diff options
Diffstat (limited to 'usr.sbin/ppp')
-rw-r--r-- | usr.sbin/ppp/Makefile | 6 | ||||
-rw-r--r-- | usr.sbin/ppp/libalias/HISTORY | 129 | ||||
-rw-r--r-- | usr.sbin/ppp/libalias/Makefile | 22 | ||||
-rw-r--r-- | usr.sbin/ppp/libalias/alias_old.c | 77 | ||||
-rw-r--r-- | usr.sbin/ppp/libalias/libalias.3 | 768 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/Makefile | 10 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias.c (renamed from usr.sbin/ppp/libalias/alias.c) | 0 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias.h (renamed from usr.sbin/ppp/libalias/alias.h) | 2 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_cmd.c | 8 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_cuseeme.c (renamed from usr.sbin/ppp/libalias/alias_cuseeme.c) | 2 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_db.c (renamed from usr.sbin/ppp/libalias/alias_db.c) | 0 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_ftp.c (renamed from usr.sbin/ppp/libalias/alias_ftp.c) | 0 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_irc.c (renamed from usr.sbin/ppp/libalias/alias_irc.c) | 0 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_local.h (renamed from usr.sbin/ppp/libalias/alias_local.h) | 0 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_nbt.c (renamed from usr.sbin/ppp/libalias/alias_nbt.c) | 2 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_util.c (renamed from usr.sbin/ppp/libalias/alias_util.c) | 0 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/bundle.c | 12 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/command.c | 14 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/ip.c | 12 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/ipcp.c | 12 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/main.c | 12 |
21 files changed, 56 insertions, 1032 deletions
diff --git a/usr.sbin/ppp/Makefile b/usr.sbin/ppp/Makefile index c3176629818..827da1a2dec 100644 --- a/usr.sbin/ppp/Makefile +++ b/usr.sbin/ppp/Makefile @@ -1,11 +1,7 @@ -# $OpenBSD: Makefile,v 1.10 1998/08/31 00:20:08 brian Exp $ +# $OpenBSD: Makefile,v 1.11 1998/08/31 08:15:48 brian Exp $ .include <bsd.own.mk> -.if !make(install) -SUBDIR= libalias -.endif - SUBDIR+= ppp pppctl .include <bsd.subdir.mk> diff --git a/usr.sbin/ppp/libalias/HISTORY b/usr.sbin/ppp/libalias/HISTORY deleted file mode 100644 index 3d97fd0803b..00000000000 --- a/usr.sbin/ppp/libalias/HISTORY +++ /dev/null @@ -1,129 +0,0 @@ -Version 1.0: August 11, 1996 (cjm) - -Version 1.1: August 20, 1996 (cjm) - - Host accepts incoming connections for ports 0 to 1023. - -Version 1.2: September 7, 1996 (cjm) - - Fragment handling error in alias_db.c corrected. - -Version 1.3: September 15, 1996 (cjm) - - Generalized mechanism for handling incoming - connections (no more 0 to 1023 restriction). - - - Increased ICMP support (will handle traceroute now). - - - Improved TCP close connection logic. - -Version 1.4: September 16, 1996 (cjm) - -Version 1.5: September 17, 1996 (cjm) - - Corrected error in handling incoming UDP packets - with zero checksum. - -Version 1.6: September 18, 1996 - - Simplified ICMP data storage. Will now handle - tracert from Win95 and NT as well as FreeBSD - traceroute, which uses UDP packets to non-existent - ports. - -Verstion 1.7: January 9, 1997 (cjm) - - Reduced malloc() activity for ICMP echo and - timestamp requests. - - - Added handling for out-of-order IP fragments. - - - Switched to differential checksum computation - for IP headers (TCP, UDP and ICMP checksums - were already differential). - - - Accepts FTP data connections from other than - port 20. This allows one ftp connections - from two hosts which are both running packet - aliasing. - - - Checksum error on FTP transfers. Problem - in code located by Martin Renters and - Brian Somers. - -Version 1.8: January 14, 1997 (cjm) - - Fixed data type error in function StartPoint() - in alias_db.c (this bug did not exist before v1.7) - Problem in code located by Ari Suutari. - -Version 1.9: February 1, 1997 (Eivind Eklund <perhaps@yes.no>) - - Added support for IRC DCC (ee) - - - Changed the aliasing routines to use ANSI style - throughout (ee) - - - Minor API changes for integration with other - programs than PPP (ee) - - - Fixed minor security hole in alias_ftp.c for - other applications of the aliasing software. - Hole could _not_ manifest in ppp+pktAlias, but - could potentially manifest in other applications - of the aliasing. (ee) - - - Connections initiated from packet aliasing - host machine will not have their port number - aliased unless it conflicts with an aliasing - port already being used. (There is an option - to disable this for debugging) (cjm) - - - Sockets will be allocated in cases where - there might be port interference with the - host machine. This can be disabled in cases - where the ppp host will be acting purely as a - masquerading router and not generate any - traffic of its own. - (cjm) - -Version 2.0: March, 1997 (cjm) - - Aliasing links are cleared only when a host interface address - changes. - - - PacketAliasPermanentLink() API added. - - - Option for only aliasing private, unregistered - IP addresses added. - - - Substantial rework to the aliasing lookup engine. - -Version 2.1: May, 1997 (cjm) - - Continuing