Re: Changing packets ttl's
From: Julian Elischer (julian_at_elischer.org)
Date: 04/29/05
- Previous message: Eric W. Bates: "netstat errors after upgrading 4.9 -> 5.3"
- In reply to: Jeremie Le Hen: "Re: Changing packets ttl's"
- Next in thread: Vlad GALU: "Re: Changing packets ttl's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 29 Apr 2005 14:18:24 -0700 To: Jeremie Le Hen <jeremie@le-hen.org>
Jeremie Le Hen wrote:
>Hi,
>
>
>
>>No this sysctl is not what i want.
>>I need to change ttl of outgoing packets to my internal network.
>>For example. There is connection from host on internet.
>>it has for example 10 hops to my gateway. And when packet comes
>>to my box it has for example 55 ttl in ip header.
>>And then it is routed to host in my network so my box change ttl
>>to 54. But what i need is change ttl to '1'.
>>
>>
>
>In Linux terms, you want to ``mangle'' the packet, we-writing its TTL.
>AFAIK, this is not possible with FreeBSD since this is really not a
>common action for a firewall (some conservative folks would even argue
>this is not its job). The pf firewall seems to have a ``min-ttl''
>statement in traffic normalization, but there is no ``max-ttl'' one.
>
>The simplest way to achieve this is to write a userland daemon which
>will retrieve the packet from the firewall from a divert socket, using
>ipfw(8). But this would have very poor performances in case you need
>high-bandwidth traffic as each packet would require at least two
>context switches, but for a DSL connexion, I guess this would be ok.
>
>
Your assertion that the diverted packets add a lot of latency is not
quite true.
While it is slower than in-kernel processing, it is not nearly as bad as
some people make out.
Certainly it can keep up with the average internet connection.
I would add code to do the mangling into a program such as natd and set
it up to do no
translation (or a null translation).
Alternatively there is a much simpler daemon that connects in the same way.
In ports look for net/tcpmssd, which already does 99% of what you want.
it would be about a 20 line change to tcpmssd to do this.
It already fiddles other packets.
>There other solution is to make a patch for one of the firewall
>avaiable in FreeBSD.
>
>Best regards,
>
>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Eric W. Bates: "netstat errors after upgrading 4.9 -> 5.3"
- In reply to: Jeremie Le Hen: "Re: Changing packets ttl's"
- Next in thread: Vlad GALU: "Re: Changing packets ttl's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
