Menu
▾
▴
ipdivert-main — Main discussion list for divert sockets in Linux
You can subscribe to this list here.
| 1999 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(8) |
Aug
(1) |
Sep
(2) |
Oct
(1) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2000 |
Jan
|
Feb
(4) |
Mar
(4) |
Apr
|
May
(5) |
Jun
(14) |
Jul
(19) |
Aug
(16) |
Sep
(1) |
Oct
|
Nov
(11) |
Dec
(6) |
| 2001 |
Jan
(4) |
Feb
(18) |
Mar
(22) |
Apr
(5) |
May
(12) |
Jun
(15) |
Jul
(15) |
Aug
(11) |
Sep
|
Oct
(1) |
Nov
(3) |
Dec
|
| 2002 |
Jan
(3) |
Feb
(6) |
Mar
(9) |
Apr
(9) |
May
(9) |
Jun
|
Jul
(2) |
Aug
(7) |
Sep
(4) |
Oct
(14) |
Nov
(6) |
Dec
(1) |
| 2003 |
Jan
(8) |
Feb
(11) |
Mar
(11) |
Apr
(19) |
May
(10) |
Jun
(5) |
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2004 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(2) |
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Azadeh <aba...@ya...> - 2008-02-15 17:48:40
|
<head> </head> <body> <font size="3"> Azadeh Abad wants you to join Yaari! <br> <br> Is Azadeh your friend? <br> <br> <a href="http://www.yaari.com/y-register.php?i=I4Q328BIMQ3SI2W41201608904">Yes, Azadeh is my friend!</a> <a href="http://www.yaari.com/y-register.php?i=no">No, Azadeh isn't my friend.</a> <br> <br> Please respond or Azadeh might think you said no :( <br> <br> Thanks, <br> The Yaari Team <br /> <br /> ____ <br> You are receiving this message because someone you know registered for Yaari and listed you as a contact. <br> If you prefer not to receive this email tell us <a href="http://yaari.com/y-email-opt-out.php?param=aXBkaXZlcnQtbWFpbkBsaXN0cy5zb3VyY2Vmb3JnZS5uZXQ%3D">here</a>. <br> If you have any concerns regarding the content of this message, please email ab...@ya.... <br> </font> <font size="2"> Yaari LLC, 358 Angier Ave, Atlanta, GA 30312 </font> </body> </html> |
|
From: Azadeh A. <aba...@ya...> - 2007-05-29 12:28:26
|
i Hi, I am a new user of Linux.So If I am wrong please let me know kindly...I want to install IPDivert....to Use IPtables....my platform is CentOS4.4 with a new compiled kernel of 2.6.12.3..... I installed the Ipdivert of 2.6.12.3 and the iptable of 1.3.1(the same version of my iptables)....I wanted to know is it right that I should install ipdivert patch first and the iptables? I use patch -p1 < /path/to/patch command in the folder that my ipdivert patch (ipdivert-2.6.12.3.diff) exist but I get the below lines: root@flashpoint ~]# cd /usr/src/linux/Kernel.2.6.12.3/linux-2.6.12.3/ [root@flashpoint linux-2.6.12.3]# patch -p1 < /usr/src/linux/Kernel.2.6.12.3/linux-2.6.12.3/ipdivert-2.6.12.3.diff can't find file to patch at input line 4 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff -urP pristine/linux-2.6.12.3/include/linux/in.h patched/linux-2.6.12.3/include/linux/in.h |--- pristine/linux-2.6.12.3/include/linux/in.h 2005-03-02 00:38:33.000000000 -0700 |+++ patched/linux-2.6.12.3/include/linux/in.h 2005-07-25 23:00:11.000000000 -0600 -------------------------- File to patch: ipdivert-2.6.12.3.diff patching file ipdivert-2.6.12.3.diff Hunk #1 FAILED at 43. 1 out of 1 hunk FAILED -- saving rejects to file ipdivert-2.6.12.3.diff.rej The next patch would create the file linux-2.6.12.3/include/linux/netfilter_ipv4/ipt_DIVERT.h, which already exists! Assume -R? [n] and I dont know what is wrong...Any kind answer is appreciated and handy. Tnx. Azadeh Send instant messages to your online friends http://uk.messenger.yahoo.com |
|
From: Robin P. <rom...@ho...> - 2004-12-15 15:18:15
|
Where can one find the patch for ipdivert? Regards Robin Persson |
|
From: Robin P. <rom...@ho...> - 2004-12-15 06:08:51
|
Hello Should ipdivert be considered deprecated? Regards Robin |
|
From: Dung N. A. <dng...@ya...> - 2004-08-02 09:26:26
|
Dear sirs, I just patch divert to kernel linux-2.4.x and using iptables to divert packets, it seem run ok. I would like to handle both IPv4 and IPv6 packets, but I am a newbie in IP stack. How-to make a patch for supporting IPv6 packets, similar as BSD environment? Please show me the place to get more information relating to this issue, or show me the hint to implement it. Tanks very much Dan __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail |
|
From: <ben...@id...> - 2004-05-22 13:06:49
|
