Override default ICMP (and other protocols) default replies.
Adrian Penisoara
ady at freebsd.ady.ro
Wed Aug 20 21:34:42 UTC 2008
Hi,
On Wed, 20 Aug 2008, Javier Ubillos wrote:
> Hi freebsd-net.
> (Sorry for cross posting. This time I think I found the right forum for
> my question)
>
> I'm implementing a NAT (1 ip - 1 ip) like router. (it's not actually
> NAT, but it's a good analogy for this case).
>
> I have chosen to use pcaplib to pick up the packets. I have an
> implementation which picks up the packets, inspects them, rewrites the
> destination/source ip-addresses and sends them out on the repective
> interface.
Umm, this is going parallel to the real network stack.
Why not try to "hijack" the packets fro the kernel to the userland process
with a feature like divert in ipfw(8) ?
>
> The problem I'm facing however is that my interfaces are answering to
> e.g. icmp-echo (ping) automatically, and I don't know how to turn this
> behaviour off.
This is a normal TCP/IP network stack feature in the kernel.
You may also find that connecting to one of the open ports on the machine
will trigger a similar effect.
You need to cut off that packet before entering the upper network
application layer in the kernel -- see suggestion above.
Regards,
Adrian.
More information about the freebsd-net
mailing list