List Info

Thread: IPPROTO_DIVERT and PF_INET6
IPPROTO_DIVERT and PF_INET6
user name
 2008-05-03 05:00:43 
Greetings,

Before somebody shoots me down on it: I know that
ipfw_divert() is
not suitable for IPv6 packets.

So, to the point. This code:

	struct sockaddr_in6     addr6;
        struct in6_addr ip6_any = IN6ADDR_ANY_INIT;

        sin = socket(PF_INET6, SOCK_RAW, IPPROTO_DIVERT);
        if (sin == -1)
                errx(1, "Unable to create sin
socket.");
        if (sin > fdmax)
                fdmax = sin;

        addr6.sin6_family = AF_INET6;
        addr6.sin6_addr = ip6_any;
        addr6.sin6_port = htons(8669);

        if (bind(sin, (struct sockaddr *) &addr6,
sizeof(addr6)) == -1)
                errx(1, "Unable to bind incoming divert
socket: %s",
                    strerror(errno));

compiles and run fine, but it gives me this in the lsof
output:

    nat6to4d  67887       root    3u    IPv6 0xc8b05000     
  0t0  HOPOPTS *

HOPOPTS is "0" according to /etc/protocols. Making
everything IPv4,
it gives this:

    nat6to4d  67899       root    3u    IPv4 0xc865421c     
  0t0   DIVERT *:8669

which is what I expected. So why doesn't this get displayed
for the
IPv6 sockets?

Edwin

-- 
Edwin Groothuis      |            Personal website: http://www.mavetju.org
edwinmavetju.org    |              Weblog: http://www.mavetju.org
/weblog/
_______________________________________________
freebsd-netfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"
Re: IPPROTO_DIVERT and PF_INET6
user name
 2008-05-03 08:52:52 
On Sat, May 03, 2008 at 08:00:43PM +1000, Edwin Groothuis
wrote:
> Before somebody shoots me down on it: I know that
ipfw_divert() is
> not suitable for IPv6 packets.

Please note that the above statement is only partly true
now: on
my laptop ipfw_divert() can handle IPv6 forwards, but the
problem
described with opening prevents me from doing anything
useful with
it.

Edwin
-- 
Edwin Groothuis      |            Personal website: http://www.mavetju.org
edwinmavetju.org    |              Weblog: http://www.mavetju.org
/weblog/
_______________________________________________
freebsd-netfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"
Re: IPPROTO_DIVERT and PF_INET6
country flaguser name
United States		 2008-05-05 14:18:32 
At Sat, 3 May 2008 20:00:43 +1000,
Edwin Groothuis <edwinmavetju.org> wrote:

> Before somebody shoots me down on it: I know that
ipfw_divert() is
> not suitable for IPv6 packets.

[snip]

> which is what I expected. So why doesn't this get
displayed for the
> IPv6 sockets?

I don't know much about IPDIVERT, but it seems to me this is
simply
because the IPv6 stack (sys/netinet6) doesn't support divert
sockets.
So opening an AF_INET6 socket with the protocol being
IPPROTO_DIVERT
(which is "unknown")

        sin = socket(PF_INET6, SOCK_RAW, IPPROTO_DIVERT);

matches a wildcard protosw

/* raw wildcard */
{
	.pr_type =		SOCK_RAW,
	.pr_domain =		&inet6domain,
	.pr_flags =		PR_ATOMIC|PR_ADDR,
	.pr_input =		rip6_input,
	.pr_output =		rip6_output,
	.pr_ctloutput =		rip6_ctloutput,
	.pr_usrreqs =		&rip6_usrreqs
},

whose pr_protocol is implicitly set to 0, which is
(accidentally)
interpreted by lsof as "HOPOPTS".

This should provide a direct answer to you question of
"why"?  But I
suspect the underlying question is why divert sockets aren't
supported
for IPv6.  I don't know why.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
_______________________________________________
freebsd-netfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"
Re: IPPROTO_DIVERT and PF_INET6
country flaguser name
United States		 2008-05-05 15:15:29 
JINMEI Tatuya / 神明達哉 wrote:

> 
> This should provide a direct answer to you question of
"why"?  But I
> suspect the underlying question is why divert sockets
aren't supported
> for IPv6.  I don't know why.

because no=one has done it and because divert sockaddrs are
ipv4 sockaddrs

you would have to make a new divert6 protocol.
That's not impossible, but no-one has done it.

