The infamous IP aliasing code for ppp, modified to work as a runtime option
(otherwise ppp's behavior remains unchanged) and documented by myself, Steve Sims, Nate Williams, Martin Renters and god-only-knows who else. :-) Submitted by: nate Obtained from: Charles Mott <cmott@srv.net>
This commit is contained in:
parent
54c5d00f71
commit
a9f484e520
@ -1,10 +1,11 @@
|
||||
# $Id: Makefile,v 1.8 1996/10/18 01:44:45 jkh Exp $
|
||||
# $Id: Makefile,v 1.9 1996/10/18 03:47:51 jkh Exp $
|
||||
|
||||
PROG= ppp
|
||||
SRCS= async.c auth.c ccp.c chap.c chat.c command.c filter.c fsm.c hdlc.c \
|
||||
ip.c ipcp.c lcp.c lqr.c log.c main.c mbuf.c modem.c os.c \
|
||||
pap.c pred.c route.c slcompress.c timer.c systems.c uucplock.c vars.c \
|
||||
vjcomp.c arp.c passwdauth.c
|
||||
vjcomp.c arp.c alias.c alias_db.c alias_ftp.c alias_util.c \
|
||||
passwdauth.c
|
||||
#CFLAGS+= -DHAVE_SHELL_CMD_WITH_ANY_MODE
|
||||
CFLAGS += -Wall -DUSE_PERROR -DMSEXT -DPASSWDAUTH
|
||||
LDADD += -lmd -lcrypt -lutil
|
||||
|
112
usr.sbin/ppp/README.alias
Normal file
112
usr.sbin/ppp/README.alias
Normal file
@ -0,0 +1,112 @@
|
||||
User PPP Packet Aliasing
|
||||
|
||||
0. Contents
|
||||
1. Background
|
||||
2. Setup
|
||||
3. Future Development
|
||||
|
||||
|
||||
1. Background
|
||||
|
||||
User ppp has embedded packet aliasing (IP masquerading) code.
|
||||
When this capability is enabled by the "-alias" command line
|
||||
option, the ppp host will automatically alias IP packets forwarded
|
||||
from a local network so that they appear to come from the ppp
|
||||
host machine. Incoming packets from the outside world are then
|
||||
appropriately de-aliased.
|
||||
|
||||
The process of aliasing involves both the IP address as well as
|
||||
TCP and UDP port numbers. ICMP packets can be aliased by either
|
||||
their id or sequence numbers.
|
||||
|
||||
This software was specifically meant to support users who have
|
||||
unregistered, private address IP networks (e.g. 192.168.0.x or
|
||||
10.0.0.x addresses). The ppp host can act as a gateway for these
|
||||
networks, and computers on the local area net will have some
|
||||
degree of internet access without the need for a registered IP
|
||||
address. Additionally, there will be no need for an internet
|
||||
service provider to maintain routing tables for the local area
|
||||
network.
|
||||
|
||||
A disadvantage of packet aliasing is that machines on the local
|
||||
network, behind the ppp host, can establish tcp connections and
|
||||
make udp inqiries (such as domain name service requests), but these
|
||||
machines, other than the ppp host itself, are not visible from
|
||||
the outside world. There is, in effect, a partial firewall.
|
||||
|
||||
A second disadvantage is that "IP encoding" protocols, which send
|
||||
IP address or port information within the data stream, are not
|
||||
supported unless exception code has been put in place. A workaround
|
||||
for ftp, which is the most well known of the IP encoding protocols,
|
||||
has been developed in this implementation, so users do not have
|
||||
to depend on using the ftp passive mode, as is sometimes the case
|
||||
with other masquerading solutions.
|
||||
|
||||
All standard, non-encoding TCP and UDP protocals are supported,
|
||||
Examples of these protocols are http, gopher and telnet. The
|
||||
standard UDP mode of RealAudio is not presently supported,
|
||||
but the TCP mode does work correctly. IRC is reported by users
|
||||
to work in some, but not all, modes.
|
||||
|
||||
The packet aliasing code also handle many ICMP messages. In
|
||||
particular, ping and traceroute are supported.
|
||||
|
||||
|
||||
|
||||
2. Packet Aliasing Setup
|
||||
|
||||
It is recommended that correct ppp operation first be verified
|
||||
without packet aliasing enabled. Then ppp can be started with
|
||||
the "-alias" option in the command line. Correct network operation
|
||||
of the ppp host in packet aliasing mode should then be verified.
|
||||
Finally, machines on the private network should be checked to see
|
||||
whether they can access the internet.
|
||||
|
||||
Since the masquerading software aliases all packets, whether
|
||||
they come from the host or another computer on the local area
|
||||
network, a correctly operating ppp host will indicate that the
|
||||
software should work properly for other computers on the private
|
||||
network.
|
||||
|
||||
If the ppp host can access the internet, but other computers on
|
||||
the local network cannot do this, then it should be checked that
|
||||
IP forwarding is enabled on the ppp host and that the other
|
||||
computers use this machine as a gateway. Of course, proper
|
||||
communications between machines within the local area network
|
||||
should also be verified (do they use consistent subnet addresses
|
||||
and masks?).
|
||||
|
||||
|
||||
|
||||
3. Future Development
|
||||
|
||||
What is called packet aliasing here has been variously called
|
||||
masquerading, network address translation (NAT) and transparent
|
||||
proxying by others. It is an extremely useful function to
|
||||
many users, but it is also necessarily imperfect. Workarounds
|
||||
(hacks) are always needed for the occasional IP-encoding
|
||||
protocols.
|
||||
|
||||
The specific solution implemented here does not block off or
|
||||
reserve any segment of TCP or UDP ports on the ppp host for use
|
||||
by the masquerading function. No communication to the kernel
|
||||
is needed in this matter. All packets are aliased, whether
|
||||
they originate from the ppp host or other computers on the
|
||||
local network. This is a central issue, and some programmers
|
||||
may wish to handle this differently.
|
||||
|
||||
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c
|
||||
and alias_util.c) runs in user space, and is intended to be
|
||||
both portable and reusable for interfaces other than ppp. The
|
||||
basic engine is accessed by four simple function calls
|
||||
(initialization, communication of host address, outgoing
|
||||
aliasing and incoming de-aliasing).
|
||||
|
||||
Limited IP fragment handling exists. Once the packet aliasing
|
||||
software sees the header fragment of a packet, all other fragments
|
||||
will be correctly forwarded. However, if the header fragment
|
||||
does not come first, then some fragments will be lost.
|
||||
|
||||
Charles Mott (cmott@srv.net)
|
||||
December 4, 1996
|
||||
|
112
usr.sbin/ppp/README.nat
Normal file
112
usr.sbin/ppp/README.nat
Normal file
@ -0,0 +1,112 @@
|
||||
User PPP Packet Aliasing
|
||||
|
||||
0. Contents
|
||||
1. Background
|
||||
2. Setup
|
||||
3. Future Development
|
||||
|
||||
|
||||
1. Background
|
||||
|
||||
User ppp has embedded packet aliasing (IP masquerading) code.
|
||||
When this capability is enabled by the "-alias" command line
|
||||
option, the ppp host will automatically alias IP packets forwarded
|
||||
from a local network so that they appear to come from the ppp
|
||||
host machine. Incoming packets from the outside world are then
|
||||
appropriately de-aliased.
|
||||
|
||||
The process of aliasing involves both the IP address as well as
|
||||
TCP and UDP port numbers. ICMP packets can be aliased by either
|
||||
their id or sequence numbers.
|
||||
|
||||
This software was specifically meant to support users who have
|
||||
unregistered, private address IP networks (e.g. 192.168.0.x or
|
||||
10.0.0.x addresses). The ppp host can act as a gateway for these
|
||||
networks, and computers on the local area net will have some
|
||||
degree of internet access without the need for a registered IP
|
||||
address. Additionally, there will be no need for an internet
|
||||
service provider to maintain routing tables for the local area
|
||||
network.
