Date: Wed, 29 Jan 1997 00:10:12 -0800 From: Julian Elischer <julian@whistle.com> To: Ari Suutari <ari.suutari@ps.carel.fi> Cc: "'Archie Cobbs'" <archie@whistle.com>, Brian Somers <brian@awfulhak.demon.co.uk>, "hackers@freebsd.org" <hackers@freebsd.org>, "cmott@srv.net" <cmott@srv.net> Subject: Re: ipdivert & masqd Message-ID: <32EF05E4.59E2B600@whistle.com> References: <01BC0DC7.5A8AF380@sodium.ps.carel.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
Ari Suutari wrote: Ah a little light shines..... I wonder if it's possible that the ip_output routine might pick up an incoming packet "While it's out there"..? I'll have to think about that.. alternatively, maybe splnet's are nesting with splimp's incorrectly? unlikely.... the whole "global flag" of ip_divert_ignore is a bad idea.. it's not re-entrant at all, but unfortunatly I can't think of a way of fixing that other than adding another argument to ip_input() which I'm sure would go down like a lead balloon. > > Hi everyone, > > I had these problems with latest 2.2-SNAP release and > maybe, just maybe with 2.2-ALPHA. It was quite simple > to reproduce the problem - it occurred every time I opened > a TCP connection from the same machine that natd was > running on. Everything works well if packets come > from different interface and are routed to another. > > I did some investigations in the kernel land (not being > any expert on that), but it seemed like the ip_divert_ignore > flag was still set (from processing a outgoing packet) when > an incoming packet arrived. > > I used tcpdump and natd (in verbose mode) at the > same time initially to figure out that the problem exists. > > To set up a testing environment with natd, one could say > something like: > > ipfw flush > ipfw add divert 32000 ip from any to any via your-if-name > ipfw add pass ip from any to any > > natd -i 32000 -o 32001 -a your-if-address -v > > The port 32001 here is a dummy - it is required by the > current code in natd. However, it is quite harmess, since > no packets are diverted to that port with this setup. > > Hope this helps, > > Ari S. > > -----Original Message----- > From: Archie Cobbs [SMTP:archie@whistle.com] > Sent: 29. tammikuuta 1997 4:18 > To: Brian Somers > Cc: hackers@freebsd.org; ari.suutari@ps.carel.fi; cmott@srv.net > Subject: Re: ipdivert & masqd > > > On investigation, he's correct. Tcp & udp return setup packets coming into > > the machine with masqd running seem to disappear - masqd sees them, but when > > it injects them back into the divert socket they disappear (the app never > > sees them). > > > > This shows itself when you try to initiate a tcp/udp connection through the > > divert sockets from the machine running masqd.... a timeout occurs. However, > > machines that are having packets forwarded through the masqd machine are fine. > > I'll have a look at the divert code and see if I can come up with anything > > interresting. > > Under which version(s) of FreeBSD are you guys having this problem ? > I'm trying to track it down... > > Thanks, > -Archie > > ___________________________________________________________________________ > Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32EF05E4.59E2B600>