kern/122963: [ipfw] tcpdump does not show packets redirected by 'ipfw fwd' on proper interface

[n j]

Ok, it's been a while since I posted that feedback to the PR, so I don't
really remember all the details, but I probably get what you're saying.

Let me go over my original problem:

A program ("MUX") listens on port 443 on the server. It receives requests
from clients and forwards those packets to another program ("SERVER")
listening on same server port 8443. MUX is using transparent forwarding so
the SERVER receives  packets with the original address and port intact.
Obviously, when SERVER makes a reply, it sends the reply directly to the
original client due to source addresses having been transparently
forwarded. To fix that, an 'ipfw fwd' rule catches these outgoing packets
and redirects the packets back to MUX. This setup works fine.

The problem arose while I was debugging some issues with the programs and
that was when I noticed that in the tcpdump I only see the following
traffic:

(tcpdump on public interface)
CLIENT:PORT --> MUX:443
MUX:443 --> CLIENT:PORT

and

(tcpdump on loopback)
MUX (posing as CLIENT:PORT) --> SERVER:8443

but there was no traffic going back from SERVER:8443 to CLIENT:PORT
(actually ending in MUX due to 'ipfw fwd' rule).

As I said above, I probably understand why it's not there. I can see fwd
rule in ipfw logs showing the packet going from SERVER:8443 to CLIENT:PORT
out via public interface, but it actually doesn't reach the wire and
tcpdump because fwd rule snatches it before it can go out and forwards it
to MUX so that MUX can send it out.

However, I still feel as if there should be a trace of that packet
somewhere in the tcpdump as the packet after all leaves one userland
program (SERVER) and enters another userland program (MUX). It'd certainly
help to see all packets (i.e. both connections and all 4 directions) when
debugging problems with a setup like the one I described.

Am I missing something important here?

Regards,
-- 
Nino



On Thu, Jan 16, 2014 at 12:20 PM, Alexander V. Chernikov <
melifaro at freebsd.org> wrote:

> The following reply was made to PR kern/122963; it has been noted by GNATS.
>
> From: "Alexander V. Chernikov" <melifaro at FreeBSD.org>
> To: bug-followup at FreeBSD.org, zuborg at advancedhosters.com
> Cc:
> Subject: Re: kern/122963: [ipfw] tcpdump does not show packets redirected
>  by 'ipfw fwd' on proper interface
> Date: Thu, 16 Jan 2014 15:09:46 +0400
>
>  This is not a bug.
>
>  You're adding fwd rule which forwards outgoing packet back to the local
>  system (since fwd address is em0 address).
>  That's why you're not seeing packet on the wire.
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>