On 3/9/11 11:04 AM, Rajkumar S wrote:
Hello all,

I am testing IP_BINDANY functionality with a small C program. I can
bind to a foreign (non existing) address, and syn packets are being
sent with the bound source IP address and port. Return (ACK) packets
are reaching the host (I can see the SYN-ACK packet in tcpdump), but
the third packet in TCP handshake is not getting generated. It looks
like the second SYN-ACK is not getting accepted by the kernel.

My test setup consists of 2 machines, one freebsd 8.2 where I am
running my test program has an ip address of 192.168.3.83, and an echo
server running in the second machine with ip address 192.168.3.18. The
souce ip address of connection originating from my test program is
192.168.9.5 and echo server is having a route for 192.168.9.0/24 to
192.168.3.83.

Since there is a route for 192.168.9.5 from  192.168.3.18 there is no
need for any additional pf rules for redirecting and packets can be
seen in tcpdump.

Netstat gives the following output. The state remains SYN_SENT and the
kernel is not able to "see" the SYN-ACK.

tcp4       0      0 192.168.9.5.7          192.168.3.18.7         SYN_SENT

tcpdump gives the following output (first 2 lines)

17:39:54.745332 00:40:f4:bd:3d:1c>  00:27:0e:26:d9:66, ethertype IPv4
(0x0800), length 74: 192.168.9.5.7>  192.168.3.18.7: Flags [S], seq
587594188, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val
92954112 ecr 0], length 0

17:39:54.745446 00:27:0e:26:d9:66>  00:40:f4:bd:3d:1c, ethertype IPv4
(0x0800), length 74: 192.168.3.18.7>  192.168.9.5.7: Flags [S.], seq
399460822, ack 587594189, win 5792, options [mss 1460,sackOK,TS val
4341497 ecr 92954112,nop,wscale 7], length 0

arp -na (abbreviated)
? (192.168.3.83) at 00:40:f4:bd:3d:1c on re0 permanent [ethernet]
? (192.168.3.18) at 00:27:0e:26:d9:66 on re0 expires in 1133 seconds [ethernet]

Am I missing some thing here? I am running all programs as root, so I
do have the privileges. I guess there are no sysctrl to be set. Any
help to get this working is much appreciated.

yes, you are missing the fact that the return packets will never be accepted
unless you have an ipfw rule saying:

fwd localhost ip from any to any uid {uid of your process} in recv {your interface}

the first layer of ip doesn't know about sockets and will reject packets to non-local addresses. however ipfw can override this and tell the IP stack to take it because it identifies the matching socket.

"yes it's a kludge" but it works.

sorry if you don't use ipfw.. 'pf' MAY be able to do similar
but I dont' know.

with regards,

raj
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"


_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to