Re: Adding a flag to a packet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 30 March 2004 10:06 pm, Cody Harris wrote:

> On Tue, 30 Mar 2004 21:50:40 +0100, Antony Stone wrote:
> >
> > Okay.   You want a VPN (I use http://www.freeswan.org), a simple IP
> > tunnel
> > (http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.tunnel.ip-ip.html), or
> > else some clever DNAT rules one end, and SNAT rules the other.
>
> So i *can't* simple mark a packet with a flag that the other one can see?

No.   The MARK is not a part of the actual packet or header - it's just 
something that netfilter associates with the packet whilst it's processing 
it.   Once the packet leaves the box, it's just a plain packet again, and the 
MARK is gone.

> What if i change the ttl to something like 1000 and match it with a rule on
> the other end (too weed out any other instances of this).

Well, the TTL field is only 8 bits, so the maximum value is 255 :)   But 
anyway, you're trying to make custard by boiling a chicken.   It's just the 
wrong way to approach the problem.

Netfilter is a Firewall, and it can also do a bit of NATting.   It's bad 
enough when people try to make it do (local) routing, let alone attempt to 
convert it into a VPN.

There are other ways to do what you want, and the IP tunnel solution is not at 
all complicated (however it is not at all secure, either - packets are 
transferred across the Internet between the two networks with no encryption 
or other attempt to hide the contents).

Regards,

Antony.

-- 
Success is a lousy teacher.  It seduces smart people into thinking they can't 
lose.

 - William H Gates III

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux