MavEtJu's Distorted View of the World

FreeBSD IPv6 Divert socket adventures (2)

Posted on 2008-05-12 10:00:00
Tags: IPv6, FreeBSD, Networking

A small update:

• Dr. Goto has replied. It seems that I contacted him at the beginning on the Golden Week, a week in Japan with a lot of free days so that was the reason it took longer. His patches are against 5.2.1 and applied without problems but didn't compile. But it gave me some good hints.
• Three kernel panics later I was told by Bruce M Simpson to use Qemu for kernel development work. Two days later I have it up and running. Works nice, I have it booting via PXE and the disks are mounted via NFS. I can boot in several FreeBSD versions but not into 5.2.1 because it hangs just before starting the userland. So far for my reference platform...
• I have copied sys/src/netinet/ip_divert.c to sys/src/netinet/ip6_divert.c and modified all IPv4 functions into their IPv6 equivalents. Also added IP_PROTO_SPACERS to in6_proto.h. And finally when I open a socket with PF_INET6 and SOCK_RAW and IPPROTO_DIVERT, I get a proper socket:

  nat6to4d 2578  root    3u  IPv6    0xc1df8ec4        0t0  DIVERT *:8666
  nat6to4d 2578  root    4u  IPv4    0xc1dfaec4        0t0  DIVERT *:8664

  sockstat still doesn't show it though...
• Internally in ip6_divert.c, instead of abusing the sin_zero[] fields in struct sockaddr_in I have created the new sockaddr type struct sockaddr_div:

  struct sockaddr_div {
  	uint8_t         div_len;
  	sa_family_t     div_family;     /* AF_INET / AF_INET6 */
  	in_port_t       div_cookie;     /* was: sin_port */
  	char            div_iface[8];
  	struct in6_addr div6_addr;      /* IPv6 address */
  	struct in_addr  div4_addr;      /* IPv4 address */
  };

  This could / should be also used in the normal ip_divert code.

So what works and what doesn't?

• IPv6 packet goes from divert to the nat6to4 daemon. Yay!
  (TCP SYN packet from IPv6 host to the IPv6 address of the machine with the nat6to4 daemon)
• IPv4 packet goes from the nat6to4 daemon to divert. Yay!
  (TCP SYN packet from the IPv4 address of the machine with the nat6to4 daemon to the IPv4 host. Trivia: Why do you need to recalculate the TCP checksum when you haven't changed the TCP header and TCP payload?)
• IPv4 packet goes from divert to the nat6to4 daemon. Yay!
  (TCP SYN-ACK packet from IPv4 host to the IPv4 address of the machine with the nat6to4 daemon)
• IPv6 packet does not go from the nat6to4 daemon into divert. What?!?!?

I'm not sure what goes wrong here: sendto() says that it is accepted, but the packet is expected to end up on the div6_send() function but it doesn't end up there. For some reason. Which is kind of annoying. Robert Watson suggested to check the GDB debugger what happens in the sendto() call.

But that is an adventure for later when I have some spare time again... work and two kids, that doesn't leave much time adventures like this (except between 22:00 and 01:00 which is very bad for everybody)

| Share on Facebook | Share on Twitter

---

Comments: No comments yet
Leave a comment
Back to the main page