Netgraph node for kernel-level IPv4-header manipulation.


This project lives no more here. I am not going to work on this any more for some time (maybe permanently). Lack of time simply. Walter C. Pelissero notified me that ng_mangle in the form available from here refuses to work with FreeBSD from 5.3 on. He also prepared a patch that alows to live ng_mangle a little longer. Both patch and patched version of ng_mangle can be reached at this site under the Miscellanea header. Thanks Walter.


First let's take a peek at netgraph(4) ("graph based kernel networking subsystem") man page. Which says:

The aim of netgraph is to supplement rather than replace the existing kernel networking infrastructure. It provides:
  • A flexible way of combining protocol and link level drivers
  • A modular way to implement new protocols
  • A common framework for kernel entities to inter-communicate
  • A reasonably fast, kernel-based implementation

Well.. sounds good to me! Actually, it seemed to be an amazing idea a few days back when I decided to take a look at it. It allows to do what it says in a very clean and robust way. Below you can find my approach to understanding netgraph concepts by practice. But before you'll move there you may also want to read an excellent article about netgraph written by one of those who created it.


Generally the work that is done by ng_mangle rely on altering some parts of frames flowing up- and downwards the network stack. Simply imagine one little, tiny layer more placed between Data Link and Network layer in OSI model. What it does is to carry data between those two layers modifying some interesting bits meanwhile. What it has to do with are raw Ethernet frames with no checksum.

At this stage the whole work is done mainly for educational purposes. But that doesn't imply it's completelly useless. ;) It is simply for changing Time-To-Live and Type-Of-Service fields in IPv4 headers. And it does it in nice, non-invasing and stable way without the need to patch your kernel and with possibility to change variables in "real time".

Why would you like to change those values? Ask yourself! I have my reasons. Also, I have heard that there are some ISPs out there that, for strange reasons, forward your packets only when they carry IP TOS field set to specific value. Now, you don't have to install Linux in that case! ;^)

How to get it to work (simple steps to the most simple way):
  • make sure your OS is FreeBSD :) (tested on 5.2-RELEASE)
  • make sure you have kernel sources under /usr/src/sys
  • untgz sources for ng_mangle
  • type make from ng_mangle directory
  • as root use the script go_mangle.sh to make it work and configured
  • type ./go_mangle.sh without any parameters to see that you can:

    • load all necessary modules (ie.: ./go_mangle.sh dc0 start)
    • unload ng_mangle (ie.: ./go_mangle.sh dc0 stop)
    • change ttl value of all outgoing packets (ie.: ./go_mangle.sh dc0 ttl 12)
    • change tos value of all outgoing packets (ie.: ./go_mangle.sh dc0 tos 0x02)

  • ...or use ngctl(8) to control it as you wish!



  • Dominik Łupiński at dl (at) byteorder (dot) net
n e v e r e n d i n g s t o r y // 6431 //