| 1 |
199 |
simons |
IP dynamic address hack-port v0.03-rst
|
| 2 |
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| 3 |
|
|
This stuff allows diald ONESHOT connections to get established by
|
| 4 |
|
|
dynamically changing packet source address (and socket's if local procs).
|
| 5 |
|
|
It is implemented for TCP diald-box connections(1) and IP_MASQuerading(2).
|
| 6 |
|
|
|
| 7 |
|
|
If enabled[*] and forwarding interface address has changed:
|
| 8 |
|
|
1) Socket (and packet) source address is rewritten ON RETRANSMISSIONS
|
| 9 |
|
|
while in SYN_SENT state (diald-box processes).
|
| 10 |
|
|
2) Out-bounded MASQueraded source address changes ON OUTPUT (when
|
| 11 |
|
|
internal host does retransmission) until a packet from outside is
|
| 12 |
|
|
received by the tunnel.
|
| 13 |
|
|
|
| 14 |
|
|
This is specially helpful for auto dialup links (diald), where the
|
| 15 |
|
|
``actual'' outgoing address is unknown at the moment the link is
|
| 16 |
|
|
going up. So, the *same* (local AND masqueraded) connections requests that
|
| 17 |
|
|
bring the link up will be able to get established.
|
| 18 |
|
|
|
| 19 |
|
|
If you enable the RST-provoking mode, then the source address will
|
| 20 |
|
|
be changed, even if the socket is established. This means we send
|
| 21 |
|
|
an incorrect packet out, which causes the remote host to kill our
|
| 22 |
|
|
socket. This is the desired behaviour, because such a socket is
|
| 23 |
|
|
doomed anyway, and the earlier it dies, the better. This prevents
|
| 24 |
|
|
the dial-on-demand connection from being kept up by a dead connection,
|
| 25 |
|
|
and tells the application that the connection was lost.
|
| 26 |
|
|
|
| 27 |
|
|
[*] At boot, by default no address rewriting is attempted.
|
| 28 |
|
|
|
| 29 |
|
|
The values for the ip_dynaddr sysctl are:
|
| 30 |
|
|
|
| 31 |
|
|
1: To enable:
|
| 32 |
|
|
2: To enable verbosity:
|
| 33 |
|
|
4: To enable RST-provoking:
|
| 34 |
|
|
|
| 35 |
|
|
Flags can be combined by adding them. Common settings
|
| 36 |
|
|
would be:
|
| 37 |
|
|
|
| 38 |
|
|
To switch off special handling of dynamic addresses (default)
|
| 39 |
|
|
# echo 0 > /proc/sys/net/ipv4/ip_dynaddr
|
| 40 |
|
|
To enable rewriting in quiet mode:
|
| 41 |
|
|
# echo 1 > /proc/sys/net/ipv4/ip_dynaddr
|
| 42 |
|
|
To enable rewriting in verbose mode:
|
| 43 |
|
|
# echo 3 > /proc/sys/net/ipv4/ip_dynaddr
|
| 44 |
|
|
(for backwards compatibility you can also use)
|
| 45 |
|
|
# echo 2 > /proc/sys/net/ipv4/ip_dynaddr
|
| 46 |
|
|
To enable quiet RST-provoking mode:
|
| 47 |
|
|
# echo 5 > /proc/sys/net/ipv4/ip_dynaddr
|
| 48 |
|
|
To enable verbose RST-provoking mode:
|
| 49 |
|
|
# echo 7 > /proc/sys/net/ipv4/ip_dynaddr
|
| 50 |
|
|
|
| 51 |
|
|
Enjoy!
|
| 52 |
|
|
|
| 53 |
|
|
-- Juanjo
|
| 54 |
|
|
(with RST-provoking mode by Erik Corry )
|
