hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-16 15:44:04 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use the latest alias engine - now in libalias.

Browse Source 
Submitted by:	Charles Mott <cmott@srv.net>
This commit is contained in:
Brian Somers 1997-05-23 04:54:03 +00:00
parent 75795a87aa
commit 6db75539f1
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=26031
13 changed files with 814 additions and 2599 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
usr.sbin/ppp/Makefile
View File

@ -1,15 +1,14 @@
# $Id: Makefile,v 1.17 1997/03/30 12:12:20 brian Exp $
# $Id: Makefile,v 1.18 1997/03/31 22:50:59 brian Exp $
PROG= ppp
SRCS= async.c auth.c ccp.c chap.c chat.c command.c filter.c fsm.c hdlc.c \
ip.c ipcp.c lcp.c lqr.c log.c main.c mbuf.c modem.c os.c \
pap.c pred.c route.c slcompress.c timer.c systems.c vars.c \
vjcomp.c arp.c alias.c alias_db.c alias_ftp.c alias_util.c \
passwdauth.c sig.c
SRCS= alias_cmd.c arp.c async.c auth.c ccp.c chap.c chat.c command.c \
filter.c fsm.c hdlc.c ip.c ipcp.c lcp.c log.c lqr.c main.c mbuf.c \
modem.c os.c pap.c passwdauth.c pred.c route.c sig.c slcompress.c \
systems.c timer.c vars.c vjcomp.c
#CFLAGS+= -DHAVE_SHELL_CMD_WITH_ANY_MODE
CFLAGS += -Wall -DMSEXT -DPASSWDAUTH
LDADD += -lmd -lcrypt -lutil
DPADD += ${LIBMD} ${LIBCRYPT} ${LIBUTIL}
LDADD += -lmd -lcrypt -lutil -lalias
DPADD += ${LIBMD} ${LIBCRYPT} ${LIBUTIL} ${LIBALIAS}
MAN8= ppp.8
BINMODE=4555
BINOWN= root

