From owner-freebsd-hackers  Wed Jan 13 14:26:02 1999
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA12399
          for freebsd-hackers-outgoing; Wed, 13 Jan 1999 14:25:45 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from shell2.la.best.com (shell2.la.best.com [209.24.216.141])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA12393
          for <freebsd-hackers@FreeBSD.ORG>; Wed, 13 Jan 1999 14:25:42 -0800 (PST)
          (envelope-from nugundam@shell2.la.best.com)
Received: (from nugundam@localhost)
	by shell2.la.best.com (8.9.1/8.9.0/best.sh) id OAA29088;
	Wed, 13 Jan 1999 14:22:45 -0800 (PST)
Message-ID: <19990113142245.A28487@la.best.com>
Date: Wed, 13 Jan 1999 14:22:45 -0800
From: "Joseph T. Lee" <nugundam@la.best.com>
To: Marcin Cieslak <saper@system.pl>, Brian Somers <brian@Awfulhak.org>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: libalias and ident
References: <199901121821.SAA13888@keep.lan.Awfulhak.org> <Pine.GSO.4.02.9901131138370.26242-100000@tricord.system.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <Pine.GSO.4.02.9901131138370.26242-100000@tricord.system.pl>; from Marcin Cieslak on Wed, Jan 13, 1999 at 11:45:15AM +0100
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Jan 13, 1999 at 11:45:15AM +0100, Marcin Cieslak wrote:
> I think that ident should be made by a separate daemon, like midentd.
> The only problem with libalias is to make information about proxified
> connections available to other processes. If aliasing were done in 
> kernel, it would be ioctl() or /proc or whatever. 

Ident is already a separate daemon, namely pidentd. 

> Since it is not, I suggest using a named pipe or other form of IPC
> (control socket?) in order to allow ident - and perhaps others
> processes interested - to gain information about current
> network translation table. 

Even with the local ident daemon having the necessary information to
forward the ident query, it still would not work due to the way the
RFC 113 protocol works.

It matches the query's remote ip with a same remote ip, and port gleaned
from the query.  If the natd host made the query, then it would not
work, as the ips would not match.  I've coded far enough into
libalias to test this, as I understand it.

This is all due to the host behind natd connecting 'through' the
natd firewall instead of 'to' the firewall, as how other proxying
schemes work.

I'm not even sure why identd supports a PROXY query command, since
it wouldn't match the ip/port tables anyways...

Any better ways to hack around this crux would be most welcome.

-- 
Joseph nugundam =best=com==/==\=IIGS=/==\=Playstation=/==\=Civic HX CVT=/==\
#        Anime Expo 1998        >> www.anime-expo.org/                      >
#         Redline Games         >> www.redlinegames.com/                    >
#      Cal-Animage Epsilon      >> www.best.com/~nugundam/epsilon/          >
# EX: The Online World of Anime & Manga >> www.ex.org/                     /

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message