Date: Fri, 15 Jul 2005 11:30:09 +0200 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= <lists@wm-access.no> To: freebsd-net@freebsd.org Subject: Re: GRE and PF problem Message-ID: <42D78221.9070409@wm-access.no> In-Reply-To: <17111.20794.216380.961758@localhost.localdomain> References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> <42D60832.9090206@webmail.sub.ru> <42D65FE4.2030801@tirloni.org> <42D6ACAD.3030708@webmail.sub.ru> <42D6D164.30000@tirloni.org> <17111.20794.216380.961758@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
Stephen J. Bevan wrote: > Giovanni P. Tirloni writes: > > I don't know how PF keeps tracks of ICMP packets but there must be a > > way for it to distinguish between a packet destined to 192.168.0.1 or 0.2. > > An ICMP ECHO REQUEST message has a 16-bit id field which can be > altered by NAT to identify the originating machine. > > There isn't really an equivalent when using a minimal GRE header. If > GRE checksums are turned on then the 16-bit Reserved1 field could be > abused for NAT purposes. Not for GRE but for PPTP (which uses GRE but with a slight addition). CALL ID, a unique number assigned by the PPTP server per session. AFAIK. There are some firewalls out there that uses this ID. -- Sten Daniel Sørsdal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42D78221.9070409>