From owner-freebsd-hackers Mon Mar 29 5:56:39 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from mailgate.program-products.co.uk (samson.program-products.co.uk [212.240.242.226]) by hub.freebsd.org (Postfix) with ESMTP id BF9E614F4D for ; Mon, 29 Mar 1999 05:56:34 -0800 (PST) (envelope-from terry@program-products.co.uk) Received: by mailgate.program-products.co.uk via smap (V2.1) id xma029635; Mon, 29 Mar 99 14:55:39 +0100 To: Jim Flowers , freebsd-hackers@freebsd.org Subject: Re: Tunnel loopback References: <9903091652.AA04146@ppsl.demon.co.uk> <36E57226.15FB7483@whistle.com> <00c401be7927$838e5060$23b197ce@ezo.net> From: Terry Glanfield Date: 29 Mar 1999 14:55:36 +0100 In-Reply-To: Jim Flowers's message of "Sun, 28 Mar 1999 09:30:21 -0500" Message-Id: Lines: 131 X-Mailer: Gnus v5.6.44/Emacs 19.34 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jim Flowers writes: > I'm still trying to figure out what you are doing and how you are > doing it. Let me give you a run through. Firstly I used IPFilter on the internal interface to redirect all packets (except those destined for the local host) to the tunnel device. pass in quick from any to 10.10.10.10 pass in quick from any to 10.10.10.255 pass in quick from any to 240.0.0.1 etc pass in quick on ed0 to tun0 all SKIP is installed on /dev/tun0 where it encrypts any packets that match its rules. All these packets are then read from the tunnel by the program below and "direct"ed to a IPFW rule on the external interface: ipfw add 100 divert 100 57 from any to any in via ed1 ipfw add 100 divert 100 udp from any 1640 to any in via ed1 ipfw add 100 divert 100 udp from any to any 1640 in via ed1 SKIP packets arriving on the external interface are "divert"ed back to the program and written into the tunnel where SKIP can decodes them. It runs fine for small packets but stops when they near the MTU of the external interface. I've also experiences several kernel panics in rtfree() but have yet to track them down. I probably won't have time to look at this further until next week but I will get back to it. Best of luck. Cheers, Terry. #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include int main (int argc, char** argv) { int fdtun,fdsock,nds,count; int port = 100; struct sockaddr_in addr; char packetBuf[IP_MAXPACKET]; struct sockaddr_in packetAddr; int addrSize; int bytes; fd_set readfds; fdsock = socket (PF_INET, SOCK_RAW, IPPROTO_DIVERT); if (fdsock < 0) { perror("divert"); exit(1); } fdtun = open("/dev/tun0",O_RDWR,0600); if (fdtun <= 0) { perror("/dev/tun0"); exit(1); } addr.sin_family = AF_INET; addr.sin_addr.s_addr = INADDR_ANY; addr.sin_port = htons(port); if (bind (fdsock, (struct sockaddr*) &addr, sizeof addr) == -1) exit(2); nds = getdtablesize(); while (1) { FD_ZERO(&readfds); FD_SET(fdsock, &readfds); FD_SET(fdtun, &readfds); count = select(nds,&readfds,0,0,0); if (count > 0) { if (FD_ISSET(fdsock,&readfds)) { bytes = recvfrom (fdsock, packetBuf, sizeof packetBuf, 0, (struct sockaddr*) &packetAddr, &addrSize); if (bytes > 0) write(fdtun,packetBuf,bytes); } if (FD_ISSET(fdtun,&readfds)) { bytes = read(fdtun,packetBuf,sizeof packetBuf); if (bytes > 0) sendto (fdsock, packetBuf, bytes, 0, (struct sockaddr*) &packetAddr, sizeof packetAddr); } } } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message