From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 23:40:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 37A0416A412 for ; Fri, 22 Dec 2006 23:40:21 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outJ.internet-mail-service.net (outJ.internet-mail-service.net [216.240.47.233]) by mx1.freebsd.org (Postfix) with ESMTP id 0D80213C41A for ; Fri, 22 Dec 2006 23:40:21 +0000 (UTC) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Fri, 22 Dec 2006 15:24:07 -0800 Received: from [192.168.2.4] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBMNeFgw008451; Fri, 22 Dec 2006 15:40:16 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <458C6CDF.4010203@elischer.org> Date: Fri, 22 Dec 2006 15:40:15 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Julian Elischer References: <1166802209.7642.17.camel@hades.no-ip.org> <20061222160550.GD47710@lor.one-eyed-alien.net> <375baf50612220932m30f84567jdda28b7fc0e62e61@mail.gmail.com> <458C6ACC.2020605@elischer.org> In-Reply-To: <458C6ACC.2020605@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Kevin Sanders , Fabr?cio Barros Cabral , freebsd-net@freebsd.org Subject: Re: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 23:40:21 -0000 Julian Elischer wrote: > Kevin Sanders wrote: >> On 12/22/06, Brooks Davis wrote: >>> >>> On Fri, Dec 22, 2006 at 12:43:29PM -0300, Fabr?cio Barros Cabral wrote: >>> > Hello everybody! >>> > >>> > I'm developing a network application which needs *to intercept* a >>> packet >>> > (not just *copy* a packet, like libpcap does), move this packet >>> into my >>> > application (userland), do some checking in the packet and according >>> > with some heuristics, the application may change the payload and >>> > re-inject the modified packet into the network. Note that sometimes, >>> > I'll change the payload, drop the packet or just let it go. >>> > >>> > So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version. >>> >>> The feature you're looking for is divert(4) sockets. You use IPFW to >>> decide which packets to divert to userland and can reinject them as >>> needed. >>> >>> -- Brooks >>> >>> >>> >> >> I'm actually working on something with a similar need. How would this >> perform compared to a kld module that is using the pfil(9) framework? >> I'm >> looking to support very high bandwidth networks, with 400mpbs or more >> over >> gig ethernet. In my case I'm looking at HTTP requests and not >> necessarily >> every packet once I've done what I need to the actual http >> request/headers. >> Obviousely, if I grow or shrink the HTTP request, I then have to >> "massage" >> the seq/ack to keep the two talking, but this is only for a small >> percentage >> of the sessions, and I didn't want to be hit with a kernel -> user >> space -> >> kernel transition for every packet. > > Divert is designed for diverting from the IP layer, to the user layer > for processing (and returning the packet to be sent out/in). It is fast > enough for most WAN applications. > > I use patches to allow me to divert from a bridge (Ethernet layer) > but it's still going to userland. BTW I was able to do several hundred Mb/Sec through userland.. (largish packets though) > > > I have the same thing.. which is why I divert from ethernet layer. > There are some tricks that can be done to really speat that up however.. > for example you only need to look at the first syn packet.. all the rest > don't need to be looked at or diverted. just as a reference point, Using ipfw I was able to saturate a Gb bridge (between 2 bge interfaces) while filtereing against a table of 128000 addresses. (in FreeBSD 4.8) using 30% cpu.. machines have gotten faster since then but the OS has slowed a bit.