PERFORCE change 125447 for review
Matus Harvan
mharvan at FreeBSD.org
Mon Aug 20 12:12:32 PDT 2007
http://perforce.freebsd.org/chv.cgi?CH=125447
Change 125447 by mharvan at mharvan_bike-planet on 2007/08/20 19:12:11
Added some omitted details.
Affected files ...
.. //depot/projects/soc2007/mharvan-mtund/mtund.doc/design.txt#5 edit
Differences ...
==== //depot/projects/soc2007/mharvan-mtund/mtund.doc/design.txt#5 (text+ko) ====
@@ -185,10 +185,11 @@
function report_plugin() with the REPORT_READY_TO_SEND flag to
indicate that is can send a packet. The daemon then checks whether no
fragments are pending. If not, a read on the tun interface is be
-attempted. Note that the queue is still needed to originate ping
-requests on the server as it does not queue them, but expects the
-plugin to do so. Using the "urgent" queue for replies is just a
-technical issue to simplify the plugins.
+attempted. The entry function here is request_tun_data(). Note that
+the queue is still needed to originate ping requests on the server as
+it does not queue them, but expects the plugin to do so. Using the
+"urgent" queue for replies is just a technical issue to simplify the
+plugins.
Upon receiving a response, the plugin on the client immediately
generates a new request. If no data is avaiable, it sends an empty
@@ -210,7 +211,9 @@
UDP CATCHALL PLUGIN
The UDP CATCHALL plugin uses a raw IP socket to receive unclaimed UDP
traffic, i.e., listen on all unused ports. A kernel patch is provided
-to allow this.
+to allow this. If the daemon indicates legitimate traffic (suign
+plugin_conn_map()), a UDP socket bound/connected to the given source
+UDP port, destination UDP port and destination IP address is created.
TCP PLUGIN
The TCP plugin is a direct plugin using a TCP socket for the
@@ -219,13 +222,17 @@
ICMP PLUGIN
The ICMP plugin is a polling plugin using ICMP echo requeust/response
-exchanges.
+exchanges. In addition, a kernel patch is provided to allow receiving
+ICMP echo requests in user space rather than having the kernel
+generate a reply for them.
DNS PLUGIN
The DNS plugin is a polling plugin using DNS queries/answers. Fro the
DNS encoding/decoding, code from the iodine project is used.
THINGS LEFT TO DO:
+An updated list of remainig TODO items with explanations can be found
+on the project wiki page.
HTTP PLUGIN
Reading httptunnel sources is a good starting point.
@@ -235,7 +242,7 @@
for the config needs to be written. lex/yacc is a good candidate
here. The plugin-specific parts of the config file may be parsed by
the plugins. This would allow to leave the daemon independent of the
-plugins.
+plugins. The idea would be
CRYPTO
The easiest way to secure the tunnel would be to put IPSec on the tun
More information about the p4-projects
mailing list