[9fans] Question on /net with respect to anonymity

[9fans] Question on /net with respect to anonymity

[Rahul Murmuria]

I have been working on a couple of networking related projects, one of
them being the /net filesystem on Linux kernel for the Glendix[1]
project. I was however unclear on certain networking aspects of /net
on pure Plan 9 / 9P networks. The question is, is there a proper
document explaining and analyzing the networking aspects of using
/net?

[1] http://www.glendix.org

When a user mounts the /net of another computer system, (and I suppose
the protocol used there also is 9P), the client essentially gains the
ability to send packets out of the server's ethernet port. Hence a
gateway or/and a VPN is implemented in the Plan 9 world. I understand
that the main advantage is that we get to use the same userspace tools
to work with files in the /net directory, without needing to know
whether it is on the local system, or is a remote filesystem. It's
just a brilliant and clean way of performing the same task we have
done for decades using more complex sockets-based implementations.

However, the absence of ipfilters / iptables means, the gateways
really have no history information and no control over who is having
access to either of its interfaces. That can be taken care of, if we
run an extra service to provide these features, but it is no more a
requirement to run a gateway. There is a mention of anonymous traffic
here, which I have not been able to locate in literature.

So how about if we created a, say MANET, where we used /net, and hence
used 5 different nodes one after the other, each mounting the /net of
the next node, and ultimately send the packet out to the Internet from
the last node. Is there anything different we will see, from the
networking side of things, than what we know of based on widely used
implementations?

Regards,
--
Rahul Murmuria

Re: [9fans] Question on /net with respect to anonymity

[Tim Newsham]

> However, the absence of ipfilters / iptables means, the gateways
> really have no history information and no control over who is having
> access to either of its interfaces.

If I mounted my gateway's /net onto my machine, I would expect
that the gateway would do no extra filtering on my connections
than it did on any of its own connections. That's a feature,
not a bug.

Am I misunderstanding what you're saying?

> Rahul Murmuria

Tim Newsham | www.thenewsh.com/~newsham | thenewsh.blogspot.com

Re: [9fans] Question on /net with respect to anonymity

[Rahul Murmuria]

On Wed, Mar 17, 2010 at 12:08 AM, Tim Newsham <newsham@lava.net> wrote:
>> However, the absence of ipfilters / iptables means, the gateways
>> really have no history information and no control over who is having
>> access to either of its interfaces.
>
> If I mounted my gateway's /net onto my machine, I would expect
> that the gateway would do no extra filtering on my connections
> than it did on any of its own connections. That's a feature,
> not a bug.
>

Ditto. I did not intend to mean anything contrary to that. My interest
is only to explore the networking aspects (if any), of using /net with
9P, as against the existing POSIX compliant networks we have, on
fronts like anonymity, firewalling and the like. It is important to
know that, if I am working to have /net on Linux.. because at the
moment, I have no reason to believe that there is any use at all in
doing so, apart from enabling the "compiled on/for Plan 9" a.out
binaries to find the /net (which they assume to be available
everytime... on Plan 9 systems) when loaded on a Linux kernel with
Glendix patches.

> Am I misunderstanding what you're saying?
>
>> Rahul Murmuria
>
> Tim Newsham | www.thenewsh.com/~newsham | thenewsh.blogspot.com
>
>



--
Rahul Murmuria