rework to the aliasing lookup engine - to support multiple incoming addresses and static - NAT. PacketAliasRedirectPort() and - PacketAliasRedirectAddr() added to API. - - - Now supports outgoing as well as incoming ICMP - error messges. - -Version 2.2: July, 1997 (cjm) - - Rationalized API function names to all begin with - "PacketAlias..." Old function names are retained - for backwards compatitibility. - - - Packet aliasing engine will now free memory of - fragments which are never resolved after a timeout - period. Once a fragment is resolved, it becomes - the users responsibility to free the memory. - -Version 2.3: August 11, 1997 (cjm) - - Problem associated with socket file descriptor - accumulation in alias_db.c corrected. The sockets - had to be closed when a binding failed. Problem - in code located by Gordon Burditt. - -Version 2.4: September 1, 1997 (cjm) - - PKT_ALIAS_UNREGISTERED_ONLY option repaired. - This part of the code was incorrectly re-implemented - in version 2.1. - -Version 2.5: December, 1997 (ee) - - Added PKT_ALIAS_PUNCH_FW mode for firewall - bypass of FTP/IRC DCC data connections. Also added - improved TCP connection monitoring. - -Version 2.6: May, 1998 (amurai) - - Added supporting routine for NetBios over TCP/IP. diff --git a/usr.sbin/ppp/libalias/Makefile b/usr.sbin/ppp/libalias/Makefile deleted file mode 100644 index f6c7862c0d7..00000000000 --- a/usr.sbin/ppp/libalias/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -LIB= alias -CFLAGS+=-Wall -I${.CURDIR} -SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \ - alias_nbt.c alias_old.c alias_util.c - -OPSYS!= uname -s -.if (${OPSYS} == "OpenBSD") -MAN= libalias.3 -CFLAGS+= -DNO_FW_PUNCH -NOPROFILE= -NOPIC= -.else -SHLIB_MAJOR= 2 -SHLIB_MINOR= 5 -MAN3= libalias.3 - -beforeinstall: - ${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 ${.CURDIR}/alias.h \ - ${DESTDIR}/usr/include -.endif - -.include <bsd.lib.mk> diff --git a/usr.sbin/ppp/libalias/alias_old.c b/usr.sbin/ppp/libalias/alias_old.c deleted file mode 100644 index 3f634d44841..00000000000 --- a/usr.sbin/ppp/libalias/alias_old.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - This file can be considered a junk pile of old functions that - are either obsolete or have had their names changed. In the - transition from alias2.1 to alias2.2, all the function names - were rationalized so that they began with "PacketAlias..." - - These functions are included for backwards compatibility. -*/ - -#include <sys/types.h> -#include <netinet/in_systm.h> -#include <netinet/in.h> -#include <netinet/ip.h> -#include "alias.h" -#include "alias_local.h" - -void -InitPacketAlias(void) -{ - PacketAliasInit(); -} - -void -SetPacketAliasAddress(struct in_addr addr) -{ - PacketAliasSetAddress(addr); -} - -unsigned int -SetPacketAliasMode(unsigned int flags, unsigned int mask) -{ - return PacketAliasSetMode(flags, mask); -} - -int -PacketAliasPermanentLink(struct in_addr src_addr, u_short src_port, - struct in_addr dst_addr, u_short dst_port, - u_short alias_port, u_char proto) -{ - struct alias_link *link; - struct in_addr null_address; - - null_address.s_addr = 0; - link = PacketAliasRedirectPort(src_addr, src_port, - dst_addr, dst_port, - null_address, alias_port, - proto); - - if (link == NULL) - return -1; - else - return 0; -} - -int -SaveFragmentPtr(char *ptr) -{ - return PacketAliasSaveFragment(ptr); -} - -char * -GetNextFragmentPtr(char *ptr) -{ - return PacketAliasGetFragment(ptr); -} - -void -FragmentAliasIn(char *header, char *fragment) -{ - PacketAliasFragmentIn(header, fragment); -} - -u_short -InternetChecksum(u_short *ptr, int len) -{ - return PacketAliasInternetChecksum(ptr, len); -} diff --git a/usr.sbin/ppp/libalias/libalias.3 b/usr.sbin/ppp/libalias/libalias.3 deleted file mode 100644 index b3fcc912945..00000000000 --- a/usr.sbin/ppp/libalias/libalias.3 +++ /dev/null @@ -1,768 +0,0 @@ -.Dd July, 1997 -.Dt "libalias" 3 -.Os -.Sh NAME -.Nm "libalias" -Packet Aliasing Library. A collection of -functions for aliasing and de-aliasing -of IP packets, intended for masquerading and -network address translation (NAT). - -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <netinet/in.h> -.Fd #include <alias.h> - -Function prototypes are given in the main body -of the text. - -.Sh CONTENTS -.Bd -literal -offset left -1. Introduction -2. Initialization and Control - 2.1 PacketAliasInit() - 2.2 PacketAliasUninit() - 2.3 PacketAliasSetAddress() - 2.4 PacketAliasSetMode() - 2.5 PacketAliasSetFWBase() -3. Packet Handling - 3.1 PacketAliasOut() - 3.2 PacketAliasIn() -4. Port and Address Redirection - 4.1 PacketAliasRedirectPort() - 4.2 PacketAliasRedirectAddr() - 4.3 PacketAliasRedirectDelete() -5. Fragment Handling - 5.1 PacketAliasSaveFragment() - 5.2 PacketAliasGetFragment() - 5.3 PacketAliasFragmentIn() -6. Miscellaneous Functions - 6.1 PacketAliasSetTarget() - 6.2 PacketAliasCheckNewLink() - 6.3 PacketAliasInternetChecksum() -7. Authors -8. Acknowledgments - -Appendix A: Conceptual Background - A.1 Aliasing Links - A.2 Static and Dynamic Links - A.3 Partially Specified Links - A.4 Dynamic Link Creation -.Ed - -.Sh 1. Introduction -This library is a moderately portable -set of functions designed to assist -in the process of IP masquerading and -network address translation. Outgoing -packets from a local network with -unregistered IP addresses can be aliased -to appear as if they came from an -accessible IP address. Incoming packets -are then de-aliased so that they are sent -to the correct machine on the local network. - -A certain amount of flexibility is built -into the packet aliasing engine. In -the simplest mode of operation, a -many-to-one address mapping takes place -between local network and the packet -aliasing host. This is known as IP -masquerading. In addition, one-to-one -mappings between local and public addresses -can also be implemented, which is known as -static NAT. In between these extremes, -different groups of private addresses -can be linked to different public addresses, -comprising several distinct many-to-one -mappings. Also, a given public address -and port can be statically redirected to -a private address/port. - -The packet aliasing engine was designed -to operate in user space outside of the -kernel, without any access to private -kernel data structure, but the source code -can also be ported to a kernel environment. - -.Sh 2. Initialization and Control -Two specific functions, PacketAliasInit() -and PacketAliasSetAddress(), must always be -called before any packet handling may be -performed. In addition, the operating mode -of the packet aliasing engine can be customized -by calling PacketAliasSetMode(). -.Ss 2.1 PacketAliasInit() - -.Ft void -.Fn PacketAliasInit "void" - -This function has no argument or return -value and is used to initialize internal -data structures. The following mode bits -are always set after calling -PacketAliasInit(). See section 2.3 for -the meaning of these mode bits. -.Bd -literal -offset indent - PKT_ALIAS_USE_SAME_PORTS - PKT_ALIAS_USE_SOCKETS - PKT_ALIAS_RESET_ON_ADDR_CHANGE - -.Ed -This function will always return the packet -aliasing engine to the same initial state. -PacketAliasSetAddress() must be called afterwards, -and any desired changes from the default mode -bits listed above require a call to -PacketAliasSetMode(). - -It is mandatory that this function be called -at the beginning of a program prior to any -packet handling. -.Ss 2.2 PacketAliasUninit() - -.Ft void -.Fn PacketAliasUninit "void" - -This function has no argument or return -value and is used to clear any resources -attached to internal data structures. - -This functions should be called when a -program stop using the aliasing engine; -it do, among other things, clear out any -firewall holes. To provide backwards -compatibility and extra security, it is -added to the atexit() chain by -PacketAliasInit(). Calling it multiple -times is harmless. -.Ss 2.3 PacketAliasSetAddress() - -.Ft void -.Fn PacketAliasSetAddress "struct in_addr addr" - -This function sets the source address to which -outgoing packets from the local area network -are aliased. All outgoing packets are remapped -to this address unless overridden by a static -address mapping established by -PacketAliasRedirectAddr(). - -If the PKT_ALIAS_RESET_ON_ADDR_CHANGE mode bit -is set (the default mode of operation), then -the internal aliasing link tables will be reset -any time the aliasing address changes, as if -PacketAliasReset() were called. This is useful -for interfaces such as ppp where the IP -address may or may not change on successive -dial-up attempts. - -If the PKT_ALIAS_RESET_ON_ADDR_CHANGE mode bit -is set to zero, this function can also be used to -dynamically change the aliasing address on a -packet to packet basis (it is a low overhead -call). - -It is mandatory that this function be called -prior to any packet handling. -.Ss 2.4 PacketAliasSetMode() - -.Ft unsigned int -.Fn PacketAliasSetMode "unsigned int mode" "unsigned int mask" - -This function sets or clears mode bits -according to the value of -.Em mode . -Only bits marked in -.Em mask -are affected. The following mode bits are -defined in alias.h: -.Bl -hang -offset left -.It PKT_ALIAS_LOG. -Enables logging /var/log/alias.log. The log file -shows total numbers of links (icmp, tcp, udp) each -time an aliasing link is created or deleted. Mainly -useful for debugging when the log file is viewed -continuously with "tail -f". -.It PKT_ALIAS_DENY_INCOMING. -If this mode bit is set, all incoming packets -associated with new TCP connections or new -UDP transactions will be marked for being -ignored (PacketAliasIn() return code -PKT_ALIAS_IGNORED) by the calling program. -Response packets to connections or transactions -initiated from the packet aliasing host or -local network will be unaffected. This mode -bit is useful for implementing a one-way firewall. -.It PKT_ALIAS_SAME_PORTS. -If this mode bit is set, the packet aliasing -engine will attempt to leave the alias port -numbers unchanged from the actual local port -number. This can be done as long as the -quintuple (proto, alias addr, alias port, -remote addr, remote port) is unique. If a -conflict exists, an new aliasing port number is -chosen even if this mode bit is set. -.It PKT_ALIAS_USE_SOCKETS. -This bit should be set when the the packet -aliasing host originates network traffic as -well as forwards it. When the packet aliasing -host is waiting for a connection from an -unknown host address or unknown port number -(e.g. an FTP data connection), this mode bit -specifies that a socket be allocated as a place -holder to prevent port conflicts. Once a -connection is established, usually within a -minute or so, the socket is closed. -.It PKT_ALIAS_UNREGISTERED_ONLY. -If this mode bit is set, traffic on the -local network which does not originate from -unregistered address spaces will be ignored. -Standard Class A, B and C unregistered addresses -are: -.Bd -literal -offset indent - 10.0.0.0 -> 10.255.255.255 (Class A subnet) - 172.16.0.0 -> 172.31.255.255 (Class B subnets) - 192.168.0.0 -> 192.168.255.255 (Class C subnets) - -.Ed -This option is useful in the case that -packet aliasing host has both registered and -unregistered subnets on different interfaces. -The registered subnet is fully accessible to -the outside world, so traffic from it doesn't -need to be passed through the packet aliasing -engine. -.It PKT_ALIAS_RESET_ON_ADDR_CHANGE. -When this mode bit is set and -PacketAliasSetAddress() is called to change -the aliasing address, the internal link table -of the packet aliasing engine will be cleared. -This operating mode is useful for ppp links -where the interface address can sometimes -change or remain the same between dial-ups. -If this mode bit is not set, it the link table -will never be reset in the event of an -address change. -.It PKT_ALIAS_PUNCH_FW. -This option make libalias `punch holes' in an -ipfw based firewall for FTP/IRC DCC connections. -The holes punched are bound by from/to IP address -and port; it will not be possible to use a hole -for another connection. A hole is removed when -the connection that use it die. To cater for -unexpected death of a program using libalias (e.g -kill -9), changing the state of the flag will -clear the entire ipfw range allocated for holes. -This will also happen on the initial call to -PacketAliasSetFWBase(). This call must happen -prior to setting this flag. - -.El - -.Ss 2.5 PacketAliasSetFWBase() - -.Ft void -.Fn PacketAliasSetFWBase "unsigned int base" "unsigned int num" - -Set IPFW range allocated for punching firewall holes (with the -PKT_ALIAS_PUNCH_FW flag). The range will be cleared for all rules on -initialization. - -.Sh 3. Packet Handling -The packet handling functions are used to -modify incoming (remote->local) and outgoing -(local->remote) packets. The calling program -is responsible for receiving and sending -packets via network interfaces. - -Along with PacketAliasInit() and PacketAliasSetAddress(), -the two packet handling functions, PacketAliasIn() -and PacketAliasOut(), comprise minimal set of functions -needed for a basic IP masquerading implementation. -.Ss 3.1 PacketAliasIn() - -.Ft int -.Fn PacketAliasIn "char *buffer" "int maxpacketsize" - -An incoming packet coming from a remote machine to -the local network is de-aliased by this function. -The IP packet is pointed to by -.Em buffer , -and -.Em maxpacketsize -indicates the size of the data structure containing -the packet and should be at least as large as the -actual packet size. - -Return codes: -.Bl -hang -offset left -.It PKT_ALIAS_ERROR. -An internal error within the packet aliasing -engine occurred. -.It PKT_ALIAS_OK. -The packet aliasing process was successful. -.It PKT_ALIAS_IGNORED. -The packet was ignored and not de-aliased. -This can happen if the protocal is unrecognized, -possibly an ICMP message type is not handled or -if incoming packets for new connections are being -ignored (see PKT_ALIAS_DENY_INCOMING in section -2.2). -.It PKT_ALIAS_UNRESOLVED_FRAGMENT. -This is returned when a fragment cannot be -resolved because the header fragment has not -been sent yet. In this situation, fragments -must be saved with PacketAliasSaveFragment() -until a header fragment is found. -.It PKT_ALIAS_FOUND_HEADER_FRAGMENT. -The packet aliasing process was successful, -and a header fragment was found. This is a -signal to retrieve any unresolved fragments -with PacketAliasGetFragment() and de-alias -them with PacketAliasFragmentIn(). -.El -.Ss 3.2 PacketAliasOut() - -.Ft int -.Fn PacketAliasIn "char *buffer" "int maxpacketsize" - -An outgoing packet coming from the local network -to a remote machine is aliased by this function. -The IP packet is pointed to by -.Em buffer r, -and -.Em maxpacketsize -indicates the maximum packet size permissible -should the packet length be changed. IP encoding -protocols place address and port information in -the encapsulated data stream which have to be -modified and can account for changes in packet -length. Well known examples of such protocols -are FTP and IRC DCC. - -Return codes: -.Bl -hang -offset left -.It PKT_ALIAS_ERROR. -An internal error within the packet aliasing -engine occurred. -.It PKT_ALIAS_OK. -The packet aliasing process was successful. -.It PKT_ALIAS_IGNORED. -The packet was ignored and not de-aliased. -This can happen if the protocal is unrecognized, -or possibly an ICMP message type is not handled. -.El - -.Sh 4. Port and Address Redirection -The functions described in this section allow machines -on the local network to be accessible in some degree -to new incoming connections from the external network. -Individual ports can be re-mapped or static network -address translations can be designated. -.Ss 4.1 PacketAliasRedirectPort() - -.Ft struct alias_link * -.Fo PacketAliasRedirectPort -.Fa "struct in_addr local_addr" -.Fa "u_short local_port" -.Fa "struct in_addr remote_addr" -.Fa "u_short remote_port" -.Fa "struct in_addr alias_addr" -.Fa "u_short alias_port" -.Fa "u_char proto" -.Fc - -This function specifies that traffic from a -given remote address/port to an alias address/port -be redirected to a specified local address/port. -The parameter -.Em proto -can be either IPPROTO_TCP or IPPROTO_UDP, as -defined in <netinet/in.h>. - -If -.Em local_addr -or -.Em alias_addr -is zero, this indicates that the packet aliasing -address as established by PacketAliasSetAddress() -is to be used. Even if PacketAliasAddress() is -called to change the address after PacketAliasRedirectPort() -is called, a zero reference will track this change. - -If -.Em remote_addr -is zero, this indicates to redirect packets from -any remote address. Likewise, if -.Em remote_port -is zero, this indicates to redirect packets originating -from any remote port number. Almost always, the remote -port specification will be zero, but non-zero remote -addresses can be sometimes be useful for firewalling. -If two calls to PacketAliasRedirectPort() overlap in -their address/port specifications, then the most recent -call will have precedence. - -This function returns a pointer which can subsequently -be used by PacketAliasRedirectDelete(). If NULL is -returned, then the function call did not complete -successfully. - -All port numbers are in network address byte order, -so it is necessary to use htons() to convert these -parameters from internally readable numbers to -network byte order. Addresses are also in network -byte order, which is implicit in the use of the -.Em struct in_addr -data type. -.Ss 4.2 PacketAliasRedirectAddr() - -.Ft struct alias_link * -.Fo PacketAliasRedirectAddr -.Fa "struct in_addr local_addr" -.Fa "struct in_addr alias_addr" -.Fc - -This function desgnates that all incoming -traffic to -.Em alias_addr -be redirected to -.Em local_addr. -Similarly, all outgoing traffic from -.Em local_addr -is aliased to -.Em alias_addr . - -If -.Em local_addr -or -.Em alias_addr -is zero, this indicates that the packet aliasing -address as established by PacketAliasSetAddress() -is to be used. Even if PacketAliasAddress() is -called to change the address after PacketAliasRedirectAddr() -is called, a zero reference will track this change. - -If subsequent calls to PacketAliasRedirectAddr() -use the same aliasing address, all new incoming -traffic to this aliasing address will be redirected -to the local address made in the last function call, -but new traffic all of the local machines designated -in the several function calls will be aliased to -the same address. Consider the following example: -.Bd -literal -offset left - PacketAliasRedirectAddr(inet_aton("192.168.0.2"), - inet_aton("141.221.254.101")); - PacketAliasRedirectAddr(inet_aton("192.168.0.3"), - inet_aton("141.221.254.101")); - PacketAliasRedirectAddr(inet_aton("192.168.0.4"), - inet_aton("141.221.254.101")); -.Ed - -Any outgoing connections such as telnet or ftp -from 192.168.0.2, 102.168.0.3, 192.168.0.4 will -appear to come from 141.221.254.101. Any incoming -connections to 141.221.254.101 will be directed -to 192.168.0.4. - -Any calls to PacketAliasRedirectPort() will -have precedence over address mappings designated -by PacketAliasRedirectAddr(). - -This function returns a pointer which can subsequently -be used by PacketAliasRedirectDelete(). If NULL is -returned, then the function call did not complete -successfully. -.Ss 4.3 PacketAliasRedirectDelete() - -.Ft void -.Fn PacketAliasRedirectDelete "struct alias_link *ptr" - -This function will delete a specific static redirect -rule entered by PacketAliasRedirectPort() or -PacketAliasRedirectAddr(). The parameter -.Em ptr -is the pointer returned by either of the redirection -functions. If an invalid pointer is passed to -PacketAliasRedirectDelete(), then a program crash -or unpredictable operation could result, so it is -necessary to be careful using this function. - -.Sh 5. Fragment Handling -The functions in this section are used to deal with -incoming fragments. - -Outgoing fragments are handled within PacketAliasOut() -by changing the address according to any -applicable mapping set by PacketAliasRedirectAddress(), -or the default aliasing address set by -PacketAliasSetAddress(). - -Incoming fragments are handled in one of two ways. -If the header of a fragmented IP packet has already -been seen, then all subsequent fragments will be -re-mapped in the same manner the header fragment -was. Fragments which arrive before the header -are saved and then retrieved once the header fragment -has been resolved. -.Ss 5.1 PacketAliasSaveFragment() - -.Ft int -.Fn PacketAliasSaveFragment "char *ptr" - -When PacketAliasIn() returns -PKT_ALIAS_UNRESOLVED_FRAGMENT, this -function can be used to save the pointer to -the unresolved fragment. - -It is implicitly assumed that -.Em ptr -points to a block of memory allocated by -malloc(). If the fragment is never -resolved, the packet aliasing engine will -automatically free the memory after a -timeout period. [Eventually this function -should be modified so that a callback -function