From owner-freebsd-net@FreeBSD.ORG Fri Nov 14 08:10:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A04D716A4DD; Fri, 14 Nov 2003 08:10:26 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8090E43FAF; Fri, 14 Nov 2003 08:10:23 -0800 (PST) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (12-234-156-182.client.attbi.com[12.234.156.182]) by comcast.net (rwcrmhc12) with ESMTP id <2003111416102301400q0daje>; Fri, 14 Nov 2003 16:10:23 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.9p2/8.12.8) with ESMTP id hAEGAfsb062018; Fri, 14 Nov 2003 08:10:42 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.9p2/8.12.9/Submit) id hAEGAfhk062017; Fri, 14 Nov 2003 08:10:41 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Fri, 14 Nov 2003 08:10:40 -0800 From: "Crist J. Clark" To: Ruslan Ermilov Message-ID: <20031114161040.GA61960@blossom.cjclark.org> References: <20031113202435.GA25920@blossom.cjclark.org> <20031114083553.GA12701@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031114083553.GA12701@sunbay.com> User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: net@freebsd.org Subject: Re: netgraph(4) divert(4) to UDP Tunnel X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: cjclark@alum.mit.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2003 16:10:26 -0000 On Fri, Nov 14, 2003 at 10:35:53AM +0200, Ruslan Ermilov wrote: > On Thu, Nov 13, 2003 at 12:24:35PM -0800, Crist J. Clark wrote: > > I'm trying to play around with netgraph(4) for the first time and > > there seem to be some aspects of it that haven't "clicked" in my head > > just yet. > > > > What I want to do seems like it should be pretty easy. I want to > > send some packets through a UDP tunnel. There is an > > /usr/share/examples/netgraph/udp.tunnel file that is close to what I > > want, but not quite. I want to send packets that have been divert(4)ed > > to the tunnel. > > > > I can make my two ng_ksocket(8) nodes via the ngctl(8) interface, > > > > + mkpeer ksocket d0 inet/dgram/udp > > + name d0 udptun > > + msg d0 bind inet/192.168.64.70:10000 > > + msg d0 connect inet/192.168.64.50:10000 > > + mkpeer ksocket d1 inet/raw/divert > > + name d1 divtun > > + msg d1 bind inet/0.0.0.0:8668 > > > > But how do I then connect the two of them up? I assume that I use > > 'connect' within ngctl(8), but I haven't figured out what the > > arguments need to be with the documentation and examples I've found. > > > > The other thing I suspect I should be doing, is actually running the > > 'mkpeer' through the first node I create in ngctl(8), but I can't seem > > to get that to work, > > > > + mkpeer ksocket d0 inet/dgram/udp > > + name d0 udptun > > + msg d0 bind inet/192.168.64.70:10000 > > + msg d0 connect inet/192.168.64.50:10000 > > + mkpeer d0 ksocket d1 inet/raw/divert > > ngctl: send msg: Socket is already connected > > > > I think it is actually complaining about the hook between my ngctl > > node and the udptun node and not the creation of the divert socket? > > > > Basically, I think my conceptual problem is with the fact that you > > start with the ngctl(8) node in the middle of everything. How do I > > create my new nodes and get the ngctl(8) node out of the middle? > > > I don't think this is currently possible (I'd like to be mistaken). > The main difference between ng_iface (from the classical tunnel > example) and ng_ksocket is that the first is so-called ``persistent'' > node, i.e., when the number of hooks becomes zero, the node does > not get removed automatically. This same is not true for ksocket. > > But I think this could be a work around: > > ngctl > + mkpeer tee dummy left2right > + name dummy mytee > + mkpeer mytee: ksocket left inet/dgram/udp > + name mytee:left udp1 > + mkpeer mytee: ksocket right inet/dgram/udp > + name mytee:right udp2 > + exit Thanks for the suggestion. I had already tried this, and it did indeed work. However, you actually can do one better. If you now shutdown the ng_tee(8) node, the two ksockets end up directly attached. I found that out by accident and haven't looked to see where that interesting behavior is documented. Here're the commands I used, #!/usr/sbin/ngctl -f mkpeer tee hub left2right mkpeer hub ksocket right inet/dgram/udp name hub.right udptun msg hub.right bind inet/192.168.64.70:10000 msg hub.right connect inet/192.168.64.50:10000 mkpeer hub ksocket left inet/raw/divert name hub.left divtun msg hub.left bind inet/0.0.0.0:8668 shutdown hub After I run this, # ngctl list There are 3 total nodes: Name: ngctl13605 Type: socket ID: 0000003b Num hooks: 0 Name: divtun Type: ksocket ID: 0000003a Num hooks: 1 Name: udptun Type: ksocket ID: 00000039 Num hooks: 1 # ngctl show divtun: Name: divtun Type: ksocket ID: 0000003a Num hooks: 1 Local hook Peer name Peer type Peer ID Peer hook ---------- --------- --------- ------- --------- inet/raw/divert udptun ksocket 00000039 inet/dgram/udp Which is exactly what I wanted. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org