| ssh over wifi w/ LD_PRELOAD |
[Nov. 7th, 2005|02:02 am]
Brad Fitzpatrick
|
I was about to fall asleep when I realized what I need for my ssh over wifi problem. Unfortunately/fortunately,  ciphergoth beat me to it in the couple hours I've been upstairs reading.
My solution looks like this:
-- "wifissh" wrapper around "ssh" that reads in ~/.wifissh config file, sets some environment variables, and then invokes the real ssh program with an LD_PRELOAD modules loaded to intercept network connections, ala skype_dsp_hijacker or trickle(1).
-- LD_PRELOAD library then intercepts all connects/writes (and maybe reads, it matters less?) and sends them over UDP (which has no congestion control (ignoring DCCP)) to the internal host configured in the ~/.wifissh file, which the sh/perl wrapper read and stuck in the environment for me, so I don't have to write config file parsing code C.
-- the ssh proxy host, running on my local network, acts like rinetd(8) except it's udp/tcp instead of tcp/tcp, and it has a specialized ACK protocol to the laptop.
-- the preload library's fake write(2) system call then blocks the caller (which thinks it's doing a real write) until it receives an ack. if it doesn't receive an ack soon enough, it goes fucking apeshit resending rapidly (or at least every 100 ms), since it doesn't have to worry about congesting the real interweb.
And then Brad is happy.
I can probably write this tomorrow, but without a laptop to test it on, I might not be so motivated until it's fixed.
And damn you ciphergoth for stealing my thunder. I'd thought I was so clever. :-) |
|
|
| Comments: |
Cool :-) Your solution is cleverer than mine, in that it uses LD_PRELOAD (I had anticipated some sort of userspace-tunnelling thingy based on tun/tap) but less clever in that you don't have any of the packet-selective-dropping cleverness I proposed...
Yet another person discovers "TCP over UDP" ... yay! Previous castles that have sunk into the swamp:
- iproxy: "As iproxy allows arbitraty TCP services to be carried over Broadcast, Unicast and Multicast UDP it potenitally has many applications beyond the scope of network device configuration."
- utunnel: "utunnel allows you to tunnel ip traffic (tcp, icmp, etc) over udp. utunnel is written and c using libpcap and libnet."
- atou: "Almost TCP over UDP" -- not a usable implementation as far as I can tell, but these guys sure did a lot of research and metrics collection. Could let you make a rounder wheel, if you choose to reinvent one.
Whatever you do, Brad, for the love of God, don't go LD_PRELOAD'ing Perl. :-)
![[User Picture]](https://l-userpic.livejournal.com/54541970/2) | From: brad
2005-11-07 06:18 pm (UTC)
| (Link)
|
After 3 castles sink into the swamp, isn't that the point that the 4th one has firm enough ground to build on? :-)
But uh, my aspirations seem considerably smaller than any of those 3 projects.
If you do get motivated to hack on this, I wish you lots of luck.
Luckily for me, my WiFi at home is stable enough to use SSH very reliably with great interactive response.
Now, if SSH from my Treo 650 were "interactive" enough to be useful, that'd be something. You SSH from your Treo 650 yet? Got any ideas on how to make that interactivity more responsive? :-)
From: evan
2005-11-07 04:43 pm (UTC)
| (Link)
|
What's the conf file for? What configuration is needed?
I'd do it like bradwifipreload --args-i-don't-understand ssh --ssh-args host. Then it doesn't need to understand ssh at all.
| From: brad
2005-11-07 06:18 pm (UTC)
| (Link)
|
Ease of typing. But yeah, only destination host is in config.
er, instead of fixing the retransmit timer in uesrspace udp, why not fix it in the stack as I suggested?
| From: brad
2005-11-07 10:05 pm (UTC)
| (Link)
|
Because userspace hacking is easier? And then more people could use it easily?
To be honest, my first thought upon coming across something like this *would* be "why didn't they do it in the stack? this must be crack." But then I'd see you wrote it and figure it wasn't too much crack. And yeah, I'd imagine considerably easier. :)
Yay for LD_PRELOAD! I wrote my first hack a few months ago, which intercepts TCP connect()ions and sends them out on my cable modem instead of the DSL.
Is it possible for the kernel packet filtering layer to be the intercept point? I.e. if port 22 TCP outgoing, send packets to userspace service xyz. Where xyz encapsulates everything over UDP for the wireless hop.
The clever bit about this is that a single command could actually remove the packet filter command, and everything would fall back to the old way. And established connections would stay alive. Not sure that it matters, though.
It would be nice if the whole thing looked transparent, sort of like a VPN interface.
From: (Anonymous)
2005-11-08 04:40 am (UTC)
Westwood TCP, WTCP | (Link)
|
Could you please share with us if enabling Westwood TCP congestion control helped or not?
Also there is an academic project (very old, 1999): http://timely.crhc.uiuc.edu/Projects/wtcp/wtcp.html
I could not find source code there, but you may want to read their papers at least.
--
Artem (http://www.artemfrolov.com/)
I'm not quite sure I understand what you're trying to do all this for. Changing from BIC to Westwood worked for me... but I assume you need additional functionality. Good luck!
| From: brad
2005-11-11 09:47 pm (UTC)
| (Link)
|
I imagine Westwood will work for me too. I haven't tried yet. (Had a laptop harddrive failure.....) | |
