Changing packets ttl's
Jeremie Le Hen
jeremie at le-hen.org
Fri Apr 29 02:08:15 PDT 2005
Hi,
> No this sysctl is not what i want.
> I need to change ttl of outgoing packets to my internal network.
> For example. There is connection from host on internet.
> it has for example 10 hops to my gateway. And when packet comes
> to my box it has for example 55 ttl in ip header.
> And then it is routed to host in my network so my box change ttl
> to 54. But what i need is change ttl to '1'.
In Linux terms, you want to ``mangle'' the packet, we-writing its TTL.
AFAIK, this is not possible with FreeBSD since this is really not a
common action for a firewall (some conservative folks would even argue
this is not its job). The pf firewall seems to have a ``min-ttl''
statement in traffic normalization, but there is no ``max-ttl'' one.
The simplest way to achieve this is to write a userland daemon which
will retrieve the packet from the firewall from a divert socket, using
ipfw(8). But this would have very poor performances in case you need
high-bandwidth traffic as each packet would require at least two
context switches, but for a DSL connexion, I guess this would be ok.
There other solution is to make a patch for one of the firewall
avaiable in FreeBSD.
Best regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-net
mailing list