[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-hackers
Subject:    Re: libalias and ident
From:       Eivind Eklund <eivind () yes ! no>
Date:       1998-12-29 16:49:12
[Download RAW message or body]

On Tue, Dec 29, 1998 at 07:19:17AM -0800, Joseph Lee wrote:
> I've been hacking around in libalias to attempt ident support, and
> have gotten stuck due to my limited knowledge of tcp connections.
> 
> The basic premise of the code has been:
> (1) see if tcp packet in is destined for port 113, if so special code
> (2) in special code, do a sscanf() similar to a basic ident query
>     and grab querying remote/local (fport/lport) port pair
> (3) with pair found, find corresponding in-link to find originating
>     out-link that triggered the ident query, using the fport/lport pair
> (4) with in-link found, create out-link originating at original ip/auth
>     port to remote ip, same remote port, using FindUdpTcpOut()
> (5) do a PunchFWHole() on the new out-link
> (6) change the original (destined) address on the tcp packet from (1)


Step 4 is wrong, if I understand what you write correctly.  The ident
query has to be re-written with support for the relevant ports
changing - libalias is _not_ guaranteed to use the same ports as the
original machine did.

> The code is doing all the query recognizing, packet remapping and
> forwarding, but ident fails on my test machine 'bob' hanging off the fbsd
> machine.
> 
> I know ident on bob works, because an initial redirect_port makes
> everything handy-dandy.
> 
> I'm surmising it's not quite working because 'bob' didn't have a
> pre-existing tcp connection on its auth port, so my attempt to
> directly send the query packet without the initial tcp syn packets means
> the query packet gets dropped/lost..
> 
> It doesn't look like libalias gets involved in initiating a tcp connection
> when it creates a redirection alias.
> 
> How can I work around this?

You have to use the normal connect() etc calls to setup a connection
to the remote machine.  You should probably create an extra task to
deal with this, to avoid having to make ad-hoc scheduling in libalias.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

[prev in list] [next in list] [prev in thread] [next in thread]