26 May
2007
26 May
'07
11:19 p.m.
On Sat, 2007-05-26 at 22:45 +0200, Jan Engelhardt wrote:
On May 26 2007 22:32, Igmar Palsenberg wrote:
We definitely want to move away from NAT, and we don't plan to migrate towards network channels. (at least for now).
But how is one supposed to fake addresses then?
By bind()'ing to the remote address, like the way it was done in the Linux 2.2 days.
Yeah but you'd still need a local table that lists tproxied sockets, so that for an arbitrary incoming packet it can be decided whether it is to go through the INPUT or FORWARD chain (and subsequently, destination program/host).
The local table is the "socket hash". We do a socket lookup early in the input path and divert the packet to the local IP stack by changing its dst_entry. -- Bazsi