Re: How to stop kernel TCP responses on a port

[Dale Mellor <dale@rdmp.org>]

[-- Attachment #1: Type: text/plain, Size: 1844 bytes --]


> > > On 04/09/14 12:17, Dale Mellor wrote:
> > > I want to do TCP with raw sockets. How can I filter away the
> > > kernel's
> > > RST/ACK/SYN response messages when I want to do this myself?
> > 
> > 
> > On Thu, 2014-09-04 at 13:16 -0300, Leonardo Rodrigues wrote:
> > you'll probably need to tweak the kernel itself for that. If you 
> > wanna do all the 'dirty work', why not use UDP instead of TCP ??
> > 
> > 
> > On Thursday, September 4, 2014 at 9:27 PM, Dale Mellor wrote:
> > I need to tunnel TCP (specifically telnet) through a space link to a
> > spacecraft in orbit (don't worry, security exists in the link
> > layer).
> > But of course I need the SYN/ACKs to come from the spacecraft itself
> > (rather than the ground-station PC) so I know when I can send
> > commands
> > up. I'm going to try to use the iptables' QUEUE target and a
> > user-space
> > packet filter, thinking that if I reject the incoming SYN it will be
> > dropped without further ado, and then I can synthesize a response
> > later
> > with a raw socket.
> > 
> > 
> > Any thoughts people may have on this would likely be useful.
> 
> 
On Thu, 2014-09-04 at 22:06 -0700, Payam Chychi wrote:
Why would the syn-ack come from the ground pc and not the space station?
Are you proxying this? If so, there are other ways todo this ...



I thought this list had rules about not top-posting?

Anyway, the point is I don't want the syn-ack to come from the ground,
but the Linux kernel insists on sending it.  That's what I want to
filter out, or otherwise stop.

In case I haven't been clear, the PC is the gateway to the spacecraft;
effectively, it _is_ the proxy.  When a telnet client (on the ground)
connects to the gateway (on the ground), the gateway is responding to
the SYN when I don't want it to.

Dale


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]