Mangling

[ika256]

I wish FreeBSD will have IP mangling function like iptables in linux
are this feature planning to add to base FreeBSD system?
thanks

 

[aragon]

Can you define exactly what IP mangling is or what you're trying to accomplish? FreeBSD can do a lot with pf so I'm thinking it'll already fit your needs.

 

[blah]

Isn't this what packet [red]tag[/red]ging is for?

 

[ika256]

Agree, it has a lot features, but it can only drop or pass packets with ip header information.
It will be better if firewall can modify header fields of ip
like tos or ttl.
FreeBSD can change initial TTL (TTL of ip packets generated this machine) but it cant change routed packets TTL.

 

[danger@]

you should be able to do that with Netgraph (http://people.freebsd.org/~julian/netgraph.html)

 

[aragon]

It is probably possible with netgraph, but there is no netgraph module currently in existence that I know of that will do what ika256 needs.

If we're talking about the easiest way to write something that does it, another option would be to look at the source of ports/net/tcpmssd and modify it appropriately.

 

[ika256]

aragon

yes, I found too the tcpmssd "method" and the netgraph module for doing that
http://venus.wsb-nlu.edu.pl/~dlupinsk/ng_mangle/

but I wrote here because i will be glad to see this feature in the base
FreeBSD

 

[aragon]

ika256, I've just learned that the latest version of pf can set TOS. However, you'll need to run OpenBSD for now as it hasn't been ported to FreeBSD yet.