-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PJ writes: > Raj Mathur <[EMAIL PROTECTED]> writes:
>> >> OK, let me rephrase -- even if you can have packets for two different >> applications arriving on the same TCP port, actually doing so would be >> going against one of the basic design tenets of IP (the unique >> address/protocol/port identifier). >> >> I'd strongly recommend against such a setup. Apart from being totally >> incomprehensible to anyone else (or even to yourself 6 months after you >> set it up), it'll be impossible to replicate properly, and extremely >> fragile -- you don't write applications that break when a client >> upgrade changes the value of one bit in a packet somewhere. >> > Is it fragile if iptables marks the packets in, say, unused bits of the > tos settings of the tcp/ip packet just after the generator sends it? > (I'm assuming this tag will traverse the net without problems so it can > be filtered according to tos by iptables at the other end - I don't > know how that may work in practice - it seems convenient. I'm sure you > have a better idea than I do.) Yes, this seems a good hack, but you need iptables (or pf or some other intelligent firewall) at the end of packet generating device or packet generating device should be configurable to allow user to set ToS byte. Never thought unused ToS bits can be used this way :) . OR other hack would be to filter on the basis of "source address:source port" (provided IPv4 address and TCP port used for sending packets from packet generator is static) of the packets. Ashish - -- ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiK95IACgkQHy+EEHYuXnSGHQCfYJUcoXncWF1y91RiY0vbIClF de8AnjXf+dNUiVaibKgg0NjNlQyVJ9Fg =64Of -----END PGP SIGNATURE----- _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/