From owner-p4-projects@FreeBSD.ORG Mon Aug 20 19:12:32 2007 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0131C16A41A; Mon, 20 Aug 2007 19:12:32 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D6BB16A418 for ; Mon, 20 Aug 2007 19:12:31 +0000 (UTC) (envelope-from mharvan@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 7CC8E13C46A for ; Mon, 20 Aug 2007 19:12:31 +0000 (UTC) (envelope-from mharvan@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l7KJCVGI081103 for ; Mon, 20 Aug 2007 19:12:31 GMT (envelope-from mharvan@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l7KJCVAf081098 for perforce@freebsd.org; Mon, 20 Aug 2007 19:12:31 GMT (envelope-from mharvan@FreeBSD.org) Date: Mon, 20 Aug 2007 19:12:31 GMT Message-Id: <200708201912.l7KJCVAf081098@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to mharvan@FreeBSD.org using -f From: Matus Harvan To: Perforce Change Reviews Cc: Subject: PERFORCE change 125447 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2007 19:12:32 -0000 http://perforce.freebsd.org/chv.cgi?CH=125447 Change 125447 by mharvan@mharvan_bike-planet on 2007/08/20 19:12:11 Added some omitted details. Affected files ... .. //depot/projects/soc2007/mharvan-mtund/mtund.doc/design.txt#5 edit Differences ... ==== //depot/projects/soc2007/mharvan-mtund/mtund.doc/design.txt#5 (text+ko) ==== @@ -185,10 +185,11 @@ function report_plugin() with the REPORT_READY_TO_SEND flag to indicate that is can send a packet. The daemon then checks whether no fragments are pending. If not, a read on the tun interface is be -attempted. Note that the queue is still needed to originate ping -requests on the server as it does not queue them, but expects the -plugin to do so. Using the "urgent" queue for replies is just a -technical issue to simplify the plugins. +attempted. The entry function here is request_tun_data(). Note that +the queue is still needed to originate ping requests on the server as +it does not queue them, but expects the plugin to do so. Using the +"urgent" queue for replies is just a technical issue to simplify the +plugins. Upon receiving a response, the plugin on the client immediately generates a new request. If no data is avaiable, it sends an empty @@ -210,7 +211,9 @@ UDP CATCHALL PLUGIN The UDP CATCHALL plugin uses a raw IP socket to receive unclaimed UDP traffic, i.e., listen on all unused ports. A kernel patch is provided -to allow this. +to allow this. If the daemon indicates legitimate traffic (suign +plugin_conn_map()), a UDP socket bound/connected to the given source +UDP port, destination UDP port and destination IP address is created. TCP PLUGIN The TCP plugin is a direct plugin using a TCP socket for the @@ -219,13 +222,17 @@ ICMP PLUGIN The ICMP plugin is a polling plugin using ICMP echo requeust/response -exchanges. +exchanges. In addition, a kernel patch is provided to allow receiving +ICMP echo requests in user space rather than having the kernel +generate a reply for them. DNS PLUGIN The DNS plugin is a polling plugin using DNS queries/answers. Fro the DNS encoding/decoding, code from the iodine project is used. THINGS LEFT TO DO: +An updated list of remainig TODO items with explanations can be found +on the project wiki page. HTTP PLUGIN Reading httptunnel sources is a good starting point. @@ -235,7 +242,7 @@ for the config needs to be written. lex/yacc is a good candidate here. The plugin-specific parts of the config file may be parsed by the plugins. This would allow to leave the daemon independent of the -plugins. +plugins. The idea would be CRYPTO The easiest way to secure the tunnel would be to put IPSec on the tun