From owner-freebsd-net Fri Dec 28 17: 0:52 2001 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 1135737B421 for ; Fri, 28 Dec 2001 17:00:25 -0800 (PST) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20011229010024.ZAAX1920.rwcrmhc51.attbi.com@InterJet.elischer.org>; Sat, 29 Dec 2001 01:00:24 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id QAA95512; Fri, 28 Dec 2001 16:59:06 -0800 (PST) Date: Fri, 28 Dec 2001 16:59:06 -0800 (PST) From: Julian Elischer To: Henry Su Cc: freebsd-net@FreeBSD.ORG Subject: RE: socket call in the kernel In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well, you'll find an example of using a ksocket node in /usr/share/examples/netgraph and of course /sys/netgraph/ng_ksocket.c has the actual code that does that if you wanted to duplicate it in your own module. Why do you want to do bridging? if yuo used a NAT and routed it would be a lot more standard.. On Fri, 28 Dec 2001, Henry Su wrote: > Hi, Julian: > > Could you please give me some code example for using the 'ksocket' node to > open 'in kernel' > sockets? Thanks. > > -----Original Message----- > From: owner-freebsd-net@FreeBSD.ORG > [mailto:owner-freebsd-net@FreeBSD.ORG]On Behalf Of Julian Elischer > Sent: Thursday, December 20, 2001 3:08 PM > To: Henry Su > Cc: freebsd-net@FreeBSD.ORG > Subject: RE: socket call in the kernel > > > > > I have two answers: > > 1/ Use ipfw add NNN fwd localhost,8001 [deny criteria] > to make the packet that is denied go to a default server listenning on > port 8001 > > 2/ there is an in-kernel webserver built using netgraph but it's not > public, but Hyou can definitly use the 'ksocket' node to open 'in kernel' > sockets and pass the result to an arbitrary node. > > > 1 can do what you want with no kernel programming.. > check it out.. > > man ipfw > > > On Thu, 20 Dec 2001, Henry Su wrote: > > > Thanks, Julian and Alfred. > > > > I am trying to redirect the denied http request to a default web site. So > my > > idea is in the "ip_fw_chk" function of ip_fw.c, add following code, when > it > > will drop the packet. But as you pointed out in earlier email, socket can > > not be used in this case. Do u have any other solutions? Thanks a lot. > > > > > > > > * Finally, drop the packet. > > */ > > > > > > /* my code start debug */ > > /* find if it's a http packet */ > > dst_port_h = ntohs(dst_port); > > if(dst_port_h==80){ > > log(LOG_INFO,"src_port:%u src_ip:%d dst_port:%d > dst_ip:%u", > > ntohs(src_port), src_ip.s_addr, nt > > ohs(dst_port), dst_ip.s_addr); > > /*s = 1;*/ > > s = socket(AF_INET, SOCK_STREAM, 0); > > if (s < 0) { > > log(LOG_INFO,"Redirect socket can not be > created"); > > }else{ > > log(LOG_INFO,"Redirect socket is created"); > > /* > > bzero(&sa, sizeof sa); > > sa.sin_family = AF_INET; > > sa.sin_port = src_port; > > sa.sin_addr.s_addr = src_ip.s_addr; > > if (connect(s, (struct sockaddr *)&sa, sizeof sa) > < > > 0) { > > log(LOG_INFO,"connect %d failed", > > src_ip.s_addr); > > close(s); > > }else{ > > log(LOG_INFO,"connect %d ok", > > src_ip.s_addr); > > close(s); > > } > > */ > > /* > > while ((bytes = read(s, buffer, BUFSIZ)) > 0) > > write(1, buffer, bytes); > > */ > > } > > } > > /* end debug */ > > return(IP_FW_PORT_DENY_FLAG); > > > > > > -----Original Message----- > > From: Julian Elischer [mailto:julian@elischer.org] > > Sent: Thursday, December 20, 2001 12:59 PM > > To: Henry Su > > Cc: freebsd-net@FreeBSD.ORG > > Subject: Re: socket call in the kernel > > > > > > > > > > You cannot do a socket directly but you can indirectly > > tell me what you are trying to do and I can help.. > > > > > > > > On Thu, 20 Dec 2001, Henry Su wrote: > > > > > I am trying to modify ip_fw.c in the /usr/src/sys/netinet, I tried to > add > > a > > > socket call in the code, it can be compiled, but when it runs into the > > code, > > > it just crashed. It gave me the "Fatal trap error 12", Memory address is > > > wrong. > > > > > > Can any one tell me if socket call can be used in kernel level? If not, > > how > > > can I accomplish socket communication in the kernel level? > > > > > > Thanks. > > > > > > ------------------------------------------------ > > > > > > Henry Su > > > > > > NTT Multimedia Communications Laboratories, Inc. > > > > > > 250 Cambridge Avenue Suite 300 > > > > > > Palo Alto, CA 94306, USA (PST:UTC -8H) > > > > > > Tel: +1 650 833 3652 > > > > > > Fax: +1 650 326 1878 > > > > > > http://www.nttmcl.com/ > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-net" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message