From owner-freebsd-net@FreeBSD.ORG Fri Nov 14 00:36:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0969916A4CE for ; Fri, 14 Nov 2003 00:36:12 -0800 (PST) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A79F43FF3 for ; Fri, 14 Nov 2003 00:36:09 -0800 (PST) (envelope-from ru@sunbay.com) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) hAE8Ztsw015170 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 14 Nov 2003 10:35:55 +0200 (EET) (envelope-from ru@sunbay.com) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.9p2/8.12.9/Submit) id hAE8Zrkm015163; Fri, 14 Nov 2003 10:35:53 +0200 (EET) (envelope-from ru) Date: Fri, 14 Nov 2003 10:35:53 +0200 From: Ruslan Ermilov To: cjclark@alum.mit.edu Message-ID: <20031114083553.GA12701@sunbay.com> References: <20031113202435.GA25920@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd" Content-Disposition: inline In-Reply-To: <20031113202435.GA25920@blossom.cjclark.org> User-Agent: Mutt/1.5.5.1i cc: net@freebsd.org Subject: Re: netgraph(4) divert(4) to UDP Tunnel X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2003 08:36:12 -0000 --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 13, 2003 at 12:24:35PM -0800, Crist J. Clark wrote: > I'm trying to play around with netgraph(4) for the first time and > there seem to be some aspects of it that haven't "clicked" in my head > just yet. >=20 > What I want to do seems like it should be pretty easy. I want to > send some packets through a UDP tunnel. There is an > /usr/share/examples/netgraph/udp.tunnel file that is close to what I > want, but not quite. I want to send packets that have been divert(4)ed > to the tunnel. >=20 > I can make my two ng_ksocket(8) nodes via the ngctl(8) interface, >=20 > + mkpeer ksocket d0 inet/dgram/udp > + name d0 udptun > + msg d0 bind inet/192.168.64.70:10000 > + msg d0 connect inet/192.168.64.50:10000 > + mkpeer ksocket d1 inet/raw/divert > + name d1 divtun > + msg d1 bind inet/0.0.0.0:8668 >=20 > But how do I then connect the two of them up? I assume that I use > 'connect' within ngctl(8), but I haven't figured out what the > arguments need to be with the documentation and examples I've found. >=20 > The other thing I suspect I should be doing, is actually running the > 'mkpeer' through the first node I create in ngctl(8), but I can't seem > to get that to work, >=20 > + mkpeer ksocket d0 inet/dgram/udp > + name d0 udptun > + msg d0 bind inet/192.168.64.70:10000 > + msg d0 connect inet/192.168.64.50:10000 > + mkpeer d0 ksocket d1 inet/raw/divert > ngctl: send msg: Socket is already connected >=20 > I think it is actually complaining about the hook between my ngctl > node and the udptun node and not the creation of the divert socket? >=20 > Basically, I think my conceptual problem is with the fact that you > start with the ngctl(8) node in the middle of everything. How do I > create my new nodes and get the ngctl(8) node out of the middle? >=20 I don't think this is currently possible (I'd like to be mistaken). The main difference between ng_iface (from the classical tunnel example) and ng_ksocket is that the first is so-called ``persistent'' node, i.e., when the number of hooks becomes zero, the node does not get removed automatically. This same is not true for ksocket. But I think this could be a work around: ngctl + mkpeer tee dummy left2right + name dummy mytee + mkpeer mytee: ksocket left inet/dgram/udp + name mytee:left udp1 + mkpeer mytee: ksocket right inet/dgram/udp + name mytee:right udp2 + exit # ngctl show mytee: Name: mytee Type: tee ID: 0000000e Num hooks: 2 Local hook Peer name Peer type Peer ID Peer hook ---------- --------- --------- ------- --------- right udp2 ksocket 00000010 inet/dgram/u= dp left udp1 ksocket 0000000f inet/dgram/u= dp I've omitted any socket-related ops, and both sockets are of type UDP (I don't have the divert(4) support compiled in on this machine), but this should not be important. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software Ltd, ru@FreeBSD.org FreeBSD committer --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/tJPpUkv4P6juNwoRAidzAJ9Z3kVCjl2QwvKp1QHy1xx4z9xi0gCeKZht +Uff3Qp7G1+MKi6dCmEMoZo= =HKUO -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd--