#75 Multi interface and bridging with Linux

open
nobody
None
5
2004-10-01
2004-09-10
Patrick Naubert
No

This patch will permit a guest to use the Host's subnet
(and any DHCP server...); we do this by using the
bridging capabilities of Linux.

Also, this patch will manage multiple occurances of
PearPC, network-wise.

Here's the HOWTO:

I am using kernel 2.6.7 to do this. I think this will
work with no
problems with the 2.4 series too.

Set the Device Drivers -> Networking Support ->
Networking Options -> 802.1d Ethernet Bridging to ON or
Module.

Compile your kernel, and reboot.

Get the latest bridge-utils package from
bridge.sourceforge.net. I am using version 0.9.6.

Those using Gentoo can just "emerge bridge-utils" :-)

This removes the necessity to use Netfilter and NAT.

Please modify the file "settings" to your liking.

Discussion

1 2 > >> (Page 1 of 2)
  • Version 0.1

     
    Attachments
  • Logged In: YES
    user_id=260442

    Oh, this works with the Altivec source too.

     
  • Logged In: YES
    user_id=3437

    At least for smaller networks this is a very nice thing,
    thanks.

    I commited it except some smaller gliches:
    * You used sizeof instead of strlen (maybe this was the
    cause of the sigsegv you were seeing)
    * snprintf is almost as evil as sprintf and has been banned
    by me. Use ht_snprintf instead.
    * Can you explain why you inspected the return value of
    snprintf? To my understand it should never return 0 except
    when the format already was "".

    Ah, and thanks for the settings stuff.

     
  • Logged In: YES
    user_id=3437

    And there were some more problems with uninitialized
    pointers (like for "command") and you didn't free mIfName.
    You should really take a little bit more care on those
    network things which are security relevant.

    But we have now a problem with your patch. You want to
    execute "ifconfig" but therefore you need root priviledges.
    I don't really want to give PearPC suid... Any ideas to fix
    this?

     
  • Logged In: YES
    user_id=3437

    The ifconfig line is really dangerous, since it allows the
    execution of arbirary commands if we made the "PPC"
    interface prefix configurable.

    Anyway, I attached a updated version, maybe you can fix this
    last problem.

     
  • Logged In: YES
    user_id=3437

    The ifconfig line is really dangerous, since it allows the
    execution of arbirary commands if we made the "PPC"
    interface prefix configurable.

    Anyway, I attached a updated version, maybe you can fix this
    last problem.

     
  • Logged In: YES
    user_id=260442

    I can use 'ifconfig eth0' without being root in Linux. Am I
    out to lunch ?

    I added a cutoff point for string lenght of the interface
    name. I only keep the first 3 chars. If I add a string
    search to make sure the 3 chars are only alpha, then we
    should be OK security wise.

    Thanks for the mods.

    Pat

     
  • 0.3

     
    Attachments
  • Logged In: YES
    user_id=3437

    Yes, your absolutely right. I thought ifconfig is only
    available under sbin.

    So, (strlen(netif_prefix) > 3) sounds a little bit to small
    for me, we should at least allow names like "pearpc". The
    alphanumeric check is more important.

    Is there any reason you start the counter at 1? A name like
    ppc0 sounds more unix like.

    BTW: You should read the manpages of snprintf and strncpy.
    Those functions are harmful if you don't know their caveats:
    If you write something like
    char chop_buffer[3];
    strncpy(chop_buffer, netif_prefix,3);
    netif_prefix = chop_buffer;
    chop_buffer will _not_ be 0-terminated if
    strlen(netif_prefix)>=3!

    If you use strncpy it should look like
    strncpy(dest, src, sizeof dest - 1);
    dest[sizeof dest-1]=0;
    Of course this is ugly, so I'd recommend to either use
    std::string or the String class of PearPC (in C++ programs).

     
1 2 > >> (Page 1 of 2)