Dear Open Source developer I am doing a research project on "Fun and Software Development" in which I kindly invite you to participate. You will find the online survey under http://fasd.ethz.ch/qsf/. The questionnaire consists of 53 questions and you will need about 15 minutes to complete it. With the FASD project (Fun and Software Development) we want to define the motivational significance of fun when software developers decide to engage in Open Source projects. What is special about our research project is that a similar survey is planned with software developers in commercial firms. This procedure allows the immediate comparison between the involved individuals and the conditions of production of these two development models. Thus we hope to obtain substantial new insights to the phenomenon of Open Source Development. With many thanks for your participation, Benno Luthiger PS: The results of the survey will be published under http://www.isu.unizh.ch/fuehrung/blprojects/FASD/. We have set up the mailing list fa...@we... for this study. Please see http://fasd.ethz.ch/qsf/mailinglist_en.html for registration to this mailing list. _______________________________________________________________________ Benno Luthiger Swiss Federal Institute of Technology Zurich 8092 Zurich Mail: benno.luthiger(at)id.ethz.ch _______________________________________________________________________ |
|
From: Jonathan L. <jon...@nu...> - 2004-01-13 09:31:19
|
Are there any plans to port divert sockets to version 2.6 of the linux kernel? Jonathan Lynch -- GPG Public Key: http://frink.nuigalway.ie/~jlynch/jnuig.gpg |
|
From: Ilia B. <ib...@an...> - 2003-11-03 22:12:08
|
It looks like i'll have to look into these - there were others reporting something similar. It would really help if someone with two machines could hook up kgdb to a divert-enabled host and get the details on the crash. -ilia On Mon, 2003-11-03 at 06:33, kaede wrote: > My System is Mandrake Linux 9.0. > I patch kernel 2.4.18 to run Divert Socket. > > 1. If I divert ICMP packet, the system works normally. > 2. If I divert TCP traffic, it will crash very soon. > > Do anybody know why? Thank you very much. > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > Ipdivert-main mailing list > Ipd...@li... > https://lists.sourceforge.net/lists/listinfo/ipdivert-main -- -------------------------------------+---------------------- Ilia Baldine, PhD | ib...@an... Principal Engineer, | ph#:(919)248-1847 Advanced Networking Research, MCNC | FAX:(919)248-1455 http://people.anr.mcnc.org/~ibaldin | -------------------------------------+---------------------- "Whenever you find yourself on the side of the majority, it is time to reform." - Mark Twain ------------------------------------------------------------ |
|
From: kaede <ka...@hp...> - 2003-11-03 11:36:39
|
My System is Mandrake Linux 9.0. I patch kernel 2.4.18 to run Divert Socket. 1. If I divert ICMP packet, the system works normally. 2. If I divert TCP traffic, it will crash very soon. Do anybody know why? Thank you very much. |
|
From: kaede <ka...@hp...> - 2003-07-04 13:59:20
|
Thanks for your suggestion.
This time, I try in this way.
1. decompress iptables.
2. $ cd iptables-1.2.6a/extensions/
3. $ patch Makefile ../../iptables-1.2.6a-divert.patch
patching file Makefile
patching file libipt_DIVERT.c
$ make
$ cd ..
$ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux
Making dependencies: please wait...
make: Nothing to be done for `../iptables-1.2.6a-divert.patch'.
$
$ make KERNEL_DIR=/usr/src/linux
$ make install KERNEL_DIR=/usr/src/linux
4. Then I recompile the kernel. After rebooting, I still can't use
"iptables -A INPUT -p ICMP -j DIVERT --div-port 1234"
Please help me.
On Wed, 2 Jul 2003 10:39:52 -0700 (PDT), Tushaar Sethi wrote
> You need to use the "patch" command to first patch the iptables
> source then recompile the iptables source as usual. Try the patch
> man page. Trying to compile the patch will not work.
>
> -
>
> Tushaar
>
> On Wed, 2 Jul 2003, kaede wrote:
>
> > Hello,
> > I have read the mail, "Re:how iptables patch should be applied?".
> > But I still can't make it work.
> > These are the steps that I did, please tell me what's wrong. Thank you.
> >
> > 1. get "linux kernel 2.4.18"
> > and its patch "divert-2.4.18-1.1-patch" "route.c.patch"
> >
> > 2. get iptables source code "iptables-1.2.6a.tar.bz2"
> > and its patch "iptables-1.2.6a-divert.patch"
> >
> > 3. decompress iptables, then patch it
> > ---------------------------------------------------
> > $ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux
> > Making dependencies: please wait...
> > Something wrong... deleting dependencies.
> > make: *** [/usr/src/linux/include/linux/autoconf.h] Error 1
> > $
> > ---------------------------------------------------
> >
> > 4. It has depedency problem, so I patch the kernel by
> > "divert-2.4.18-1.1-patch" and "route.c.patch". And then
> > I patch iptables again.
> > ---------------------------------------------------
> > $ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux
> > Making dependencies: please wait...
