From owner-freebsd-net Thu Dec 20 14:59:45 2001 Delivered-To: freebsd-net@freebsd.org Received: from ns1.nttmcl.com (ns1.nttmcl.com [216.69.68.197]) by hub.freebsd.org (Postfix) with ESMTP id 21A6937B417 for ; Thu, 20 Dec 2001 14:59:37 -0800 (PST) Received: from hsu (dhcp252.nttmcl.com [216.69.69.252]) by ns1.nttmcl.com (Postfix) with SMTP id 014B7DE541; Thu, 20 Dec 2001 14:59:36 -0800 (PST) Reply-To: From: "Henry Su" To: "Julian Elischer" Cc: Subject: RE: socket call in the kernel Date: Thu, 20 Dec 2001 15:01:54 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks, Julian and Alfred. I am trying to redirect the denied http request to a default web site. So my idea is in the "ip_fw_chk" function of ip_fw.c, add following code, when it will drop the packet. But as you pointed out in earlier email, socket can not be used in this case. Do u have any other solutions? Thanks a lot. * Finally, drop the packet. */ /* my code start debug */ /* find if it's a http packet */ dst_port_h = ntohs(dst_port); if(dst_port_h==80){ log(LOG_INFO,"src_port:%u src_ip:%d dst_port:%d dst_ip:%u", ntohs(src_port), src_ip.s_addr, nt ohs(dst_port), dst_ip.s_addr); /*s = 1;*/ s = socket(AF_INET, SOCK_STREAM, 0); if (s < 0) { log(LOG_INFO,"Redirect socket can not be created"); }else{ log(LOG_INFO,"Redirect socket is created"); /* bzero(&sa, sizeof sa); sa.sin_family = AF_INET; sa.sin_port = src_port; sa.sin_addr.s_addr = src_ip.s_addr; if (connect(s, (struct sockaddr *)&sa, sizeof sa) < 0) { log(LOG_INFO,"connect %d failed", src_ip.s_addr); close(s); }else{ log(LOG_INFO,"connect %d ok", src_ip.s_addr); close(s); } */ /* while ((bytes = read(s, buffer, BUFSIZ)) > 0) write(1, buffer, bytes); */ } } /* end debug */ return(IP_FW_PORT_DENY_FLAG); -----Original Message----- From: Julian Elischer [mailto:julian@elischer.org] Sent: Thursday, December 20, 2001 12:59 PM To: Henry Su Cc: freebsd-net@FreeBSD.ORG Subject: Re: socket call in the kernel You cannot do a socket directly but you can indirectly tell me what you are trying to do and I can help.. On Thu, 20 Dec 2001, Henry Su wrote: > I am trying to modify ip_fw.c in the /usr/src/sys/netinet, I tried to add a > socket call in the code, it can be compiled, but when it runs into the code, > it just crashed. It gave me the "Fatal trap error 12", Memory address is > wrong. > > Can any one tell me if socket call can be used in kernel level? If not, how > can I accomplish socket communication in the kernel level? > > Thanks. > > ------------------------------------------------ > > Henry Su > > NTT Multimedia Communications Laboratories, Inc. > > 250 Cambridge Avenue Suite 300 > > Palo Alto, CA 94306, USA (PST:UTC -8H) > > Tel: +1 650 833 3652 > > Fax: +1 650 326 1878 > > http://www.nttmcl.com/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message