Date: Wed, 26 Dec 2001 19:26:18 -0800 (PST) From: Julian Elischer <julian@elischer.org> To: Henry Su <henrysu@nttmcl.com> Cc: freebsd-net@FreeBSD.ORG Subject: RE: socket call in the kernel Message-ID: <Pine.BSF.4.21.0112261925400.84622-100000@InterJet.elischer.org> In-Reply-To: <AJEHKCJLENGKGEHDIOJGCEOACGAA.henrysu@nttmcl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
is your server binding to 216.115.102.75? if you telnet to 127.0.0.1 does it work? On Wed, 26 Dec 2001, Henry Su wrote: > Thanks a lot for your help. > > I add "log" into the rule, here's the log info. It seems it does forward or > divert to localhost at port 8800. > > [18:10:13][root@test2:/var/log]$ tail -f security > Dec 26 17:50:34 test2 last message repeated 2 times > Dec 26 17:51:34 test2 last message repeated 6 times > Dec 26 17:51:52 test2 /kernel: ipfw: 65534 Forward to 127.0.0.1:8800 TCP > 216.69.69.248:1037 216.115.102.75:80 in via dc2 > Dec 26 17:51:52 test2 /kernel: ipfw: limit 10 reached on entry 65534 > Dec 26 17:59:45 test2 /kernel: ipfw: 65534 Forward to 127.0.0.1:8800 TCP > 216.69.69.248:1041 216.115.102.81:80 in via dc2 > Dec 26 17:59:55 test2 last message repeated 7 times > Dec 26 18:00:45 test2 /kernel: ipfw: 65534 Forward to 127.0.0.1:8800 TCP > 216.69.69.248:1041 216.115.102.81:80 in via dc2 > Dec 26 18:00:45 test2 /kernel: ipfw: 65534 Forward to 127.0.0.1:8800 TCP > 216.69.69.248:1042 216.115.102.77:80 in via dc2 > Dec 26 18:00:45 test2 /kernel: ipfw: limit 10 reached on entry 65534 > Dec 26 18:11:14 test2 /kernel: ipfw: 65534 Divert 8800 TCP > 216.69.69.248:1048 216.115.102.82:80 in via dc2 > Dec 26 18:11:14 test2 /kernel: ipfw: 65534 Divert 8800 TCP > 216.69.69.248:1048 216.115.102.82:80 in via dc2 > Dec 26 18:12:14 test2 last message repeated 7 times > Dec 26 18:12:38 test2 /kernel: ipfw: 65534 Divert 8800 TCP > 216.69.69.248:1049 216.115.102.79:80 in via dc2 > Dec 26 18:13:10 test2 last message repeated 7 times > Dec 26 18:13:44 test2 /kernel: ipfw: 65534 Divert 8800 TCP > 216.69.69.248:1049 216.115.102.79:80 in via dc2 > Dec 26 18:13:44 test2 /kernel: ipfw: 65534 Divert 8800 TCP > 216.69.69.248:1050 216.115.102.77:80 in via dc2 > > > But my redirection server at port 8800 did not recv these packets somehow. I > tried a telnet to the server at port 8800, it works very well. > > [18:16:00][henrysu@test1:~]$ telnet 216.69.69.254 8800 > Trying 216.69.69.254... > Connected to dhcp254.nttmcl.com. > Escape character is '^]'. > 1234 > > HTTP/1.1 302 Moved > Date: Wed, 26 Dec 2001 18:15:11 PST > Location: https://216.69.69.254/cgi-bin/login > 0 > > > Connection closed by foreign host. > > > Do you have any clue, why the packet can not be received at port 8800. > > > Thanks. > > -----Original Message----- > From: owner-freebsd-net@FreeBSD.ORG > [mailto:owner-freebsd-net@FreeBSD.ORG]On Behalf Of Julian Elischer > Sent: Wednesday, December 26, 2001 4:08 PM > To: Henry Su > Cc: freebsd-net@FreeBSD.ORG > Subject: RE: socket call in the kernel > > > > > > > On Wed, 26 Dec 2001, Henry Su wrote: > > > I tried your answer 1. It did not succeed. > > > > I have a rule to do forwarding: > > > > 65534 0 0 fwd 127.0.0.1,8800 tcp from any to any 80 > > > > and I have a server listenning on port 8800 at local host. > > > > I also modified the ip_fw.c to log forwarding packet: > > > > Dec 26 13:33:09 yarn /kernel: Forward packet: src_port:2414 > > src_ip:-62569000 dst_port:80 dst_ip:1298559960 > > Dec 26 13:33:15 yarn /kernel: Forward packet: src_port:2414 > > src_ip:-62569000 dst_port:80 dst_ip:1298559960 > > why not just add a log entry to the rule? > also your rule should be a lot more specific about where the packets > should be coming from, > > e.g. recv in fxp0 > (or similar) > > what do you get if you telnet to 80 and telnet to 8800? > they should act the same. > > ipfw add 65534 fwd 127.0.0.1,8800 log from any to me 80 in recv fxp0 > > > > > > > > > My redirect server on port 8800 works perfect, I tried telnet, http etc on > > 8800, it all works. I run my server @ port 8800 in debug mode, it did not > > receive forwarded packet from