1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-21 15:45:02 +00:00
freebsd/usr.sbin/ppp
Warner Losh 99c02d39bc Fix many buffer overruns in the code. Specifically, disallow ExpandString
to be used to expand things beyond the size of the buffer passed in.  Also
do a general cleanup of sprintf -> snprintf as well as strcpy and strncat
safety.  Also expand some buffers to allow for the largest possible data
that might be used.

This is a 2.2 candidate.  However, it needs to be vetted on -current
since little testing has been done on this due to my lack of PPP on
this machine.

Reviewed by:	Jordan Hubbard, Peter Wemm, Guido van Rooij
1997-01-10 07:53:28 +00:00
..
alias_db.c The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
alias_ftp.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
alias_util.c The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
alias.c Compute IP checksums in addition to TCP checksums when necessary in the 1996-12-21 18:34:52 +00:00
alias.h Fixed prototypes of PacketAliasIn/Out. (cosmetic) 1996-12-19 00:41:42 +00:00
alias.p The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
arp.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
arp.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
async.c Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
auth.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
auth.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
ccp.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
ccp.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
cdefs.h
chap.c typo 1996-11-19 11:08:27 +00:00
chap.h Use libmd's MD5. 1996-01-30 20:04:34 +00:00
chat.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
chat.h Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
command.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
command.h
defs.h For /usr/sbin/ppp, you must choose between running ppp in the background or 1996-12-22 17:29:33 +00:00
filter.c A random bunch of cleanup changes. 1996-01-10 21:28:04 +00:00
filter.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
fsm.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
fsm.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
global.h
hdlc.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
hdlc.h Some patches to ppp which improve stability. I have been running a 1996-01-30 11:08:50 +00:00
ip.c Fixed prototypes of PacketAliasIn/Out. (cosmetic) 1996-12-19 00:41:42 +00:00
ip.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
ipcp.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
ipcp.h Add support for the Evil Microsoft ppp extentions. Yes, they did it 1996-10-06 13:32:37 +00:00
lcp.c 1. Room to calculate MD5 for CHAP negotiation is shorter than 1996-10-12 16:20:34 +00:00
lcp.h
lcpproto.h
log.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
log.h Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
lqr.c Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs 1996-05-11 20:48:42 +00:00
lqr.h Some patches to ppp which improve stability. I have been running a 1996-01-30 11:08:50 +00:00
main.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
main.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
Makefile Updated DPADD to match LDADD. 1997-01-06 07:05:08 +00:00
mbuf.c Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
mbuf.h
modem.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
modem.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
os.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
os.h A random bunch of cleanup changes. 1996-01-10 21:28:04 +00:00
pap.c Properly include prototypes. 1996-10-07 04:21:09 +00:00
pap.h
passwdauth.c Fix many buffer overruns in the code. Specifically, disallow ExpandString 1997-01-10 07:53:28 +00:00
passwdauth.h Add support for the Evil Microsoft ppp extentions. Yes, they did it 1996-10-06 13:32:37 +00:00
pathnames.h Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
phase.h For /usr/sbin/ppp, you must choose between running ppp in the background or 1996-12-22 17:29:33 +00:00
ppp.8 For /usr/sbin/ppp, you must choose between running ppp in the background or 1996-12-22 17:29:33 +00:00
ppp.8.m4 For /usr/sbin/ppp, you must choose between running ppp in the background or 1996-12-22 17:29:33 +00:00
pred.c Reset Pred1 protocol on FCS errors. 1996-07-21 13:01:27 +00:00
pred.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
README.alias The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
README.nat The infamous IP aliasing code for ppp, modified to work as a runtime option 1996-12-12 14:39:47 +00:00
route.c Fix up programs which expect <net/if.h> to include <sys/time.h> to instead 1996-12-10 17:11:53 +00:00
route.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
slcompress.c Fix editing mistake in last commit...sorry. 1996-04-11 08:24:04 +00:00
slcompress.h Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
systems.c Avoid some buffer overrun problems. 1996-12-15 20:39:30 +00:00
systems.h Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
timeout.h
timer.c A random bunch of cleanup changes. 1996-01-10 21:28:04 +00:00
vars.c Make CRTSTS selection a runtime option. Closes PR#1392 1996-12-22 17:09:17 +00:00
vars.h Make CRTSTS selection a runtime option. Closes PR#1392 1996-12-22 17:09:17 +00:00
vjcomp.c Some patches to ppp which improve stability. I have been running a 1996-01-30 11:08:50 +00:00