|
||||
|
||||
A disadvantage of packet aliasing is that machines on the local
|
||||
network, behind the ppp host, can establish tcp connections and
|
||||
make udp inqiries (such as domain name service requests), but these
|
||||
machines, other than the ppp host itself, are not visible from
|
||||
the outside world. There is, in effect, a partial firewall.
|
||||
|
||||
A second disadvantage is that "IP encoding" protocols, which send
|
||||
IP address or port information within the data stream, are not
|
||||
supported unless exception code has been put in place. A workaround
|
||||
for ftp, which is the most well known of the IP encoding protocols,
|
||||
has been developed in this implementation, so users do not have
|
||||
to depend on using the ftp passive mode, as is sometimes the case
|
||||
with other masquerading solutions.
|
||||
|
||||
All standard, non-encoding TCP and UDP protocals are supported,
|
||||
Examples of these protocols are http, gopher and telnet. The
|
||||
standard UDP mode of RealAudio is not presently supported,
|
||||
but the TCP mode does work correctly. IRC is reported by users
|
||||
to work in some, but not all, modes.
|
||||
|
||||
The packet aliasing code also handle many ICMP messages. In
|
||||
particular, ping and traceroute are supported.
|
||||
|
||||
|
||||
|
||||
2. Packet Aliasing Setup
|
||||
|
||||
It is recommended that correct ppp operation first be verified
|
||||
without packet aliasing enabled. Then ppp can be started with
|
||||
the "-alias" option in the command line. Correct network operation
|
||||
of the ppp host in packet aliasing mode should then be verified.
|
||||
Finally, machines on the private network should be checked to see
|
||||
whether they can access the internet.
|
||||
|
||||
Since the masquerading software aliases all packets, whether
|
||||
they come from the host or another computer on the local area
|
||||
network, a correctly operating ppp host will indicate that the
|
||||
software should work properly for other computers on the private
|
||||
network.
|
||||
|
||||
If the ppp host can access the internet, but other computers on
|
||||
the local network cannot do this, then it should be checked that
|
||||
IP forwarding is enabled on the ppp host and that the other
|
||||
computers use this machine as a gateway. Of course, proper
|
||||
communications between machines within the local area network
|
||||
should also be verified (do they use consistent subnet addresses
|
||||
and masks?).
|
||||
|
||||
|
||||
|
||||
3. Future Development
|
||||
|
||||
What is called packet aliasing here has been variously called
|
||||
masquerading, network address translation (NAT) and transparent
|
||||
proxying by others. It is an extremely useful function to
|
||||
many users, but it is also necessarily imperfect. Workarounds
|
||||
(hacks) are always needed for the occasional IP-encoding
|
||||
protocols.
|
||||
|
||||
The specific solution implemented here does not block off or
|
||||
reserve any segment of TCP or UDP ports on the ppp host for use
|
||||
by the masquerading function. No communication to the kernel
|
||||
is needed in this matter. All packets are aliased, whether
|
||||
they originate from the ppp host or other computers on the
|
||||
local network. This is a central issue, and some programmers
|
||||
may wish to handle this differently.
|
||||
|
||||
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c
|
||||
and alias_util.c) runs in user space, and is intended to be
|
||||
both portable and reusable for interfaces other than ppp. The
|
||||
basic engine is accessed by four simple function calls
|
||||
(initialization, communication of host address, outgoing
|
||||
aliasing and incoming de-aliasing).
|
||||
|
||||
Limited IP fragment handling exists. Once the packet aliasing
|
||||
software sees the header fragment of a packet, all other fragments
|
||||
will be correctly forwarded. However, if the header fragment
|
||||
does not come first, then some fragments will be lost.
|
||||
|
||||
Charles Mott (cmott@srv.net)
|
||||
December 4, 1996
|
||||
|
833
usr.sbin/ppp/alias.c
Normal file
833
usr.sbin/ppp/alias.c
Normal file
@ -0,0 +1,833 @@
|
||||
/*
|
||||
Alias.c provides supervisory control for the functions of the
|
||||
packet aliasing software. It consists of routines to monitor
|
||||
TCP connection state, protocol-specific aliasing routines,
|
||||
limited fragment handling and the two primary outside world
|
||||
functional interfaces: PacketAliasIn and PacketAliasOut.
|
||||
|
||||
The other C program files are briefly described. The data
|
||||
structure framework which holds information needed to translate
|
||||
packets is encapsulated in alias_db.c. Data is accessed by
|
||||
function calls, so other segments of the program need not
|
||||
know about the underlying data structures. Alias_ftp.c contains
|
||||
special code for modifying the ftp PORT command used to establish
|
||||
data connections. Alias_util.c contains a few utility routines.
|
||||
|
||||
This software is placed into the public domain with no restrictions
|
||||
on its distribution.
|
||||
|
||||
Version 1.0 August, 1996 (cjm)
|
||||
|
||||
Version 1.1 August 20, 1996 (cjm)
|
||||
PPP host accepts incoming connections for ports 0 to 1023.
|
||||
|
||||
Version 1.2 September 7, 1996 (cjm)
|
||||
Fragment handling error in alias_db.c corrected.
|
||||
|
||||
Version 1.4 September 16, 1996 (cjm)
|
||||
- A more generalized method for handling incoming
|
||||
connections, without the 0-1023 restriction, is
|
||||
implemented in alias_db.c
|
||||
- Improved ICMP support in alias.c. Traceroute
|
||||
packet streams can now be correctly aliased.
|
||||
- TCP connection closing logic simplified in
|
||||
alias.c and now allows for additional 1 minute
|
||||
"grace period" after FIN or RST is observed.
|
||||
Version 1.5 September 17, 1996 (cjm)
|
||||
Corrected error in handling incoming UDP packets with 0 checksum.
|
||||
Version 1.6 September 18, 1996 (cjm)
|
||||
Simplified ICMP aliasing scheme. Should now support
|
||||
traceroute from Win95 as well as FreeBSD.
|
||||
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/ip_icmp.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include "alias.p"
|
||||
|
||||
#define FTP_CONTROL_PORT_NUMBER 21
|
||||
|
||||
|
||||
|
||||
|
||||
/* TCP Handling Routines
|
||||
|
||||
TcpMonitorIn() -- These routines monitor TCP connections, and
|
||||
TcpMonitorOut() -- delete a link node when a connection is closed.
|
||||
|
||||
These routines look for SYN, ACK and RST flags to determine when TCP
|
||||
connections open and close. When a TCP connection closes, the data
|
||||
structure containing packet aliasing information is deleted after
|
||||
a timeout period.
|
||||
*/
|
||||
|
||||
void
|
||||
TcpMonitorIn(pip, link)
|
||||
struct ip *pip;
|
||||
char *link;
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
switch (GetStateIn(link))
|
||||
{
|
||||
case 0:
|
||||
if (tc->th_flags & TH_SYN) SetStateIn(link, 1);
|
||||
break;
|
||||
case 1:
|
||||
if (tc->th_flags & TH_FIN
|
||||
|| tc->th_flags & TH_RST) SetStateIn(link, 2);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
TcpMonitorOut(pip, link)
|
||||
struct ip *pip;
|
||||
char *link;
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
switch (GetStateOut(link))
|
||||
{
|
||||
case 0:
|
||||
if (tc->th_flags & TH_SYN) SetStateOut(link, 1);
|
||||
break;
|
||||
case 1:
|
||||
if (tc->th_flags & TH_FIN
|
||||
|| tc->th_flags & TH_RST) SetStateOut(link, 2);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/* Protocol Specific Packet Aliasing Routines
|
||||
|
||||
IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2
|
||||
IcmpAliasOut(), IcmpAliasOut1()
|
||||
UdpAliasIn(), UdpAliasOut()
|
||||
TcpAliasIn(), TcpAliasOut()
|
||||
|
||||
These routines handle protocol specific details of packet aliasing.
|
||||
One may observe a certain amount of repetitive arithmetic in these
|
||||
functions, the purpose of which is to compute a revised checksum
|
||||
without actually summing over the entire data packet, which could be
|
||||
unnecessarily time consuming.
|
||||
|
||||
The purpose of the packet aliasing routines is to replace the source
|
||||
address of the outgoing packet and then correctly put it back for
|
||||
any incoming packets. For TCP and UDP, ports are also re-mapped.
|
||||
|
||||
For ICMP echo/timestamp requests and replies, the following scheme
|
||||
is used: the sequence number is replaced by an alias for the outgoing
|
||||
packet and this sequence number, plus the id and remote address are
|
||||
used to find the packet on the return path.
|
||||
|
||||
ICMP error messages are handled by looking at the IP fragment
|
||||
in the data section of the message.
|
||||
|
||||
For TCP and UDP protocols, a port number is chosen for an outgoing
|
||||
packet, and then incoming packets are identified by IP address and
|
||||
port number. For TCP packets, there is additional logic in the event
|
||||
that sequence and ack numbers have been altered (as is the case for
|
||||
FTP data port commands).
|
||||
|
||||
The port numbers used by the packet aliasing module are not true
|
||||
ports in the Unix sense. No sockets are actually bound to ports.
|
||||
They are more correctly placeholders.
|
||||
|
||||
All packets are aliased, whether they come from the gateway machine
|
||||
or other machines on a local area network.
|
||||
*/
|
||||
|
||||
void
|
||||
IcmpAliasIn1(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
/*
|
||||
Un-alias incoming echo and timestamp replies
|
||||
*/
|
||||
char *link;
|
||||
struct icmp *ic;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
/* Get source address from ICMP data field and restore original data */
|
||||
link = FindIcmpIn(pip->ip_src, ic->icmp_id, ic->icmp_seq);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
u_short original_seq;
|
||||
int accumulate;
|
||||
|
||||
original_seq = GetOriginalPort(link);
|
||||
|
||||
/* Adjust ICMP checksum */
|
||||
accumulate = ic->icmp_cksum;
|
||||
accumulate += ic->icmp_seq;
|
||||
accumulate -= original_seq;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Put original sequence number back in */
|
||||
ic->icmp_seq = original_seq;
|
||||
|
||||
/* Put original address back into IP header */
|
||||
pip->ip_dst = GetOriginalAddress(link);
|
||||
|
||||
/* Delete unneeded data structure */
|
||||
DeleteLink(link);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
IcmpAliasIn2(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
/*
|
||||
Alias incoming ICMP error messages containing
|
||||
IP header and first 64 bits of datagram.
|
||||
*/
|
||||
struct ip *ip;
|
||||
struct icmp *ic, *ic2;
|
||||
struct udphdr *ud;
|
||||
struct tcphdr *tc;
|
||||
char *link;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
ip = (struct ip *) ic->icmp_data;
|
||||
|
||||
ud = (struct udphdr *) ((char *) ip + (ip->ip_hl <<2));
|
||||
tc = (struct tcphdr *) ud;
|
||||
ic2 = (struct icmp *) ud;
|
||||
|
||||
if (ip->ip_p == IPPROTO_UDP)
|
||||
link = FindUdpIn(ip->ip_dst, ud->uh_dport, ud->uh_sport);
|
||||
else if (ip->ip_p == IPPROTO_TCP)
|
||||
link = FindTcpIn(ip->ip_dst, tc->th_dport, tc->th_sport);
|
||||
else if (ip->ip_p == IPPROTO_ICMP)
|
||||
if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
|
||||
link = FindIcmpIn(ip->ip_dst, ic2->icmp_id, ic2->icmp_seq);
|
||||
else
|
||||
link = NULL_PTR;
|
||||
else
|
||||
link = NULL_PTR;
|
||||
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
if (ip->ip_p == IPPROTO_UDP || ip->ip_p == IPPROTO_TCP)
|
||||
{
|
||||
u_short *sptr;
|
||||
int accumulate;
|
||||
struct in_addr original_address;
|
||||
u_short original_port;
|
||||
|
||||
original_address = GetOriginalAddress(link);
|
||||
original_port = GetOriginalPort(link);
|
||||
|
||||
/* Adjust ICMP checksum */
|
||||
accumulate = ic->icmp_cksum;
|
||||
sptr = (u_short *) &(ip->ip_src);
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &original_address;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
accumulate += ud->uh_sport;
|
||||
accumulate -= original_port;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Un-alias address in IP header */
|
||||
pip->ip_dst = original_address;
|
||||
|
||||
/* Un-alias address and port number of original IP packet
|
||||
fragment contained in ICMP data section */
|
||||
ip->ip_src = original_address;
|
||||
ud->uh_sport = original_port;
|
||||
}
|
||||
else if (pip->ip_p == IPPROTO_ICMP)
|
||||
{
|
||||
u_short *sptr;
|
||||
int accumulate;
|
||||
struct in_addr original_address;
|
||||
u_short original_seq;
|
||||
|
||||
original_address = GetOriginalAddress(link);
|
||||
original_seq = GetOriginalPort(link);
|
||||
|
||||
/* Adjust ICMP checksum */
|
||||
accumulate = ic->icmp_cksum;
|
||||
sptr = (u_short *) &(ip->ip_src);
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &original_address;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
accumulate += ic2->icmp_seq;
|
||||
accumulate -= original_seq;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Un-alias address in IP header */
|
||||
pip->ip_dst = original_address;
|
||||
|
||||
/* Un-alias address of original IP packet and seqence number of
|
||||
embedded icmp datagram */
|
||||
ip->ip_src = original_address;
|
||||
ic2->icmp_seq = original_seq;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
IcmpAliasIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct icmp *ic;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
switch (ic->icmp_type)
|
||||
{
|
||||
case ICMP_ECHOREPLY:
|
||||
case ICMP_TSTAMPREPLY:
|
||||
if (ic->icmp_code == 0)
|
||||
{
|
||||
IcmpAliasIn1(pip);
|
||||
}
|
||||
break;
|
||||
case ICMP_UNREACH:
|
||||
case ICMP_SOURCEQUENCH:
|
||||
case ICMP_TIMXCEED:
|
||||
case ICMP_PARAMPROB:
|
||||
IcmpAliasIn2(pip);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
IcmpAliasOut1(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
/*
|
||||
Alias ICMP echo and timestamp packets
|
||||
*/
|
||||
char *link;
|
||||
struct icmp *ic;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
/* Save overwritten data for when echo packet returns */
|
||||
link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, ic->icmp_seq);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
u_short alias_seq;
|
||||
int accumulate;
|
||||
|
||||
alias_seq = GetAliasPort(link);
|
||||
|
||||
/* Since data field is being modified, adjust ICMP checksum */
|
||||
accumulate = ic->icmp_cksum;
|
||||
accumulate += ic->icmp_seq;
|
||||
accumulate -= alias_seq;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ic->icmp_cksum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Alias sequence number */
|
||||
ic->icmp_seq = alias_seq;
|
||||
|
||||
/* Change source address */
|
||||
pip->ip_src = GetAliasAddress();
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
IcmpAliasOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct icmp *ic;
|
||||
|
||||
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
switch (ic->icmp_type)
|
||||
{
|
||||
case ICMP_ECHO:
|
||||
case ICMP_TSTAMP:
|
||||
if (ic->icmp_code == 0)
|
||||
{
|
||||
IcmpAliasOut1(pip);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
UdpAliasIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct udphdr *ud;
|
||||
char *link;
|
||||
|
||||
