From owner-freebsd-pf@FreeBSD.ORG Wed Oct 1 10:46:01 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4C6EABC8 for ; Wed, 1 Oct 2014 10:46:01 +0000 (UTC) Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DE26FE7C for ; Wed, 1 Oct 2014 10:46:00 +0000 (UTC) Received: by mail-wg0-f47.google.com with SMTP id x13so70621wgg.30 for ; Wed, 01 Oct 2014 03:45:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=Lx+8ybchrOK2uebf9izXj/CGzbQGUtBoJdU+rYCCTfo=; b=ygfB1ruaC2JLeDt7umWLcDecMbtM4nFKkKiJU/SqhDmj5/FvrK78I6Rywn0PlNiloW KmG1lg8nJJq4c6ZCYS/uCRjTus1DDJXVCEF8uJuklVPVdXA8nLumIh+w8U2JNNYj+7uD rANbSNhxF03WEFSOIGoywqmzZxc8MS/5P72/WUnv4LfFq1wVx61zBUzUHeDjsqAamdgh XWfaH8lDsyBe5k1Ji6CyfLIs2CB00qOPFGYjfsLIApxtI5gvi4MtOltq1vHdQqgPUnw9 gJms1CmwDe/yV+ZJYnLkxoULgsr/glTQzJiTMH3IVe/hL/qWXPoPJ51QzbaEqgphrsLy rHbA== X-Received: by 10.180.38.7 with SMTP id c7mr12868126wik.65.1412160359094; Wed, 01 Oct 2014 03:45:59 -0700 (PDT) MIME-Version: 1.0 Received: by 10.27.129.69 with HTTP; Wed, 1 Oct 2014 03:45:39 -0700 (PDT) From: sadegh solati Date: Wed, 1 Oct 2014 14:15:39 +0330 Message-ID: Subject: PF DIVERT LOOP To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Oct 2014 10:46:01 -0000 I have written a small program which does not do any specific job. It gets packets from divert socket and reinjects them back. A message is printed when a packet is received. The problem is that when i send only one packet a lot of "packet received" message will be printed. I use pf for diverting. My pf.conf contains just one line: "pass quick log(all) on em0 proto tcp from 192.168.11.92 to any port 80 keep state divert-to 127.0.0.1 port 8080" The following is my code : #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define DIVERT_PORT 8080 int main(int argc, char *argv[]) { int fd,s,m,i; struct sockaddr_in sin; socklen_t sin_len; char packet[1600]; struct ip *ip_hdr; struct tcpiphdr *tcpip_hdr; fd = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT); if (fd == -1) err(1, "socket"); bzero(&sin, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_port = htons(DIVERT_PORT); sin.sin_addr.s_addr = inet_addr("127.0.0.1"); sin_len = sizeof(struct sockaddr_in); s = bind(fd, (struct sockaddr *) &sin, sin_len); if (s == -1) err(1, "bind"); for (;;) { bzero(packet, sizeof(packet)); m = recvfrom(fd, packet, sizeof(packet), 0, (struct sockaddr *) &sin, &sin_len); sendto(fd, packet, m, 0, (struct sockaddr *) &sin, sin_len); std::cout<<"Packet Recv \n"; } return 0; } Thank You All In Advance