From owner-freebsd-hackers  Wed Jan 13 19:31:09 1999
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA08228
          for freebsd-hackers-outgoing; Wed, 13 Jan 1999 19:31:09 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA08221
          for <hackers@freebsd.org>; Wed, 13 Jan 1999 19:31:03 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id EAA22289;
	Thu, 14 Jan 1999 04:29:54 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id EAA86886;
	Thu, 14 Jan 1999 04:29:51 +0100 (MET)
Date: Thu, 14 Jan 1999 04:29:51 +0100
From: Eivind Eklund <eivind@FreeBSD.ORG>
To: "Joseph T. Lee" <nugundam@la.best.com>
Cc: hackers@FreeBSD.ORG
Subject: Re: libalias and ident
Message-ID: <19990114042951.I76923@bitbox.follo.net>
References: <199901121821.SAA13888@keep.lan.Awfulhak.org> <Pine.GSO.4.02.9901131138370.26242-100000@tricord.system.pl> <19990113142245.A28487@la.best.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <19990113142245.A28487@la.best.com>; from Joseph T. Lee on Wed, Jan 13, 1999 at 02:22:45PM -0800
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Jan 13, 1999 at 02:22:45PM -0800, Joseph T. Lee wrote:
> Any better ways to hack around this crux would be most welcome.

I think the only way to do this is

(1) 'Take over' port 113, faking an endpoint for all connections to
it.
(2) When the actual request comes in, parse it to find out which
alias_link it belongs to. If it doesn't belong to any, synthezise a
'not found' response and be done.  Otherwise, start creating a
TCP-connection to true target, where you'll be repeating the request
(with appropriate sequence number skew etc).
(3) Create an alias_link for the ingoing connection.

Of course, all of this requires that you are able to synthesise new
packets, not just modify or drop packets.  The present libalias API is
not up to it; the API must be re-done, and all the clients updated.

While we're at it, I think the library should be renamed to libnat.
The code should also be made to not use these enormous amounts of
global data, but instead work on data structures passed in by the
client - this allow several instances in a single unit, and makes it
much more suitable for more serious use.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message