.lns20.per2.internode.on.net [121.45.246.96]) (authenticated bits=0) by vps1.elischer.org (8.14.7/8.14.7) with ESMTP id rAPNvVkq024047 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 25 Nov 2013 15:57:35 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <5293E3E7.6090604@freebsd.org> Date: Tue, 26 Nov 2013 07:57:27 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 MIME-Version: 1.0 To: Victor Gamov , freebsd-net@freebsd.org Subject: Re: Netgraph ng_patch and ng_input: where to find packets? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2013 23:57:46 -0000 On 11/24/13, 5:05 AM, Victor Gamov wrote: > Hi All > > I want to get 2 or 3 copies of input packet at my system to resend it to new destinations. So I prepare following configuration: > > # ipfw add 10000 ngtee 100 udp from any to 239.0.0.19 dst-port 1234 in via vlan999 > > # ngctl mkpeer ipfw: hub 100 hub-in > # ngctl name ipfw:100 hub100 > > # ngctl mkpeer hub100: patch hub100-out1 in > # ngctl name hub100:hub100-out1 patch100 > # ngctl msg patch100: setconfig '{ count=1 csum_flags=1 ops=[ { value=0xc0a8e680 offset=16 length=4 mode=1 } ] }' > > Now when I connect to patch:out as > # nghook -a patch100: out > > then I see packets with new IP: > > 0000: 45 00 05 40 00 00 40 00 ff 11 b9 27 c0 a8 0d 12 > 0010: c0 a8 e6 80 04 dc 04 dc 05 2c 00 00 47 4c ef 1a > > Now I want to put this packets back into IP processing to send it to new destination 192.168.230.128 (0xc0a8e680): > > # ngctl mkpeer patch100: ip_input out new100_to_dst_1 > > But packets not shown on outgoing interface: > > # ifconfig vlan333 > vlan333: flags=8843 metric 0 mtu 1500 > options=103 > ether 00:1b:21:5b:7e:e9 > inet 192.168.230.9 netmask 0xffffff00 broadcast 192.168.230.255 > > # arp 192.168.230.128 > ? (192.168.230.128) at 62:99:4c:3b:22:fc on vlan333 expires in 1190 seconds I would looking at giving the packet back to the firewall as suggested.. netgraph cookie Divert packet into netgraph with given cookie. The search termi- nates. If packet is later returned from netgraph it is either accepted or continues with the next rule, depending on net.inet.ip.fw.one_pass sysctl variable. see ng_ipfw for more details.. > > > Can somebody explain me where I was wrong? > > Thanks! > > -- > CU, > Victor Gamov > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >