Use the latest alias engine - now in libalias.
Submitted by: Charles Mott <cmott@srv.net>
This commit is contained in:
parent
75795a87aa
commit
6db75539f1
@ -1,15 +1,14 @@
|
||||
# $Id: Makefile,v 1.17 1997/03/30 12:12:20 brian Exp $
|
||||
# $Id: Makefile,v 1.18 1997/03/31 22:50:59 brian Exp $
|
||||
|
||||
PROG= ppp
|
||||
SRCS= async.c auth.c ccp.c chap.c chat.c command.c filter.c fsm.c hdlc.c \
|
||||
ip.c ipcp.c lcp.c lqr.c log.c main.c mbuf.c modem.c os.c \
|
||||
pap.c pred.c route.c slcompress.c timer.c systems.c vars.c \
|
||||
vjcomp.c arp.c alias.c alias_db.c alias_ftp.c alias_util.c \
|
||||
passwdauth.c sig.c
|
||||
SRCS= alias_cmd.c arp.c async.c auth.c ccp.c chap.c chat.c command.c \
|
||||
filter.c fsm.c hdlc.c ip.c ipcp.c lcp.c log.c lqr.c main.c mbuf.c \
|
||||
modem.c os.c pap.c passwdauth.c pred.c route.c sig.c slcompress.c \
|
||||
systems.c timer.c vars.c vjcomp.c
|
||||
#CFLAGS+= -DHAVE_SHELL_CMD_WITH_ANY_MODE
|
||||
CFLAGS += -Wall -DMSEXT -DPASSWDAUTH
|
||||
LDADD += -lmd -lcrypt -lutil
|
||||
DPADD += ${LIBMD} ${LIBCRYPT} ${LIBUTIL}
|
||||
LDADD += -lmd -lcrypt -lutil -lalias
|
||||
DPADD += ${LIBMD} ${LIBCRYPT} ${LIBUTIL} ${LIBALIAS}
|
||||
MAN8= ppp.8
|
||||
BINMODE=4555
|
||||
BINOWN= root
|
||||
|
@ -1,112 +1,352 @@
|
||||
User PPP Packet Aliasing
|
||||
|
||||
|
||||
|
||||
0. Contents
|
||||
1. Background
|
||||
2. Setup
|
||||
3. Future Development
|
||||
3. New commands in ppp
|
||||
4. Future Work
|
||||
5. Authors / Acknowledgments
|
||||
6. Revision History for Aliasing Code
|
||||
|
||||
|
||||
|
||||
1. Background
|
||||
|
||||
User ppp has embedded packet aliasing (IP masquerading) code.
|
||||
When this capability is enabled by the "-alias" command line
|
||||
option, the ppp host will automatically alias IP packets forwarded
|
||||
from a local network so that they appear to come from the ppp
|
||||
host machine. Incoming packets from the outside world are then
|
||||
appropriately de-aliased.
|
||||
User mode ppp has embedded packet aliasing (IP masquerading) code.
|
||||
Enabling this, either by the "-alias" command line option or the
|
||||
"alias enable yes" command in a ppp.conf file, makes the ppp host
|
||||
automatically alias IP packets forwarded from a local network, making
|
||||
them appear to come from the ppp host machine. Incoming packets
|
||||
from the outside world are then appropriately de-aliased.
|
||||
|
||||
The process of aliasing involves both the IP address as well as
|
||||
TCP and UDP port numbers. ICMP packets can be aliased by either
|
||||
their id or sequence numbers.
|
||||
The process of aliasing involves both the IP address and the TCP or UDP
|
||||
port numbers. ICMP echo and timestamp packets are aliased by their id
|
||||
numbers. ICMP error messages can be properly directed by examining the
|
||||
fragment of the offending packet which is contained in the body of the
|
||||
message.
|
||||
|
||||
This software was specifically meant to support users who have
|
||||
unregistered, private address IP networks (e.g. 192.168.0.x or
|
||||
10.0.0.x addresses). The ppp host can act as a gateway for these
|
||||
networks, and computers on the local area net will have some
|
||||
degree of internet access without the need for a registered IP
|
||||
address. Additionally, there will be no need for an internet
|
||||
service provider to maintain routing tables for the local area
|
||||
network.
|
||||
unregistered, private address IP networks (e.g. 192.168.0.x or 10.0.0.x
|
||||
addresses). The ppp host can act as a gateway for these networks, and
|
||||
computers on the local area net will have some degree of Internet access
|
||||
without the need for a registered IP address. Additionally, there will
|
||||
be no need for an Internet service provider to maintain routing tables
|
||||
for the local area network.
|
||||
|
||||
A disadvantage of packet aliasing is that machines on the local
|
||||
network, behind the ppp host, can establish tcp connections and
|
||||
make udp inqiries (such as domain name service requests), but these
|
||||
machines, other than the ppp host itself, are not visible from
|
||||
the outside world. There is, in effect, a partial firewall.
|
||||
A disadvantage of packet aliasing is that machines on the local network,
|
||||
behind the ppp host, are not visible from the outside world. They can
|
||||
establish TCP connections and make UDP inquiries (such as domain name
|
||||
service requests) but the connections seem to come from the ppp host
|
||||
itself. There is, in effect, a partial firewall. Of course, if this is
|
||||
what you want, the disadvantage becomes an advantage.
|
||||
|
||||
A second disadvantage is that "IP encoding" protocols, which send
|
||||
IP address or port information within the data stream, are not
|
||||
supported unless exception code has been put in place. A workaround
|
||||
for ftp, which is the most well known of the IP encoding protocols,
|
||||
has been developed in this implementation, so users do not have
|
||||
to depend on using the ftp passive mode, as is sometimes the case
|
||||
with other masquerading solutions.
|
||||
A second disadvantage is that "IP encoding" protocols, which send IP
|
||||
address or port information within the data stream, are not supported
|
||||
for the cases where exception code exists. This implementation has
|
||||
workarounds for FTP and IRC DCC, the most well known of the IP encoding
|
||||
protocols. This frees users from depending on using the ftp passive
|
||||
mode and avoiding IRC DCC sends, as is sometimes the case with other
|
||||
masquerading solutions.
|
||||
|
||||
All standard, non-encoding TCP and UDP protocals are supported,
|
||||
Examples of these protocols are http, gopher and telnet. The
|
||||
standard UDP mode of RealAudio is not presently supported,
|
||||
but the TCP mode does work correctly. IRC is reported by users
|
||||
to work in some, but not all, modes.
|
||||
The implementation supports all standard, non-encoding TCP and UDP protocols.
|
||||
Examples of these protocols are http, gopher and telnet. The standard UDP
|
||||
mode of RealAudio is not presently supported, but the TCP mode does work
|
||||
correctly.
|
||||
|
||||
The packet aliasing code also handle many ICMP messages. In
|
||||
particular, ping and traceroute are supported.
|
||||
The packet aliasing code also handle many ICMP messages. In particular,
|
||||
ping and traceroute are supported.
|
||||
|
||||
|
||||
|
||||
2. Packet Aliasing Setup
|
||||
|
||||
It is recommended that correct ppp operation first be verified
|
||||
without packet aliasing enabled. Then ppp can be started with
|
||||
the "-alias" option in the command line. Correct network operation
|
||||
of the ppp host in packet aliasing mode should then be verified.
|
||||
Finally, machines on the private network should be checked to see
|
||||
whether they can access the internet.
|
||||
It is recommended that users first verify correct ppp operation without
|
||||
packet aliasing enabled. This will confirm that the ppp.conf file is
|
||||
properly set up and that there are no ppp problems. Then start ppp with
|
||||
the "-alias" option on the command line. The user should verify that
|
||||
the ppp host can correctly connect to the Internet in packet aliasing
|
||||
mode. Finally, check that machines on the private network can access
|
||||
the Internet.
|
||||
|
||||
Since the masquerading software aliases all packets, whether
|
||||
they come from the host or another computer on the local area
|
||||
network, a correctly operating ppp host will indicate that the
|
||||
software should work properly for other computers on the private
|
||||
network.
|
||||
The masquerading software aliases all packets, whether they come from
|
||||
the host or another computer on the local area network. Thus, a correctly
|
||||
operating ppp host indicates that the software should work properly for
|
||||
other computers on the private network.
|
||||
|
||||
If the ppp host can access the internet, but other computers on
|
||||
the local network cannot do this, then it should be checked that
|
||||
IP forwarding is enabled on the ppp host and that the other
|
||||
computers use this machine as a gateway. Of course, proper
|
||||
communications between machines within the local area network
|
||||
should also be verified (do they use consistent subnet addresses
|
||||
and masks?).
|
||||
If the ppp host can access the Internet, but other computers on the local
|
||||
network cannot, check that IP forwarding is enabled on the ppp host. Also,
|
||||
verify that the other computers use this machine as a gateway. Of course,
|
||||
you should also verify that machines within the local area network
|
||||
communicate properly. A common error is inconsistent subnet addresses
|
||||
and masks.
|
||||
|
||||
|
||||
|
||||
3. Future Development
|
||||
3. New commands in ppp
|
||||
|
||||
What is called packet aliasing here has been variously called
|
||||
masquerading, network address translation (NAT) and transparent
|
||||
proxying by others. It is an extremely useful function to
|
||||
many users, but it is also necessarily imperfect. Workarounds
|
||||
(hacks) are always needed for the occasional IP-encoding
|
||||
protocols.
|
||||
In order to control aliasing behavior in a simple manner (no need for
|
||||
recompilation), a new command has been added to iij-ppp: alias. This
|
||||
is in addition to the -alias command line option. System managers and
|
||||
more experienced users may prefer to use the iij-ppp command syntax
|
||||
within the ppp.conf file. The alias command also allows packet aliasing
|
||||
behavior to be more precisely specified.
|
||||
|
||||
The specific solution implemented here does not block off or
|
||||
reserve any segment of TCP or UDP ports on the ppp host for use
|
||||
by the masquerading function. No communication to the kernel
|
||||
is needed in this matter. All packets are aliased, whether
|
||||
they originate from the ppp host or other computers on the
|
||||
local network. This is a central issue, and some programmers
|
||||
may wish to handle this differently.
|
||||
The decision to add a command instead of extending 'set' or 'option' was
|
||||
to make obvious that these options only work when aliasing is enabled.
|
||||
|
||||
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c
|
||||
and alias_util.c) runs in user space, and is intended to be
|
||||
both portable and reusable for interfaces other than ppp. The
|
||||
basic engine is accessed by four simple function calls
|
||||
(initialization, communication of host address, outgoing
|
||||
aliasing and incoming de-aliasing).
|
||||
The syntax for 'alias' is
|
||||
|
||||
Limited IP fragment handling exists. Once the packet aliasing
|
||||
software sees the header fragment of a packet, all other fragments
|
||||
will be correctly forwarded. However, if the header fragment
|
||||
does not come first, then some fragments will be lost.
|
||||
ppp> alias option [yes|no]
|
||||
|
||||
Charles Mott (cmott@srv.net)
|
||||
December 4, 1996
|
||||
where option is given by one of the following templates.
|
||||
|
||||
|
||||
- alias enable [yes|no] (default no)
|
||||
|
||||
Enable packet aliasing functionality. If disabled, no other alias
|
||||
options will have any effect. You should usually enable aliasing
|
||||
before routing any packets over the link; good points are in the
|
||||
initial script or right before adding a route. If you do not always
|
||||
want aliasing, consider using the -alias option to ppp instead of this
|
||||
command.
|
||||
|
||||
|
||||
- alias deny_incoming [yes|no] (default yes)
|
||||
|
||||
Set to "yes" to disable all incoming connections. This just drops
|
||||
connections to, for example, ftp, telnet or web servers. The aliasing
|
||||
mechanism prevents these connections. Technically, this option denies
|
||||
all incoming TCP and UDP requests, making the aliasing software a
|
||||
fairly efficient one-way firewall. The default is no, which will
|
||||
all incoming connections to telnetd, ftpd, etc.
|
||||
|
||||
|
||||
- alias log [yes|no]
|
||||
|
||||
Controls logging of alias link creation to "/var/log/alias.log" - this
|
||||
is usually only useful if debugging a setup, to see if the bug is in
|
||||
the PPP aliasing. The debugging information is fairly limited, listing
|
||||
the number of aliasing links open for different prototocols.
|
||||
|
||||
|
||||
- alias same_ports [yes|no] (default yes)
|
||||
|
||||
When a connection is being established going through the aliasing
|
||||
routines, it will normally have its port number changed to allow the
|
||||
aliasing code to track it. If same_ports is enabled, the alias
|
||||
software attempts to keep the connection's source port unchanged.
|
||||
This will allow rsh, RPC and other specialized protocols to work
|
||||
_most of the time_, at least on the host machine. Please, do not
|
||||
report this being unstable as a bug - it is a result of the way
|
||||
aliasing has to work. TCP/IP was intended to have one IP address
|
||||
per machine.
|
||||
|
||||
|
||||
- alias use_sockets [yes|no] (default yes)
|
||||
|
||||
This is a fairly obscure option. For the most part, the packet aliasing
|
||||
software does not have to allocate system sockets when it chooses an
|
||||
aliasing port number. Under very specific circumstances, FTP data
|
||||
connections (which don't know the remote port nubmer, though it is
|
||||
usually 20) and IRC DCC send (which doesn't know either the address or
|
||||
the port from which the connection will come), there can potentially be
|
||||
some interference with an open server socket having the same port number
|
||||
on the ppp host machine. This possibility for interferience only exists
|
||||
until the TCP connection has been acknowledged on both sides. The safe
|
||||
option is yes, though fewer system resources are consumed by specifying
|
||||
no.
|
||||
|
||||
|
||||
- alias unregistered_only [yes|no] (default no)
|
||||
|
||||
Packet aliasing normally remaps all packets coming from the local area
|
||||
network to the ppp host machine address. Set this option to only map
|
||||
addresses from the following standard ranges for private, unregistered
|
||||
addresses:
|
||||
|
||||
10.0.0.0 -> 10.255.255.255
|
||||
172.16.0.0 -> 172.31.255.255
|
||||
192.168.0.0 -> 192.168.255.255 */
|
||||
|
||||
In the instance that there is a subnet of public addresses and another
|
||||
subnet of private addresses being routed by the ppp host, then only the
|
||||
packets on the private subnet will be aliased.
|
||||
|
||||
|
||||
- alias port <proto> <local addr>:<port> <alias port>
|
||||
|
||||
This command allows incoming traffic to <alias port> on the host
|
||||
machine to be redirected to a specific machine and port on the
|
||||
local area network. One example of this would be:
|
||||
|
||||
alias port tcp 192.168.0.4:telnet 8066
|
||||
|
||||
All traffic to port 8066 fthe ppp host would then be sent to
|
||||
the telnet port (23) of machine 192.168.0.4. Port numbers
|
||||
can either be designated numerically or by symbolic names
|
||||
listed in /etc/services. Similarly, addresses can be either
|
||||
in dotted quad notation or in /etc/hosts.
|
||||
|
||||
|
||||
- alias addr <local addr> <public addr>
|
||||
|
||||
This command allows traffic for a public IP address to be
|
||||
redirected to a machine on the local network. This function
|
||||
is known as "static NAT". An address assignment of 0 refers
|
||||
to the default address of the ppp host. Normally static
|
||||
NAT is useful if your ISP has allocated a small block of
|
||||
IP addresses to the user, but it can even be used in the
|
||||
case of a single, dynamically allocated IP address:
|
||||
|
||||
alias addr 10.0.0.8 0
|
||||
|
||||
The above command would redirect all incoming traffic to
|
||||
machine 10.0.0.8.
|
||||
|
||||
If several address aliases specifiy the same public addres
|
||||
as follows
|
||||
|
||||
alias addr 192.168.0.2 public_addr
|
||||
alias addr 192.168.0.3 public_addr
|
||||
alias addr 192.168.0.4 public_addr
|
||||
|
||||
then incoming traffice will be directed to the last
|
||||
translated local address (192.168.0.4), but outgoing
|
||||
traffic to the first two addresses will still be aliased
|
||||
to the specified public address.
|
||||
|
||||
|
||||
|
||||
4. Future Work
|
||||
|
||||
What is called packet aliasing here has been variously called masquerading,
|
||||
network address translation (NAT) and transparent proxying by others. It
|
||||
is an extremely useful function to many users, but it is also necessarily
|
||||
imperfect. The occasional IP-encoding protocols always need workarounds
|
||||
(hacks). Users who are interested in supporting new IP-encoding protocols
|
||||
can follow the examples of alias_ftp.c and alias_irc.c.
|
||||
|
||||
ICMP error messages are currently handled only in the incoming direction.
|
||||
A handler needs to be added to correctly alias outgoing error messages.
|
||||
|
||||
IRC and FTP exception handling make reasonable, though not strictly correct
|
||||
assumptions, about how IP encoded messages will appear in the control
|
||||
stream. Programmers may wish to consider how to make this process more
|
||||
robust.
|
||||
|
||||
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c, alias_irc.c
|
||||
and alias_util.c) runs in user space, and is intended to be both portable
|
||||
and reusable for interfaces other than ppp. To access the basic engine
|
||||
only requires four simple function calls (initialization, communication of
|
||||
host address, outgoing aliasing and incoming de-aliasing).
|
||||
|
||||
|
||||
|
||||
5. Authors / Acknowledgments
|
||||
|
||||
Charles Mott (cmott@srv.net) <versions 1.0 - 1.8, 2.0, 2.1>
|
||||
Eivind Eklund (perhaps@yes.no) <versions 1.8b - 1.9, new ppp commands>
|
||||
|
||||
Listed below, in chronological order, are individuals who have provided
|
||||
valuable comments and/or debugging assistance.
|
||||
|
||||
Gary Roberts
|
||||
Tom Torrance
|
||||
Reto Burkhalter
|
||||
Martin Renters
|
||||
Brian Somers
|
||||
Paul Traina
|
||||
Ari Suutari
|
||||
J. Fortes
|
||||
Andrzej Bialeki
|
||||
|
||||
|
||||
|
||||
6. Revision History for Aliasing Code
|
||||
|
||||
Version 1.0: August 11, 1996 (cjm)
|
||||
|
||||
Version 1.1: August 20, 1996 (cjm)
|
||||
PPP host accepts incoming connections for ports 0 to 1023.
|
||||
|
||||
Version 1.2: September 7, 1996 (cjm)
|
||||
Fragment handling error in alias_db.c corrected.
|
||||
|
||||
Version 1.3: September 15, 1996 (cjm)
|
||||
- Generalized mechanism for handling incoming connections
|
||||
(no more 0 to 1023 restriction).
|
||||
- Increased ICMP support (will handle traceroute now).
|
||||
- Improved TCP close connection logic.
|
||||
|
||||
Version 1.4: September 16, 1996
|
||||
Can't remember (this version only lasted a day -- cjm).
|
||||
|
||||
Version 1.5: September 17, 1996 (cjm)
|
||||
Corrected error in handling incoming UDP packets
|
||||
with zero checksum.
|
||||
|
||||
Version 1.6: September 18, 1996
|
||||
Simplified ICMP data storage. Will now handle
|
||||
tracert from Win95 as well as FreeBSD traceroute.
|
||||
|
||||
Verstion 1.7: January 9, 1997 (cjm)
|
||||
- Reduced malloc() activity for ICMP echo and
|
||||
timestamp requests.
|
||||
- Added handling for out-of-order IP fragments.
|
||||
- Switched to differential checksum computation
|
||||
for IP headers (TCP, UDP and ICMP checksums
|
||||
were already differential).
|
||||
- Accepts FTP data connections from other than
|
||||
port 20. This allows one ftp connections
|
||||
from two hosts which are both running packet
|
||||
aliasing.
|
||||
|
||||
Verstion 1.8: January 14, 1997 (cjm)
|
||||
- Fixed data type error in function StartPoint()
|
||||
in alias_db.c (this bug did not exist before v1.7)
|
||||
|
||||
Version 1.8b: January 16, 1997 (Eivind Eklund <perhaps@yes.no>)
|
||||
- Upgraded base PPP version to be the sourcecode from
|
||||
FreeBSD 2.1.6, with additional security patches. This
|
||||
version should still be possible to run on 2.1.5, though -
|
||||
I've run it with a 2.1.5 kernel without problems.
|
||||
(Update done with the permission of cjm)
|
||||
|
||||
Version 1.9: February 1, 1997 (Eivind Eklund <perhaps@yes.no>)
|
||||
- Added support for IRC DCC (ee)
|
||||
- Changed the aliasing routines to use ANSI style throughout -
|
||||
minor API changes for integration with other programs than PPP (ee)
|
||||
- Changed the build process, making all options switchable
|
||||
from the Makefile (ee)
|
||||
- Fixed minor security hole in alias_ftp.c for other applications
|
||||
of the aliasing software. Hole could _not_ manifest in
|
||||
PPP+pktAlias, but could potentially manifest in other
|
||||
applications of the aliasing. (ee)
|
||||
- Connections initiated from packet aliasing host machine will
|
||||
not have their port number aliased unless it conflicts with
|
||||
an aliasing port already being used. (There is an option to
|
||||
disable this for debugging) (cjm)
|
||||
- Sockets will be allocated in cases where there might be
|
||||
port interference with the host machine. This can be disabled
|
||||
in cases where the ppp host will be acting purely as a
|
||||
masquerading router and not generate any traffic of its own.
|
||||
(cjm)
|
||||
|
||||
Version 2.0: March, 1997 (cjm)
|
||||
- Incoming packets which are not recognized by the packet
|
||||
aliasing engine are now completely dropped in ip.c.
|
||||
- Aliasing links are cleared when a host interface address
|
||||
changes (due to re-dial and dynamic address allocatioa).
|
||||
- PacketAliasPermanentLink() API added.
|
||||
- Option for only aliasing private, unregistered IP addresses
|
||||
added.
|
||||
- Substantial rework to the aliasing lookup engine.
|
||||
|
||||
Version 2.1: May, 1997 (cjm)
|
||||
- Continuing rework to the aliasing lookup engine to support
|
||||
multiple incoming addresses and static NAT.
|
||||
- Now supports outgoing as well as incoming ICMP error messges/
|
||||
- PPP commands to support address and port redirection.
|
||||
|
||||
|
@ -1,112 +1,352 @@
|
||||
User PPP Packet Aliasing
|
||||
|
||||
|
||||
|
||||
0. Contents
|
||||
1. Background
|
||||
2. Setup
|
||||
3. Future Development
|
||||
3. New commands in ppp
|
||||
4. Future Work
|
||||
5. Authors / Acknowledgments
|
||||
6. Revision History for Aliasing Code
|
||||
|
||||
|
||||
|
||||
1. Background
|
||||
|
||||
User ppp has embedded packet aliasing (IP masquerading) code.
|
||||
When this capability is enabled by the "-alias" command line
|
||||
option, the ppp host will automatically alias IP packets forwarded
|
||||
from a local network so that they appear to come from the ppp
|
||||
host machine. Incoming packets from the outside world are then
|
||||
appropriately de-aliased.
|
||||
User mode ppp has embedded packet aliasing (IP masquerading) code.
|
||||
Enabling this, either by the "-alias" command line option or the
|
||||
"alias enable yes" command in a ppp.conf file, makes the ppp host
|
||||
automatically alias IP packets forwarded from a local network, making
|
||||
them appear to come from the ppp host machine. Incoming packets
|
||||
from the outside world are then appropriately de-aliased.
|
||||
|
||||
The process of aliasing involves both the IP address as well as
|
||||
TCP and UDP port numbers. ICMP packets can be aliased by either
|
||||
their id or sequence numbers.
|
||||
The process of aliasing involves both the IP address and the TCP or UDP
|
||||
port numbers. ICMP echo and timestamp packets are aliased by their id
|
||||
numbers. ICMP error messages can be properly directed by examining the
|
||||
fragment of the offending packet which is contained in the body of the
|
||||
message.
|
||||
|
||||
This software was specifically meant to support users who have
|
||||
unregistered, private address IP networks (e.g. 192.168.0.x or
|
||||
10.0.0.x addresses). The ppp host can act as a gateway for these
|
||||
networks, and computers on the local area net will have some
|
||||
degree of internet access without the need for a registered IP
|
||||
address. Additionally, there will be no need for an internet
|
||||
service provider to maintain routing tables for the local area
|
||||
network.
|
||||
unregistered, private address IP networks (e.g. 192.168.0.x or 10.0.0.x
|
||||
addresses). The ppp host can act as a gateway for these networks, and
|
||||
computers on the local area net will have some degree of Internet access
|
||||
without the need for a registered IP address. Additionally, there will
|
||||
be no need for an Internet service provider to maintain routing tables
|
||||
for the local area network.
|
||||
|
||||
A disadvantage of packet aliasing is that machines on the local
|
||||
network, behind the ppp host, can establish tcp connections and
|
||||
make udp inqiries (such as domain name service requests), but these
|
||||
machines, other than the ppp host itself, are not visible from
|
||||
the outside world. There is, in effect, a partial firewall.
|
||||
A disadvantage of packet aliasing is that machines on the local network,
|
||||
behind the ppp host, are not visible from the outside world. They can
|
||||
establish TCP connections and make UDP inquiries (such as domain name
|
||||
service requests) but the connections seem to come from the ppp host
|
||||
itself. There is, in effect, a partial firewall. Of course, if this is
|
||||
what you want, the disadvantage becomes an advantage.
|
||||
|
||||
A second disadvantage is that "IP encoding" protocols, which send
|
||||
IP address or port information within the data stream, are not
|
||||
supported unless exception code has been put in place. A workaround
|
||||
for ftp, which is the most well known of the IP encoding protocols,
|
||||
has been developed in this implementation, so users do not have
|
||||
to depend on using the ftp passive mode, as is sometimes the case
|
||||
with other masquerading solutions.
|
||||
A second disadvantage is that "IP encoding" protocols, which send IP
|
||||
address or port information within the data stream, are not supported
|
||||
for the cases where exception code exists. This implementation has
|
||||
workarounds for FTP and IRC DCC, the most well known of the IP encoding
|
||||
protocols. This frees users from depending on using the ftp passive
|
||||
mode and avoiding IRC DCC sends, as is sometimes the case with other
|
||||
masquerading solutions.
|
||||
|
||||
All standard, non-encoding TCP and UDP protocals are supported,
|
||||
Examples of these protocols are http, gopher and telnet. The
|
||||
standard UDP mode of RealAudio is not presently supported,
|
||||
but the TCP mode does work correctly. IRC is reported by users
|
||||
to work in some, but not all, modes.
|
||||
The implementation supports all standard, non-encoding TCP and UDP protocols.
|
||||
Examples of these protocols are http, gopher and telnet. The standard UDP
|
||||
mode of RealAudio is not presently supported, but the TCP mode does work
|
||||
correctly.
|
||||
|
||||
The packet aliasing code also handle many ICMP messages. In
|
||||
particular, ping and traceroute are supported.
|
||||
The packet aliasing code also handle many ICMP messages. In particular,
|
||||
ping and traceroute are supported.
|
||||
|
||||
|
||||
|
||||
2. Packet Aliasing Setup
|
||||
|
||||
It is recommended that correct ppp operation first be verified
|
||||
without packet aliasing enabled. Then ppp can be started with
|
||||
the "-alias" option in the command line. Correct network operation
|
||||
of the ppp host in packet aliasing mode should then be verified.
|
||||
Finally, machines on the private network should be checked to see
|
||||
whether they can access the internet.
|
||||
It is recommended that users first verify correct ppp operation without
|
||||
packet aliasing enabled. This will confirm that the ppp.conf file is
|
||||
properly set up and that there are no ppp problems. Then start ppp with
|
||||
the "-alias" option on the command line. The user should verify that
|
||||
the ppp host can correctly connect to the Internet in packet aliasing
|
||||
mode. Finally, check that machines on the private network can access
|
||||
the Internet.
|
||||
|
||||
Since the masquerading software aliases all packets, whether
|
||||
they come from the host or another computer on the local area
|
||||
network, a correctly operating ppp host will indicate that the
|
||||
software should work properly for other computers on the private
|
||||
network.
|
||||
The masquerading software aliases all packets, whether they come from
|
||||
the host or another computer on the local area network. Thus, a correctly
|
||||
operating ppp host indicates that the software should work properly for
|
||||
other computers on the private network.
|
||||
|
||||
If the ppp host can access the internet, but other computers on
|
||||
the local network cannot do this, then it should be checked that
|
||||
IP forwarding is enabled on the ppp host and that the other
|
||||
computers use this machine as a gateway. Of course, proper
|
||||
communications between machines within the local area network
|
||||
should also be verified (do they use consistent subnet addresses
|
||||
and masks?).
|
||||
If the ppp host can access the Internet, but other computers on the local
|
||||
network cannot, check that IP forwarding is enabled on the ppp host. Also,
|
||||
verify that the other computers use this machine as a gateway. Of course,
|
||||
you should also verify that machines within the local area network
|
||||
communicate properly. A common error is inconsistent subnet addresses
|
||||
and masks.
|
||||
|
||||
|
||||
|
||||
3. Future Development
|
||||
3. New commands in ppp
|
||||
|
||||
What is called packet aliasing here has been variously called
|
||||
masquerading, network address translation (NAT) and transparent
|
||||
proxying by others. It is an extremely useful function to
|
||||
many users, but it is also necessarily imperfect. Workarounds
|
||||
(hacks) are always needed for the occasional IP-encoding
|
||||
protocols.
|
||||
In order to control aliasing behavior in a simple manner (no need for
|
||||
recompilation), a new command has been added to iij-ppp: alias. This
|
||||
is in addition to the -alias command line option. System managers and
|
||||
more experienced users may prefer to use the iij-ppp command syntax
|
||||
within the ppp.conf file. The alias command also allows packet aliasing
|
||||
behavior to be more precisely specified.
|
||||
|
||||
The specific solution implemented here does not block off or
|
||||
reserve any segment of TCP or UDP ports on the ppp host for use
|
||||
by the masquerading function. No communication to the kernel
|
||||
is needed in this matter. All packets are aliased, whether
|
||||
they originate from the ppp host or other computers on the
|
||||
local network. This is a central issue, and some programmers
|
||||
may wish to handle this differently.
|
||||
The decision to add a command instead of extending 'set' or 'option' was
|
||||
to make obvious that these options only work when aliasing is enabled.
|
||||
|
||||
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c
|
||||
and alias_util.c) runs in user space, and is intended to be
|
||||
both portable and reusable for interfaces other than ppp. The
|
||||
basic engine is accessed by four simple function calls
|
||||
(initialization, communication of host address, outgoing
|
||||
aliasing and incoming de-aliasing).
|
||||
The syntax for 'alias' is
|
||||
|
||||
Limited IP fragment handling exists. Once the packet aliasing
|
||||
software sees the header fragment of a packet, all other fragments
|
||||
will be correctly forwarded. However, if the header fragment
|
||||
does not come first, then some fragments will be lost.
|
||||
ppp> alias option [yes|no]
|
||||
|
||||
Charles Mott (cmott@srv.net)
|
||||
December 4, 1996
|
||||
where option is given by one of the following templates.
|
||||
|
||||
|
||||
- alias enable [yes|no] (default no)
|
||||
|
||||
Enable packet aliasing functionality. If disabled, no other alias
|
||||
options will have any effect. You should usually enable aliasing
|
||||
before routing any packets over the link; good points are in the
|
||||
initial script or right before adding a route. If you do not always
|
||||
want aliasing, consider using the -alias option to ppp instead of this
|
||||
command.
|
||||
|
||||
|
||||
- alias deny_incoming [yes|no] (default yes)
|
||||
|
||||
Set to "yes" to disable all incoming connections. This just drops
|
||||
connections to, for example, ftp, telnet or web servers. The aliasing
|
||||
mechanism prevents these connections. Technically, this option denies
|
||||
all incoming TCP and UDP requests, making the aliasing software a
|
||||
fairly efficient one-way firewall. The default is no, which will
|
||||
all incoming connections to telnetd, ftpd, etc.
|
||||
|
||||
|
||||
- alias log [yes|no]
|
||||
|
||||
Controls logging of alias link creation to "/var/log/alias.log" - this
|
||||
is usually only useful if debugging a setup, to see if the bug is in
|
||||
the PPP aliasing. The debugging information is fairly limited, listing
|
||||
the number of aliasing links open for different prototocols.
|
||||
|
||||
|
||||
- alias same_ports [yes|no] (default yes)
|
||||
|
||||
When a connection is being established going through the aliasing
|
||||
routines, it will normally have its port number changed to allow the
|
||||
aliasing code to track it. If same_ports is enabled, the alias
|
||||
software attempts to keep the connection's source port unchanged.
|
||||
This will allow rsh, RPC and other specialized protocols to work
|
||||
_most of the time_, at least on the host machine. Please, do not
|
||||
report this being unstable as a bug - it is a result of the way
|
||||
aliasing has to work. TCP/IP was intended to have one IP address
|
||||
per machine.
|
||||
|
||||
|
||||
- alias use_sockets [yes|no] (default yes)
|
||||
|
||||
This is a fairly obscure option. For the most part, the packet aliasing
|
||||
software does not have to allocate system sockets when it chooses an
|
||||
aliasing port number. Under very specific circumstances, FTP data
|
||||
connections (which don't know the remote port nubmer, though it is
|
||||
usually 20) and IRC DCC send (which doesn't know either the address or
|
||||
the port from which the connection will come), there can potentially be
|
||||
some interference with an open server socket having the same port number
|
||||
on the ppp host machine. This possibility for interferience only exists
|
||||
until the TCP connection has been acknowledged on both sides. The safe
|
||||
option is yes, though fewer system resources are consumed by specifying
|
||||
no.
|
||||
|
||||
|
||||
- alias unregistered_only [yes|no] (default no)
|
||||
|
||||
Packet aliasing normally remaps all packets coming from the local area
|
||||
network to the ppp host machine address. Set this option to only map
|
||||
addresses from the following standard ranges for private, unregistered
|
||||
addresses:
|
||||
|
||||
10.0.0.0 -> 10.255.255.255
|
||||
172.16.0.0 -> 172.31.255.255
|
||||
192.168.0.0 -> 192.168.255.255 */
|
||||
|
||||
In the instance that there is a subnet of public addresses and another
|
||||
subnet of private addresses being routed by the ppp host, then only the
|
||||
packets on the private subnet will be aliased.
|
||||
|
||||
|
||||
- alias port <proto> <local addr>:<port> <alias port>
|
||||
|
||||
This command allows incoming traffic to <alias port> on the host
|
||||
machine to be redirected to a specific machine and port on the
|
||||
local area network. One example of this would be:
|
||||
|
||||
alias port tcp 192.168.0.4:telnet 8066
|
||||
|
||||
All traffic to port 8066 fthe ppp host would then be sent to
|
||||
the telnet port (23) of machine 192.168.0.4. Port numbers
|
||||
can either be designated numerically or by symbolic names
|
||||
listed in /etc/services. Similarly, addresses can be either
|
||||
in dotted quad notation or in /etc/hosts.
|
||||
|
||||
|
||||
- alias addr <local addr> <public addr>
|
||||
|
||||
This command allows traffic for a public IP address to be
|
||||
redirected to a machine on the local network. This function
|
||||
is known as "static NAT". An address assignment of 0 refers
|
||||
to the default address of the ppp host. Normally static
|
||||
NAT is useful if your ISP has allocated a small block of
|
||||
IP addresses to the user, but it can even be used in the
|
||||
case of a single, dynamically allocated IP address:
|
||||
|
||||
alias addr 10.0.0.8 0
|
||||
|
||||
The above command would redirect all incoming traffic to
|
||||
machine 10.0.0.8.
|
||||
|
||||
If several address aliases specifiy the same public addres
|
||||
as follows
|
||||
|
||||
alias addr 192.168.0.2 public_addr
|
||||
alias addr 192.168.0.3 public_addr
|
||||
alias addr 192.168.0.4 public_addr
|
||||
|
||||
then incoming traffice will be directed to the last
|
||||
translated local address (192.168.0.4), but outgoing
|
||||
traffic to the first two addresses will still be aliased
|
||||
to the specified public address.
|
||||
|
||||
|
||||
|
||||
4. Future Work
|
||||
|
||||
What is called packet aliasing here has been variously called masquerading,
|
||||
network address translation (NAT) and transparent proxying by others. It
|
||||
is an extremely useful function to many users, but it is also necessarily
|
||||
imperfect. The occasional IP-encoding protocols always need workarounds
|
||||
(hacks). Users who are interested in supporting new IP-encoding protocols
|
||||
can follow the examples of alias_ftp.c and alias_irc.c.
|
||||
|
||||
ICMP error messages are currently handled only in the incoming direction.
|
||||
A handler needs to be added to correctly alias outgoing error messages.
|
||||
|
||||
IRC and FTP exception handling make reasonable, though not strictly correct
|
||||
assumptions, about how IP encoded messages will appear in the control
|
||||
stream. Programmers may wish to consider how to make this process more
|
||||
robust.
|
||||
|
||||
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c, alias_irc.c
|
||||
and alias_util.c) runs in user space, and is intended to be both portable
|
||||
and reusable for interfaces other than ppp. To access the basic engine
|
||||
only requires four simple function calls (initialization, communication of
|
||||
host address, outgoing aliasing and incoming de-aliasing).
|
||||
|
||||
|
||||
|
||||
5. Authors / Acknowledgments
|
||||
|
||||
Charles Mott (cmott@srv.net) <versions 1.0 - 1.8, 2.0, 2.1>
|
||||
Eivind Eklund (perhaps@yes.no) <versions 1.8b - 1.9, new ppp commands>
|
||||
|
||||
Listed below, in chronological order, are individuals who have provided
|
||||
valuable comments and/or debugging assistance.
|
||||
|
||||
Gary Roberts
|
||||
Tom Torrance
|
||||
Reto Burkhalter
|
||||
Martin Renters
|
||||
Brian Somers
|
||||
Paul Traina
|
||||
Ari Suutari
|
||||
J. Fortes
|
||||
Andrzej Bialeki
|
||||
|
||||
|
||||
|
||||
6. Revision History for Aliasing Code
|
||||
|
||||
Version 1.0: August 11, 1996 (cjm)
|
||||
|
||||
Version 1.1: August 20, 1996 (cjm)
|
||||
PPP host accepts incoming connections for ports 0 to 1023.
|
||||
|
||||
Version 1.2: September 7, 1996 (cjm)
|
||||
Fragment handling error in alias_db.c corrected.
|
||||
|
||||
Version 1.3: September 15, 1996 (cjm)
|
||||
- Generalized mechanism for handling incoming connections
|
||||
(no more 0 to 1023 restriction).
|
||||
- Increased ICMP support (will handle traceroute now).
|
||||
- Improved TCP close connection logic.
|
||||
|
||||
Version 1.4: September 16, 1996
|
||||
Can't remember (this version only lasted a day -- cjm).
|
||||
|
||||
Version 1.5: September 17, 1996 (cjm)
|
||||
Corrected error in handling incoming UDP packets
|
||||
with zero checksum.
|
||||
|
||||
Version 1.6: September 18, 1996
|
||||
Simplified ICMP data storage. Will now handle
|
||||
tracert from Win95 as well as FreeBSD traceroute.
|
||||
|
||||
Verstion 1.7: January 9, 1997 (cjm)
|
||||
- Reduced malloc() activity for ICMP echo and
|
||||
timestamp requests.
|
||||
- Added handling for out-of-order IP fragments.
|
||||
- Switched to differential checksum computation
|
||||
for IP headers (TCP, UDP and ICMP checksums
|
||||
were already differential).
|
||||
- Accepts FTP data connections from other than
|
||||
port 20. This allows one ftp connections
|
||||
from two hosts which are both running packet
|
||||
aliasing.
|
||||
|
||||
Verstion 1.8: January 14, 1997 (cjm)
|
||||
- Fixed data type error in function StartPoint()
|
||||
in alias_db.c (this bug did not exist before v1.7)
|
||||
|
||||
Version 1.8b: January 16, 1997 (Eivind Eklund <perhaps@yes.no>)
|
||||
- Upgraded base PPP version to be the sourcecode from
|
||||
FreeBSD 2.1.6, with additional security patches. This
|
||||
version should still be possible to run on 2.1.5, though -
|
||||
I've run it with a 2.1.5 kernel without problems.
|
||||
(Update done with the permission of cjm)
|
||||
|
||||
Version 1.9: February 1, 1997 (Eivind Eklund <perhaps@yes.no>)
|
||||
- Added support for IRC DCC (ee)
|
||||
- Changed the aliasing routines to use ANSI style throughout -
|
||||
minor API changes for integration with other programs than PPP (ee)
|
||||
- Changed the build process, making all options switchable
|
||||
from the Makefile (ee)
|
||||
- Fixed minor security hole in alias_ftp.c for other applications
|
||||
of the aliasing software. Hole could _not_ manifest in
|
||||
PPP+pktAlias, but could potentially manifest in other
|
||||
applications of the aliasing. (ee)
|
||||
- Connections initiated from packet aliasing host machine will
|
||||
not have their port number aliased unless it conflicts with
|
||||
an aliasing port already being used. (There is an option to
|
||||
disable this for debugging) (cjm)
|
||||
- Sockets will be allocated in cases where there might be
|
||||
port interference with the host machine. This can be disabled
|
||||
in cases where the ppp host will be acting purely as a
|
||||
masquerading router and not generate any traffic of its own.
|
||||
(cjm)
|
||||
|
||||
Version 2.0: March, 1997 (cjm)
|
||||
- Incoming packets which are not recognized by the packet
|
||||
aliasing engine are now completely dropped in ip.c.
|
||||
- Aliasing links are cleared when a host interface address
|
||||
changes (due to re-dial and dynamic address allocatioa).
|
||||
- PacketAliasPermanentLink() API added.
|
||||
- Option for only aliasing private, unregistered IP addresses
|
||||
added.
|
||||
- Substantial rework to the aliasing lookup engine.
|
||||
|
||||
Version 2.1: May, 1997 (cjm)
|
||||
- Continuing rework to the aliasing lookup engine to support
|
||||
multiple incoming addresses and static NAT.
|
||||
- Now supports outgoing as well as incoming ICMP error messges/
|
||||
- PPP commands to support address and port redirection.
|
||||
|
||||
|
@ -1,838 +0,0 @@
|
||||
/*
|
||||
Alias.c provides supervisory control for the functions of the
|
||||
packet aliasing software. It consists of routines to monitor
|
||||
TCP connection state, protocol-specific aliasing routines,
|
||||
limited fragment handling and the two primary outside world
|
||||
functional interfaces: PacketAliasIn and PacketAliasOut.
|
||||
|
||||
The other C program files are briefly described. The data
|
||||
structure framework which holds information needed to translate
|
||||
packets is encapsulated in alias_db.c. Data is accessed by
|
||||
function calls, so other segments of the program need not
|
||||
know about the underlying data structures. Alias_ftp.c contains
|
||||
special code for modifying the ftp PORT command used to establish
|
||||
data connections. Alias_util.c contains a few utility routines.
|
||||
|
||||
This software is placed into the public domain with no restrictions
|
||||
on its distribution.
|
||||
|
||||
Version 1.0 August, 1996 (cjm)
|
||||
|
||||
Version 1.1 August 20, 1996 (cjm)
|
||||
PPP host accepts incoming connections for ports 0 to 1023.
|
||||
|
||||
Version 1.2 September 7, 1996 (cjm)
|
||||
Fragment handling error in alias_db.c corrected.
|
||||
|
||||
Version 1.4 September 16, 1996 (cjm)
|
||||
- A more generalized method for handling incoming
|
||||
connections, without the 0-1023 restriction, is
|
||||
implemented in alias_db.c
|
||||
- Improved ICMP support in alias.c. Traceroute
|
||||
packet streams can now be correctly aliased.
|
||||
- TCP connection closing logic simplified in
|
||||
alias.c and now allows for additional 1 minute
|
||||
"grace period" after FIN or RST is observed.
|
||||
Version 1.5 September 17, 1996 (cjm)
|
||||
Corrected error in handling incoming UDP packets with 0 checksum.
|
||||
Version 1.6 September 18, 1996 (cjm)
|
||||
Simplified ICMP aliasing scheme. Should now support
|
||||
traceroute from Win95 as well as FreeBSD.
|
||||
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/ip_icmp.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include "alias.p"
|
||||
|
||||
#define FTP_CONTROL_PORT_NUMBER 21
|
||||
|
||||
|
||||
|
||||
|
||||
/* TCP Handling Routines
|
||||
|
||||
TcpMonitorIn() -- These routines monitor TCP connections, and
|
||||
TcpMonitorOut() -- delete a link node when a connection is closed.
|
||||
|
||||
These routines look for SYN, ACK and RST flags to determine when TCP
|
||||
connections open and close. When a TCP connection closes, the data
|
||||
structure containing packet aliasing information is deleted after
|
||||
a timeout period.
|
||||
*/
|
||||
|
||||
void
|
||||
TcpMonitorIn(pip, link)
|
||||
struct ip *pip;
|
||||
char *link;
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
switch (GetStateIn(link))
|
||||
{
|
||||
case 0:
|
||||
if (tc->th_flags & TH_SYN) SetStateIn(link, 1);
|
||||
break;
|
||||
case 1:
|
||||
if (tc->th_flags & TH_FIN
|
||||
|| tc->th_flags & TH_RST) SetStateIn(link, 2);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
TcpMonitorOut(pip, link)
|
||||
struct ip *pip;
|
||||
char *link;
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
switch (GetStateOut(link))
|
||||
{
|
||||
case 0:
|
||||
if (tc->th_flags & TH_SYN) SetStateOut(link, 1);
|
||||
break;
|
||||
case 1:
|
||||
if (tc->th_flags & TH_FIN
|
||||
|| tc->th_flags & TH_RST) SetStateOut(link, 2);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/* Protocol Specific Packet Aliasing Routines
|
||||
|
||||
IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2
|
||||
IcmpAliasOut(), IcmpAliasOut1()
|
||||
UdpAliasIn(), UdpAliasOut()
|
||||
TcpAliasIn(), TcpAliasOut()
|
||||
|
||||
These routines handle protocol specific details of packet aliasing.
|
||||
One may observe a certain amount of repetitive arithmetic in these
|
||||
functions, the purpose of which is to compute a revised checksum
|
||||
without actually summing over the entire data packet, which could be
|
||||
unnecessarily time consuming.
|
||||
|
||||
The purpose of the packet aliasing routines is to replace the source
|
||||
address of the outgoing packet and then correctly put it back for
|
||||
any incoming packets. For TCP and UDP, ports are also re-mapped.
|
||||
|
||||
For ICMP echo/timestamp requests and replies, the following scheme
|
||||
is used: the sequence number is replaced by an alias for the outgoing
|
||||
packet and this sequence number, plus the id and remote address are
|
||||
used to find the packet on the return path.
|
||||
|
||||
ICMP error messages are handled by looking at the IP fragment
|
||||
in the data section of the message.
|
||||
|
||||
For TCP and UDP protocols, a port number is chosen for an outgoing
|
||||
packet, and then incoming packets are identified by IP address and
|
||||
port number. For TCP packets, there is additional logic in the event
|
||||
that sequence and ack numbers have been altered (as is the case for
|
||||
FTP data port commands).
|
||||
|
||||
The port numbers used by the packet aliasing module are not true
|
||||
ports in the Unix sense. No sockets are actually bound to ports.
|
||||
They are more correctly placeholders.
|
||||
|
||||
All packets are aliased, whether they come from the gateway machine
|
||||
or other machines on a local area network.
|
||||
*/
|
||||
|
||||
void
|
||||
IcmpAliasIn1(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
/*
|
||||
Un-alias incoming echo and timestamp replies
|
||||
*/
|
||||
char *link;
|
||||
struct icmp *ic;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
/* Get source address from ICMP data field and restore original data */
|
||||
link = FindIcmpIn(pip->ip_src, ic->icmp_id, ic->icmp_seq);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
u_short original_seq;
|
||||
int accumulate;
|
||||
|
||||
original_seq = GetOriginalPort(link);
|
||||
|
||||
/* Adjust ICMP checksum */
|
||||
accumulate = ic->icmp_cksum;
|
||||
accumulate += ic->icmp_seq;
|
||||
accumulate -= original_seq;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Put original sequence number back in */
|
||||
ic->icmp_seq = original_seq;
|
||||
|
||||
/* Put original address back into IP header */
|
||||
pip->ip_dst = GetOriginalAddress(link);
|
||||
|
||||
/* Delete unneeded data structure */
|
||||
DeleteLink(link);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
IcmpAliasIn2(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
/*
|
||||
Alias incoming ICMP error messages containing
|
||||
IP header and first 64 bits of datagram.
|
||||
*/
|
||||
struct ip *ip;
|
||||
struct icmp *ic, *ic2;
|
||||
struct udphdr *ud;
|
||||
struct tcphdr *tc;
|
||||
char *link;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
ip = (struct ip *) ic->icmp_data;
|
||||
|
||||
ud = (struct udphdr *) ((char *) ip + (ip->ip_hl <<2));
|
||||
tc = (struct tcphdr *) ud;
|
||||
ic2 = (struct icmp *) ud;
|
||||
|
||||
if (ip->ip_p == IPPROTO_UDP)
|
||||
link = FindUdpIn(ip->ip_dst, ud->uh_dport, ud->uh_sport);
|
||||
else if (ip->ip_p == IPPROTO_TCP)
|
||||
link = FindTcpIn(ip->ip_dst, tc->th_dport, tc->th_sport);
|
||||
else if (ip->ip_p == IPPROTO_ICMP)
|
||||
if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
|
||||
link = FindIcmpIn(ip->ip_dst, ic2->icmp_id, ic2->icmp_seq);
|
||||
else
|
||||
link = NULL_PTR;
|
||||
else
|
||||
link = NULL_PTR;
|
||||
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
if (ip->ip_p == IPPROTO_UDP || ip->ip_p == IPPROTO_TCP)
|
||||
{
|
||||
u_short *sptr;
|
||||
int accumulate;
|
||||
struct in_addr original_address;
|
||||
u_short original_port;
|
||||
|
||||
original_address = GetOriginalAddress(link);
|
||||
original_port = GetOriginalPort(link);
|
||||
|
||||
/* Adjust ICMP checksum */
|
||||
accumulate = ic->icmp_cksum;
|
||||
sptr = (u_short *) &(ip->ip_src);
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &original_address;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
accumulate += ud->uh_sport;
|
||||
accumulate -= original_port;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Un-alias address in IP header */
|
||||
pip->ip_dst = original_address;
|
||||
|
||||
/* Un-alias address and port number of original IP packet
|
||||
fragment contained in ICMP data section */
|
||||
ip->ip_src = original_address;
|
||||
ud->uh_sport = original_port;
|
||||
}
|
||||
else if (pip->ip_p == IPPROTO_ICMP)
|
||||
{
|
||||
u_short *sptr;
|
||||
int accumulate;
|
||||
struct in_addr original_address;
|
||||
u_short original_seq;
|
||||
|
||||
original_address = GetOriginalAddress(link);
|
||||
original_seq = GetOriginalPort(link);
|
||||
|
||||
/* Adjust ICMP checksum */
|
||||
accumulate = ic->icmp_cksum;
|
||||
sptr = (u_short *) &(ip->ip_src);
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &original_address;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
accumulate += ic2->icmp_seq;
|
||||
accumulate -= original_seq;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Un-alias address in IP header */
|
||||
pip->ip_dst = original_address;
|
||||
|
||||
/* Un-alias address of original IP packet and seqence number of
|
||||
embedded icmp datagram */
|
||||
ip->ip_src = original_address;
|
||||
ic2->icmp_seq = original_seq;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
IcmpAliasIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct icmp *ic;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
switch (ic->icmp_type)
|
||||
{
|
||||
case ICMP_ECHOREPLY:
|
||||
case ICMP_TSTAMPREPLY:
|
||||
if (ic->icmp_code == 0)
|
||||
{
|
||||
IcmpAliasIn1(pip);
|
||||
}
|
||||
break;
|
||||
case ICMP_UNREACH:
|
||||
case ICMP_SOURCEQUENCH:
|
||||
case ICMP_TIMXCEED:
|
||||
case ICMP_PARAMPROB:
|
||||
IcmpAliasIn2(pip);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
IcmpAliasOut1(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
/*
|
||||
Alias ICMP echo and timestamp packets
|
||||
*/
|
||||
char *link;
|
||||
struct icmp *ic;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
/* Save overwritten data for when echo packet returns */
|
||||
link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, ic->icmp_seq);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
u_short alias_seq;
|
||||
int accumulate;
|
||||
|
||||
alias_seq = GetAliasPort(link);
|
||||
|
||||
/* Since data field is being modified, adjust ICMP checksum */
|
||||
accumulate = ic->icmp_cksum;
|
||||
accumulate += ic->icmp_seq;
|
||||
accumulate -= alias_seq;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Alias sequence number */
|
||||
ic->icmp_seq = alias_seq;
|
||||
|
||||
/* Change source address */
|
||||
pip->ip_src = GetAliasAddress();
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
IcmpAliasOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct icmp *ic;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
switch (ic->icmp_type)
|
||||
{
|
||||
case ICMP_ECHO:
|
||||
case ICMP_TSTAMP:
|
||||
if (ic->icmp_code == 0)
|
||||
{
|
||||
IcmpAliasOut1(pip);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
UdpAliasIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct udphdr *ud;
|
||||
char *link;
|
||||
|
||||
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
link = FindUdpIn(pip->ip_src, ud->uh_sport, ud->uh_dport);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
struct in_addr alias_address;
|
||||
u_short alias_port;
|
||||
int accumulate;
|
||||
u_short *sptr;
|
||||
|
||||
alias_address = GetAliasAddress();
|
||||
pip->ip_dst = GetOriginalAddress(link);
|
||||
alias_port = ud->uh_dport;
|
||||
ud->uh_dport = GetOriginalPort(link);
|
||||
|
||||
/* If UDP checksum is not zero, then adjust since destination port */
|
||||
/* is being unaliased and destination port is being altered. */
|
||||
if (ud->uh_sum != 0)
|
||||
{
|
||||
accumulate = ud->uh_sum;
|
||||
accumulate += alias_port;
|
||||
accumulate -= ud->uh_dport;
|
||||
sptr = (u_short *) &alias_address;
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &(pip->ip_dst);
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ud->uh_sum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ud->uh_sum = (u_short) accumulate;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
UdpAliasOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct udphdr *ud;
|
||||
char *link;
|
||||
|
||||
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
link = FindUdpOut(pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
u_short alias_port;
|
||||
|
||||
alias_port = GetAliasPort(link);
|
||||
|
||||
/* If UDP checksum is not zero, adjust since source port is */
|
||||
/* being aliased and source address is being altered */
|
||||
if (ud->uh_sum != 0)
|
||||
{
|
||||
struct in_addr alias_address;
|
||||
int accumulate;
|
||||
u_short *sptr;
|
||||
|
||||
alias_address = GetAliasAddress();
|
||||
|
||||
accumulate = ud->uh_sum;
|
||||
accumulate += ud->uh_sport;
|
||||
accumulate -= alias_port;
|
||||
sptr = (u_short *) &(pip->ip_src);
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &alias_address;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ud->uh_sum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ud->uh_sum = (u_short) accumulate;
|
||||
}
|
||||
}
|
||||
|
||||
/* Put alias port in TCP header */
|
||||
ud->uh_sport = alias_port;
|
||||
|
||||
/* Change source address */
|
||||
pip->ip_src = GetAliasAddress();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
void
|
||||
TcpAliasIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
char *link;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
link = FindTcpIn(pip->ip_src, tc->th_sport, tc->th_dport);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
struct in_addr alias_address;
|
||||
u_short alias_port;
|
||||
int accumulate;
|
||||
u_short *sptr;
|
||||
|
||||
alias_address = GetAliasAddress();
|
||||
pip->ip_dst = GetOriginalAddress(link);
|
||||
alias_port = tc->th_dport;
|
||||
tc->th_dport = GetOriginalPort(link);
|
||||
|
||||
/* Adjust TCP checksum since destination port is being unaliased */
|
||||
/* and destination port is being altered. */
|
||||
accumulate = tc->th_sum;
|
||||
accumulate += alias_port;
|
||||
accumulate -= tc->th_dport;
|
||||
sptr = (u_short *) &alias_address;
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &(pip->ip_dst);
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
|
||||
/* See if ack number needs to be modified */
|
||||
if (GetAckModified(link) == 1)
|
||||
{
|
||||
int delta;
|
||||
|
||||
delta = GetDeltaAckIn(pip, link);
|
||||
if (delta != 0)
|
||||
{
|
||||
sptr = (u_short *) &tc->th_ack;
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
tc->th_ack = htonl(ntohl(tc->th_ack) - delta);
|
||||
sptr = (u_short *) &tc->th_ack;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
}
|
||||
}
|
||||
|
||||
/* Finish checksum modification */
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
tc->th_sum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
tc->th_sum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Monitor TCP connection state */
|
||||
TcpMonitorIn(pip, link);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
TcpAliasOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
char *link;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
link = FindTcpOut(pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport);
|
||||
if (link !=NULL_PTR)
|
||||
{
|
||||
struct in_addr alias_address;
|
||||
u_short alias_port;
|
||||
int accumulate;
|
||||
u_short *sptr;
|
||||
|
||||
alias_address = GetAliasAddress();
|
||||
alias_port = GetAliasPort(link);
|
||||
|
||||
/* Monitor tcp connection state */
|
||||
TcpMonitorOut(pip, link);
|
||||
|
||||
/* Special processing for ftp connection */
|
||||
if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER
|
||||
|| ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER)
|
||||
HandleFtpOut(pip, link);
|
||||
|
||||
/* Adjust TCP checksum since source port is being aliased */
|
||||
/* and source address is being altered */
|
||||
accumulate = tc->th_sum;
|
||||
accumulate += tc->th_sport;
|
||||
accumulate -= alias_port;
|
||||
sptr = (u_short *) &(pip->ip_src);
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &alias_address;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
|
||||
/* Modify sequence number if necessary */
|
||||
if (GetAckModified(link) == 1)
|
||||
{
|
||||
int delta;
|
||||
|
||||
delta = GetDeltaSeqOut(pip, link);
|
||||
if (delta != 0)
|
||||
{
|
||||
sptr = (u_short *) &tc->th_seq;
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
tc->th_seq = htonl(ntohl(tc->th_seq) + delta);
|
||||
sptr = (u_short *) &tc->th_seq;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
}
|
||||
}
|
||||
|
||||
/* Finish up checksum calculation */
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
tc->th_sum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
tc->th_sum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Put alias address in TCP header */
|
||||
tc->th_sport = alias_port;
|
||||
|
||||
/* Change source address */
|
||||
pip->ip_src = GetAliasAddress();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/* Fragment Handling
|
||||
|
||||
FragmentIn()
|
||||
FragmentOut()
|
||||
|
||||
The packet aliasing module has a limited ability for handling IP
|
||||
fragments. If the ICMP, TCP or UDP header is in the first fragment
|
||||
received, then the id number of the IP packet is saved, and other
|
||||
fragments are identified according to their ID number and IP address
|
||||
they were sent from.
