Slirp

Last updated
Slirp
Developer(s) Danny Gasparovski, Kelly Price (maintainer)
Initial releaseMarch 30, 1995
Stable release
1.0.17 / January 8, 2006
Operating system Unix-like
Platform shell account
Type Dial-up access
License BSD-like, modified 4-clause BSD license
Website slirp.sf.net

Slirp (sometimes capitalized SLiRP) is a software program that emulates a PPP, SLIP, or CSLIP connection to the Internet using a text-based shell account. Its original purpose became largely obsolete as dedicated dial-up PPP connections and broadband Internet access became widely available and inexpensive. It then found additional use in connecting mobile devices, such as PDAs, via their serial ports. Another significant use case is firewall piercing/port forwarding. [1] [2] One typical use of Slirp creates a general purpose network connection over a SSH session on which port forwarding is restricted. Another use case is to create external network connectivity for unprivileged containers.

Contents

Usage

Shell accounts normally only allow the use of command line or text-based software, but by logging into a shell account and running Slirp on the remote server, a user can transform their shell account into a general purpose SLIP/PPP network connection, allowing them to run any TCP/IP-based application—including standard GUI software such as the formerly popular Netscape Navigator—on their computer. This was especially useful in the 1990s because simple shell accounts were less expensive and/or more widely available than full SLIP/PPP accounts. [3]

In the mid-1990s, numerous universities provided dial-up shell accounts (to their faculty, staff, and students). These command line-only connections became more versatile with SLIP/PPP, enabling the use of arbitrary TCP/IP-based applications. Many guides to using university dial-up connections with Slirp were published online (e.g. , , , ). Use of TCP/IP emulations software like Slirp, and its commercial competitor TIA was banned by some shell account providers, who believed its users violated their terms of service or consumed too much bandwidth. [4] [5]

Slirp is also useful for connecting PDAs and other mobile devices to the Internet: by connecting such a device to a computer running Slirp, via a serial cable or USB, the mobile device can connect to the Internet. [6]

Limitations

Unlike a true SLIP/PPP connection, provided by a dedicated server, a Slirp connection does not strictly obey the principle of end-to-end connectivity envisioned by the Internet protocol suite. The remote end of the connection, running on the shell account, cannot allocate a new IP address and route traffic to it. [7] Thus the local computer cannot accept arbitrary incoming connections, although Slirp can use port forwarding to accept incoming traffic for specific ports.

This limitation is similar to that of network address translation. It does provide enhanced security as a side effect, effectively acting as a firewall between the local computer and the Internet. [7]

Current status

Slirp is free software licensed under a BSD-like, modified 4-clause BSD license by its original author. After the original author stopped maintaining it, Kelly Price took over as maintainer. [8] There were no releases from Kelly Price after 2006. Debian maintainers have taken over some maintenance tasks, such as modifying Slirp to work correctly on 64-bit computers. [9] In 2019, [10] a more actively maintained Slirp repository was used by slirp4netns to provides network connectivity for unprivileged, rootless containers.

Influence on other projects

Despite being largely obsolete, Slirp made a great influence on the networking stacks used in virtual machines and other virtualized environments. The established practice of connecting the virtual machines to the host's network stack was to use the various packet injection mechanisms. Raw sockets, being one of such mechanisms, were originally used for that purpose, and, due to many problems and limitations, were later replaced with the TAP device.

Packet injection is a privileged operation that may introduce a security threat, something that the introduction of TAP device solved only partially. Slirp-derived NAT implementation brought a solution to this long-standing problem. It was discovered that Slirp has the full NAPT implementation as a stand-alone user-space code, whereas other NAT engines are usually embedded into a network protocol stack and/or do not cooperate with the host OS when doing PAT (use their own port ranges and require packet injection). QEMU project have adopted the appropriate code portions of the Slirp package and got the permission from its original authors to re-license it under 3-clause BSD license. [11] Such license change allowed many other FOSS projects to adopt the QEMU-provided Slirp portions, which was (and still is) not possible with the original Slirp codebase because of the license compatibility problems. Some of the notable adopters are VDE and VirtualBox projects. Even though the Slirp-derived code was heavily criticized, [12] to date there is no competing implementation available.

See also

Related Research Articles

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Telnet Network protocol for bidirectional communication using a virtual terminal connection

Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).

Network address translation Protocol facilitating connection of one IP address space to another

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The benefits of a VPN include increases in functionality, security, and management of the private network. It provides access to resources that are inaccessible on the public network and is typically used for remote workers. Encryption is common, although not an inherent part of a VPN connection.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages, and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2, and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.

Shell account User account on a remote server

A shell account is a user account on a remote server, traditionally running under the Unix operating system, which gives access to a shell via a command-line interface protocol such as telnet, SSH, or over a modem using a terminal emulator.

