Date: Sun, 8 Dec 2013 12:43:25 +0200 From: Sami Halabi <sodynet1@gmail.com> To: Victor Gamov <vit@euro-comm.net> Cc: freebsd-net@freebsd.org Subject: Re: Netgraph ng_patch and ng_input: where to find packets? Message-ID: <CAEW%2BogZNpqzxAYMArqa8jkb=O1OipKo9jYQ90iZq=0pxqPY=TQ@mail.gmail.com> In-Reply-To: <F39CFDF7-0772-488D-9DB9-350AEC495884@euro-comm.net> References: <ED66CBAA-575E-4823-9AEE-4A44FEF6AB01@euro-comm.net> <5293E3E7.6090604@freebsd.org> <B2B699D8-0BD8-451F-8685-C7B8C56AA7F0@euro-comm.net> <F39CFDF7-0772-488D-9DB9-350AEC495884@euro-comm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Gamov,
Have got this to work?
If so would share configurations?
Thanks in advance,
Sami
=D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 29 =D7=91=D7=A0=D7=95=D7=91 2013 19:28=
, "Victor Gamov" <vit@euro-comm.net> =D7=9B=D7=AA=D7=91:
> ipfw allow log udp from 192.168.230.9 to 192.168.230.128 dst-port 1234
>
> this rule added to ipfw before ngtee action and I see patched packets at
> ipfw now -- its marked as received via vlan999 still. Yes, it's OK.
>
> Also, I make 3 actions at ng_patch now:
> set TTL=3D3
> set src_ip=3D192.168.230.9 (vlan333)
> set dst_ip=3D192.168.230.128 now.
>
> But packets still does not exists on vlan333 as outgoing.
>
> Any suggestions?
>
> Is it possible patched packets silently drops by kernel ?
>
> On 26Nov, 2013, at 13:44, Victor Gamov wrote:
>
> >
> > On 26Nov, 2013, at 03:57, Julian Elischer wrote:
> >
> >> On 11/24/13, 5:05 AM, Victor Gamov wrote:
> >>> Hi All
> >>>
> >>> I want to get 2 or 3 copies of input packet at my system to resend it
> to new destinations. So I prepare following configuration:
> >>>
> >>> # ipfw add 10000 ngtee 100 udp from any to 239.0.0.19 dst-port 1234 i=
n
> via vlan999
> >>>
> >>> # ngctl mkpeer ipfw: hub 100 hub-in
> >>> # ngctl name ipfw:100 hub100
> >>>
> >>> # ngctl mkpeer hub100: patch hub100-out1 in
> >>> # ngctl name hub100:hub100-out1 patch100
> >>> # ngctl msg patch100: setconfig '{ count=3D1 csum_flags=3D1 ops=3D[ {
> value=3D0xc0a8e680 offset=3D16 length=3D4 mode=3D1 } ] }'
> >>>
> >>> Now when I connect to patch:out as
> >>> # nghook -a patch100: out
> >>>
> >>> then I see packets with new IP:
> >>>
> >>> 0000: 45 00 05 40 00 00 40 00 ff 11 b9 27 c0 a8 0d 12
> >>> 0010: c0 a8 e6 80 04 dc 04 dc 05 2c 00 00 47 4c ef 1a
> >>>
> >>> Now I want to put this packets back into IP processing to send it to
> new destination 192.168.230.128 (0xc0a8e680):
> >>>
> >>> # ngctl mkpeer patch100: ip_input out new100_to_dst_1
> >>>
> >>> But packets not shown on outgoing interface:
> >>>
> >>> # ifconfig vlan333
> >>> vlan333: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric =
0
> mtu 1500
> >>> options=3D103<RXCSUM,TXCSUM,TSO4>
> >>> ether 00:1b:21:5b:7e:e9
> >>> inet 192.168.230.9 netmask 0xffffff00 broadcast 192.168.230.255
> >>>
> >>> # arp 192.168.230.128
> >>> ? (192.168.230.128) at 62:99:4c:3b:22:fc on vlan333 expires in 1190
> seconds
> >> I would looking at giving the packet back to the firewall as suggested=
..
> >>
> >> netgraph cookie
> >> Divert packet into netgraph with given cookie. The search
> termi-
> >> nates. If packet is later returned from netgraph it is
> either
> >> accepted or continues with the next rule, depending on
> >> net.inet.ip.fw.one_pass sysctl variable.
> >> see ng_ipfw for more details..
> >
> > Yes I read this manuals :-) But I still can't see packets neither at
> ipfw nor at outgoing interface.
> >
> > net.inet.ip.fw.one_pass: 0
> > net.inet.ip.forwarding: 1
> >
> > Is my original idea is correct?
>
> --
> CU,
> Victor Gamov
>
>
>
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW%2BogZNpqzxAYMArqa8jkb=O1OipKo9jYQ90iZq=0pxqPY=TQ>