netgraph(4) divert(4) to UDP Tunnel
Crist J. Clark
cristjc at comcast.net
Fri Nov 14 08:10:26 PST 2003
On Fri, Nov 14, 2003 at 10:35:53AM +0200, Ruslan Ermilov wrote:
> On Thu, Nov 13, 2003 at 12:24:35PM -0800, Crist J. Clark wrote:
> > I'm trying to play around with netgraph(4) for the first time and
> > there seem to be some aspects of it that haven't "clicked" in my head
> > just yet.
> >
> > What I want to do seems like it should be pretty easy. I want to
> > send some packets through a UDP tunnel. There is an
> > /usr/share/examples/netgraph/udp.tunnel file that is close to what I
> > want, but not quite. I want to send packets that have been divert(4)ed
> > to the tunnel.
> >
> > I can make my two ng_ksocket(8) nodes via the ngctl(8) interface,
> >
> > + mkpeer ksocket d0 inet/dgram/udp
> > + name d0 udptun
> > + msg d0 bind inet/192.168.64.70:10000
> > + msg d0 connect inet/192.168.64.50:10000
> > + mkpeer ksocket d1 inet/raw/divert
> > + name d1 divtun
> > + msg d1 bind inet/0.0.0.0:8668
> >
> > But how do I then connect the two of them up? I assume that I use
> > 'connect' within ngctl(8), but I haven't figured out what the
> > arguments need to be with the documentation and examples I've found.
> >
> > The other thing I suspect I should be doing, is actually running the
> > 'mkpeer' through the first node I create in ngctl(8), but I can't seem
> > to get that to work,
> >
> > + mkpeer ksocket d0 inet/dgram/udp
> > + name d0 udptun
> > + msg d0 bind inet/192.168.64.70:10000
> > + msg d0 connect inet/192.168.64.50:10000
> > + mkpeer d0 ksocket d1 inet/raw/divert
> > ngctl: send msg: Socket is already connected
> >
> > I think it is actually complaining about the hook between my ngctl
> > node and the udptun node and not the creation of the divert socket?
> >
> > Basically, I think my conceptual problem is with the fact that you
> > start with the ngctl(8) node in the middle of everything. How do I
> > create my new nodes and get the ngctl(8) node out of the middle?
> >
> I don't think this is currently possible (I'd like to be mistaken).
> The main difference between ng_iface (from the classical tunnel
> example) and ng_ksocket is that the first is so-called ``persistent''
> node, i.e., when the number of hooks becomes zero, the node does
> not get removed automatically. This same is not true for ksocket.
>
> But I think this could be a work around:
>
> ngctl
> + mkpeer tee dummy left2right
> + name dummy mytee
> + mkpeer mytee: ksocket left inet/dgram/udp
> + name mytee:left udp1
> + mkpeer mytee: ksocket right inet/dgram/udp
> + name mytee:right udp2
> + exit
Thanks for the suggestion. I had already tried this, and it did indeed
work. However, you actually can do one better. If you now shutdown the
ng_tee(8) node, the two ksockets end up directly attached. I found
that out by accident and haven't looked to see where that interesting
behavior is documented. Here're the commands I used,
#!/usr/sbin/ngctl -f
mkpeer tee hub left2right
mkpeer hub ksocket right inet/dgram/udp
name hub.right udptun
msg hub.right bind inet/192.168.64.70:10000
msg hub.right connect inet/192.168.64.50:10000
mkpeer hub ksocket left inet/raw/divert
name hub.left divtun
msg hub.left bind inet/0.0.0.0:8668
shutdown hub
After I run this,
# ngctl list
There are 3 total nodes:
Name: ngctl13605 Type: socket ID: 0000003b Num hooks: 0
Name: divtun Type: ksocket ID: 0000003a Num hooks: 1
Name: udptun Type: ksocket ID: 00000039 Num hooks: 1
# ngctl show divtun:
Name: divtun Type: ksocket ID: 0000003a Num hooks: 1
Local hook Peer name Peer type Peer ID Peer hook
---------- --------- --------- ------- ---------
inet/raw/divert udptun ksocket 00000039 inet/dgram/udp
Which is exactly what I wanted.
--
Crist J. Clark | cjclark at alum.mit.edu
| cjclark at jhu.edu
http://people.freebsd.org/~cjc/ | cjc at freebsd.org
More information about the freebsd-net
mailing list