Date: Thu, 30 Jan 1997 22:14:30 +0100 (MET) From: Søren Schmidt <sos@ravenock.cybercity.dk> To: eivind@dimaga.com (Eivind Eklund) Cc: imp@village.org, hackers@freebsd.org Subject: Re: ipdivert & masqd Message-ID: <199701302114.WAA29443@ravenock.cybercity.dk> In-Reply-To: <3.0.32.19970130215029.00b2eba0@dimaga.com> from Eivind Eklund at "Jan 30, 97 09:50:30 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
In reply to Eivind Eklund who wrote:
> >and it saves the user for all that proxy fiddleing, they see the
> >world as if they where on the net directly...
>
> I was still thinking of doing 100% transparent proxies. This would involve
> snapping up all connection to proxied services, either re-assembling them
> or throwing them at a local socket. For this stream I would fork out and
> run a proxy, which could interpret the data as a stream instead of a set of
> disconnected packets.
>
> It is a little less efficient than packet-patching, but works 100% and
> still saves the user for 'all the proxy fiddleing'. Working with normal
> proxies (SOCKS, proxy-FTP) is a pain, and I will not write anything that
> encourage admins to use them.
Well having the kernel reassemble fragments (or pieces "known" to
belonging together) is one thing, but sending it out a socket to
userland and then back again costs. I played with the divert hack
to begin with, but it gave up on "true" ethernet speed, even
on fast machines (100Mhz 486's). Thats why I'm so focused on staying
in the kernel...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Søren Schmidt (sos@FreeBSD.org) FreeBSD Core Team
Even more code to hack -- will it ever end
..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701302114.WAA29443>