for freeing memory is passed as -an argument.] - -This function returns PKT_ALIAS_OK if it -was successful and PKT_ALIAS_ERROR if there -was an error. -.Ss 5.2 PacketAliasGetNextFragment() - -.Ft char * -.Fn PacketAliasGetFragment "char *buffer" - -This function can be used to retrieve fragment -pointers saved by PacketAliasSaveFragment(). -The IP header fragment pointed to by -Em buffer -is the header fragment indicated when -PacketAliasIn() returns PKT_ALIAS_FOUND_HEADER_FRAGMENT. -Once a a fragment pointer is retrieved, it -becomes the calling program's responsibility -to free the dynamically allocated memory for -the fragment. - -PacketAliasGetFragment() can be called -sequentially until there are no more fragments -available, at which time it returns NULL. -.Ss 5.3 PacketAliasFragmentIn() - -.Ft void -.Fn PacketAliasFragmentIn "char *header" "char *fragment" - -When a fragment is retrieved with -PacketAliasGetFragment(), it can then be -de-aliased with a call to PacketAliasFragmentIn(). -.Em header -is the pointer to a header fragment used as a -template, and -.Em fragment -is the pointer to the packet to be de-aliased. - -.Sh 6. Miscellaneous Functions - -.Ss 6.1 PacketAliasSetTarget() - -.Ft void -.Fn PacketAliasSetTarget "struct in_addr addr" - -When an incoming packet not associated with -any pre-existing aliasing link arrives at the -host machine, it will be sent to the address -indicated by a call to PacketAliasSetTarget(). - -If this function is not called, or is called -with a zero address argument, then all new -incoming packets go to the address set by -PacketAliasSetAddress. -.Ss 6.2 PacketAliasCheckNewLink() - -.Ft int -.Fn PacketAliasCheckNewLink "void" - -This function returns a non-zero value when -a new aliasing link is created. In circumstances -where incoming traffic is being sequentially -sent to different local servers, this function -can be used to trigger when PacketAliasSetTarget() -is called to change the default target address. -.Ss 6.3 PacketAliasInternetChecksum() - -.Ft u_short -.Fn PacketAliasInternetChecksum "u_short *buffer" "int nbytes" - -This is a utility function that does not seem -to be available elswhere and is included as a -convenience. It computes the internet checksum, -which is used in both IP and protocol-specific -headers (TCP, UDP, ICMP). - -.Em buffer -points to the data block to be checksummed, and -.Em nbytes -is the number of bytes. The 16-bit checksum -field should be zeroed before computing the checksum. - -Checksums can also be verified by operating on a block -of data including its checksum. If the checksum is -valid, PacketAliasInternetChecksum() will return zero. - -.Sh 7. Authors -Charles Mott (cmott@srv.net), versions 1.0 - 1.8, 2.0 - 2.4. - -Eivind Eklund (eivind@freebsd.org), versions 1.8b, 1.9 and -2.5. Added IRC DCC support as well as contributing a number of -architectural improvements; added the firewall bypass -for FTP/IRC DCC. - -.Sh 8. Acknowledgments - -Listed below, in approximate chronological -order, are individuals who have provided -valuable comments and/or debugging assistance. - -.Bl -inset -compact -offset left -.It Gary Roberts -.It Tom Torrance -.It Reto Burkhalter -.It Martin Renters -.It Brian Somers -.It Paul Traina -.It Ari Suutari -.It Dave Remien -.It J. Fortes -.It Andrzej Bialeki -.It Gordon Burditt -.El - -.Sh Appendix: Conceptual Background -This appendix is intended for those who -are planning to modify the source code or want -to create somewhat esoteric applications using -the packet aliasing functions. - -The conceptual framework under which the -packet aliasing engine operates is described here. -Central to the discussion is the idea of an -"aliasing link" which describes the relationship -for a given packet transaction between the local -machine, aliased identity and remote machine. It -is discussed how such links come into existence -and are destroyed. -.Ss A.1 Aliasing Links -There is a notion of an "aliasing link", -which is 7-tuple describing a specific -translation: -.Bd -literal -offset indent -(local addr, local port, alias addr, alias port, - remote addr, remote port, protocol) -.Ed - -Outgoing packets have the local address and -port number replaced with the alias address -and port number. Incoming packets undergo the -reverse process. The packet aliasing engine -attempts to match packets against an internal -table of aliasing links to determine how to -modify a given IP packet. Both the IP -header and protocol dependent headers are -modified as necessary. Aliasing links are -created and deleted as necessary according -to network traffic. - -Protocols can be TCP, UDP or even ICMP in -certain circumstances. (Some types of ICMP -packets can be aliased according to sequence -or id number which acts as an equivalent port -number for identifying how individual packets -should be handled.) - -Each aliasing link must have a unique -combination of the following five quantities: -alias address/port, remote address/port -and protocol. This ensures that several -machines on a local network can share the -same aliased IP address. In cases where -conflicts might arise, the aliasing port -is chosen so that uniqueness is maintained. -.Ss A.2 Static and Dynamic Links -Aliasing links can either be