Date: 29 Mar 1999 14:55:36 +0100 From: Terry Glanfield <terry@program-products.co.uk> To: Jim Flowers <jflowers@ezo.net>, freebsd-hackers@freebsd.org Subject: Re: Tunnel loopback Message-ID: <e1zi85rjb.fsf@program-products.co.uk> In-Reply-To: Jim Flowers's message of "Sun, 28 Mar 1999 09:30:21 -0500" References: <9903091652.AA04146@ppsl.demon.co.uk> <36E57226.15FB7483@whistle.com> <elnh5gfkt.fsf@ppsl.demon.co.uk> <00c401be7927$838e5060$23b197ce@ezo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Flowers <jflowers@ezo.net> writes: > I'm still trying to figure out what you are doing and how you are > doing it. Let me give you a run through. Firstly I used IPFilter on the internal interface to redirect all packets (except those destined for the local host) to the tunnel device. pass in quick from any to 10.10.10.10 pass in quick from any to 10.10.10.255 pass in quick from any to 240.0.0.1 etc pass in quick on ed0 to tun0 all SKIP is installed on /dev/tun0 where it encrypts any packets that match its rules. All these packets are then read from the tunnel by the program below and "direct"ed to a IPFW rule on the external interface: ipfw add 100 divert 100 57 from any to any in via ed1 ipfw add 100 divert 100 udp from any 1640 to any in via ed1 ipfw add 100 divert 100 udp from any to any 1640 in via ed1 SKIP packets arriving on the external interface are "divert"ed back to the program and written into the tunnel where SKIP can decodes them. It runs fine for small packets but stops when they near the MTU of the external interface. I've also experiences several kernel panics in rtfree() but have yet to track them down. I probably won't have time to look at this further until next week but I will get back to it. Best of luck. Cheers, Terry. #include <sys/types.h> #include <fcntl.h> #include <sys/socket.h> #include <sys/time.h> #include <stdio.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> #include <machine/in_cksum.h> #include <netinet/tcp.h> #include <sys/ioctl.h> #include <net/if.h> #include <net/route.h> #include <arpa/inet.h> #include <alias.h> #include <ctype.h> #include <err.h> #include <errno.h> #include <netdb.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <syslog.h> #include <unistd.h> int main (int argc, char** argv) { int fdtun,fdsock,nds,count; int port = 100; struct sockaddr_in addr; char packetBuf[IP_MAXPACKET]; struct sockaddr_in packetAddr; int addrSize; int bytes; fd_set readfds; fdsock = socket (PF_INET, SOCK_RAW, IPPROTO_DIVERT); if (fdsock < 0) { perror("divert"); exit(1); } fdtun = open("/dev/tun0",O_RDWR,0600); if (fdtun <= 0) { perror("/dev/tun0"); exit(1); } addr.sin_family = AF_INET; addr.sin_addr.s_addr = INADDR_ANY; addr.sin_port = htons(port); if (bind (fdsock, (struct sockaddr*) &addr, sizeof addr) == -1) exit(2); nds = getdtablesize(); while (1) { FD_ZERO(&readfds); FD_SET(fdsock, &readfds); FD_SET(fdtun, &readfds); count = select(nds,&readfds,0,0,0); if (count > 0) { if (FD_ISSET(fdsock,&readfds)) { bytes = recvfrom (fdsock, packetBuf, sizeof packetBuf, 0, (struct sockaddr*) &packetAddr, &addrSize); if (bytes > 0) write(fdtun,packetBuf,bytes); } if (FD_ISSET(fdtun,&readfds)) { bytes = read(fdtun,packetBuf,sizeof packetBuf); if (bytes > 0) sendto (fdsock, packetBuf, bytes, 0, (struct sockaddr*) &packetAddr, sizeof packetAddr); } } } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e1zi85rjb.fsf>