Hi all,
I've been trying to write some code using divert(4) sockets, but i meet the following
difficulties:
- when i get diverted packet it has both source and destination IP addresses the
same. The attached code shows:
192.168.0.2 -> 192.168.0.2
getting 84 bytes, real: 84
and the way I run it is (on 192.168.0.2):
ipfw add 100 divert 8670 ip from any to 192.168.0.1
burstd
then on 192.168.0.2 I issue "ping 192.168.0.1"
- the manual says this happens with recvfrom()/sendto(), but recv() is mentioned
to be same as recvfrom() and read()/write() sometimes fail.
After digging some kernel code I've found that around line 167 in ip_divert.c we have:
/*
* Record receive interface address, if any.
* But only for incoming packets.
*/
divsrc.sin_addr.s_addr = 0;
if (incoming) {
struct ifaddr *ifa;
/* Sanity check */
KASSERT((m->m_flags & M_PKTHDR), ("%s: !PKTHDR", __FUNCTION__));
/* Find IP address for receive interface */
TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
if (ifa->ifa_addr == NULL)
continue;
if (ifa->ifa_addr->sa_family != AF_INET)
continue;
divsrc.sin_addr =
((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
break;
}
}
which (as I think) changes the address of diverted packet. What is the reason for that
and are there any workarounds to get real source and destination IP addresses from a
diverted packet. I need both because I try to make connection tracking based on
src<->dst .
Any help with that is appretiated. Any divert code welcome. I've looked through natd.c
and it was helpfull.
Ivo Vachkov
P.S. Excuse my:
- English
- long pastes
- (sometimes) lack of kernel code understanding
--
_______________________________________________
Get your free email from http://mymail.bsdmail.com
Powered by Outblaze
Makefile
Description: Binary data
burstd.h
Description: Binary data
burstd.c
Description: Binary data
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
