Date: 29 Mar 1999 14:55:36 +0100 From: Terry Glanfield <terry@program-products.co.uk> To: Jim Flowers <jflowers@ezo.net>, freebsd-hackers@freebsd.org Subject: Re: Tunnel loopback Message-ID: <e1zi85rjb.fsf@program-products.co.uk> In-Reply-To: Jim Flowers's message of "Sun, 28 Mar 1999 09:30:21 -0500" References: <9903091652.AA04146@ppsl.demon.co.uk> <36E57226.15FB7483@whistle.com> <elnh5gfkt.fsf@ppsl.demon.co.uk> <00c401be7927$838e5060$23b197ce@ezo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Flowers <jflowers@ezo.net> writes:
> I'm still trying to figure out what you are doing and how you are
> doing it.
Let me give you a run through.
Firstly I used IPFilter on the internal interface to redirect all
packets (except those destined for the local host) to the tunnel
device.
pass in quick from any to 10.10.10.10
pass in quick from any to 10.10.10.255
pass in quick from any to 240.0.0.1
etc
pass in quick on ed0 to tun0 all
SKIP is installed on /dev/tun0 where it encrypts any packets that
match its rules. All these packets are then read from the tunnel by
the program below and "direct"ed to a IPFW rule on the external
interface:
ipfw add 100 divert 100 57 from any to any in via ed1
ipfw add 100 divert 100 udp from any 1640 to any in via ed1
ipfw add 100 divert 100 udp from any to any 1640 in via ed1
SKIP packets arriving on the external interface are "divert"ed back to
the program and written into the tunnel where SKIP can decodes them.
It runs fine for small packets but stops when they near the MTU of the
external interface. I've also experiences several kernel panics in
rtfree() but have yet to track them down. I probably won't have time
to look at this further until next week but I will get back to it.
Best of luck.
Cheers,
Terry.
#include <sys/types.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <stdio.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <machine/in_cksum.h>
#include <netinet/tcp.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <net/route.h>
#include <arpa/inet.h>
#include <alias.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <netdb.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
int main (int argc, char** argv)
{
int fdtun,fdsock,nds,count;
int port = 100;
struct sockaddr_in addr;
char packetBuf[IP_MAXPACKET];
struct sockaddr_in packetAddr;
int addrSize;
int bytes;
fd_set readfds;
fdsock = socket (PF_INET, SOCK_RAW, IPPROTO_DIVERT);
if (fdsock < 0) {
perror("divert");
exit(1);
}
fdtun = open("/dev/tun0",O_RDWR,0600);
if (fdtun <= 0) {
perror("/dev/tun0");
exit(1);
}
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = INADDR_ANY;
addr.sin_port = htons(port);
if (bind (fdsock, (struct sockaddr*) &addr, sizeof addr) == -1)
exit(2);
nds = getdtablesize();
while (1) {
FD_ZERO(&readfds);
FD_SET(fdsock, &readfds);
FD_SET(fdtun, &readfds);
count = select(nds,&readfds,0,0,0);
if (count > 0) {
if (FD_ISSET(fdsock,&readfds)) {
bytes = recvfrom (fdsock,
packetBuf,
sizeof packetBuf,
0,
(struct sockaddr*) &packetAddr,
&addrSize);
if (bytes > 0)
write(fdtun,packetBuf,bytes);
}
if (FD_ISSET(fdtun,&readfds)) {
bytes = read(fdtun,packetBuf,sizeof packetBuf);
if (bytes > 0)
sendto (fdsock,
packetBuf,
bytes,
0,
(struct sockaddr*) &packetAddr,
sizeof packetAddr);
}
}
}
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e1zi85rjb.fsf>