Netgraph node for kernel-level IPv4-header manipulation.
This project lives no more here. I am not going to work on this any more
for some time (maybe permanently). Lack of time simply. Walter C.
Pelissero notified me that ng_mangle in the form available from here
refuses to work with FreeBSD from 5.3 on. He also prepared a patch that
alows to live ng_mangle a little longer. Both patch and patched version
of ng_mangle can be reached at
this site under the
Miscellanea header. Thanks Walter.
First let's take a peek at netgraph(4) ("graph based kernel networking
subsystem") man page. Which says:
The aim of netgraph is to supplement rather than replace the existing
kernel networking infrastructure. It provides:
- A flexible way of combining protocol and link level drivers
- A modular way to implement new protocols
- A common framework for kernel entities to inter-communicate
- A reasonably fast, kernel-based implementation
Well.. sounds good to me! Actually, it seemed to be an amazing idea a few days
back when I decided to take a look at it. It allows to do what it says in a very clean
and robust way. Below you can find my approach to understanding netgraph concepts by
practice. But before you'll move there you may also want to read an excellent
about netgraph written by one of those who created it.
Generally the work that is done by ng_mangle rely on altering some parts of frames
flowing up- and downwards the network stack. Simply imagine one little, tiny layer
more placed between Data Link and Network layer in OSI model. What it does is to
carry data between those two layers modifying some interesting bits meanwhile. What
it has to do with are raw Ethernet frames with no checksum.
At this stage the whole work is done mainly for educational purposes. But that doesn't
imply it's completelly useless. ;) It is simply for changing Time-To-Live and
Type-Of-Service fields in IPv4 headers. And it does it in nice, non-invasing and stable
way without the need to patch your kernel and with possibility to change variables in
Why would you like to change those values? Ask yourself! I have my reasons. Also, I have
heard that there are some ISPs out there that, for strange reasons, forward your packets
only when they carry IP TOS field set to specific value. Now, you don't have to install
Linux in that case! ;^)
How to get it to work (simple steps to the most simple way):
- make sure your OS is FreeBSD :)
(tested on 5.2-RELEASE)
- make sure you have kernel sources under /usr/src/sys
- untgz sources for ng_mangle
- type make from ng_mangle directory
- as root use the script go_mangle.sh to make it work and configured
- type ./go_mangle.sh without any parameters to see that you can:
- load all necessary modules (ie.: ./go_mangle.sh dc0 start)
- unload ng_mangle (ie.: ./go_mangle.sh dc0 stop)
- change ttl value of all outgoing packets (ie.: ./go_mangle.sh dc0 ttl 12)
- change tos value of all outgoing packets (ie.: ./go_mangle.sh dc0 tos 0x02)
- ...or use ngctl(8) to control it as you wish!
- Dominik Łupiński at dl (at) byteorder (dot) net