> > Something wrong... deleting dependencies.
> > make: *** [/usr/src/linux/include/linux/autoconf.h] Error 1
> > $
> > ----------------------------------------------------
> >
> > 5. Then I try to run "make menuconfig" and choose "IP: divert sockets",
> > "IP: divert pass-through". And then run "make dep". Again, I
> > try to patch the iptables
> > ----------------------------------------------------
> > $ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux
> > Making dependencies: please wait...
> > make: Nothing to be done for `../iptables-1.2.6a-divert.patch'.
> > $
> > ----------------------------------------------------
> >
> > 6. Nothing affected. I go on patch iptables by this:
> > ----------------------------------------------------
> > $ make KERNEL_DIR=/usr/src/linux
> > $ make install KERNEL_DIR=/usr/src/linux
> > ----------------------------------------------------
> >
> > and then compile the kernel and modules. then reboot.
> > I got a successful kernel, but the iptables can't work
> > with option "--div-port"
> > -----------------------------------------------------
> > $ iptables -A INPUT -p ICMP -j DIVERT --div-port 1234
> > iptables v1.2.6a: Unknown arg `--div-port'
> > Try `iptables -h' or 'iptables --help' for more information.
> > $
> > ------------------------------------------------------
> >
> > Could anyone tell me the correct steps to patch the iptables?
> > Thank you very much.
> >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> > Data Reports, E-commerce, Portals, and Forums are available now.
> > Download today and enter to win an XBOX or Visual Studio .NET.
> > http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> > _______________________________________________
> > Ipdivert-main mailing list
> > Ipd...@li...
> > https://lists.sourceforge.net/lists/listinfo/ipdivert-main
> >
--
Distributed System Laboratory (http://dslab.ee.ncku.edu.tw)
Department of Electrical Engineering
National Cheng Kung University, Tainan, Taiwan, R.O.C.
|
|
From: Tushaar S. <ts...@IS...> - 2003-07-02 17:53:52
|
You need to use the "patch" command to first patch the iptables source then recompile the iptables source as usual. Try the patch man page. Trying to compile the patch will not work. - Tushaar On Wed, 2 Jul 2003, kaede wrote: > Hello, > I have read the mail, "Re:how iptables patch should be applied?". > But I still can't make it work. > These are the steps that I did, please tell me what's wrong. Thank you. > > 1. get "linux kernel 2.4.18" > and its patch "divert-2.4.18-1.1-patch" "route.c.patch" > > 2. get iptables source code "iptables-1.2.6a.tar.bz2" > and its patch "iptables-1.2.6a-divert.patch" > > 3. decompress iptables, then patch it > --------------------------------------------------- > $ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux > Making dependencies: please wait... > Something wrong... deleting dependencies. > make: *** [/usr/src/linux/include/linux/autoconf.h] Error 1 > $ > --------------------------------------------------- > > 4. It has depedency problem, so I patch the kernel by > "divert-2.4.18-1.1-patch" and "route.c.patch". And then > I patch iptables again. > --------------------------------------------------- > $ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux > Making dependencies: please wait... > Something wrong... deleting dependencies. > make: *** [/usr/src/linux/include/linux/autoconf.h] Error 1 > $ > ---------------------------------------------------- > > 5. Then I try to run "make menuconfig" and choose "IP: divert sockets", > "IP: divert pass-through". And then run "make dep". Again, I > try to patch the iptables > ---------------------------------------------------- > $ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux > Making dependencies: please wait... > make: Nothing to be done for `../iptables-1.2.6a-divert.patch'. > $ > ---------------------------------------------------- > > 6. Nothing affected. I go on patch iptables by this: > ---------------------------------------------------- > $ make KERNEL_DIR=/usr/src/linux > $ make install KERNEL_DIR=/usr/src/linux > ---------------------------------------------------- > > and then compile the kernel and modules. then reboot. > I got a successful kernel, but the iptables can't work > with option "--div-port" > ----------------------------------------------------- > $ iptables -A INPUT -p ICMP -j DIVERT --div-port 1234 > iptables v1.2.6a: Unknown arg `--div-port' > Try `iptables -h' or 'iptables --help' for more information. > $ > ------------------------------------------------------ > > Could anyone tell me the correct steps to patch the iptables? > Thank you very much. > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 > _______________________________________________ > Ipdivert-main mailing list > Ipd...@li... > https://lists.sourceforge.net/lists/listinfo/ipdivert-main > |
|
From: kaede <ka...@hp...> - 2003-07-02 13:39:42
|
Hello, I have read the mail, "Re:how iptables patch should be applied?". But I still can't make it work. These are the steps that I did, please tell me what's wrong. Thank you. 1. get "linux kernel 2.4.18" and its patch "divert-2.4.18-1.1-patch" "route.c.patch" 2. get iptables source code "iptables-1.2.6a.tar.bz2" and its patch "iptables-1.2.6a-divert.patch" 3. decompress iptables, then patch it --------------------------------------------------- $ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux Making dependencies: please wait... Something wrong... deleting dependencies. make: *** [/usr/src/linux/include/linux/autoconf.h] Error 1 $ --------------------------------------------------- 4. It has depedency problem, so I patch the kernel by "divert-2.4.18-1.1-patch" and "route.c.patch". And then I patch iptables again. --------------------------------------------------- $ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux Making dependencies: please wait... Something wrong... deleting dependencies. make: *** [/usr/src/linux/include/linux/autoconf.h] Error 1 $ ---------------------------------------------------- 5. Then I try to run "make menuconfig" and choose "IP: divert sockets", "IP: divert pass-through". And then run "make dep". Again, I try to patch the iptables ---------------------------------------------------- $ make ../iptables-1.2.6a-divert.patch KERNEL_DIR=/usr/src/linux Making dependencies: please wait... make: Nothing to be done for `../iptables-1.2.6a-divert.patch'. $ ---------------------------------------------------- 6. Nothing affected. I go on patch iptables by this: ---------------------------------------------------- $ make KERNEL_DIR=/usr/src/linux $ make install KERNEL_DIR=/usr/src/linux ---------------------------------------------------- and then compile the kernel and modules. then reboot. I got a successful kernel, but the iptables can't work with option "--div-port" ----------------------------------------------------- $ iptables -A INPUT -p ICMP -j DIVERT --div-port 1234 iptables v1.2.6a: Unknown arg `--div-port' Try `iptables -h' or 'iptables --help' for more information. $ ------------------------------------------------------ Could anyone tell me the correct steps to patch the iptables? Thank you very much. |
|
From: wik <wi...@ua...> - 2003-06-21 12:18:24
|
subscrib me please, on this list. -- Best regards, wik mailto:wi...@ua... |
|
From: Ilia B. <ib...@an...> - 2003-06-20 14:59:17
|
All former members of divert list have been resubscribed to ipd...@li.... Old divert list is no longer available. You can manage your subscription options on-line. Visit http://www.sourceforge.net/projects/ipdivert -ilia -- -------------------------------------+---------------------- Ilia Baldine, PhD | ib...@an... Network Research Engineer, | ph#:(919)248-1847 Advanced Networking Research, MCNC | FAX:(919)248-1455 http://people.anr.mcnc.org/~ibaldin | -------------------------------------+---------------------- "Whenever you find yourself on the side of the majority, it is time to reform (or pause and reflect)." - Mark Twain ------------------------------------------------------------ |
|
From: Ilia B. <ib...@an...> - 2003-06-12 20:13:56
|
On Thu, 2003-06-12 at 12:57, Hye young Chang wrote:
> Hi.=20
>=20
> I cannot compile the kernel (2.4.18).=20
>=20
> I set compile option.and I patched both of divert-2.4.18-1.1-patch, rout=
e.c.patch.
>=20
> There is a error in compiling kernel.
>=20
did you do make config?
> my command is #root /usr/src/linux-2.4.18_divert>make dep clean bzImage =
modules modules install=20
>=20
> error is following.=20
> =20
> -------------------------------------------------------------------------=
---------------------------------------------------------------------------=
-
> make[1]: Leaving directory '/usr/src/linux-2.1.18_divert/arch/i386/lib'
> cd /lib/modules/2.4.18; \
> mkdir -p pcmcia; \
> find kernel -path '*/pcmcia/*' -name '*.o' | xargs -i In -sf ../{} pcmci=
a
> if [ -r System.map]; then /sbin/depmod -ae -F System.map 2.4.18;fi
> depmod: *** Unresolved symbols in /lib/moudles/2.4.18/kernel/net/ipv4/net=
filter/ip_nat_irc.o
> depmod: ip_irc_lock
> make: *** [_modinst_post] Error 1=20
>=20
> -------------------------------------------------------------------------=
---------------------------------------------------------------------------=
-
>=20
Make sure /usr/src/linux-2.4 points to your current kernel.
> And I wonder iptable is pre- installed before compiling kernel ?=20
>=20
> I tried iptable installation. but it also fail.=20
>=20
> error is following
>=20
> -------------------------------------------------------------------------=
---------------------------------------------------------------------------=
-
> /usr/include/linux/autoconf.h:1:2: #error Invalid kernel header included =
in user space
>=20
> make: *** [extensions/libipt_ah_sh.o] Error 1
>=20
> -------------------------------------------------------------------------=
---------------------------------------------------------------------------=
-
>=20
> I would appreciate any comment to solve these problems..=20
>=20
> thanks,=20
>=20
> Hyeyoung Chang.
> -------------------------------------------------------------------------
> Divert Sockets for Linux List
> mailto:di...@li...
> http://www.anr.mcnc.org/~divert
> -------------------------------------------------------------------------
--=20
-------------------------------------+----------------------
Ilia Baldine, PhD | ib...@an...
Network Research Engineer, | ph#:(919)248-1847
Advanced Networking Research, MCNC | FAX:(919)248-1455
http://people.anr.mcnc.org/~ibaldin |
-------------------------------------+----------------------
"Whenever you find yourself on the side of the majority,=20
it is time to reform (or pause and reflect)."