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
link = FindUdpIn(pip->ip_src, ud->uh_sport, ud->uh_dport);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
struct in_addr alias_address;
|
||||
u_short alias_port;
|
||||
int accumulate;
|
||||
u_short *sptr;
|
||||
|
||||
alias_address = GetAliasAddress();
|
||||
pip->ip_dst = GetOriginalAddress(link);
|
||||
alias_port = ud->uh_dport;
|
||||
ud->uh_dport = GetOriginalPort(link);
|
||||
|
||||
/* If UDP checksum is not zero, then adjust since destination port */
|
||||
/* is being unaliased and destination port is being altered. */
|
||||
if (ud->uh_sum != 0)
|
||||
{
|
||||
accumulate = ud->uh_sum;
|
||||
accumulate += alias_port;
|
||||
accumulate -= ud->uh_dport;
|
||||
sptr = (u_short *) &alias_address;
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &(pip->ip_dst);
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ud->uh_sum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ud->uh_sum = (u_short) accumulate;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
UdpAliasOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct udphdr *ud;
|
||||
char *link;
|
||||
|
||||
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
link = FindUdpOut(pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
u_short alias_port;
|
||||
|
||||
alias_port = GetAliasPort(link);
|
||||
|
||||
/* If UDP checksum is not zero, adjust since source port is */
|
||||
/* being aliased and source address is being altered */
|
||||
if (ud->uh_sum != 0)
|
||||
{
|
||||
struct in_addr alias_address;
|
||||
int accumulate;
|
||||
u_short *sptr;
|
||||
|
||||
alias_address = GetAliasAddress();
|
||||
|
||||
accumulate = ud->uh_sum;
|
||||
accumulate += ud->uh_sport;
|
||||
accumulate -= alias_port;
|
||||
sptr = (u_short *) &(pip->ip_src);
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &alias_address;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ud->uh_sum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
ud->uh_sum = (u_short) accumulate;
|
||||
}
|
||||
}
|
||||
|
||||
/* Put alias port in TCP header */
|
||||
ud->uh_sport = alias_port;
|
||||
|
||||
/* Change source address */
|
||||
pip->ip_src = GetAliasAddress();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
void
|
||||
TcpAliasIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
char *link;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
link = FindTcpIn(pip->ip_src, tc->th_sport, tc->th_dport);
|
||||
if (link != NULL_PTR)
|
||||
{
|
||||
struct in_addr alias_address;
|
||||
u_short alias_port;
|
||||
int accumulate;
|
||||
u_short *sptr;
|
||||
|
||||
alias_address = GetAliasAddress();
|
||||
pip->ip_dst = GetOriginalAddress(link);
|
||||
alias_port = tc->th_dport;
|
||||
tc->th_dport = GetOriginalPort(link);
|
||||
|
||||
/* Adjust TCP checksum since destination port is being unaliased */
|
||||
/* and destination port is being altered. */
|
||||
accumulate = tc->th_sum;
|
||||
accumulate += alias_port;
|
||||
accumulate -= tc->th_dport;
|
||||
sptr = (u_short *) &alias_address;
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &(pip->ip_dst);
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
|
||||
/* See if ack number needs to be modified */
|
||||
if (GetAckModified(link) == 1)
|
||||
{
|
||||
int delta;
|
||||
|
||||
delta = GetDeltaAckIn(pip, link);
|
||||
if (delta != 0)
|
||||
{
|
||||
sptr = (u_short *) &tc->th_ack;
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
tc->th_ack = htonl(ntohl(tc->th_ack) - delta);
|
||||
sptr = (u_short *) &tc->th_ack;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
}
|
||||
}
|
||||
|
||||
/* Finish checksum modification */
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
tc->th_sum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
tc->th_sum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Monitor TCP connection state */
|
||||
TcpMonitorIn(pip, link);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
TcpAliasOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
char *link;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
|
||||
link = FindTcpOut(pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport);
|
||||
if (link !=NULL_PTR)
|
||||
{
|
||||
struct in_addr alias_address;
|
||||
u_short alias_port;
|
||||
int accumulate;
|
||||
u_short *sptr;
|
||||
|
||||
alias_address = GetAliasAddress();
|
||||
alias_port = GetAliasPort(link);
|
||||
|
||||
/* Monitor tcp connection state */
|
||||
TcpMonitorOut(pip, link);
|
||||
|
||||
/* Special processing for ftp connection */
|
||||
if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER
|
||||
|| ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER)
|
||||
HandleFtpOut(pip, link);
|
||||
|
||||
/* Adjust TCP checksum since source port is being aliased */
|
||||
/* and source address is being altered */
|
||||
accumulate = tc->th_sum;
|
||||
accumulate += tc->th_sport;
|
||||
accumulate -= alias_port;
|
||||
sptr = (u_short *) &(pip->ip_src);
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
sptr = (u_short *) &alias_address;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
|
||||
/* Modify sequence number if necessary */
|
||||
if (GetAckModified(link) == 1)
|
||||
{
|
||||
int delta;
|
||||
|
||||
delta = GetDeltaSeqOut(pip, link);
|
||||
if (delta != 0)
|
||||
{
|
||||
sptr = (u_short *) &tc->th_seq;
|
||||
accumulate += *sptr++;
|
||||
accumulate += *sptr;
|
||||
tc->th_seq = htonl(ntohl(tc->th_seq) + delta);
|
||||
sptr = (u_short *) &tc->th_seq;
|
||||
accumulate -= *sptr++;
|
||||
accumulate -= *sptr;
|
||||
}
|
||||
}
|
||||
|
||||
/* Finish up checksum calculation */
|
||||
if (accumulate < 0)
|
||||
{
|
||||
accumulate = -accumulate;
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
tc->th_sum = (u_short) ~accumulate;
|
||||
}
|
||||
else
|
||||
{
|
||||
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
|
||||
accumulate += accumulate >> 16;
|
||||
tc->th_sum = (u_short) accumulate;
|
||||
}
|
||||
|
||||
/* Put alias address in TCP header */
|
||||
tc->th_sport = alias_port;
|
||||
|
||||
/* Change source address */
|
||||
pip->ip_src = GetAliasAddress();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/* Fragment Handling
|
||||
|
||||
FragmentIn()
|
||||
FragmentOut()
|
||||
|
||||
The packet aliasing module has a limited ability for handling IP
|
||||
fragments. If the ICMP, TCP or UDP header is in the first fragment
|
||||
received, then the id number of the IP packet is saved, and other
|
||||
fragments are identified according to their ID number and IP address
|
||||
they were sent from.
|
||||
|
||||
In general, fragments seem few and far between these days. One way
|
||||
to generate them is with a ping request specifying a large data segment.
|
||||
This is how the software here was tested.
|
||||
|
||||
In principle, out-of-order IP fragments could also be handled by saving
|
||||
fragments until the header fragment came in and then sending them on
|
||||
their way. However, this violates a basic interface rule of the
|
||||
aliasing module in which individual packets are sent for remapping,
|
||||
and nothing is actually known about how to write these packets to a
|
||||
device interface.
