Date: Wed, 26 Dec 2001 14:36:16 -0800 From: "Henry Su" <henrysu@nttmcl.com> To: "Julian Elischer" <julian@elischer.org> Cc: <freebsd-net@FreeBSD.ORG> Subject: RE: socket call in the kernel Message-ID: <AJEHKCJLENGKGEHDIOJGEENLCGAA.henrysu@nttmcl.com> In-Reply-To: <Pine.BSF.4.21.0112201503220.53471-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I tried your answer 1. It did not succeed.
I have a rule to do forwarding:
65534 0 0 fwd 127.0.0.1,8800 tcp from any to any 80
and I have a server listenning on port 8800 at local host.
I also modified the ip_fw.c to log forwarding packet:
Dec 26 13:33:09 yarn /kernel: Forward packet: src_port:2414
src_ip:-62569000 dst_port:80 dst_ip:1298559960
Dec 26 13:33:15 yarn /kernel: Forward packet: src_port:2414
src_ip:-62569000 dst_port:80 dst_ip:1298559960
My redirect server on port 8800 works perfect, I tried telnet, http etc on
8800, it all works. I run my server @ port 8800 in debug mode, it did not
receive forwarded packet from ipfirewall.
I am running 4.5 prerelease, with ipfw and bridge, the bridge code had
problem earlier, I manully fixed according to the message from the group.
Thanks.
-----Original Message-----
From: owner-freebsd-net@FreeBSD.ORG
[mailto:owner-freebsd-net@FreeBSD.ORG]On Behalf Of Julian Elischer
Sent: Thursday, December 20, 2001 3:08 PM
To: Henry Su
Cc: freebsd-net@FreeBSD.ORG
Subject: RE: socket call in the kernel
I have two answers:
1/ Use ipfw add NNN fwd localhost,8001 [deny criteria]
to make the packet that is denied go to a default server listenning on
port 8001
2/ there is an in-kernel webserver built using netgraph but it's not
public, but you can definitly use the 'ksocket' node to open 'in kernel'
sockets and pass the result to an arbitrary node.
1 can do what you want with no kernel programming..
check it out..
man ipfw
On Thu, 20 Dec 2001, Henry Su wrote:
> Thanks, Julian and Alfred.
>
> I am trying to redirect the denied http request to a default web site. So
my
> idea is in the "ip_fw_chk" function of ip_fw.c, add following code, when
it
> will drop the packet. But as you pointed out in earlier email, socket can
> not be used in this case. Do u have any other solutions? Thanks a lot.
>
>
>
> * Finally, drop the packet.
> */
>
>
> /* my code start debug */
> /* find if it's a http packet */
> dst_port_h = ntohs(dst_port);
> if(dst_port_h==80){
> log(LOG_INFO,"src_port:%u src_ip:%d dst_port:%d
dst_ip:%u",
> ntohs(src_port), src_ip.s_addr, nt
> ohs(dst_port), dst_ip.s_addr);
> /*s = 1;*/
> s = socket(AF_INET, SOCK_STREAM, 0);
> if (s < 0) {
> log(LOG_INFO,"Redirect socket can not be
created");
> }else{
> log(LOG_INFO,"Redirect socket is created");
> /*
> bzero(&sa, sizeof sa);
> sa.sin_family = AF_INET;
> sa.sin_port = src_port;
> sa.sin_addr.s_addr = src_ip.s_addr;
> if (connect(s, (struct sockaddr *)&sa, sizeof sa)
<
> 0) {
> log(LOG_INFO,"connect %d failed",
> src_ip.s_addr);
> close(s);
> }else{
> log(LOG_INFO,"connect %d ok",
> src_ip.s_addr);
> close(s);
> }
> */
> /*
> while ((bytes = read(s, buffer, BUFSIZ)) > 0)
> write(1, buffer, bytes);
> */
> }
> }
> /* end debug */
> return(IP_FW_PORT_DENY_FLAG);
>
>
> -----Original Message-----
> From: Julian Elischer [mailto:julian@elischer.org]
> Sent: Thursday, December 20, 2001 12:59 PM
> To: Henry Su
> Cc: freebsd-net@FreeBSD.ORG
> Subject: Re: socket call in the kernel
>
>
>
>
> You cannot do a socket directly but you can indirectly
> tell me what you are trying to do and I can help..
>
>
>
> On Thu, 20 Dec 2001, Henry Su wrote:
>
> > I am trying to modify ip_fw.c in the /usr/src/sys/netinet, I tried to
add
> a
> > socket call in the code, it can be compiled, but when it runs into the
> code,
> > it just crashed. It gave me the "Fatal trap error 12", Memory address is
> > wrong.
> >
> > Can any one tell me if socket call can be used in kernel level? If not,
> how
> > can I accomplish socket communication in the kernel level?
> >
> > Thanks.
> >
> > ------------------------------------------------
> >
> > Henry Su
> >
> > NTT Multimedia Communications Laboratories, Inc.
> >
> > 250 Cambridge Avenue Suite 300
> >
> > Palo Alto, CA 94306, USA (PST:UTC -8H)
> >
> > Tel: +1 650 833 3652
> >
> > Fax: +1 650 326 1878
> >
> > http://www.nttmcl.com/
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-net" in the body of the message
> >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AJEHKCJLENGKGEHDIOJGEENLCGAA.henrysu>