diff options
Diffstat (limited to 'static/freebsd/man4/ng_patch.4 3.html')
| -rw-r--r-- | static/freebsd/man4/ng_patch.4 3.html | 237 |
1 files changed, 0 insertions, 237 deletions
diff --git a/static/freebsd/man4/ng_patch.4 3.html b/static/freebsd/man4/ng_patch.4 3.html deleted file mode 100644 index 1490fef3..00000000 --- a/static/freebsd/man4/ng_patch.4 3.html +++ /dev/null @@ -1,237 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">NG_PATCH(4)</td> - <td class="head-vol">Device Drivers Manual</td> - <td class="head-rtitle">NG_PATCH(4)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">ng_patch</code> — <span class="Nd">trivial - mbuf data modifying netgraph node type</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">netgraph/ng_patch.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">patch</code> node performs data modification - of packets passing through it. Modifications are restricted to a subset of C - language operations on unsigned integers of 8, 16, 32 or 64 bit size. These - are: set to new value (=), addition (+=), subtraction (-=), multiplication - (*=), division (/=), negation (= -), bitwise AND (&=), bitwise OR (|=), - bitwise eXclusive OR (^=), shift left (<<=), shift right (>>=). - A negation operation is the one exception: integer is treated as signed and - second operand (the <var class="Va">value</var>) is not used. If there is - more than one modification operation, they are applied to packets - sequentially in the order they were specified by the user. The data payload - of a packet is viewed as an array of bytes, with a zero offset corresponding - to the very first byte of packet headers, and the - <var class="Va">length</var> bytes beginning from - <var class="Va">offset</var> as a single integer in network byte order. An - additional offset can be optionally requested at configuration time to - account for packet type.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HOOKS"><a class="permalink" href="#HOOKS">HOOKS</a></h1> -<p class="Pp">This node type has two hooks:</p> -<dl class="Bl-tag"> - <dt id="in"><var class="Va">in</var></dt> - <dd>Packets received on this hook are modified according to rules specified in - the configuration and then forwarded to the <var class="Ar">out</var> - hook, if it exists. Otherwise they are reflected back to the - <var class="Ar">in</var> hook.</dd> - <dt id="out"><var class="Va">out</var></dt> - <dd>Packets received on this hook are forwarded to the - <var class="Ar">in</var> hook without any changes.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="CONTROL_MESSAGES"><a class="permalink" href="#CONTROL_MESSAGES">CONTROL - MESSAGES</a></h1> -<p class="Pp">This node type supports the generic control messages, plus the - following:</p> -<dl class="Bl-tag"> - <dt id="NGM_PATCH_SETDLT"><a class="permalink" href="#NGM_PATCH_SETDLT"><code class="Dv">NGM_PATCH_SETDLT</code></a> - (<code class="Ic">setdlt</code>)</dt> - <dd>Sets the data link type on the <var class="Va">in</var> hook (to help - calculate relative offset). Currently, supported types are - <code class="Cm">DLT_RAW</code> (raw IP datagrams, no offset applied, the - default) and <code class="Cm">DLT_EN10MB</code> (Ethernet). DLT_ - definitions can be found in - <code class="In"><<a class="In">net/bpf.h</a>></code>. If you want - to work on the link layer header you must use no additional offset by - specifying <code class="Cm">DLT_RAW</code>. If - <code class="Cm">EN10MB</code> is specified, then the optional additional - offset will take into account the Ethernet header and a QinQ header if - present.</dd> - <dt id="NGM_PATCH_GETDLT"><a class="permalink" href="#NGM_PATCH_GETDLT"><code class="Dv">NGM_PATCH_GETDLT</code></a> - (<code class="Ic">getdlt</code>)</dt> - <dd>This control message returns the data link type of the - <var class="Va">in</var> hook.</dd> - <dt id="NGM_PATCH_SETCONFIG"><a class="permalink" href="#NGM_PATCH_SETCONFIG"><code class="Dv">NGM_PATCH_SETCONFIG</code></a> - (<code class="Ic">setconfig</code>)</dt> - <dd>This command sets the sequence of modify operations that will be applied - to incoming data on a hook. The following <var class="Vt">struct - ng_patch_config</var> must be supplied as an argument: - <div class="Bd Pp Bd-indent Li"> - <pre>struct ng_patch_op { - uint32_t offset; - uint16_t length; /* 1,2,4 or 8 bytes */ - uint16_t mode; - uint64_t value; -}; -/* Patching modes */ -#define NG_PATCH_MODE_SET 1 -#define NG_PATCH_MODE_ADD 2 -#define NG_PATCH_MODE_SUB 3 -#define NG_PATCH_MODE_MUL 4 -#define NG_PATCH_MODE_DIV 5 -#define NG_PATCH_MODE_NEG 6 -#define NG_PATCH_MODE_AND 7 -#define NG_PATCH_MODE_OR 8 -#define NG_PATCH_MODE_XOR 9 -#define NG_PATCH_MODE_SHL 10 -#define NG_PATCH_MODE_SHR 11 - -struct ng_patch_config { - uint32_t count; - uint32_t csum_flags; - uint32_t relative_offset; - struct ng_patch_op ops[]; -};</pre> - </div> - <p class="Pp">The <var class="Va">csum_flags</var> can be set to any - combination of CSUM_IP, CSUM_TCP, CSUM_SCTP and CSUM_UDP (other values - are ignored) for instructing the IP stack to recalculate the - corresponding checksum before transmitting packet on output interface. - The <code class="Nm">ng_patch</code> node does not do any checksum - correction by itself.</p> - <p class="Pp">The <var class="Va">offset</var> value for the - <var class="Vt">ng_patch_op</var> structure is calculated from zero by - default (the first byte of packet headers). If - <var class="Va">relative_offset</var> is enabled (set to 1) during - configuration, the operation will have an additional amount added to the - offset based on the data link type.