Re: Is there a way to clear stats from netstat -i
On Thu, Dec 20, 2001 at 03:10:38PM +0200, Ruslan Ermilov wrote: > On Wed, Dec 19, 2001 at 06:21:39PM +, Josef Karthauser wrote: > > Hi Ruslan, > > > > You've been near this code recently. Do you have any suggestions for > > how this may work? > > > This would require a new SIOCCIFDATA ioctl in group 'i'. What's group 'i'? Joe msg04590/pgp0.pgp Description: PGP signature
RE: Why is my ipfw(8) ``fwd'' rule to redirect a service to another machine not working?
I tried localhost, it is an issue for me. It's 4.3 freebSD. Is this a bug? -Original Message- From: Crist J . Clark [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 11:19 PM To: Henry Su Cc: Julian Elischer; [EMAIL PROTECTED] Subject: Re: Why is my ipfw(8) ``fwd'' rule to redirect a service to another machine not working? On Thu, Dec 27, 2001 at 05:42:16PM -0800, Henry Su wrote: > > http://www.unixguide.net/freebsd/faq/09.20.shtml > > Is there a way to configure your machine not drop these packets? I wrote that FAQ entry for people directing packets to another machine. When you are forwarding the packets to 127.0.0.1, the local machine, it is not an issue. The packets will be "accepted" by the system. (But that doesn't mean the application will behave well.) -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | [EMAIL PROTECTED] | [EMAIL PROTECTED] http://people.freebsd.org/~cjc/| [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Why is my ipfw(8) ``fwd'' rule to redirect a service to anothermachine not working?
You need to correct the FAQ.. "The correct way to ensure that this does not happen is to also add a 'fwd' rule on the destination rule, forwarding the packet to localhost. This will override the destination machine's tendancy to throw the forwarded packet back" Also, in versions of FreeBSD before 4.6, packets matched while INCOMING could only be forwarded to the local host. Outgoing packets could be forwarded to an adjoining host. This was fixed while 4.5 was cooking and appeared in releases after that. The port number is only used for forwarding to the local host. On Thu, 27 Dec 2001, Crist J . Clark wrote: > On Thu, Dec 27, 2001 at 05:42:16PM -0800, Henry Su wrote: > > > > http://www.unixguide.net/freebsd/faq/09.20.shtml > > > > Is there a way to configure your machine not drop these packets? > > I wrote that FAQ entry for people directing packets to another > machine. When you are forwarding the packets to 127.0.0.1, the local > machine, it is not an issue. The packets will be "accepted" by the > system. (But that doesn't mean the application will behave well.) > -- > "It's always funny until someone gets hurt. Then it's hilarious." > > Crist J. Clark | [EMAIL PROTECTED] >| [EMAIL PROTECTED] > http://people.freebsd.org/~cjc/| [EMAIL PROTECTED] > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Why is my ipfw(8) ``fwd'' rule to redirect a service to anothermachine not working?
On Fri, 28 Dec 2001, Julian Elischer wrote: > Also, in versions of FreeBSD before 4.6, packets matched while > INCOMING could only be forwarded to the local host. Outgoing packets > could be forwarded to an adjoining host. This was fixed while 4.5 was > cooking and appeared in releases after that. The port number is only > used for forwarding to the local host. Um, so you can now fwd based on incoming packets? EX: ipfw fwd 10.1.2.3 ip from any to 1.1.1.1 in via ed0 Or is it still the way it is stated in the ipfw man page? EX: ipfw fwd 10.1.2.3 ip from any to 1.1.1.1 out recv ed0 xmit xl0 Nick Rogness <[EMAIL PROTECTED]> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Why is my ipfw(8) ``fwd'' rule to redirect a service to anothermachine not working?
On Fri, 28 Dec 2001, Nick Rogness wrote: > On Fri, 28 Dec 2001, Julian Elischer wrote: > > > Also, in versions of FreeBSD before 4.6, packets matched while > > INCOMING could only be forwarded to the local host. Outgoing packets > > could be forwarded to an adjoining host. This was fixed while 4.5 was > > cooking and appeared in releases after that. The port number is only > > used for forwarding to the local host. > > Um, so you can now fwd based on incoming packets? EX: > > ipfw fwd 10.1.2.3 ip from any to 1.1.1.1 in via ed0 That will now work in -current and will in 4.x when I MFC it.. I looked in the man page and didn't see this mentionned I'l read it better again and fix it if it's now Out of date. Hmm I still can't find that example.. A found it will fix by removing "and the rule only applies to packets leaving the system" is that what you are refering to? > > Or is it still the way it is stated in the ipfw man page? EX: > > ipfw fwd 10.1.2.3 ip from any to 1.1.1.1 out recv ed0 xmit xl0 That will still work... > > > Nick Rogness <[EMAIL PROTECTED]> > - Don't mind me...I'm just sniffing your packets > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Why is my ipfw(8) ``fwd'' rule to redirect a service to anothermachine not working?
On Fri, 28 Dec 2001, Julian Elischer wrote: > > > On Fri, 28 Dec 2001, Nick Rogness wrote: > > > On Fri, 28 Dec 2001, Julian Elischer wrote: > > > > > > > Um, so you can now fwd based on incoming packets? EX: > > > > ipfw fwd 10.1.2.3 ip from any to 1.1.1.1 in via ed0 > > That will now work in -current and will in 4.x when I MFC it.. I > looked in the man page and didn't see this mentionned I'l read it > better again and fix it if it's now Out of date. > > Hmm I still can't find that example.. > A found it > will fix by removing > "and the rule only applies to packets leaving the system" > > is that what you are refering to? Yes sir...thanks and God Bless you for the effort ;-) Nick Rogness <[EMAIL PROTECTED]> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
RE: socket call in the kernel
Hi, Julian:
Could you please give me some code example for using the 'ksocket' node to
open 'in kernel'
sockets? Thanks.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Julian Elischer
Sent: Thursday, December 20, 2001 3:08 PM
To: Henry Su
Cc: [EMAIL PROTECTED]
Subject: RE: socket call in the kernel
I have two answers:
1/ Use ipfw add NNN fwd localhost,8001 [deny criteria]
to make the packet that is denied go to a default server listenning on
port 8001
2/ there is an in-kernel webserver built using netgraph but it's not
public, but Hyou can definitly use the 'ksocket' node to open 'in kernel'
sockets and pass the result to an arbitrary node.
1 can do what you want with no kernel programming..
check it out..
man ipfw
On Thu, 20 Dec 2001, Henry Su wrote:
> Thanks, Julian and Alfred.
>
> I am trying to redirect the denied http request to a default web site. So
my
> idea is in the "ip_fw_chk" function of ip_fw.c, add following code, when
it
> will drop the packet. But as you pointed out in earlier email, socket can
> not be used in this case. Do u have any other solutions? Thanks a lot.
>
>
>
> * Finally, drop the packet.
> */
>
>
> /* my code start debug */
> /* find if it's a http packet */
> dst_port_h = ntohs(dst_port);
> if(dst_port_h==80){
> log(LOG_INFO,"src_port:%u src_ip:%d dst_port:%d
dst_ip:%u",
> ntohs(src_port), src_ip.s_addr, nt
> ohs(dst_port), dst_ip.s_addr);
> /*s = 1;*/
> s = socket(AF_INET, SOCK_STREAM, 0);
> if (s < 0) {
> log(LOG_INFO,"Redirect socket can not be
created");
> }else{
> log(LOG_INFO,"Redirect socket is created");
> /*
> bzero(&sa, sizeof sa);
> sa.sin_family = AF_INET;
> sa.sin_port = src_port;
> sa.sin_addr.s_addr = src_ip.s_addr;
> if (connect(s, (struct sockaddr *)&sa, sizeof sa)
<
> 0) {
> log(LOG_INFO,"connect %d failed",
> src_ip.s_addr);
> close(s);
> }else{
> log(LOG_INFO,"connect %d ok",
> src_ip.s_addr);
> close(s);
> }
> */
> /*
> while ((bytes = read(s, buffer, BUFSIZ)) > 0)
> write(1, buffer, bytes);
> */
> }
> }
> /* end debug */
> return(IP_FW_PORT_DENY_FLAG);
>
>
> -Original Message-
> From: Julian Elischer [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 20, 2001 12:59 PM
> To: Henry Su
> Cc: [EMAIL PROTECTED]
> Subject: Re: socket call in the kernel
>
>
>
>
> You cannot do a socket directly but you can indirectly
> tell me what you are trying to do and I can help..
