Date: Wed, 20 Aug 2008 23:34:20 +0200 (CEST) From: Adrian Penisoara <ady@freebsd.ady.ro> To: Javier Ubillos <jav@sics.se> Cc: freebsd-net@freebsd.org Subject: Re: Override default ICMP (and other protocols) default replies. Message-ID: <alpine.DEB.1.00.0808202330370.9661@ady-laptop> In-Reply-To: <1219265499.9118.31.camel@dib> References: <1219265499.9118.31.camel@dib>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Wed, 20 Aug 2008, Javier Ubillos wrote: > Hi freebsd-net. > (Sorry for cross posting. This time I think I found the right forum for > my question) > > I'm implementing a NAT (1 ip - 1 ip) like router. (it's not actually > NAT, but it's a good analogy for this case). > > I have chosen to use pcaplib to pick up the packets. I have an > implementation which picks up the packets, inspects them, rewrites the > destination/source ip-addresses and sends them out on the repective > interface. Umm, this is going parallel to the real network stack. Why not try to "hijack" the packets fro the kernel to the userland process with a feature like divert in ipfw(8) ? > > The problem I'm facing however is that my interfaces are answering to > e.g. icmp-echo (ping) automatically, and I don't know how to turn this > behaviour off. This is a normal TCP/IP network stack feature in the kernel. You may also find that connecting to one of the open ports on the machine will trigger a similar effect. You need to cut off that packet before entering the upper network application layer in the kernel -- see suggestion above. Regards, Adrian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.DEB.1.00.0808202330370.9661>