freebsd-skq/usr.sbin/ppp
nate 1d0c7cf264 Compute IP checksums in addition to TCP checksums when necessary in the
new 'aliased' packets.  Note, if the original packet has a bogus cksum,
we will *NOT* re-compute the cksum, therefore the new packet will also
be wrong (but passed on).

Found by:	MartinRenters@awfulhak.demon.co.uk
Reviewed by:	Brian Somers <brian@awfulhak.demon.co.uk>
Submitted by:	Charles Mott <cmott@srv.net>
1996-12-21 18:34:52 +00:00
..
alias_db.c The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
alias_ftp.c The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
alias_util.c The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
alias.c Compute IP checksums in addition to TCP checksums when necessary in the 1996-12-21 18:34:52 +00:00
alias.h Fixed prototypes of PacketAliasIn/Out. (cosmetic) 1996-12-19 00:41:42 +00:00
alias.p The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
arp.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
arp.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
async.c Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
auth.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
auth.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
ccp.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
ccp.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
cdefs.h Compile error occured by missing auth.h/cdefs.h 1995-02-27 03:18:28 +00:00
chap.c typo 1996-11-19 11:08:27 +00:00
chap.h Use libmd's MD5. 1996-01-30 20:04:34 +00:00
chat.c Avoid some buffer overrun problems. 1996-12-15 20:39:30 +00:00
chat.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
command.c Added my 'ddial' patches to user-PPP. The new mode tries it's darndest 1996-12-03 21:38:52 +00:00
command.h New user Process PPP based on iij-ppp0.94beta2. 1995-02-26 12:18:08 +00:00
defs.h The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
filter.c A random bunch of cleanup changes. 1996-01-10 21:28:04 +00:00
filter.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
fsm.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
fsm.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
global.h New user Process PPP based on iij-ppp0.94beta2. 1995-02-26 12:18:08 +00:00
hdlc.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
hdlc.h Some patches to ppp which improve stability. I have been running a 1996-01-30 11:08:50 +00:00
ip.c Fixed prototypes of PacketAliasIn/Out. (cosmetic) 1996-12-19 00:41:42 +00:00
ip.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
ipcp.c The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
ipcp.h Add support for the Evil Microsoft ppp extentions. Yes, they did it 1996-10-06 13:32:37 +00:00
lcp.c 1. Room to calculate MD5 for CHAP negotiation is shorter than 1996-10-12 16:20:34 +00:00
lcp.h Compile error occured by missing auth.h/cdefs.h 1995-02-27 03:18:28 +00:00
lcpproto.h Compile error occured by missing auth.h/cdefs.h 1995-02-27 03:18:28 +00:00
log.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
log.h Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
lqr.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
lqr.h Some patches to ppp which improve stability. I have been running a 1996-01-30 11:08:50 +00:00
main.c Fixed prototypes of PacketAliasIn/Out. (cosmetic) 1996-12-19 00:41:42 +00:00
main.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
Makefile The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
mbuf.c Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
mbuf.h New user Process PPP based on iij-ppp0.94beta2. 1995-02-26 12:18:08 +00:00
modem.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
modem.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
os.c Fix up programs which expect <net/if.h> to include <sys/time.h> to instead 1996-12-10 17:11:53 +00:00
os.h A random bunch of cleanup changes. 1996-01-10 21:28:04 +00:00
pap.c Properly include prototypes. 1996-10-07 04:21:09 +00:00
pap.h 1995-01-31 06:29:58 +00:00
passwdauth.c Make changes suggested in PR#1825, closing it. Removes default local 1996-10-18 03:47:53 +00:00
passwdauth.h Add support for the Evil Microsoft ppp extentions. Yes, they did it 1996-10-06 13:32:37 +00:00
pathnames.h Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
phase.h New user Process PPP based on iij-ppp0.94beta2. 1995-02-26 12:18:08 +00:00
ppp.8 The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
ppp.8.m4 The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
pred.c Reset Pred1 protocol on FCS errors. 1996-07-21 13:01:27 +00:00
pred.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
README.alias The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
README.nat The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
route.c Fix up programs which expect <net/if.h> to include <sys/time.h> to instead 1996-12-10 17:11:53 +00:00
route.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
slcompress.c Fix editing mistake in last commit...sorry. 1996-04-11 08:24:04 +00:00
slcompress.h Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
systems.c Avoid some buffer overrun problems. 1996-12-15 20:39:30 +00:00
systems.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
timeout.h 1.Reducing cpu usage at off connection. 1995-03-11 15:18:55 +00:00
timer.c A random bunch of cleanup changes. 1996-01-10 21:28:04 +00:00
vars.c Add passwdauth to list of vars. 1996-10-06 19:39:08 +00:00
vars.h Add support for the Evil Microsoft ppp extentions. Yes, they did it 1996-10-06 13:32:37 +00:00
vjcomp.c Some patches to ppp which improve stability. I have been running a 1996-01-30 11:08:50 +00:00

User PPP Packet Aliasing

0. Contents
    1. Background
    2. Setup
    3. Future Development


1. Background

User ppp has embedded packet aliasing (IP masquerading) code.
When this capability is enabled by the "-alias" command line
option, the ppp host will automatically alias IP packets forwarded
from a local network so that they appear to come from the ppp
host machine.  Incoming packets from the outside world are then
appropriately de-aliased.

The process of aliasing involves both the IP address as well as
TCP and UDP port numbers.  ICMP packets can be aliased by either
their id or sequence numbers.

This software was specifically meant to support users who have
unregistered, private address IP networks (e.g. 192.168.0.x or
10.0.0.x addresses).  The ppp host can act as a gateway for these
networks, and computers on the local area net will have some
degree of internet access without the need for a registered IP
address.  Additionally, there will be no need for an internet
service provider to maintain routing tables for the local area
network. 

A disadvantage of packet aliasing is that machines on the local
network, behind the ppp host, can establish tcp connections and
make udp inqiries (such as domain name service requests), but these
machines, other than the ppp host itself, are not visible from
the outside world.  There is, in effect, a partial firewall.

A second disadvantage is that "IP encoding" protocols, which send
IP address or port information within the data stream, are not
supported unless exception code has been put in place.  A workaround
for ftp, which is the most well known of the IP encoding protocols,
has been developed in this implementation, so users do not have
to depend on using the ftp passive mode, as is sometimes the case
with other masquerading solutions.

All standard, non-encoding TCP and UDP protocals are supported,
Examples of these protocols are http, gopher and telnet.  The
standard UDP mode of RealAudio is not presently supported,
but the TCP mode does work correctly.  IRC is reported by users
to work in some, but not all, modes.

The packet aliasing code also handle many ICMP messages.  In
particular, ping and traceroute are supported.



2. Packet Aliasing Setup

It is recommended that correct ppp operation first be verified
without packet aliasing enabled.  Then ppp can be started with
the "-alias" option in the command line.  Correct network operation
of the ppp host in packet aliasing mode should then be verified.
Finally, machines on the private network should be checked to see
whether they can access the internet.

Since the masquerading software aliases all packets, whether
they come from the host or another computer on the local area
network, a correctly operating ppp host will indicate that the
software should work properly for other computers on the private
network.  

If the ppp host can access the internet, but other computers on
the local network cannot do this, then it should be checked that
IP forwarding is enabled on the ppp host and that the other
computers use this machine as a gateway.  Of course, proper
communications between machines within the local area network
should also be verified (do they use consistent subnet addresses
and masks?).



3.  Future Development

What is called packet aliasing here has been variously called
masquerading, network address translation (NAT) and transparent
proxying by others.  It is an extremely useful function to
many users, but it is also necessarily imperfect.  Workarounds
(hacks) are always needed for the occasional IP-encoding
protocols.

The specific solution implemented here does not block off or
reserve any segment of TCP or UDP ports on the ppp host for use
by the masquerading function.  No communication to the kernel
is needed in this matter.  All packets are aliased, whether
they originate from the ppp host or other computers on the
local network.  This is a central issue, and some programmers
may wish to handle this differently.

The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c
and alias_util.c) runs in user space, and is intended to be
both portable and reusable for interfaces other than ppp.  The
basic engine is accessed by four simple function calls
(initialization, communication of host address, outgoing
aliasing and incoming de-aliasing).

Limited IP fragment handling exists.  Once the packet aliasing
software sees the header fragment of a packet, all other fragments
will be correctly forwarded.  However, if the header fragment
does not come first, then some fragments will be lost.

Charles Mott (cmott@srv.net)
December 4, 1996