Date: Thu, 14 Jul 2005 23:01:30 -0700 From: stephen@dino.dnsalias.com (Stephen J. Bevan) To: "Giovanni P. Tirloni" <gpt@tirloni.org> Cc: freebsd-net@freebsd.org, Alex Povolotsky <tarkhil@webmail.sub.ru> Subject: Re: GRE and PF problem Message-ID: <17111.20794.216380.961758@localhost.localdomain> In-Reply-To: <42D6D164.30000@tirloni.org> References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> <42D60832.9090206@webmail.sub.ru> <42D65FE4.2030801@tirloni.org> <42D6ACAD.3030708@webmail.sub.ru> <42D6D164.30000@tirloni.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Giovanni P. Tirloni writes: > I don't know how PF keeps tracks of ICMP packets but there must be a > way for it to distinguish between a packet destined to 192.168.0.1 or 0.2. An ICMP ECHO REQUEST message has a 16-bit id field which can be altered by NAT to identify the originating machine. There isn't really an equivalent when using a minimal GRE header. If GRE checksums are turned on then the 16-bit Reserved1 field could be abused for NAT purposes.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17111.20794.216380.961758>