- Mark Twain
------------------------------------------------------------
|
|
From: Hye y. C. <hy...@ne...> - 2003-06-12 20:01:58
|
Hi.
I cannot compile the kernel (2.4.18).
I set compile option.and I patched both of divert-2.4.18-1.1-patch, route.c.patch.
There is a error in compiling kernel.
my command is #root /usr/src/linux-2.4.18_divert>make dep clean bzImage modules modules install
error is following.
-----------------------------------------------------------------------------------------------------------------------------------------------------
make[1]: Leaving directory '/usr/src/linux-2.1.18_divert/arch/i386/lib'
cd /lib/modules/2.4.18; \
mkdir -p pcmcia; \
find kernel -path '*/pcmcia/*' -name '*.o' | xargs -i In -sf ../{} pcmcia
if [ -r System.map]; then /sbin/depmod -ae -F System.map 2.4.18;fi
depmod: *** Unresolved symbols in /lib/moudles/2.4.18/kernel/net/ipv4/netfilter/ip_nat_irc.o
depmod: ip_irc_lock
make: *** [_modinst_post] Error 1
-----------------------------------------------------------------------------------------------------------------------------------------------------
And I wonder iptable is pre- installed before compiling kernel ?
I tried iptable installation. but it also fail.
error is following
-----------------------------------------------------------------------------------------------------------------------------------------------------
/usr/include/linux/autoconf.h:1:2: #error Invalid kernel header included in user space
make: *** [extensions/libipt_ah_sh.o] Error 1
-----------------------------------------------------------------------------------------------------------------------------------------------------
I would appreciate any comment to solve these problems..
thanks,
Hyeyoung Chang.
-------------------------------------------------------------------------
Divert Sockets for Linux List
mailto:di...@li...
http://www.anr.mcnc.org/~divert
-------------------------------------------------------------------------
|
|
From: vincent C. <cri...@ne...> - 2003-06-06 17:03:31
|
Hello, I have linux 2.4.14 (redhat) and I'm wondering if I can use DIVERT sockets with this kernel. Best regards Vincent -- Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ ------------------------------------------------------------------------- Divert Sockets for Linux List mailto:di...@li... http://www.anr.mcnc.org/~divert ------------------------------------------------------------------------- |
|
From: Ilia B. <ib...@an...> - 2003-05-12 23:21:19
|
Can you send the kernel oops result?=20
Sounds like a race condition somewhere.
-ilia
On Fri, 2003-05-09 at 22:42, Bj=F6rn Lilja wrote:
> Hi,
>=20
> We have been using divert sockets in our research for a while now. We
> have been intercepting incoming traffic and dropping a certain
> percentage of the packets. - It works nicely. However, when pushing our
> application hard with a lot of heavy traffic (huge http transfer from
> fast site) it sometimes causes a kernel panic. Using it only for
> research purposes we ignored this problem and kept working. The iptables
> rules we have used so far is simply:
> iptables -A INPUT -p tcp --source-port 80 -j DIVERT --div-port 3333
>=20
> Today we needed to do the same thing for outgoing traffic and now the
> kernel panics instantly (as it seams, with the same error). The iptables
> rule this time is:
> -A OUTPUT -p tcp -d 192.168.1.13 --destination-port 80 -j DIVERT
> --div-port 3333
>=20
> Stripping down the c-program to only a minimum of code without
> reinjecting packets back it again works nicely even for outgoing
> traffic. However, adding the simple reinject row into the program causes
> the kernel panic again even for this very simple program! A copy of the
> stripped down program is shown at the end of this message.
>=20
> Obviously this is very strange. Can you guys find any obvious reason for
> our problem? Are we using a kernel not tested for divert sockets or is
> it something basically wrong in our c-code?
>=20
> We are using Redhat 8.0 3.2-7 with kernel 2.4.18.
> Pentium 4, 2.0 GHz, 256 MB RAM, 100 Mbit ethernet card.
>=20
> Best regards,
> Bj=F6rn Lilja & Tony Yoh Jansson
> University of California, Davis
>=20
>=20
> Code below....