>
>
>
> On Thu, 20 Dec 2001, Henry Su wrote:
>
> > I am trying to modify ip_fw.c in the /usr/src/sys/netinet, I tried to
add
> a
> > socket call in the code, it can be compiled, but when it runs into the
> code,
> > it just crashed. It gave me the "Fatal trap error 12", Memory address is
> > wrong.
> >
> > Can any one tell me if socket call can be used in kernel level? If not,
> how
> > can I accomplish socket communication in the kernel level?
> >
> > Thanks.
> >
> >
> >
> > Henry Su
> >
> > NTT Multimedia Communications Laboratories, Inc.
> >
> > 250 Cambridge Avenue Suite 300
> >
> > Palo Alto, CA 94306, USA (PST:UTC -8H)
> >
> > Tel: +1 650 833 3652
> >
> > Fax: +1 650 326 1878
> >
> > http://www.nttmcl.com/
> >
> >
> >
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe freebsd-net" in the body of the message
> >
>
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
RE: socket call in the kernel
Well, you'll find an example of using a ksocket node in
/usr/share/examples/netgraph
and of course /sys/netgraph/ng_ksocket.c has the actual code that does
that if you wanted to duplicate it in your own module.
Why do you want to do bridging?
if yuo used a NAT and routed it would be a lot more standard..
On Fri, 28 Dec 2001, Henry Su wrote:
> Hi, Julian:
>
> Could you please give me some code example for using the 'ksocket' node to
> open 'in kernel'
> sockets? Thanks.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Julian Elischer
> Sent: Thursday, December 20, 2001 3:08 PM
> To: Henry Su
> Cc: [EMAIL PROTECTED]
> Subject: RE: socket call in the kernel
>
>
>
>
> I have two answers:
>
> 1/ Use ipfw add NNN fwd localhost,8001 [deny criteria]
>to make the packet that is denied go to a default server listenning on
> port 8001
>
> 2/ there is an in-kernel webserver built using netgraph but it's not
> public, but Hyou can definitly use the 'ksocket' node to open 'in kernel'
> sockets and pass the result to an arbitrary node.
>
>
> 1 can do what you want with no kernel programming..
> check it out..
>
> man ipfw
>
>
> On Thu, 20 Dec 2001, Henry Su wrote:
>
> > Thanks, Julian and Alfred.
> >
> > I am trying to redirect the denied http request to a default web site. So
> my
> > idea is in the "ip_fw_chk" function of ip_fw.c, add following code, when
> it
> > will drop the packet. But as you pointed out in earlier email, socket can
> > not be used in this case. Do u have any other solutions? Thanks a lot.
> >
> >
> >
> > * Finally, drop the packet.
> > */
> >
> >
> > /* my code start debug */
> > /* find if it's a http packet */
> > dst_port_h = ntohs(dst_port);
> > if(dst_port_h==80){
> > log(LOG_INFO,"src_port:%u src_ip:%d dst_port:%d
> dst_ip:%u",
> > ntohs(src_port), src_ip.s_addr, nt
> > ohs(dst_port), dst_ip.s_addr);
> > /*s = 1;*/
> > s = socket(AF_INET, SOCK_STREAM, 0);
> > if (s < 0) {
> > log(LOG_INFO,"Redirect socket can not be
> created");
> > }else{
> > log(LOG_INFO,"Redirect socket is created");
> > /*
> > bzero(&sa, sizeof sa);
> > sa.sin_family = AF_INET;
> > sa.sin_port = src_port;
> > sa.sin_addr.s_addr = src_ip.s_addr;
> > if (connect(s, (struct sockaddr *)&sa, sizeof sa)
> <
> > 0) {
> > log(LOG_INFO,"connect %d failed",
> > src_ip.s_addr);
> > close(s);
> > }else{
> > log(LOG_INFO,"connect %d ok",
> > src_ip.s_addr);
> > close(s);
> > }
> > */
> > /*
> > while ((bytes = read(s, buffer, BUFSIZ)) > 0)
> > write(1, buffer, bytes);
> > */
> > }
> > }
> > /* end debug */
> > return(IP_FW_PORT_DENY_FLAG);
> >
> >
> > -Original Message-
> > From: Julian Elischer [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, December 20, 2001 12:59 PM
> > To: Henry Su
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: socket call in the kernel
> >
> >
> >
> >
> > You cannot do a socket directly but you can indirectly
> > tell me what you are trying to do and I can help..
