Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 May 2003 11:58:01 +0100 (BST)
From:      andy@sorted.org
To:        freebsd-ipfw@freebsd.org
Subject:   Q: ipfw & divert sockets (2nd try)
Message-ID:  <19025.217.154.240.18.1052823481.squirrel@radix.sorted.org>

Next in thread | Raw E-Mail | Index | Archive | Help
Apologies if this is not the place for this question - I worked through
the list of mailing lists and this seemed the appropriate spot (and
apologies if you already have this mail from another address - reverse-DNS
problems).

I've been working to use FreeBSD4.8-STABLE/IPFW2 and a small user-land App
linked to it via a divert socket, to encapsulate all outgoing data on a
given interface into a UDP packet stream (and visa versa) - effectively an
IP-over-UDP tunnel.

The send-side of this seems to work fine - I can send a datagram,
encapsulate it, and watch it travel over the network. Furthermore, the
receive side seems to correctly deencapsulate the packet without raising
an error. However, the deencapsulated packet, which is identical to its
'pre-encapsulated' form does not seem to make it out of the diverted
socket, and appears to be dropped.

Is what I'm doing possible within the IPFW2 framework, or am I trying to
do something foolish?
Are inbound packets handled differently to outbound ones?

Yours in frustration,

Andy
--
Andrew Garrett
andy@sorted.org



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?19025.217.154.240.18.1052823481.squirrel>