2006/10/2, Joachim Schipper <[EMAIL PROTECTED]>:
On Sun, Oct 01, 2006 at 04:25:42PM +0400, Bruno Carnazzi wrote:
> Hi misc,
>
> For my own education, I'm writing in C a PPTP proxy for pf-driven
> NAT-boxes, based on libevent. A PPTP session is made of a TCP control
> connection and a GRE tunnel. I've got no trouble handling the control
> connection, but I don't know how to handle GRE packets. Actually, I
> bind a first raw socket on 127.0.0.1, with protocol=IPPROTO_GRE,
> rdr'ing with pf all outgoing GRE packet from lan here. I can read GRE
> packets from this socket, great. The idea is to copy these packets on
> a second gre raw socket, binded on the wan interface ip address. I
> encounter these problems :
> * How can I find my wan interface ip address ?
> * How can I handle his dynamic nature ? (this is a pppoe(4) interface)
> * How can I handle multiple wan ip address ?
>
> I though it should be possible to have only 1 "big" socket for the
> whole proxy, listening on 0.0.0.0 (is that equivalent to INADDR_ANY
> ?). Reading GRE packets from clients should be the same way as before,
> but what about writing GRE packets to servers ? Which source IP will
> be choosen for these packet ? I feel that this design is bad but I
> lack some raw socket background. I'd like the advice of sockets guru
> :)
>
> I've read this and didn't find something usefull :
> UNIX Socket FAQ : http://www.developerweb.net/forum/index.php
Why not just let pf(4) handle the forwarding? This is the way ftp-proxy
does it, and *way* more efficient than copying everything in userspace.
This is the core of the problem I try to solve. If you let pf(4)
handle the forwading of gre packets, it doesn't work for more than one
client. Your have to look at the call-id field in gre headers to
forward server-to-client packet to the correct client. My solution is
to do this work in userspace (easier for a first try) : receiving gre
packet, retrieve the related gre session and forward to the origin
client. Is there a way to be more pf-specific ?
Best regards,
Bruno.
Joachim
