Date: Tue, 26 Nov 2013 13:44:25 +0400 From: Victor Gamov <vit@euro-comm.net> To: freebsd-net@freebsd.org Subject: Re: Netgraph ng_patch and ng_input: where to find packets? Message-ID: <B2B699D8-0BD8-451F-8685-C7B8C56AA7F0@euro-comm.net> In-Reply-To: <5293E3E7.6090604@freebsd.org> References: <ED66CBAA-575E-4823-9AEE-4A44FEF6AB01@euro-comm.net> <5293E3E7.6090604@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26Nov, 2013, at 03:57, Julian Elischer wrote: > On 11/24/13, 5:05 AM, Victor Gamov wrote: >> Hi All >>=20 >> I want to get 2 or 3 copies of input packet at my system to resend it = to new destinations. So I prepare following configuration: >>=20 >> # ipfw add 10000 ngtee 100 udp from any to 239.0.0.19 dst-port 1234 = in via vlan999 >>=20 >> # ngctl mkpeer ipfw: hub 100 hub-in >> # ngctl name ipfw:100 hub100 >>=20 >> # ngctl mkpeer hub100: patch hub100-out1 in >> # ngctl name hub100:hub100-out1 patch100 >> # ngctl msg patch100: setconfig '{ count=3D1 csum_flags=3D1 ops=3D[ { = value=3D0xc0a8e680 offset=3D16 length=3D4 mode=3D1 } ] }' >>=20 >> Now when I connect to patch:out as >> # nghook -a patch100: out >>=20 >> then I see packets with new IP: >>=20 >> 0000: 45 00 05 40 00 00 40 00 ff 11 b9 27 c0 a8 0d 12 >> 0010: c0 a8 e6 80 04 dc 04 dc 05 2c 00 00 47 4c ef 1a >>=20 >> Now I want to put this packets back into IP processing to send it to = new destination 192.168.230.128 (0xc0a8e680): >>=20 >> # ngctl mkpeer patch100: ip_input out new100_to_dst_1 >>=20 >> But packets not shown on outgoing interface: >>=20 >> # ifconfig vlan333 >> vlan333: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric = 0 mtu 1500 >> options=3D103<RXCSUM,TXCSUM,TSO4> >> ether 00:1b:21:5b:7e:e9 >> inet 192.168.230.9 netmask 0xffffff00 broadcast 192.168.230.255 >>=20 >> # arp 192.168.230.128 >> ? (192.168.230.128) at 62:99:4c:3b:22:fc on vlan333 expires in 1190 = seconds > I would looking at giving the packet back to the firewall as = suggested.. >=20 > netgraph cookie > Divert packet into netgraph with given cookie. The search = termi- > nates. If packet is later returned from netgraph it is = either > accepted or continues with the next rule, depending on > net.inet.ip.fw.one_pass sysctl variable. > see ng_ipfw for more details.. Yes I read this manuals :-) But I still can't see packets neither at = ipfw nor at outgoing interface. net.inet.ip.fw.one_pass: 0 net.inet.ip.forwarding: 1 Is my original idea is correct? -- CU, Victor Gamov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B2B699D8-0BD8-451F-8685-C7B8C56AA7F0>