Date: Tue, 29 Dec 1998 17:49:12 +0100 From: Eivind Eklund <eivind@yes.no> To: Joseph Lee <nugundam@best.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: libalias and ident Message-ID: <19981229174912.U53810@follo.net> In-Reply-To: <Pine.BSF.4.05.9812290644440.14302-100000@shell2.la.best.com>; from Joseph Lee on Tue, Dec 29, 1998 at 07:19:17AM -0800 References: <Pine.BSF.4.05.9812290644440.14302-100000@shell2.la.best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 29, 1998 at 07:19:17AM -0800, Joseph Lee wrote: > I've been hacking around in libalias to attempt ident support, and > have gotten stuck due to my limited knowledge of tcp connections. > > The basic premise of the code has been: > (1) see if tcp packet in is destined for port 113, if so special code > (2) in special code, do a sscanf() similar to a basic ident query > and grab querying remote/local (fport/lport) port pair > (3) with pair found, find corresponding in-link to find originating > out-link that triggered the ident query, using the fport/lport pair > (4) with in-link found, create out-link originating at original ip/auth > port to remote ip, same remote port, using FindUdpTcpOut() > (5) do a PunchFWHole() on the new out-link > (6) change the original (destined) address on the tcp packet from (1) Step 4 is wrong, if I understand what you write correctly. The ident query has to be re-written with support for the relevant ports changing - libalias is _not_ guaranteed to use the same ports as the original machine did. > The code is doing all the query recognizing, packet remapping and > forwarding, but ident fails on my test machine 'bob' hanging off the fbsd > machine. > > I know ident on bob works, because an initial redirect_port makes > everything handy-dandy. > > I'm surmising it's not quite working because 'bob' didn't have a > pre-existing tcp connection on its auth port, so my attempt to > directly send the query packet without the initial tcp syn packets means > the query packet gets dropped/lost.. > > It doesn't look like libalias gets involved in initiating a tcp connection > when it creates a redirection alias. > > How can I work around this? You have to use the normal connect() etc calls to setup a connection to the remote machine. You should probably create an extra task to deal with this, to avoid having to make ad-hoc scheduling in libalias. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981229174912.U53810>