400
usr.sbin/ppp/README.alias
View File

@ -1,112 +1,352 @@
User PPP Packet Aliasing
0. Contents
1. Background
2. Setup
3. Future Development
3. New commands in ppp
4. Future Work
5. Authors / Acknowledgments
6. Revision History for Aliasing Code
1. Background
User ppp has embedded packet aliasing (IP masquerading) code.
When this capability is enabled by the "-alias" command line
option, the ppp host will automatically alias IP packets forwarded
from a local network so that they appear to come from the ppp
host machine. Incoming packets from the outside world are then
appropriately de-aliased.
User mode ppp has embedded packet aliasing (IP masquerading) code.
Enabling this, either by the "-alias" command line option or the
"alias enable yes" command in a ppp.conf file, makes the ppp host
automatically alias IP packets forwarded from a local network, making
them appear to come from the ppp host machine. Incoming packets
from the outside world are then appropriately de-aliased.
The process of aliasing involves both the IP address as well as
TCP and UDP port numbers. ICMP packets can be aliased by either
their id or sequence numbers.
The process of aliasing involves both the IP address and the TCP or UDP
port numbers. ICMP echo and timestamp packets are aliased by their id
numbers. ICMP error messages can be properly directed by examining the
fragment of the offending packet which is contained in the body of the
message.
This software was specifically meant to support users who have
unregistered, private address IP networks (e.g. 192.168.0.x or
10.0.0.x addresses). The ppp host can act as a gateway for these
networks, and computers on the local area net will have some
degree of internet access without the need for a registered IP
address. Additionally, there will be no need for an internet
service provider to maintain routing tables for the local area
network.
unregistered, private address IP networks (e.g. 192.168.0.x or 10.0.0.x
addresses). The ppp host can act as a gateway for these networks, and
computers on the local area net will have some degree of Internet access
without the need for a registered IP address. Additionally, there will
be no need for an Internet service provider to maintain routing tables
for the local area network.
A disadvantage of packet aliasing is that machines on the local
network, behind the ppp host, can establish tcp connections and
make udp inqiries (such as domain name service requests), but these
machines, other than the ppp host itself, are not visible from
the outside world. There is, in effect, a partial firewall.
A disadvantage of packet aliasing is that machines on the local network,
behind the ppp host, are not visible from the outside world. They can
establish TCP connections and make UDP inquiries (such as domain name
service requests) but the connections seem to come from the ppp host
itself. There is, in effect, a partial firewall. Of course, if this is
what you want, the disadvantage becomes an advantage.
A second disadvantage is that "IP encoding" protocols, which send
IP address or port information within the data stream, are not
supported unless exception code has been put in place. A workaround
for ftp, which is the most well known of the IP encoding protocols,
has been developed in this implementation, so users do not have
to depend on using the ftp passive mode, as is sometimes the case
with other masquerading solutions.
A second disadvantage is that "IP encoding" protocols, which send IP
address or port information within the data stream, are not supported
for the cases where exception code exists. This implementation has
workarounds for FTP and IRC DCC, the most well known of the IP encoding
protocols. This frees users from depending on using the ftp passive
mode and avoiding IRC DCC sends, as is sometimes the case with other
masquerading solutions.
All standard, non-encoding TCP and UDP protocals are supported,
Examples of these protocols are http, gopher and telnet. The
standard UDP mode of RealAudio is not presently supported,
but the TCP mode does work correctly. IRC is reported by users
to work in some, but not all, modes.
The implementation supports all standard, non-encoding TCP and UDP protocols.
Examples of these protocols are http, gopher and telnet. The standard UDP
mode of RealAudio is not presently supported, but the TCP mode does work
correctly.
The packet aliasing code also handle many ICMP messages. In
particular, ping and traceroute are supported.
The packet aliasing code also handle many ICMP messages. In particular,
ping and traceroute are supported.
2. Packet Aliasing Setup
It is recommended that correct ppp operation first be verified
without packet aliasing enabled. Then ppp can be started with
the "-alias" option in the command line. Correct network operation
of the ppp host in packet aliasing mode should then be verified.
Finally, machines on the private network should be checked to see
whether they can access the internet.
It is recommended that users first verify correct ppp operation without
packet aliasing enabled. This will confirm that the ppp.conf file is
properly set up and that there are no ppp problems. Then start ppp with
the "-alias" option on the command line. The user should verify that
the ppp host can correctly connect to the Internet in packet aliasing
mode. Finally, check that machines on the private network can access
the Internet.
Since the masquerading software aliases all packets, whether
they come from the host or another computer on the local area
network, a correctly operating ppp host will indicate that the
software should work properly for other computers on the private
network.
The masquerading software aliases all packets, whether they come from
the host or another computer on the local area network. Thus, a correctly
operating ppp host indicates that the software should work properly for
other computers on the private network.
If the ppp host can access the internet, but other computers on
the local network cannot do this, then it should be checked that
IP forwarding is enabled on the ppp host and that the other
computers use this machine as a gateway. Of course, proper
communications between machines within the local area network
should also be verified (do they use consistent subnet addresses
and masks?).
If the ppp host can access the Internet, but other computers on the local
network cannot, check that IP forwarding is enabled on the ppp host. Also,
verify that the other computers use this machine as a gateway. Of course,
you should also verify that machines within the local area network
communicate properly. A common error is inconsistent subnet addresses
and masks.
3. Future Development
3. New commands in ppp
What is called packet aliasing here has been variously called
masquerading, network address translation (NAT) and transparent
proxying by others. It is an extremely useful function to
many users, but it is also necessarily imperfect. Workarounds
(hacks) are always needed for the occasional IP-encoding
protocols.
In order to control aliasing behavior in a simple manner (no need for
recompilation), a new command has been added to iij-ppp: alias. This
is in addition to the -alias command line option. System managers and
more experienced users may prefer to use the iij-ppp command syntax
within the ppp.conf file. The alias command also allows packet aliasing
behavior to be more precisely specified.
The specific solution implemented here does not block off or
reserve any segment of TCP or UDP ports on the ppp host for use
by the masquerading function. No communication to the kernel
is needed in this matter. All packets are aliased, whether
they originate from the ppp host or other computers on the
local network. This is a central issue, and some programmers
may wish to handle this differently.
The decision to add a command instead of extending 'set' or 'option' was
to make obvious that these options only work when aliasing is enabled.
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c
and alias_util.c) runs in user space, and is intended to be
both portable and reusable for interfaces other than ppp. The
basic engine is accessed by four simple function calls
(initialization, communication of host address, outgoing
aliasing and incoming de-aliasing).
The syntax for 'alias' is
Limited IP fragment handling exists. Once the packet aliasing
software sees the header fragment of a packet, all other fragments
will be correctly forwarded. However, if the header fragment
does not come first, then some fragments will be lost.
ppp> alias option [yes|no]
Charles Mott (cmott@srv.net)
December 4, 1996
where option is given by one of the following templates.
- alias enable [yes|no] (default no)
Enable packet aliasing functionality. If disabled, no other alias
options will have any effect. You should usually enable aliasing
before routing any packets over the link; good points are in the
initial script or right before adding a route. If you do not always
want aliasing, consider using the -alias option to ppp instead of this
command.
- alias deny_incoming [yes|no] (default yes)
Set to "yes" to disable all incoming connections. This just drops
connections to, for example, ftp, telnet or web servers. The aliasing
mechanism prevents these connections. Technically, this option denies
all incoming TCP and UDP requests, making the aliasing software a
fairly efficient one-way firewall. The default is no, which will
all incoming connections to telnetd, ftpd, etc.
- alias log [yes|no]
Controls logging of alias link creation to "/var/log/alias.log" - this
is usually only useful if debugging a setup, to see if the bug is in
the PPP aliasing. The debugging information is fairly limited, listing
the number of aliasing links open for different prototocols.
- alias same_ports [yes|no] (default yes)
When a connection is being established going through the aliasing
routines, it will normally have its port number changed to allow the
aliasing code to track it. If same_ports is enabled, the alias
software attempts to keep the connection's source port unchanged.
This will allow rsh, RPC and other specialized protocols to work
_most of the time_, at least on the host machine. Please, do not
report this being unstable as a bug - it is a result of the way
aliasing has to work. TCP/IP was intended to have one IP address
per machine.
- alias use_sockets [yes|no] (default yes)
This is a fairly obscure option. For the most part, the packet aliasing
software does not have to allocate system sockets when it chooses an
aliasing port number. Under very specific circumstances, FTP data
connections (which don't know the remote port nubmer, though it is
usually 20) and IRC DCC send (which doesn't know either the address or
the port from which the connection will come), there can potentially be
some interference with an open server socket having the same port number
on the ppp host machine. This possibility for interferience only exists
until the TCP connection has been acknowledged on both sides. The safe
option is yes, though fewer system resources are consumed by specifying
no.
- alias unregistered_only [yes|no] (default no)
Packet aliasing normally remaps all packets coming from the local area
network to the ppp host machine address. Set this option to only map
addresses from the following standard ranges for private, unregistered
addresses:
10.0.0.0 -> 10.255.255.255
172.16.0.0 -> 172.31.255.255
192.168.0.0 -> 192.168.255.255 */
In the instance that there is a subnet of public addresses and another
subnet of private addresses being routed by the ppp host, then only the
packets on the private subnet will be aliased.
- alias port <proto> <local addr>:<port> <alias port>
This command allows incoming traffic to <alias port> on the host
machine to be redirected to a specific machine and port on the
local area network. One example of this would be:
alias port tcp 192.168.0.4:telnet 8066
All traffic to port 8066 fthe ppp host would then be sent to
the telnet port (23) of machine 192.168.0.4. Port numbers
can either be designated numerically or by symbolic names
listed in /etc/services. Similarly, addresses can be either
in dotted quad notation or in /etc/hosts.
- alias addr <local addr> <public addr>
This command allows traffic for a public IP address to be
redirected to a machine on the local network. This function
is known as "static NAT". An address assignment of 0 refers
to the default address of the ppp host. Normally static
NAT is useful if your ISP has allocated a small block of
IP addresses to the user, but it can even be used in the
case of a single, dynamically allocated IP address:
alias addr 10.0.0.8 0
The above command would redirect all incoming traffic to
machine 10.0.0.8.
If several address aliases specifiy the same public addres
as follows
alias addr 192.168.0.2 public_addr
alias addr 192.168.0.3 public_addr
alias addr 192.168.0.4 public_addr
then incoming traffice will be directed to the last
translated local address (192.168.0.4), but outgoing
traffic to the first two addresses will still be aliased
to the specified public address.
4. Future Work
What is called packet aliasing here has been variously called masquerading,
network address translation (NAT) and transparent proxying by others. It
is an extremely useful function to many users, but it is also necessarily
imperfect. The occasional IP-encoding protocols always need workarounds
(hacks). Users who are interested in supporting new IP-encoding protocols
can follow the examples of alias_ftp.c and alias_irc.c.
ICMP error messages are currently handled only in the incoming direction.
A handler needs to be added to correctly alias outgoing error messages.
IRC and FTP exception handling make reasonable, though not strictly correct
assumptions, about how IP encoded messages will appear in the control
stream. Programmers may wish to consider how to make this process more
robust.
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c, alias_irc.c
and alias_util.c) runs in user space, and is intended to be both portable
and reusable for interfaces other than ppp. To access the basic engine
only requires four simple function calls (initialization, communication of
host address, outgoing aliasing and incoming de-aliasing).
5. Authors / Acknowledgments
Charles Mott (cmott@srv.net) <versions 1.0 - 1.8, 2.0, 2.1>
Eivind Eklund (perhaps@yes.no) <versions 1.8b - 1.9, new ppp commands>
Listed below, in chronological order, are individuals who have provided
valuable comments and/or debugging assistance.
Gary Roberts
Tom Torrance
Reto Burkhalter
Martin Renters
Brian Somers
Paul Traina
Ari Suutari
J. Fortes
Andrzej Bialeki
6. Revision History for Aliasing Code
Version 1.0: August 11, 1996 (cjm)
Version 1.1: August 20, 1996 (cjm)
PPP host accepts incoming connections for ports 0 to 1023.
Version 1.2: September 7, 1996 (cjm)
Fragment handling error in alias_db.c corrected.
Version 1.3: September 15, 1996 (cjm)
- Generalized mechanism for handling incoming connections
(no more 0 to 1023 restriction).
- Increased ICMP support (will handle traceroute now).
- Improved TCP close connection logic.
Version 1.4: September 16, 1996
Can't remember (this version only lasted a day -- cjm).
Version 1.5: September 17, 1996 (cjm)
Corrected error in handling incoming UDP packets
with zero checksum.
Version 1.6: September 18, 1996
Simplified ICMP data storage. Will now handle
tracert from Win95 as well as FreeBSD traceroute.
Verstion 1.7: January 9, 1997 (cjm)
- Reduced malloc() activity for ICMP echo and
timestamp requests.
- Added handling for out-of-order IP fragments.
- Switched to differential checksum computation
for IP headers (TCP, UDP and ICMP checksums
were already differential).
- Accepts FTP data connections from other than
port 20. This allows one ftp connections
from two hosts which are both running packet
aliasing.
Verstion 1.8: January 14, 1997 (cjm)
- Fixed data type error in function StartPoint()
in alias_db.c (this bug did not exist before v1.7)
Version 1.8b: January 16, 1997 (Eivind Eklund <perhaps@yes.no>)
- Upgraded base PPP version to be the sourcecode from
FreeBSD 2.1.6, with additional security patches. This
version should still be possible to run on 2.1.5, though -
I've run it with a 2.1.5 kernel without problems.
(Update done with the permission of cjm)
Version 1.9: February 1, 1997 (Eivind Eklund <perhaps@yes.no>)
- Added support for IRC DCC (ee)
- Changed the aliasing routines to use ANSI style throughout -
minor API changes for integration with other programs than PPP (ee)
- Changed the build process, making all options switchable
from the Makefile (ee)
- Fixed minor security hole in alias_ftp.c for other applications
of the aliasing software. Hole could _not_ manifest in
PPP+pktAlias, but could potentially manifest in other
applications of the aliasing. (ee)
- Connections initiated from packet aliasing host machine will
not have their port number aliased unless it conflicts with
an aliasing port already being used. (There is an option to
disable this for debugging) (cjm)
- Sockets will be allocated in cases where there might be
port interference with the host machine. This can be disabled
in cases where the ppp host will be acting purely as a
masquerading router and not generate any traffic of its own.
(cjm)
Version 2.0: March, 1997 (cjm)
- Incoming packets which are not recognized by the packet
aliasing engine are now completely dropped in ip.c.
- Aliasing links are cleared when a host interface address
changes (due to re-dial and dynamic address allocatioa).
- PacketAliasPermanentLink() API added.
- Option for only aliasing private, unregistered IP addresses
added.
- Substantial rework to the aliasing lookup engine.
Version 2.1: May, 1997 (cjm)
- Continuing rework to the aliasing lookup engine to support
multiple incoming addresses and static NAT.
- Now supports outgoing as well as incoming ICMP error messges/
- PPP commands to support address and port redirection.