|
||||
|
||||
In general, fragments seem few and far between these days. One way
|
||||
to generate them is with a ping request specifying a large data segment.
|
||||
This is how the software here was tested.
|
||||
|
||||
In principle, out-of-order IP fragments could also be handled by saving
|
||||
fragments until the header fragment came in and then sending them on
|
||||
their way. However, this violates a basic interface rule of the
|
||||
aliasing module in which individual packets are sent for remapping,
|
||||
and nothing is actually known about how to write these packets to a
|
||||
device interface.
|
||||
*/
|
||||
|
||||
void
|
||||
FragmentIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
char *link;
|
||||
|
||||
link = FindFragmentIn2(pip->ip_src);
|
||||
if (link != NULL_PTR)
|
||||
GetFragmentAddr(link, pip->ip_id, pip->ip_p, &(pip->ip_dst) );
|
||||
}
|
||||
|
||||
void
|
||||
FragmentOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
pip->ip_src = GetAliasAddress();
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/* Outside World Access
|
||||
|
||||
PacketAliasIn()
|
||||
PacketAliasOut()
|
||||
*/
|
||||
|
||||
void
|
||||
PacketAliasIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
int checksum_ok;
|
||||
|
||||
/* Verify initial checksum */
|
||||
if (IpChecksum(pip) == 0)
|
||||
checksum_ok = 1;
|
||||
else
|
||||
checksum_ok = 0;
|
||||
|
||||
if ( (ntohs(pip->ip_off) & IP_OFFMASK) == 0 )
|
||||
{
|
||||
switch (pip->ip_p)
|
||||
{
|
||||
case IPPROTO_ICMP:
|
||||
IcmpAliasIn(pip);
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
UdpAliasIn(pip);
|
||||
break;
|
||||
case IPPROTO_TCP:
|
||||
TcpAliasIn(pip);
|
||||
break;
|
||||
}
|
||||
if (ntohs(pip->ip_off) & IP_MF)
|
||||
{
|
||||
char *link;
|
||||
|
||||
link = FindFragmentIn1(pip->ip_src);
|
||||
if (link != NULL_PTR)
|
||||
SetFragmentData(link, pip->ip_id, pip->ip_p, pip->ip_dst);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
FragmentIn(pip);
|
||||
}
|
||||
|
||||
/* adjust IP checksum, if original is correct */
|
||||
if (checksum_ok == 1)
|
||||
{
|
||||
pip->ip_sum = 0;
|
||||
pip->ip_sum = IpChecksum(pip);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
PacketAliasOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
int checksum_ok;
|
||||
|
||||
if (IpChecksum(pip) == 0)
|
||||
checksum_ok = 1;
|
||||
else
|
||||
checksum_ok = 0;
|
||||
|
||||
if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0)
|
||||
{
|
||||
switch (pip->ip_p)
|
||||
{
|
||||
case IPPROTO_ICMP:
|
||||
IcmpAliasOut(pip);
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
UdpAliasOut(pip);
|
||||
break;
|
||||
case IPPROTO_TCP:
|
||||
TcpAliasOut(pip);
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
FragmentOut(pip);
|
||||
}
|
||||
|
||||
/* Adjust IP checksum, if original is correct */
|
||||
if (checksum_ok == 1)
|
||||
{
|
||||
pip->ip_sum = 0;
|
||||
pip->ip_sum = IpChecksum(pip);
|
||||
}
|
||||
}
|
@ -1,21 +0,0 @@
|
||||
/*
|
||||
Alias.h defines the outside world interfaces for the packet
|
||||
aliasing software.
|
||||
|
||||
This software is placed into the public domain with no restrictions
|
||||
on its distribution.
|
||||
|
||||
Initial version: August, 1996 (cjm)
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _ALIAS_H_
|
||||
#define _ALIAS_H_
|
||||
|
||||
extern void PacketAliasIn __P((struct ip *));
|
||||
extern void PacketAliasOut __P((struct ip *));
|
||||
extern void SetAliasAddress __P((struct in_addr));
|
||||
extern void InitAlias();
|
||||
extern void InitAliasLog();
|
||||
|
||||
#endif
|
@ -1,94 +0,0 @@
|
||||
/*
|
||||
Alias.p contains the function prototypes for alias.c, alias_db.c,
|
||||
alias_util.c and alias_ftp.c (as well as any future add-ons). It
|
||||
is intended to be used only within the aliasing software. Outside
|
||||
world interfaces are defined in alias.h
|
||||
|
||||
|
||||
This software is placed into the public domain with no restrictions
|
||||
on its distribution.
|
||||
|
||||
Initial version: August, 1996 (cjm)
|
||||
*/
|
||||
|
||||
#define NULL_PTR 0
|
||||
|
||||
/* General utilities */
|
||||
u_short InternetChecksum(u_short *, int);
|
||||
u_short IpChecksum(struct ip *);
|
||||
u_short TcpChecksum(struct ip *);
|
||||
|
||||
/* Data access utilities */
|
||||
int StartPoint(struct in_addr, u_short, int);
|
||||
u_short GetNewPort();
|
||||
int SeqDiff(u_long, u_long);
|
||||
void ShowAliasStats();
|
||||
|
||||
/* Internal data access */
|
||||
void CleanupAliasData();
|
||||
void IncrementalCleanup();
|
||||
char * FindLink1(struct in_addr, struct in_addr, u_short, u_short, int);
|
||||
char * FindLink2(struct in_addr, u_short, u_short, int);
|
||||
void DeleteLink(char *);
|
||||
char * AddLink(struct in_addr, struct in_addr, u_short, u_short,
|
||||
u_short, int);
|
||||
|
||||
/* External data search */
|
||||
char * FindIcmpIn(struct in_addr, u_short, u_short);
|
||||
char * FindIcmpOut(struct in_addr, struct in_addr, u_short, u_short);
|
||||
char * FindFragmentIn1(struct in_addr);
|
||||
char * FindFragmentIn2(struct in_addr);
|
||||
char * FindUdpIn(struct in_addr, u_short, u_short);
|
||||
char * FindUdpOut(struct in_addr, struct in_addr, u_short, u_short);
|
||||
char * FindTcpIn(struct in_addr, u_short, u_short);
|
||||
char * FindTcpOut(struct in_addr, struct in_addr, u_short, u_short);
|
||||
|
||||
/* External data access/modification */
|
||||
void GetIcmpData(char *, u_short, u_short, u_long *);
|
||||
void SetIcmpData(char *, u_short, u_short, u_long);
|
||||
void GetFragmentAddr(char *, u_short, u_char, struct in_addr *);
|
||||
void SetFragmentData(char *, u_short, u_char, struct in_addr);
|
||||
void SetStateIn(char *, int);
|
||||
void SetStateOut(char *, int);
|
||||
int GetStateIn(char *);
|
||||
int GetStateOut(char *);
|
||||
struct in_addr GetOriginalAddress(char *);
|
||||
struct in_addr GetDestAddress(char *);
|
||||
struct in_addr GetAliasAddress();
|
||||
u_short GetOriginalPort(char *);
|
||||
u_short GetDestPort(char *);
|
||||
u_short GetAliasPort(char *);
|
||||
void SetAckModified(char *);
|
||||
int GetAckModified(char *);
|
||||
int GetDeltaAckIn(struct ip *, char *);
|
||||
int GetDeltaSeqOut(struct ip *, char *);
|
||||
void AddSeq(struct ip *, char *, int);
|
||||
|
||||
/* Tcp specfic routines */
|
||||
void TcpMonitorIn(struct ip *, char *);
|
||||
void TcpMonitorOut(struct ip *, char *);
|
||||
void HandleFtpOut(struct ip *, char *);
|
||||
void NewFtpPortCommand(struct ip *, char *, struct in_addr, u_short);
|
||||
|
||||
/* Protocal specific packet aliasing routines */
|
||||
void IcmpAliasIn1(struct ip *);
|
||||
void IcmpAliasIn2(struct ip *);
|
||||
void IcmpAliasIn(struct ip *);
|
||||
void IcmpAliasOut(struct ip *);
|
||||
void IcmpAliasOut1(struct ip *);
|
||||
void UdpAliasIn(struct ip *);
|
||||
void UdpAliasOut(struct ip *);
|
||||
void TcpAliasIn(struct ip *);
|
||||
void TcpAliasOut(struct ip *);
|
||||
|
||||
/* Fragment handling */
|
||||
void FragmentIn(struct ip *);
|
||||
void FragmentOut(struct ip *);
|
||||
|
||||
/* Outside world interfaces */
|
||||
void PacketAliasIn(struct ip *);
|
||||
void PacketAliasOut(struct ip *);
|
||||
void SetAliasAddress(struct in_addr);
|
||||
void InitAlias();
|
||||
void InitAliasLog();
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,198 +0,0 @@
|
||||
/*
|
||||
Alias_ftp.c performs special processing for FTP sessions under
|
||||
TCP. Specifically, when a PORT command from the client side
|
||||
is sent, it is intercepted and modified. The address is changed
|
||||
to the gateway machine and an aliasing port is used.
|
||||
|
||||
For this routine to work, the PORT command must fit entirely
|
||||
into a single TCP packet. This is typically the case, but exceptions
|
||||
can easily be envisioned under the actual specifications.
|
||||
|
||||
Probably the most troubling aspect of the approach taken here is
|
||||
that the new PORT command will typically be a different length, and
|
||||
this causes a certain amount of bookkeeping to keep track of the
|
||||
changes of sequence and acknowledgment numbers, since the client
|
||||
machine is totally unaware of the modification to the TCP stream.
|
||||
|
||||
|
||||
This software is placed into the public domain with no restrictions
|
||||
on its distribution.