> 
> ---
> JINMEI, Tatuya
> Internet Systems Consortium, Inc.
> _______________________________________________
> freebsd-netfreebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"

_______________________________________________
freebsd-netfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"
Re: IPPROTO_DIVERT and PF_INET6
user name
 2008-05-05 18:10:09 
On Mon, May 05, 2008 at 01:15:29PM -0700, Julian Elischer
wrote:
> >This should provide a direct answer to you question
of "why"?  But I
> >suspect the underlying question is why divert
sockets aren't supported
> >for IPv6.  I don't know why.
> 
> because no=one has done it and because divert sockaddrs
are ipv4 sockaddrs
> 
> you would have to make a new divert6 protocol.
> That's not impossible, but no-one has done it.

I've been looking at it, with hints from rwatson and
bms,
but the
problem right now lays in the way you can do dynamic
protocol
registrations with IPv4 but not yet with IPv6. Every time
when I
get one step further I end up with a new problem :-(

Let's call it a learning excercise!

Edwin
-- 
Edwin Groothuis      |            Personal website: http://www.mavetju.org
edwinmavetju.org    |              Weblog: http://www.mavetju.org
/weblog/
_______________________________________________
freebsd-netfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"
Re: IPPROTO_DIVERT and PF_INET6
country flaguser name
United States		 2008-05-05 18:18:54 
Edwin Groothuis wrote:
> On Mon, May 05, 2008 at 01:15:29PM -0700, Julian
Elischer wrote:
>>> This should provide a direct answer to you
question of "why"?  But I
>>> suspect the underlying question is why divert
sockets aren't supported
>>> for IPv6.  I don't know why.
>> because no=one has done it and because divert
sockaddrs are ipv4 sockaddrs
>>
>> you would have to make a new divert6 protocol.
>> That's not impossible, but no-one has done it.
> 
> I've been looking at it, with hints from rwatson and
bms,
but the
> problem right now lays in the way you can do dynamic
protocol
> registrations with IPv4 but not yet with IPv6. Every
time when I
> get one step further I end up with a new problem :-(
> 
> Let's call it a learning excercise!
> 
> Edwin

you could implement a whole new protocol family of which
there
was a single protocol..  divert.
     so you would open a socket of type.

      sock = socket(PF_DIVERT, SOCK_RAW, DIVPROTO_6);
instead of

         sin = socket(PF_INET6, SOCK_RAW, IPPROTO_DIVERT);
_______________________________________________
freebsd-netfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"
Re: IPPROTO_DIVERT and PF_INET6
user name
 2008-05-05 18:58:58 
On Mon, May 05, 2008 at 04:18:54PM -0700, Julian Elischer
wrote:
> Edwin Groothuis wrote:
> >On Mon, May 05, 2008 at 01:15:29PM -0700, Julian
Elischer wrote:
> >>>This should provide a direct answer to you
question of "why"?  But I
> >>>suspect the underlying question is why
divert sockets aren't supported
> >>>for IPv6.  I don't know why.
> >>because no=one has done it and because divert
sockaddrs are ipv4 sockaddrs
> >>
> >>you would have to make a new divert6 protocol.
> >>That's not impossible, but no-one has done it.
> >
> >I've been looking at it, with hints from
rwatson and bms, but the
> >problem right now lays in the way you can do
dynamic protocol
> >registrations with IPv4 but not yet with IPv6.
Every time when I
> >get one step further I end up with a new problem
:-(
> >
> >Let's call it a learning excercise!

My adventures are written down at
http://
www.mavetju.org/weblog/html/00231.html

> you could implement a whole new protocol family of
which there
> was a single protocol..  divert.
>     so you would open a socket of type.
> 
>      sock = socket(PF_DIVERT, SOCK_RAW, DIVPROTO_6);
> instead of
> 
>         sin = socket(PF_INET6, SOCK_RAW,
IPPROTO_DIVERT);

Euhm... that would make my goal more noble but certainly
near
impossible for me.

Edwin
-- 
Edwin Groothuis      |            Personal website: http://www.mavetju.org
edwinmavetju.org    |              Weblog: http://www.mavetju.org
/weblog/
_______________________________________________
freebsd-netfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"
[1-7]

about | contact  Other archives ( Real Estate discussion Medical topics )