A maybe interesting problem using divert sockets
A maybe interesting problem using divert sockets
- Subject: A maybe interesting problem using divert sockets
- From: Ron Crocker <email@hidden>
- Date: Tue, 19 Sep 2006 09:27:25 -0500
- Thread-topic: A maybe interesting problem using divert sockets
Title: A maybe interesting problem using divert sockets
I’m having some problems with divert sockets and could use some help. Here’s what I’d like to do:
I have a little network, 3 computers A, B, and C. What I’d like to do is use B to act as a router, but occasionally buffer and delay packets between A and C, simulating a brief network outage. A and C will send packets normally, meaning that the IP headers in those packets will say Src: A, Dest: C. In both cases, I can make it so that A and C are not on the same subnet, and both will use B as their gateway. And just to make this exciting, they are all on the same LAN because I’m using a PowerBook G4 as the B computer and only have one network connection.
My thought was to use divert sockets and ipfw2 controls to hijack packets into an application on B which will normally simply pass these packets back into network stack. A normal packet would go from A to B by having B’s MAC address stuck in the To: part of the MAC header. After B gets it, C’s MAC address will be stuck into the To: part of the MAC header using normal IP routing procedures at the various computers.
>From A (or C), this all works peachy – I’ve configured it to have B as the gateway and voila, the packets are sent with B’s MAC address. The problem is at B – I can’t seem to get packets that do not have B’s IP address to come out of ipfw.
I’ve got my application listening on divert port 8384, and I’ve tried these IPFW rules and none of them seem to work:
00001 divert 8384 ip from any to any in layer2
00001 divert 8384 ip from any to any in
Also, I see by searching the maillist archives that Apple has chosen to NOT implement the net.link.ether.ipfw access to packets on ipfw, which seems to explain why I can only get the packets addressed to B’s IP address along with its MAC address. Any thoughts other than:
- moving to Linux for B where the full implementation of ipfw2 exists, or
- changing the “target” IP addresses and having B do a NAT-like relay job, where A sends an IP packet to B, and B readdresses it to C (and similarly in the reverse direction).
I don’t have access to a machine to do 1), and I don’t really like doing 2) but I will if I have to. The problem with 2 is that I don’t know if the application will work if I spoof the addresses.
Thanks for any help you can offer!
Ron C.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden