From owner-freebsd-hackers Tue Dec 29 08:49:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA17956 for freebsd-hackers-outgoing; Tue, 29 Dec 1998 08:49:45 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA17940 for ; Tue, 29 Dec 1998 08:49:38 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id RAA12860; Tue, 29 Dec 1998 17:49:13 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id RAA73296; Tue, 29 Dec 1998 17:49:12 +0100 (MET) Message-ID: <19981229174912.U53810@follo.net> Date: Tue, 29 Dec 1998 17:49:12 +0100 From: Eivind Eklund To: Joseph Lee , freebsd-hackers@FreeBSD.ORG Subject: Re: libalias and ident References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Joseph Lee on Tue, Dec 29, 1998 at 07:19:17AM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Dec 29, 1998 at 07:19:17AM -0800, Joseph Lee wrote: > I've been hacking around in libalias to attempt ident support, and > have gotten stuck due to my limited knowledge of tcp connections. > > The basic premise of the code has been: > (1) see if tcp packet in is destined for port 113, if so special code > (2) in special code, do a sscanf() similar to a basic ident query > and grab querying remote/local (fport/lport) port pair > (3) with pair found, find corresponding in-link to find originating > out-link that triggered the ident query, using the fport/lport pair > (4) with in-link found, create out-link originating at original ip/auth > port to remote ip, same remote port, using FindUdpTcpOut() > (5) do a PunchFWHole() on the new out-link > (6) change the original (destined) address on the tcp packet from (1) Step 4 is wrong, if I understand what you write correctly. The ident query has to be re-written with support for the relevant ports changing - libalias is _not_ guaranteed to use the same ports as the original machine did. > The code is doing all the query recognizing, packet remapping and > forwarding, but ident fails on my test machine 'bob' hanging off the fbsd > machine. > > I know ident on bob works, because an initial redirect_port makes > everything handy-dandy. > > I'm surmising it's not quite working because 'bob' didn't have a > pre-existing tcp connection on its auth port, so my attempt to > directly send the query packet without the initial tcp syn packets means > the query packet gets dropped/lost.. > > It doesn't look like libalias gets involved in initiating a tcp connection > when it creates a redirection alias. > > How can I work around this? You have to use the normal connect() etc calls to setup a connection to the remote machine. You should probably create an extra task to deal with this, to avoid having to make ad-hoc scheduling in libalias. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message