Date: Thu, 14 Jan 1999 04:29:51 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: "Joseph T. Lee" <nugundam@la.best.com> Cc: hackers@FreeBSD.ORG Subject: Re: libalias and ident Message-ID: <19990114042951.I76923@bitbox.follo.net> In-Reply-To: <19990113142245.A28487@la.best.com>; from Joseph T. Lee on Wed, Jan 13, 1999 at 02:22:45PM -0800 References: <199901121821.SAA13888@keep.lan.Awfulhak.org> <Pine.GSO.4.02.9901131138370.26242-100000@tricord.system.pl> <19990113142245.A28487@la.best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 13, 1999 at 02:22:45PM -0800, Joseph T. Lee wrote: > Any better ways to hack around this crux would be most welcome. I think the only way to do this is (1) 'Take over' port 113, faking an endpoint for all connections to it. (2) When the actual request comes in, parse it to find out which alias_link it belongs to. If it doesn't belong to any, synthezise a 'not found' response and be done. Otherwise, start creating a TCP-connection to true target, where you'll be repeating the request (with appropriate sequence number skew etc). (3) Create an alias_link for the ingoing connection. Of course, all of this requires that you are able to synthesise new packets, not just modify or drop packets. The present libalias API is not up to it; the API must be re-done, and all the clients updated. While we're at it, I think the library should be renamed to libnat. The code should also be made to not use these enormous amounts of global data, but instead work on data structures passed in by the client - this allow several instances in a single unit, and makes it much more suitable for more serious use. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990114042951.I76923>