400
usr.sbin/ppp/README.nat
View File

@ -1,112 +1,352 @@
User PPP Packet Aliasing
0. Contents
1. Background
2. Setup
3. Future Development
3. New commands in ppp
4. Future Work
5. Authors / Acknowledgments
6. Revision History for Aliasing Code
1. Background
User ppp has embedded packet aliasing (IP masquerading) code.
When this capability is enabled by the "-alias" command line
option, the ppp host will automatically alias IP packets forwarded
from a local network so that they appear to come from the ppp
host machine. Incoming packets from the outside world are then
appropriately de-aliased.
User mode ppp has embedded packet aliasing (IP masquerading) code.
Enabling this, either by the "-alias" command line option or the
"alias enable yes" command in a ppp.conf file, makes the ppp host
automatically alias IP packets forwarded from a local network, making
them appear to come from the ppp host machine. Incoming packets
from the outside world are then appropriately de-aliased.
The process of aliasing involves both the IP address as well as
TCP and UDP port numbers. ICMP packets can be aliased by either
their id or sequence numbers.
The process of aliasing involves both the IP address and the TCP or UDP
port numbers. ICMP echo and timestamp packets are aliased by their id
numbers. ICMP error messages can be properly directed by examining the
fragment of the offending packet which is contained in the body of the
message.
This software was specifically meant to support users who have
unregistered, private address IP networks (e.g. 192.168.0.x or
10.0.0.x addresses). The ppp host can act as a gateway for these
networks, and computers on the local area net will have some
degree of internet access without the need for a registered IP
address. Additionally, there will be no need for an internet
service provider to maintain routing tables for the local area
network.
unregistered, private address IP networks (e.g. 192.168.0.x or 10.0.0.x
addresses). The ppp host can act as a gateway for these networks, and
computers on the local area net will have some degree of Internet access
without the need for a registered IP address. Additionally, there will
be no need for an Internet service provider to maintain routing tables
for the local area network.
A disadvantage of packet aliasing is that machines on the local
network, behind the ppp host, can establish tcp connections and
make udp inqiries (such as domain name service requests), but these
machines, other than the ppp host itself, are not visible from
the outside world. There is, in effect, a partial firewall.
A disadvantage of packet aliasing is that machines on the local network,
behind the ppp host, are not visible from the outside world. They can
establish TCP connections and make UDP inquiries (such as domain name
service requests) but the connections seem to come from the ppp host
itself. There is, in effect, a partial firewall. Of course, if this is
what you want, the disadvantage becomes an advantage.
A second disadvantage is that "IP encoding" protocols, which send
IP address or port information within the data stream, are not
supported unless exception code has been put in place. A workaround
for ftp, which is the most well known of the IP encoding protocols,
has been developed in this implementation, so users do not have
to depend on using the ftp passive mode, as is sometimes the case
with other masquerading solutions.
A second disadvantage is that "IP encoding" protocols, which send IP
address or port information within the data stream, are not supported
for the cases where exception code exists. This implementation has
workarounds for FTP and IRC DCC, the most well known of the IP encoding
protocols. This frees users from depending on using the ftp passive
mode and avoiding IRC DCC sends, as is sometimes the case with other
masquerading solutions.
All standard, non-encoding TCP and UDP protocals are supported,
Examples of these protocols are http, gopher and telnet. The
standard UDP mode of RealAudio is not presently supported,
but the TCP mode does work correctly. IRC is reported by users
to work in some, but not all, modes.
The implementation supports all standard, non-encoding TCP and UDP protocols.
Examples of these protocols are http, gopher and telnet. The standard UDP
mode of RealAudio is not presently supported, but the TCP mode does work
correctly.
The packet aliasing code also handle many ICMP messages. In
particular, ping and traceroute are supported.
The packet aliasing code also handle many ICMP messages. In particular,
ping and traceroute are supported.
2. Packet Aliasing Setup
It is recommended that correct ppp operation first be verified
without packet aliasing enabled. Then ppp can be started with
the "-alias" option in the command line. Correct network operation
of the ppp host in packet aliasing mode should then be verified.
Finally, machines on the private network should be checked to see
whether they can access the internet.
It is recommended that users first verify correct ppp operation without
packet aliasing enabled. This will confirm that the ppp.conf file is
properly set up and that there are no ppp problems. Then start ppp with
the "-alias" option on the command line. The user should verify that
the ppp host can correctly connect to the Internet in packet aliasing
mode. Finally, check that machines on the private network can access
the Internet.
Since the masquerading software aliases all packets, whether
they come from the host or another computer on the local area
network, a correctly operating ppp host will indicate that the
software should work properly for other computers on the private
network.
The masquerading software aliases all packets, whether they come from
the host or another computer on the local area network. Thus, a correctly
operating ppp host indicates that the software should work properly for
other computers on the private network.
If the ppp host can access the internet, but other computers on
the local network cannot do this, then it should be checked that
IP forwarding is enabled on the ppp host and that the other
computers use this machine as a gateway. Of course, proper
communications between machines within the local area network
should also be verified (do they use consistent subnet addresses
and masks?).
If the ppp host can access the Internet, but other computers on the local
network cannot, check that IP forwarding is enabled on the ppp host. Also,
verify that the other computers use this machine as a gateway. Of course,
you should also verify that machines within the local area network
communicate properly. A common error is inconsistent subnet addresses
and masks.
3. Future Development
3. New commands in ppp
What is called packet aliasing here has been variously called
masquerading, network address translation (NAT) and transparent
proxying by others. It is an extremely useful function to
many users, but it is also necessarily imperfect. Workarounds
(hacks) are always needed for the occasional IP-encoding
protocols.
In order to control aliasing behavior in a simple manner (no need for
recompilation), a new command has been added to iij-ppp: alias. This
is in addition to the -alias command line option. System managers and
more experienced users may prefer to use the iij-ppp command syntax
within the ppp.conf file. The alias command also allows packet aliasing
behavior to be more precisely specified.
The specific solution implemented here does not block off or
reserve any segment of TCP or UDP ports on the ppp host for use
by the masquerading function. No communication to the kernel
is needed in this matter. All packets are aliased, whether
they originate from the ppp host or other computers on the
local network. This is a central issue, and some programmers
may wish to handle this differently.
The decision to add a command instead of extending 'set' or 'option' was
to make obvious that these options only work when aliasing is enabled.
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c
and alias_util.c) runs in user space, and is intended to be
both portable and reusable for interfaces other than ppp. The
basic engine is accessed by four simple function calls
(initialization, communication of host address, outgoing
aliasing and incoming de-aliasing).
The syntax for 'alias' is
Limited IP fragment handling exists. Once the packet aliasing
software sees the header fragment of a packet, all other fragments
will be correctly forwarded. However, if the header fragment
does not come first, then some fragments will be lost.
ppp> alias option [yes|no]
Charles Mott (cmott@srv.net)
December 4, 1996
where option is given by one of the following templates.
- alias enable [yes|no] (default no)
Enable packet aliasing functionality. If disabled, no other alias
options will have any effect. You should usually enable aliasing
before routing any packets over the link; good points are in the
initial script or right before adding a route. If you do not always
want aliasing, consider using the -alias option to ppp instead of this
command.
- alias deny_incoming [yes|no] (default yes)
Set to "yes" to disable all incoming connections. This just drops
connections to, for example, ftp, telnet or web servers. The aliasing
mechanism prevents these connections. Technically, this option denies
all incoming TCP and UDP requests, making the aliasing software a
fairly efficient one-way firewall. The default is no, which will
all incoming connections to telnetd, ftpd, etc.
- alias log [yes|no]
Controls logging of alias link creation to "/var/log/alias.log" - this
is usually only useful if debugging a setup, to see if the bug is in
the PPP aliasing. The debugging information is fairly limited, listing
the number of aliasing links open for different prototocols.
- alias same_ports [yes|no] (default yes)
When a connection is being established going through the aliasing
routines, it will normally have its port number changed to allow the
aliasing code to track it. If same_ports is enabled, the alias
software attempts to keep the connection's source port unchanged.
This will allow rsh, RPC and other specialized protocols to work
_most of the time_, at least on the host machine. Please, do not
report this being unstable as a bug - it is a result of the way
aliasing has to work. TCP/IP was intended to have one IP address
per machine.
- alias use_sockets [yes|no] (default yes)
This is a fairly obscure option. For the most part, the packet aliasing
software does not have to allocate system sockets when it chooses an
aliasing port number. Under very specific circumstances, FTP data
connections (which don't know the remote port nubmer, though it is
usually 20) and IRC DCC send (which doesn't know either the address or
the port from which the connection will come), there can potentially be
some interference with an open server socket having the same port number
on the ppp host machine. This possibility for interferience only exists
until the TCP connection has been acknowledged on both sides. The safe
option is yes, though fewer system resources are consumed by specifying
no.
- alias unregistered_only [yes|no] (default no)
Packet aliasing normally remaps all packets coming from the local area
network to the ppp host machine address. Set this option to only map
addresses from the following standard ranges for private, unregistered
addresses:
10.0.0.0 -> 10.255.255.255
172.16.0.0 -> 172.31.255.255
192.168.0.0 -> 192.168.255.255 */
In the instance that there is a subnet of public addresses and another
subnet of private addresses being routed by the ppp host, then only the
packets on the private subnet will be aliased.
- alias port <proto> <local addr>:<port> <alias port>
This command allows incoming traffic to <alias port> on the host
machine to be redirected to a specific machine and port on the
local area network. One example of this would be:
alias port tcp 192.168.0.4:telnet 8066
All traffic to port 8066 fthe ppp host would then be sent to
the telnet port (23) of machine 192.168.0.4. Port numbers
can either be designated numerically or by symbolic names
listed in /etc/services. Similarly, addresses can be either
in dotted quad notation or in /etc/hosts.
- alias addr <local addr> <public addr>
This command allows traffic for a public IP address to be
redirected to a machine on the local network. This function
is known as "static NAT". An address assignment of 0 refers
to the default address of the ppp host. Normally static
NAT is useful if your ISP has allocated a small block of
IP addresses to the user, but it can even be used in the
case of a single, dynamically allocated IP address:
alias addr 10.0.0.8 0
The above command would redirect all incoming traffic to
machine 10.0.0.8.
If several address aliases specifiy the same public addres
as follows
alias addr 192.168.0.2 public_addr
alias addr 192.168.0.3 public_addr
alias addr 192.168.0.4 public_addr
then incoming traffice will be directed to the last
translated local address (192.168.0.4), but outgoing
traffic to the first two addresses will still be aliased
to the specified public address.
4. Future Work
What is called packet aliasing here has been variously called masquerading,
network address translation (NAT) and transparent proxying by others. It
is an extremely useful function to many users, but it is also necessarily
imperfect. The occasional IP-encoding protocols always need workarounds
(hacks). Users who are interested in supporting new IP-encoding protocols
can follow the examples of alias_ftp.c and alias_irc.c.
ICMP error messages are currently handled only in the incoming direction.
A handler needs to be added to correctly alias outgoing error messages.
IRC and FTP exception handling make reasonable, though not strictly correct
assumptions, about how IP encoded messages will appear in the control
stream. Programmers may wish to consider how to make this process more
robust.
The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c, alias_irc.c
and alias_util.c) runs in user space, and is intended to be both portable
and reusable for interfaces other than ppp. To access the basic engine
only requires four simple function calls (initialization, communication of
host address, outgoing aliasing and incoming de-aliasing).
5. Authors / Acknowledgments
Charles Mott (cmott@srv.net) <versions 1.0 - 1.8, 2.0, 2.1>
Eivind Eklund (perhaps@yes.no) <versions 1.8b - 1.9, new ppp commands>
Listed below, in chronological order, are individuals who have provided
valuable comments and/or debugging assistance.
Gary Roberts
Tom Torrance
Reto Burkhalter
Martin Renters
Brian Somers
Paul Traina
Ari Suutari
J. Fortes
Andrzej Bialeki
6. Revision History for Aliasing Code
Version 1.0: August 11, 1996 (cjm)
Version 1.1: August 20, 1996 (cjm)
PPP host accepts incoming connections for ports 0 to 1023.
Version 1.2: September 7, 1996 (cjm)
Fragment handling error in alias_db.c corrected.
Version 1.3: September 15, 1996 (cjm)
- Generalized mechanism for handling incoming connections
(no more 0 to 1023 restriction).
- Increased ICMP support (will handle traceroute now).
- Improved TCP close connection logic.
Version 1.4: September 16, 1996
Can't remember (this version only lasted a day -- cjm).
Version 1.5: September 17, 1996 (cjm)
Corrected error in handling incoming UDP packets
with zero checksum.
Version 1.6: September 18, 1996
Simplified ICMP data storage. Will now handle
tracert from Win95 as well as FreeBSD traceroute.
Verstion 1.7: January 9, 1997 (cjm)
- Reduced malloc() activity for ICMP echo and
timestamp requests.
- Added handling for out-of-order IP fragments.
- Switched to differential checksum computation
for IP headers (TCP, UDP and ICMP checksums
were already differential).
- Accepts FTP data connections from other than
port 20. This allows one ftp connections
from two hosts which are both running packet
aliasing.
Verstion 1.8: January 14, 1997 (cjm)
- Fixed data type error in function StartPoint()
in alias_db.c (this bug did not exist before v1.7)
Version 1.8b: January 16, 1997 (Eivind Eklund <perhaps@yes.no>)
- Upgraded base PPP version to be the sourcecode from
FreeBSD 2.1.6, with additional security patches. This
version should still be possible to run on 2.1.5, though -
I've run it with a 2.1.5 kernel without problems.
(Update done with the permission of cjm)
Version 1.9: February 1, 1997 (Eivind Eklund <perhaps@yes.no>)
- Added support for IRC DCC (ee)
- Changed the aliasing routines to use ANSI style throughout -
minor API changes for integration with other programs than PPP (ee)
- Changed the build process, making all options switchable
from the Makefile (ee)
- Fixed minor security hole in alias_ftp.c for other applications
of the aliasing software. Hole could _not_ manifest in
PPP+pktAlias, but could potentially manifest in other
applications of the aliasing. (ee)
- Connections initiated from packet aliasing host machine will
not have their port number aliased unless it conflicts with
an aliasing port already being used. (There is an option to
disable this for debugging) (cjm)
- Sockets will be allocated in cases where there might be
port interference with the host machine. This can be disabled
in cases where the ppp host will be acting purely as a
masquerading router and not generate any traffic of its own.
(cjm)
Version 2.0: March, 1997 (cjm)
- Incoming packets which are not recognized by the packet
aliasing engine are now completely dropped in ip.c.
- Aliasing links are cleared when a host interface address
changes (due to re-dial and dynamic address allocatioa).
- PacketAliasPermanentLink() API added.
- Option for only aliasing private, unregistered IP addresses
added.
- Substantial rework to the aliasing lookup engine.
Version 2.1: May, 1997 (cjm)
- Continuing rework to the aliasing lookup engine to support
multiple incoming addresses and static NAT.
- Now supports outgoing as well as incoming ICMP error messges/
- PPP commands to support address and port redirection.

