I'm thinking about building a Virtual Private Networking program with
Xforms and ssh. The basic idea will be to use ssh to establish an
encrypted pipe over the internet to the target network and then run pppd
on a psuedo terminal on the target machine connected to the encrypted
pipe. A psuedo terminal will have to be allocated on the local machine and
the master's input and output will be connected to the input and output
of the ssh process. You will run pppd on the slave side of the local
psuedo terminal. It looks like this:
+-------+
| local |<<------ Xforms control appp
| pppd |
+-------+
|
|
+-----------+
| local pty |
| slave | +-------+ +--------+ +------------+
|===========| | local | | remote | | remote pty |
| master |--| ssh |--| sshd |--| master |
+-----------+ +-------+ +--------+ |============|
| slave |
+------------+
|
|
+--------+
| remote |
| pppd |
+--------+
I want to an Xforms Application to establish and manage and terminate
the connection but this raises several questions.
o Several portions of this application will need to run setuid
root. Is the xforms library safe in this regard or should I
concentrate the security sensitive code in helper processes.
o If I have a sequence:
main() /* Xforms app */
{
...
childpid = fork();
if (childpid != 0) {
/* Still xforms app */
}
else if (childpid == 0) {
/* new app... */
terminate_xforms_interaction();
execlp("Some other code", NULL);
}
...
}
What do I have to put in the function
terminate_xforms_interaction() to make sure that the actions in
my child processes don't screw up Xforms in any way?
The second question kindof answers the first so if the function for
killing all xforms interaction in the child is simple an answer to the
first question probably isn't necessary.
The Xform's app is going to responsible for starting the ssh connection to
the remote machine and the pppd on the local side. It will also have to be
able to modify the routing table on the local machine to establish a route
to the remote network. That's why it has to be or have a helper that is
setuid root.
I successfully tested the VPN pipe today. Actually this part is no great
trick I've seen it done with a perl script but that was O/S specific to
Linux and my laptop runs FreeBSD. The ping latency on the connection to a
machine on my intranet was about 500 ms when the network latency of an
internet connection to my intranet was about 350 ms. So I estimate that
ssh has added 150 ms of latency to the connection. I'm fairly certain
that with tuning of the network parameters and compression parameters in
ssh I can lower that.
Any help and or comments about the app are appreciated but I would
request that any questions about the app that don't really apply to
Xforms be sent to me and not the list.
Chris
--
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*)____.___o____..___..o...________ooO..._____________________
Christopher Sean Hilton [chris/at/vindaloo/dot/com]
_________________________________________________
To unsubscribe, send the message "unsubscribe" to
xforms-request@bob.usuf2.usuhs.mil or see
http://bob.usuf2.usuhs.mil/mailserv/xforms.html
XForms Home Page: http://bloch.phys.uwm.edu/xforms
List Archive: http://bob.usuf2.usuhs.mil/mailserv/list-archives/