User PPP Packet Aliasing

0. Contents
    1. Background
    2. Setup
    3. Future Development


1. Background

User ppp has embedded packet aliasing (IP masquerading) code.
When this capability is enabled by the "-alias" command line
option, the ppp host will automatically alias IP packets forwarded
from a local network so that they appear to come from the ppp
host machine.  Incoming packets from the outside world are then
appropriately de-aliased.

The process of aliasing involves both the IP address as well as
TCP and UDP port numbers.  ICMP packets can be aliased by either
their id or sequence numbers.

This software was specifically meant to support users who have
unregistered, private address IP networks (e.g. 192.168.0.x or
10.0.0.x addresses).  The ppp host can act as a gateway for these
networks, and computers on the local area net will have some
degree of internet access without the need for a registered IP
address.  Additionally, there will be no need for an internet
service provider to maintain routing tables for the local area
network. 

A disadvantage of packet aliasing is that machines on the local
network, behind the ppp host, can establish tcp connections and
make udp inqiries (such as domain name service requests), but these
machines, other than the ppp host itself, are not visible from
the outside world.  There is, in effect, a partial firewall.

A second disadvantage is that "IP encoding" protocols, which send
IP address or port information within the data stream, are not
supported unless exception code has been put in place.  A workaround
for ftp, which is the most well known of the IP encoding protocols,
has been developed in this implementation, so users do not have
to depend on using the ftp passive mode, as is sometimes the case
with other masquerading solutions.

All standard, non-encoding TCP and UDP protocals are supported,
Examples of these protocols are http, gopher and telnet.  The
standard UDP mode of RealAudio is not presently supported,
but the TCP mode does work correctly.  IRC is reported by users
to work in some, but not all, modes.

The packet aliasing code also handle many ICMP messages.  In
particular, ping and traceroute are supported.



2. Packet Aliasing Setup

It is recommended that correct ppp operation first be verified
without packet aliasing enabled.  Then ppp can be started with
the "-alias" option in the command line.  Correct network operation
of the ppp host in packet aliasing mode should then be verified.
Finally, machines on the private network should be checked to see
whether they can access the internet.

Since the masquerading software aliases all packets, whether
they come from the host or another computer on the local area
network, a correctly operating ppp host will indicate that the
software should work properly for other computers on the private
network.  

If the ppp host can access the internet, but other computers on
the local network cannot do this, then it should be checked that
IP forwarding is enabled on the ppp host and that the other
computers use this machine as a gateway.  Of course, proper
communications between machines within the local area network
should also be verified (do they use consistent subnet addresses
and masks?).



3.  Future Development

What is called packet aliasing here has been variously called
masquerading, network address translation (NAT) and transparent
proxying by others.  It is an extremely useful function to
many users, but it is also necessarily imperfect.  Workarounds
(hacks) are always needed for the occasional IP-encoding
protocols.

The specific solution implemented here does not block off or
reserve any segment of TCP or UDP ports on the ppp host for use
by the masquerading function.  No communication to the kernel
is needed in this matter.  All packets are aliased, whether
they originate from the ppp host or other computers on the
local network.  This is a central issue, and some programmers
may wish to handle this differently.

The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c
and alias_util.c) runs in user space, and is intended to be
both portable and reusable for interfaces other than ppp.  The
basic engine is accessed by four simple function calls
(initialization, communication of host address, outgoing
aliasing and incoming de-aliasing).

Limited IP fragment handling exists.  Once the packet aliasing
software sees the header fragment of a packet, all other fragments
will be correctly forwarded.  However, if the header fragment
does not come first, then some fragments will be lost.

Charles Mott (cmott@srv.net)
December 4, 1996