> >
> >
> >
> > On Thu, 20 Dec 2001, Henry Su wrote:
> >
> > > I am trying to modify ip_fw.c in the /usr/src/sys/netinet, I tried to
> add
> > a
> > > socket call in the code, it can be compiled, but when it runs into the
> > code,
> > > it just crashed. It gave me the "Fatal trap error 12", Memory address is
> > > wrong.
> > >
> > > Can any one tell me if socket call can be used in kernel level? If not,
> > how
> > > can I accomplish socket communication in the kernel level?
> > >
> > > Thanks.
> > >
> > >
> > >
> > > Henry Su
> > >
> > > NTT Multimedia Communications Laboratories, Inc.
> > >
> > > 250 Cambridge Avenue Suite 300
> > >
> > > Palo Alto, CA 94306, USA (PST:UTC -8H)
> > >
> > > Tel: +1 650 833 3652
> > >
> > > Fax: +1 650 326 1878
> > >
> > > http://www.nttmcl.com/
> > >
> > >
> > >
> > > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > > with "unsubscribe freebsd-net" in the body of the message
> > >
> >
> >
> >
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe freebsd-net" in the body of the message
> >
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
>
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
RE: socket call in the kernel
The problem is that we do not use NAT, since all the machines will have real
IP address, and we do not want to assign 2nd IP address on the control box
too. Is there any configuration allow you to do this without bridging?
__ ___
| |crossover cable | |
|test1|>| test2(ipfw,proxy)|-->router->Internet
|_| |__|
-Original Message-
From: Julian Elischer [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 28, 2001 4:59 PM
To: Henry Su
Cc: [EMAIL PROTECTED]
Subject: RE: socket call in the kernel
Well, you'll find an example of using a ksocket node in
/usr/share/examples/netgraph
and of course /sys/netgraph/ng_ksocket.c has the actual code that does
that if you wanted to duplicate it in your own module.
Why do you want to do bridging?
if yuo used a NAT and routed it would be a lot more standard..
On Fri, 28 Dec 2001, Henry Su wrote:
> Hi, Julian:
>
> Could you please give me some code example for using the 'ksocket' node to
> open 'in kernel'
> sockets? Thanks.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Julian Elischer
> Sent: Thursday, December 20, 2001 3:08 PM
> To: Henry Su
> Cc: [EMAIL PROTECTED]
> Subject: RE: socket call in the kernel
>
>
>
>
> I have two answers:
>
> 1/ Use ipfw add NNN fwd localhost,8001 [deny criteria]
>to make the packet that is denied go to a default server listenning on
> port 8001
>
> 2/ there is an in-kernel webserver built using netgraph but it's not
> public, but Hyou can definitly use the 'ksocket' node to open 'in kernel'
> sockets and pass the result to an arbitrary node.
>
>
> 1 can do what you want with no kernel programming..
> check it out..
>
> man ipfw
>
>
> On Thu, 20 Dec 2001, Henry Su wrote:
>
> > Thanks, Julian and Alfred.
> >
> > I am trying to redirect the denied http request to a default web site.
So
> my
> > idea is in the "ip_fw_chk" function of ip_fw.c, add following code, when
> it
> > will drop the packet. But as you pointed out in earlier email, socket
can
> > not be used in this case. Do u have any other solutions? Thanks a lot.
> >
> >
> >
> > * Finally, drop the packet.
