From owner-freebsd-hackers  Wed Jan 13 02:45:35 1999
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA10214
          for freebsd-hackers-outgoing; Wed, 13 Jan 1999 02:45:35 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from tricord.system.pl (tricord.system.pl [195.205.185.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA10189
          for <freebsd-hackers@FreeBSD.ORG>; Wed, 13 Jan 1999 02:45:32 -0800 (PST)
          (envelope-from saper@system.pl)
Received: from localhost (saper@localhost [127.0.0.1])
	by tricord.system.pl (SYSTEM Internet) with SMTP id LAA26263;
	Wed, 13 Jan 1999 11:45:16 +0100 (MET)
Date: Wed, 13 Jan 1999 11:45:15 +0100 (MET)
From: Marcin Cieslak <saper@system.pl>
To: Brian Somers <brian@Awfulhak.org>
cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: libalias and ident 
In-Reply-To: <199901121821.SAA13888@keep.lan.Awfulhak.org>
Message-ID: <Pine.GSO.4.02.9901131138370.26242-100000@tricord.system.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 12 Jan 1999, Brian Somers wrote:

> This sounds nice, but it's more than just a packet translation 
> mechanism.  It requires the ability to create a new process on the 
> fly and pass all the necessary information to it.  It also requires 
> libalias to create a channel to that process so that it can pick up 
> the response and send it as a packet back to the ident requestor.  
> This is non-trivial as it would require natd to select() at the top 
> level rather than just reading from the divert socket.

I think that ident should be made by a separate daemon, like midentd.
The only problem with libalias is to make information about proxified
connections available to other processes. If aliasing were done in 
kernel, it would be ioctl() or /proc or whatever. 
Since it is not, I suggest using a named pipe or other form of IPC
(control socket?) in order to allow ident - and perhaps others
processes interested - to gain information about current
network translation table. 

Perhaps we should publish this information via sysctl(8) or 
SNMP MIB. Of course, information about NAT should be exposed
carefully since it is used as a way of securing the internal
network against the outernet.

-- 
                 << Marcin Cieslak // saper@system.pl >>

-----------------------------------------------------------------
SYSTEM Internet Provider                     http://www.system.pl



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message