• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

100$ - Filter Packets with TCP Options (TCP Option Kind 30, MPTCP)

Scheduled Pinned Locked Moved Bounties
4 Posts 2 Posters 2.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    SimPru
    last edited by Nov 27, 2013, 6:57 PM

    Heyho,

    I'm looking for someone that can create the possibility to filter/block TCP-Packets with TCP-Option 30 (=MPTCP).
    I've already posted in the firewalling-section, but up to now I did not get a satisfying answer, see http://forum.pfsense.org/index.php/topic,69310.0.html .

    What I want is a feature, preferably a firewall-option, that allows me to allow or disallow TCP-Packets with the TCP-Option 30 to pass.

    As far as I understand the problem, pf itself does not have such a feature. For iptables on Linux there is a –tcp-option flag, that does exactly what I want.
    A few years ago Krzysztof Pfaff did a patch that worked with SACK-options, which are also stored in the TCP-Options-field, his patch can be found here: http://openbsd.7691.n7.nabble.com/pf-modulate-state-amp-TCP-option-SACK-modulation-by-pf-patch-2-td152802.html

    I know that $100 is not that much for something that requires a patch to pf itself, but I hope that maybe someone else regards MPTCP-filtering as a useful feature (for the future).
    The MPTCP-implementation for the BSD-kernel is still under development, see here: http://caia.swin.edu.au/urp/newtcp/mptcp/tools.html

    For the sake of completeness:
    The RFC of MPTCP: http://tools.ietf.org/html/rfc6824
    The list of TCP-Option-Kinds: http://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml
    And the link of the linux-kernel-implementation of MPTCP: http://multipath-tcp.org/

    Thanks a lot in advance :)

    1 Reply Last reply Reply Quote 0
    • S
      SimPru
      last edited by Dec 3, 2013, 7:54 PM

      Since I did not find someone to implement this for me, the bounty is now:
      150$ for a pf-patch that allows me to filter/block packages depending on what TCP-option kind is set.

      I do not necessarily need this implemented in the pfsense-GUI, CLI is also ok.

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by Dec 8, 2013, 1:04 PM

        I can do this for you.

        The only problem is that you want to drop packets with options you specify, right?

        This means you want to specify if option 30 is active in tcp session drop this packet?

        1 Reply Last reply Reply Quote 0
        • S
          SimPru
          last edited by Dec 8, 2013, 1:14 PM

          I need a feature, either CLI or GUI, that allows me to configure to drop every package that has a TCP-option with kind 30.
          Iptables e.g. has a command line switch –tcp-option xx that matches every package with a tcp-option of kind xx.
          Since I need it only for MPTCP-packages, it is not necessary (but it would be nice) to work with all kind of TCP-options, it can also be hardcoded to work only with kind 30.

          I hope that answers your question.

          Thanks in advance,

          SimPru

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received