as long as you restrict your network to plan 9 machines, it is possible
to import /net from a gateway machine and avoid sticky things like packet
filtering.
Back to the future yet? May I suggest that the "sticky" packet filtering,
more generally packet manipulation, has crucial applications in any
packet-switched network (like... "the Net") and a certain OS's current lack
of facilities, out of the box, to deal with the problem does not
automatically mean the problem should be thrown out. Of course, in an
essentially sheltered world not having an IDS is as good as having one but,
you see, that's the world of a certain OS. Other OSes have to live in the
wild.
P.S. This is a get-back from the NAT thread.
--On Tuesday, March 24, 2009 7:20 PM -0400 erik quanstrom
<quans...@quanstro.net> wrote:
It seems that /net/iproute is where I can start. It has a complete
interface for editing routes. What we need is a user space script that
implements routing, like http://www.openbgp.org/ does on OpenBSD.
Except that, it will only have to send add, delete and flush control
messages to the iproute file.
see ipconfig(8).
About Packet Classification. I read that iptables is not needed on
Plan 9 because its "mount /net over the network" concept achieved
anonymity or transparency -- something along those lines. "There are
no logs about who is sending what, and that is a good thing".
that's not strictly true. as long as you restrict your network to
plan 9 machines, it is possible to import /net from a gateway
machine and avoid sticky things like packet filtering. there is
also ipmux (discussed in ip(3)). i don't think ipmux has enough
rewriting (or state) to implement something like nat.
- erik
