proposal: TCP rendevous
Julian Elischer
julian at elischer.org
Sun Nov 27 06:18:53 GMT 2005
In this world of P2P apps it would be neat to have a way that two P2P apps
could attach to each other even though each is through a firewall. Most
firewalls only allow
"outgoing" connections.
It would of course be possible via a 3rd party relaying but that is
inneffieient and the throughput
would be limited by throughput limits on the 3rd party link.
It must be possible, with the connivance of a 3rd party both parties
could be able
to make suitable 'OUTGOING' connections.
The 3rd party would spoof needed packets using information supplied
by the two parties.
if this were to be done, there would be two modes
In the first, the application can be modified so special socket options
could be used
but for application binaries that can't be modified, one would need an
external way
of 'interfering' with the sessions.
You could probably do it with netgraph.
I'm still thinking about connecting systems separated by NAT however.
that's a trickier problem. you still need to use outgoing connections but
no-one who is not in the path can not tell what the NAT'd packets looke
like.
julian
More information about the freebsd-net
mailing list