From owner-freebsd-net@FreeBSD.ORG Sat Aug 11 08:08:20 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 974FD1065673 for ; Sat, 11 Aug 2012 08:08:20 +0000 (UTC) (envelope-from s.khanchi@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 5D5418FC1B for ; Sat, 11 Aug 2012 08:08:20 +0000 (UTC) Received: by obbun3 with SMTP id un3so4638326obb.13 for ; Sat, 11 Aug 2012 01:08:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type; bh=3zny4hTGQU9cFOL2I5ZKz4ntzIMgbLk2CffI2GdBKa4=; b=fVrOAUS2fX+5bMM1j9YqqlASoCBxiXcm65FD3r1HPvJZWLtBAxXCo6JzrQnI2pTl18 GRgO95H6bMmtD1F9FRZwsvHxdvGXfGz2VSCQg4AoVDaqk4Sjq1KmBYSss2Aim3Vnpnoa f6KOPYJBkcPcoUtkWkdanPw/ZYWDfddO+1aFt7+W33hZd3J3nfuQOgh/JACE8klqXX0J GxRq86M59frm3gUnjjFcB+PTR3YTaz4Pjkblqj4IsMfm9H4J9d6njrJl1lWG83OLQ6s7 ++dTCNx+7cAjGaPwMpZwrcQ5WmmZNFLteXCnhiV+iiFNBQ4dwdmni4GzmDMOeGHj1oFJ o5qQ== Received: by 10.182.152.97 with SMTP id ux1mr1341500obb.13.1344672499669; Sat, 11 Aug 2012 01:08:19 -0700 (PDT) MIME-Version: 1.0 Sender: s.khanchi@gmail.com Received: by 10.76.154.133 with HTTP; Sat, 11 Aug 2012 01:07:59 -0700 (PDT) From: h bagade Date: Sat, 11 Aug 2012 12:37:59 +0430 X-Google-Sender-Auth: rrW3HYINpyvZVezlOBpTO6fsy7s Message-ID: To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: problem using ng_patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Aug 2012 08:08:20 -0000 Hi all, I want to use the node ng_patch, to set the ToS field of special class of packets. I try to test the function by a simple test scenario and encountered problem using it. I have no idea why the problem occurs. Here I explain the test scenario I've used. I have a topology like this: |A:192.168.8.8|<---->|192.168.8.26--(B)--192.168.7.26|<---->|C:192.168.7.20| -------------------------------- A, C: two end stations B: a router -------------------------------- netgraph settings: kldload ng_ipfw ngctl mkpeer ipfw: patch 300 in ngctl name ipfw:300 tos ngctl msg tos: setconfig {count=1 csum_flags=1 ops=[ {mode=1 value=0x05 length=1 offset=1}]} -------------------------------- ipfw rule: ipfw add 20 netgraph 300 icmp from any to 192.168.7.20 This configuration works well and when A pings C or C pings A, the packets destined to 192.168.7.20(station C) gets the ToS: 0x05. The problem occurs when I change the ipfw rule to the following; ipfw add 20 netgraph 300 icmp from 192.168.7.20 to any By this rule, neither A can ping C nor C can ping A! the packets sent to ng_patch node never comes back to the next ipfw rule! I don't know what's the difference between these two scenarios (only the checking from destination address is changed to source address), but it's what I saw in my tests. I really hope to understand what's happening. Any hints or comments would help