static or dynamic. -Static links persist indefinitely and represent -fixed rules for translating IP packets. Dynamic -links come into existence for a specific TCP -connection or UDP transaction or ICMP echo -sequence. For the case of TCP, the connection -can be monitored to see when the associated -aliasing link should be deleted. Aliasing links -for UDP transactions (and ICMP echo and timestamp -requests) work on a simple timeout rule. When -no activity is observed on a dynamic link for -a certain amount of time it is automatically -deleted. Timeout rules also apply to TCP -connections which do not open or close -properly. -.Ss A.3 Partially Specified Aliasing Links -Aliasing links can be partially specified, -meaning that the remote address and/or remote -ports are unknown. In this case, when a packet -matching the incomplete specification is found, -a fully specified dynamic link is created. If -the original partially specified link is dynamic, -it will be deleted after the fully specified link -is created, otherwise it will persist. - -For instance, a partially specified link might -be -.Bd -literal -offset indent -(192.168.0.4, 23, 204.228.203.215, 8066, 0, 0, tcp) -.Ed - -The zeros denote unspecified components for -the remote address and port. If this link were -static it would have the effect of redirecting -all incoming traffic from port 8066 of -204.228.203.215 to port 23 (telnet) of machine -192.168.0.4 on the local network. Each -individual telnet connection would initiate -the creation of a distinct dynamic link. -.Ss A.4 Dynamic Link Creation -In addition to aliasing links, there are -also address mappings that can be stored -within the internal data table of the packet -aliasing mechanism. -.Bd -literal -offset indent -(local addr, alias addr) -.Ed - -Address mappings are searched when creating -new dynamic links. - -All outgoing packets from the local network -automatically create a dynamic link if -they do not match an already existing fully -specified link. If an address mapping exists -for the the outgoing packet, this determines -the alias address to be used. If no mapping -exists, then a default address, usually the -address of the packet aliasing host, is used. -If necessary, this default address can be -changed as often as each individual packet -arrives. - -The aliasing port number is determined -such that the new dynamic link does not -conflict with any existing links. In the -default operating mode, the packet aliasing -engine attempts to set the aliasing port -equal to the local port number. If this -results in a conflict, then port numbers -are randomly chosen until a unique aliasing -link can be established. In an alternate -operating mode, the first choice of an -aliasing port is also random and unrelated -to the local port number. - diff --git a/usr.sbin/ppp/ppp/Makefile b/usr.sbin/ppp/ppp/Makefile index b85fbf6add6..c2ce8771f9a 100644 --- a/usr.sbin/ppp/ppp/Makefile +++ b/usr.sbin/ppp/ppp/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.2 1998/08/31 00:43:56 deraadt Exp $ +# $Id: Makefile,v 1.3 1998/08/31 08:16:25 brian Exp $ PROG= ppp SRCS= arp.c async.c auth.c bundle.c cbcp.c ccp.c chap.c chat.c command.c \ @@ -30,12 +30,12 @@ CFLAGS+=-DRELEASE_CRUNCH CFLAGS+=-DNOALIAS .else .if !defined(RELEASE_CRUNCH) -SRCS+= alias_cmd.c .if (${OPSYS} == "OpenBSD") -CFLAGS+=-I${.CURDIR}/../libalias -LDADD+= ../libalias/libalias.a -DPADD+= ../libalias/libalias.a +CFLAGS+=-DNO_FW_PUNCH +SRCS+= alias.c alias_cmd.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \ + alias_nbt.c alias_util.c .else +SRCS+= alias_cmd.c LDADD+= -lalias DPADD+= ${LIBALIAS} .endif diff --git a/usr.sbin/ppp/libalias/alias.c b/usr.sbin/ppp/ppp/alias.c index 48a852a250f..48a852a250f 100644 --- a/usr.sbin/ppp/libalias/alias.c +++ b/usr.sbin/ppp/ppp/alias.c diff --git a/usr.sbin/ppp/libalias/alias.h b/usr.sbin/ppp/ppp/alias.h index fa5f17230e9..81a65248eb7 100644 --- a/usr.sbin/ppp/libalias/alias.h +++ b/usr.sbin/ppp/ppp/alias.h @@ -7,7 +7,7 @@ This software is placed into the public domain with no restrictions on its distribution. - $Id: alias.h,v 1.3 1998/08/31 00:22:03 brian Exp $ + $Id: alias.h,v 1.1 1998/08/31 08:16:27 brian Exp $ */ diff --git a/usr.sbin/ppp/ppp/alias_cmd.c b/usr.sbin/ppp/ppp/alias_cmd.c index cfef974bfb0..335b7465a4e 100644 --- a/usr.sbin/ppp/ppp/alias_cmd.c +++ b/usr.sbin/ppp/ppp/alias_cmd.c @@ -2,7 +2,7 @@ * The code in this file was written by Eivind Eklund <perhaps@yes.no>, * who places it in the public domain without restriction. * - * $Id: alias_cmd.c,v 1.1 1998/08/31 00:22:15 brian Exp $ + * $Id: alias_cmd.c,v 1.2 1998/08/31 08:16:27 brian Exp $ */ #include <sys/types.h> @@ -14,12 +14,16 @@ #include <netinet/ip.h> #include <sys/un.h> -#include <alias.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <termios.h> +#ifdef __OpenBSD__ +#include "alias.h" +#else +#include <alias.h> +#endif #include "defs.h" #include "command.h" #include "log.h" diff --git a/usr.sbin/ppp/libalias/alias_cuseeme.c b/usr.sbin/ppp/ppp/alias_cuseeme.c index 12feaa241a1..a93da373ccc 100644 --- a/usr.sbin/ppp/libalias/alias_cuseeme.c +++ b/usr.sbin/ppp/ppp/alias_cuseeme.