On Tue, Aug 29, 2023 at 12:35:47PM +0200, Claudio Jeker wrote: > On Tue, Aug 29, 2023 at 12:16:23PM +0200, Peter J. Philipp wrote: > > On Tue, Aug 29, 2023 at 11:11:53AM +0200, Alexandr Nedvedicky wrote: > > > Hello, > > > > > > On Tue, Aug 29, 2023 at 09:48:21AM +0200, Peter J. Philipp wrote: > > > > On Tue, Aug 29, 2023 at 09:45:24AM +1000, David Gwynne wrote: > > > > > How are you injecting the crafted packet into the stack? > > > > > > > > Via BPF. It is a spoofing program that I made 23 years ago. While > > > > that's > > If you inject packets via BPF they skip the network stack and therfor do > not pass pf. So pf(4) has no clue about that packet. > This is why for dhcp no extra rules are required. > > -- > :wq Claudio
Hi Claudio, I know this, but this injection was on a host behind the firewall/gateway 1 hop. The injection is on another stack. And I did say this and the ttl's on the tcpdump do indicated 64 ttl on the host where I'm injecting and 63 on the pppoe0 interface. Sorry if I didn't communicate it better. Best Regards, -peter -- Over thirty years experience on Unix-like Operating Systems starting with QNX.
