-------- From academic-firewalls-owner@net.tamu.edu Thu Nov 17 00:16:18 1994 Date: Thu, 17 Nov 94 00:10:19 -0600 From: Dave Hess Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Alpha Release of Drawbridge 2.0 After what turned into a rather ugly development process, Drawbridge 2.0 is ready. It was originally going to feature ODI and DPMI. Due to a number of problems it now uses NDIS and XMS. Here is the README for the package. Dave - --- David K. Hess Network Analyst David-Hess@tamu.edu Computing and Information Services - Network Group (409) 845-0372 (work) Texas A&M University - ---------------------------------------------------------------------------- Drawbridge 2.0 ALPHA INTRODUCTION: Drawbridge is a copyrighted but freely distributable bridging filter. It uses a PC with two ethernet cards or two FDDI cards to perform the filtering. It is composed of three different tools: Filter, Filter Compiler and Filter Manager. This distribution is version 2.0 which is a major overhaul of the earlier versions. While this release is called an ALPHA release, the code is quite stable both in features and performance. There are no known bugs though the code has not been exhaustively tested yet. We currently have the code in this package installed as an FDDI to FDDI filter which is in production use. The documentation and packaging is what is not quite ready for prime time yet. CHANGES: o Filter now supports FDDI to FDDI filtering. Note however that due to the inherent limitations with bridging on FDDI, Filter will only work under a very specific and limited configuration. Please send email to drawbridge@net.tamu.edu if you are interested in attempting this. o Filter now uses NDIS 2.01 DOS drivers. Therefore any Ethernet cards or FDDI cards with adequate NDIS drivers can be used with Drawbridge 2.0. o Filter now has an IP protocol stack and the management occurs via UDP. This allows the Filter Manager to run on just about any Unix platform that has BSD sockets. (Note that currently I haven't ported it to platforms other than Solaris 2.3 and that there are byte ordering problems that need to be resolved for little endian machines.) o Filter now uses an (as far as we know) exportable Pseudo One Time Pad cryptographic scheme for authentication and privacy over the management channel. o Filter now provides statistics from both the console and Filter Manager. Both Filter specific and NDIS statistics are reported. o Filter is now interrupt driven rather than polling (forced because of NDIS) and performance is now much better. With the previously recommended setup Filter now produces transfer rates of 5Mb/sec versus the previously measured 2Mb/sec. 10Mb/sec on ethernet should be easily achieved with faster cards, buses and CPUs. Under FDDI with a 60MHz Pentium, and two EISA Network Peripherals FDDI cards, data rates up to 18Mb/sec have been measured. The actual limit is higher but we do not have a reliable testbed capable of generating and measuring higher data rates at this time. o Filter now uses XMS memory to store the network tables. A cache is kept in low memory. o Filter has a new switch which controls whether or not packets other than IP/ARP/RARP are transparently bridged. o Filter Compiler (and Filter) is backward source and binary compatible. Other than bug fixes, no changes have been made to the Filter Compiler. A few byte ordering fixes so it will run on little endian machines will be made in the BETA release. For the Filter, the DES key file is no longer used and a new file PASSWORD is maintained. Also Filter Manager no longer uses .fmkey.* files. o The GNU Copyleft has been removed. This material is now covered under a Berkeley style copyright. I.E. you can do anything you want with the code but must credit us. See the file COPYING. o A few commands have been added/changed in the Filter Manager. The changes are documented under the help system. AVAILABILITY: Drawbridge is available via anonymous ftp from net.tamu.edu (128.194.177.1) in pub/security/drawbridge as: drawbridge-2.0a.tar.gz The package should untar into 4 directories: doc - directory with documentation about Drawbridge (including two papers referenced in the documentation) fm - directory with source code for the Filter Manager plus a binary for Solaris 2.3 on Sparc. fc - directory with source code for the Filter Compiler plus a binary for Solaris 2.3 on Sparc. filter - directory with three PKZIP archives and PKUNZIP.EXE ndis.zip - PKZIP archive containing the NDIS 2.01 utilities. filter.zip - PKZIP archive with source code and executable for the Filter. config.zip - PKZIP archive with example config.sys, protocol.ini, autoexec.bat and the latest SMC driver for the Ethernet cards required by earlier versions of Drawbridge. And 2 files: README - this file COPYING - copyright notice. REQUIREMENTS: The requirements are less stringent in Drawbridge version 2.0. Filter is compiled for and requires an 80386 or higher processor (it is documented in the makefile how to compile for a higher processor). Any Ethernet or FDDI boards for any bus may be used as long as they have NDIS 2.01 drivers. NOTE! These