From owner-freebsd-net@FreeBSD.ORG Wed Mar 9 19:43:06 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 027821065672 for ; Wed, 9 Mar 2011 19:43:06 +0000 (UTC) (envelope-from rajkumars@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 8F4848FC0A for ; Wed, 9 Mar 2011 19:43:05 +0000 (UTC) Received: by fxm19 with SMTP id 19so978204fxm.13 for ; Wed, 09 Mar 2011 11:43:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=lMRKu3TYsSKn61p1adUl5Z7YQnJ0xk4ns5iyfTC9ErY=; b=encg9RsOe1GzKSYOfkh7OeGbQpgw5hdNsOF9BfClWTnmfv6sh8laQ9tU7fG8eTyW/d H4OC+MVitpxW299U61poygqNos68ob3FBnoEapg6mMMx/UyjZ9fwA4/kKsvsWju6yZSu SCcjjJ5fkd+2ndLNLK/h812B4Upw4+9VvS43U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=WsK+S27z7uxjzXf2Km+jAVrsU5mPpq4+1JVkoh/vCN3WiozJxZ4Iwyc7LkJLEa3EAk YlKXc9Ec1JOJohxN62tTDMcivRr38INZ0CpcRg/T48byA6r0X+ptHkW6takjOE3WTx1m 5gN3B+/wWh0fpDzsIoSmG54xQ/SdDEe5jnigw= MIME-Version: 1.0 Received: by 10.223.143.16 with SMTP id s16mr1996847fau.57.1299697443327; Wed, 09 Mar 2011 11:04:03 -0800 (PST) Received: by 10.223.102.76 with HTTP; Wed, 9 Mar 2011 11:04:03 -0800 (PST) Date: Thu, 10 Mar 2011 00:34:03 +0530 Message-ID: From: Rajkumar S To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: IP_BINDANY: return packets not accepted by kernel X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2011 19:43:06 -0000 Hello all, I am testing IP_BINDANY functionality with a small C program. I can bind to a foreign (non existing) address, and syn packets are being sent with the bound source IP address and port. Return (ACK) packets are reaching the host (I can see the SYN-ACK packet in tcpdump), but the third packet in TCP handshake is not getting generated. It looks like the second SYN-ACK is not getting accepted by the kernel. My test setup consists of 2 machines, one freebsd 8.2 where I am running my test program has an ip address of 192.168.3.83, and an echo server running in the second machine with ip address 192.168.3.18. The souce ip address of connection originating from my test program is 192.168.9.5 and echo server is having a route for 192.168.9.0/24 to 192.168.3.83. Since there is a route for 192.168.9.5 from 192.168.3.18 there is no need for any additional pf rules for redirecting and packets can be seen in tcpdump. Netstat gives the following output. The state remains SYN_SENT and the kernel is not able to "see" the SYN-ACK. tcp4 0 0 192.168.9.5.7 192.168.3.18.7 SYN_SENT tcpdump gives the following output (first 2 lines) 17:39:54.745332 00:40:f4:bd:3d:1c > 00:27:0e:26:d9:66, ethertype IPv4 (0x0800), length 74: 192.168.9.5.7 > 192.168.3.18.7: Flags [S], seq 587594188, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 92954112 ecr 0], length 0 17:39:54.745446 00:27:0e:26:d9:66 > 00:40:f4:bd:3d:1c, ethertype IPv4 (0x0800), length 74: 192.168.3.18.7 > 192.168.9.5.7: Flags [S.], seq 399460822, ack 587594189, win 5792, options [mss 1460,sackOK,TS val 4341497 ecr 92954112,nop,wscale 7], length 0 arp -na (abbreviated) ? (192.168.3.83) at 00:40:f4:bd:3d:1c on re0 permanent [ethernet] ? (192.168.3.18) at 00:27:0e:26:d9:66 on re0 expires in 1133 seconds [ethernet] Am I missing some thing here? I am running all programs as root, so I do have the privileges. I guess there are no sysctrl to be set. Any help to get this working is much appreciated. with regards, raj