Re: ip_filter injection question
Re: ip_filter injection question
- Subject: Re: ip_filter injection question
- From: David A Rowland <email@hidden>
- Date: Thu, 14 Sep 2006 15:29:22 -0700
At 5:28 PM -0400 9/14/06, Ron Anderson wrote:
I'm using an IP Filter to re-direct some TCP packets (in/out) to a proxy host.
So, outgoing packets are modified to go to a new destination address
and port (with the necessary checksum fix). I'm using the inject
method to send the modified packet.
Incoming packets (from the proxy host) are matched with the original
outgoing packet (by SEQ/ACK); whereby the packet is fixed to have
the source address and port be the original destination address and
port. I'm using the inject method to send the modified packet.
The incoming SYN/ACK packet is not making its way back to the
original socket. "netstat -s" is not listing any dropped packets
due to checksums. But, those incoming packets do seem to be dropped
before making there way back to the socket.
Does anyone know if what I'm trying to do should/can work?
I recently wrote an IP filter and had a problem not unlike that. It
turns out that checksums are generated below the IP layer in
hardware. In my case the outgoing TCP packet was being changed to an
encrypted ESP packet, but the hardware went ahead and stamped the TCP
checksum into it, destroying its integrity. Since your packets remain
TCP this is probably not the problem, but you might think about where
the checksum is created. It's not where you expect.
David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden