* Stuart Henderson <[EMAIL PROTECTED]> [2007-11-22 14:38]: > On 2007/11/22 14:04, Henning Brauer wrote: > > * Reyk Floeter <[EMAIL PROTECTED]> [2007-11-22 13:11]: > > > On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote: > > > > pf(4) can do this. I have a diff with me but if I send it in the present > > > > state, then Theo will catch my neck. :) > > > > > > > > I should be able to submit a diff soon. I need to modify it to meet the > > > > high standards of OpenBSD... > > > > > > > > > > i'm sure that somebody told you about the reason to reject these patches: > > > > > > it does not belong into the kernel! > > > > well. depends. if it is reasonably small and obvious it might be ok. > > it must look at the control message on TCP/1723 and translate CallID; > then it must look at the session packets (GRE/proto 47) and translate > CallID the same way. > > the parts handling control messages probably belong in userland and > they can add translation rules to an anchor like ftp-proxy does, but > that would need a change to PF so that you can tell it to translate > CallID for GRE packets (like you can tell it to translate port for > TCP/UDP).
sounds reasonable. but i have no idea how coplicated gre is or what it takes to translate callIDs. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