> > */
> >
> >
> > /* my code start debug */
> > /* find if it's a http packet */
> > dst_port_h = ntohs(dst_port);
> > if(dst_port_h==80){
> > log(LOG_INFO,"src_port:%u src_ip:%d dst_port:%d
> dst_ip:%u",
> > ntohs(src_port), src_ip.s_addr, nt
> > ohs(dst_port), dst_ip.s_addr);
> > /*s = 1;*/
> > s = socket(AF_INET, SOCK_STREAM, 0);
> > if (s < 0) {
> > log(LOG_INFO,"Redirect socket can not be
> created");
> > }else{
> > log(LOG_INFO,"Redirect socket is created");
> > /*
> > bzero(&sa, sizeof sa);
> > sa.sin_family = AF_INET;
> > sa.sin_port = src_port;
> > sa.sin_addr.s_addr = src_ip.s_addr;
> > if (connect(s, (struct sockaddr *)&sa, sizeof
sa)
> <
> > 0) {
> > log(LOG_INFO,"connect %d failed",
> > src_ip.s_addr);
> > close(s);
> > }else{
> > log(LOG_INFO,"connect %d ok",
> > src_ip.s_addr);
> > close(s);
> > }
> > */
> > /*
> > while ((bytes = read(s, buffer, BUFSIZ)) > 0)
> > write(1, buffer, bytes);
> > */
> > }
> > }
> > /* end debug */
> > return(IP_FW_PORT_DENY_FLAG);
> >
> >
> > -Original Message-
> > From: Julian Elischer [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, December 20, 2001 12:59 PM
> > To: Henry Su
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: socket call in the kernel
> >
> >
> >
> >
> > You cannot do a socket directly but you can indirectly
> > tell me what you are trying to do and I can help..
> >
> >
> >
> > On Thu, 20 Dec 2001, Henry Su wrote:
> >
> > > I am trying to modify ip_fw.c in the /usr/src/sys/netinet, I tried to
> add
> > a
> > > socket call in the code, it can be compiled, but when it runs into the
> > code,
> > > it just crashed. It gave me the "Fatal trap error 12", Memory address
is
> > > wrong.
> > >
> > > Can any one tell me if socket call can be used in kernel level? If
not,
> > how
> > > can I accomplish socket communication in the kernel level?
> > >
> > > Thanks.
> > >
> > >
> > >
> > > Henry Su
> > >
> > > NTT Multimedia Communications Laboratories, Inc.
> > >
> > > 250 Cambridge Avenue Suite 300
> > >
> > > Palo Alto, CA
Re: Why is my ipfw(8) ``fwd'' rule to redirect a service to another machine not working?
On Fri, Dec 28, 2001 at 01:31:07PM -0800, Julian Elischer wrote: > You need to > correct the FAQ.. > > "The correct way to ensure that this does not happen is to also add > a 'fwd' rule on the destination rule, forwarding the packet > to localhost. This will override the destination machine's tendancy > to throw the forwarded packet back" I'm having a hard time parsing that. > Also, in versions of FreeBSD before 4.6, 4.6? > packets matched while INCOMING > could only be forwarded to the local host. Which is what I thought the original poster was doing? > Outgoing packets > could be forwarded to an adjoining host. > This was fixed while 4.5 was cooking and appeared in releases after that. So will this be in 4.5? > The port number is only used for forwarding to the local host. Which is what the original poster was doing? -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | [EMAIL PROTECTED] | [EMAIL PROTECTED] http://people.freebsd.org/~cjc/| [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: USB ethernet problem
Thomas Zenker writes: | the situation changed, I have tried to install the new release now | on the final embedded hardware. It is to mention, that this hardware | is working with fbsd 4.3 from july without any problems in about | 50 equipments. Upgrade from the previous fbsd 4.3 works flawlessly | (4.3 kernel is running during this procedure), however after rebooting | the 4.4 kernel, another upgrade run doesn't terminate: | | usb0: host controller process error | usb0: host controller halted Hmm, I've seen this with my usio driver (USB -> serial adapter using the Anchor chip) and couldn't figure it out. It seems to happen more as machines are sharing interrupts with USB on UHCI controllers. Lots of small packets seem to trigger it more. Doug A. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
