Date: Fri, 16 Feb 1996 10:54:44 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: imp@village.org (Warner Losh) Cc: jgreco@brasil.moneng.mei.com, msmith@atrad.adelaide.edu.au, muir@idiom.com, freebsd-hackers@FreeBSD.ORG Subject: Re: An ISP's Wishlist... Message-ID: <199602161654.KAA05525@brasil.moneng.mei.com> In-Reply-To: <199602161638.JAA11232@rover.village.org> from "Warner Losh" at Feb 16, 96 09:38:28 am
next in thread | previous in thread | raw e-mail | index | archive | help
> : No, they don't... they just LOOK like they do due to the inherent nature of > : emulation. No packets actually pass from one network to another, so there > : can be no "rewriting". (from a user's point of view, maybe it doesn't > : matter). > > Joe. I'm sorry, but I have been working on on TIA as a consultant for > the past 10 months. The UDP packets have their headers rewritten and > sent out. The TCP packets are, indeed, batched up, but IP addresses > in the data streams of TCP and/or port numbers are hacked along the > way. TIA (and SLiRP) are the ultimate filtering firewalls. My > probings of SLiRP show it to be doing the same sorts of things. > > Maybe I'm missing something here, but why doesn't that qualify as > rewriting? Or are we having a semantic arguement? Yes, you don't have an interface at all... it's a userland program presenting a fake interface to the remote client. If I shoot a packet at TIA, it *interprets* the packet and uses an algorithm to invoke the host system's socket(), bind(), connect(), accept(), read(), and write() calls to *simulate* what it believes the client user's intent was. The client user's packet is in no way passed on to the Internet. They do NOT "have their headers rewritten". It's not the same packet at all! The host system is actually sending out a shiny-all-new packet. Think of a Web proxy server. The analogy is similar. I'm not arguing the USEFULNESS of these sorts of utilities - I have one client who makes excellent use of slirp - I'm just trying to kill this bit of misinformation. It's important for people to understand how TIA/slirp actually DO work so that they understand the inherent limitations of the technique. ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602161654.KAA05525>