Re: Newbie to programming, Net::Divert, Linux-Debian, autoflush error

Identified and solved part of the problem. When the divert was
compiled as part of the Linux kernel, it did not create an entry in /
etc/protocols. When IO::Socket::INET does:

if(defined $proto && $proto =~ /\D/) {
my $num = _get_proto_number($proto);
unless (defined $num) {
$@ = "Bad protocol '$proto'";
return;

it is not able to get a proper protocol number and b0rks.

Can i use any value for 'divert' in /etc/protocols? For testing
purposes i added divert 200 Blah. Now i get no error :) Instead the
darn program just sits around doing nothing! Whereas the C code works
great regardless! "alterpacket" isn't receiving and pkts to
process?????

----------------------------------------------------
# IPTABLES line to redirect all tcp pkts to port 9999
iptables -A INPUT -p TCP -j DIVERT --div-port 9999

# Perl script to listen on port 9999
#!/usr/bin/perl -w
use Net::Divert;
use NetPacket::IP;
use NetPacket::TCP;

my $divobj = Net::Divert->new('localhost',9999);
$divobj->getPackets(\&alterPacket);

sub alterPacket {
my($packet,$fwtag) = @_;
print STDOUT "hi\n";
exit;
#decode the IP header
my $ip_obj = NetPacket::IP->decode($packet);

#check if this is a TCP packet
if($ip_obj->{proto} == IP_PROTO_TCP) {

# decode the TCP header
my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});

# set the ece and cwr flags
$tcp_obj->{flags} |= ECE | CWR;

# construct the new ip packet
$ip_obj->{data} = $tcp_obj->encode($ip_obj);
$packet = $ip_obj->encode;

}

# write it back out
# $divobj->putPacket($packet,$fwtag);
}

.

Relevant Pages

  • Re: HELP ! ipfw et natd
    ... According to my instructions, your line 60 should have been "out", not ... If you don't divert the incoming response during the "in" pass, ... Combining 2 and 3, the keep-state rule mustn't terminate the search, ... Such as (just the part relevant to TCP): ...
    (comp.unix.bsd.freebsd.misc)
  • Re: HELP ! ipfw et natd
    ... "stateful" filtering (check-state / keep-state). ... It means they never reach the divert rule 350. ... 50 divert 8668 ip from any to any out via rl0 ... So the rules relevant to TCP will be: ...
    (comp.unix.bsd.freebsd.misc)
  • Re: tranparent proxying, squid, nat, ipfw
    ... 300 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 ... > when the browser is setup to access it, but the goal is not to have to do ... Tried putting it before both divert ... To unsubscribe, ...
    (freebsd-questions)
  • solution: ipfw, natd
    ... I tried divert, allow all from internal, check-state and nothing happened. ... # per default only outgoing tcp connections, ... add 00503 deny tcp from any to any in established via sis0 ...
    (freebsd-questions)