Port forwarding Application of network address translation

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway, by remapping the destination IP address and port number of the communication to an internal host.

Application firewall Layer 7/application layer network security system

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The application firewall can control communications up to the application layer of the OSI model, which is the highest operating layer, and where it gets its name. The two primary categories of application firewalls are network-based and host-based.

netcat

netcat is a computer networking utility for reading from and writing to network connections using TCP or UDP. The command is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another, by exploiting encapsulation. It involves allowing private network communications to be sent across a public network through a process called encapsulation.

A terminal server connects devices with a serial port to a local area network (LAN). Products marketed as terminal servers can be very simple devices that do not offer any security functionality, such as data encryption and user authentication. The primary application scenario is to enable serial devices to access network server applications, or vice versa, where security of the data on the LAN is not generally an issue. There are also many terminal servers on the market that have highly advanced security functionality to ensure that only qualified personnel can access various servers and that any data that is transmitted across the LAN, or over the Internet, is encrypted. Usually, companies that need a terminal server with these advanced functions want to remotely control, monitor, diagnose and troubleshoot equipment over a telecommunications network.

Nintendo Wi-Fi USB Connector Discontinued wireless game adapter

The Nintendo Wi-Fi USB Connector is a wireless game adapter, developed by Nintendo and Buffalo Technology, which allows Nintendo DSi and Wii users without a Wi-Fi connection or compatible Wi-Fi network to establish one via a broadband-connected PC. Inserted into the host PC's USB port, the connector functions with the Nintendo DS, Wii, and DSi, permitting the user to connect to the Internet and play Nintendo games that require a Wi-Fi connection and access various other online services. According to the official Nintendo website, the product was the best selling Nintendo accessory to date on 15 November 2007, but was discontinued in the same month until further notice. On September 8, 2008, Nintendo announced the Nintendo Wi-Fi Network Adapter, an 802.11g wireless router/bridge which serves a similar purpose.

In computer networking, TUN and TAP are kernel virtual network devices. Being network devices supported entirely in software, they differ from ordinary network devices which are backed by physical network adapters.

The Internet Adapter (TIA) was software created by Cyberspace Development in 1993 to allow Serial Line Internet Protocol (SLIP) connections over a shell account. Point-to-Point Protocol (PPP) was added in 1995, by which time the software was marketed and sold by Intermind of Seattle. Shell accounts normally only allow the use of command line or text-based software, but by logging into a shell account and starting the TIA daemon, a user could then run any TCP/IP-based application, including standard GUI software such as the then-popular Netscape Navigator on their computer. This was especially useful at the time because simple shell accounts were much less expensive than full SLIP/PPP accounts. TIA was ported to a large number of unix or unix-like systems.

TCP Gender Changer is a method in computer networking for making an internal TCP/IP based network server accessible beyond its protective firewall.

OpenSSH Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

Mosh (software) Remote terminal

In computing, Mosh is a tool used to connect from a client computer to a server over the Internet, to run a remote terminal. Mosh is similar to SSH, with additional features meant to improve usability for mobile users. The major features are:

SoftEther VPN Open-source VPN client and server software

SoftEther VPN is free open-source, cross-platform, multi-protocol VPN client and VPN server software, developed as part of Daiyuu Nobori's master's thesis research at the University of Tsukuba. VPN protocols such as SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol are provided in a single VPN server. It was released using the GPLv2 license on January 4, 2014. The license was switched to Apache License 2.0 on January 21, 2019.

References

  1. Rideau, François-René (2001), Firewall Piercing mini-HOWTO, Secure solution: piercing using ssh
  2. JDIMPSON (2008), pppsshslirp: create a PPP session through SSH to a remote machine to which you don't have root
  3. Jim Knoble (1996-08-01). "Almost Internet with SLiRP and PPP". Linux Journal . Retrieved 2009-08-28.
  4. Craig J. Miller (1995-03-15). "Intermind discussion of TIA on TENET" . Retrieved 2009-08-31.
  5. "Everybody's Internet Update (section 1.5)". Electronic Frontier Foundation. September 1994. Retrieved 2009-08-31.
  6. Kelly Price. "Slirp Maintenance Project home page" . Retrieved 2009-08-31.
  7. 1 2 Glen Reesor (2001-02-21). "SLIP/PPP Emulator mini-HOWTO" . Retrieved 2009-08-29.
  8. Kelly Price. "Slirp FAQ" . Retrieved 2009-08-28.
  9. "Debian Changelog slirp" . Retrieved 2009-08-28.
  10. "Releases - rootless-containers/slirp4netns". 2019-01-04.
  11. "[Qemu-devel] Remove the advertising clause from the slirp license".
  12. "[Qemu-devel] Re: slirp-related crash".
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.