> ------------------------------------------------------------------------
> ------
> #include <stdio.h>
> #include <errno.h>
> #include <limits.h>
> #include <string.h>
> #include <stdlib.h>
> #include <unistd.h>
> #include <getopt.h>
> #include <netdb.h>
> #include <netinet/in.h>
> #include <sys/types.h>
> #include <signal.h>
>=20
>=20
> #include <netinet/ip.h>
> #include <netinet/tcp.h>
> #include <netinet/udp.h>
> #include <net/if.h>
> #include <sys/param.h>
>=20
> #include <linux/types.h>
> #include <linux/icmp.h>
> #include <linux/filter.h>
>=20
> #define IPPROTO_DIVERT 254
> #define BUFSIZE 65535
>=20
>=20
> int main(int argc, char** argv) {
> int fd, ret, n;
> struct sockaddr_in bindPort, sin;
> int sinlen;
> unsigned char packet[BUFSIZE];
> struct in_addr addr;
> int i;
>=20
> fprintf(stderr,"Creating a socket\n");
> /* open a divert socket */
> fd=3Dsocket(AF_INET, SOCK_RAW, IPPROTO_DIVERT);
> =09
> if (fd=3D=3D-1) {
> fprintf(stderr,"We could not open a divert socket\n");
> exit(1);
> }
>=20
> bindPort.sin_family=3DAF_INET;
> bindPort.sin_port=3Dhtons(atol(argv[1]));
> bindPort.sin_addr.s_addr=3D0;
> =09
> fprintf(stderr,"Binding a socket\n");
> ret=3Dbind(fd, (struct sockaddr *)&bindPort, sizeof(struct
> sockaddr_in));
> =09
> if (ret!=3D0) {
> close(fd);
> fprintf(stderr, "Error bind(): %s",strerror(ret));
> exit(2);
> }
> =09
> =09
> printf("Waiting for data...\n");
> /* read data in */
> sinlen=3Dsizeof(struct sockaddr_in);
> =09
> while(1)=20
> {
> printf("reciving...\n");
> n=3Drecvfrom(fd, packet, BUFSIZE, 0, &sin, &sinlen);
> printf("got package!\n");
>=20
> // !! THE BELOW (very normal?) ROW CAUSES THE KERNEL
> PANIC !!
> n=3Dsendto(fd, packet, n ,0, (struct sockaddr *)&sin,
> sinlen);
> }
> }
>=20
> -------------------------------------------------------------------------
> Divert Sockets for Linux List
> mailto:di...@li...
> http://www.anr.mcnc.org/~divert
> -------------------------------------------------------------------------
--=20
-------------------------------------+----------------------
Ilia Baldine, PhD | ib...@an...
Network Research Engineer, | ph#:(919)248-1847
Advanced Networking Research, MCNC | FAX:(919)248-1455
http://people.anr.mcnc.org/~ibaldin |
-------------------------------------+----------------------
"Whenever you find yourself on the side of the majority,=20
it is time to reform (or pause and reflect)."
- Mark Twain
------------------------------------------------------------
|
|
From: <bj...@li...> - 2003-05-10 05:43:30
|
Hi,
We have been using divert sockets in our research for a while now. We
have been intercepting incoming traffic and dropping a certain
percentage of the packets. - It works nicely. However, when pushing our
application hard with a lot of heavy traffic (huge http transfer from
fast site) it sometimes causes a kernel panic. Using it only for
research purposes we ignored this problem and kept working. The iptables
rules we have used so far is simply:
iptables -A INPUT -p tcp --source-port 80 -j DIVERT --div-port 3333
Today we needed to do the same thing for outgoing traffic and now the
kernel panics instantly (as it seams, with the same error). The iptables
rule this time is:
-A OUTPUT -p tcp -d 192.168.1.13 --destination-port 80 -j DIVERT
--div-port 3333
Stripping down the c-program to only a minimum of code without
reinjecting packets back it again works nicely even for outgoing
traffic. However, adding the simple reinject row into the program causes
the kernel panic again even for this very simple program! A copy of the
stripped down program is shown at the end of this message.
Obviously this is very strange. Can you guys find any obvious reason for
our problem? Are we using a kernel not tested for divert sockets or is
it something basically wrong in our c-code?
We are using Redhat 8.0 3.2-7 with kernel 2.4.18.
Pentium 4, 2.0 GHz, 256 MB RAM, 100 Mbit ethernet card.
Best regards,
Björn Lilja & Tony Yoh Jansson
University of California, Davis
Code below....
------------------------------------------------------------------------
------
#include <stdio.h>
#include <errno.h>
#include <limits.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <getopt.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <signal.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <net/if.h>
#include <sys/param.h>
#include <linux/types.h>
#include <linux/icmp.h>
#include <linux/filter.h>
#define IPPROTO_DIVERT 254
#define BUFSIZE 65535
int main(int argc, char** argv) {
int fd, ret, n;
struct sockaddr_in bindPort, sin;
int sinlen;
unsigned char packet[BUFSIZE];
struct in_addr addr;
int i;
fprintf(stderr,"Creating a socket\n");
/* open a divert socket */
fd=socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT);
if (fd==-1) {
fprintf(stderr,"We could not open a divert socket\n");
exit(1);
}
bindPort.sin_family=AF_INET;
bindPort.sin_port=htons(atol(argv[1]));
bindPort.sin_addr.s_addr=0;
fprintf(stderr,"Binding a socket\n");
ret=bind(fd, (struct sockaddr *)&bindPort, sizeof(struct
sockaddr_in));
if (ret!=0) {
close(fd);
fprintf(stderr, "Error bind(): %s",strerror(ret));
exit(2);
}
printf("Waiting for data...\n");
/* read data in */
sinlen=sizeof(struct sockaddr_in);
while(1)
{
printf("reciving...\n");
n=recvfrom(fd, packet, BUFSIZE, 0, &sin, &sinlen);
printf("got package!\n");
// !! THE BELOW (very normal?) ROW CAUSES THE KERNEL
PANIC !!
