From owner-freebsd-hackers Fri Jan 26 10:43:22 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 0081F37B401 for ; Fri, 26 Jan 2001 10:43:05 -0800 (PST) Received: from curve.dellroad.org (curve.dellroad.org [10.1.1.30]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id KAA67365; Fri, 26 Jan 2001 10:43:00 -0800 (PST) Received: (from archie@localhost) by curve.dellroad.org (8.9.3/8.9.3) id KAA09789; Fri, 26 Jan 2001 10:43:00 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200101261843.KAA09789@curve.dellroad.org> Subject: Re: Divert Sockets & Fragmentation revisited In-Reply-To: "from Alwyn Goodloe at Jan 25, 2001 10:59:27 pm" To: Alwyn Goodloe Date: Fri, 26 Jan 2001 10:43:00 -0800 (PST) Cc: hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL77 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Alwyn Goodloe writes: > Guys still having problems with divert sockets and fragmentation. > > As I said in a previous post the divert operations and corresponding program > work fine when the datagram sent have size < MTU (1500) but when the > datagram has size > MTU and hence get fragmented the recfrom just > waits never receiving anything. I am attaching the relevent code > fragments below. > > tcpdump tells me that the packets arrive on the interface. > Hence I know the fragments arrive. > > Now my ipfw commands are: > > ipfw add 60000 divert 4422 udp from any to any 3322 in > ipfw add 65000 allow ip from any to any I think the problem is that the first fragment is matching your rule, but not subsequent fragments (because the port number is only contained in the first fragment..) > Now I thought that that maybe the divert being so specific was > a problem so I tried flushing ipfw and using the command: > ipfw add 60000 divert 4422 ip from any to any > > thus diverting any ip packets and still nothing. That doesn't make sense.. Try adding the "log" keyword to your ipfw commands, or checking the stats with "ipfw show" so you can see exactly what's being diverted. > Now according to the man page on divert: > > Incomming packets which get diverted are fully reassembled before > delivery of any one fragment. Diversion of any one packet causes > the entire packet to get diverted. I different fragments get > diverted to different ports, then which port ultimately gets > diverted is unpredictable. > > I was under the impression that the packets wern't reassemblembed before > diversion. Am I wrong here? Yes... but all fragments must match. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message