From owner-freebsd-net@FreeBSD.ORG  Sat Apr 12 18:10:39 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AD65A1065670
	for <net@freebsd.org>; Sat, 12 Apr 2008 18:10:39 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 701DD8FC14
	for <net@freebsd.org>; Sat, 12 Apr 2008 18:10:39 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
	by cyrus.watson.org (Postfix) with ESMTP id E36E546B08;
	Sat, 12 Apr 2008 14:10:38 -0400 (EDT)
Date: Sat, 12 Apr 2008 19:10:38 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Eugene Grosbein <eugen@kuzbass.ru>
In-Reply-To: <20080412062251.GA2199@svzserv.kemerovo.su>
Message-ID: <20080412190939.O7693@fledge.watson.org>
References: <20080412062251.GA2199@svzserv.kemerovo.su>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: net@freebsd.org
Subject: Re: bpf does not see packets forwarded with ipfw fwd
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Apr 2008 18:10:39 -0000


On Sat, 12 Apr 2008, Eugene Grosbein wrote:

> One of 7.0 users has reported in some cyrillic newsgroup a problem that I 
> have reproduced in my 7.0-STABLE system. That is: tcpdump does not show 
> locally originated outgoing IP packets that were processed by 'ipfw fwd' 
> rule. The same configuration presents no problems with 6.3-STABLE.
>
> Consider simple schema: two FreeBSD boxes (A and B) directly connected with 
> ethernet intefaces. The box A has another ethernet interface and uses "ipfw 
> fwd" as its very first ipfw rule to forward some packets to B, while these 
> packets would normally go out trough mentioned another interface. Now, 
> tcpdump does NOT show outgoing packets but host B also runs tcpdump on its 
> incoming interface and does see them.
>
> I double-checked all paramerets for tcpdump, all routing tables. I even 
> connected A and B with cross-over ethernet cable, without a switch. Still, B 
> sees incoming packets coming over the cable and A does not see them leaving. 
> This bothers me a bit :-)

If you ping from host A to host B, does tcpdump see both the ICMP echo request 
and reply on both boxes?  In principle, ipfw fwd uses the same output paths as 
the rest of the IP stack, so it would be useful to know whether it sees other 
outbound traffic properly or not.

Robert N M Watson
Computer Laboratory
University of Cambridge