Date: Wed, 14 Jun 2000 11:18:55 -0700 From: Erik Salander <erik@whistle.com> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: net@FreeBSD.org, Archie Cobbs <archie@FreeBSD.org>, Julian Elischer <julian@FreeBSD.org>, Eivind Eklund <eivind@FreeBSD.org>, Kris Kennaway <kris@FreeBSD.org>, Warner Losh <imp@FreeBSD.org>, Brian Somers <brian@FreeBSD.org>, Charles Mott <cmott@scientech.com> Subject: Re: libalias changes for PPTP, RTSP, FTP(passive) Message-ID: <3947CC8F.8D755E78@whistle.com> References: <392C655B.5966AE30@whistle.com> <20000614145957.A83146@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ruslan Ermilov wrote:
> On Wed, May 24, 2000 at 04:27:23PM -0700, Erik Salander wrote:
> >
> > Hi,
> >
> > I've got some changes for libalias that are ready to be reviewed. The
> > general features are:
> >
> > - add support to alias RTSP and RTP (see new module alias_rtsp.c)
> > - add support to alias PPTP and GRE (see new module alias_pptp.c and
> > all "LINK_GRE" references)
> >
> What I do not understand is how PPTP is supposed to work if we do not
> intercept outgoing GRE packets. I was told by Archie (and then read
> about that in RFC) that multiple clients to the same server can use
> the same Call ID. I understand what is going on in alias_pptp.c --
> a GRE link is created after successful PPTP handshake, and then, for
> incoming packets, we look for the corresponding GRE link in GreAliasIn()
> and simply replace Call ID there appropriately (PPTP's GRE does not use
> checksum, right?), but we should do the same thing in GreAliasOut(),
> which is missing. Am I overlooked something?
I dredged up an email in which Charles and Archie discussed this in detail,
sent it to you separately FYI. The net of their discussion was that PPTP
aliasing is almost identical to FTP aliasing - except we use the Call ID
instead of the port number. FTP clients (behind the same NAT service) could
have the same port number in their PORT command. So similarly, we'll have to
alter the Call ID in the PPTP control stream.
About outgoing GRE translation... A session is defined by a triple (PAC, PNS,
Call ID). But it's not (necessarily) the same triple at the PAC as it is at
the PNS. They'll each have their own individually obtained Call ID.
Theoretically, could be the same value. So when we have an outgoing GRE, it's
the destination's Call ID. I refer to it as the "other guy's" Call ID, not
ours to translate.
PPTP's GRE does not calculate a checksum.
> > - adding support for passive mode FTP, aliasing the 227 replies (see
> > alias_ftp.c)
> >
> The EPSV command 229 reply (RFC2428) should be aliased and checked as well.
> Recent versions of FreeBSD use EPSV by default:
>
> : Connected to localhost.
> : 220 perl.sunbay.crimea.ua FTP server (Version 6.00LS) ready.
> : Name (localhost:ru):
> : ---> USER ru
> : 331 Password required for ru.
> : Password:
> : ---> PASS XXXX
> : 230 User ru logged in.
> : ---> SYST
> : 215 UNIX Type: L8 Version: BSD-199506
> : Remote system type is UNIX.
> : Using binary mode to transfer files.
> : ftp> dir foo
> : ---> EPSV
> : 229 Entering Extended Passive Mode (|||49169|)
> : ---> LIST foo
> : 150 Opening ASCII mode data connection for '/bin/ls'.
> : ftpd: foo: No such file or directory
> : 226 Transfer complete.
> : ftp> quit
> : ---> QUIT
> : 221 Goodbye.
Will begin to look into this. We can discuss more.
> > - a new utility function, PacketUnaliasOut (see alias.c)
> >
> I have left it out as well as QueryUdpTcp*().
Keep in mind, I had libalias.3 mods for PacketUnaliasOut.
As you probably know, QueryUdpTcp* was necessary to "lookahead" for available
alias values without actually allocating them. I used this to acquire
contiguous port numbers (so far, just a pair) for RTSP.
> > Note, the FTP aliasing now ensures that:
> >
> > 1. the segment preceding a PORT/227 segment terminates with a \r\n.
> > 2. the IP address in the PORT/227 matches the source IP address of
> > the packet.
> > 3. the port number in the PORT command or 277 reply is greater than
> > or equal to 1024
>
> Additional minor changes I have made:
>
> - Moved data structures declarations local to alias_db.c back from
> alias_local.h to alias_db.c;
> - New functions {Set|Get}LastLineCrlfTermed() for use instead of
> explicitly manipulating link flags inside alias_ftp.c;
That sounds like a better idea.
> And I have put the new version of patch:
>
> http://people.FreeBSD.org/~ru/libalias.patch.2
>
> <PS>
> I still have to have my questions answered in order to commit PPTP
> part of this patch.
> </PS>
I understand. Thanks again for your review.
Erik
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3947CC8F.8D755E78>