Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Oct 2016 03:03:58 +1100 (EST)
From:      Ian Smith <smithi@nimnet.asn.au>
To:        Shawn Bakhtiar <shashaness@hotmail.com>
Cc:        Samira Nazari <nazari.s11@gmail.com>, "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>
Subject:   Re: change packets with IPFW divert
Message-ID:  <20161019023739.D6806@sola.nimnet.asn.au>
In-Reply-To: <CY1PR14MB052039CE53AE379BF6693C5DC4D30@CY1PR14MB0520.namprd14.prod.outlook.com>
References:  <CAG1-nfyJ0LRsFH1xMZJhfkLC8GgLSgTukOdD%2B2-xLqLx8FWrBw@mail.gmail.com> <CY1PR14MB052039CE53AE379BF6693C5DC4D30@CY1PR14MB0520.namprd14.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 18 Oct 2016 14:21:50 +0000, Shawn Bakhtiar wrote:
 > On Oct 18, 2016, at 6:49 AM, Samira Nazari <nazari.s11@gmail.com<mailto:nazari.s11@gmail.com>> wrote:
 > > Hello every one,
 > > When we diverte packets to the specified port with "IPFW divert" ,
 > > we can change it and re-sent to the kernel?

 > Not sure what you mean by change it but:
 > 
 > "Divert sockets are similar to raw IP sockets, except that they can 
 > be bound to a specific divert port via the bind(2) system call.  The 
 > IP address in the bind is ignored; only the port number is 
 > significant.  A divert socket bound to a divert port will receive all 
 > packets diverted to that port by some (here unspecified) kernel 
 > mechanism(s).  Packets may also be written to a divert port, in which 
 > case they re-enter kernel IP packet processing."
 > 
 > -- SRC: https://www.freebsd.org/cgi/man.cgi?query=divert&sektion=4&apropos=0&manpath=FreeBSD+10.3-RELEASE+and+Ports

Apart from divert(4), most likely the best example is the natd(8) code, 
which modifies packet source or destination addresses and (maybe) ports.

Ignoring the NAT processing - or not, as appropriate - the way natd uses 
divert sockets both to receive packets from ipfw and later (perhaps) to 
reinject them for further processing should show clearly how it's done.

cheers, Ian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161019023739.D6806>