|
||||
|
||||
Initial version: August, 1996 (cjm)
|
||||
*/
|
||||
|
||||
/* Includes */
|
||||
#include <ctype.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/tcp.h>
|
||||
|
||||
/* Constants */
|
||||
#define FTP_DATA_PORT_NUMBER 20
|
||||
|
||||
/* Prototypes */
|
||||
#include "alias.p"
|
||||
|
||||
|
||||
void
|
||||
HandleFtpOut(pip, link)
|
||||
struct ip *pip;
|
||||
char *link;
|
||||
{
|
||||
int hlen, tlen, dlen;
|
||||
struct in_addr true_addr;
|
||||
u_short true_port;
|
||||
char *sptr;
|
||||
struct tcphdr *tc;
|
||||
|
||||
/* Calculate data length of TCP packet */
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
hlen = (pip->ip_hl + tc->th_off) << 2;
|
||||
tlen = ntohs(pip->ip_len);
|
||||
dlen = tlen - hlen;
|
||||
|
||||
/* Return is data length is too long or too short */
|
||||
if (dlen<10 || dlen>80)
|
||||
return;
|
||||
|
||||
/* Place string pointer and beginning of data */
|
||||
sptr = (char *) pip;
|
||||
sptr += hlen;
|
||||
|
||||
/* Parse through string using state diagram method */
|
||||
{
|
||||
char ch, zero;
|
||||
int i, state;
|
||||
u_long a1, a2, a3, a4;
|
||||
u_short p1, p2;
|
||||
|
||||
a1=0; a2=0; a3=0; a4=0; p1=0; p2=0;
|
||||
zero = '0';
|
||||
state=-4;
|
||||
for (i=0; i<dlen; i++)
|
||||
{
|
||||
ch = sptr[i];
|
||||
switch (state)
|
||||
{
|
||||
case -4: if (ch == 'P') state=-3; else return; break;
|
||||
case -3: if (ch == 'O') state=-2; else return; break;
|
||||
case -2: if (ch == 'R') state=-1; else return; break;
|
||||
case -1: if (ch == 'T') state= 0; else return; break;
|
||||
|
||||
case 0 :
|
||||
if (isdigit(ch)) {a1=ch-zero; state=1 ;} break;
|
||||
case 1 :
|
||||
if (isdigit(ch)) a1=10*a1+ch-zero; else state=2 ; break;
|
||||
case 2 :
|
||||
if (isdigit(ch)) {a2=ch-zero; state=3 ;} break;
|
||||
case 3 :
|
||||
if (isdigit(ch)) a2=10*a2+ch-zero; else state=4 ; break;
|
||||
case 4 :
|
||||
if (isdigit(ch)) {a3=ch-zero; state=5 ;} break;
|
||||
case 5 :
|
||||
if (isdigit(ch)) a3=10*a3+ch-zero; else state=6 ; break;
|
||||
case 6 :
|
||||
if (isdigit(ch)) {a4=ch-zero; state=7 ;} break;
|
||||
case 7 :
|
||||
if (isdigit(ch)) a4=10*a4+ch-zero; else state=8 ; break;
|
||||
case 8 :
|
||||
if (isdigit(ch)) {p1=ch-zero; state=9 ;} break;
|
||||
case 9 :
|
||||
if (isdigit(ch)) p1=10*p1+ch-zero; else state=10; break;
|
||||
case 10:
|
||||
if (isdigit(ch)) {p2=ch-zero; state=11;} break;
|
||||
case 11:
|
||||
if (isdigit(ch)) p2=10*p2+ch-zero; break;
|
||||
}
|
||||
}
|
||||
|
||||
if (state == 11)
|
||||
{
|
||||
true_port = htons((p1<<8) + p2);
|
||||
true_addr.s_addr = htonl((a1<<24) + (a2<<16) +(a3<<8) + a4);
|
||||
NewFtpPortCommand(pip, link, true_addr, true_port);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
NewFtpPortCommand(pip, link, true_addr, true_port)
|
||||
struct ip *pip;
|
||||
char *link;
|
||||
struct in_addr true_addr;
|
||||
u_short true_port;
|
||||
{
|
||||
char *ftp_link;
|
||||
|
||||
/* Establish link to address and port found in PORT command */
|
||||
ftp_link = FindTcpOut (true_addr,
|
||||
GetDestAddress(link),
|
||||
true_port,
|
||||
htons(FTP_DATA_PORT_NUMBER));
|
||||
|
||||
if (ftp_link != NULL_PTR)
|
||||
{
|
||||
int slen, hlen, tlen, dlen;
|
||||
struct tcphdr *tc;
|
||||
|
||||
/* Calculate data length of TCP packet */
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
hlen = (pip->ip_hl + tc->th_off) << 2;
|
||||
tlen = ntohs(pip->ip_len);
|
||||
dlen = tlen - hlen;
|
||||
|
||||
/* Create new PORT command */
|
||||
{
|
||||
char stemp[80];
|
||||
char *sptr;
|
||||
u_short alias_port;
|
||||
u_char *ptr;
|
||||
int a1, a2, a3, a4, p1, p2;
|
||||
struct in_addr aliasAddress;
|
||||
|
||||
/* Decompose alias address into quad format */
|
||||
aliasAddress = GetAliasAddress();
|
||||
ptr = (char *) &aliasAddress;
|
||||
a1 = *ptr++; a2=*ptr++; a3=*ptr++; a4=*ptr;
|
||||
|
||||
/* Decompose alias port into pair format */
|
||||
alias_port = GetAliasPort(ftp_link);
|
||||
ptr = (char *) &alias_port;
|
||||
p1 = *ptr++; p2=*ptr;
|
||||
|
||||
/* Generate command string */
|
||||
snprintf(stemp, sizeof(stemp), "PORT %d,%d,%d,%d,%d,%d\r\n",
|
||||
a1,a2,a3,a4,p1,p2);
|
||||
|
||||
/* Save string length for IP header modification */
|
||||
slen = strlen(stemp);
|
||||
|
||||
/* Copy into IP packet */
|
||||
sptr = (char *) pip; sptr += hlen;
|
||||
strcpy(sptr, stemp);
|
||||
}
|
||||
|
||||
/* Save information regarding modified seq and ack numbers */
|
||||
{
|
||||
int delta;
|
||||
|
||||
SetAckModified(link);
|
||||
delta = GetDeltaSeqOut(pip, link);
|
||||
AddSeq(pip, link, delta+slen-dlen);
|
||||
pip->ip_len = ntohs(hlen + slen);
|
||||
}
|
||||
|
||||
/* Compute TCP checksum for revised packet */
|
||||
tc->th_sum = 0;
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
}
|
||||
else
|
||||
{
|
||||
fprintf(stderr,
|
||||
"PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");
|
||||
}
|
||||
}
|
@ -1,104 +0,0 @@
|
||||
/*
|
||||
Alias_util.h contains general utilities used by other functions
|
||||
in the packet aliasing module. At the moment, there are functions
|
||||
for computing IP header and TCP packet checksums.
|
||||
|
||||
The checksum routines are based upon example code in a Unix networking
|
||||
text written by Stevens (sorry, I can't remember the title -- but
|
||||
at least this is a good author).
|
||||
|
||||
Initial Version: August, 1996 (cjm)
|
||||
*/
|
||||
|
||||
/*
|
||||
Note: the checksum routines assume that the actual checksum word has
|
||||
been zeroed out. If the checksum workd is filled with the proper value,
|
||||
then these routines will give a result of zero (useful for testing
|
||||
purposes);
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/tcp.h>
|
||||
|
||||
u_short
|
||||
InternetChecksum(ptr, nbytes)
|
||||
u_short *ptr;
|
||||
int nbytes;
|
||||
{
|
||||
int sum, oddbyte;
|
||||
|
||||
sum = 0;
|
||||
while (nbytes > 1)
|
||||
{
|
||||
sum += *ptr++;
|
||||
nbytes -= 2;
|
||||
}
|
||||
if (nbytes == 1)
|
||||
{
|
||||
oddbyte = 0;
|
||||
*((u_char *) &oddbyte) = *(u_char *) ptr;
|
||||
sum += oddbyte;
|
||||
}
|
||||
sum = (sum >> 16) + (sum & 0xffff);
|
||||
sum += (sum >> 16);
|
||||
return(~sum);
|
||||
}
|
||||
|
||||
u_short
|
||||
IpChecksum(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
return( InternetChecksum((u_short *) pip, (pip->ip_hl << 2)) );
|
||||
|
||||
}
|
||||
|
||||
u_short
|
||||
TcpChecksum(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
u_short *ptr;
|
||||
struct tcphdr *tc;
|
||||
int nhdr, ntcp, nbytes;
|
||||
int sum, oddbyte;
|
||||
|
||||
nhdr = pip->ip_hl << 2;
|
||||
ntcp = ntohs(pip->ip_len) - nhdr;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + nhdr);
|
||||
ptr = (u_short *) tc;
|
||||
|
||||
/* Add up TCP header and data */
|
||||
nbytes = ntcp;
|
||||
sum = 0;
|
||||
while (nbytes > 1)
|
||||
{
|
||||
sum += *ptr++;
|
||||
nbytes -= 2;
|
||||
}
|
||||
if (nbytes == 1)
|
||||
{
|
||||
oddbyte = 0;
|
||||
*((u_char *) &oddbyte) = *(u_char *) ptr;
|
||||
sum += oddbyte;
|
||||
}
|
||||
|
||||
/* "Pseudo-header" data */
|
||||
ptr = (u_short *) &(pip->ip_dst);
|
||||
sum += *ptr++;
|
||||
sum += *ptr;
|
||||
ptr = (u_short *) &(pip->ip_src);
|
||||
sum += *ptr++;
|
||||
sum += *ptr;
|
||||
sum += htons((u_short) ntcp);
|
||||
sum += htons((u_short) pip->ip_p);
|
||||
|
||||
/* Roll over carry bits */
|
||||
sum = (sum >> 16) + (sum & 0xffff);
|
||||
sum += (sum >> 16);
|
||||
|
||||
/* Return checksum */
|
||||
return((u_short) ~sum);
|
||||
}
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: command.c,v 1.46 1997/05/14 01:18:50 brian Exp $
|
||||
* $Id: command.c,v 1.47 1997/05/19 01:59:59 brian Exp $
|
||||
*
|
||||
*/
|
||||
#include <sys/types.h>
|
||||
@ -25,6 +25,13 @@
|
||||
#include <termios.h>
|
||||
#include <sys/wait.h>
|
||||
#include <time.h>
|
||||
#include <netdb.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <net/route.h>
|
||||
#include <paths.h>
|
||||
#include <alias.h>
|
||||
#include "fsm.h"
|
||||
#include "phase.h"
|
||||
#include "lcp.h"
|
||||
@ -32,21 +39,18 @@
|
||||
#include "modem.h"
|
||||
#include "filter.h"
|
||||
#include "command.h"
|
||||
#include "alias_cmd.h"
|
||||
#include "hdlc.h"
|
||||
#include "vars.h"
|
||||
#include "systems.h"
|
||||
#include "chat.h"
|
||||
#include <netdb.h>
|
||||
#include <sys/socket.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <net/route.h>
|
||||
#include "os.h"
|
||||
#include <paths.h>
|
||||
#include "chat.h"
|
||||
|
||||
extern void Cleanup(), TtyTermMode(), PacketMode();
|
||||
extern int EnableCommand(), DisableCommand(), DisplayCommand();
|
||||
extern int AcceptCommand(), DenyCommand();
|
||||
static int AliasCommand();
|
||||
extern int LocalAuthCommand();
|
||||
extern int LoadCommand(), SaveCommand();
|
||||
extern int ChangeParity(char *);
|
||||
@ -283,6 +287,8 @@ struct cmdtab const Commands[] = {
|
||||
"Show status and statictics", "var"},
|
||||
{ "term", NULL, TerminalCommand,LOCAL_AUTH,
|
||||
"Enter to terminal mode", StrNull},
|
||||
{ "alias", NULL, AliasCommand, LOCAL_AUTH,
|
||||
"alias control", "option [yes|no]"},
|
||||
{ "quit", "bye", QuitCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
|
||||
"Quit PPP program", "[all]"},
|
||||
{ "help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
|
||||
@ -1208,3 +1214,88 @@ char **argv;
|
||||
return(1);
|
||||
}
|
||||
|
||||
|
||||
static int AliasEnable();
|
||||
static int AliasOption();
|
||||
|
||||
|
||||
static struct cmdtab const AliasCommands[] =
|
||||
{
|
||||
{ "enable", NULL, AliasEnable, LOCAL_AUTH,
|
||||
"enable IP aliasing", "[yes|no]"},
|
||||
{ "port", NULL, AliasRedirectPort, LOCAL_AUTH,
|
||||
"port redirection", "[proto addr_local:port_local port_alias]"},
|
||||
{ "addr", NULL, AliasRedirectAddr, LOCAL_AUTH,
|
||||
"static address translation", "[addr_local addr_alias]"},
|
||||
{ "deny_incoming", NULL, AliasOption, LOCAL_AUTH,
|
||||
"stop incoming connections", "[yes|no]",
|
||||
(void*)PKT_ALIAS_DENY_INCOMING},
|
||||
{ "log", NULL, AliasOption, LOCAL_AUTH,
|
||||
"log aliasing link creation", "[yes|no]",
|
||||
(void*)PKT_ALIAS_LOG},
|
||||
{ "same_ports", NULL, AliasOption, LOCAL_AUTH,
|
||||
"try to leave port numbers unchanged", "[yes|no]",
|
||||
(void*)PKT_ALIAS_SAME_PORTS},
|
||||
{ "use_sockets", NULL, AliasOption, LOCAL_AUTH,
|
||||
"allocate host sockets", "[yes|no]",
|
||||
(void*)PKT_ALIAS_USE_SOCKETS },
|
||||
{ "unregistered_only", NULL, AliasOption, LOCAL_AUTH,
|
||||
"alias unregistered (private) IP address space only", "[yes|no]",
|
||||
(void*)PKT_ALIAS_UNREGISTERED_ONLY},
|
||||
{ "help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
|
||||
"Display this message", StrNull,
|
||||
(void *)AliasCommands},
|
||||
{ NULL, NULL, NULL },
|
||||
};
|
||||
|
||||
|
||||
static int
|
||||
AliasCommand(list, argc, argv)
|
||||
struct cmdtab *list;
|
||||
int argc;
|
||||
char **argv;
|
||||
{
|
||||
int val = 1;
|
||||
|
||||
if (argc > 0)
|
||||
val = FindExec(AliasCommands, argc, argv);
|
||||
else
|
||||
printf("Use `alias help' to get a list or `alias help <option>' for syntax h
|
||||
elp.\n");
|
||||
return(val);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
AliasEnable(list, argc, argv)
|
||||
struct cmdtab *list;
|
||||
int argc;
|
||||
char **argv;
|
||||
{
|
||||
if (argc == 1 && strcmp(argv[0], "yes") == 0) {
|
||||
mode |= MODE_ALIAS;
|
||||
} else if (argc == 1 && strcmp(argv[0], "no") == 0) {
|
||||
mode &= ~MODE_ALIAS;
|
||||
} else {
|
||||
printf("Usage: alias %s %s\n", list->name, list->syntax);
|
||||
}
|
||||
return(1);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
AliasOption(list, argc, argv, param)
|
||||
struct cmdtab *list;
|
||||
int argc;
|
||||
char **argv;
|
||||
void* param;
|
||||
{
|
||||
if (argc == 1 && strcmp(argv[0], "yes") == 0) {
|
||||
SetPacketAliasMode((unsigned)param, (unsigned)param);
|
||||
} else if (argc == 1 && strcmp(argv[0], "no") == 0) {
|
||||
SetPacketAliasMode(0, (unsigned)param);
|
||||
} else {
|
||||
printf("Usage: alias %s %s\n", list->name, list->syntax);
|
||||
}
|
||||
return(1);
|
||||
}
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: ip.c,v 1.16 1997/05/10 01:22:11 brian Exp $
|
||||
* $Id: ip.c,v 1.17 1997/05/19 02:00:00 brian Exp $
|
||||
*
|
||||
* TODO:
|
||||
* o Return ICMP message for filterd packet
|
||||
@ -32,9 +32,9 @@
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <alias.h>
|
||||
#include "vars.h"
|
||||
#include "filter.h"
|
||||
#include "alias.h"
|
||||
|
||||
extern void SendPppFrame();
|
||||
extern void LcpClose();
|
||||
@ -334,22 +334,68 @@ struct mbuf *bp; /* IN: Pointer to IP pakcet */
|
||||
}
|
||||
|
||||
if (mode & MODE_ALIAS) {
|
||||
PacketAliasIn((struct ip *)tunbuff);
|
||||
nb = ntohs(((struct ip *)tunbuff)->ip_len);
|
||||
}
|
||||
int iresult;
|
||||
char *fptr;
|
||||
|
||||
if ( PacketCheck(tunbuff, nb, FL_IN ) < 0) {
|
||||
pfree(bp);
|
||||
return;
|
||||
}
|
||||
iresult = PacketAliasIn(tunbuff, sizeof tunbuff);
|
||||
nb = ntohs(((struct ip *) tunbuff)->ip_len);
|
||||
|
||||
ipInOctets += nb;
|
||||
/*
|
||||
* Pass it to tunnel device
|
||||
*/
|
||||
nw = write(tun_out, tunbuff, nb);
|
||||
if (nw != nb)
|
||||
fprintf(stderr, "wrote %d, got %d\r\n", nb, nw);
|
||||
if (nb > MAX_MRU) {
|
||||
fprintf(stderr, "Problem with IP header length\n");
|
||||
pfree(bp);
|
||||
return;
|
||||
}
|
||||
|
||||
if (iresult == PKT_ALIAS_OK
|
||||
|| iresult == PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
|
||||
if ( PacketCheck(tunbuff, nb, FL_IN ) < 0) {
|
||||
pfree(bp);
|
||||
return;
|
||||
}
|
||||
|
||||
ipInOctets += nb;
|
||||
|
||||
nb = ntohs(((struct ip *) tunbuff)->ip_len);
|
||||
nw = write(tun_out, tunbuff, nb);
|
||||
if (nw != nb)
|
||||
fprintf(stderr, "wrote %d, got %d\r\n", nb, nw);
|
||||
|
||||
if (iresult == PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
|
||||
while ((fptr = GetNextFragmentPtr(tunbuff)) != NULL) {
|
||||
FragmentAliasIn(tunbuff, fptr);
|
||||
nb = ntohs(((struct ip *) fptr)->ip_len);
|
||||
nw = write(tun_out, fptr, nb);
|
||||
if (nw != nb)
|
||||
fprintf(stderr, "wrote %d, got %d\r\n", nb, nw);
|
||||
free(fptr);
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (iresult == PKT_ALIAS_UNRESOLVED_FRAGMENT) {
|
||||
nb = ntohs(((struct ip *) tunbuff)->ip_len);
|
||||
fptr = malloc(nb);
|
||||
if (fptr == NULL) {
|
||||
fprintf(stderr, "Cannot allocate memory for fragment\n");
|
||||
}
|
||||
else {
|
||||
memcpy(fptr, tunbuff, nb);
|
||||
SaveFragmentPtr(fptr);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{ /* no aliasing */
|
||||
if ( PacketCheck(tunbuff, nb, FL_IN ) < 0)
|
||||
{
|
||||
pfree(bp);
|
||||
return;
|
||||
}
|
||||
|
||||
ipInOctets += nb;
|
||||
nw = write(tun_out, tunbuff, nb);
|
||||
if (nw != nb)
|
||||
fprintf(stderr, "wrote %d, got %d\r\n", nb, nw);
|
||||
}
|
||||
pfree(bp);
|
||||
|
||||
RestartIdleTimer();
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: ipcp.c,v 1.16 1997/05/10 23:46:29 ache Exp $
|
||||
* $Id: ipcp.c,v 1.17 1997/05/19 02:00:02 brian Exp $
|
||||
*
|
||||
* TODO:
|
||||
* o More RFC1772 backwoard compatibility
|
||||
@ -31,11 +31,11 @@
|
||||
#include <netinet/ip.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <sys/socket.h>
|
||||
#include <alias.h>
|
||||
#include "slcompress.h"
|
||||
#include "os.h"
|
||||
#include "phase.h"
|
||||
#include "vars.h"
|
||||
#include "alias.h"
|
||||
|
||||
extern void PutConfValue();
|
||||
extern void Prompt();
|
||||
@ -282,7 +282,7 @@ struct fsm *fp;
|
||||
IpcpStartReport();
|
||||
StartIdleTimer();
|
||||
if (mode & MODE_ALIAS)
|
||||
SetAliasAddress(IpcpInfo.want_ipaddr);
|
||||
SetPacketAliasAddress(IpcpInfo.want_ipaddr);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: main.c,v 1.52 1997/05/19 02:00:06 brian Exp $
|
||||
* $Id: main.c,v 1.53 1997/05/19 03:02:36 brian Exp $
|
||||
*
|
||||
* TODO:
|
||||
* o Add commands for traffic summary, version display, etc.
|
||||
@ -37,6 +37,7 @@
|
||||
#include <arpa/inet.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <alias.h>
|
||||
#include "modem.h"
|
||||
#include "os.h"
|
||||
#include "hdlc.h"
|
||||
@ -48,7 +49,6 @@
|
||||
#include "filter.h"
|
||||
#include "systems.h"
|
||||
#include "ip.h"
|
||||
#include "alias.h"
|
||||
#include "sig.h"
|
||||
|
||||
#define LAUTH_M1 "Warning: No password entry for this host in ppp.secret\n"
|
||||
@ -330,7 +330,7 @@ char **argv;
|
||||
Greetings();
|
||||
GetUid();
|
||||
IpcpDefAddress();
|
||||
InitAlias();
|
||||
InitPacketAlias();
|
||||
|
||||
if (SelectSystem("default", CONFFILE) < 0) {
|
||||
fprintf(stderr, "Warning: No default entry is given in config file.\n");
|
||||
@ -1022,7 +1022,7 @@ DoLoop()
|
||||
pri = PacketCheck(rbuff, n, FL_DIAL);
|
||||
if (pri >= 0) {
|
||||
if (mode & MODE_ALIAS) {
|
||||
PacketAliasOut((struct ip *)rbuff);
|
||||
PacketAliasOut(rbuff, sizeof rbuff);
|
||||
n = ntohs(((struct ip *)rbuff)->ip_len);
|
||||
}
|
||||
IpEnqueue(pri, rbuff, n);
|
||||
@ -1033,7 +1033,7 @@ DoLoop()
|
||||
pri = PacketCheck(rbuff, n, FL_OUT);
|
||||
if (pri >= 0) {
|
||||
if (mode & MODE_ALIAS) {
|
||||
PacketAliasOut((struct ip *)rbuff);
|
||||
PacketAliasOut(rbuff, sizeof rbuff);
|
||||
n = ntohs(((struct ip *)rbuff)->ip_len);
|
||||
}
|
||||
IpEnqueue(pri, rbuff, n);
|
||||
|
Loading…
Reference in New Issue
Block a user