|
||||
*/
|
||||
|
||||
void
|
||||
FragmentIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
char *link;
|
||||
|
||||
link = FindFragmentIn2(pip->ip_src);
|
||||
if (link != NULL_PTR)
|
||||
GetFragmentAddr(link, pip->ip_id, pip->ip_p, &(pip->ip_dst) );
|
||||
}
|
||||
|
||||
void
|
||||
FragmentOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
pip->ip_src = GetAliasAddress();
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/* Outside World Access
|
||||
|
||||
PacketAliasIn()
|
||||
PacketAliasOut()
|
||||
*/
|
||||
|
||||
void
|
||||
PacketAliasIn(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct in_addr save_address;
|
||||
|
||||
/* Save initial destination address */
|
||||
save_address = pip->ip_dst;
|
||||
|
||||
if ( (ntohs(pip->ip_off) & IP_OFFMASK) == 0 )
|
||||
{
|
||||
switch (pip->ip_p)
|
||||
{
|
||||
case IPPROTO_ICMP:
|
||||
IcmpAliasIn(pip);
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
UdpAliasIn(pip);
|
||||
break;
|
||||
case IPPROTO_TCP:
|
||||
TcpAliasIn(pip);
|
||||
break;
|
||||
}
|
||||
if (ntohs(pip->ip_off) & IP_MF)
|
||||
{
|
||||
char *link;
|
||||
|
||||
link = FindFragmentIn1(pip->ip_src);
|
||||
if (link != NULL_PTR)
|
||||
SetFragmentData(link, pip->ip_id, pip->ip_p, pip->ip_dst);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
FragmentIn(pip);
|
||||
}
|
||||
|
||||
/* If destination address has changed, adjust IP checksum */
|
||||
if (pip->ip_dst.s_addr != save_address.s_addr)
|
||||
{
|
||||
pip->ip_sum = 0;
|
||||
pip->ip_sum = IpChecksum(pip);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
PacketAliasOut(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
struct in_addr save_address;
|
||||
|
||||
save_address = pip->ip_src;
|
||||
if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0)
|
||||
{
|
||||
switch (pip->ip_p)
|
||||
{
|
||||
case IPPROTO_ICMP:
|
||||
IcmpAliasOut(pip);
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
UdpAliasOut(pip);
|
||||
break;
|
||||
case IPPROTO_TCP:
|
||||
TcpAliasOut(pip);
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (pip->ip_src.s_addr != GetAliasAddress().s_addr)
|
||||
FragmentOut(pip);
|
||||
}
|
||||
|
||||
/* Adjust IP checksum if source address has been aliased */
|
||||
if (pip->ip_src.s_addr != save_address.s_addr)
|
||||
{
|
||||
|
||||
pip->ip_sum = 0;
|
||||
pip->ip_sum = IpChecksum(pip);
|
||||
}
|
||||
}
|
19
usr.sbin/ppp/alias.h
Normal file
19
usr.sbin/ppp/alias.h
Normal file
@ -0,0 +1,19 @@
|
||||
/*
|
||||
Alias.h defines the outside world interfaces for the packet
|
||||
aliasing software.
|
||||
|
||||
This software is placed into the public domain with no restrictions
|
||||
on its distribution.
|
||||
|
||||
Initial version: August, 1996 (cjm)
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _ALIAS_H_
|
||||
#define _ALIAS_H_
|
||||
extern void PacketAliasIn __P((char *));
|
||||
extern void PacketAliasOut __P((char *));
|
||||
extern void SetAliasAddress __P((struct in_addr));
|
||||
extern void InitAlias();
|
||||
extern void InitAliasLog();
|
||||
#endif
|
94
usr.sbin/ppp/alias.p
Normal file
94
usr.sbin/ppp/alias.p
Normal file
@ -0,0 +1,94 @@
|
||||
/*
|
||||
Alias.p contains the function prototypes for alias.c, alias_db.c,
|
||||
alias_util.c and alias_ftp.c (as well as any future add-ons). It
|
||||
is intended to be used only within the aliasing software. Outside
|
||||
world interfaces are defined in alias.h
|
||||
|
||||
|
||||
This software is placed into the public domain with no restrictions
|
||||
on its distribution.
|
||||
|
||||
Initial version: August, 1996 (cjm)
|
||||
*/
|
||||
|
||||
#define NULL_PTR 0
|
||||
|
||||
/* General utilities */
|
||||
u_short InternetChecksum(u_short *, int);
|
||||
u_short IpChecksum(struct ip *);
|
||||
u_short TcpChecksum(struct ip *);
|
||||
|
||||
/* Data access utilities */
|
||||
int StartPoint(struct in_addr, u_short, int);
|
||||
u_short GetNewPort();
|
||||
int SeqDiff(u_long, u_long);
|
||||
void ShowAliasStats();
|
||||
|
||||
/* Internal data access */
|
||||
void CleanupAliasData();
|
||||
void IncrementalCleanup();
|
||||
char * FindLink1(struct in_addr, struct in_addr, u_short, u_short, int);
|
||||
char * FindLink2(struct in_addr, u_short, u_short, int);
|
||||
void DeleteLink(char *);
|
||||
char * AddLink(struct in_addr, struct in_addr, u_short, u_short,
|
||||
u_short, int);
|
||||
|
||||
/* External data search */
|
||||
char * FindIcmpIn(struct in_addr, u_short, u_short);
|
||||
char * FindIcmpOut(struct in_addr, struct in_addr, u_short, u_short);
|
||||
char * FindFragmentIn1(struct in_addr);
|
||||
char * FindFragmentIn2(struct in_addr);
|
||||
char * FindUdpIn(struct in_addr, u_short, u_short);
|
||||
char * FindUdpOut(struct in_addr, struct in_addr, u_short, u_short);
|
||||
char * FindTcpIn(struct in_addr, u_short, u_short);
|
||||
char * FindTcpOut(struct in_addr, struct in_addr, u_short, u_short);
|
||||
|
||||
/* External data access/modification */
|
||||
void GetIcmpData(char *, u_short, u_short, u_long *);
|
||||
void SetIcmpData(char *, u_short, u_short, u_long);
|
||||
void GetFragmentAddr(char *, u_short, u_char, struct in_addr *);
|
||||
void SetFragmentData(char *, u_short, u_char, struct in_addr);
|
||||
void SetStateIn(char *, int);
|
||||
void SetStateOut(char *, int);
|
||||
int GetStateIn(char *);
|
||||
int GetStateOut(char *);
|
||||
struct in_addr GetOriginalAddress(char *);
|
||||
struct in_addr GetDestAddress(char *);
|
||||
struct in_addr GetAliasAddress();
|
||||
u_short GetOriginalPort(char *);
|
||||
u_short GetDestPort(char *);
|
||||
u_short GetAliasPort(char *);
|
||||
void SetAckModified(char *);
|
||||
int GetAckModified(char *);
|
||||
int GetDeltaAckIn(struct ip *, char *);
|
||||
int GetDeltaSeqOut(struct ip *, char *);
|
||||
void AddSeq(struct ip *, char *, int);
|
||||
|
||||
/* Tcp specfic routines */
|
||||
void TcpMonitorIn(struct ip *, char *);
|
||||
void TcpMonitorOut(struct ip *, char *);
|
||||
void HandleFtpOut(struct ip *, char *);
|
||||
void NewFtpPortCommand(struct ip *, char *, struct in_addr, u_short);
|
||||
|
||||
/* Protocal specific packet aliasing routines */
|
||||
void IcmpAliasIn1(struct ip *);
|
||||
void IcmpAliasIn2(struct ip *);
|
||||
void IcmpAliasIn(struct ip *);
|
||||
void IcmpAliasOut(struct ip *);
|
||||
void IcmpAliasOut1(struct ip *);
|
||||
void UdpAliasIn(struct ip *);
|
||||
void UdpAliasOut(struct ip *);
|
||||
void TcpAliasIn(struct ip *);
|
||||
void TcpAliasOut(struct ip *);
|
||||
|
||||
/* Fragment handling */
|
||||
void FragmentIn(struct ip *);
|
||||
void FragmentOut(struct ip *);
|
||||
|
||||
/* Outside world interfaces */
|
||||
void PacketAliasIn(struct ip *);
|
||||
void PacketAliasOut(struct ip *);
|
||||
void SetAliasAddress(struct in_addr);
|
||||
void InitAlias();
|
||||
void InitAliasLog();
|
||||
|
1145
usr.sbin/ppp/alias_db.c
Normal file
1145
usr.sbin/ppp/alias_db.c
Normal file
File diff suppressed because it is too large
Load Diff
198
usr.sbin/ppp/alias_ftp.c
Normal file
198
usr.sbin/ppp/alias_ftp.c
Normal file
@ -0,0 +1,198 @@
|
||||
/*
|
||||
Alias_ftp.c performs special processing for FTP sessions under
|
||||
TCP. Specifically, when a PORT command from the client side
|
||||
is sent, it is intercepted and modified. The address is changed
|
||||
to the gateway machine and an aliasing port is used.
|
||||
|
||||
For this routine to work, the PORT command must fit entirely
|
||||
into a single TCP packet. This is typically the case, but exceptions
|
||||
can easily be envisioned under the actual specifications.
|
||||
|
||||
Probably the most troubling aspect of the approach taken here is
|
||||
that the new PORT command will typically be a different length, and
|
||||
this causes a certain amount of bookkeeping to keep track of the
|
||||
changes of sequence and acknowledgment numbers, since the client
|
||||
machine is totally unaware of the modification to the TCP stream.
