Date: Mon, 20 Aug 2007 19:12:31 GMT From: Matus Harvan <mharvan@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 125447 for review Message-ID: <200708201912.l7KJCVAf081098@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=125447 Change 125447 by mharvan@mharvan_bike-planet on 2007/08/20 19:12:11 Added some omitted details. Affected files ... .. //depot/projects/soc2007/mharvan-mtund/mtund.doc/design.txt#5 edit Differences ... ==== //depot/projects/soc2007/mharvan-mtund/mtund.doc/design.txt#5 (text+ko) ==== @@ -185,10 +185,11 @@ function report_plugin() with the REPORT_READY_TO_SEND flag to indicate that is can send a packet. The daemon then checks whether no fragments are pending. If not, a read on the tun interface is be -attempted. Note that the queue is still needed to originate ping -requests on the server as it does not queue them, but expects the -plugin to do so. Using the "urgent" queue for replies is just a -technical issue to simplify the plugins. +attempted. The entry function here is request_tun_data(). Note that +the queue is still needed to originate ping requests on the server as +it does not queue them, but expects the plugin to do so. Using the +"urgent" queue for replies is just a technical issue to simplify the +plugins. Upon receiving a response, the plugin on the client immediately generates a new request. If no data is avaiable, it sends an empty @@ -210,7 +211,9 @@ UDP CATCHALL PLUGIN The UDP CATCHALL plugin uses a raw IP socket to receive unclaimed UDP traffic, i.e., listen on all unused ports. A kernel patch is provided -to allow this. +to allow this. If the daemon indicates legitimate traffic (suign +plugin_conn_map()), a UDP socket bound/connected to the given source +UDP port, destination UDP port and destination IP address is created. TCP PLUGIN The TCP plugin is a direct plugin using a TCP socket for the @@ -219,13 +222,17 @@ ICMP PLUGIN The ICMP plugin is a polling plugin using ICMP echo requeust/response -exchanges. +exchanges. In addition, a kernel patch is provided to allow receiving +ICMP echo requests in user space rather than having the kernel +generate a reply for them. DNS PLUGIN The DNS plugin is a polling plugin using DNS queries/answers. Fro the DNS encoding/decoding, code from the iodine project is used. THINGS LEFT TO DO: +An updated list of remainig TODO items with explanations can be found +on the project wiki page. HTTP PLUGIN Reading httptunnel sources is a good starting point. @@ -235,7 +242,7 @@ for the config needs to be written. lex/yacc is a good candidate here. The plugin-specific parts of the config file may be parsed by the plugins. This would allow to leave the daemon independent of the -plugins. +plugins. The idea would be CRYPTO The easiest way to secure the tunnel would be to put IPSec on the tun
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708201912.l7KJCVAf081098>