From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 30 04:26:38 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CBC516A4CF for ; Sun, 30 Nov 2003 04:26:38 -0800 (PST) Received: from spf13.us4.outblaze.com (205-158-62-67.outblaze.com [205.158.62.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DE6843FDD for ; Sun, 30 Nov 2003 04:26:33 -0800 (PST) (envelope-from ivo@bsdmail.org) Received: from 205-158-62-68.outblaze.com (205-158-62-68.outblaze.com [205.158.62.68]) by spf13.us4.outblaze.com (Postfix) with QMQP id 9F5821801D6E for ; Sun, 30 Nov 2003 12:26:31 +0000 (GMT) Received: (qmail 99824 invoked from network); 30 Nov 2003 12:26:31 -0000 Received: from unknown (HELO ws5-2.us4.outblaze.com) (205.158.62.133) by 205-158-62-153.outblaze.com with SMTP; 30 Nov 2003 12:26:31 -0000 Received: (qmail 7869 invoked by uid 1001); 30 Nov 2003 12:26:31 -0000 Message-ID: <20031130122631.7868.qmail@bsdmail.com> Content-Type: multipart/mixed; boundary="----------=_1070195191-6845-0" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Received: from [62.73.96.164] by ws5-3.us4.outblaze.com with http for ivo@bsdmail.org; Sun, 30 Nov 2003 14:26:31 +0200 From: "Ivo Vachkov" To: freebsd-ipfw@freebsd.org Date: Sun, 30 Nov 2003 14:26:31 +0200 X-Originating-Ip: 62.73.96.164 X-Originating-Server: ws5-3.us4.outblaze.com cc: freebsd-net@freebsd.org Subject: X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Nov 2003 12:26:38 -0000 This is a multi-part message in MIME format... ------------=_1070195191-6845-0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit Hi all, I've been trying to write some code using divert(4) sockets, but i meet the following difficulties: - when i get diverted packet it has both source and destination IP addresses the same. The attached code shows: 192.168.0.2 -> 192.168.0.2 getting 84 bytes, real: 84 and the way I run it is (on 192.168.0.2): ipfw add 100 divert 8670 ip from any to 192.168.0.1 burstd then on 192.168.0.2 I issue "ping 192.168.0.1" - the manual says this happens with recvfrom()/sendto(), but recv() is mentioned to be same as recvfrom() and read()/write() sometimes fail. After digging some kernel code I've found that around line 167 in ip_divert.c we have: /* * Record receive interface address, if any. * But only for incoming packets. */ divsrc.sin_addr.s_addr = 0; if (incoming) { struct ifaddr *ifa; /* Sanity check */ KASSERT((m->m_flags & M_PKTHDR), ("%s: !PKTHDR", __FUNCTION__)); /* Find IP address for receive interface */ TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { if (ifa->ifa_addr == NULL) continue; if (ifa->ifa_addr->sa_family != AF_INET) continue; divsrc.sin_addr = ((struct sockaddr_in *) ifa->ifa_addr)->sin_addr; break; } } which (as I think) changes the address of diverted packet. What is the reason for that and are there any workarounds to get real source and destination IP addresses from a diverted packet. I need both because I try to make connection tracking based on src<->dst . Any help with that is appretiated. Any divert code welcome. I've looked through natd.c and it was helpfull. Ivo Vachkov P.S. Excuse my: - English - long pastes - (sometimes) lack of kernel code understanding -- _______________________________________________ Get your free email from http://mymail.bsdmail.com Powered by Outblaze ------------=_1070195191-6845-0 Content-Type: application/octet-stream; name="Makefile" Content-Disposition: attachment; filename="Makefile" Content-Transfer-Encoding: base64 Q0MJPQljYwpDRkxBR1MJPQktZyAtV2FsbCAtV3BvaW50ZXItYXJpdGgKTElC Uwk9CgpTUkMJPQlidXJzdGQuYwpPQkoJPQkKUFJPRwk9CWJ1cnN0ZAoKYWxs OiQoU1JDKQoJJChDQykgJChDRkxBR1MpIC1jICouYwoJJChDQykgJChDRkxB R1MpIC1vICQoUFJPRykgJChTUkMpICQoT0JKKSAkKExJQlMpCgpjbGVhbjoK CXJtIC1mICQoUFJPRykgKi5jb3JlICoubyBldGMvKgo= ------------=_1070195191-6845-0 Content-Type: application/octet-stream; name="burstd.h" Content-Disposition: attachment; filename="burstd.h" Content-Transfer-Encoding: base64 I2luY2x1ZGUgPHN5cy90eXBlcy5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5o PgojaW5jbHVkZSA8c3lzL3N5c2N0bC5oPgojaW5jbHVkZSA8c3lzL3RpbWUu aD4KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4KI2luY2x1ZGUgPG5ldGluZXQv aW5fc3lzdG0uaD4KI2luY2x1ZGUgPG5ldGluZXQvaXAuaD4KI2luY2x1ZGUg PG1hY2hpbmUvaW5fY2tzdW0uaD4KI2luY2x1ZGUgPG5ldGluZXQvdGNwLmg+ CiNpbmNsdWRlIDxuZXRpbmV0L3VkcC5oPgojaW5jbHVkZSA8bmV0aW5ldC9p cF9pY21wLmg+CiNpbmNsdWRlIDxuZXQvaWYuaD4KI2luY2x1ZGUgPG5ldC9p Zl9kbC5oPgojaW5jbHVkZSA8bmV0L3JvdXRlLmg+CiNpbmNsdWRlIDxhcnBh L2luZXQuaD4KI2luY2x1ZGUgPGFsaWFzLmg+CiNpbmNsdWRlIDxjdHlwZS5o PgojaW5jbHVkZSA8ZXJyLmg+CiNpbmNsdWRlIDxlcnJuby5oPgojaW5jbHVk ZSA8bmV0ZGIuaD4KI2luY2x1ZGUgPHNpZ25hbC5oPgojaW5jbHVkZSA8c3Rk aW8uaD4KI2luY2x1ZGUgPHN0ZGxpYi5oPgojaW5jbHVkZSA8c3RyaW5nLmg+ CiNpbmNsdWRlIDxzeXNsb2cuaD4KI2luY2x1ZGUgPHVuaXN0ZC5oPgoKLy8g I2luY2x1ZGUgInF1ZXVlLmgiCgojZGVmaW5lIENPTkYJCSJidXJzdGQuY29u ZiIKCi8qIENvbm5lY3Rpb24gdHlwZTsgYnVyc3RpbmcgKi8KdHlwZWRlZiBz dHJ1Y3QgX2Zsb3cKewoJc3RydWN0IGluX2FkZHIgCXNyY19hZGRyOwoJc3Ry dWN0IGluX2FkZHIJZHN0X2FkZHI7Cglsb25nIGxvbmcJYnl0ZXM7Cglsb25n IGxvbmcJbGFzdDsKCWludAkJYWxpdmU7CglpbnQgCQl1c2VkOwp9Q09OTkVD VElPTjsKCnR5cGVkZWYgc3RydWN0IF9ub2RlCnsKCXN0cnVjdCBfbm9kZSAJ Km5leHQ7CglzdHJ1Y3QgX2Zsb3cJKmRhdGE7Cn1DT05OX0xJU1Q7Cgpsb25n IGxvbmcgCWxpbWl0LCByYXRlOwoKLyogU29tZSBmdW5jdGlvbnMgKi8KCi8q IHNpZ25hbC5jICovCnZvaWQgc2lnX2Fscm1faG5kKGludCBzaWcpOwovKiBp bml0LmMgKi8Kdm9pZCBzZXRfcmF0ZV9saW1pdCgpOwovKiBwYXJlbnQuYyAq LwppbnQgc2VhcmNoX2Nvbm4oQ09OTkVDVElPTiBjb25zW10sIHN0cnVjdCBp bl9hZGRyIHNhZGRyLCBzdHJ1Y3QgaW5fYWRkciBkYWRkcik7CmludCBhZGRf Y29ubihDT05ORUNUSU9OIGNvbnNbXSwgQ09OTkVDVElPTiBzX2Nvbm4pOwo= ------------=_1070195191-6845-0 Content-Type: application/octet-stream; name="burstd.c" Content-Disposition: attachment; filename="burstd.c" Content-Transfer-Encoding: base64 I2luY2x1ZGUgImJ1cnN0ZC5oIgoKaW50IG1haW4oaW50IGFyZ2MsIGNoYXIg Kiphcmd2KQp7CglpbnQgCQkJZGl2SU87CglmZF9zZXQJCQlyZWFkbWFzazsK CXN0cnVjdCBzb2NrYWRkcl9pbiAJc2E7CglpbnQgCQkJYnl0ZXMsIG9sZGJ5 dGVzLCBhZGRyU2l6ZTsKCXN0cnVjdCBpcCoJCWlwOwoJdm9pZCoJCQlidWZm OwoJCgoJYnVmZiA9ICh2b2lkICopbWFsbG9jKElQX01BWFBBQ0tFVCk7Cglt ZW1zZXQoKHZvaWQgKilidWZmLCAwLCBJUF9NQVhQQUNLRVQpOwoJCglpZigo ZGl2SU8gPSBzb2NrZXQoUEZfSU5FVCwgU09DS19SQVcsIElQUFJPVE9fRElW RVJUKSkgPT0gLTEpCgl7CgkJcGVycm9yKCJzb2NrZXQiKTsKCQlleGl0KC0x KTsKCX0KCglzYS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsKCXNhLnNpbl9hZGRy LnNfYWRkciA9IElOQUREUl9BTlk7CglzYS5zaW5fcG9ydCA9IGh0b25zKDg2 NzApOwoJaWYoYmluZChkaXZJTywgKHN0cnVjdCBzb2NrYWRkciopJnNhLCBz aXplb2Yoc3RydWN0IHNvY2thZGRyKSkgPT0gLTEpCgl7CgkJcGVycm9yKCJi aW5kIik7CgkJZXhpdCgtMSk7Cgl9CgoJRkRfWkVSTygmcmVhZG1hc2spOwoJ RkRfU0VUKGRpdklPLCAmcmVhZG1hc2spOwoJCgl3aGlsZSgxKQoJewoJCWlm KHNlbGVjdChnZXRkdGFibGVzaXplKCkgKyAxLCAmcmVhZG1hc2ssIE5VTEws IE5VTEwsIE5VTEwpID09IC0xKQoJCXsKCQkJcGVycm9yKCJzZWxlY3QiKTsK CQkJZXhpdCgtMSk7CgkJfQoJCWlmKEZEX0lTU0VUKGRpdklPLCAmcmVhZG1h c2spKQoJCXsKCQkJYWRkclNpemUgPSBzaXplb2Yoc2EpOwoJCQlpZigob2xk Ynl0ZXMgPSByZWN2ZnJvbShkaXZJTywgYnVmZiwgSVBfTUFYUEFDS0VULCAw LCAoc3RydWN0IHNvY2thZGRyKikgJnNhLCAmYWRkclNpemUpKSA9PSAtMSkK CQkJewoJCQkJcGVycm9yKCJyZWN2ZnJvbSIpOwoJCQkJZXhpdCgtMSk7CgkJ CX0KCQkKCQkJaXAgPSAoc3RydWN0IGlwKikgYnVmZjsKCQkJcHJpbnRmKCIl cyAtPiAlc1xuIiwgaW5ldF9udG9hKGlwLT5pcF9zcmMpLCBpbmV0X250b2Eo aXAtPmlwX2RzdCkpOwoJCQlwcmludGYoImdldHRpbmcgJWQgYnl0ZXMsIHJl YWw6ICVkXG4iLCBvbGRieXRlcywgbnRvaHMoaXAtPmlwX2xlbikpOwoJCQlw cmludGYoInNhLnNpbl9hZGRyLnNfYWRkciA9ICVzXG4iLCBpbmV0X250b2Eo c2Euc2luX2FkZHIpKTsKCQkJCgkJCWlmKChieXRlcyA9IHNlbmR0byhkaXZJ TywgYnVmZiwgb2xkYnl0ZXMsIDAsIChzdHJ1Y3Qgc29ja2FkZHIqKSAmc2Es IGFkZHJTaXplKSkgIT0gb2xkYnl0ZXMpCgkJCXsKCQkJCXByaW50ZigiRGlm ZmVyZW50IHJlY2lldmVkL3NlbnQgdmFsdWVzOiAlZCA8LT4gJWRcbiIsIG9s ZGJ5dGVzLCBieXRlcyk7CgkJCQlwZXJyb3IoInNlbmR0byIpOwoJCQkJZXhp dCgtMSk7CgkJCX0KCQl9Cgl9CglyZXR1cm4gMDsKfQo= ------------=_1070195191-6845-0--