Re: Stopping IP data from travelling too far

Christian Daudt (csd@microplex.com)
Wed, 28 Feb 1996 08:53:20 -0800 (PST)


> Hi, this is a bit of an unusual request I guess, but anyway:
>
> I'd like to stop my Linux machine from being able to communicate with
> other machines more than (say) 10 "hops" away over the internet...
> (Here in NZ, we pay volume charges for data that goes over our overseas
> link. Due to the rather unpredictable layout of both domain names and
> IP numbers, the only way I can easily stop people from accessing overseas
> sites is something like this, since all NZ sites seem to be within 8 hops,
> and most overseas ones at least 14. I can deal with letting specific
> things connect further by using a proxy on another machine. )

How about changing:
iph->ttl = ttl;

to

iph->ttl = max(ttl, 10);

in
in ip_output.c ?

I haven't tried it, but it should have the effect you want. If also want
to cut anything being routed through your Linux box, make a similar
change in ip_forward.c and also change this:
iph->ttl--;

to

if (--iph->ttl > 10) {
iph->ttl = 10;
}

(note that I haven't looked at how the checksum header is recalculed for
a forwarded packet. This change might break it).

Cheers,

Christian.

PS: I have *not* tested this. These are only suggestions from looking at
the code. 

-- 
----------------------------------------------------------------   
Christian Daudt (csd@microplex.com)            Software Engineer
Microplex Systems Ltd.            URL: http://www.microplex.com/ 
"You can tell how far we have to go, when FORTRAN is the language of
supercomputers."   -- Steven Feiner