From owner-freebsd-hackers  Fri Feb 16 08:56:44 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id IAA15284
          for hackers-outgoing; Fri, 16 Feb 1996 08:56:44 -0800 (PST)
Received: from brasil.moneng.mei.com ([151.186.109.160])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id IAA15279
          for <freebsd-hackers@FreeBSD.ORG>; Fri, 16 Feb 1996 08:56:42 -0800 (PST)
Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id KAA05525; Fri, 16 Feb 1996 10:54:44 -0600
From: Joe Greco <jgreco@brasil.moneng.mei.com>
Message-Id: <199602161654.KAA05525@brasil.moneng.mei.com>
Subject: Re: An ISP's Wishlist...
To: imp@village.org (Warner Losh)
Date: Fri, 16 Feb 1996 10:54:44 -0600 (CST)
Cc: jgreco@brasil.moneng.mei.com, msmith@atrad.adelaide.edu.au, muir@idiom.com,
        freebsd-hackers@FreeBSD.ORG
In-Reply-To: <199602161638.JAA11232@rover.village.org> from "Warner Losh" at Feb 16, 96 09:38:28 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-hackers@FreeBSD.ORG
Precedence: bulk

> : No, they don't... they just LOOK like they do due to the inherent nature of
> : emulation.  No packets actually pass from one network to another, so there
> : can be no "rewriting".  (from a user's point of view, maybe it doesn't 
> : matter).
> 
> Joe.  I'm sorry, but I have been working on on TIA as a consultant for
> the past 10 months.  The UDP packets have their headers rewritten and
> sent out.  The TCP packets are, indeed, batched up, but IP addresses
> in the data streams of TCP and/or port numbers are hacked along the
> way.  TIA (and SLiRP) are the ultimate filtering firewalls.  My
> probings of SLiRP show it to be doing the same sorts of things.
> 
> Maybe I'm missing something here, but why doesn't that qualify as
> rewriting?  Or are we having a semantic arguement?

Yes, you don't have an interface at all...  it's a userland program
presenting a fake interface to the remote client.  If I shoot a packet at
TIA, it *interprets* the packet and uses an algorithm to invoke the host
system's socket(), bind(), connect(), accept(), read(), and write() calls to
*simulate* what it believes the client user's intent was.  The client user's
packet is in no way passed on to the Internet.  They do NOT "have their
headers rewritten".  It's not the same packet at all!  The host system is
actually sending out a shiny-all-new packet.  Think of a Web proxy server.
The analogy is similar.  I'm not arguing the USEFULNESS of these sorts of
utilities - I have one client who makes excellent use of slirp - I'm just
trying to kill this bit of misinformation.  It's important for people to
understand how TIA/slirp actually DO work so that they understand the
inherent limitations of the technique.

... JG