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: alias_cuseeme.c,v 1.1 1998/08/31 00:22:04 brian Exp $ + * $Id: alias_cuseeme.c,v 1.1 1998/08/31 08:16:32 brian Exp $ */ #include <sys/types.h> diff --git a/usr.sbin/ppp/libalias/alias_db.c b/usr.sbin/ppp/ppp/alias_db.c index 7bbb19122be..7bbb19122be 100644 --- a/usr.sbin/ppp/libalias/alias_db.c +++ b/usr.sbin/ppp/ppp/alias_db.c diff --git a/usr.sbin/ppp/libalias/alias_ftp.c b/usr.sbin/ppp/ppp/alias_ftp.c index c6d449d0572..c6d449d0572 100644 --- a/usr.sbin/ppp/libalias/alias_ftp.c +++ b/usr.sbin/ppp/ppp/alias_ftp.c diff --git a/usr.sbin/ppp/libalias/alias_irc.c b/usr.sbin/ppp/ppp/alias_irc.c index 910e9343404..910e9343404 100644 --- a/usr.sbin/ppp/libalias/alias_irc.c +++ b/usr.sbin/ppp/ppp/alias_irc.c diff --git a/usr.sbin/ppp/libalias/alias_local.h b/usr.sbin/ppp/ppp/alias_local.h index 0e94a64b281..0e94a64b281 100644 --- a/usr.sbin/ppp/libalias/alias_local.h +++ b/usr.sbin/ppp/ppp/alias_local.h diff --git a/usr.sbin/ppp/libalias/alias_nbt.c b/usr.sbin/ppp/ppp/alias_nbt.c index e204758b3ea..87dc89ac68b 100644 --- a/usr.sbin/ppp/libalias/alias_nbt.c +++ b/usr.sbin/ppp/ppp/alias_nbt.c @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: alias_nbt.c,v 1.1 1998/08/31 00:22:10 brian Exp $ + * $Id: alias_nbt.c,v 1.1 1998/08/31 08:16:33 brian Exp $ * * TODO: * oClean up. diff --git a/usr.sbin/ppp/libalias/alias_util.c b/usr.sbin/ppp/ppp/alias_util.c index fe076531201..fe076531201 100644 --- a/usr.sbin/ppp/libalias/alias_util.c +++ b/usr.sbin/ppp/ppp/alias_util.c diff --git a/usr.sbin/ppp/ppp/bundle.c b/usr.sbin/ppp/ppp/bundle.c index 83228eaa2fc..09d7d81745e 100644 --- a/usr.sbin/ppp/ppp/bundle.c +++ b/usr.sbin/ppp/ppp/bundle.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: bundle.c,v 1.1 1998/08/31 00:22:16 brian Exp $ + * $Id: bundle.c,v 1.2 1998/08/31 08:16:34 brian Exp $ */ #include <sys/param.h> @@ -37,9 +37,6 @@ #include <netinet/ip.h> #include <sys/un.h> -#ifndef NOALIAS -#include <alias.h> -#endif #include <errno.h> #include <fcntl.h> #include <paths.h> @@ -52,6 +49,13 @@ #include <termios.h> #include <unistd.h> +#ifndef NOALIAS +#ifdef __OpenBSD__ +#include "alias.h" +#else +#include <alias.h> +#endif +#endif #include "defs.h" #include "command.h" #include "mbuf.h" diff --git a/usr.sbin/ppp/ppp/command.c b/usr.sbin/ppp/ppp/command.c index 772a94c9b43..013cdaf65c1 100644 --- a/usr.sbin/ppp/ppp/command.c +++ b/usr.sbin/ppp/ppp/command.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: command.c,v 1.1 1998/08/31 00:22:18 brian Exp $ + * $Id: command.c,v 1.2 1998/08/31 08:16:36 brian Exp $ * */ #include <sys/types.h> @@ -30,9 +30,6 @@ #include <netdb.h> #include <sys/un.h> -#ifndef NOALIAS -#include <alias.h> -#endif #include <ctype.h> #include <errno.h> #include <fcntl.h> @@ -44,6 +41,13 @@ #include <termios.h> #include <unistd.h> +#ifndef NOALIAS +#ifdef __OpenBSD__ +#include "alias.h" +#else +#include <alias.h> +#endif +#endif #include "defs.h" #include "command.h" #include "mbuf.h" @@ -127,7 +131,7 @@ #define NEG_DNS 50 const char Version[] = "2.0"; -const char VersionDate[] = "$Date: 1998/08/31 00:22:18 $"; +const char VersionDate[] = "$Date: 1998/08/31 08:16:36 $"; static int ShowCommand(struct cmdargs const *); static int TerminalCommand(struct cmdargs const *); diff --git a/usr.sbin/ppp/ppp/ip.c b/usr.sbin/ppp/ppp/ip.c index 3ad9ffa35b3..20a1d769fdd 100644 --- a/usr.sbin/ppp/ppp/ip.c +++ b/usr.sbin/ppp/ppp/ip.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ip.c,v 1.1 1998/08/31 00:22:21 brian Exp $ + * $Id: ip.c,v 1.2 1998/08/31 08:16:38 brian Exp $ * * TODO: * o Return ICMP message for filterd packet @@ -36,15 +36,19 @@ #include <arpa/inet.h> #include <sys/un.h> -#ifndef NOALIAS -#include <alias.h> -#endif #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> +#ifndef NOALIAS +#ifdef __OpenBSD__ +#include "alias.h" +#else +#include <alias.h> +#endif +#endif #include "mbuf.h" #include "log.h" #include "defs.h" diff --git a/usr.sbin/ppp/ppp/ipcp.c b/usr.sbin/ppp/ppp/ipcp.c index eb62aaeea1a..9cad8879252 100644 --- a/usr.sbin/ppp/ppp/ipcp.c +++ b/usr.sbin/ppp/ppp/ipcp.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ipcp.c,v 1.1 1998/08/31 00:22:21 brian Exp $ + * $Id: ipcp.c,v 1.2 1998/08/31 08:16:39 brian Exp $ * * TODO: * o More RFC1772 backward compatibility @@ -33,9 +33,6 @@ #include <sys/sockio.h> #include <sys/un.h> -#ifndef NOALIAS -#include <alias.h> -#endif #include <fcntl.h> #include <resolv.h> #include <stdlib.h> @@ -44,6 +41,13 @@ #include <termios.h> #include <unistd.h> +#ifndef NOALIAS +#ifdef __OpenBSD__ +#include "alias.h" +#else +#include <alias.h> +#endif +#endif #include "defs.h" #include "command.h" #include "mbuf.h" diff --git a/usr.sbin/ppp/ppp/main.c b/usr.sbin/ppp/ppp/main.c index 1ba84b71c67..48c36c7e317 100644 --- a/usr.sbin/ppp/ppp/main.c +++ b/usr.sbin/ppp/ppp/main.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: main.c,v 1.1 1998/08/31 00:22:24 brian Exp $ + * $Id: main.c,v 1.2 1998/08/31 08:16:41 brian Exp $ * * TODO: */ @@ -28,9 +28,6 @@ #include <netinet/ip.h> #include <sys/un.h> -#ifndef NOALIAS -#include <alias.h> -#endif #include <errno.h> #include <fcntl.h> #include <paths.h> @@ -41,6 +38,13 @@ #include <termios.h> #include <unistd.h> +#ifndef NOALIAS +#ifdef __OpenBSD__ +#include "alias.h" +#else +#include <alias.h> +#endif +#endif #include "probe.h" #include "mbuf.h" #include "log.h" |