From owner-freebsd-questions@FreeBSD.ORG Fri Aug 31 15:40:35 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D7EB16A418 for ; Fri, 31 Aug 2007 15:40:35 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (66-230-99-27-cdsl-rb1.nwc.acsalaska.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 562DA13C428 for ; Fri, 31 Aug 2007 15:40:35 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 04E9C1CC38 for ; Fri, 31 Aug 2007 07:40:08 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Fri, 31 Aug 2007 17:40:06 +0200 User-Agent: KMail/1.9.7 References: <20070831202729.7e4c0f7a@localhost> <20070831113353.GA30807@insomnia.benzedrine.cx> <20070831231015.29fa7b07@localhost> In-Reply-To: <20070831231015.29fa7b07@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200708311740.07360.fbsd.questions@rachie.is-a-geek.net> Subject: Re: pf rdr + netsed : reinject loop... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2007 15:40:35 -0000 On Friday 31 August 2007 15:10:15 Norberto Meijome wrote: > On Fri, 31 Aug 2007 13:33:53 +0200 > > Daniel Hartmeier wrote: > > On Fri, Aug 31, 2007 at 08:27:29PM +1000, Norberto Meijome wrote: > > > rdr on $int_if proto tcp from 172.16.82.81 to any -> 127.0.0.1 port > > > 10101 netsed tcp 10101 0 0 s/FOO/BAR > > > > > > The traffic from XP gets redirected just fine to netsed, which replaces > > > the bytes just fine. BUT the changed packets (the output of netsed) get > > > reinjected somewhere so that the rdr hits them again, sending them back > > > to netsed ad infinitum. ( yes, i managed to hit a load of 700+ without > > > anything ever leaving BSD ...quite cool) > > > > I'm pretty sure the endless loop you describe does not pass through pf, > > except for the first iteration. In the first iteration, pf replaces the > > destination address with 127.0.0.1, and the packet goes to netsed. > > netsed changes the payload, but leaves the destination address > > (127.0.0.1 now). It sends the packet out, and since the destination > > address is 127.0.0.1, it sends it to itself. Hence the loop, which does > > not involve pf any further (i.e. there's no 'redirecting again' or such, > > AFAICT). > > I was just reaching the same conclusion after some strong coffee > > netsed's output is (part ) : > --- > Script started on Fri Aug 31 07:52:12 2007 > [root@localhost /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR > netsed 0.01b by Michal Zalewski > [*] Parsing rule s/FOO/BAR ... > [+] Loaded 1 rules... > [+] Listening on port 10101/tcp. > [+] Using dynamic (transparent proxy) forwarding. > > [+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101 > [*] Forwarding connection to 127.0.0.1:10101 > [+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101 > [*] Forwarding connection to 127.0.0.1:10101 > [+] Caught client -> server packet. I think you need to figure out what this 'transparent proxy mode' of netsed does, cause it should under no circumstances forward to itself... -- Mel