tech-net: Re: ipf "dup-to" altering packet IDs

Subject: Re: ipf "dup-to" altering packet IDs
To: Michael Graff <explorer@flame.org>
From: Darren Reed <darrenr@reed.wattle.id.au>
List: tech-net
Date: 06/26/2002 14:04:14

In some email I received from Michael Graff, sie wrote:
> I have a need to do routing based on source address (not the normal
> destination address) and so am using IPF rules to do this disgusting
> hack.
> 
> What I'm doing is:
> 
>         pass in on fxp1 dup-to tun0 from 204.152.188.160/27 to any
>         block out quick on fxp0 from 204.152.188.160/27 to any
> 
> This causes the packets to be duplicated to tun0 and dropped on the
> outgoing interface, so the only copy of the packet will go over the
> tun0 device.
> 
> I have a user-level tunnel taking the packets from tun0 and
> encapsulating them in UDP and sending them on their way.
> 
> However, the packet as seen on fxp1 and tun0 have differences.  The
> duplicated packet has its ip id field byte-swapped.

Is the checksum correct in the packet coming out tun0 ?

Darren