Date: Mon, 8 Jul 1996 17:19:21 +0200 (SAT) From: Gram <gram@oms.co.za> To: jgreco@brasil.moneng.mei.com (Joe Greco) Cc: hackers@freebsd.org, gram@gram.oms.co.za (Gram) Subject: Re: BPF and point-to-point links Message-ID: <199607081519.RAA00702@gram.oms.co.za> In-Reply-To: <199607081500.KAA22786@brasil.moneng.mei.com> from "Joe Greco" at Jul 8, 96 10:00:07 am
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Joe
> > I am trying to use BPF to write packets directly out to a network
> > interface. I hacked the kernel to allow me to do this with PPP (both
> > user and kernel PPP).
>
> As a quick clarification, is there some reason that you cannot use the tun
> device to set up a separate interface for your program? In other words, I
> do not understand why you are trying to do this in what appears to be a more
> "difficult" manner, when the system provides facilities for this sort of
> stuff...
Well, I am writing an application level gateway using the BPF devices.
The idea is that you run something like:
gateway ed1 ed2
and the gateway program then gateways packets between the interfaces.
I use ipfw to prevent the kernel from doing anything with the packets.
The main purpose of the application is to perform address hiding for the
internal network, and restrict traffic to outgoing TCP connections. Thus
I am patching the IP addresses and IP and TCP checksums in the packets
between reading and writing them.
While our client is using a router for their Internet connection,
we have a dialup PPP connection to an ISP ourselves. I've been
running the program at our site during development and testing.
I want to be able to do:
gateway ed1 tun0
to have the same effect for PPP. Because the PPP part is just for our own
use and is not critical, and furthermore is mostly intended for testing
the code which *must* run Ethernet-to-Ethernet, I don't want to make lots of
special provisions for the PPP case. At the same time, I would like to
retain the demand-dial capabilities of user PPP.
I hope this answers your question. Or am I missing the point somewhere?
HOWEVER, I must say that my original description was not entirely
correct. I am also experiencing some delays when browsing the WWW.
On the other hand, when making telnet connections to a couple of sites,
on which I have accounts, everything hums (I'm just doing a ls -lR /
and the output cruises by nicely).
Some further details about what I've done may help:
* when I write a packet out on the BPF device, I am putting prepending
a data link header if the bound interface is Ethernet. If it is SLIP or PPP,
I just write out the IP packet with no DLL header. From looking at
the kernel code, this seemed to be the right thing to do.
* I hacked the BPF kernel code so that I only tap incoming packets, and not
outgoing, to prevent the gateway from getting copies of the packets that
it writes out.
* the mods I made to bpf.c to allow me to write out packets
to /dev/ppp or /dev/tun0 were in the routine bpf_movein:
....
switch (linktype) {
case DLT_SLIP:
case DLT_PPP: /* added by gram for kernel PPP */
case DLT_NULL: /* added by gram for user PPP */
sockp->sa_family = AF_INET;
hlen = 0;
break;
.....
/**** removed by gram ******/
#if 0
case DLT_NULL:
sockp->sa_family = AF_UNSPEC;
hlen = 0;
break;
#endif
....
I can, if necessary, provide a debug trace of the actions of the gateway
program when these problems occur (every time I fetch mail with POP 8-( ).
Looking at this trace, the main thing one notices is that everything
seems to be working, with the inside client getting a packet and sending
an ack. Then nothing happens for nearly a minute, and then the server
side sends an ack for a few packets back. So it looks like the sliding
window fills up but only one packet gets acked each time, or something like
that. (Apologies for the vagueness of this description, but I haven't looked
at the trace for a couple of days).
I could understand it if there was always a problem, or if each TCP connection
ran OK for a while and then started misbehaving, but what makes this very
confusing is that:
* the problem doesn't seem to happen at all when both interfaces are Ethernet;
* the problem seems to be consistent, always occuring with some outside
hosts and never with others. For a while I redirected my mail to a different
host and then I picked it up with POP fine every time. At present it is
at the ISP and more often than not I get a POP timeout before the first
message finishes getting through.
BTW it isn't just that these sluggish hosts are overloaded, as if I kill the
gateway program and flush the ipfw filters, and the do a POP fetch using a
simple TCP relay, the mail comes through fine.
Regards
Graham
--
Dr Graham Wheeler E-mail: gram@oms.co.za
Open Mind Solutions Phone: +27(21)23-6065/6/7
Open System and Network Specialists Mobile: +27(83)-253-9864
Internet Security and Firewalls Fax: +27(21)24-3656
Custom Software Solutions WWW: http://www.oms.co.za/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607081519.RAA00702>