From owner-freebsd-current@FreeBSD.ORG Tue Sep 26 10:40:10 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6269816A415 for ; Tue, 26 Sep 2006 10:40:10 +0000 (UTC) (envelope-from if@hetzner.co.za) Received: from hetzner.co.za (office.cpt2.host-h.net [196.7.147.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB99C43D70 for ; Tue, 26 Sep 2006 10:40:07 +0000 (GMT) (envelope-from if@hetzner.co.za) Received: from localhost ([127.0.0.1]) by hetzner.co.za with esmtp (Exim 4.62 (FreeBSD)) (envelope-from ) id 1GSAM8-0008Vk-JO; Tue, 26 Sep 2006 12:40:04 +0200 To: Randall Stewart From: Ian FREISLICH In-Reply-To: Message from Randall Stewart of "Tue, 26 Sep 2006 06:26:42 -0400." <45190062.6090306@cisco.com> X-Attribution: BOFH Date: Tue, 26 Sep 2006 12:40:04 +0200 Message-Id: Cc: freebsd-current@freebsd.org Subject: Re: Anyone play with divert sockets lately? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2006 10:40:10 -0000 Randall Stewart wrote: > Ian FREISLICH wrote: > > > > > > > I'm using divert sockets extensively for some tunnel/vpn software > > I wrote _way_ back. It's running fine on -CURRENT (Tue Sep 19 > > 08:33:01 SAST 2006), 4.11-STABLE, and just about everything in > > between. I've not had to change the code substantially to make it > > work on newer BSDs. All our VoIP goes through this piece of code: > > > > memset(&from, '\0', sizeof from); > > from.sin_addr.s_addr = INADDR_ANY; > > from.sin_port = config.tuns[config.tun].fw_rule; > > while (tot + ntohs(hdr->length) <= (p - buf + in)) { > > out = sendto(config.tuns[config.tun].div_fd, buf + tot, > > ntohs(hdr->length), 0, (struct sockaddr *)&from, > > sizeof(addr)); > > ... > > > > > Well, its interesting ... 6.1 appears to work.. but 7.0 does not.. > > Now I don't think the code we have does anything with setting the > sin_port like you do (to config.tuns[]...) All that does is tell the divert socket which (ipfw) rule to inject the packet after. If you read from the divert socket, do stuff(tm) and write back to the divert socket, preserve the struct sockaddr *from from the recvfrom() call and use that same data in the sendto() call unless you want processing in the stack to start afresh for the packet. (I'm sure others will correct that statement, but that's my poor-man's understanding) I've found that not zeroing these network structures before use confounds things, because you might not initialise all the elements. If my memory serves correctly, I think that these structures have changed size between 6 and 7, but take my saying so with a pinch of salt because I haven't checked recently. Ian -- Ian Freislich