Date: Wed, 13 Jan 1999 11:45:15 +0100 (MET) From: Marcin Cieslak <saper@system.pl> To: Brian Somers <brian@Awfulhak.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: libalias and ident Message-ID: <Pine.GSO.4.02.9901131138370.26242-100000@tricord.system.pl> In-Reply-To: <199901121821.SAA13888@keep.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Jan 1999, Brian Somers wrote:
> This sounds nice, but it's more than just a packet translation
> mechanism. It requires the ability to create a new process on the
> fly and pass all the necessary information to it. It also requires
> libalias to create a channel to that process so that it can pick up
> the response and send it as a packet back to the ident requestor.
> This is non-trivial as it would require natd to select() at the top
> level rather than just reading from the divert socket.
I think that ident should be made by a separate daemon, like midentd.
The only problem with libalias is to make information about proxified
connections available to other processes. If aliasing were done in
kernel, it would be ioctl() or /proc or whatever.
Since it is not, I suggest using a named pipe or other form of IPC
(control socket?) in order to allow ident - and perhaps others
processes interested - to gain information about current
network translation table.
Perhaps we should publish this information via sysctl(8) or
SNMP MIB. Of course, information about NAT should be exposed
carefully since it is used as a way of securing the internal
network against the outernet.
--
<< Marcin Cieslak // saper@system.pl >>
-----------------------------------------------------------------
SYSTEM Internet Provider http://www.system.pl
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.02.9901131138370.26242-100000>