drivers *must* support promiscuous mode and *must* allow you to configure the driver to support two cards in one PC. Be careful to confirm this before you settle on any adapters. Some adapters do not support these features. BUILDING: The Filter Compiler and Filter Manager both require an ANSI C compiler; the GNU C Compiler (gcc) is recommended. The Filter requires Borland C++ 4.02 and Borland Turbo Assembler 4.0. An executable version of Filter is provided in case you do not have access to these tools. To build Filter Compiler (fc) and Filter Manager (fm), just go into the respective directories and type "make". This will build the exectuables. To install fc and fm, edit the makefiles to set the destination directory, become root and type "make install". To build Filter, unarchive the PKZIP archive, go to the source directory and type "make". To get a better idea of how Drawbridge works and how it is used, begin with the OVERVIEW paper in the doc directory. CONTACTS: Any suggestions or comments can be sent to: drawbridge@net.tamu.edu Any and all feedback on this ALPHA release is welcome. Also, ports of the Filter Compiler and Filter Manager to other platforms would be greatly appreciated. Drawbridge was designed and programmed by: David K. Hess Douglas Lee Schales David R. Safford Texas A&M University November 16, 1994 -------- From academic-firewalls-owner@net.tamu.edu Sat Nov 19 12:30:56 1994 X-Sender: econrad@it MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Sat, 19 Nov 1994 13:25:05 -0500 (EST) From: Eric Conrad Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Multiple interfaces with netwatch There appears to be a bug in the Solaris version of netwatch (which is part of netlog-1.2 from TAMU). There is code to support multiple interfaces, but regardless of which interface I select, it monitors traffic from le0. I have verified that le1 on the machine is working correctly via the snoop program. Has anyone got a fix for this? ...Eric -------- From academic-firewalls-owner@net.tamu.edu Sat Nov 19 13:58:32 1994 In-reply-to: Your message of "Sat, 19 Nov 1994 13:25:05 EST." Date: Sat, 19 Nov 1994 13:52:55 -0600 From: Douglas Lee Schales Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: Multiple interfaces with netwatch >There appears to be a bug in the Solaris version of netwatch (which is >part of netlog-1.2 from TAMU). There is code to support multiple >interfaces, but regardless of which interface I select, it monitors >traffic from le0. > >I have verified that le1 on the machine is working correctly via the >snoop program. > >Has anyone got a fix for this? Hmmm... I think I recall fixing this, but I thought I had released the fixed version... lemme dig that out... In netlog-1.2/lib/opendlpi.c, line 231: currently is: dlattachreq(fd, 0, (char *)buf); should be dlattachreq(fd, ppa, (char *)buf); Doug. - -- Douglas Lee Schales Texas A&M University Doug.Schales@net.tamu.edu Computing & Information Services Networking Project -------- From academic-firewalls-owner@net.tamu.edu Sat Nov 19 14:10:50 1994 X-Sender: econrad@it In-Reply-To: <28164.785274775@net.tamu.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Sat, 19 Nov 1994 15:05:11 -0500 (EST) From: Eric Conrad Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: Multiple interfaces with netwatch > Hmmm... I think I recall fixing this, but I thought I had released > the fixed version... lemme dig that out... > > In netlog-1.2/lib/opendlpi.c, line 231: > > currently is: > > dlattachreq(fd, 0, (char *)buf); > > should be > > dlattachreq(fd, ppa, (char *)buf); That fixed it. Thank you very much. ...Eric -------- From academic-firewalls-owner@net.tamu.edu Sat Nov 19 18:23:31 1994 Cc: academic-firewalls@net.tamu.edu In-Reply-To: <28164.785274775@net.tamu.edu> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII content-length: 1240 Date: Sat, 19 Nov 1994 20:15:32 -0400 (AST) From: Steve MacLeod Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: Multiple interfaces with netwatch So what is netwatch and where can one get a copy? (Solaris 2.3) Thanks - -------------------------------------------------------------------- Steve MacLeod Microcomputer Specialist (902)539-5300x625 Computer Centre University College of Cape Breton Sydney, N.S. Fax (902)562-0119 Canada B1P 5S2 On Sat, 19 Nov 1994, Douglas Lee Schales wrote: > >There appears to be a bug in the Solaris version of netwatch (which is > >part of netlog-1.2 from TAMU). There is code to support multiple > >interfaces, but regardless of which interface I select, it monitors > >traffic from le0. > > > >I have verified that le1 on the machine is working correctly via the > >snoop program. > > > >Has anyone got a fix for this? > > Hmmm... I think I recall fixing this, but I thought I had released > the fixed version... lemme dig that out... > > In netlog-1.2/lib/opendlpi.c, line 231: > > currently is: > > dlattachreq(fd, 0, (char *)buf); > > should be > > dlattachreq(fd, ppa, (char *)buf); > > Doug. > > -- > Douglas Lee Schales Texas A&M University > Doug.Schales@net.tamu.edu Computing & Information Services > Networking Project >