Date: Fri, 14 Nov 2003 18:35:43 +0200 From: Ruslan Ermilov <ru@freebsd.org> To: cjclark@alum.mit.edu Cc: net@freebsd.org Subject: Re: netgraph(4) divert(4) to UDP Tunnel Message-ID: <20031114163543.GA57826@sunbay.com> In-Reply-To: <20031114161040.GA61960@blossom.cjclark.org> References: <20031113202435.GA25920@blossom.cjclark.org> <20031114083553.GA12701@sunbay.com> <20031114161040.GA61960@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--UlVJffcvxoiEqYs2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Nov 14, 2003 at 08:10:40AM -0800, Crist J. Clark wrote:
> On Fri, Nov 14, 2003 at 10:35:53AM +0200, Ruslan Ermilov wrote:
> > On Thu, Nov 13, 2003 at 12:24:35PM -0800, Crist J. Clark wrote:
> > > I'm trying to play around with netgraph(4) for the first time and
> > > there seem to be some aspects of it that haven't "clicked" in my head
> > > just yet.
> > >=20
> > > What I want to do seems like it should be pretty easy. I want to
> > > send some packets through a UDP tunnel. There is an
> > > /usr/share/examples/netgraph/udp.tunnel file that is close to what I
> > > want, but not quite. I want to send packets that have been divert(4)ed
> > > to the tunnel.
> > >=20
> > > I can make my two ng_ksocket(8) nodes via the ngctl(8) interface,
> > >=20
> > > + mkpeer ksocket d0 inet/dgram/udp
> > > + name d0 udptun
> > > + msg d0 bind inet/192.168.64.70:10000
> > > + msg d0 connect inet/192.168.64.50:10000
> > > + mkpeer ksocket d1 inet/raw/divert
> > > + name d1 divtun
> > > + msg d1 bind inet/0.0.0.0:8668
> > >=20
> > > But how do I then connect the two of them up? I assume that I use
> > > 'connect' within ngctl(8), but I haven't figured out what the
> > > arguments need to be with the documentation and examples I've found.
> > >=20
> > > The other thing I suspect I should be doing, is actually running the
> > > 'mkpeer' through the first node I create in ngctl(8), but I can't seem
> > > to get that to work,
> > >=20
> > > + mkpeer ksocket d0 inet/dgram/udp
> > > + name d0 udptun
> > > + msg d0 bind inet/192.168.64.70:10000
> > > + msg d0 connect inet/192.168.64.50:10000
> > > + mkpeer d0 ksocket d1 inet/raw/divert
> > > ngctl: send msg: Socket is already connected
> > >=20
> > > I think it is actually complaining about the hook between my ngctl
> > > node and the udptun node and not the creation of the divert socket?
> > >=20
> > > Basically, I think my conceptual problem is with the fact that you
> > > start with the ngctl(8) node in the middle of everything. How do I
> > > create my new nodes and get the ngctl(8) node out of the middle?
> > >=20
> > I don't think this is currently possible (I'd like to be mistaken).
> > The main difference between ng_iface (from the classical tunnel
> > example) and ng_ksocket is that the first is so-called ``persistent''
> > node, i.e., when the number of hooks becomes zero, the node does
> > not get removed automatically. This same is not true for ksocket.
> >=20
> > But I think this could be a work around:
> >=20
> > ngctl
> > + mkpeer tee dummy left2right
> > + name dummy mytee
> > + mkpeer mytee: ksocket left inet/dgram/udp
> > + name mytee:left udp1
> > + mkpeer mytee: ksocket right inet/dgram/udp
> > + name mytee:right udp2
> > + exit
>=20
> Thanks for the suggestion. I had already tried this, and it did indeed
> work. However, you actually can do one better. If you now shutdown the
> ng_tee(8) node, the two ksockets end up directly attached. I found
> that out by accident and haven't looked to see where that interesting
> behavior is documented. Here're the commands I used,
>=20
> #!/usr/sbin/ngctl -f
>=20
> mkpeer tee hub left2right
>=20
> mkpeer hub ksocket right inet/dgram/udp
> name hub.right udptun
> msg hub.right bind inet/192.168.64.70:10000
> msg hub.right connect inet/192.168.64.50:10000
>=20
> mkpeer hub ksocket left inet/raw/divert
> name hub.left divtun
> msg hub.left bind inet/0.0.0.0:8668
>=20
> shutdown hub
>=20
> After I run this,
>=20
> # ngctl list
> There are 3 total nodes:
> Name: ngctl13605 Type: socket ID: 0000003b Num hooks:=
0
> Name: divtun Type: ksocket ID: 0000003a Num hooks:=
1
> Name: udptun Type: ksocket ID: 00000039 Num hooks:=
1
> # ngctl show divtun:
> Name: divtun Type: ksocket ID: 0000003a Num hooks:=
1
> Local hook Peer name Peer type Peer ID Peer hook
> ---------- --------- --------- ------- --------=
-=20
> inet/raw/divert udptun ksocket 00000039 inet/dgr=
am/udp
>=20
> Which is exactly what I wanted.
>=20
Strange, I've tried exactly this sequence in the morning when replying,
and it didn't work. Ah, I now see: it works this way on 4.9-STABLE only,
but not on 5.1-CURRENT anymore. This is due to the following code that
took care of reconnecting hooks commented out in 5.1-CURRENT (due to the
internal differences in the node shutdown code in RELENG_4 and HEAD):
: ngt_shutdown(node_p node)
: {
: const sc_p privdata =3D NG_NODE_PRIVATE(node);
: #if 0 /* can never happen as cutlinks is already called */
: if (privdata->left.hook && privdata->right.hook)
: ng_bypass(privdata->left.hook, privdata->right.hook);
: #endif
Possible solutions:
- add a new control message for ng_tee that will effectively call
ng_bypass() as shown above,
- "fix" NGM_CONNECT to allow for node reconnection.
Cheers,
--=20
Ruslan Ermilov Sysadmin and DBA,
ru@sunbay.com Sunbay Software Ltd,
ru@FreeBSD.org FreeBSD committer
--UlVJffcvxoiEqYs2
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/tQRfUkv4P6juNwoRAiNFAJ9ExdFPQqbI1DJgkZQhAqj1aohwgwCfa6Us
llZUwqcdZGd+GlUVZFVnXkg=
=TpXj
-----END PGP SIGNATURE-----
--UlVJffcvxoiEqYs2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031114163543.GA57826>