From owner-freebsd-hackers Thu Jan 30 13:13:30 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA01698 for hackers-outgoing; Thu, 30 Jan 1997 13:13:30 -0800 (PST) Received: from ravenock.cybercity.dk (ravenock.cybercity.dk [194.16.57.32]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA01692 for ; Thu, 30 Jan 1997 13:13:23 -0800 (PST) Received: (from sos@localhost) by ravenock.cybercity.dk (8.8.5/8.7.3) id WAA29443; Thu, 30 Jan 1997 22:14:39 +0100 (MET) From: Søren Schmidt Message-Id: <199701302114.WAA29443@ravenock.cybercity.dk> Subject: Re: ipdivert & masqd In-Reply-To: <3.0.32.19970130215029.00b2eba0@dimaga.com> from Eivind Eklund at "Jan 30, 97 09:50:30 pm" To: eivind@dimaga.com (Eivind Eklund) Date: Thu, 30 Jan 1997 22:14:30 +0100 (MET) Cc: imp@village.org, hackers@freebsd.org X-Mailer: ELM [version 2.4ME+ PL30 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In reply to Eivind Eklund who wrote: > >and it saves the user for all that proxy fiddleing, they see the > >world as if they where on the net directly... > > I was still thinking of doing 100% transparent proxies. This would involve > snapping up all connection to proxied services, either re-assembling them > or throwing them at a local socket. For this stream I would fork out and > run a proxy, which could interpret the data as a stream instead of a set of > disconnected packets. > > It is a little less efficient than packet-patching, but works 100% and > still saves the user for 'all the proxy fiddleing'. Working with normal > proxies (SOCKS, proxy-FTP) is a pain, and I will not write anything that > encourage admins to use them. Well having the kernel reassemble fragments (or pieces "known" to belonging together) is one thing, but sending it out a socket to userland and then back again costs. I played with the divert hack to begin with, but it gave up on "true" ethernet speed, even on fast machines (100Mhz 486's). Thats why I'm so focused on staying in the kernel... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Søren Schmidt (sos@FreeBSD.org) FreeBSD Core Team Even more code to hack -- will it ever end ..