[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-net
Subject:    Re: Netgraph ng_patch and ng_input: where to find packets?
From:       Victor Gamov <vit () euro-comm ! net>
Date:       2013-11-29 17:27:59
Message-ID: F39CFDF7-0772-488D-9DB9-350AEC495884 () euro-comm ! net
[Download RAW message or body]

ipfw allow log udp from 192.168.230.9 to 192.168.230.128 dst-port 1234

this rule added to ipfw before ngtee action and I see patched packets at ipfw now -- \
its marked as received via vlan999 still.  Yes, it's OK.

Also, I make 3 actions at ng_patch now:
set TTL=3
set src_ip=192.168.230.9 (vlan333)
set dst_ip=192.168.230.128 now.

But packets still does not exists on vlan333 as outgoing.

Any suggestions?

Is it possible patched packets silently drops by kernel ?

On 26Nov, 2013, at 13:44, Victor Gamov wrote:

> 
> On 26Nov, 2013, at 03:57, Julian Elischer wrote:
> 
> > On 11/24/13, 5:05 AM, Victor Gamov wrote:
> > > Hi All
> > > 
> > > I want to get 2 or 3 copies of input packet at my system to resend it to new \
> > > destinations.  So I prepare following configuration: 
> > > # ipfw add 10000 ngtee 100 udp from any to 239.0.0.19 dst-port 1234 in via \
> > > vlan999 
> > > # ngctl mkpeer ipfw: hub 100 hub-in
> > > # ngctl name ipfw:100 hub100
> > > 
> > > # ngctl mkpeer hub100: patch hub100-out1 in
> > > # ngctl name hub100:hub100-out1 patch100
> > > # ngctl msg patch100: setconfig '{ count=1 csum_flags=1 ops=[ { \
> > > value=0xc0a8e680 offset=16 length=4 mode=1 } ] }' 
> > > Now when I connect to patch:out as
> > > # nghook -a patch100: out
> > > 
> > > then I see packets with new IP:
> > > 
> > > 0000:  45 00 05 40 00 00 40 00 ff 11 b9 27 c0 a8 0d 12
> > > 0010:  c0 a8 e6 80 04 dc 04 dc 05 2c 00 00 47 4c ef 1a
> > > 
> > > Now I want to put this packets back into IP processing to send it to new \
> > > destination 192.168.230.128 (0xc0a8e680): 
> > > # ngctl mkpeer patch100: ip_input out new100_to_dst_1
> > > 
> > > But packets not shown on outgoing interface:
> > > 
> > > # ifconfig vlan333
> > > vlan333: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> > > 	options=103<RXCSUM,TXCSUM,TSO4>
> > > 	ether 00:1b:21:5b:7e:e9
> > > 	inet 192.168.230.9 netmask 0xffffff00 broadcast 192.168.230.255
> > > 
> > > # arp 192.168.230.128
> > > ? (192.168.230.128) at 62:99:4c:3b:22:fc on vlan333 expires in 1190 seconds
> > I would looking at giving the packet back to the firewall as suggested..
> > 
> > netgraph cookie
> > Divert packet into netgraph with given cookie.  The search termi-
> > nates.  If packet is later returned from netgraph it is either
> > accepted or continues with the next rule, depending on
> > net.inet.ip.fw.one_pass sysctl variable.
> > see ng_ipfw for more details..
> 
> Yes I read this manuals :-)   But I still can't see packets neither at ipfw nor at \
> outgoing interface. 
> net.inet.ip.fw.one_pass: 0
> net.inet.ip.forwarding: 1
> 
> Is my original idea is correct?

--
CU,
Victor Gamov




_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"


[prev in list] [next in list] [prev in thread] [next in thread]