After what turned into a rather ugly development process, Drawbridge 2.0 is
ready. It was originally going to feature ODI and DPMI. Due to a number of
problems it now uses NDIS and XMS.
Here is the README for the package.
Dave
---
David K. Hess Network Analyst
David-Hess @
tamu .
edu Computing and Information Services - Network Group
(409) 845-0372 (work) Texas A&M University
----------------------------------------------------------------------------
Drawbridge 2.0 ALPHA
INTRODUCTION:
Drawbridge is a copyrighted but freely distributable bridging filter.
It uses a PC with two ethernet cards or two FDDI cards to perform the
filtering. It is composed of three different tools: Filter, Filter
Compiler and Filter Manager. This distribution is version 2.0 which is
a major overhaul of the earlier versions.
While this release is called an ALPHA release, the code is quite stable
both in features and performance. There are no known bugs though the
code has not been exhaustively tested yet. We currently have the code
in this package installed as an FDDI to FDDI filter which is in
production use. The documentation and packaging is what is not quite
ready for prime time yet.
CHANGES:
o Filter now supports FDDI to FDDI filtering. Note however that
due to the inherent limitations with bridging on FDDI,
Filter will only work under a very specific and limited
configuration. Please send email to
drawbridge @
net .
tamu .
edu if you are interested in
attempting this.
o Filter now uses NDIS 2.01 DOS drivers. Therefore any Ethernet
cards or FDDI cards with adequate NDIS drivers can be
used with Drawbridge 2.0.
o Filter now has an IP protocol stack and the management occurs
via UDP. This allows the Filter Manager to run on just
about any Unix platform that has BSD sockets. (Note
that currently I haven't ported it to platforms other
than Solaris 2.3 and that there are byte ordering
problems that need to be resolved for little endian
machines.)
o Filter now uses an (as far as we know) exportable Pseudo One
Time Pad cryptographic scheme for authentication and
privacy over the management channel.
o Filter now provides statistics from both the console and
Filter Manager. Both Filter specific and NDIS
statistics are reported.
o Filter is now interrupt driven rather than polling (forced
because of NDIS) and performance is now much better.
With the previously recommended setup Filter now produces
transfer rates of 5Mb/sec versus the previously
measured 2Mb/sec. 10Mb/sec on ethernet should be easily
achieved with faster cards, buses and CPUs.
Under FDDI with a 60MHz Pentium, and two EISA Network
Peripherals FDDI cards, data rates up to 18Mb/sec have
been measured. The actual limit is higher but we do
not have a reliable testbed capable of generating and
measuring higher data rates at this time.
o Filter now uses XMS memory to store the network tables. A
cache is kept in low memory.
o Filter has a new switch which controls whether or not packets
other than IP/ARP/RARP are transparently bridged.
o Filter Compiler (and Filter) is backward source and binary
compatible. Other than bug fixes, no changes have been made
to the Filter Compiler. A few byte ordering fixes so it will
run on little endian machines will be made in the BETA
release.
For the Filter, the DES key file is no longer used and
a new file PASSWORD is maintained. Also Filter Manager
no longer uses .fmkey.* files.
o The GNU Copyleft has been removed. This material is now covered
under a Berkeley style copyright. I.E. you can do anything
you want with the code but must credit us. See the file
COPYING.
o A few commands have been added/changed in the Filter Manager. The
changes are documented under the help system.
AVAILABILITY:
Drawbridge is available via anonymous ftp from net.tamu.edu (128.194.177.1)
in pub/security/drawbridge as:
drawbridge-2.0a.tar.gz
The package should untar into 4 directories:
doc - directory with documentation about Drawbridge
(including two papers referenced in the documentation)
fm - directory with source code for the Filter Manager plus
a binary for Solaris 2.3 on Sparc.
fc - directory with source code for the Filter Compiler plus
a binary for Solaris 2.3 on Sparc.
filter - directory with three PKZIP archives and PKUNZIP.EXE
ndis.zip - PKZIP archive containing the NDIS 2.01
utilities.
filter.zip - PKZIP archive with source code and
executable for the Filter.
config.zip - PKZIP archive with example config.sys,
protocol.ini, autoexec.bat and the latest
SMC driver for the Ethernet cards required
by earlier versions of Drawbridge.
And 2 files:
README - this file
COPYING - copyright notice.
REQUIREMENTS:
The requirements are less stringent in Drawbridge version 2.0. Filter
is compiled for and requires an 80386 or higher processor (it is
documented in the makefile how to compile for a higher processor). Any
Ethernet or FDDI boards for any bus may be used as long as they have
NDIS 2.01 drivers.
NOTE! These drivers *must* support promiscuous mode and *must* allow
you to configure the driver to support two cards in one PC. Be careful
to confirm this before you settle on any adapters. Some adapters do
not support these features.
BUILDING:
The Filter Compiler and Filter Manager both require an ANSI C compiler;
the GNU C Compiler (gcc) is recommended. The Filter requires Borland
C++ 4.02 and Borland Turbo Assembler 4.0. An executable version of
Filter is provided in case you do not have access to these tools.
To build Filter Compiler (fc) and Filter Manager (fm), just go into the
respective directories and type "make". This will build the
exectuables. To install fc and fm, edit the makefiles to set the
destination directory, become root and type "make install".
To build Filter, unarchive the PKZIP archive, go to the source directory
and type "make".
To get a better idea of how Drawbridge works and how it is used, begin with
the OVERVIEW paper in the doc directory.
CONTACTS:
Any suggestions or comments can be sent to: drawbridge @
net .
tamu .
edu
Any and all feedback on this ALPHA release is welcome. Also, ports of the
Filter Compiler and Filter Manager to other platforms would be greatly
appreciated.
Drawbridge was designed and programmed by:
David K. Hess
Douglas Lee Schales
David R. Safford
Texas A&M University
November 16, 1994
|
|
