Date: Fri, 14 Nov 2003 10:35:53 +0200 From: Ruslan Ermilov <ru@freebsd.org> To: cjclark@alum.mit.edu Cc: net@freebsd.org Subject: Re: netgraph(4) divert(4) to UDP Tunnel Message-ID: <20031114083553.GA12701@sunbay.com> In-Reply-To: <20031113202435.GA25920@blossom.cjclark.org> References: <20031113202435.GA25920@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 13, 2003 at 12:24:35PM -0800, Crist J. Clark wrote: > I'm trying to play around with netgraph(4) for the first time and > there seem to be some aspects of it that haven't "clicked" in my head > just yet. >=20 > What I want to do seems like it should be pretty easy. I want to > send some packets through a UDP tunnel. There is an > /usr/share/examples/netgraph/udp.tunnel file that is close to what I > want, but not quite. I want to send packets that have been divert(4)ed > to the tunnel. >=20 > I can make my two ng_ksocket(8) nodes via the ngctl(8) interface, >=20 > + mkpeer ksocket d0 inet/dgram/udp > + name d0 udptun > + msg d0 bind inet/192.168.64.70:10000 > + msg d0 connect inet/192.168.64.50:10000 > + mkpeer ksocket d1 inet/raw/divert > + name d1 divtun > + msg d1 bind inet/0.0.0.0:8668 >=20 > But how do I then connect the two of them up? I assume that I use > 'connect' within ngctl(8), but I haven't figured out what the > arguments need to be with the documentation and examples I've found. >=20 > The other thing I suspect I should be doing, is actually running the > 'mkpeer' through the first node I create in ngctl(8), but I can't seem > to get that to work, >=20 > + mkpeer ksocket d0 inet/dgram/udp > + name d0 udptun > + msg d0 bind inet/192.168.64.70:10000 > + msg d0 connect inet/192.168.64.50:10000 > + mkpeer d0 ksocket d1 inet/raw/divert > ngctl: send msg: Socket is already connected >=20 > I think it is actually complaining about the hook between my ngctl > node and the udptun node and not the creation of the divert socket? >=20 > Basically, I think my conceptual problem is with the fact that you > start with the ngctl(8) node in the middle of everything. How do I > create my new nodes and get the ngctl(8) node out of the middle? >=20 I don't think this is currently possible (I'd like to be mistaken). The main difference between ng_iface (from the classical tunnel example) and ng_ksocket is that the first is so-called ``persistent'' node, i.e., when the number of hooks becomes zero, the node does not get removed automatically. This same is not true for ksocket. But I think this could be a work around: ngctl + mkpeer tee dummy left2right + name dummy mytee + mkpeer mytee: ksocket left inet/dgram/udp + name mytee:left udp1 + mkpeer mytee: ksocket right inet/dgram/udp + name mytee:right udp2 + exit # ngctl show mytee: Name: mytee Type: tee ID: 0000000e Num hooks: 2 Local hook Peer name Peer type Peer ID Peer hook ---------- --------- --------- ------- --------- right udp2 ksocket 00000010 inet/dgram/u= dp left udp1 ksocket 0000000f inet/dgram/u= dp I've omitted any socket-related ops, and both sockets are of type UDP (I don't have the divert(4) support compiled in on this machine), but this should not be important. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software Ltd, ru@FreeBSD.org FreeBSD committer --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/tJPpUkv4P6juNwoRAidzAJ9Z3kVCjl2QwvKp1QHy1xx4z9xi0gCeKZht +Uff3Qp7G1+MKi6dCmEMoZo= =HKUO -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031114083553.GA12701>