Martin Maciaszek <mmaciaszek@gmx.net> writes:
> Why does linux have the ip_masq modules? I took a look at other
> operating system and they don't seem to have such modules.
> What's even more interesting: If I under stand the ip_masq
> modules correctly they're just transparent application proxies.
> Do they really have to run in kernel-space?
>
> Regards
> Martin
Properly speaking, IP masquerading isn't an application proxy; it is
an IP proxy, which doesn't know nearly so much about what it carries
(consult the ISO Open Systems Interconnect or OSI model for a rough
analogy -- IP would be OSI layer 3, TCP and UPD layer 4, and
applications layer 7. That said, some of the masquerading modules do
know how their applications behave so that they can do things like let
TCP data connections from the server succeed). It's this distinction
that makes it reasonable for the address translation to run in kernel
space -- it is at a low level in the protocol stack, not often
requiring much logic, that would otherwise require a raw packet socket
in a user-level implementation.
Yes, nothing is technically stopping NAT/masquerading from running in
user-space. But nothing is technically stopping an entire TCP/IP
stack from running in user-space, either. It's just a question of
what makes sense for the average user of the protocol handlers, and
what can go into the kernel without real warts.
Michael Poole
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:16 EST