IP dynamic address hack-port v0.03-rst
|
IP dynamic address hack-port v0.03-rst
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
This stuff allows diald ONESHOT connections to get established by
|
This stuff allows diald ONESHOT connections to get established by
|
dynamically changing packet source address (and socket's if local procs).
|
dynamically changing packet source address (and socket's if local procs).
|
It is implemented for TCP diald-box connections(1) and IP_MASQuerading(2).
|
It is implemented for TCP diald-box connections(1) and IP_MASQuerading(2).
|
|
|
If enabled[*] and forwarding interface address has changed:
|
If enabled[*] and forwarding interface address has changed:
|
1) Socket (and packet) source address is rewritten ON RETRANSMISSIONS
|
1) Socket (and packet) source address is rewritten ON RETRANSMISSIONS
|
while in SYN_SENT state (diald-box processes).
|
while in SYN_SENT state (diald-box processes).
|
2) Out-bounded MASQueraded source address changes ON OUTPUT (when
|
2) Out-bounded MASQueraded source address changes ON OUTPUT (when
|
internal host does retransmission) until a packet from outside is
|
internal host does retransmission) until a packet from outside is
|
received by the tunnel.
|
received by the tunnel.
|
|
|
This is specially helpful for auto dialup links (diald), where the
|
This is specially helpful for auto dialup links (diald), where the
|
``actual'' outgoing address is unknown at the moment the link is
|
``actual'' outgoing address is unknown at the moment the link is
|
going up. So, the *same* (local AND masqueraded) connections requests that
|
going up. So, the *same* (local AND masqueraded) connections requests that
|
bring the link up will be able to get established.
|
bring the link up will be able to get established.
|
|
|
If you enable the RST-provoking mode, then the source address will
|
If you enable the RST-provoking mode, then the source address will
|
be changed, even if the socket is established. This means we send
|
be changed, even if the socket is established. This means we send
|
an incorrect packet out, which causes the remote host to kill our
|
an incorrect packet out, which causes the remote host to kill our
|
socket. This is the desired behaviour, because such a socket is
|
socket. This is the desired behaviour, because such a socket is
|
doomed anyway, and the earlier it dies, the better. This prevents
|
doomed anyway, and the earlier it dies, the better. This prevents
|
the dial-on-demand connection from being kept up by a dead connection,
|
the dial-on-demand connection from being kept up by a dead connection,
|
and tells the application that the connection was lost.
|
and tells the application that the connection was lost.
|
|
|
[*] At boot, by default no address rewriting is attempted.
|
[*] At boot, by default no address rewriting is attempted.
|
|
|
The values for the ip_dynaddr sysctl are:
|
The values for the ip_dynaddr sysctl are:
|
|
|
1: To enable:
|
1: To enable:
|
2: To enable verbosity:
|
2: To enable verbosity:
|
4: To enable RST-provoking:
|
4: To enable RST-provoking:
|
|
|
Flags can be combined by adding them. Common settings
|
Flags can be combined by adding them. Common settings
|
would be:
|
would be:
|
|
|
To switch off special handling of dynamic addresses (default)
|
To switch off special handling of dynamic addresses (default)
|
# echo 0 > /proc/sys/net/ipv4/ip_dynaddr
|
# echo 0 > /proc/sys/net/ipv4/ip_dynaddr
|
To enable rewriting in quiet mode:
|
To enable rewriting in quiet mode:
|
# echo 1 > /proc/sys/net/ipv4/ip_dynaddr
|
# echo 1 > /proc/sys/net/ipv4/ip_dynaddr
|
To enable rewriting in verbose mode:
|
To enable rewriting in verbose mode:
|
# echo 3 > /proc/sys/net/ipv4/ip_dynaddr
|
# echo 3 > /proc/sys/net/ipv4/ip_dynaddr
|
(for backwards compatibility you can also use)
|
(for backwards compatibility you can also use)
|
# echo 2 > /proc/sys/net/ipv4/ip_dynaddr
|
# echo 2 > /proc/sys/net/ipv4/ip_dynaddr
|
To enable quiet RST-provoking mode:
|
To enable quiet RST-provoking mode:
|
# echo 5 > /proc/sys/net/ipv4/ip_dynaddr
|
# echo 5 > /proc/sys/net/ipv4/ip_dynaddr
|
To enable verbose RST-provoking mode:
|
To enable verbose RST-provoking mode:
|
# echo 7 > /proc/sys/net/ipv4/ip_dynaddr
|
# echo 7 > /proc/sys/net/ipv4/ip_dynaddr
|
|
|
Enjoy!
|
Enjoy!
|
|
|
-- Juanjo
|
-- Juanjo
|
(with RST-provoking mode by Erik Corry )
|
(with RST-provoking mode by Erik Corry )
|
|
|
