Re: IP masquerading and fragmentation

Alan Cox (alan@cymru.net)
Tue, 14 May 1996 17:57:35 +0100 (BST)


> A better solution would be to process the ICMP packet in some way.
> The only possibility would be that the ip_masquerade table was
> searched for all hosts that were speaking to that target, and each of
> those was sent a copy of the ICMP packet. This obviously has some
> problems such as a proliferation of ICMP packets, and it appears that
> the code to handle this would break the modularity of the ip code
> very effectively!

If you get an unreach or similar frame you get the ip header and 8 bytes +
of tcp.udp header back. So you can demux it (same as if it was really for
you and you had to demux to a socket).

Alan