On Fri, Jul 15, 2011 at 08:41:22PM -0700, Philip Guenther wrote: > On Fri, Jul 15, 2011 at 7:31 PM, Christiano F. Haesbaert > <haesba...@haesbaert.org> wrote: > > On Fri, Jul 15, 2011 at 04:40:08PM -0700, Philip Guenther wrote: > >> On Fri, Jul 15, 2011 at 4:13 PM, Christiano F. Haesbaert > >> <haesba...@haesbaert.org> wrote: > >> > Hi, this diff adds a sysctl to disable kernel icmp echo processing and > >> > pass it > >> > to userland via raw sockets. I'm terrible with names but I chose > >> > userecho, so > >> > net.inet.icmp.userecho. > >> > >> IMO, a per-socket option makes more sense than an all-machine sysctl. > > > > I don't like the idea much, suppose there is no process using the option, > > should > > the kernel still answer the echo requests ? > > > > But then if we do have a process using the option, should we answer the > > request > > *and* forward the packet ? > > Good point. > > > Hmm, would it work to set up proxy arp for a nonexistent IP on the > same net, use bpf to snag the packets for it, and a raw socket to send > packets for it? <shurg> >
H,m, I think it would, since bpf can catch the packet, another possible option would be IP_DIVERT to catch the packets and then send it with the raw socket, but would still be a little awkward (IMHO). -- Christiano Farina HAESBAERT Do NOT send me html mail.