|
||||
|
||||
|
||||
This software is placed into the public domain with no restrictions
|
||||
on its distribution.
|
||||
|
||||
Initial version: August, 1996 (cjm)
|
||||
*/
|
||||
|
||||
/* Includes */
|
||||
#include <ctype.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/tcp.h>
|
||||
|
||||
/* Constants */
|
||||
#define FTP_DATA_PORT_NUMBER 20
|
||||
|
||||
/* Prototypes */
|
||||
#include "alias.p"
|
||||
|
||||
|
||||
void
|
||||
HandleFtpOut(pip, link)
|
||||
struct ip *pip;
|
||||
char *link;
|
||||
{
|
||||
int hlen, tlen, dlen;
|
||||
struct in_addr true_addr;
|
||||
u_short true_port;
|
||||
char *sptr;
|
||||
struct tcphdr *tc;
|
||||
|
||||
/* Calculate data length of TCP packet */
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
hlen = (pip->ip_hl + tc->th_off) << 2;
|
||||
tlen = ntohs(pip->ip_len);
|
||||
dlen = tlen - hlen;
|
||||
|
||||
/* Return is data length is too long or too short */
|
||||
if (dlen<10 || dlen>80)
|
||||
return;
|
||||
|
||||
/* Place string pointer and beginning of data */
|
||||
sptr = (char *) pip;
|
||||
sptr += hlen;
|
||||
|
||||
/* Parse through string using state diagram method */
|
||||
{
|
||||
char ch, zero;
|
||||
int i, state;
|
||||
u_long a1, a2, a3, a4;
|
||||
u_short p1, p2;
|
||||
|
||||
a1=0; a2=0; a3=0; a4=0; p1=0; p2=0;
|
||||
zero = '0';
|
||||
state=-4;
|
||||
for (i=0; i<dlen; i++)
|
||||
{
|
||||
ch = sptr[i];
|
||||
switch (state)
|
||||
{
|
||||
case -4: if (ch == 'P') state=-3; else return; break;
|
||||
case -3: if (ch == 'O') state=-2; else return; break;
|
||||
case -2: if (ch == 'R') state=-1; else return; break;
|
||||
case -1: if (ch == 'T') state= 0; else return; break;
|
||||
|
||||
case 0 :
|
||||
if (isdigit(ch)) {a1=ch-zero; state=1 ;} break;
|
||||
case 1 :
|
||||
if (isdigit(ch)) a1=10*a1+ch-zero; else state=2 ; break;
|
||||
case 2 :
|
||||
if (isdigit(ch)) {a2=ch-zero; state=3 ;} break;
|
||||
case 3 :
|
||||
if (isdigit(ch)) a2=10*a2+ch-zero; else state=4 ; break;
|
||||
case 4 :
|
||||
if (isdigit(ch)) {a3=ch-zero; state=5 ;} break;
|
||||
case 5 :
|
||||
if (isdigit(ch)) a3=10*a3+ch-zero; else state=6 ; break;
|
||||
case 6 :
|
||||
if (isdigit(ch)) {a4=ch-zero; state=7 ;} break;
|
||||
case 7 :
|
||||
if (isdigit(ch)) a4=10*a4+ch-zero; else state=8 ; break;
|
||||
case 8 :
|
||||
if (isdigit(ch)) {p1=ch-zero; state=9 ;} break;
|
||||
case 9 :
|
||||
if (isdigit(ch)) p1=10*p1+ch-zero; else state=10; break;
|
||||
case 10:
|
||||
if (isdigit(ch)) {p2=ch-zero; state=11;} break;
|
||||
case 11:
|
||||
if (isdigit(ch)) p2=10*p2+ch-zero; break;
|
||||
}
|
||||
}
|
||||
|
||||
if (state == 11)
|
||||
{
|
||||
true_port = htons((p1<<8) + p2);
|
||||
true_addr.s_addr = htonl((a1<<24) + (a2<<16) +(a3<<8) + a4);
|
||||
NewFtpPortCommand(pip, link, true_addr, true_port);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
NewFtpPortCommand(pip, link, true_addr, true_port)
|
||||
struct ip *pip;
|
||||
char *link;
|
||||
struct in_addr true_addr;
|
||||
u_short true_port;
|
||||
{
|
||||
char *ftp_link;
|
||||
|
||||
/* Establish link to address and port found in PORT command */
|
||||
ftp_link = FindTcpOut (true_addr,
|
||||
GetDestAddress(link),
|
||||
true_port,
|
||||
htons(FTP_DATA_PORT_NUMBER));
|
||||
|
||||
if (ftp_link != NULL_PTR)
|
||||
{
|
||||
int slen, hlen, tlen, dlen;
|
||||
struct tcphdr *tc;
|
||||
|
||||
/* Calculate data length of TCP packet */
|
||||
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
|
||||
hlen = (pip->ip_hl + tc->th_off) << 2;
|
||||
tlen = ntohs(pip->ip_len);
|
||||
dlen = tlen - hlen;
|
||||
|
||||
/* Create new PORT command */
|
||||
{
|
||||
char stemp[80];
|
||||
char *sptr;
|
||||
u_short alias_port;
|
||||
u_char *ptr;
|
||||
int a1, a2, a3, a4, p1, p2;
|
||||
struct in_addr aliasAddress;
|
||||
|
||||
/* Decompose alias address into quad format */
|
||||
aliasAddress = GetAliasAddress();
|
||||
ptr = (char *) &aliasAddress;
|
||||
a1 = *ptr++; a2=*ptr++; a3=*ptr++; a4=*ptr;
|
||||
|
||||
/* Decompose alias port into pair format */
|
||||
alias_port = GetAliasPort(ftp_link);
|
||||
ptr = (char *) &alias_port;
|
||||
p1 = *ptr++; p2=*ptr;
|
||||
|
||||
/* Generate command string */
|
||||
sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n",
|
||||
a1,a2,a3,a4,p1,p2);
|
||||
|
||||
/* Save string length for IP header modification */
|
||||
slen = strlen(stemp);
|
||||
|
||||
/* Copy into IP packet */
|
||||
sptr = (char *) pip; sptr += hlen;
|
||||
strcpy(sptr, stemp);
|
||||
}
|
||||
|
||||
/* Save information regarding modified seq and ack numbers */
|
||||
{
|
||||
int delta;
|
||||
|
||||
SetAckModified(link);
|
||||
delta = GetDeltaSeqOut(pip, link);
|
||||
AddSeq(pip, link, delta+slen-dlen);
|
||||
pip->ip_len = ntohs(hlen + slen);
|
||||
}
|
||||
|
||||
/* Compute TCP checksum for revised packet */
|
||||
tc->th_sum = 0;
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
}
|
||||
else
|
||||
{
|
||||
fprintf(stderr,
|
||||
"PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");
|
||||
}
|
||||
}
|
104
usr.sbin/ppp/alias_util.c
Normal file
104
usr.sbin/ppp/alias_util.c
Normal file
@ -0,0 +1,104 @@
|
||||
/*
|
||||
Alias_util.h contains general utilities used by other functions
|
||||
in the packet aliasing module. At the moment, there are functions
|
||||
for computing IP header and TCP packet checksums.
|
||||
|
||||
The checksum routines are based upon example code in a Unix networking
|
||||
text written by Stevens (sorry, I can't remember the title -- but
|
||||
at least this is a good author).
|
||||
|
||||
Initial Version: August, 1996 (cjm)
|
||||
*/
|
||||
|
||||
/*
|
||||
Note: the checksum routines assume that the actual checksum word has
|
||||
been zeroed out. If the checksum workd is filled with the proper value,
|
||||
then these routines will give a result of zero (useful for testing
|
||||
purposes);
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/tcp.h>
|
||||
|
||||
u_short
|
||||
InternetChecksum(ptr, nbytes)
|
||||
u_short *ptr;
|
||||
int nbytes;
|
||||
{
|
||||
int sum, oddbyte;
|
||||
|
||||
sum = 0;
|
||||
while (nbytes > 1)
|
||||
{
|
||||
sum += *ptr++;
|
||||
nbytes -= 2;
|
||||
}
|
||||
if (nbytes == 1)
|
||||
{
|
||||
oddbyte = 0;
|
||||
*((u_char *) &oddbyte) = *(u_char *) ptr;
|
||||
sum += oddbyte;
|
||||
}
|
||||
sum = (sum >> 16) + (sum & 0xffff);
|
||||
sum += (sum >> 16);
|
||||
return(~sum);
|
||||
}
|
||||
|
||||
u_short
|
||||
IpChecksum(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
return( InternetChecksum((u_short *) pip, (pip->ip_hl << 2)) );
|
||||
|
||||
}
|
||||
|
||||
u_short
|
||||
TcpChecksum(pip)
|
||||
struct ip *pip;
|
||||
{
|
||||
u_short *ptr;
|
||||
struct tcphdr *tc;
|
||||
int nhdr, ntcp, nbytes;
|
||||
int sum, oddbyte;
|
||||
|
||||
nhdr = pip->ip_hl << 2;
|
||||
ntcp = ntohs(pip->ip_len) - nhdr;
|
||||
|
||||
tc = (struct tcphdr *) ((char *) pip + nhdr);
|
||||
ptr = (u_short *) tc;
|
||||
|
||||
/* Add up TCP header and data */
|
||||
nbytes = ntcp;
|
||||
sum = 0;
|
||||
while (nbytes > 1)
|
||||
{
|
||||
sum += *ptr++;
|
||||
nbytes -= 2;
|
||||
}
|
||||
if (nbytes == 1)
|
||||
{
|
||||
oddbyte = 0;
|
||||
*((u_char *) &oddbyte) = *(u_char *) ptr;
|
||||
sum += oddbyte;
|
||||
}
|
||||
|
||||
/* "Pseudo-header" data */
|
||||
ptr = (u_short *) &(pip->ip_dst);
|
||||
sum += *ptr++;
|
||||
sum += *ptr;
|
||||
ptr = (u_short *) &(pip->ip_src);
|
||||
sum += *ptr++;
|
||||
sum += *ptr;
|
||||
sum += htons((u_short) ntcp);
|
||||
sum += htons((u_short) pip->ip_p);
|
||||
|
||||
/* Roll over carry bits */
|
||||
sum = (sum >> 16) + (sum & 0xffff);
|
||||
sum += (sum >> 16);
|
||||
|
||||
/* Return checksum */
|
||||
return((u_short) ~sum);
|
||||
}
|
@ -15,7 +15,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: defs.h,v 1.4 1995/10/08 14:57:28 amurai Exp $
|
||||
* $Id: defs.h,v 1.5 1996/12/03 21:38:42 nate Exp $
|
||||
*
|
||||
* TODO:
|
||||
*/
|
||||
@ -60,6 +60,7 @@
|
||||
#define MODE_DIRECT 4 /* Direct connection mode */
|
||||
#define MODE_DEDICATED 8 /* Dedicated line mode */
|
||||
#define MODE_DDIAL 16 /* Dedicated dialing line mode */
|
||||
#define MODE_ALIAS 32 /* Packet aliasing (masquerading) */
|
||||
|
||||
#define EX_NORMAL 0
|
||||
#define EX_START 1
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: ip.c,v 1.9 1996/05/11 20:48:25 phk Exp $
|
||||
* $Id: ip.c,v 1.10 1996/12/03 21:38:45 nate Exp $
|
||||
*
|
||||
* TODO:
|
||||
* o Return ICMP message for filterd packet
|
||||
@ -34,6 +34,7 @@
|
||||
#include <arpa/inet.h>
|
||||
#include "vars.h"
|
||||
#include "filter.h"
|
||||
#include "alias.h"
|
||||
|
||||
extern void SendPppFrame();
|
||||
extern void LcpClose();
|
||||
@ -331,6 +332,11 @@ struct mbuf *bp; /* IN: Pointer to IP pakcet */
|
||||
nb += wp->cnt;
|
||||
}
|
||||
|
||||
if (mode & MODE_ALIAS) {
|
||||
PacketAliasIn(tunbuff);
|
||||
nb = ntohs(((struct ip *) tunbuff)->ip_len);
|
||||
}
|
||||
|
||||
if ( PacketCheck(tunbuff, nb, FL_IN ) < 0) {
|
||||
pfree(bp);
|
||||
return;
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: ipcp.c,v 1.8 1996/05/11 20:48:26 phk Exp $
|
||||
* $Id: ipcp.c,v 1.9 1996/10/06 13:32:28 jkh Exp $
|
||||
*
|
||||
* TODO:
|
||||
* o More RFC1772 backwoard compatibility
|
||||
@ -35,6 +35,7 @@
|
||||
#include "os.h"
|
||||
#include "phase.h"
|
||||
#include "vars.h"
|
||||
#include "alias.h"
|
||||
|
||||
extern void PutConfValue();
|
||||
extern void Prompt();
|
||||
@ -274,6 +275,8 @@ struct fsm *fp;
|
||||
OsLinkup();
|
||||
IpcpStartReport();
|
||||
StartIdleTimer();
|
||||
if (mode & MODE_ALIAS)
|
||||
SetAliasAddress(IpcpInfo.want_ipaddr);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: main.c,v 1.22 1996/10/12 16:20:32 jkh Exp $
|
||||
* $Id: main.c,v 1.23 1996/12/03 21:38:48 nate Exp $
|
||||
*
|
||||
* TODO:
|
||||
* o Add commands for traffic summary, version display, etc.
|
||||
@ -35,6 +35,8 @@
|
||||
#include <unistd.h>
|
||||
#include <sys/socket.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include "modem.h"
|
||||
#include "os.h"
|
||||
#include "hdlc.h"
|
||||
@ -46,6 +48,7 @@
|
||||
#include "filter.h"
|
||||
#include "systems.h"
|
||||
#include "ip.h"
|
||||
#include "alias.h"
|
||||
|
||||
#define LAUTH_M1 "Warning: No password entry for this host in ppp.secret\n"
|
||||
#define LAUTH_M2 "Warning: All manipulation is allowed by anyone in the world\n"
|
||||
@ -214,7 +217,7 @@ void
|
||||
Usage()
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: ppp [-auto | -direct | -dedicated | -ddial ] [system]\n");
|
||||
"Usage: ppp [-auto | -direct | -dedicated | -ddial ] [ -alias ] [system]\n");
|
||||
exit(EX_START);
|
||||
}
|
||||
|
||||
@ -235,6 +238,10 @@ ProcessArgs(int argc, char **argv)
|
||||
mode |= MODE_DEDICATED;
|
||||
else if (strcmp(cp, "ddial") == 0)
|
||||
mode |= MODE_DDIAL|MODE_AUTO;
|
||||
else if (strcmp(cp, "alias") == 0) {
|
||||
mode |= MODE_ALIAS;
|
||||
optc--; /* this option isn't exclusive */
|
||||
}
|
||||
else
|
||||
Usage();
|
||||
optc++;
|
||||
@ -274,6 +281,7 @@ char **argv;
|
||||
Greetings();
|
||||
GetUid();
|
||||
IpcpDefAddress();
|
||||
InitAlias();
|
||||
|
||||
if (SelectSystem("default", CONFFILE) < 0) {
|
||||
fprintf(stderr, "Warning: No default entry is given in config file.\n");
|
||||
@ -872,14 +880,23 @@ DoLoop()
|
||||
if (LcpFsm.state <= ST_CLOSED && (mode & MODE_AUTO)) {
|
||||
pri = PacketCheck(rbuff, n, FL_DIAL);
|
||||
if (pri >= 0) {
|
||||
if (mode & MODE_ALIAS) {
|
||||
PacketAliasOut(rbuff);
|
||||
n = ntohs(((struct ip *) rbuff)->ip_len);
|
||||
}
|
||||
IpEnqueue(pri, rbuff, n);
|
||||
dial_up = TRUE; /* XXX */
|
||||
dial_up = TRUE; /* XXX */
|
||||
}
|
||||
continue;
|
||||
}
|
||||
pri = PacketCheck(rbuff, n, FL_OUT);
|
||||
if (pri >= 0)
|
||||
if (pri >= 0) {
|
||||
if (mode & MODE_ALIAS) {
|
||||
PacketAliasOut(rbuff);
|
||||
n = ntohs(((struct ip *) rbuff)->ip_len);
|
||||
}
|
||||
IpEnqueue(pri, rbuff, n);
|
||||
}
|
||||
}
|
||||
}
|
||||
logprintf("job done.\n");
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" manual page [] for ppp 0.94 beta2 + alpha
|
||||
.\" $Id: ppp.8,v 1.19 1996/10/31 19:55:05 joerg Exp $
|
||||
.\" $Id: ppp.8,v 1.20 1996/12/03 21:38:52 nate Exp $
|
||||
.Dd 20 September 1995
|
||||
.Os FreeBSD
|
||||
.Dt PPP 8
|
||||
@ -9,7 +9,8 @@
|
||||
Point to Point Protocol (aka iijppp)
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl auto | ddial | dedicated | direct
|
||||
.Op Fl auto | ddial | direct | dedicated
|
||||
.Op Fl alias
|
||||
.Op Ar system
|
||||
.Sh DESCRIPTION
|
||||
This is a user process
|
||||
@ -53,13 +54,21 @@ will act as a daemon and wait for a packet to be sent over the
|
||||
link. When this happens, the daemon automatically dials and establishes the
|
||||
connection.
|
||||
|
||||
In almost the same manner ddial mode (dedicated dialing or demon dialing)
|
||||
In almost the same manner ddial mode (dedicated or demon dialing)
|
||||
also automatically dials and establishes the connection. However, it
|
||||
differs in that it will dial the remote site any time it detects the
|
||||
link is down, even if there are no packets to be sent. This mode is
|
||||
useful for full-time connections who worry less about line charges
|
||||
and more about being connected full time.
|
||||
|
||||
.It Supports packet aliasing.
|
||||
Packet aliasing, more commonly known as masquerading, allows computers
|
||||
on a private, unregistered network to access the internet. The
|
||||
.Em PPP
|
||||
host acts as a masquerading gateway. IP addresses as well as TCP and
|
||||
UDP port numbers are aliased for outgoing packets and de-aliased for
|
||||
returning packets.
|
||||
|
||||
.It Supports server-side PPP connections.
|
||||
Can act as server which accepts incoming
|
||||
.Em PPP
|
||||
@ -380,6 +389,36 @@ You must use
|
||||
.Dq quit all
|
||||
to terminate the program as well.
|
||||
|
||||
.Sh PACKET ALIASING
|
||||
|
||||
The
|
||||
.Fl alias
|
||||
command line option enables packet aliasing. This allows the
|
||||
ppp host to act as a masquerading gateway for other computers over
|
||||
a local area network. Outgoing IP packets are are aliased so that
|
||||
they appear to come from the ppp host, and incoming packets are
|
||||
de-aliased so that they are routed to the correct machine on the
|
||||
local area network.
|
||||
|
||||
Packet aliasing allows computers on private, unregistered
|
||||
subnets to have internet access, although they are invisible
|
||||
from the outside world.
|
||||
|
||||
In general, correct ppp operation should first be verified
|
||||
with packet aliasing disabled. Then, the
|
||||
.Fl alias
|
||||
option should be switched on, and network applications (web browser,
|
||||
telnet, ftp, ping, traceroute) should be checked on the ppp host.
|
||||
Finally, the same or similar applications should be checked on other
|
||||
computers in the LAN.
|
||||
|
||||
If network applications work correctly on the ppp host, but not on
|
||||
other machines in the LAN, then the masquerading software is working
|
||||
properly, but the host is either not forwarding or possibly receiving
|
||||
IP packets. Check that IP forwarding is enabled in /etc/sysconfig
|
||||
and that other machines have designated the ppp host as the gateway
|
||||
for the LAN.
|
||||
|
||||
.Sh PACKET FILTERING
|
||||
|
||||
This implementation supports packet filtering. There are three kinds of
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" manual page [] for ppp 0.94 beta2 + alpha
|
||||
.\" $Id: ppp.8,v 1.19 1996/10/31 19:55:05 joerg Exp $
|
||||
.\" $Id: ppp.8,v 1.20 1996/12/03 21:38:52 nate Exp $
|
||||
.Dd 20 September 1995
|
||||
.Os FreeBSD
|
||||
.Dt PPP 8
|
||||
@ -9,7 +9,8 @@
|
||||
Point to Point Protocol (aka iijppp)
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl auto | ddial | dedicated | direct
|
||||
.Op Fl auto | ddial | direct | dedicated
|
||||
.Op Fl alias
|
||||
.Op Ar system
|
||||
.Sh DESCRIPTION
|
||||
This is a user process
|
||||
@ -53,13 +54,21 @@ will act as a daemon and wait for a packet to be sent over the
|
||||
link. When this happens, the daemon automatically dials and establishes the
|
||||
connection.
|
||||
|
||||
In almost the same manner ddial mode (dedicated dialing or demon dialing)
|
||||
In almost the same manner ddial mode (dedicated or demon dialing)
|
||||
also automatically dials and establishes the connection. However, it
|
||||
differs in that it will dial the remote site any time it detects the
|
||||
link is down, even if there are no packets to be sent. This mode is
|
||||
useful for full-time connections who worry less about line charges
|
||||
and more about being connected full time.
|
||||
|
||||
.It Supports packet aliasing.
|
||||
Packet aliasing, more commonly known as masquerading, allows computers
|
||||
on a private, unregistered network to access the internet. The
|
||||
.Em PPP
|
||||
host acts as a masquerading gateway. IP addresses as well as TCP and
|
||||
UDP port numbers are aliased for outgoing packets and de-aliased for
|
||||
returning packets.
|
||||
|
||||
.It Supports server-side PPP connections.
|
||||
Can act as server which accepts incoming
|
||||
.Em PPP
|
||||
@ -380,6 +389,36 @@ You must use
|
||||
.Dq quit all
|
||||
to terminate the program as well.
|
||||
|
||||
.Sh PACKET ALIASING
|
||||
|
||||
The
|
||||
.Fl alias
|
||||
command line option enables packet aliasing. This allows the
|
||||
ppp host to act as a masquerading gateway for other computers over
|
||||
a local area network. Outgoing IP packets are are aliased so that
|
||||
they appear to come from the ppp host, and incoming packets are
|
||||
de-aliased so that they are routed to the correct machine on the
|
||||
local area network.
|
||||
|
||||
Packet aliasing allows computers on private, unregistered
|
||||
subnets to have internet access, although they are invisible
|
||||
from the outside world.
|
||||
|
||||
In general, correct ppp operation should first be verified
|
||||
with packet aliasing disabled. Then, the
|
||||
.Fl alias
|
||||
option should be switched on, and network applications (web browser,
|
||||
telnet, ftp, ping, traceroute) should be checked on the ppp host.
|
||||
Finally, the same or similar applications should be checked on other
|
||||
computers in the LAN.
|
||||
|
||||
If network applications work correctly on the ppp host, but not on
|
||||
other machines in the LAN, then the masquerading software is working
|
||||
properly, but the host is either not forwarding or possibly receiving
|
||||
IP packets. Check that IP forwarding is enabled in /etc/sysconfig
|
||||
and that other machines have designated the ppp host as the gateway
|
||||
for the LAN.
|
||||
|
||||
.Sh PACKET FILTERING
|
||||
|
||||
This implementation supports packet filtering. There are three kinds of
|
||||
|
Loading…
Reference in New Issue
Block a user