n=sendto(fd, packet, n ,0, (struct sockaddr *)&sin,
sinlen);
}
}
-------------------------------------------------------------------------
Divert Sockets for Linux List
mailto:di...@li...
http://www.anr.mcnc.org/~divert
-------------------------------------------------------------------------
|
|
From: Andre B. <and...@co...> - 2003-05-02 23:25:33
|
Thanks, Andre Ilia Baldine wrote: >If you want you can send me the fix, I'll incorporate it. >I will look at the code closely again. >-ilia > >On Fri, 2003-05-02 at 12:03, Andre Beaudin wrote: > >>I know, >> >>But you cannot hash in the same &sk, the entry at IPPROTO_DIVERT is >>never remove, by the unhash. >> >>This create a corrupted list at index IPPROTO_DIVERT. >> >>I did a fix to do a unhash before the second hash, just before updating >>the sk->num with the port. >> >> >>Ilia Baldine wrote: >> >> >Different hashes - one locates the protocol, the other - >> >protocol port. >> >-ilia >> > >> >On Fri, 2003-05-02 at 11:54, Andre Beaudin wrote: >> > >> >>There is a mistake in my first email, sorry, it is better explain in the >> >>second. >> >> >> >>The first hash is done my inet_create with sk->num equal to >>IPPROTO_DIVERT, >> >> >> >>And the second hash is done by divert_bind() with sk->num equal to the >> >>divert port. >> >> >> >> >> >> >> >>Ilia Baldine wrote: >> >> >> >> >I'll have to look into it. Could be an artifact of porting, >> >> >if its a problem. How did you come by it? >> >> > >> >> >-ilia >> >> > >> >> >On Thu, 2003-05-01 at 13:38, Andre Beaudin wrote: >> >> > >> >> >>Why is there a call to divert_hash() in the divert_bind() before the >> >> >>hash done in inet_bind() ? >> >> >> >> >> >>The hash is done twice on the same sk, creating a loop inside the >> >> >>divert_htable. >> >> >> >> >> >> >> >> >> >>------------------------------------------------------------------------- >> >> >>Divert Sockets for Linux List >> >> >>mailto:di...@li... >> >> >>http://www.anr.mcnc.org/~divert >> >> >> >>------------------------------------------------------------------------- >> >> > >> >> >> |
|
From: Ilia B. <ib...@an...> - 2003-05-02 23:09:46
|
If you want you can send me the fix, I'll incorporate it. I will look at the code closely again. -ilia On Fri, 2003-05-02 at 12:03, Andre Beaudin wrote: > I know, >=20 > But you cannot hash in the same &sk, the entry at IPPROTO_DIVERT is > never remove, by the unhash. >=20 > This create a corrupted list at index IPPROTO_DIVERT. >=20 > I did a fix to do a unhash before the second hash, just before updating > the sk->num with the port. >=20 >=20 > Ilia Baldine wrote: >=20 > >Different hashes - one locates the protocol, the other - > >protocol port. > >-ilia > > > >On Fri, 2003-05-02 at 11:54, Andre Beaudin wrote: > > > >>There is a mistake in my first email, sorry, it is better explain in t= he > >>second. > >> > >>The first hash is done my inet_create with sk->num equal to=20 > IPPROTO_DIVERT, > >> > >>And the second hash is done by divert_bind() with sk->num equal to the > >>divert port. > >> > >> > >> > >>Ilia Baldine wrote: > >> > >> >I'll have to look into it. Could be an artifact of porting, > >> >if its a problem. How did you come by it? > >> > > >> >-ilia > >> > > >> >On Thu, 2003-05-01 at 13:38, Andre Beaudin wrote: > >> > > >> >>Why is there a call to divert_hash() in the divert_bind() before th= e > >> >>hash done in inet_bind() ? > >> >> > >> >>The hash is done twice on the same sk, creating a loop inside the > >> >>divert_htable. > >> >> > >> >> > >>=20 > >>----------------------------------------------------------------------= --- > >> >>Divert Sockets for Linux List > >> >>mailto:di...@li... > >> >>http://www.anr.mcnc.org/~divert > >>=20 > >>----------------------------------------------------------------------= --- > >> > > >> >=20 --=20 -------------------------------------+---------------------- Ilia Baldine, PhD | ib...@an... Network Research Engineer, | ph#:(919)248-1847 Advanced Networking Research, MCNC | FAX:(919)248-1455 http://people.anr.mcnc.org/~ibaldin | -------------------------------------+---------------------- "Think for yourselves and let others enjoy the privilege to do so too." -Voltaire ------------------------------------------------------------ |
|
From: Andre B. <and...@co...> - 2003-05-02 19:03:24
|
