Date: Fri, 29 Apr 2005 11:07:22 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: GiZmen <gizmen@zion.vsip.pl> Cc: freebsd-net@freebsd.org Subject: Re: Changing packets ttl's Message-ID: <20050429090721.GT91329@obiwan.tataz.chchile.org> In-Reply-To: <20050428193931.GA78277@swordfish.vsip.net> References: <20050426225230.GA61019@procent.t2.ds.pwr.wroc.pl> <20050427085629.S3686@Neo-Vortex.net> <20050428193931.GA78277@swordfish.vsip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > No this sysctl is not what i want. > I need to change ttl of outgoing packets to my internal network. > For example. There is connection from host on internet. > it has for example 10 hops to my gateway. And when packet comes > to my box it has for example 55 ttl in ip header. > And then it is routed to host in my network so my box change ttl > to 54. But what i need is change ttl to '1'. In Linux terms, you want to ``mangle'' the packet, we-writing its TTL. AFAIK, this is not possible with FreeBSD since this is really not a common action for a firewall (some conservative folks would even argue this is not its job). The pf firewall seems to have a ``min-ttl'' statement in traffic normalization, but there is no ``max-ttl'' one. The simplest way to achieve this is to write a userland daemon which will retrieve the packet from the firewall from a divert socket, using ipfw(8). But this would have very poor performances in case you need high-bandwidth traffic as each packet would require at least two context switches, but for a DSL connexion, I guess this would be ok. There other solution is to make a patch for one of the firewall avaiable in FreeBSD. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050429090721.GT91329>