When receiving ICMP packets via divert, which have been received from a NAT
interface, how does one fill in the struct pfioc_natlook to get the information
on the NAT’d host?
Given ‘struct pfioc_natlook nl;’ I have filled in nl as follows:
memset nl to zero first
nl.saddr = ip header src addr field from the received packet
nl.daddr = ip header dest addr field from the received packet
nl.af = AF_INET
nl.proto = IPPROTO_ICMP
for nl.direction, I’ve tried both PF_IN and PF_OUT
for nl.sport and nl.dport, I’ve tried
nl.sport = ICMP type
nl.dport = ICMP code
and
nl.sport = ICMP code
nl.dport = ICMP type
In all cases, ioctl(pffd, DIOCNATLOOK, &nl) returns -1.
Thanks.
Matt
