[AG-DEV] VIC firewall patch

Thu Dec 8 18:31:57 CST 2005

Hi all,


I have a locally contributed patch for vic, allowing it to work in  
unicast mode through firewalls & nats. Testing with Linux (including  
Andrew Patrick at NRC) has been pretty positive. However I can't  
easily produce a Windows binary for anyone to test that platform.

Could someone apply the patch below to the Windows source code, then  
compile and make the binary available for testing please?



Here is the contributer's comment:
"
There is a long-standing problem with VIC that it will not
work in unicast mode through a firewall or NAT device. The
reason is that VIC uses a dynamically assigned UDP port to
transmit, and the configured port to receive. I have modified
net/net-ip.cpp to use a single socket with the configured UDP
port for both send and receive for the first VIC instance, and
to fall back to dynamic port numbers for additional copies.
The first copy of VIC will thus create the NAT/firewall entry
to allow return traffic to be passed through.

The attached patch works in the limited configurations that I
tested, but needs verification with multiple streams etc.

I would be grateful if somebody could verify that this patch
does not break existing configurations.

Bug ID for this is 1228.
"



I've been using the patched version normally for some time (in fact,  
I had forgotten I was running it), so I would say it doesn't "break  
existing configurations". Still, we need some Windows testing.


chris


=========================== snip =======================

--- vic/net/net-ip.cpp.orig	2005-11-07 13:14:35.000000000 +1100
+++ vic/net/net-ip.cpp	2005-11-09 17:24:23.000000000 +1100
@@ -239,8 +239,7 @@
  	(IPAddress&)local_ = local.sin_addr;
  	rsock_ = openrsock(addr_, port, local_);
  	if (rsock_ < 0) {
-		(void)::close(ssock_);
-		return (-1);
+		rsock_ = ssock_;
  	}

  	lport_ = local.sin_port;
@@ -372,7 +371,8 @@
  		sin.sin_addr.s_addr = locali;
  		if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
  			perror("bind");
-			exit(1);
+			::close(fd);
+			return (-1);
  		}
  		/*
  		 * Despite several attempts on our part to get this fixed,
@@ -422,16 +422,18 @@
  	nonblock(fd);


-#ifdef WIN32
  	memset((char *)&sin, 0, sizeof(sin));
  	sin.sin_family = AF_INET;
-	sin.sin_port = 0;
+	sin.sin_port = port;
  	sin.sin_addr.s_addr = INADDR_ANY;
  	if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
-		perror("bind");
-		exit(1);
+		sin.sin_port = 0;
+		if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
+			perror("bind");
+			exit(1);
+		}
  	}
-#endif
+	
  	memset((char *)&sin, 0, sizeof(sin));
  	sin.sin_family = AF_INET;
  	sin.sin_port = port;
=========================== snip =======================


Christoph Willing                           +61 7 3365 8350
QPSF Access Grid Manager
University of Queensland




