From owner-freebsd-hackers  Sun Apr 22 21:27: 1 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from spider.pilosoft.com (p55-222.acedsl.com [160.79.55.222])
	by hub.freebsd.org (Postfix) with ESMTP
	id 56FD837B422; Sun, 22 Apr 2001 21:26:49 -0700 (PDT)
	(envelope-from alex@pilosoft.com)
Received: from localhost (alexmail@localhost)
	by spider.pilosoft.com (8.9.3/8.9.3) with ESMTP id AAA08460;
	Mon, 23 Apr 2001 00:32:39 -0400 (EDT)
Date: Mon, 23 Apr 2001 00:32:39 -0400 (EDT)
From: Alex Pilosov <alex@pilosoft.com>
To: "Andrew R. Reiter" <arr@watson.org>
Cc: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>,
	hackers@FreeBSD.ORG, net@FreeBSD.ORG
Subject: Re: TCP intercept?
In-Reply-To: <Pine.NEB.3.96L.1010422203609.90246A-100000@fledge.watson.org>
Message-ID: <Pine.BSO.4.10.10104230028370.17529-100000@spider.pilosoft.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In cisco terminology, 'tcp intercept' is what the 'ip and tcp reassembly'
part of ipnat does (without port/address rewriting). For example, a router
in the middle which is doing the intercept will have to buffer/reassemble
tcp stream and only forward packets after they are confirmed good.

Example: packets with a wrong sequence number will be bounced at the
router. On ciscos,  tcp-intercept  can also rate-limit syn packets...

I'm not sure if it can be enabled in ipnat separately, but hell, if
someone wants to do it...

On Sun, 22 Apr 2001, Andrew R. Reiter wrote:

> 
> What's TCP intercept?
> 
> On Mon, 23 Apr 2001, E.B. Dreger wrote:
> 
> > Greetings all,
> > 
> > I'm no kernel hacker, and trying to think of useful little projects to
> > change that. ;-)
> > 
> > AFAIK, FreeBSD lacks support for TCP intercept.  Is anyone already working
> > on this?  Would it be of interest to anyone?  My initial thoughts are that
> > it should be implemented in the same neighborhood as stateful firewall
> > code, as the two are rather closely related.
> > 
> > 
> > Eddy
> > 
> > ---------------------------------------------------------------------------
> > 
> > Brotsman & Dreger, Inc.
> > EverQuick Internet / EternalCommerce Division
> > 
> > Phone: (316) 794-8922
> > 
> > ---------------------------------------------------------------------------
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-hackers" in the body of the message
> > 
> 
> *-------------.................................................
> | Andrew R. Reiter 
> | arr@fledge.watson.org
> | "It requires a very unusual mind
> |   to undertake the analysis of the obvious" -- A.N. Whitehead
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message