From owner-freebsd-ipfw@FreeBSD.ORG  Tue May 13 03:58:05 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4018537B401
	for <freebsd-ipfw@freebsd.org>; Tue, 13 May 2003 03:58:05 -0700 (PDT)
Received: from radix.sorted.org (radix.sorted.org [194.70.217.146])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 082AD43FBF
	for <freebsd-ipfw@freebsd.org>; Tue, 13 May 2003 03:58:04 -0700 (PDT)
	(envelope-from andy@sorted.org)
Received: from radix.sorted.org (localhost [127.0.0.1])
	by radix.sorted.org (Postfix) with SMTP
	id 2CEE42B905; Tue, 13 May 2003 11:58:01 +0100 (BST)
Received: from 217.154.240.18
        (SquirrelMail authenticated user andy)
        by radix.sorted.org with HTTP;
        Tue, 13 May 2003 11:58:01 +0100 (BST)
Message-ID: <19025.217.154.240.18.1052823481.squirrel@radix.sorted.org>
Date: Tue, 13 May 2003 11:58:01 +0100 (BST)
From: andy@sorted.org
To: freebsd-ipfw@freebsd.org
User-Agent: SquirrelMail/1.4.0
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3
Importance: Normal
Subject: Q: ipfw & divert sockets (2nd try)
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2003 10:58:05 -0000

Apologies if this is not the place for this question - I worked through
the list of mailing lists and this seemed the appropriate spot (and
apologies if you already have this mail from another address - reverse-DNS
problems).

I've been working to use FreeBSD4.8-STABLE/IPFW2 and a small user-land App
linked to it via a divert socket, to encapsulate all outgoing data on a
given interface into a UDP packet stream (and visa versa) - effectively an
IP-over-UDP tunnel.

The send-side of this seems to work fine - I can send a datagram,
encapsulate it, and watch it travel over the network. Furthermore, the
receive side seems to correctly deencapsulate the packet without raising
an error. However, the deencapsulated packet, which is identical to its
'pre-encapsulated' form does not seem to make it out of the diverted
socket, and appears to be dropped.

Is what I'm doing possible within the IPFW2 framework, or am I trying to
do something foolish?
Are inbound packets handled differently to outbound ones?

Yours in frustration,

Andy
--
Andrew Garrett
andy@sorted.org