
fake V1.0.0
October 1998
Simon Horman <horms@zipworld.com.au>
----------------------------------------------------------------------


Overview
--------

fake is a simple utility designed to enable the switching in of
backup servers buy bringing up an additional interface
and using arp spoofing to take over the ip address. Either
additional physically or logical interfaces can be used.

Variants of the script have been used extensively at Zip World
for backing up various servers including the mail, web and
proxy servers. Please be aware that though this system
has been shown to work you are well advised to test the system
throughly before putting into production.

Please see the docs directory for a more thorough discussion
of the process that has been implemented and the issues surrounding
its use.

send_arp was written by  yuri volobuev'97 <volobuev@t1.chem.umn.edu> 
and is included here for convenience with his permission.
The primary site for all other materials relating to this is
http://linux.zipworld.com.au/redundant_linux/. 


Configuration -- Global
-----------------------

The global configuration file is in /etc/fake/.fakerc. The vales 
in here can be overridden by ${HOME}/.fakerc. A sample is included
below;

--begin .fakerc--
############################################################
# Set up basic environment for fake
# Variables are set as bash variables
# i.e. <VARIABLE>=<value>
#
# Must set:
#  ARP_DELAY: Delay in seconds between gratuitous arp
#  PID_DIR: Directory where pid files are kept
#  INSTANCE_CONFIG_DIR: Directory where specific 
#   configuration files for an IP address takeover are kept
#  LOG_DIR: Directory where logs are kept
#  CLEAR_ROUTERS_FILE: New line delimited list of routers to rsh
#    to and execute "clear arp-cache"
#  FAKE_RSH: Programme to use to "rsh" to another machine
#    to obtain macaddress by running ifconfig
#
# PATH can be set here to ensure that send_arp is in the 
#  path
############################################################

FAKE_HOME="/etc/fake"

#PATH=/sbin:/usr/sbin:/bin:/usr/bin

ARP_DELAY=1
CLEAR_ROUTERS_FILE="$FAKE_HOME/clear_routers"
PID_DIR="$FAKE_HOME/run"
LOG_DIR="$FAKE_HOME/log"
INSTANCE_CONFIG_DIR="$FAKE_HOME/instance_config"

#Only needed if you wish to send gretuitous arp
#advertising the "real" mac address when turning fake off
#FAKE_RSH=ssh


--end .fakerc--


Configuration -- Instances
--------------------------

To configure an instance of fake  create 
/etc/fake/instance_config/<ip-to-take-over>.cfg with the
following format;

SPOOF_IP=<ip-to-take-over>
SPOOF_NETMASK=<broadcast-of-network-that-ip-to-take-over-is-on>
TARGET_INTERFACE=<interface to bring up>

The SPOOF_IP must be the same as the IP in the name of the
file as this is checked at run time to ensure that config files
are edited and not just copied over each other. It is very
important that the TARGET_INTERFACE is different for
each instance that you envisage running simultaneously.

Optionally if you wish to rsh to the main server and 
advertise the "real" mac address when turning fake off
set the following;

FOREIGN_INTERFACE=<interface-on-foerign-host-with-macaddress-to-use>
FOREIGN_ARP=<number-of-arps-to-send-with-real-mac-address>

To use this last feature in an automated fashion you will 
need to be ablt to $FAKE_RSH to $SPOOF_IP from the host that
fake runs on without manual authintication. With rsh
this is typically achived using .rhosts and with ssh
a RSH key with an empty pass-prhase can be employed.


E.g. /etc/fake/instance_config/203.12.97.7.cfg

SPOOF_IP=203.12.97.7
SPOOF_NETMASK=255.255.255.0
TARGET_INTERFACE=eth0:2
FOREIGN_INTERFACE=eth0 
FOREIGN_ARP=5 


Activation
----------
   
To activate run: fake <ip-to-take-over> &
   
Logs will be made to the local0.note syslog facility 
so you should look here for messages

Running "ifconfig" should show the new interface

Running "route" should show a route to the spoof ip to the
new interface. This is only needed so the machine that fake
is running on can communicate correctly to this ip address.

Running "tcpdump -i <interface> arp" should show the
gratuitous arp packets.


Deactivation
------------

To deactivate run: fake remove <ip-to-take-over>

Examination of syslog messages should show that the fake process
have been shut down
 
ifconfig should show that the new interface has been removed

route should show that the new route has been removed

tcpdump should show that the gratuitous arp has stopped 


*** Note: activating fake multiple times with the same
arguments has the same effect as activating it once. Similarly
deactivating fake multiple times with the same arguments has
the same effect as deactivating it once.


