Re: [tkined] Passing Original IP address on.

Cary B. O'Brien (cobrien@access.digex.net)
Mon, 9 Feb 1998 08:13:06 -0500 (EST)

>
> I am using scotty(2.1.7)/tnm(8.0)/tcl(8.0) to receive SNMP trap data from
> devices.
>
> I receive the data, parse it with tcl scripts and then forward it to a central
> location for additional proceessing and storage.
>
> The problem is that the original IP address from the device is say, 192.1.1.123
> and after the scripts process it and pass it on the final destination sees it as
> the scripts machine say 192.1.1.99.
>
> Is there a way to save the incoming IP address, parse the data with the scripts
> and then just before sending put the saved IP address in as the source address
> in the IP header ?
>
> Many thanks for your help with this question.
>

We may have to do something similiar. My _understanding_ is that
to do this you would have to use a raw socket and form the IP header
yourself, since the normal UDP networking code in the kernel will
always put its own IP address on the outgoing packet.

This requires root access, and the use of something called SOCK_RAW,
at least under Linux. Also you could run into problems with routers
which do not expect a packet from the spoofed IP address to be coming
from the lan segment your machine is on. (*)

In any case, it is a nice facility to have in distributed
environments, so keep us posted.

Cary O'Brien
cobrien@access.digex.net

(*) Do routers match up IP addresses and MAC addresses to look for
spoofing? Hmmmm If not, it seems like it would be a good idea.

--
!! This message is brought to you via the `tkined & scotty' mailing list.
!! Please do not reply to this message to unsubscribe. To subscribe or
!! unsubscribe, send a mail message to <tkined-request@ibr.cs.tu-bs.de>.
!! See http://wwwsnmp.cs.utwente.nl/~schoenw/scotty/ for more information.