</p> - </dd> - <dt id="NGM_PATCH_GETCONFIG"><a class="permalink" href="#NGM_PATCH_GETCONFIG"><code class="Dv">NGM_PATCH_GETCONFIG</code></a> - (<code class="Ic">getconfig</code>)</dt> - <dd>This control message returns the current set of modify operations, in the - form of a <var class="Vt">struct ng_patch_config</var>.</dd> - <dt id="NGM_PATCH_GET_STATS"><a class="permalink" href="#NGM_PATCH_GET_STATS"><code class="Dv">NGM_PATCH_GET_STATS</code></a> - (<code class="Ic">getstats</code>)</dt> - <dd>Returns the node's statistics as a <var class="Vt">struct - ng_patch_stats</var>.</dd> - <dt id="NGM_PATCH_CLR_STATS"><a class="permalink" href="#NGM_PATCH_CLR_STATS"><code class="Dv">NGM_PATCH_CLR_STATS</code></a> - (<code class="Ic">clrstats</code>)</dt> - <dd>Clears the node's statistics.</dd> - <dt id="NGM_PATCH_GETCLR_STATS"><a class="permalink" href="#NGM_PATCH_GETCLR_STATS"><code class="Dv">NGM_PATCH_GETCLR_STATS</code></a> - (<code class="Ic">getclrstats</code>)</dt> - <dd>This command is identical to <code class="Dv">NGM_PATCH_GET_STATS</code>, - except that the statistics are also atomically cleared.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SHUTDOWN"><a class="permalink" href="#SHUTDOWN">SHUTDOWN</a></h1> -<p class="Pp">This node shuts down upon receipt of a - <code class="Dv">NGM_SHUTDOWN</code> control message, or when all hooks have - been disconnected.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">This <code class="Nm">ng_patch</code> node was designed to modify - TTL and TOS/DSCP fields in IP packets. As an example, suppose you have two - adjacent simplex links to a remote network (e.g. satellite), so that the - packets expiring in between will generate unwanted ICMP-replies which have - to go forth, not back. Thus you need to raise TTL of every packet entering - link by 2 to ensure the TTL will not reach zero there. To achieve this you - can set an <a class="Xr">ipfw(8)</a> rule to use the - <code class="Cm">netgraph</code> action to inject packets which are going to - the simplex link into the patch node, by using the following - <a class="Xr">ngctl(8)</a> script:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>/usr/sbin/ngctl -f- <<-SEQ - mkpeer ipfw: patch 200 in - name ipfw:200 ttl_add - msg ttl_add: setconfig { count=1 csum_flags=1 ops=[ \ - { mode=2 value=3 length=1 offset=8 } ] } -SEQ -/sbin/ipfw add 150 netgraph 200 ip from any to simplex.remote.net</pre> -</div> -<p class="Pp">Here the “<code class="Li">ttl_add</code>” node of - type <code class="Nm">ng_patch</code> is configured to add (mode - <code class="Dv">NG_PATCH_MODE_ADD</code>) a <var class="Va">value</var> of - 3 to a one-byte TTL field, which is 9th byte of IP packet header.</p> -<p class="Pp">Another example would be two consecutive modifications of packet - TOS field: say, you need to clear the - <code class="Dv">IPTOS_THROUGHPUT</code> bit and set the - <code class="Dv">IPTOS_MINCOST</code> bit. So you do:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>/usr/sbin/ngctl -f- <<-SEQ - mkpeer ipfw: patch 300 in - name ipfw:300 tos_chg - msg tos_chg: setconfig { count=2 csum_flags=1 ops=[ \ - { mode=7 value=0xf7 length=1 offset=1 } \ - { mode=8 value=0x02 length=1 offset=1 } ] } -SEQ -/sbin/ipfw add 160 netgraph 300 ip from any to any not dst-port 80</pre> -</div> -<p class="Pp">This first does <code class="Dv">NG_PATCH_MODE_AND</code> clearing - the fourth bit and then <code class="Dv">NG_PATCH_MODE_OR</code> setting the - third bit.</p> -<p class="Pp">In both examples the <var class="Va">csum_flags</var> field - indicates that IP checksum (but not TCP or UDP checksum) should be - recalculated before transmit.</p> -<p class="Pp">Note: one should ensure that packets are returned to ipfw after - processing inside <a class="Xr">netgraph(4)</a>, by setting appropriate - <a class="Xr">sysctl(8)</a> variable:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>sysctl net.inet.ip.fw.one_pass=0</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">netgraph(4)</a>, <a class="Xr">ng_ipfw(4)</a>, - <a class="Xr">ngctl(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">ng_patch</code> node type was implemented in - <span class="Ux">FreeBSD 8.1</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Maxim Ignatenko</span> - ⟨gelraen.ua@gmail.com⟩.</p> -<p class="Pp">Relative offset code by - <br/> - <span class="An">DMitry Vagin</span></p> -<p class="Pp">This manual page was written by - <br/> - <span class="An">Vadim Goncharov</span> - ⟨vadimnuclight@tpu.ru⟩.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">The node blindly tries to apply every patching operation to each - packet (except those which offset if greater than length of the packet), so - be sure that you supply only the right packets to it (e.g. changing bytes in - the ARP packets meant to be in IP header could corrupt them and make your - machine unreachable from the network).</p> -<p class="Pp" id="!!!"><a class="permalink" href="#!!!"><i class="Em">!!! - WARNING !!!</i></a></p> -<p class="Pp">The output path of the IP stack assumes correct fields and lengths - in the packets - changing them by to incorrect values can cause - unpredictable results including kernel panics.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 17, 2015</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> |