Date: Tue, 28 Mar 2000 14:39:00 +0930 From: Ian West <ian@niw.com.au> To: Ian West <freebsd-net@freebsd.org> Subject: Re: ipfw tee Message-ID: <20000328143900.L78585@rose.niw.com.au> In-Reply-To: <20000328123243.I78585@rose.niw.com.au>; from ian@niw.com.au on Tue, Mar 28, 2000 at 12:32:43PM %2B0930 References: <20000328123243.I78585@rose.niw.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
To add to previous, after a bit more testing, the following patch fixes
an issue where the ipfw rule number was not passed through to recvfrom
call in client. I now have a consumer of tee'd packets running, and it
still seems to be working without any problems. I have not yet tried
this in an environment with a real divert (say for nat) working yet.
Index: ip_fw.c
=========================================================================
RCS file: /cvs/freebsd/src/sys/netinet/ip_fw.c,v
retrieving revision 1.132
diff -u -r1.132 ip_fw.c
--- ip_fw.c 2000/03/14 14:11:53 1.132
+++ ip_fw.c 2000/03/28 05:05:35
@@ -1278,8 +1278,20 @@
*cookie = f->fw_number;
return(f->fw_divert_port);
case IP_FW_F_TEE:
- *cookie = f->fw_number;
- return(f->fw_divert_port | IP_FW_PORT_TEE_FLAG);
+ {
+ struct mbuf *clone;
+ struct ip *cip;
+ u_int16_t divert_cookie;
+ divert_cookie=ip_divert_cookie;
+ ip_divert_cookie = f->fw_number;
+ clone=m_dup(*m, M_DONTWAIT);
+ cip = mtod(clone, struct ip *);
+ HTONS(cip->ip_len);
+ HTONS(cip->ip_off);
+ divert_packet(clone,0,f->fw_divert_port);
+ ip_divert_cookie=divert_cookie;
+ }
+ continue;
#endif
case IP_FW_F_SKIPTO: /* XXX check */
if ( f->next_rule_ptr )
=========================================================================
On Tue, Mar 28, 2000 at 12:32:43PM +0930, Ian West wrote:
> Hi, I have been looking at ipfw tee operation, specifically to see if I
> can make it tee to a divert socket without terminating. I would like to
> use this for logging traffic with more detail as to source and
> destination addresses without running through and processing syslog
> files :-).
>
> My though is to be able to tee traffic outbound prior to nat, and inbound
> after nat so that I can see the real source and dest addresses.
>
> It seems from a couple of hours (minimal) looking at it that by 'teeing'
> in the ip_fw_chk itself, we can just 'continue' as per count, and all
> works well. I have tested this briefly, and it doesn;t seem to kill
> anything. Can anyone point me at other important things to look at ?
>
> vmstat -m does not show any mbuf's going missing. netstat -m shows no
> slow increase. Everything still seems to work :-)
>
> Output from ipfw -a l on the box I am testing with..
>
> 01000 110270 149841377 tee 12345 ip from any to any
> 65000 110270 149841377 allow ip from any to any
> 65535 0 0 deny ip from any to any
>
> This suggests that it is doing roughly what I want, although I have not
> hooked anything onto the divert socket so I cannot say for sure.
>
> Is what I am doing valid ? (close ?)
>
> The diff that I have been testing with is below..
>
> Index: ip_fw.c
> ===================================================================
> RCS file: /cvs/freebsd/src/sys/netinet/ip_fw.c,v
> retrieving revision 1.132
> diff -u -r1.132 ip_fw.c
> --- ip_fw.c 2000/03/14 14:11:53 1.132
> +++ ip_fw.c 2000/03/28 02:39:16
> @@ -1278,8 +1278,17 @@
> *cookie = f->fw_number;
> return(f->fw_divert_port);
> case IP_FW_F_TEE:
> - *cookie = f->fw_number;
> - return(f->fw_divert_port | IP_FW_PORT_TEE_FLAG);
> + {
> + struct mbuf *clone;
> + struct ip *cip;
> + *cookie = f->fw_number;
> + clone=m_dup(*m, M_DONTWAIT);
> + cip = mtod(clone, struct ip *);
> + HTONS(cip->ip_len);
> + HTONS(cip->ip_off);
> + divert_packet(clone,0,f->fw_divert_port);
> + }
> + continue;
> #endif
> case IP_FW_F_SKIPTO: /* XXX check */
> if ( f->next_rule_ptr )
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000328143900.L78585>