Re: Forcing packets to the wire

Sun, 07 Apr 2002 19:47:07 -0700 

On Sun, Apr 07, 2002 at 08:25:33PM -0500, Nick Rogness wrote:
> 
> >On Sat, 6 Apr 2002, Crist J. Clark wrote:
> >> On Sat, Apr 06, 2002 at 01:57:44PM -0600, Nick Rogness wrote:
> >> 
> >>> On Fri, Apr 05, 2002 at 06:48:09PM -0600 I heard the voice of
> >>> On Fri, 5 Apr 2002, Matthew D. Fuller wrote:
> >>> 
> >>> You MIGHT be able to use ipfw divert/pipe rules to somehow shove the
> >>> packets into a program on their way out, and write a program that
> >>> would use raw sockets to hand-assemble the IP datagram on the way out;
> >>> I'm not sure if the kernel would try to outsmart you on that.
> >> 
> >>    Yeh, I thought of that. The problem is packets never leave
> >>    anywhere since the route for the other NIC is not "OUT" any
> >>    interface...it is the machine itself.
> > 
> > They never go over a _physical_ inteface, but they _do_ cross an
> > interface, lo0, the internal loopback.
> > 
> >   ipfw fwd <external gateway> ip from <ip_if0> to <ip_if1> in via lo0
> 
> 
>       AFAIK, the route to get from 1 interface to the other is not
>       through the lo0.  I'm not sure if the kernel sends these packets
>       across lo0 (internally) or not.  But the routing table would
>       suggest not.

It sure looks like they do. I checked before suggesting this.

  $ ifconfig dc0
  dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
          inet 192.168.64.60 netmask 0xffffff00 broadcast 192.168.64.255
          inet6 fe80::2c0:f0ff:fe5a:6c0a%dc0 prefixlen 64 scopeid 0x1 
          inet 192.168.64.61 netmask 0xffffffff broadcast 192.168.64.61
          ether 00:c0:f0:5a:6c:0a 
          media: Ethernet autoselect (10baseT/UTP)
          status: active
   $telnet -s 192.168.64.60 192.168.64.61
   Trying 192.168.64.61...
   telnet: connect to address 192.168.64.61: Connection refused
   telnet: Unable to connect to remote host

And I was sniffing the loopback when I did this,

  # tcpdump -n -ilo0
  tcpdump: listening on lo0
  20:02:34.300094 192.168.64.60.1979 > 192.168.64.61.23: S 2453490862:2453490862(0) 
win 65535 <mss 16344,nop,wscale 1,nop,nop,timestamp 11409532 0> (DF) [tos 0x10] 
  20:02:34.300138 192.168.64.61.23 > 192.168.64.60.1979: R 0:0(0) ack 2453490863 win 0

I also put in some ipfw(8) 'count' rules like, 

  # ipfw add count ip from 192.168.64.60 to 192.168.64.61 out via lo0

And they were hit by these packets.
-- 
Crist J. Clark                     |     [EMAIL PROTECTED]
                                   |     [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/    |     [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Reply via email to