                             Drawbridge 2.0 ALPHA

INTRODUCTION:

Drawbridge is a copyrighted but freely distributable bridging filter.
It uses a PC with two ethernet cards or two FDDI cards to perform the
filtering. It is composed of three different tools: Filter, Filter
Compiler and Filter Manager. This distribution is version 2.0 which is
a major overhaul of the earlier versions.

While this release is called an ALPHA release, the code is quite stable
both in features and performance. There are no known bugs though the
code has not been exhaustively tested yet. We currently have the code
in this package installed as an FDDI to FDDI filter which is in
production use. The documentation and packaging is what is not quite
ready for prime time yet.


CHANGES:

	o Filter now supports FDDI to FDDI filtering. Note however that
		due to the inherent limitations with bridging on FDDI,
		Filter will only work under a very specific and limited
		configuration. Please send email to
		drawbridge@net.tamu.edu if you are interested in
		attempting this.

	o Filter now uses NDIS 2.01 DOS drivers. Therefore any Ethernet
		cards or FDDI cards with adequate NDIS drivers can be
		used with Drawbridge 2.0.

	o Filter now has an IP protocol stack and the management occurs
		via UDP. This allows the Filter Manager to run on just
		about any Unix platform that has BSD sockets. (Note
		that currently I haven't ported it to platforms other
		than Solaris 2.3 and that there are byte ordering
		problems that need to be resolved for little endian
		machines.)

	o Filter now uses an (as far as we know) exportable Pseudo One
		Time Pad cryptographic scheme for authentication and
		privacy over the management channel.

	o Filter now provides statistics from both the console and
		Filter Manager. Both Filter specific and NDIS
		statistics are reported.

	o Filter is now interrupt driven rather than polling (forced
		because of NDIS) and performance is now much better.
		With the previously recommended setup Filter now produces
		transfer rates of 5Mb/sec versus the previously
		measured 2Mb/sec. 10Mb/sec on ethernet should be easily
		achieved with faster cards, buses and CPUs.

		Under FDDI with a 60MHz Pentium, and two EISA Network
		Peripherals FDDI cards, data rates up to 18Mb/sec have
		been measured. The actual limit is higher but we do
		not have a reliable testbed capable of generating and
		measuring higher data rates at this time.

	o Filter now uses XMS memory to store the network tables. A
		cache is kept in low memory.

	o Filter has a new switch which controls whether or not packets
		other than IP/ARP/RARP are transparently bridged.

	o Filter Compiler (and Filter) is backward source and binary
		compatible. Other than bug fixes, no changes have been made
		to the Filter Compiler. A few byte ordering fixes so it will
		run on little endian machines will be made in the BETA
		release.

		For the Filter, the DES key file is no longer used and
		a new file PASSWORD is maintained.  Also Filter Manager
		no longer uses .fmkey.* files.

	o The GNU Copyleft has been removed. This material is now covered
		under a Berkeley style copyright. I.E. you can do anything
		you want with the code but must credit us. See the file
		COPYING.

	o A few commands have been added/changed in the Filter Manager. The
		changes are documented under the help system.


AVAILABILITY:

Drawbridge is available via anonymous ftp from net.tamu.edu (128.194.177.1)
in pub/security/drawbridge as:

drawbridge-2.0.tar.Z

The package should untar into 4 directories:

	doc    - directory with documentation about Drawbridge
		 (including two papers referenced in the documentation)
	fm     - directory with source code for the Filter Manager plus
		 a binary for Solaris 2.3 on Sparc.
	fc     - directory with source code for the Filter Compiler plus
		 a binary for Solaris 2.3 on Sparc.
	filter - directory with three PKZIP archives and PKUNZIP.EXE
		ndis.zip   - PKZIP archive containing the NDIS 2.01
			     utilities.
		filter.zip - PKZIP archive with source code and
			     executable for the Filter.
		config.zip - PKZIP archive with example config.sys,
			     protocol.ini, autoexec.bat and the latest 
			     SMC driver for the Ethernet cards required 
			     by earlier versions of Drawbridge.

And 2 files:

	README 	- this file
	COPYING - copyright notice.


REQUIREMENTS:

The requirements are less stringent in Drawbridge version 2.0.  Filter
is compiled for and requires an 80386 or higher processor (it is
documented in the makefile how to compile for a higher processor). Any
Ethernet or FDDI boards for any bus may be used as long as they have
NDIS 2.01 drivers. 

NOTE! These drivers *must* support promiscuous mode and *must* allow
you to configure the driver to support two cards in one PC. Be careful
to confirm this before you settle on any adapters. Some adapters do
not support these features.


BUILDING:

The Filter Compiler and Filter Manager both require an ANSI C compiler;
the GNU C Compiler (gcc) is recommended. The Filter requires Borland
C++ 4.02 and Borland Turbo Assembler 4.0. An executable version of
Filter is provided in case you do not have access to these tools.

To build Filter Compiler (fc) and Filter Manager (fm), just go into the
respective directories and type "make". This will build the
exectuables. To install fc and fm, edit the makefiles to set the
destination directory, become root and type "make install".

To build Filter, unarchive the PKZIP archive, go to the source directory
and type "make".

To get a better idea of how Drawbridge works and how it is used, begin with
the OVERVIEW paper in the doc directory.


CONTACTS:

Any suggestions or comments can be sent to: drawbridge@net.tamu.edu

Any and all feedback on this ALPHA release is welcome. Also, ports of the
Filter Compiler and Filter Manager to other platforms would be appreciated.

Drawbridge was designed and programmed by:

David K. Hess
Douglas Lee Schales
David R. Safford

Texas A&M University
November 16, 1994