838
usr.sbin/ppp/alias.c
View File

@ -1,838 +0,0 @@
/*
Alias.c provides supervisory control for the functions of the
packet aliasing software. It consists of routines to monitor
TCP connection state, protocol-specific aliasing routines,
limited fragment handling and the two primary outside world
functional interfaces: PacketAliasIn and PacketAliasOut.
The other C program files are briefly described. The data
structure framework which holds information needed to translate
packets is encapsulated in alias_db.c. Data is accessed by
function calls, so other segments of the program need not
know about the underlying data structures. Alias_ftp.c contains
special code for modifying the ftp PORT command used to establish
data connections. Alias_util.c contains a few utility routines.
This software is placed into the public domain with no restrictions
on its distribution.
Version 1.0 August, 1996 (cjm)
Version 1.1 August 20, 1996 (cjm)
PPP host accepts incoming connections for ports 0 to 1023.
Version 1.2 September 7, 1996 (cjm)
Fragment handling error in alias_db.c corrected.
Version 1.4 September 16, 1996 (cjm)
- A more generalized method for handling incoming
connections, without the 0-1023 restriction, is
implemented in alias_db.c
- Improved ICMP support in alias.c. Traceroute
packet streams can now be correctly aliased.
- TCP connection closing logic simplified in
alias.c and now allows for additional 1 minute
"grace period" after FIN or RST is observed.
Version 1.5 September 17, 1996 (cjm)
Corrected error in handling incoming UDP packets with 0 checksum.
Version 1.6 September 18, 1996 (cjm)
Simplified ICMP aliasing scheme. Should now support
traceroute from Win95 as well as FreeBSD.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/param.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <arpa/inet.h>
#include "alias.p"
#define FTP_CONTROL_PORT_NUMBER 21
/* TCP Handling Routines
TcpMonitorIn() -- These routines monitor TCP connections, and
TcpMonitorOut() -- delete a link node when a connection is closed.
These routines look for SYN, ACK and RST flags to determine when TCP
connections open and close. When a TCP connection closes, the data
structure containing packet aliasing information is deleted after
a timeout period.
*/
void
TcpMonitorIn(pip, link)
struct ip *pip;
char *link;
{
struct tcphdr *tc;
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
switch (GetStateIn(link))
{
case 0:
if (tc->th_flags & TH_SYN) SetStateIn(link, 1);
break;
case 1:
if (tc->th_flags & TH_FIN
|| tc->th_flags & TH_RST) SetStateIn(link, 2);
}
}
void
TcpMonitorOut(pip, link)
struct ip *pip;
char *link;
{
struct tcphdr *tc;
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
switch (GetStateOut(link))
{
case 0:
if (tc->th_flags & TH_SYN) SetStateOut(link, 1);
break;
case 1:
if (tc->th_flags & TH_FIN
|| tc->th_flags & TH_RST) SetStateOut(link, 2);
}
}
/* Protocol Specific Packet Aliasing Routines
IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2
IcmpAliasOut(), IcmpAliasOut1()
UdpAliasIn(), UdpAliasOut()
TcpAliasIn(), TcpAliasOut()
These routines handle protocol specific details of packet aliasing.
One may observe a certain amount of repetitive arithmetic in these
functions, the purpose of which is to compute a revised checksum
without actually summing over the entire data packet, which could be
unnecessarily time consuming.
The purpose of the packet aliasing routines is to replace the source
address of the outgoing packet and then correctly put it back for
any incoming packets. For TCP and UDP, ports are also re-mapped.
For ICMP echo/timestamp requests and replies, the following scheme
is used: the sequence number is replaced by an alias for the outgoing
packet and this sequence number, plus the id and remote address are
used to find the packet on the return path.
ICMP error messages are handled by looking at the IP fragment
in the data section of the message.
For TCP and UDP protocols, a port number is chosen for an outgoing
packet, and then incoming packets are identified by IP address and
port number. For TCP packets, there is additional logic in the event
that sequence and ack numbers have been altered (as is the case for
FTP data port commands).
The port numbers used by the packet aliasing module are not true
ports in the Unix sense. No sockets are actually bound to ports.
They are more correctly placeholders.
All packets are aliased, whether they come from the gateway machine
or other machines on a local area network.
*/
void
IcmpAliasIn1(pip)
struct ip *pip;
{
/*
Un-alias incoming echo and timestamp replies
*/
char *link;
struct icmp *ic;
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
/* Get source address from ICMP data field and restore original data */
link = FindIcmpIn(pip->ip_src, ic->icmp_id, ic->icmp_seq);
if (link != NULL_PTR)
{
u_short original_seq;
int accumulate;
original_seq = GetOriginalPort(link);
/* Adjust ICMP checksum */
accumulate = ic->icmp_cksum;
accumulate += ic->icmp_seq;
accumulate -= original_seq;
if (accumulate < 0)
{
accumulate = -accumulate;
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ic->icmp_cksum = (u_short) ~accumulate;
}
else
{
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ic->icmp_cksum = (u_short) accumulate;
}
/* Put original sequence number back in */
ic->icmp_seq = original_seq;
/* Put original address back into IP header */
pip->ip_dst = GetOriginalAddress(link);
/* Delete unneeded data structure */
DeleteLink(link);
}
}
void
IcmpAliasIn2(pip)
struct ip *pip;
{
/*
Alias incoming ICMP error messages containing
IP header and first 64 bits of datagram.
*/
struct ip *ip;
struct icmp *ic, *ic2;
struct udphdr *ud;
struct tcphdr *tc;
char *link;
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
ip = (struct ip *) ic->icmp_data;
ud = (struct udphdr *) ((char *) ip + (ip->ip_hl <<2));
tc = (struct tcphdr *) ud;
ic2 = (struct icmp *) ud;
if (ip->ip_p == IPPROTO_UDP)
link = FindUdpIn(ip->ip_dst, ud->uh_dport, ud->uh_sport);
else if (ip->ip_p == IPPROTO_TCP)
link = FindTcpIn(ip->ip_dst, tc->th_dport, tc->th_sport);
else if (ip->ip_p == IPPROTO_ICMP)
if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
link = FindIcmpIn(ip->ip_dst, ic2->icmp_id, ic2->icmp_seq);
else
link = NULL_PTR;
else
link = NULL_PTR;
if (link != NULL_PTR)
{
if (ip->ip_p == IPPROTO_UDP || ip->ip_p == IPPROTO_TCP)
{
u_short *sptr;
int accumulate;
struct in_addr original_address;
u_short original_port;
original_address = GetOriginalAddress(link);
original_port = GetOriginalPort(link);
/* Adjust ICMP checksum */
accumulate = ic->icmp_cksum;
sptr = (u_short *) &(ip->ip_src);
accumulate += *sptr++;
accumulate += *sptr;
sptr = (u_short *) &original_address;
accumulate -= *sptr++;
accumulate -= *sptr;
accumulate += ud->uh_sport;
accumulate -= original_port;
if (accumulate < 0)
{
accumulate = -accumulate;
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ic->icmp_cksum = (u_short) ~accumulate;
}
else
{
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ic->icmp_cksum = (u_short) accumulate;
}
/* Un-alias address in IP header */
pip->ip_dst = original_address;
/* Un-alias address and port number of original IP packet
fragment contained in ICMP data section */
ip->ip_src = original_address;
ud->uh_sport = original_port;
}
else if (pip->ip_p == IPPROTO_ICMP)
{
u_short *sptr;
int accumulate;
struct in_addr original_address;
u_short original_seq;
original_address = GetOriginalAddress(link);
original_seq = GetOriginalPort(link);
/* Adjust ICMP checksum */
accumulate = ic->icmp_cksum;
sptr = (u_short *) &(ip->ip_src);
accumulate += *sptr++;
accumulate += *sptr;
sptr = (u_short *) &original_address;
accumulate -= *sptr++;
accumulate -= *sptr;
accumulate += ic2->icmp_seq;
accumulate -= original_seq;
if (accumulate < 0)
{
accumulate = -accumulate;
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ic->icmp_cksum = (u_short) ~accumulate;
}
else
{
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ic->icmp_cksum = (u_short) accumulate;
}
/* Un-alias address in IP header */
pip->ip_dst = original_address;
/* Un-alias address of original IP packet and seqence number of
embedded icmp datagram */
ip->ip_src = original_address;
ic2->icmp_seq = original_seq;
}
}
}
void
IcmpAliasIn(pip)
struct ip *pip;
{
struct icmp *ic;
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
switch (ic->icmp_type)
{
case ICMP_ECHOREPLY:
case ICMP_TSTAMPREPLY:
if (ic->icmp_code == 0)
{
IcmpAliasIn1(pip);
}
break;
case ICMP_UNREACH:
case ICMP_SOURCEQUENCH:
case ICMP_TIMXCEED:
case ICMP_PARAMPROB:
IcmpAliasIn2(pip);
break;
}
}
void
IcmpAliasOut1(pip)
struct ip *pip;
{
/*
Alias ICMP echo and timestamp packets
*/
char *link;
struct icmp *ic;
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
/* Save overwritten data for when echo packet returns */
link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, ic->icmp_seq);
if (link != NULL_PTR)
{
u_short alias_seq;
int accumulate;
alias_seq = GetAliasPort(link);
/* Since data field is being modified, adjust ICMP checksum */
accumulate = ic->icmp_cksum;
accumulate += ic->icmp_seq;
accumulate -= alias_seq;
if (accumulate < 0)
{
accumulate = -accumulate;
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ic->icmp_cksum = (u_short) ~accumulate;
}
else
{
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ic->icmp_cksum = (u_short) accumulate;
}
/* Alias sequence number */
ic->icmp_seq = alias_seq;
/* Change source address */
pip->ip_src = GetAliasAddress();
}
}
void
IcmpAliasOut(pip)
struct ip *pip;
{
struct icmp *ic;
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
switch (ic->icmp_type)
{
case ICMP_ECHO:
case ICMP_TSTAMP:
if (ic->icmp_code == 0)
{
IcmpAliasOut1(pip);
}
break;
}
}
void
UdpAliasIn(pip)
struct ip *pip;
{
struct udphdr *ud;
char *link;
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindUdpIn(pip->ip_src, ud->uh_sport, ud->uh_dport);
if (link != NULL_PTR)
{
struct in_addr alias_address;
u_short alias_port;
int accumulate;
u_short *sptr;
alias_address = GetAliasAddress();
pip->ip_dst = GetOriginalAddress(link);
alias_port = ud->uh_dport;
ud->uh_dport = GetOriginalPort(link);
/* If UDP checksum is not zero, then adjust since destination port */
/* is being unaliased and destination port is being altered. */
if (ud->uh_sum != 0)
{
accumulate = ud->uh_sum;
accumulate += alias_port;
accumulate -= ud->uh_dport;
sptr = (u_short *) &alias_address;
accumulate += *sptr++;
accumulate += *sptr;
sptr = (u_short *) &(pip->ip_dst);
accumulate -= *sptr++;
accumulate -= *sptr;
if (accumulate < 0)
{
accumulate = -accumulate;
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ud->uh_sum = (u_short) ~accumulate;
}
else
{
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ud->uh_sum = (u_short) accumulate;
}
}
}
}
void
UdpAliasOut(pip)
struct ip *pip;
{
struct udphdr *ud;
char *link;
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindUdpOut(pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport);
if (link != NULL_PTR)
{
u_short alias_port;
alias_port = GetAliasPort(link);
/* If UDP checksum is not zero, adjust since source port is */
/* being aliased and source address is being altered */
if (ud->uh_sum != 0)
{
struct in_addr alias_address;
int accumulate;
u_short *sptr;
alias_address = GetAliasAddress();
accumulate = ud->uh_sum;
accumulate += ud->uh_sport;
accumulate -= alias_port;
sptr = (u_short *) &(pip->ip_src);
accumulate += *sptr++;
accumulate += *sptr;
sptr = (u_short *) &alias_address;
accumulate -= *sptr++;
accumulate -= *sptr;
if (accumulate < 0)
{
accumulate = -accumulate;
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ud->uh_sum = (u_short) ~accumulate;
}
else
{
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
ud->uh_sum = (u_short) accumulate;
}
}
/* Put alias port in TCP header */
ud->uh_sport = alias_port;
/* Change source address */
pip->ip_src = GetAliasAddress();
}
}
void
TcpAliasIn(pip)
struct ip *pip;
{
struct tcphdr *tc;
char *link;
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindTcpIn(pip->ip_src, tc->th_sport, tc->th_dport);
if (link != NULL_PTR)
{
struct in_addr alias_address;
u_short alias_port;
int accumulate;
u_short *sptr;
alias_address = GetAliasAddress();
pip->ip_dst = GetOriginalAddress(link);
alias_port = tc->th_dport;
tc->th_dport = GetOriginalPort(link);
/* Adjust TCP checksum since destination port is being unaliased */
/* and destination port is being altered. */
accumulate = tc->th_sum;
accumulate += alias_port;
accumulate -= tc->th_dport;
sptr = (u_short *) &alias_address;
accumulate += *sptr++;
accumulate += *sptr;
sptr = (u_short *) &(pip->ip_dst);
accumulate -= *sptr++;
accumulate -= *sptr;
/* See if ack number needs to be modified */
if (GetAckModified(link) == 1)
{
int delta;
delta = GetDeltaAckIn(pip, link);
if (delta != 0)
{
sptr = (u_short *) &tc->th_ack;
accumulate += *sptr++;
accumulate += *sptr;
tc->th_ack = htonl(ntohl(tc->th_ack) - delta);
sptr = (u_short *) &tc->th_ack;
accumulate -= *sptr++;
accumulate -= *sptr;
}
}
/* Finish checksum modification */
if (accumulate < 0)
{
accumulate = -accumulate;
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
tc->th_sum = (u_short) ~accumulate;
}
else
{
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
tc->th_sum = (u_short) accumulate;
}
/* Monitor TCP connection state */
TcpMonitorIn(pip, link);
}
}
void
TcpAliasOut(pip)
struct ip *pip;
{
struct tcphdr *tc;
char *link;
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindTcpOut(pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport);
if (link !=NULL_PTR)
{
struct in_addr alias_address;
u_short alias_port;
int accumulate;
u_short *sptr;
alias_address = GetAliasAddress();
alias_port = GetAliasPort(link);
/* Monitor tcp connection state */
TcpMonitorOut(pip, link);
/* Special processing for ftp connection */
if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER
|| ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER)
HandleFtpOut(pip, link);
/* Adjust TCP checksum since source port is being aliased */
/* and source address is being altered */
accumulate = tc->th_sum;
accumulate += tc->th_sport;
accumulate -= alias_port;
sptr = (u_short *) &(pip->ip_src);
accumulate += *sptr++;
accumulate += *sptr;
sptr = (u_short *) &alias_address;
accumulate -= *sptr++;
accumulate -= *sptr;
/* Modify sequence number if necessary */
if (GetAckModified(link) == 1)
{
int delta;
delta = GetDeltaSeqOut(pip, link);
if (delta != 0)
{
sptr = (u_short *) &tc->th_seq;
accumulate += *sptr++;
accumulate += *sptr;
tc->th_seq = htonl(ntohl(tc->th_seq) + delta);
sptr = (u_short *) &tc->th_seq;
accumulate -= *sptr++;
accumulate -= *sptr;
}
}
/* Finish up checksum calculation */
if (accumulate < 0)
{
accumulate = -accumulate;
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
tc->th_sum = (u_short) ~accumulate;
}
else
{
accumulate = (accumulate >> 16) + (accumulate & 0xffff);
accumulate += accumulate >> 16;
tc->th_sum = (u_short) accumulate;
}
/* Put alias address in TCP header */
tc->th_sport = alias_port;
/* Change source address */
pip->ip_src = GetAliasAddress();
}
}
/* Fragment Handling
FragmentIn()
FragmentOut()
The packet aliasing module has a limited ability for handling IP
fragments. If the ICMP, TCP or UDP header is in the first fragment
received, then the id number of the IP packet is saved, and other
fragments are identified according to their ID number and IP address
they were sent from.
In general, fragments seem few and far between these days. One way
to generate them is with a ping request specifying a large data segment.
This is how the software here was tested.
In principle, out-of-order IP fragments could also be handled by saving
fragments until the header fragment came in and then sending them on
their way. However, this violates a basic interface rule of the
aliasing module in which individual packets are sent for remapping,
and nothing is actually known about how to write these packets to a
device interface.
*/
void
FragmentIn(pip)
struct ip *pip;
{
char *link;
link = FindFragmentIn2(pip->ip_src);
if (link != NULL_PTR)
GetFragmentAddr(link, pip->ip_id, pip->ip_p, &(pip->ip_dst) );
}
void
FragmentOut(pip)
struct ip *pip;
{
pip->ip_src = GetAliasAddress();
}
/* Outside World Access
PacketAliasIn()
PacketAliasOut()
*/
void
PacketAliasIn(pip)
struct ip *pip;
{
int checksum_ok;
/* Verify initial checksum */
if (IpChecksum(pip) == 0)
checksum_ok = 1;
else
checksum_ok = 0;
if ( (ntohs(pip->ip_off) & IP_OFFMASK) == 0 )
{
switch (pip->ip_p)
{
case IPPROTO_ICMP:
IcmpAliasIn(pip);
break;
case IPPROTO_UDP:
UdpAliasIn(pip);
break;
case IPPROTO_TCP:
TcpAliasIn(pip);
break;
}
if (ntohs(pip->ip_off) & IP_MF)
{
char *link;
link = FindFragmentIn1(pip->ip_src);
if (link != NULL_PTR)
SetFragmentData(link, pip->ip_id, pip->ip_p, pip->ip_dst);
}
}
else
{
FragmentIn(pip);
}
/* adjust IP checksum, if original is correct */
if (checksum_ok == 1)
{
pip->ip_sum = 0;
pip->ip_sum = IpChecksum(pip);
}
}
void
PacketAliasOut(pip)
struct ip *pip;
{
int checksum_ok;
if (IpChecksum(pip) == 0)
checksum_ok = 1;
else
checksum_ok = 0;
if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0)
{
switch (pip->ip_p)
{
case IPPROTO_ICMP:
IcmpAliasOut(pip);
break;
case IPPROTO_UDP:
UdpAliasOut(pip);
break;
case IPPROTO_TCP:
TcpAliasOut(pip);
break;
}
}
else
{
FragmentOut(pip);
}
/* Adjust IP checksum, if original is correct */
if (checksum_ok == 1)
{
pip->ip_sum = 0;
pip->ip_sum = IpChecksum(pip);
}
}

21
usr.sbin/ppp/alias.h
View File

@ -1,21 +0,0 @@
/*
Alias.h defines the outside world interfaces for the packet
aliasing software.
This software is placed into the public domain with no restrictions
on its distribution.
Initial version: August, 1996 (cjm)
*/
#ifndef _ALIAS_H_
#define _ALIAS_H_
extern void PacketAliasIn __P((struct ip *));
extern void PacketAliasOut __P((struct ip *));
extern void SetAliasAddress __P((struct in_addr));
extern void InitAlias();
extern void InitAliasLog();
#endif

94
usr.sbin/ppp/alias.p
View File

@ -1,94 +0,0 @@
/*
Alias.p contains the function prototypes for alias.c, alias_db.c,
alias_util.c and alias_ftp.c (as well as any future add-ons). It
is intended to be used only within the aliasing software. Outside
world interfaces are defined in alias.h
This software is placed into the public domain with no restrictions
on its distribution.
Initial version: August, 1996 (cjm)
*/
#define NULL_PTR 0
/* General utilities */
u_short InternetChecksum(u_short *, int);
u_short IpChecksum(struct ip *);
u_short TcpChecksum(struct ip *);
/* Data access utilities */
int StartPoint(struct in_addr, u_short, int);
u_short GetNewPort();
int SeqDiff(u_long, u_long);
void ShowAliasStats();
/* Internal data access */
void CleanupAliasData();
void IncrementalCleanup();
char * FindLink1(struct in_addr, struct in_addr, u_short, u_short, int);
char * FindLink2(struct in_addr, u_short, u_short, int);
void DeleteLink(char *);
char * AddLink(struct in_addr, struct in_addr, u_short, u_short,
u_short, int);
/* External data search */
char * FindIcmpIn(struct in_addr, u_short, u_short);
char * FindIcmpOut(struct in_addr, struct in_addr, u_short, u_short);
char * FindFragmentIn1(struct in_addr);
char * FindFragmentIn2(struct in_addr);
char * FindUdpIn(struct in_addr, u_short, u_short);
char * FindUdpOut(struct in_addr, struct in_addr, u_short, u_short);
char * FindTcpIn(struct in_addr, u_short, u_short);
char * FindTcpOut(struct in_addr, struct in_addr, u_short, u_short);
/* External data access/modification */
void GetIcmpData(char *, u_short, u_short, u_long *);
void SetIcmpData(char *, u_short, u_short, u_long);
void GetFragmentAddr(char *, u_short, u_char, struct in_addr *);
void SetFragmentData(char *, u_short, u_char, struct in_addr);
void SetStateIn(char *, int);
void SetStateOut(char *, int);
int GetStateIn(char *);
int GetStateOut(char *);
struct in_addr GetOriginalAddress(char *);
struct in_addr GetDestAddress(char *);
struct in_addr GetAliasAddress();
u_short GetOriginalPort(char *);
u_short GetDestPort(char *);
u_short GetAliasPort(char *);
void SetAckModified(char *);
int GetAckModified(char *);
int GetDeltaAckIn(struct ip *, char *);
int GetDeltaSeqOut(struct ip *, char *);
void AddSeq(struct ip *, char *, int);
/* Tcp specfic routines */
void TcpMonitorIn(struct ip *, char *);
void TcpMonitorOut(struct ip *, char *);
void HandleFtpOut(struct ip *, char *);
void NewFtpPortCommand(struct ip *, char *, struct in_addr, u_short);
/* Protocal specific packet aliasing routines */
void IcmpAliasIn1(struct ip *);
void IcmpAliasIn2(struct ip *);
void IcmpAliasIn(struct ip *);
void IcmpAliasOut(struct ip *);
void IcmpAliasOut1(struct ip *);
void UdpAliasIn(struct ip *);
void UdpAliasOut(struct ip *);
void TcpAliasIn(struct ip *);
void TcpAliasOut(struct ip *);
/* Fragment handling */
void FragmentIn(struct ip *);
void FragmentOut(struct ip *);
/* Outside world interfaces */
void PacketAliasIn(struct ip *);
void PacketAliasOut(struct ip *);
void SetAliasAddress(struct in_addr);
void InitAlias();
void InitAliasLog();

1146
usr.sbin/ppp/alias_db.c
View File

File diff suppressed because it is too large Load Diff

198
usr.sbin/ppp/alias_ftp.c
View File

@ -1,198 +0,0 @@
/*
Alias_ftp.c performs special processing for FTP sessions under
TCP. Specifically, when a PORT command from the client side
is sent, it is intercepted and modified. The address is changed
to the gateway machine and an aliasing port is used.
For this routine to work, the PORT command must fit entirely
into a single TCP packet. This is typically the case, but exceptions
can easily be envisioned under the actual specifications.
Probably the most troubling aspect of the approach taken here is
that the new PORT command will typically be a different length, and
this causes a certain amount of bookkeeping to keep track of the
changes of sequence and acknowledgment numbers, since the client
machine is totally unaware of the modification to the TCP stream.
This software is placed into the public domain with no restrictions
on its distribution.
Initial version: August, 1996 (cjm)
*/
/* Includes */
#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
/* Constants */
#define FTP_DATA_PORT_NUMBER 20
/* Prototypes */
#include "alias.p"
void
HandleFtpOut(pip, link)
struct ip *pip;
char *link;
{
int hlen, tlen, dlen;
struct in_addr true_addr;
u_short true_port;
char *sptr;
struct tcphdr *tc;
/* Calculate data length of TCP packet */
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
hlen = (pip->ip_hl + tc->th_off) << 2;
tlen = ntohs(pip->ip_len);
dlen = tlen - hlen;
/* Return is data length is too long or too short */
if (dlen<10 || dlen>80)
return;
/* Place string pointer and beginning of data */
sptr = (char *) pip;
sptr += hlen;
/* Parse through string using state diagram method */
{
char ch, zero;
int i, state;
u_long a1, a2, a3, a4;
u_short p1, p2;
a1=0; a2=0; a3=0; a4=0; p1=0; p2=0;
zero = '0';
state=-4;
for (i=0; i<dlen; i++)
{
ch = sptr[i];
switch (state)
{
case -4: if (ch == 'P') state=-3; else return; break;
case -3: if (ch == 'O') state=-2; else return; break;
case -2: if (ch == 'R') state=-1; else return; break;
case -1: if (ch == 'T') state= 0; else return; break;
case 0 :
if (isdigit(ch)) {a1=ch-zero; state=1 ;} break;
case 1 :
if (isdigit(ch)) a1=10*a1+ch-zero; else state=2 ; break;
case 2 :
if (isdigit(ch)) {a2=ch-zero; state=3 ;} break;
case 3 :
if (isdigit(ch)) a2=10*a2+ch-zero; else state=4 ; break;
case 4 :
if (isdigit(ch)) {a3=ch-zero; state=5 ;} break;
case 5 :
if (isdigit(ch)) a3=10*a3+ch-zero; else state=6 ; break;
case 6 :
if (isdigit(ch)) {a4=ch-zero; state=7 ;} break;
case 7 :
if (isdigit(ch)) a4=10*a4+ch-zero; else state=8 ; break;
case 8 :
if (isdigit(ch)) {p1=ch-zero; state=9 ;} break;
case 9 :
if (isdigit(ch)) p1=10*p1+ch-zero; else state=10; break;
case 10:
if (isdigit(ch)) {p2=ch-zero; state=11;} break;
case 11:
if (isdigit(ch)) p2=10*p2+ch-zero; break;
}
}
if (state == 11)
{
true_port = htons((p1<<8) + p2);
true_addr.s_addr = htonl((a1<<24) + (a2<<16) +(a3<<8) + a4);
NewFtpPortCommand(pip, link, true_addr, true_port);
}
}
}
void
NewFtpPortCommand(pip, link, true_addr, true_port)
struct ip *pip;
char *link;
struct in_addr true_addr;
u_short true_port;
{
char *ftp_link;
/* Establish link to address and port found in PORT command */
ftp_link = FindTcpOut (true_addr,
GetDestAddress(link),
true_port,
htons(FTP_DATA_PORT_NUMBER));
if (ftp_link != NULL_PTR)
{
int slen, hlen, tlen, dlen;
struct tcphdr *tc;
/* Calculate data length of TCP packet */
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
hlen = (pip->ip_hl + tc->th_off) << 2;
tlen = ntohs(pip->ip_len);
dlen = tlen - hlen;
/* Create new PORT command */
{
char stemp[80];
char *sptr;
u_short alias_port;
u_char *ptr;
int a1, a2, a3, a4, p1, p2;
struct in_addr aliasAddress;
/* Decompose alias address into quad format */
aliasAddress = GetAliasAddress();
ptr = (char *) &aliasAddress;
a1 = *ptr++; a2=*ptr++; a3=*ptr++; a4=*ptr;
/* Decompose alias port into pair format */
alias_port = GetAliasPort(ftp_link);
ptr = (char *) &alias_port;
p1 = *ptr++; p2=*ptr;
/* Generate command string */
snprintf(stemp, sizeof(stemp), "PORT %d,%d,%d,%d,%d,%d\r\n",
a1,a2,a3,a4,p1,p2);
/* Save string length for IP header modification */
slen = strlen(stemp);
/* Copy into IP packet */
sptr = (char *) pip; sptr += hlen;
strcpy(sptr, stemp);
}
/* Save information regarding modified seq and ack numbers */
{
int delta;
SetAckModified(link);
delta = GetDeltaSeqOut(pip, link);
AddSeq(pip, link, delta+slen-dlen);
pip->ip_len = ntohs(hlen + slen);
}
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
tc->th_sum = TcpChecksum(pip);
}
else
{
fprintf(stderr,
"PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");
}
}

104
usr.sbin/ppp/alias_util.c
View File

@ -1,104 +0,0 @@
/*
Alias_util.h contains general utilities used by other functions
in the packet aliasing module. At the moment, there are functions
for computing IP header and TCP packet checksums.
The checksum routines are based upon example code in a Unix networking
text written by Stevens (sorry, I can't remember the title -- but
at least this is a good author).
Initial Version: August, 1996 (cjm)
*/
/*
Note: the checksum routines assume that the actual checksum word has
been zeroed out. If the checksum workd is filled with the proper value,
then these routines will give a result of zero (useful for testing
purposes);
*/
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
u_short
InternetChecksum(ptr, nbytes)
u_short *ptr;
int nbytes;
{
int sum, oddbyte;
sum = 0;
while (nbytes > 1)
{
sum += *ptr++;
nbytes -= 2;
}
if (nbytes == 1)
{
oddbyte = 0;
*((u_char *) &oddbyte) = *(u_char *) ptr;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return(~sum);
}
u_short
IpChecksum(pip)
struct ip *pip;
{
return( InternetChecksum((u_short *) pip, (pip->ip_hl << 2)) );
}
u_short
TcpChecksum(pip)
struct ip *pip;
{
u_short *ptr;
struct tcphdr *tc;
int nhdr, ntcp, nbytes;
int sum, oddbyte;
nhdr = pip->ip_hl << 2;
ntcp = ntohs(pip->ip_len) - nhdr;
tc = (struct tcphdr *) ((char *) pip + nhdr);
ptr = (u_short *) tc;
/* Add up TCP header and data */
nbytes = ntcp;
sum = 0;
while (nbytes > 1)
{
sum += *ptr++;
nbytes -= 2;
}
if (nbytes == 1)
{
oddbyte = 0;
*((u_char *) &oddbyte) = *(u_char *) ptr;
sum += oddbyte;
}
/* "Pseudo-header" data */
ptr = (u_short *) &(pip->ip_dst);
sum += *ptr++;
sum += *ptr;
ptr = (u_short *) &(pip->ip_src);
sum += *ptr++;
sum += *ptr;
sum += htons((u_short) ntcp);
sum += htons((u_short) pip->ip_p);
/* Roll over carry bits */
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
/* Return checksum */
return((u_short) ~sum);
}

103
usr.sbin/ppp/command.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: command.c,v 1.46 1997/05/14 01:18:50 brian Exp $
* $Id: command.c,v 1.47 1997/05/19 01:59:59 brian Exp $
*
*/
#include <sys/types.h>
@ -25,6 +25,13 @@
#include <termios.h>
#include <sys/wait.h>
#include <time.h>
#include <netdb.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <net/route.h>
#include <paths.h>
#include <alias.h>
#include "fsm.h"
#include "phase.h"
#include "lcp.h"
@ -32,21 +39,18 @@
#include "modem.h"
#include "filter.h"
#include "command.h"
#include "alias_cmd.h"
#include "hdlc.h"
#include "vars.h"
#include "systems.h"
#include "chat.h"
#include <netdb.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <net/route.h>
#include "os.h"
#include <paths.h>
#include "chat.h"
extern void Cleanup(), TtyTermMode(), PacketMode();
extern int EnableCommand(), DisableCommand(), DisplayCommand();
extern int AcceptCommand(), DenyCommand();
static int AliasCommand();
extern int LocalAuthCommand();
extern int LoadCommand(), SaveCommand();
extern int ChangeParity(char *);
@ -283,6 +287,8 @@ struct cmdtab const Commands[] = {
"Show status and statictics", "var"},
{ "term", NULL, TerminalCommand,LOCAL_AUTH,
"Enter to terminal mode", StrNull},
{ "alias", NULL, AliasCommand, LOCAL_AUTH,
"alias control", "option [yes|no]"},
{ "quit", "bye", QuitCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
"Quit PPP program", "[all]"},
{ "help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
@ -1208,3 +1214,88 @@ char **argv;
return(1);
}
static int AliasEnable();
static int AliasOption();
static struct cmdtab const AliasCommands[] =
{
{ "enable", NULL, AliasEnable, LOCAL_AUTH,
"enable IP aliasing", "[yes|no]"},
{ "port", NULL, AliasRedirectPort, LOCAL_AUTH,
"port redirection", "[proto addr_local:port_local port_alias]"},
{ "addr", NULL, AliasRedirectAddr, LOCAL_AUTH,
"static address translation", "[addr_local addr_alias]"},
{ "deny_incoming", NULL, AliasOption, LOCAL_AUTH,
"stop incoming connections", "[yes|no]",
(void*)PKT_ALIAS_DENY_INCOMING},
{ "log", NULL, AliasOption, LOCAL_AUTH,
"log aliasing link creation", "[yes|no]",
(void*)PKT_ALIAS_LOG},
{ "same_ports", NULL, AliasOption, LOCAL_AUTH,
"try to leave port numbers unchanged", "[yes|no]",
(void*)PKT_ALIAS_SAME_PORTS},
{ "use_sockets", NULL, AliasOption, LOCAL_AUTH,
"allocate host sockets", "[yes|no]",
(void*)PKT_ALIAS_USE_SOCKETS },
{ "unregistered_only", NULL, AliasOption, LOCAL_AUTH,
"alias unregistered (private) IP address space only", "[yes|no]",
(void*)PKT_ALIAS_UNREGISTERED_ONLY},
{ "help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
"Display this message", StrNull,
(void *)AliasCommands},
{ NULL, NULL, NULL },
};
static int
AliasCommand(list, argc, argv)
struct cmdtab *list;
int argc;
char **argv;
{
int val = 1;
if (argc > 0)
val = FindExec(AliasCommands, argc, argv);
else
printf("Use `alias help' to get a list or `alias help <option>' for syntax h
elp.\n");
return(val);
}
static int
AliasEnable(list, argc, argv)
struct cmdtab *list;
int argc;
char **argv;
{
if (argc == 1 && strcmp(argv[0], "yes") == 0) {
mode |= MODE_ALIAS;
} else if (argc == 1 && strcmp(argv[0], "no") == 0) {
mode &= ~MODE_ALIAS;
} else {
printf("Usage: alias %s %s\n", list->name, list->syntax);
}
return(1);
}
static int
AliasOption(list, argc, argv, param)
struct cmdtab *list;
int argc;
char **argv;
void* param;
{
if (argc == 1 && strcmp(argv[0], "yes") == 0) {
SetPacketAliasMode((unsigned)param, (unsigned)param);
} else if (argc == 1 && strcmp(argv[0], "no") == 0) {
SetPacketAliasMode(0, (unsigned)param);
} else {
printf("Usage: alias %s %s\n", list->name, list->syntax);
}
return(1);
}

78
usr.sbin/ppp/ip.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: ip.c,v 1.16 1997/05/10 01:22:11 brian Exp $
* $Id: ip.c,v 1.17 1997/05/19 02:00:00 brian Exp $
*
* TODO:
* o Return ICMP message for filterd packet
@ -32,9 +32,9 @@
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <alias.h>
#include "vars.h"
#include "filter.h"
#include "alias.h"
extern void SendPppFrame();
extern void LcpClose();
@ -334,22 +334,68 @@ struct mbuf *bp; /* IN: Pointer to IP pakcet */
}
if (mode & MODE_ALIAS) {
PacketAliasIn((struct ip *)tunbuff);
nb = ntohs(((struct ip *)tunbuff)->ip_len);
}
int iresult;
char *fptr;
if ( PacketCheck(tunbuff, nb, FL_IN ) < 0) {
pfree(bp);
return;
}
iresult = PacketAliasIn(tunbuff, sizeof tunbuff);
nb = ntohs(((struct ip *) tunbuff)->ip_len);
ipInOctets += nb;
/*
* Pass it to tunnel device
*/
nw = write(tun_out, tunbuff, nb);
if (nw != nb)
fprintf(stderr, "wrote %d, got %d\r\n", nb, nw);
if (nb > MAX_MRU) {
fprintf(stderr, "Problem with IP header length\n");
pfree(bp);
return;
}
if (iresult == PKT_ALIAS_OK
|| iresult == PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
if ( PacketCheck(tunbuff, nb, FL_IN ) < 0) {
pfree(bp);
return;
}
ipInOctets += nb;
nb = ntohs(((struct ip *) tunbuff)->ip_len);
nw = write(tun_out, tunbuff, nb);
if (nw != nb)
fprintf(stderr, "wrote %d, got %d\r\n", nb, nw);
if (iresult == PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
while ((fptr = GetNextFragmentPtr(tunbuff)) != NULL) {
FragmentAliasIn(tunbuff, fptr);
nb = ntohs(((struct ip *) fptr)->ip_len);
nw = write(tun_out, fptr, nb);
if (nw != nb)
fprintf(stderr, "wrote %d, got %d\r\n", nb, nw);
free(fptr);
}
}
}
else if (iresult == PKT_ALIAS_UNRESOLVED_FRAGMENT) {
nb = ntohs(((struct ip *) tunbuff)->ip_len);
fptr = malloc(nb);
if (fptr == NULL) {
fprintf(stderr, "Cannot allocate memory for fragment\n");
}
else {
memcpy(fptr, tunbuff, nb);
SaveFragmentPtr(fptr);
}
}
}
else
{ /* no aliasing */
if ( PacketCheck(tunbuff, nb, FL_IN ) < 0)
{
pfree(bp);
return;
}
ipInOctets += nb;
nw = write(tun_out, tunbuff, nb);
if (nw != nb)
fprintf(stderr, "wrote %d, got %d\r\n", nb, nw);
}
pfree(bp);
RestartIdleTimer();

6
usr.sbin/ppp/ipcp.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: ipcp.c,v 1.16 1997/05/10 23:46:29 ache Exp $
* $Id: ipcp.c,v 1.17 1997/05/19 02:00:02 brian Exp $
*
* TODO:
* o More RFC1772 backwoard compatibility
@ -31,11 +31,11 @@
#include <netinet/ip.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <alias.h>
#include "slcompress.h"
#include "os.h"
#include "phase.h"
#include "vars.h"
#include "alias.h"
extern void PutConfValue();
extern void Prompt();
@ -282,7 +282,7 @@ struct fsm *fp;
IpcpStartReport();
StartIdleTimer();
if (mode & MODE_ALIAS)
SetAliasAddress(IpcpInfo.want_ipaddr);
SetPacketAliasAddress(IpcpInfo.want_ipaddr);
}
void

10
usr.sbin/ppp/main.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: main.c,v 1.52 1997/05/19 02:00:06 brian Exp $
* $Id: main.c,v 1.53 1997/05/19 03:02:36 brian Exp $
*
* TODO:
* o Add commands for traffic summary, version display, etc.
@ -37,6 +37,7 @@
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <alias.h>
#include "modem.h"
#include "os.h"
#include "hdlc.h"
@ -48,7 +49,6 @@
#include "filter.h"
#include "systems.h"
#include "ip.h"
#include "alias.h"
#include "sig.h"
#define LAUTH_M1 "Warning: No password entry for this host in ppp.secret\n"
@ -330,7 +330,7 @@ char **argv;
Greetings();
GetUid();
IpcpDefAddress();
InitAlias();
InitPacketAlias();
if (SelectSystem("default", CONFFILE) < 0) {
fprintf(stderr, "Warning: No default entry is given in config file.\n");
@ -1022,7 +1022,7 @@ DoLoop()
pri = PacketCheck(rbuff, n, FL_DIAL);
if (pri >= 0) {
if (mode & MODE_ALIAS) {
PacketAliasOut((struct ip *)rbuff);
PacketAliasOut(rbuff, sizeof rbuff);
n = ntohs(((struct ip *)rbuff)->ip_len);
}
IpEnqueue(pri, rbuff, n);
@ -1033,7 +1033,7 @@ DoLoop()
pri = PacketCheck(rbuff, n, FL_OUT);
if (pri >= 0) {
if (mode & MODE_ALIAS) {
PacketAliasOut((struct ip *)rbuff);
PacketAliasOut(rbuff, sizeof rbuff);
n = ntohs(((struct ip *)rbuff)->ip_len);
}
IpEnqueue(pri, rbuff, n);