From owner-freebsd-net@FreeBSD.ORG Fri Jul 15 06:01:35 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F41E316A41C for ; Fri, 15 Jul 2005 06:01:34 +0000 (GMT) (envelope-from stephen@dino.dnsalias.com) Received: from dino.dnsalias.com (S010600e02994cd40.vc.shawcable.net [24.80.250.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F2E043D46 for ; Fri, 15 Jul 2005 06:01:34 +0000 (GMT) (envelope-from stephen@dino.dnsalias.com) Received: by dino.dnsalias.com (Postfix, from userid 1000) id D1E17120496; Thu, 14 Jul 2005 23:01:30 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17111.20794.216380.961758@localhost.localdomain> Date: Thu, 14 Jul 2005 23:01:30 -0700 To: "Giovanni P. Tirloni" In-Reply-To: <42D6D164.30000@tirloni.org> References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> <42D60832.9090206@webmail.sub.ru> <42D65FE4.2030801@tirloni.org> <42D6ACAD.3030708@webmail.sub.ru> <42D6D164.30000@tirloni.org> X-Mailer: VM 7.07 under Emacs 21.3.1 From: stephen@dino.dnsalias.com (Stephen J. Bevan) Cc: freebsd-net@freebsd.org, Alex Povolotsky Subject: Re: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2005 06:01:35 -0000 Giovanni P. Tirloni writes: > I don't know how PF keeps tracks of ICMP packets but there must be a > way for it to distinguish between a packet destined to 192.168.0.1 or 0.2. An ICMP ECHO REQUEST message has a 16-bit id field which can be altered by NAT to identify the originating machine. There isn't really an equivalent when using a minimal GRE header. If GRE checksums are turned on then the 16-bit Reserved1 field could be abused for NAT purposes.