From owner-freebsd-net@FreeBSD.ORG Sun Nov 27 06:18:53 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30A2516A420 for ; Sun, 27 Nov 2005 06:18:53 +0000 (GMT) (envelope-from julian@elischer.org) Received: from delight.idiom.com (outbound.idiom.com [216.240.47.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id E7F7B43D49 for ; Sun, 27 Nov 2005 06:18:50 +0000 (GMT) (envelope-from julian@elischer.org) Received: from idiom.com (idiom.com [216.240.32.1]) by delight.idiom.com (Postfix) with ESMTP id 84DC2226FDC for ; Sat, 26 Nov 2005 22:18:50 -0800 (PST) Received: from [192.168.2.5] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id jAR6In4R050999 for ; Sat, 26 Nov 2005 22:18:50 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <43894FC9.6040205@elischer.org> Date: Sat, 26 Nov 2005 22:18:49 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.11) Gecko/20050727 X-Accept-Language: en-us, en MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: proposal: TCP rendevous X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 06:18:53 -0000 In this world of P2P apps it would be neat to have a way that two P2P apps could attach to each other even though each is through a firewall. Most firewalls only allow "outgoing" connections. It would of course be possible via a 3rd party relaying but that is inneffieient and the throughput would be limited by throughput limits on the 3rd party link. It must be possible, with the connivance of a 3rd party both parties could be able to make suitable 'OUTGOING' connections. The 3rd party would spoof needed packets using information supplied by the two parties. if this were to be done, there would be two modes In the first, the application can be modified so special socket options could be used but for application binaries that can't be modified, one would need an external way of 'interfering' with the sessions. You could probably do it with netgraph. I'm still thinking about connecting systems separated by NAT however. that's a trickier problem. you still need to use outgoing connections but no-one who is not in the path can not tell what the NAT'd packets looke like. julian