From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Wed, 25 Mar 2009 10:41:34 +0000 From: Eris Discordia To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: [9fans] Plan 9 on Routers? Topicbox-Message-UUID: c41bee86-ead4-11e9-9d60-3106f5b1d025 > as long as you restrict your network to plan 9 machines, it is possible > to import /net from a gateway machine and avoid sticky things like packet > filtering. Back to the future yet? May I suggest that the "sticky" packet filtering, more generally packet manipulation, has crucial applications in any packet-switched network (like... "the Net") and a certain OS's current lack of facilities, out of the box, to deal with the problem does not automatically mean the problem should be thrown out. Of course, in an essentially sheltered world not having an IDS is as good as having one but, you see, that's the world of a certain OS. Other OSes have to live in the wild. P.S. This is a get-back from the NAT thread. --On Tuesday, March 24, 2009 7:20 PM -0400 erik quanstrom wrote: >> It seems that /net/iproute is where I can start. It has a complete >> interface for editing routes. What we need is a user space script that >> implements routing, like http://www.openbgp.org/ does on OpenBSD. >> Except that, it will only have to send add, delete and flush control >> messages to the iproute file. > > see ipconfig(8). > >> About Packet Classification. I read that iptables is not needed on >> Plan 9 because its "mount /net over the network" concept achieved >> anonymity or transparency -- something along those lines. "There are >> no logs about who is sending what, and that is a good thing". > > that's not strictly true. as long as you restrict your network to > plan 9 machines, it is possible to import /net from a gateway > machine and avoid sticky things like packet filtering. there is > also ipmux (discussed in ip(3)). i don't think ipmux has enough > rewriting (or state) to implement something like nat. > > - erik >