I know, But you cannot hash in the same &sk, the entry at IPPROTO_DIVERT is never remove, by the unhash. This create a corrupted list at index IPPROTO_DIVERT. I did a fix to do a unhash before the second hash, just before updating the sk->num with the port. Ilia Baldine wrote: >Different hashes - one locates the protocol, the other - >protocol port. >-ilia > >On Fri, 2003-05-02 at 11:54, Andre Beaudin wrote: > >>There is a mistake in my first email, sorry, it is better explain in the >>second. >> >>The first hash is done my inet_create with sk->num equal to IPPROTO_DIVERT, >> >>And the second hash is done by divert_bind() with sk->num equal to the >>divert port. >> >> >> >>Ilia Baldine wrote: >> >> >I'll have to look into it. Could be an artifact of porting, >> >if its a problem. How did you come by it? >> > >> >-ilia >> > >> >On Thu, 2003-05-01 at 13:38, Andre Beaudin wrote: >> > >> >>Why is there a call to divert_hash() in the divert_bind() before the >> >>hash done in inet_bind() ? >> >> >> >>The hash is done twice on the same sk, creating a loop inside the >> >>divert_htable. >> >> >> >> >> >>------------------------------------------------------------------------- >> >>Divert Sockets for Linux List >> >>mailto:di...@li... >> >>http://www.anr.mcnc.org/~divert >> >>------------------------------------------------------------------------- >> > >> ------------------------------------------------------------------------- Divert Sockets for Linux List mailto:di...@li... http://www.anr.mcnc.org/~divert ------------------------------------------------------------------------- |
|
From: Ilia B. <ib...@an...> - 2003-05-02 18:58:14
|
Different hashes - one locates the protocol, the other -=20 protocol port. -ilia On Fri, 2003-05-02 at 11:54, Andre Beaudin wrote: > There is a mistake in my first email, sorry, it is better explain in the > second. >=20 > The first hash is done my inet_create with sk->num equal to IPPROTO_DIVER= T, >=20 > And the second hash is done by divert_bind() with sk->num equal to the > divert port. >=20 >=20 >=20 > Ilia Baldine wrote: >=20 > >I'll have to look into it. Could be an artifact of porting, > >if its a problem. How did you come by it? > > > >-ilia > > > >On Thu, 2003-05-01 at 13:38, Andre Beaudin wrote: > > > >>Why is there a call to divert_hash() in the divert_bind() before the > >>hash done in inet_bind() ? > >> > >>The hash is done twice on the same sk, creating a loop inside the > >>divert_htable. > >> > >> > >>----------------------------------------------------------------------= --- > >>Divert Sockets for Linux List > >>mailto:di...@li... > >>http://www.anr.mcnc.org/~divert > >>----------------------------------------------------------------------= --- > > >=20 --=20 -------------------------------------+---------------------- Ilia Baldine, PhD | ib...@an... Network Research Engineer, | ph#:(919)248-1847 Advanced Networking Research, MCNC | FAX:(919)248-1455 http://people.anr.mcnc.org/~ibaldin | -------------------------------------+---------------------- "Think for yourselves and let others enjoy the privilege to do so too." -Voltaire ------------------------------------------------------------ |
|
From: Andre B. <and...@co...> - 2003-05-02 18:55:08
|
There is a mistake in my first email, sorry, it is better explain in the second. The first hash is done my inet_create with sk->num equal to IPPROTO_DIVERT, And the second hash is done by divert_bind() with sk->num equal to the divert port. Ilia Baldine wrote: >I'll have to look into it. Could be an artifact of porting, >if its a problem. How did you come by it? > >-ilia > >On Thu, 2003-05-01 at 13:38, Andre Beaudin wrote: > >>Why is there a call to divert_hash() in the divert_bind() before the >>hash done in inet_bind() ? >> >>The hash is done twice on the same sk, creating a loop inside the >>divert_htable. >> >> >>------------------------------------------------------------------------- >>Divert Sockets for Linux List >>mailto:di...@li... >>http://www.anr.mcnc.org/~divert >>------------------------------------------------------------------------- > ------------------------------------------------------------------------- Divert Sockets for Linux List mailto:di...@li... http://www.anr.mcnc.org/~divert ------------------------------------------------------------------------- |
|
From: Ilia B. <ib...@an...> - 2003-05-02 18:50:05
|
As best I can tell inet_bind calls divert_bind and exits. I don't see what you are talking about. send a code fragment. -ilia On Thu, 2003-05-01 at 13:38, Andre Beaudin wrote: > Why is there a call to divert_hash() in the divert_bind() before the > hash done in inet_bind() ? >=20 > The hash is done twice on the same sk, creating a loop inside the > divert_htable. >=20 >=20 > ------------------------------------------------------------------------- > Divert Sockets for Linux List > mailto:di...@li... > http://www.anr.mcnc.org/~divert > ------------------------------------------------------------------------- --=20 -------------------------------------+---------------------- Ilia Baldine, PhD | ib...@an... Network Research Engineer, | ph#:(919)248-1847 Advanced Networking Research, MCNC | FAX:(919)248-1455 http://people.anr.mcnc.org/~ibaldin | -------------------------------------+---------------------- "Think for yourselves and let others enjoy the privilege to do so too." -Voltaire ------------------------------------------------------------ |
1 message has been excluded from this view by a project administrator.
