From owner-freebsd-questions@FreeBSD.ORG Wed May 12 14:59:36 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76ED016A4CE for ; Wed, 12 May 2004 14:59:36 -0700 (PDT) Received: from smtp.albany.edu (mail1.csc.albany.edu [169.226.1.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8B8D43D4C for ; Wed, 12 May 2004 14:59:35 -0700 (PDT) (envelope-from tr5374@csc.albany.edu) Received: from unix2.its.albany.edu (unix2.its.albany.edu [169.226.1.39]) by smtp.albany.edu (8.12.10/8.12.10) with ESMTP id i4CLxYn7015113 for ; Wed, 12 May 2004 17:59:34 -0400 (EDT) Received: from localhost (tr5374@localhost)i4CLxTba020971 for ; Wed, 12 May 2004 17:59:29 -0400 (EDT) X-Authentication-Warning: unix2.its.albany.edu: tr5374 owned process doing -bs Date: Wed, 12 May 2004 17:59:28 -0400 (EDT) From: "Tom R. no spam" X-X-Sender: tr5374@unix2.its.albany.edu To: freebsd-questions@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.37 Subject: ipfw divert but no packet payload? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 21:59:36 -0000 I've followed the divert and ipfw manpages, Stevens _Unix Network Programming_ & etc, Baldine's Feb 2000 "Divert Sockets mini-HOWTO" at www.tldp.org/HOWTO, and everything else I could find (not very much exactly about this, tho). My situation is: firewall: have "ipfw divert " rule for port 80 out user program: recvfrom() on a raw socket bound to My question is: whether I should expect to be able to get the full packet including data payload for a packet diverted to port ? I want to be able to inspect the packet content before it is sent out. Right now my user code just prints the packet, then does sendto() back to the raw socket to send the packet on its way, but there is no data payload. Everything I've seen about divert seems clearly to expect the full data payload to be available to whatever is receiving from the raw socket. Web browsing works, & tcpdump shows full packets, but I can't see any data payload in the user program. User prog can read the ip header length, tcp header length, and full ip packet length from the packet (20, 40, and 60 respectively, after converting to bytes). Per the "60", packet seems to be saying there *isn't* any data payload, only the 20+40 header bytes. The recvfrom() memory buffer argument is 2048 bytes long, and I can printout all its many "0" bytes after the headers. I understand tcpdump uses the bsd packet filter to get merely a copy of the packet, but the full packets are getting to where they're addressed somehow because browsing is working, and tcpdump is showing packet sizes like 467, etc. "ipfw -a list" shows the same divert packet count as how many my user program sees, and byte count == (60 * pkt count). (Tho a couple of early runs, before I did full printouts and had settled on simple ipfw rules, had occasional 44 byte recvfrom() returns and ipfw packet sizes mixed in with the 60 byte returns/sizes.) Any suggestions would be very appreciated. (I'm using FreeBSD as Mac OSX 10.2.8, which has shown no strangeness other than a couple of odd console.log alerts relating to unrecognized ipfw rules while I was fiddling with my own ipfw preparing for trying the divert stuff.)