ipfirewall. > > how are you forwarding the packet? > > > > > I am running 4.5 prerelease, with ipfw and bridge, the bridge code had > > problem earlier, I manully fixed according to the message from the group. > > > > Thanks. > > > > -----Original Message----- > > From: owner-freebsd-net@FreeBSD.ORG > > [mailto:owner-freebsd-net@FreeBSD.ORG]On Behalf Of Julian Elischer > > Sent: Thursday, December 20, 2001 3:08 PM > > To: Henry Su > > Cc: freebsd-net@FreeBSD.ORG > > Subject: RE: socket call in the kernel > > > > > > > > > > I have two answers: > > > > 1/ Use ipfw add NNN fwd localhost,8001 [deny criteria] > > to make the packet that is denied go to a default server listenning on > > port 8001 > > > > 2/ there is an in-kernel webserver built using netgraph but it's not > > public, but you can definitly use the 'ksocket' node to open 'in kernel' > > sockets and pass the result to an arbitrary node. > > > > > > 1 can do what you want with no kernel programming.. > > check it out.. > > > > man ipfw > > > > > > On Thu, 20 Dec 2001, Henry Su wrote: > > > > > Thanks, Julian and Alfred. > > > > > > I am trying to redirect the denied http request to a default web site. > So > > my > > > idea is in the "ip_fw_chk" function of ip_fw.c, add following code, when > > it > > > will drop the packet. But as you pointed out in earlier email, socket > can > > > not be used in this case. Do u have any other solutions? Thanks a lot. > > > > > > > > > > > > * Finally, drop the packet. > > > */ > > > > > > > > > /* my code start debug */ > > > /* find if it's a http packet */ > > > dst_port_h = ntohs(dst_port); > > > if(dst_port_h==80){ > > > log(LOG_INFO,"src_port:%u src_ip:%d dst_port:%d > > dst_ip:%u", > > > ntohs(src_port), src_ip.s_addr, nt > > > ohs(dst_port), dst_ip.s_addr); > > > /*s = 1;*/ > > > s = socket(AF_INET, SOCK_STREAM, 0); > > > if (s < 0) { > > > log(LOG_INFO,"Redirect socket can not be > > created"); > > > }else{ > > > log(LOG_INFO,"Redirect socket is created"); > > > /* > > > bzero(&sa, sizeof sa); > > > sa.sin_family = AF_INET; > > > sa.sin_port = src_port; > > > sa.sin_addr.s_addr = src_ip.s_addr; > > > if (connect(s, (struct sockaddr *)&sa, sizeof > sa) > > < > > > 0) { > > > log(LOG_INFO,"connect %d failed", > > > src_ip.s_addr); > > > close(s); > > > }else{ > > > log(LOG_INFO,"connect %d ok", > > > src_ip.s_addr); > > > close(s); > > > } > > > */ > > > /* > > > while ((bytes = read(s, buffer, BUFSIZ)) > 0) > > > write(1, buffer, bytes); > > > */ > > > } > > > } > > > /* end debug */ > > > return(IP_FW_PORT_DENY_FLAG); > > > > > > > > > -----Original Message----- > > > From: Julian Elischer [mailto:julian@elischer.org] > > > Sent: Thursday, December 20, 2001 12:59 PM > > > To: Henry Su > > > Cc: freebsd-net@FreeBSD.ORG > > > Subject: Re: socket call in the kernel > > > > > > > > > > > > > > > You cannot do a socket directly but you can indirectly > > > tell me what you are trying to do and I can help.. > > > > > > > > > > > > On Thu, 20 Dec 2001, Henry Su wrote: > > > > > > > I am trying to modify ip_fw.c in the /usr/src/sys/netinet, I tried to > > add > > > a > > > > socket call in the code, it can be compiled, but when it runs into the > > > code, > > > > it just crashed. It gave me the "Fatal trap error 12", Memory address > is > > > > wrong. > > > > > > > > Can any one tell me if socket call can be used in kernel level? If > not, > > > how > > > > can I accomplish socket communication in the kernel level? > > > > > > > > Thanks. > > > > > > > > ------------------------------------------------ > > > > > > > > Henry Su > > > > > > > > NTT Multimedia Communications Laboratories, Inc. > > > > > > > > 250 Cambridge Avenue Suite 300 > > > > > > > > Palo Alto, CA 94306, USA (PST:UTC -8H) > > > > > > > > Tel: +1 650 833 3652 > > > > > > > > Fax: +1 650 326 1878 > > > > > > > > http://www.nttmcl.com/ > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-net" in the body of the message > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-net" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0112261925400.84622-100000>