From owner-freebsd-hackers Tue Jan 12 11:12:03 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA26996 for freebsd-hackers-outgoing; Tue, 12 Jan 1999 11:12:03 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from awfulhak.org (awfulhak.force9.co.uk [195.166.136.63]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA26961 for ; Tue, 12 Jan 1999 11:12:00 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (brian@keep.lan.Awfulhak.org [172.16.0.8]) by awfulhak.org (8.8.8/8.8.8) with ESMTP id TAA23402; Tue, 12 Jan 1999 19:11:24 GMT (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by keep.lan.Awfulhak.org (8.9.1/8.9.1) with ESMTP id SAA13888; Tue, 12 Jan 1999 18:21:26 GMT (envelope-from brian@keep.lan.Awfulhak.org) Message-Id: <199901121821.SAA13888@keep.lan.Awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: Marcin Cieslak cc: freebsd-hackers@FreeBSD.ORG Subject: Re: libalias and ident In-reply-to: Your message of "Tue, 12 Jan 1999 17:42:42 +0100." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 12 Jan 1999 18:21:26 +0000 From: Brian Somers Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [.....] > However, I would like also to see another way of handling > ident queries (I guess it's much easier to implement) > returning the predefined string (for example hostname but > not neccesary) uniquely identifying the host behind NAT. > This may be not what the security guys want, but this > would be a handy way of identifying machine for LARTing > purposes for example :) > > We can go further and report something like "user+host" > in the ident response: giving "host" identifying the hidden > machine and "user" resulting from the ident query on that > machine. > > I think that all those modes should be configurable, at > least at the compile time. This sounds nice, but it's more than just a packet translation mechanism. It requires the ability to create a new process on the fly and pass all the necessary information to it. It also requires libalias to create a channel to that process so that it can pick up the response and send it as a packet back to the ident requestor. This is non-trivial as it would require natd to select() at the top level rather than just reading from the divert socket. I don't think the functionality warrants the effort required, and I think the libalias code would be polluted too much as a result. > -- > << Marcin Cieslak // saper@system.pl >> > > ----------------------------------------------------------------- > SYSTEM Internet Provider http://www.system.pl -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message