Date: Wed, 12 Dec 2001 17:55:41 -0600 From: "Jim Fleming" <jfleming@anet.com> To: <freebsd-net@freebsd.org> Subject: Fw: RIFRAF Routing Changes for FreeBSD Message-ID: <014e01c18368$825c2980$1000a8c0@Unir.com>
next in thread | raw e-mail | index | archive | help
RIFRAF Routing RIFRAF (Remote Identification Field Random Action Filter) Routing is part of a phased approach to evolving from 32-bit IPv4 Internet Addressing to larger address spaces. The RIFRAF feature in an IP stack, allows for remote access control of the left-most 8-bits of the normally 16-bit IPv4 Identification Field. The feature is part of the IPv8 PeaceKeeper/GateKeeper series. The feature allows a PeaceKeeper for a /16 prefix to remotely set StarGate values in a marking engine via simple ICMP+ extensions via the TOS field. The 4-bit StarGate values are rotated through an 8-bit field which is used in a 50/50 coin-toss marking process as packets are processed with the /16 prefix. Source and Destination StarGate marking is distinct, and all 65,536 /16 prefixes have two choices for the source addresses and two choices for destination addresses. The random marking can be prevented by loading both StarGate values to be the same. The GateKeeper can be restored to legacy Identification Field marking by the PeaceKeeper. Packets marked via RIFRAF can be further routed or queued based on the marks which effectively add 4 bits to the 32-bit IPv4 legacy addresses. All of the packets pass transparently through legacy IPv4 equipment with no change. For legacy equipment not prepared to handle the markings, it appears as the left 8-bits of the Identification Field. For each of the 256 marking values, an independent counter is maintained for the right-most 8-bits of the Identification Field. There is no API required or other user-level tools. Most modern "ping" programs can be used to set the bits. RIFRAF can exist silently inside of the stack and be totally controlled remotely via existing connection(s) to the IPv4 private Intranets or the IPv4 Global Public Internet. Spoofing of the PeaceKeeper is possible and the real PeaceKeeper will receive the return reply, at which point the PeaceKeeper can restore the desired values. When RIFRAF is used in conjunction with other routing devices and on an IPv16 network, these problems can be minimized. RIFRAF is mostly intended for use in extending the addressing of leaf-nodes, which generally are protected behind fire-walls and NAT devices, but can also be used on the IPv4 Global Public Internet to increase the addressing used by edge devices on /16 networks. > This may help... > http://www.dot-biz.com/IPv4/Tutorial/ > http://www.RepliGate.net > > The Netfilter Project: Packet Mangling for Linux 2.4 > http://netfilter.samba.org > > Jim Fleming > http://www.IPv8.info > IPv16....One Better !! > > ----- Original Message ----- > From: "Charlie Root" <root@IPv8.UNIR.COM> > To: <jfleming@anet.com> > Sent: Wednesday, December 12, 2001 4:45 AM > > > > diff -c -r /unir/sys/netinet/ip.h netinet/ip.h > > *** /unir/sys/netinet/ip.h Wed Dec 22 19:13:20 1999 > > --- netinet/ip.h Tue Dec 11 13:59:38 2001 > > *************** > > *** 43,48 **** > > --- 43,53 ---- > > */ > > #define IPVERSION 4 > > > > + #define IPXX_V4 4 > > + #define IPXX_V5 5 > > + #define IPXX_V7 7 > > + #define IPXX_V8 8 > > + > > /* > > * Structure of an internet header, naked of options. > > */ > > *************** > > *** 61,73 **** > > #endif /* not _IP_VHL */ > > u_char ip_tos; /* type of service */ > > u_short ip_len; /* total length */ > > ! u_short ip_id; /* identification */ > > u_short ip_off; /* fragment offset field */ > > #define IP_RF 0x8000 /* reserved fragment flag */ > > #define IP_DF 0x4000 /* dont fragment flag */ > > #define IP_MF 0x2000 /* more fragments flag */ > > #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ > > u_char ip_ttl; /* time to live */ > > u_char ip_p; /* protocol */ > > u_short ip_sum; /* checksum */ > > struct in_addr ip_src,ip_dst; /* source and dest address */ > > --- 66,89 ---- > > #endif /* not _IP_VHL */ > > u_char ip_tos; /* type of service */ > > u_short ip_len; /* total length */ > > ! #define IPXX_UNIRVERSE_DEFAULT 0 /* Default IPv8 UnirVerse Value */ > > ! u_char ip_gate; /* UnirVerse/StarGate */ > > ! u_char ip_id; /* identification */ > > u_short ip_off; /* fragment offset field */ > > + #define IPXX_FLAG 0x8000 /* IPvXX flag */ > > #define IP_RF 0x8000 /* reserved fragment flag */ > > #define IP_DF 0x4000 /* dont fragment flag */ > > #define IP_MF 0x2000 /* more fragments flag */ > > #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ > > u_char ip_ttl; /* time to live */ > > + #define IPXX_GALAXY 033 /* IPv8 Galaxy Value for 3:219 .INFO */ > > + #define IPXX_P_MASK 0x3F > > + #define IPXX_ICMP_VAL 1 > > + #define IPXX_ICMP_FLAG 0x40 > > + #define IPXX_TCP_VAL 6 > > + #define IPXX_TCP_FLAG 0x80 > > + #define IPXX_UDP_VAL 16 > > + #define IPXX_UDP_FLAG 0xC0 > > u_char ip_p; /* protocol */ > > u_short ip_sum; /* checksum */ > > struct in_addr ip_src,ip_dst; /* source and dest address */ > > diff -c -r /unir/sys/netinet/ip_icmp.c netinet/ip_icmp.c > > *** /unir/sys/netinet/ip_icmp.c Tue Jul 3 11:01:46 2001 > > --- netinet/ip_icmp.c Tue Dec 11 14:00:00 2001 > > *************** > > *** 121,132 **** > > #endif > > > > static void icmp_reflect __P((struct mbuf *)); > > ! static void icmp_send __P((struct mbuf *, struct mbuf *)); > > static int ip_next_mtu __P((int, int)); > > > > extern struct protosw inetsw[]; > > > > /* > > * Generate an error packet of type error > > * in response to bad packet ip. > > */ > > --- 121,396 ---- > > #endif > > > > static void icmp_reflect __P((struct mbuf *)); > > ! static void icmp_send __P((struct mbuf *, struct mbuf *, int)); > > static int ip_next_mtu __P((int, int)); > > > > extern struct protosw inetsw[]; > > > > /* > > + * Table used to reverse the 4-bit source and destination values > > + * in the 8-bit TOS field. > > + */ > > + > > + unsigned char reverse_nibbles[256] = { > > + /*00*/ 0x00, > > + /*01*/ 0x10, > > + /*02*/ 0x20, > > + /*03*/ 0x30, > > + /*04*/ 0x40, > > + /*05*/ 0x50, > > + /*06*/ 0x60, > > + /*07*/ 0x70, > > + /*08*/ 0x80, > > + /*09*/ 0x90, > > + /*0a*/ 0xa0, > > + /*0b*/ 0xb0, > > + /*0c*/ 0xc0, > > + /*0d*/ 0xd0, > > + /*0e*/ 0xe0, > > + /*0f*/ 0xf0, > > + /*10*/ 0x01, > > + /*11*/ 0x11, > > + /*12*/ 0x21, > > + /*13*/ 0x31, > > + /*14*/ 0x41, > > + /*15*/ 0x51, > > + /*16*/ 0x61, > > + /*17*/ 0x71, > > + /*18*/ 0x81, > > + /*19*/ 0x91, > > + /*1a*/ 0xa1, > > + /*1b*/ 0xb1, > > + /*1c*/ 0xc1, > > + /*1d*/ 0xd1, > > + /*1e*/ 0xe1, > > + /*1f*/ 0xf1, > > + /*20*/ 0x02, > > + /*21*/ 0x12, > > + /*22*/ 0x22, > > + /*23*/ 0x32, > > + /*24*/ 0x42, > > + /*25*/ 0x52, > > + /*26*/ 0x62, > > + /*27*/ 0x72, > > + /*28*/ 0x82, > > + /*29*/ 0x92, > > + /*2a*/ 0xa2, > > + /*2b*/ 0xb2, > > + /*2c*/ 0xc2, > > + /*2d*/ 0xd2, > > + /*2e*/ 0xe2, > > + /*2f*/ 0xf2, > > + /*30*/ 0x03, > > + /*31*/ 0x13, > > + /*32*/ 0x23, > > + /*33*/ 0x33, > > + /*34*/ 0x43, > > + /*35*/ 0x53, > > + /*36*/ 0x63, > > + /*37*/ 0x73, > > + /*38*/ 0x83, > > + /*39*/ 0x93, > > + /*3a*/ 0xa3, > > + /*3b*/ 0xb3, > > + /*3c*/ 0xc3, > > + /*3d*/ 0xd3, > > + /*3e*/ 0xe3, > > + /*3f*/ 0xf3, > > + /*40*/ 0x04, > > + /*41*/ 0x14, > > + /*42*/ 0x24, > > + /*43*/ 0x34, > > + /*44*/ 0x44, > > + /*45*/ 0x54, > > + /*46*/ 0x64, > > + /*47*/ 0x74, > > + /*48*/ 0x84, > > + /*49*/ 0x94, > > + /*4a*/ 0xa4, > > + /*4b*/ 0xb4, > > + /*4c*/ 0xc4, > > + /*4d*/ 0xd4, > > + /*4e*/ 0xe4, > > + /*4f*/ 0xf4, > > + /*50*/ 0x05, > > + /*51*/ 0x15, > > + /*52*/ 0x25, > > + /*53*/ 0x35, > > + /*54*/ 0x45, > > + /*55*/ 0x55, > > + /*56*/ 0x65, > > + /*57*/ 0x75, > > + /*58*/ 0x85, > > + /*59*/ 0x95, > > + /*5a*/ 0xa5, > > + /*5b*/ 0xb5, > > + /*5c*/ 0xc5, > > + /*5d*/ 0xd5, > > + /*5e*/ 0xe5, > > + /*5f*/ 0xf5, > > + /*60*/ 0x06, > > + /*61*/ 0x16, > > + /*62*/ 0x26, > > + /*63*/ 0x36, > > + /*64*/ 0x46, > > + /*65*/ 0x56, > > + /*66*/ 0x66, > > + /*67*/ 0x76, > > + /*68*/ 0x86, > > + /*69*/ 0x96, > > + /*6a*/ 0xa6, > > + /*6b*/ 0xb6, > > + /*6c*/ 0xc6, > > + /*6d*/ 0xd6, > > + /*6e*/ 0xe6, > > + /*6f*/ 0xf6, > > + /*70*/ 0x07, > > + /*71*/ 0x17, > > + /*72*/ 0x27, > > + /*73*/ 0x37, > > + /*74*/ 0x47, > > + /*75*/ 0x57, > > + /*76*/ 0x67, > > + /*77*/ 0x77, > > + /*78*/ 0x87, > > + /*79*/ 0x97, > > + /*7a*/ 0xa7, > > + /*7b*/ 0xb7, > > + /*7c*/ 0xc7, > > + /*7d*/ 0xd7, > > + /*7e*/ 0xe7, > > + /*7f*/ 0xf7, > > + /*80*/ 0x08, > > + /*81*/ 0x18, > > + /*82*/ 0x28, > > + /*83*/ 0x38, > > + /*84*/ 0x48, > > + /*85*/ 0x58, > > + /*86*/ 0x68, > > + /*87*/ 0x78, > > + /*88*/ 0x88, > > + /*89*/ 0x98, > > + /*8a*/ 0xa8, > > + /*8b*/ 0xb8, > > + /*8c*/ 0xc8, > > + /*8d*/ 0xd8, > > + /*8e*/ 0xe8, > > + /*8f*/ 0xf8, > > + /*90*/ 0x09, > > + /*91*/ 0x19, > > + /*92*/ 0x29, > > + /*93*/ 0x39, > > + /*94*/ 0x49, > > + /*95*/ 0x59, > > + /*96*/ 0x69, > > + /*97*/ 0x79, > > + /*98*/ 0x89, > > + /*99*/ 0x99, > > + /*9a*/ 0xa9, > > + /*9b*/ 0xb9, > > + /*9c*/ 0xc9, > > + /*9d*/ 0xd9, > > + /*9e*/ 0xe9, > > + /*9f*/ 0xf9, > > + /*a0*/ 0x0a, > > + /*a1*/ 0x1a, > > + /*a2*/ 0x2a, > > + /*a3*/ 0x3a, > > + /*a4*/ 0x4a, > > + /*a5*/ 0x5a, > > + /*a6*/ 0x6a, > > + /*a7*/ 0x7a, > > + /*a8*/ 0x8a, > > + /*a9*/ 0x9a, > > + /*aa*/ 0xaa, > > + /*ab*/ 0xba, > > + /*ac*/ 0xca, > > + /*ad*/ 0xda, > > + /*ae*/ 0xea, > > + /*af*/ 0xfa, > > + /*b0*/ 0x0b, > > + /*b1*/ 0x1b, > > + /*b2*/ 0x2b, > > + /*b3*/ 0x3b, > > + /*b4*/ 0x4b, > > + /*b5*/ 0x5b, > > + /*b6*/ 0x6b, > > + /*b7*/ 0x7b, > > + /*b8*/ 0x8b, > > + /*b9*/ 0x9b, > > + /*ba*/ 0xab, > > + /*bb*/ 0xbb, > > + /*bc*/ 0xcb, > > + /*bd*/ 0xdb, > > + /*be*/ 0xeb, > > + /*bf*/ 0xfb, > > + /*c0*/ 0x0c, > > + /*c1*/ 0x1c, > > + /*c2*/ 0x2c, > > + /*c3*/ 0x3c, > > + /*c4*/ 0x4c, > > + /*c5*/ 0x5c, > > + /*c6*/ 0x6c, > > + /*c7*/ 0x7c, > > + /*c8*/ 0x8c, > > + /*c9*/ 0x9c, > > + /*ca*/ 0xac, > > + /*cb*/ 0xbc, > > + /*cc*/ 0xcc, > > + /*cd*/ 0xdc, > > + /*ce*/ 0xec, > > + /*cf*/ 0xfc, > > + /*d0*/ 0x0d, > > + /*d1*/ 0x1d, > > + /*d2*/ 0x2d, > > + /*d3*/ 0x3d, > > + /*d4*/ 0x4d, > > + /*d5*/ 0x5d, > > + /*d6*/ 0x6d, > > + /*d7*/ 0x7d, > > + /*d8*/ 0x8d, > > + /*d9*/ 0x9d, > > + /*da*/ 0xad, > > + /*db*/ 0xbd, > > + /*dc*/ 0xcd, > > + /*dd*/ 0xdd, > > + /*de*/ 0xed, > > + /*df*/ 0xfd, > > + /*e0*/ 0x0e, > > + /*e1*/ 0x1e, > > + /*e2*/ 0x2e, > > + /*e3*/ 0x3e, > > + /*e4*/ 0x4e, > > + /*e5*/ 0x5e, > > + /*e6*/ 0x6e, > > + /*e7*/ 0x7e, > > + /*e8*/ 0x8e, > > + /*e9*/ 0x9e, > > + /*ea*/ 0xae, > > + /*eb*/ 0xbe, > > + /*ec*/ 0xce, > > + /*ed*/ 0xde, > > + /*ee*/ 0xee, > > + /*ef*/ 0xfe, > > + /*f0*/ 0x0f, > > + /*f1*/ 0x1f, > > + /*f2*/ 0x2f, > > + /*f3*/ 0x3f, > > + /*f4*/ 0x4f, > > + /*f5*/ 0x5f, > > + /*f6*/ 0x6f, > > + /*f7*/ 0x7f, > > + /*f8*/ 0x8f, > > + /*f9*/ 0x9f, > > + /*fa*/ 0xaf, > > + /*fb*/ 0xbf, > > + /*fc*/ 0xcf, > > + /*fd*/ 0xdf, > > + /*fe*/ 0xef, > > + /*ff*/ 0xff > > + }; > > + > > + /* > > * Generate an error packet of type error > > * in response to bad packet ip. > > */ > > *************** > > *** 226,232 **** > > nip->ip_len = m->m_len; > > nip->ip_vhl = IP_VHL_BORING; > > nip->ip_p = IPPROTO_ICMP; > > ! nip->ip_tos = 0; > > icmp_reflect(m); > > > > freeit: > > --- 490,496 ---- > > nip->ip_len = m->m_len; > > nip->ip_vhl = IP_VHL_BORING; > > nip->ip_p = IPPROTO_ICMP; > > ! nip->ip_tos = 0x44; /* Network Management Flow */ > > icmp_reflect(m); > > > > freeit: > > *************** > > *** 610,615 **** > > --- 874,880 ---- > > struct in_addr t; > > struct mbuf *opts = 0; > > int optlen = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); > > + int flags = 0; > > > > if (!in_canforward(ip->ip_src) && > > ((ntohl(ip->ip_src.s_addr) & IN_CLASSA_NET) != > > *************** > > *** 617,622 **** > > --- 882,895 ---- > > m_freem(m); /* Bad return address */ > > goto done; /* Ip_output() will check for broadcast */ > > } > > + /* Handle IPv8 TOS and UnirVerse fields */ > > + if(((ip->ip_tos&0xF0)!=0) && ((ip->ip_tos&0x0F)!=0)){ > > + ip->ip_tos = reverse_nibbles[ip->ip_tos]; > > + if(ip->ip_gate != IPXX_UNIRVERSE_DEFAULT){ > > + ip->ip_gate = reverse_nibbles[ip->ip_gate]; > > + flags |= IP_UNIRVERSE_SET; > > + } > > + } > > t = ip->ip_dst; > > ip->ip_dst = ip->ip_src; > > /* > > *************** > > *** 719,725 **** > > (unsigned)(m->m_len - sizeof(struct ip))); > > } > > m->m_flags &= ~(M_BCAST|M_MCAST); > > ! icmp_send(m, opts); > > done: > > if (opts) > > (void)m_free(opts); > > --- 992,998 ---- > > (unsigned)(m->m_len - sizeof(struct ip))); > > } > > m->m_flags &= ~(M_BCAST|M_MCAST); > > ! icmp_send(m,opts,flags); > > done: > > if (opts) > > (void)m_free(opts); > > *************** > > *** 730,738 **** > > * after supplying a checksum. > > */ > > static void > > ! icmp_send(m, opts) > > register struct mbuf *m; > > struct mbuf *opts; > > { > > register struct ip *ip = mtod(m, struct ip *); > > register int hlen; > > --- 1003,1012 ---- > > * after supplying a checksum. > > */ > > static void > > ! icmp_send(m,opts,flags) > > register struct mbuf *m; > > struct mbuf *opts; > > + int flags; > > { > > register struct ip *ip = mtod(m, struct ip *); > > register int hlen; > > *************** > > *** 757,763 **** > > } > > #endif > > bzero(&ro, sizeof ro); > > ! (void) ip_output(m, opts, &ro, 0, NULL); > > if (ro.ro_rt) > > RTFREE(ro.ro_rt); > > } > > --- 1031,1037 ---- > > } > > #endif > > bzero(&ro, sizeof ro); > > ! (void) ip_output(m, opts, &ro, flags, NULL); > > if (ro.ro_rt) > > RTFREE(ro.ro_rt); > > } > > diff -c -r /unir/sys/netinet/ip_input.c netinet/ip_input.c > > *** /unir/sys/netinet/ip_input.c Wed Aug 29 21:41:37 2001 > > --- netinet/ip_input.c Wed Dec 12 09:57:20 2001 > > *************** > > *** 258,266 **** > > maxnipq = nmbclusters / 4; > > ip_maxfragpackets = nmbclusters / 4; > > > > - #ifndef RANDOM_IP_ID > > ip_id = time_second & 0xffff; > > ! #endif > > ipintrq.ifq_maxlen = ipqmaxlen; > > > > register_netisr(NETISR_IP, ipintr); > > --- 258,275 ---- > > maxnipq = nmbclusters / 4; > > ip_maxfragpackets = nmbclusters / 4; > > > > ip_id = time_second & 0xffff; > > ! /* initialize all the StarGate id counters */ > > ! for(i=0; i<256; i++){ > > ! ip_id_[i] = time_second & 0xffff; > > ! } > > ! for(i=0; i<65536; i++){ > > ! src_gate[i] = 0x00; > > ! dst_gate[i] = 0x00; > > ! } > > ! galaxy_in=0; > > ! galaxy_out=0; > > ! > > ipintrq.ifq_maxlen = ipqmaxlen; > > > > register_netisr(NETISR_IP, ipintr); > > *************** > > *** 269,274 **** > > --- 278,285 ---- > > static struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; > > static struct route ipforward_rt; > > > > + extern unsigned char reverse_nibbles[]; > > + > > /* > > * Ip input routine. Checksum and byte swap header. If fragmented > > * try to reassemble. Process options. Pass to next level. > > *************** > > *** 287,292 **** > > --- 298,305 ---- > > u_int32_t divert_info = 0; /* packet divert/tee info */ > > #endif > > struct ip_fw_chain *rule = NULL; > > + u_int32_t src_addr; > > + u_int32_t dst_addr; > > > > #ifdef IPDIVERT > > /* Get and reset firewall cookie */ > > *************** > > *** 346,351 **** > > --- 359,365 ---- > > ip = mtod(m, struct ip *); > > } > > > > + > > /* 127/8 must not appear on wire - RFC1122 */ > > if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || > > (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { > > *************** > > *** 402,407 **** > > --- 416,483 ---- > > if (ipsec_gethist(m, NULL)) > > goto pass; > > #endif > > + > > + /* Process IPvXX ICMP++ packets that are special QoS codes */ > > + if((ip->ip_p==IPPROTO_ICMP) && (((ip->ip_tos&0xF0)==0)||((ip->ip_tos&0x0F)==0))){ > > + src_addr = ntohl(ip->ip_src.s_addr); > > + dst_addr = ntohl(ip->ip_dst.s_addr); > > + /* QoS(4)=Network Management */ > > + switch(ip->ip_tos){ > > + case 0x04: > > + /* Check for Galaxy PeaceKeeper */ > > + /* PPPPPPPP.PPPPPPPP.GGG00000.XXXX0000 */ > > + if((src_addr&0x1F0F)==0){ > > + dst_gate[src_addr>>16] >>= 4; > > + dst_gate[src_addr>>16] |= src_addr&0xF0; > > + /* Check for possible new Galaxy setting */ > > + if(((src_addr&0x0E00)!=0)&&((src_addr&0xFFFF0000)==(dst_addr&0xFFFF0000))){ > > + galaxy_out=(src_addr&0x0E00)>>8; > > + log(LOG_WARNING,"Outbound Galactic Routing set to %d\n",galaxy_out); > > + } > > + else{ > > + galaxy_out=0; > > + } > > + } > > + break; > > + case 0x40: > > + /* Check for Galaxy PeaceKeeper */ > > + /* PPPPPPPP.PPPPPPPP.GGG00000.XXXX0000 */ > > + if((src_addr&0x1F0F)==0){ > > + src_gate[src_addr>>16] >>= 4; > > + src_gate[src_addr>>16] |= src_addr&0xF0; > > + /* Check for possible new Galaxy setting */ > > + if(((src_addr&0x0E00)!=0)&&((src_addr&0xFFFF0000)==(dst_addr&0xFFFF0000))){ > > + galaxy_in=(src_addr&0x0E00)>>8; > > + log(LOG_WARNING,"Inbound Galactic Routing set to %d\n",galaxy_in); > > + } > > + else{ > > + galaxy_in=0; > > + } > > + } > > + break; > > + default: > > + log(LOG_WARNING,"Unknown ICMP+ QoS Code from %s\n", > > + inet_ntoa(ip->ip_src)); > > + } > > + } > > + /* Process IPvXX-style Packets */ > > + if((ip->ip_off&0x8000)!=0){ > > + /* Process non-Galaxy 0 Packets */ > > + if(((ip->ip_p&0xC0) != 0)&& > > + ((ip->ip_p&0x07) != galaxy_in)){ > > + printf("Dropped packet not from our galaxy\n"); > > + ipstat.ips_badaddr++; > > + goto bad; > > + } > > + else{ > > + /* Packet is Galaxy 0, are we ? */ > > + if(galaxy_in != 0){ > > + printf("Dropped packet not from our galaxy\n"); > > + ipstat.ips_badaddr++; > > + goto bad; > > + } > > + } > > + } > > > > /* > > * IpHack's section. > > diff -c -r /unir/sys/netinet/ip_mroute.c netinet/ip_mroute.c > > *** /unir/sys/netinet/ip_mroute.c Thu Jul 19 06:37:26 2001 > > --- netinet/ip_mroute.c Tue Dec 11 14:00:20 2001 > > *************** > > *** 1581,1590 **** > > */ > > ip_copy = mtod(mb_copy, struct ip *); > > *ip_copy = multicast_encap_iphdr; > > #ifdef RANDOM_IP_ID > > ip_copy->ip_id = ip_randomid(); > > #else > > ! ip_copy->ip_id = htons(ip_id++); > > #endif > > ip_copy->ip_len += len; > > ip_copy->ip_src = vifp->v_lcl_addr; > > --- 1581,1597 ---- > > */ > > ip_copy = mtod(mb_copy, struct ip *); > > *ip_copy = multicast_encap_iphdr; > > + ip_copy->ip_gate=0; > > #ifdef RANDOM_IP_ID > > ip_copy->ip_id = ip_randomid(); > > #else > > ! if(ip_copy->ip_tos != 0){ > > ! ip_copy->ip_id = ip_id_[ip_copy->ip_gate]++; > > ! } > > ! else{ > > ! ip_copy->ip_id = ip_id++; > > ! ip_copy->ip_gate = ip_id>>8; > > ! } > > #endif > > ip_copy->ip_len += len; > > ip_copy->ip_src = vifp->v_lcl_addr; > > diff -c -r /unir/sys/netinet/ip_output.c netinet/ip_output.c > > *** /unir/sys/netinet/ip_output.c Thu Jul 19 06:37:26 2001 > > --- netinet/ip_output.c Wed Dec 12 10:28:11 2001 > > *************** > > *** 52,57 **** > > --- 52,58 ---- > > #include <sys/socket.h> > > #include <sys/socketvar.h> > > #include <sys/proc.h> > > + #include <sys/time.h> > > > > #include <net/if.h> > > #include <net/route.h> > > *************** > > *** 88,101 **** > > #include <netinet/ip_dummynet.h> > > #endif > > > > ! #ifdef IPFIREWALL_FORWARD_DEBUG > > ! #define print_ip(a) printf("%ld.%ld.%ld.%ld",(ntohl(a.s_addr)>>24)&0xFF,\ > > (ntohl(a.s_addr)>>16)&0xFF,\ > > (ntohl(a.s_addr)>>8)&0xFF,\ > > (ntohl(a.s_addr))&0xFF); > > - #endif > > > > u_short ip_id; > > > > static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); > > static struct ifnet *ip_multicast_if __P((struct in_addr *, int *)); > > --- 89,105 ---- > > #include <netinet/ip_dummynet.h> > > #endif > > > > ! #define print_ip(a) printf("%ld.%ld.%ld.%ld ",(ntohl(a.s_addr)>>24)&0xFF,\ > > (ntohl(a.s_addr)>>16)&0xFF,\ > > (ntohl(a.s_addr)>>8)&0xFF,\ > > (ntohl(a.s_addr))&0xFF); > > > > u_short ip_id; > > + u_char ip_id_[256]; > > + u_char src_gate[65536]; > > + u_char dst_gate[65536]; > > + u_char galaxy_out; > > + u_char galaxy_in; > > > > static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); > > static struct ifnet *ip_multicast_if __P((struct in_addr *, int *)); > > *************** > > *** 127,132 **** > > --- 131,137 ---- > > int flags; > > struct ip_moptions *imo; > > { > > + struct timeval random_time; > > struct ip *ip, *mhip; > > struct ifnet *ifp; > > struct mbuf *m = m0; > > *************** > > *** 207,219 **** > > /* > > * Fill in IP header. > > */ > > if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { > > ip->ip_vhl = IP_MAKE_VHL(IPVERSION, hlen >> 2); > > ip->ip_off &= IP_DF; > > #ifdef RANDOM_IP_ID > > ip->ip_id = ip_randomid(); > > #else > > ! ip->ip_id = htons(ip_id++); > > #endif > > ipstat.ips_localout++; > > } else { > > --- 212,252 ---- > > /* > > * Fill in IP header. > > */ > > + > > + /* Set UnirVerse on QoS-agile Packets */ > > + if(ip->ip_tos != 0){ > > + /* Allow reflectors and forwarders to prevent setting */ > > + if((flags & IP_UNIRVERSE_SET) == 0){ > > + getmicrotime(&random_time); > > + if(random_time.tv_usec&0x01){ > > + ip->ip_gate = > > + ((src_gate[(ntohl(ip->ip_src.s_addr)>>16)&0xFFFF])&0xF0) | > > + (((dst_gate[(ntohl(ip->ip_dst.s_addr)>>16)&0xFFFF])>>4)&0x0F); > > + } > > + else{ > > + ip->ip_gate = > > + (((src_gate[(ntohl(ip->ip_src.s_addr)>>16)&0xFFFF])<<4)&0xF0) | > > + ((dst_gate[(ntohl(ip->ip_dst.s_addr)>>16)&0xFFFF])&0x0F); > > + } > > + } > > + } > > + else{ > > + ip->ip_gate = IPXX_UNIRVERSE_DEFAULT; > > + } > > + /* Set id based on UnirVerse */ > > if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { > > ip->ip_vhl = IP_MAKE_VHL(IPVERSION, hlen >> 2); > > ip->ip_off &= IP_DF; > > #ifdef RANDOM_IP_ID > > ip->ip_id = ip_randomid(); > > #else > > ! if(ip->ip_tos != 0){ > > ! ip->ip_id = ip_id_[ip->ip_gate]++; > > ! } > > ! else{ > > ! ip->ip_id = ip_id++; > > ! ip->ip_gate = ip_id>>8; > > ! } > > #endif > > ipstat.ips_localout++; > > } else { > > *************** > > *** 431,436 **** > > --- 464,470 ---- > > } > > > > sendit: > > + > > #ifdef IPSEC > > /* get SP for this packet */ > > if (so == NULL) > > diff -c -r /unir/sys/netinet/ip_var.h netinet/ip_var.h > > *** /unir/sys/netinet/ip_var.h Thu Jul 19 06:37:26 2001 > > --- netinet/ip_var.h Tue Dec 11 14:00:41 2001 > > *************** > > *** 133,138 **** > > --- 133,140 ---- > > /* flags passed to ip_output as last parameter */ > > #define IP_FORWARDING 0x1 /* most of ip header exists */ > > #define IP_RAWOUTPUT 0x2 /* raw ip header exists */ > > + #define IP_UNIRVERSE_SET 0x4 /* UnirVerse set in header */ > > + > > #define IP_ROUTETOIF SO_DONTROUTE /* bypass routing tables */ > > #define IP_ALLOWBROADCAST SO_BROADCAST /* can send broadcast packets */ > > > > *************** > > *** 142,150 **** > > struct sockopt; > > > > extern struct ipstat ipstat; > > ! #ifndef RANDOM_IP_ID > > ! extern u_short ip_id; /* ip packet ctr, for ids */ > > ! #endif > > extern int ip_defttl; /* default IP ttl */ > > extern int ipforwarding; /* ip forwarding */ > > extern u_char ip_protox[]; > > --- 144,157 ---- > > struct sockopt; > > > > extern struct ipstat ipstat; > > ! > > ! extern u_short ip_id; /* ip packet ctr, for ids */ > > ! extern u_char ip_id_[]; /* id counters for each StarGate */ > > ! extern u_char src_gate[]; > > ! extern u_char dst_gate[]; > > ! extern u_char galaxy_in; > > ! extern u_char galaxy_out; > > ! > > extern int ip_defttl; /* default IP ttl */ > > extern int ipforwarding; /* ip forwarding */ > > extern u_char ip_protox[]; > > diff -c -r /unir/sys/netinet/raw_ip.c netinet/raw_ip.c > > *** /unir/sys/netinet/raw_ip.c Sun Jul 29 19:32:40 2001 > > --- netinet/raw_ip.c Tue Dec 11 14:01:10 2001 > > *************** > > *** 239,249 **** > > m_freem(m); > > return EINVAL; > > } > > - if (ip->ip_id == 0) > > #ifdef RANDOM_IP_ID > > ip->ip_id = ip_randomid(); > > #else > > ! ip->ip_id = htons(ip_id++); > > #endif > > /* XXX prevent ip_output from overwriting header fields */ > > flags |= IP_RAWOUTPUT; > > --- 239,259 ---- > > m_freem(m); > > return EINVAL; > > } > > #ifdef RANDOM_IP_ID > > + if (ip->ip_id == 0){ > > ip->ip_id = ip_randomid(); > > + } > > #else > > ! if (ip->ip_id == 0){ > > ! if(ip->ip_tos != 0){ > > ! ip->ip_id = ip_id_[ip->ip_gate]++; > > ! ip->ip_gate = IPXX_UNIRVERSE_DEFAULT; > > ! } > > ! else{ > > ! ip->ip_id = ip_id++; > > ! ip->ip_gate = ip_id>>8; > > ! } > > ! } > > #endif > > /* XXX prevent ip_output from overwriting header fields */ > > flags |= IP_RAWOUTPUT; > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?014e01c18368$825c2980$1000a8c0>