From owner-freebsd-net@FreeBSD.ORG Sun Sep 9 20:23:55 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C433416A41A; Sun, 9 Sep 2007 20:23:55 +0000 (UTC) (envelope-from matus.harvan@inf.ethz.ch) Received: from XSMTP0.ethz.ch (xsmtp0.ethz.ch [82.130.70.14]) by mx1.freebsd.org (Postfix) with ESMTP id 4020D13C494; Sun, 9 Sep 2007 20:23:55 +0000 (UTC) (envelope-from matus.harvan@inf.ethz.ch) Received: from xfe2.d.ethz.ch ([82.130.124.42]) by XSMTP0.ethz.ch with Microsoft SMTPSVC(6.0.3790.3959); Sun, 9 Sep 2007 22:18:36 +0200 Received: from bike-planet.inf.ethz.ch ([80.218.230.225]) by xfe2.d.ethz.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Sun, 9 Sep 2007 22:18:35 +0200 Received: by bike-planet.inf.ethz.ch (Postfix, from userid 1001) id A99A11D212B; Sun, 9 Sep 2007 22:18:38 +0200 (CEST) Date: Sun, 9 Sep 2007 22:18:37 +0200 From: Matus Harvan To: freebsd-net@freebsd.org Message-ID: <20070909201837.GA18107@inf.ethz.ch> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-OriginalArrivalTime: 09 Sep 2007 20:18:36.0208 (UTC) FILETIME=[9A073300:01C7F31E] Cc: Max Laier , Brooks Davis , mharvan@inf.ethz.ch Subject: UDP catchall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Sep 2007 20:23:56 -0000 --n8g4imXOkfNTN/H1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I am a Google Summer of Code student working on mtund, aka Magic Tunnel Daemon aka Super Tunnel Daemon, http://wiki.freebsd.org/SuperTunnelDaemon. For mtund it would be useful to listen on all unused UDP ports, allowing a client behind firewall to use any possible hole it could find. To achieve this, the easiest way seems to be to allow a raw IP/UDP socket to receive UDP traffic that no regular UDP socket wants. In the kernel this means passing the mbuf from udp_input to rip_input(). Upon receiving a packet, the user space program would inspect the UDP header and create a UDP socket bound to the correct local port and connected to the right remote port and address. The user space usage would then look as follows: fd =3D socket(AF_INET, SOCK_RAW, IPPROTO_UDP); recvfrom(fd, ...); /* parse the UDP header for the source and destination addresses */ new_fd =3D socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); bind(new_fd, ...); connect(new_fd, ...); This catchall feature could be enabled/disabled via a sysctl variable, net.inet.raw.udp_catchall. Furthermore, a rate limit could be used to mitigate possible DoS misuse. A simple testing program can be found under http://p4web.freebsd.org/@md=3Dd&cd=3D//depot/projects/soc2007/mharvan-mtun= d/sys.patches/test_catchall/&c=3Dxpc@//depot/projects/soc2007/mharvan-mtund= /sys.patches/test_catchall/ucatchalld.c?ac=3D22 and a more complex example is the udp catchall plugin for mtund http://p4web.freebsd.org/@md=3Dd&cd=3D//depot/projects/soc2007/mharvan-mtun= d/mtund.src/&c=3DSM3@//depot/projects/soc2007/mharvan-mtund/mtund.src/plugi= n_udp_catchall.c?ac=3D22 Matus patch: Index: udp_usrreq.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet/udp_usrreq.c,v retrieving revision 1.216 diff -d -u -r1.216 udp_usrreq.c --- udp_usrreq.c 10 Jul 2007 09:30:46 -0000 1.216 +++ udp_usrreq.c 6 Sep 2007 21:59:31 -0000 @@ -125,6 +125,15 @@ SYSCTL_ULONG(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLFLAG_RW, &udp_recvspace, 0, "Maximum space for incoming UDP datagrams"); =20 +static int udp_catchall =3D 0; +SYSCTL_INT(_net_inet_raw, OID_AUTO, udp_catchall, CTLFLAG_RW | CTLFLAG_SEC= URE, + &udp_catchall, 0, "Raw IP UDP sockets receive unclaimed UDP datagrams"); + +static int catchalllim =3D 5; +SYSCTL_INT(_net_inet_udp, OID_AUTO, catchalllim, CTLFLAG_RW | CTLFLAG_SECU= RE, + &catchalllim, 0, + "Rate limit on received UDP datagrams due to udp_catchall"); + struct inpcbhead udb; /* from udp_var.h */ struct inpcbinfo udbinfo; =20 @@ -136,6 +145,11 @@ SYSCTL_STRUCT(_net_inet_udp, UDPCTL_STATS, stats, CTLFLAG_RW, &udpstat, udpstat, "UDP statistics (struct udpstat, netinet/udp_var.h)"); =20 +static struct rate { + struct timeval lasttime; + int curpps; +} catchallr; + static void udp_detach(struct socket *so); static int udp_output(struct inpcb *, struct mbuf *, struct sockaddr *, struct mbuf *, struct thread *); @@ -515,6 +529,35 @@ */ inp =3D in_pcblookup_hash(&udbinfo, ip->ip_src, uh->uh_sport, ip->ip_dst, uh->uh_dport, 1, ifp); + + /* catchall socket */ + if (inp =3D=3D NULL && udp_catchall !=3D 0) { +#ifdef DIAGNOSTIC + printf("IP UDP catchall active\n"); + char dbuf[INET_ADDRSTRLEN], sbuf[INET_ADDRSTRLEN]; + strcpy(dbuf, inet_ntoa(ip->ip_dst)); + strcpy(sbuf, inet_ntoa(ip->ip_src)); + printf("\tip_src: %s, sport: %hu\n\tip_dst: %s, dport: %hu\n", + sbuf, ntohs(uh->uh_sport), dbuf, ntohs(uh->uh_dport)); +#endif + + /* rate limiting */ + if (catchalllim > 0)=20 + if (ppsratecheck(&catchallr.lasttime, + &catchallr.curpps, catchalllim)) { + rip_input(m, off); + INP_INFO_RUNLOCK(&udbinfo); + return; + } +#ifdef DIAGNOSTIC + else + printf("ppsratecheck limited " + "udp_catchall\n"); + else + printf("ppsratecheck limited udp_catchall\n"); +#endif + } + if (inp =3D=3D NULL) { if (udp_log_in_vain) { char buf[4*sizeof "123"]; --n8g4imXOkfNTN/H1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG5FUd43LQWDWf0QIRAtWyAJ94JyjXtEY5Dl+9u/QN3KfOTsrQuACgirmD aHyP2ELbRkFzvCpev/9d1Zk= =4L3p -----END PGP SIGNATURE----- --n8g4imXOkfNTN/H1--