[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: libalias and ident
From: Eivind Eklund <eivind () yes ! no>
Date: 1998-12-29 16:49:12
[Download RAW message or body]
On Tue, Dec 29, 1998 at 07:19:17AM -0800, Joseph Lee wrote:
> I've been hacking around in libalias to attempt ident support, and
> have gotten stuck due to my limited knowledge of tcp connections.
>
> The basic premise of the code has been:
> (1) see if tcp packet in is destined for port 113, if so special code
> (2) in special code, do a sscanf() similar to a basic ident query
> and grab querying remote/local (fport/lport) port pair
> (3) with pair found, find corresponding in-link to find originating
> out-link that triggered the ident query, using the fport/lport pair
> (4) with in-link found, create out-link originating at original ip/auth
> port to remote ip, same remote port, using FindUdpTcpOut()
> (5) do a PunchFWHole() on the new out-link
> (6) change the original (destined) address on the tcp packet from (1)
Step 4 is wrong, if I understand what you write correctly. The ident
query has to be re-written with support for the relevant ports
changing - libalias is _not_ guaranteed to use the same ports as the
original machine did.
> The code is doing all the query recognizing, packet remapping and
> forwarding, but ident fails on my test machine 'bob' hanging off the fbsd
> machine.
>
> I know ident on bob works, because an initial redirect_port makes
> everything handy-dandy.
>
> I'm surmising it's not quite working because 'bob' didn't have a
> pre-existing tcp connection on its auth port, so my attempt to
> directly send the query packet without the initial tcp syn packets means
> the query packet gets dropped/lost..
>
> It doesn't look like libalias gets involved in initiating a tcp connection
> when it creates a redirection alias.
>
> How can I work around this?
You have to use the normal connect() etc calls to setup a connection
to the remote machine. You should probably create an extra task to
deal with this, to avoid having to make ad-hoc scheduling in libalias.
Eivind.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic