From owner-freebsd-hackers  Tue Dec 29 07:19:35 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA09850
          for freebsd-hackers-outgoing; Tue, 29 Dec 1998 07:19:35 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from shell2.la.best.com (shell2.la.best.com [209.24.216.141])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA09839
          for <freebsd-hackers@freebsd.org>; Tue, 29 Dec 1998 07:19:34 -0800 (PST)
          (envelope-from nugundam@shell2.la.best.com)
Received: from localhost (nugundam@localhost)
	by shell2.la.best.com (8.9.1/8.9.0/best.sh) with ESMTP id HAA14901
	for <freebsd-hackers@freebsd.org>; Tue, 29 Dec 1998 07:19:17 -0800 (PST)
Date: Tue, 29 Dec 1998 07:19:17 -0800 (PST)
From: Joseph Lee <nugundam@best.com>
To: freebsd-hackers@FreeBSD.ORG
Subject: libalias and ident
Message-ID: <Pine.BSF.4.05.9812290644440.14302-100000@shell2.la.best.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I've been hacking around in libalias to attempt ident support, and
have gotten stuck due to my limited knowledge of tcp connections.

The basic premise of the code has been:
(1) see if tcp packet in is destined for port 113, if so special code
(2) in special code, do a sscanf() similar to a basic ident query
    and grab querying remote/local (fport/lport) port pair
(3) with pair found, find corresponding in-link to find originating
    out-link that triggered the ident query, using the fport/lport pair
(4) with in-link found, create out-link originating at original ip/auth
    port to remote ip, same remote port, using FindUdpTcpOut()
(5) do a PunchFWHole() on the new out-link
(6) change the original (destined) address on the tcp packet from (1)
    
The code is doing all the query recognizing, packet remapping and
forwarding, but ident fails on my test machine 'bob' hanging off the fbsd
machine.

I know ident on bob works, because an initial redirect_port makes
everything handy-dandy.

I'm surmising it's not quite working because 'bob' didn't have a
pre-existing tcp connection on its auth port, so my attempt to
directly send the query packet without the initial tcp syn packets means
the query packet gets dropped/lost..

It doesn't look like libalias gets involved in initiating a tcp connection
when it creates a redirection alias.

How can I work around this?

tia,
-- 
Joseph nugundam =best=com==/==\=IIGS=/==\=Playstation=/==\=Civic HX CVT=/==\
#        Anime Expo 1998        >> www.anime-expo.org/                      >
#         Redline Games         >> www.redlinegames.com/                    >
#      Cal-Animage Epsilon      >> www.best.com/~nugundam/epsilon/          >
# EX: The Online World of Anime & Manga >> www.ex.org/                     /


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message