Date: Tue, 26 Nov 2013 07:57:27 +0800 From: Julian Elischer <julian@freebsd.org> To: Victor Gamov <vit@euro-comm.net>, freebsd-net@freebsd.org Subject: Re: Netgraph ng_patch and ng_input: where to find packets? Message-ID: <5293E3E7.6090604@freebsd.org> In-Reply-To: <ED66CBAA-575E-4823-9AEE-4A44FEF6AB01@euro-comm.net> References: <ED66CBAA-575E-4823-9AEE-4A44FEF6AB01@euro-comm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/24/13, 5:05 AM, Victor Gamov wrote:
> Hi All
>
> I want to get 2 or 3 copies of input packet at my system to resend it to new destinations. So I prepare following configuration:
>
> # ipfw add 10000 ngtee 100 udp from any to 239.0.0.19 dst-port 1234 in via vlan999
>
> # ngctl mkpeer ipfw: hub 100 hub-in
> # ngctl name ipfw:100 hub100
>
> # ngctl mkpeer hub100: patch hub100-out1 in
> # ngctl name hub100:hub100-out1 patch100
> # ngctl msg patch100: setconfig '{ count=1 csum_flags=1 ops=[ { value=0xc0a8e680 offset=16 length=4 mode=1 } ] }'
>
> Now when I connect to patch:out as
> # nghook -a patch100: out
>
> then I see packets with new IP:
>
> 0000: 45 00 05 40 00 00 40 00 ff 11 b9 27 c0 a8 0d 12
> 0010: c0 a8 e6 80 04 dc 04 dc 05 2c 00 00 47 4c ef 1a
>
> Now I want to put this packets back into IP processing to send it to new destination 192.168.230.128 (0xc0a8e680):
>
> # ngctl mkpeer patch100: ip_input out new100_to_dst_1
>
> But packets not shown on outgoing interface:
>
> # ifconfig vlan333
> vlan333: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=103<RXCSUM,TXCSUM,TSO4>
> ether 00:1b:21:5b:7e:e9
> inet 192.168.230.9 netmask 0xffffff00 broadcast 192.168.230.255
>
> # arp 192.168.230.128
> ? (192.168.230.128) at 62:99:4c:3b:22:fc on vlan333 expires in 1190 seconds
I would looking at giving the packet back to the firewall as suggested..
netgraph cookie
Divert packet into netgraph with given cookie. The
search termi-
nates. If packet is later returned from netgraph it is
either
accepted or continues with the next rule, depending on
net.inet.ip.fw.one_pass sysctl variable.
see ng_ipfw for more details..
>
>
> Can somebody explain me where I was wrong?
>
> Thanks!
>
> --
> CU,
> Victor Gamov
>
>
>
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5293E3E7.6090604>