[isf-wifidog] Gateway NAT Patch

Lun 28 Fév 22:41:43 EST 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Tully wrote:
|>>1. It adds the masquerade target on the gw_interface instead of the
|>>external_interface (is that a bug ?)
|>
|>I think you're right on that one.
|
|
| Yup, i fudged that...  I updated the url with a new patch:
| http://www.publicip.org/mirror/dists/patches/wifidog.cvs.nat.patch
|
| This patch uses safe_strdup to make sure external_interface is
| configured if gw_nat is set...
|
| if(gw_nat){
|          external_interface = safe_strdup(config->external_interface);
| }

If external_interface is not set (null) safe_strdup would kill wifidog
much like regular strdup would (albeit with a more meaningful error message)

I'll have to add some sanity code in the config parser to enforce
setting external_interface if do_nat is set.

|
|
|>>2. If it's a bug, we need to switch it to external_interface - but the
|>>gotcha is external_interface is not mandatory and wifidog may not know
|>>what it is!
|>
|>You're also right on that one.
|>
|>I think I would apply the patch (fix bugs first) but make it... I don't
|>know. Not hidden, but make sure to document that this is intrusive (plus
|>make mechanism in that we require the externalinterface).
|
|
|
| Sorry, i guess i got a little ahead of myself and submitted this patch
| before it was properly tested.  Is there another method i should use
| for contributing a patch? Maybe one that will not be made public
| before going through QA?

Aside from the occasional meetings we don't have a formalized way for
discussing new architecture changes.  The maillist is a good choice :)

|
| Anyway, take it, or leave it. I understand if it doesn't fit into your
| plans for the project.  But, it would have saved me a few hours...
|
| Scott

It definitely fits our plans, but I don't know if, in this specific
scenario, a technical solution is the best way to go.

If we incorporate the patch and decide to attack this technically, where
do we stop ? There are many issues to consider such as bad iptables
rules, missing ip forwarding in the kernel or turned off in the sysctl,
bridging setup etcetera.

I'm wondering if creating a better installation doc would be a lot more
beneficial than addressing this one spot in the software.  The doc could
mention that before running wifidog your setup needs to run seamlessly
first, including masquerading, forwarding, firewalling et cetera (along
with examples).

Either way, we really appreciate your adoption of the software and work
on it.  IMO I say let this issue float around the list for a bit to give
other subscribers the chance to think of PROs and CONs.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCI+R3eS99pGMif6wRApWgAKCOrC++CmB0o2V2TphTWbjRWa63ngCg9R4N
ES5giW5dM9Paeg1Pw06YLyM=
=7h6p
-----END PGP SIGNATURE-----