From owner-freebsd-net@FreeBSD.ORG Sun Dec 8 10:43:26 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6E581C74 for ; Sun, 8 Dec 2013 10:43:26 +0000 (UTC) Received: from mail-pd0-x235.google.com (mail-pd0-x235.google.com [IPv6:2607:f8b0:400e:c02::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 412EF19EB for ; Sun, 8 Dec 2013 10:43:26 +0000 (UTC) Received: by mail-pd0-f181.google.com with SMTP id p10so3475347pdj.40 for ; Sun, 08 Dec 2013 02:43:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=IROVtG5eL3wKA7shJYgDYABQ4VOX/LIBYsQtRTKGga0=; b=Tb1pKQPDUmdadP62wTneICPNbNE8vuTAOwiLZB6N7FZY1Cy2IKDrRJzl2g8mTIgro3 F18t5iKgAD33vUyeo4glLDzS1nUoIRZBoxvrBTM9tmCWLG6Pgf5K6GUk/aZumUn7ORDd QdjETFjaBSYmrf4TkJdO3pitT2ICV4ULQJ3gKBidsxscW8B64u3h8LGHOTSMElHbXu15 58WXX9MWi6PCM4fwjVVy+2RXESnCvA5wEaJgm8iPjZsPCJz16/M0iUBKiAT2YFU0DLvc Zhn5TfM7gbgaeJfv9XH5LddxOfoZiNzjahO1NYF5uAwIXoAFLRztmYIK5KtwsfAoMCgN BVKw== MIME-Version: 1.0 X-Received: by 10.66.2.66 with SMTP id 2mr14655678pas.72.1386499405830; Sun, 08 Dec 2013 02:43:25 -0800 (PST) Received: by 10.70.127.143 with HTTP; Sun, 8 Dec 2013 02:43:25 -0800 (PST) Received: by 10.70.127.143 with HTTP; Sun, 8 Dec 2013 02:43:25 -0800 (PST) In-Reply-To: References: <5293E3E7.6090604@freebsd.org> Date: Sun, 8 Dec 2013 12:43:25 +0200 Message-ID: Subject: Re: Netgraph ng_patch and ng_input: where to find packets? From: Sami Halabi To: Victor Gamov Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Dec 2013 10:43:26 -0000 Hi Gamov, Have got this to work? If so would share configurations? Thanks in advance, Sami =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 29 =D7=91=D7=A0=D7=95=D7=91 2013 19:28= , "Victor Gamov" =D7=9B=D7=AA=D7=91: > ipfw allow log udp from 192.168.230.9 to 192.168.230.128 dst-port 1234 > > this rule added to ipfw before ngtee action and I see patched packets at > ipfw now -- its marked as received via vlan999 still. Yes, it's OK. > > Also, I make 3 actions at ng_patch now: > set TTL=3D3 > set src_ip=3D192.168.230.9 (vlan333) > set dst_ip=3D192.168.230.128 now. > > But packets still does not exists on vlan333 as outgoing. > > Any suggestions? > > Is it possible patched packets silently drops by kernel ? > > On 26Nov, 2013, at 13:44, Victor Gamov wrote: > > > > > On 26Nov, 2013, at 03:57, Julian Elischer wrote: > > > >> On 11/24/13, 5:05 AM, Victor Gamov wrote: > >>> Hi All > >>> > >>> I want to get 2 or 3 copies of input packet at my system to resend it > to new destinations. So I prepare following configuration: > >>> > >>> # ipfw add 10000 ngtee 100 udp from any to 239.0.0.19 dst-port 1234 i= n > via vlan999 > >>> > >>> # ngctl mkpeer ipfw: hub 100 hub-in > >>> # ngctl name ipfw:100 hub100 > >>> > >>> # ngctl mkpeer hub100: patch hub100-out1 in > >>> # ngctl name hub100:hub100-out1 patch100 > >>> # ngctl msg patch100: setconfig '{ count=3D1 csum_flags=3D1 ops=3D[ { > value=3D0xc0a8e680 offset=3D16 length=3D4 mode=3D1 } ] }' > >>> > >>> Now when I connect to patch:out as > >>> # nghook -a patch100: out > >>> > >>> then I see packets with new IP: > >>> > >>> 0000: 45 00 05 40 00 00 40 00 ff 11 b9 27 c0 a8 0d 12 > >>> 0010: c0 a8 e6 80 04 dc 04 dc 05 2c 00 00 47 4c ef 1a > >>> > >>> Now I want to put this packets back into IP processing to send it to > new destination 192.168.230.128 (0xc0a8e680): > >>> > >>> # ngctl mkpeer patch100: ip_input out new100_to_dst_1 > >>> > >>> But packets not shown on outgoing interface: > >>> > >>> # ifconfig vlan333 > >>> vlan333: flags=3D8843 metric = 0 > mtu 1500 > >>> options=3D103 > >>> ether 00:1b:21:5b:7e:e9 > >>> inet 192.168.230.9 netmask 0xffffff00 broadcast 192.168.230.255 > >>> > >>> # arp 192.168.230.128 > >>> ? (192.168.230.128) at 62:99:4c:3b:22:fc on vlan333 expires in 1190 > seconds > >> I would looking at giving the packet back to the firewall as suggested= .. > >> > >> netgraph cookie > >> Divert packet into netgraph with given cookie. The search > termi- > >> nates. If packet is later returned from netgraph it is > either > >> accepted or continues with the next rule, depending on > >> net.inet.ip.fw.one_pass sysctl variable. > >> see ng_ipfw for more details.. > > > > Yes I read this manuals :-) But I still can't see packets neither at > ipfw nor at outgoing interface. > > > > net.inet.ip.fw.one_pass: 0 > > net.inet.ip.forwarding: 1 > > > > Is my original idea is correct? > > -- > CU, > Victor Gamov > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >