From owner-freebsd-net Thu Apr 13 9:19: 0 2000 Delivered-To: freebsd-net@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 89EBD37B5D1 for ; Thu, 13 Apr 2000 09:18:45 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id TAA34557; Thu, 13 Apr 2000 19:16:49 +0300 (EEST) (envelope-from ru) Date: Thu, 13 Apr 2000 19:16:49 +0300 From: Ruslan Ermilov To: Brian Somers , Charles Mott , Ari Suutari , Eivind Eklund , Julian Elischer Cc: net@FreeBSD.org Subject: Improved PPTP support for libalias(3) Message-ID: <20000413191649.A19493@relay.ucb.crimea.ua> Mail-Followup-To: Brian Somers , Charles Mott , Ari Suutari , Eivind Eklund , Julian Elischer , net@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! For those of you who would like to review this change, I have made it available from my FreeBSD homepage: http://people.FreeBSD.org/~ru/libalias_pptp_patch.0 WHAT IS ADDRESSED IN THIS PATCH The current PPTP support in libalias(3) is limited to only one local IP address. This change "eliminates" this limitation by adding the new API function, PacketAliasRedirectPptp(). It takes three arguments: src_addr, dst_addr and alias_addr. The meaning of these arguments is fully identical to the corresponding arguments of PacketAliasRedirectPort(), i.e. dst_addr can be INADDR_ANY or any specific IP address, while src_addr/alias_addr could be INADDR_ANY to always match the default aliasing address set by PacketAliasSetAddress(). IMPLEMENTATION DETAILS The old function, PacketAliasPptp(), is provided to maintain backwards compatibility, and is identical to the PacketAliasPptp(src_addr, nullAddress, nullAddress); meaning that any incoming PPTP traffic to the default aliasing address will be forwarded to the local (src_addr) machine. The static NAT rules set by PacketAliasRedirectAddress(), will now match PPTP packets, and PKT_ALIAS_DENY_INCOMING mode flag will be honored for PPTP packets as well. TESTING The patch was tested with both unmodified (using old PacketAliasPptp()) and modified (using new PacketAliasRedirectPptp()) natd(8) sources, and with nos-tun(8) as a tunneling software on both ends. This required a simple change to the alias.c (adding IPPROTO_IPEIP to the list of PPTP protocols), which did not get included in this patch. The manual page is not yet updated, pending your feedback. WHAT COULD BE IMPROVED It would be pretty easy to add a new PKT_ALIAS_DISABLE_PPTP mode bit to make it possible to disable PPTP support. Or PKT_ALIAS_ENABLE_PPTP could be introduced to enable PPTP support on demand, and have it disabled by default. Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message