Re: [fw-wiz] dirty packet tricks?

From: Stephen D. B. Wolthusen (wolt@igd.fhg.de)
Date: 07/10/02


To: "Marcus J. Ranum" <mjr@ranum.com>
From: wolt@igd.fhg.de (Stephen D. B. Wolthusen)
Date: Wed Jul 10 13:40:01 2002

Hi,

"Marcus J. Ranum" <mjr@ranum.com> writes:

> Hi, I'm a bit out of date on the latest/greatest dirty packet-flogging
> tricks; perhaps someone can point me in the right direction...
>
> Back a zillion years ago we implemented "proxy transparency" type
> things in BSD firewalls by whacking the code in the IP stack so that
> the firewall would ARP for (basically) anything that was not internal,
> then convince its IP stack that it was the destination, allow a
> connection to occur in user-space, then connect out and relay traffic.
> It was gross but it worked. Are there better ways of doing that
> nowadays?

Platform-dependent, but yes. Under Solaris one possible approach is to put
a filter module onto the STREAMS stack. Attaching yourself to the location
of your choice you can get down to raw frames. This has the nice benefit of
not having to go into user mode (a userland process can communicate
e.g. through a kernel memory block mapped in; there are other, more
efficient ways of doing this but then it doesn't really port to other SVR4
Unices[1] anymore). Unless you want to modify data streams, this is
relatively benign. We've done that, but I'm not at liberty to release
material on it, unfortunately.

Current (Free|Open, don't know about Net) BSDs have NetGraph, which is in
many ways similar and arguably a bit more flexible than STREAMS, but the
basic concepts are the same. It's also been around for 5+ years.

[1] STREAMS has been around for a *long* time, and stable since SVR3.2
    days, but straight ports to other SVR4s don't happen. IRIX is a rather
    pathological case in this regard.

-- 
	later,
	Stephen
Fraunhofer-IGD                 | mailto:
Stephen Wolthusen              | wolt@igd.fhg.de
Fraunhoferstr. 5  	       | swolthusen@acm.org
64283 Darmstadt                | swolthusen@ieee.org
GERMANY                        | stephen@wolthusen.com
			       | 
Tel +49 (0) 6151 155 539       | Fax: +49 (0) 6151 155 499 
    +49 (0) 172 916 9883       |      +49 (0) 6245 905 366 


Relevant Pages

  • FreeBSD and Debugging?
    ... is the lack of a *good* debugger for BSD. ... under/over reads/writes in the heap and/or stack. ...
    (freebsd-hackers)
  • Re: TCP MSS issue
    ... TCP is certainly not one of it. ... TCP can implimented in terms of STREAMS. ... my diffs with with the SVR4 source, it consisted of the BSD 4.3 TCP/IP ... I think you'll find that IRIX STREAMS TCP/IP was really a wart on top ...
    (comp.os.linux.networking)
  • Re: TCP MSS issue
    ... TCP is certainly not one of it. ... TCP can implimented in terms of STREAMS. ... my diffs with with the SVR4 source, it consisted of the BSD 4.3 TCP/IP ... I think you'll find that IRIX STREAMS TCP/IP was really a wart on top ...
    (comp.unix.programmer)
  • Re: Seeking free trace log system for embedded protocol stack (Comemrcial)
    ... stack for work. ... Money trouble at OpenBSD ... Clue: OpenBSD!= BSD. ... Software Distribution, nor were they the first to include an IP stack in ...
    (comp.lang.c)
  • [OT] Re: TCP conection problems IBM VM -> FreeBSD
    ... accept some crazy IBM "IP stack" not dealing with *BSD, ... *BSD box to *BSD box on the return path that dropped the packet. ... In this case IBM not a stack derived from *BSD. ...
    (freebsd-questions)