uamanyip patch

wlan at mac.com wlan at mac.com
Mon May 5 08:31:53 UTC 2008 

Hi Gunther,

Thanks for that. And, sorry for the delay in replying -- I was  
traveling. As for the options, the procedure is as follows:

- Add the option to cmdline.ggo - use an existing option as an example
- Run "gengetopt -C < cmdline.ggo" to generate the cmdline.[ch] files
- Add your data structures for your option in options.h's struct  
options_t
- Do your mapping of gengetopt option to options_t in options.c's  
process_options()
(careful with memory here, and note the "reconfiguring" sections --  
some stuff _only_ happens at startup)
- Now you have your option data in the global options structure.

I know... it's a bit of a process. It's because Chilli has always  
used gengetopt -- which is nice, but also very repetitive code and  
limiting in certain ways.

For this option, you could take uamallowed as your template -- taking  
a string and parsing out networks.

David


On May 3, 2008, at 9:16 PM, Gunther Mayer wrote:

> lc wrote:
>> Hi,
>>
>> This is an interesting point. I use a different subnet to have  
>> access to access points on the chilli network. So I think the  
>> suggested uamanyipignorelan option would be excellent if the  
>> network to be ignored could be defined.
> I rewrote my previous patch which wasn't working too well and  
> submitted the now tested and working version as r168. As originally  
> advertised it ignores (i.e. doesn't spoof) all arp requests within  
> chilli's own subnet. I'm busy rolling this out to a couple of live  
> sites but I don't expect any issues as I've tested it quite  
> substantially, it's a very minor patch as well.
>
> Regarding an option to specify such a subnet to ignore, I've  
> started on a customisable "noarp <subnet>,<subnet>,..." option but  
> gave up soon after I realised just how many source files need to be  
> changed in order to add a new option. I don't have time right now  
> for such an extensive patch but I'm willing to assist anyone who does.
>>
>> Am 04.04.2008 um 00:07 schrieb Gunther Mayer:
>>
>>> Hi David,
>>>
>>> I've recently tried out the uamanyip option in coova and was very  
>>> pleased at how well it works. I want to use it all the time in  
>>> future across our network to simplify troubleshooting, should  
>>> save a couple of support calls ;-)
>>>
>>> However, I found a very annoying side effect of uamanyip: It  
>>> spoofs ARP requests for just about anything. While that's the  
>>> point of uamanyip, it makes it impossible to have other devices  
>>> such as access points that you have to access for management  
>>> purposes on the chilli network. Say chilli listens on  
>>> 192.168.182.1 and there's another access point with static ip  
>>> 192.168.182.2 (of course not part of the dynip range) to increase  
>>> wireless coverage. As soon as anybody tries to ping or otherwise  
>>> access 192.168.182.2 because chilli will immediately claim it  
>>> through arp before the real device has a chance to answer - it  
>>> creates a race condition. Putting such devices on entirely  
>>> different subnets makes no difference as their ip's will be  
>>> stolen too. The only though somewhat ugly way I found around that  
>>> was to clear the arp cache on my client and then force a mapping  
>>> with arp -s.
>>>
>>> So, I thought wouldn't it be cool to let chilli ignore arp  
>>> requests for anything other than itself but only on its own  
>>> subnet. Anything else will still be caught and spoofed as usual.  
>>> Hence I came up with the below patch, I created it against 1.0.11- 
>>> stable but applying it to svn (r161) proved trivial, as it's a  
>>> very short patch.
>>>
>>> I think this should be done by default as it allows devices on  
>>> the chilli subnet to talk to each other properly (of course for  
>>> real isolation one would use something like ebtables or a/p  
>>> isolation). But of course the patch could be extended to make  
>>> this optional (uamanyipignorelan?) if people wanted to keep the  
>>> current behaviour. Thoughts?
>>>
>>> Gunther
>>>
>>> Index: dhcp.c
>>> ===================================================================
>>> --- dhcp.c      (revision 161)
>>> +++ dhcp.c      (working copy)
>>> @@ -2595,6 +2595,14 @@
>>>      return 0; /* Only reply if he asked for his router address */
>>>    }
>>>  }
>>> +  else if ((taraddr.s_addr != options.dhcplisten.s_addr) &&
>>> +        ((conn->hisip.s_addr & conn->hismask.s_addr) ==
>>> +        (reqaddr.s_addr & conn->hismask.s_addr))) {
>>> +    /* when uamanyip is on we should ignore arp requests that  
>>> ARE within our subnet except of course the ones for ourselves*/
>>> +    if (options.debug)
>>> +      log_dbg("ARP: request for ip other than us within our  
>>> subnet(uamanyip on), ignoring");
>>> +    return 0;
>>> +  }
>>>  conn->lasttime = mainclock;
>>>
>>> -------------------------------------------------------------------- 
>>> -
>>> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
>>> For additional commands, e-mail: chilli-help at coova.org
>>> Wiki: http://coova.org/wiki/index.php/CoovaChilli
>>> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
>> For additional commands, e-mail: chilli-help at coova.org
>> Wiki: http://coova.org/wiki/index.php/CoovaChilli
>> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>

More information about the Chilli mailing list