From owner-freebsd-hackers Mon Jul 8 09:06:36 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA14910 for hackers-outgoing; Mon, 8 Jul 1996 09:06:36 -0700 (PDT) Received: from citadel.oms.co.za (gram.aztec.co.za [196.3.254.235]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id JAA14901 for ; Mon, 8 Jul 1996 09:06:18 -0700 (PDT) Received: (from nobody@localhost) by citadel.oms.co.za (8.6.12/8.6.9) id RAA01404; Mon, 8 Jul 1996 17:48:21 +0200 Received: by citadel via recvmail id 1402; Mon Jul 8 17:47:46 1996 Received: (from gram@localhost) by gram.oms.co.za (8.6.12/8.6.9) id RAA00702; Mon, 8 Jul 1996 17:19:21 +0200 From: Gram Message-Id: <199607081519.RAA00702@gram.oms.co.za> Subject: Re: BPF and point-to-point links To: jgreco@brasil.moneng.mei.com (Joe Greco) Date: Mon, 8 Jul 1996 17:19:21 +0200 (SAT) Cc: hackers@freebsd.org, gram@gram.oms.co.za (Gram) In-Reply-To: <199607081500.KAA22786@brasil.moneng.mei.com> from "Joe Greco" at Jul 8, 96 10:00:07 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi Joe > > I am trying to use BPF to write packets directly out to a network > > interface. I hacked the kernel to allow me to do this with PPP (both > > user and kernel PPP). > > As a quick clarification, is there some reason that you cannot use the tun > device to set up a separate interface for your program? In other words, I > do not understand why you are trying to do this in what appears to be a more > "difficult" manner, when the system provides facilities for this sort of > stuff... Well, I am writing an application level gateway using the BPF devices. The idea is that you run something like: gateway ed1 ed2 and the gateway program then gateways packets between the interfaces. I use ipfw to prevent the kernel from doing anything with the packets. The main purpose of the application is to perform address hiding for the internal network, and restrict traffic to outgoing TCP connections. Thus I am patching the IP addresses and IP and TCP checksums in the packets between reading and writing them. While our client is using a router for their Internet connection, we have a dialup PPP connection to an ISP ourselves. I've been running the program at our site during development and testing. I want to be able to do: gateway ed1 tun0 to have the same effect for PPP. Because the PPP part is just for our own use and is not critical, and furthermore is mostly intended for testing the code which *must* run Ethernet-to-Ethernet, I don't want to make lots of special provisions for the PPP case. At the same time, I would like to retain the demand-dial capabilities of user PPP. I hope this answers your question. Or am I missing the point somewhere? HOWEVER, I must say that my original description was not entirely correct. I am also experiencing some delays when browsing the WWW. On the other hand, when making telnet connections to a couple of sites, on which I have accounts, everything hums (I'm just doing a ls -lR / and the output cruises by nicely). Some further details about what I've done may help: * when I write a packet out on the BPF device, I am putting prepending a data link header if the bound interface is Ethernet. If it is SLIP or PPP, I just write out the IP packet with no DLL header. From looking at the kernel code, this seemed to be the right thing to do. * I hacked the BPF kernel code so that I only tap incoming packets, and not outgoing, to prevent the gateway from getting copies of the packets that it writes out. * the mods I made to bpf.c to allow me to write out packets to /dev/ppp or /dev/tun0 were in the routine bpf_movein: .... switch (linktype) { case DLT_SLIP: case DLT_PPP: /* added by gram for kernel PPP */ case DLT_NULL: /* added by gram for user PPP */ sockp->sa_family = AF_INET; hlen = 0; break; ..... /**** removed by gram ******/ #if 0 case DLT_NULL: sockp->sa_family = AF_UNSPEC; hlen = 0; break; #endif .... I can, if necessary, provide a debug trace of the actions of the gateway program when these problems occur (every time I fetch mail with POP 8-( ). Looking at this trace, the main thing one notices is that everything seems to be working, with the inside client getting a packet and sending an ack. Then nothing happens for nearly a minute, and then the server side sends an ack for a few packets back. So it looks like the sliding window fills up but only one packet gets acked each time, or something like that. (Apologies for the vagueness of this description, but I haven't looked at the trace for a couple of days). I could understand it if there was always a problem, or if each TCP connection ran OK for a while and then started misbehaving, but what makes this very confusing is that: * the problem doesn't seem to happen at all when both interfaces are Ethernet; * the problem seems to be consistent, always occuring with some outside hosts and never with others. For a while I redirected my mail to a different host and then I picked it up with POP fine every time. At present it is at the ISP and more often than not I get a POP timeout before the first message finishes getting through. BTW it isn't just that these sluggish hosts are overloaded, as if I kill the gateway program and flush the ipfw filters, and the do a POP fetch using a simple TCP relay, the mail comes through fine. Regards Graham -- Dr Graham Wheeler E-mail: gram@oms.co.za Open Mind Solutions Phone: +27(21)23-6065/6/7 Open System and Network Specialists Mobile: +27(83)-253-9864 Internet Security and Firewalls Fax: +27(21)24-3656 Custom Software Solutions WWW: http://www.oms.co.za/