Re: Vat Location Service shapj@us.ibm.com
Thu, 14 Jan 1999 13:15:36 -0500

Thank you.

I believe it is possible for the recipient to learn the sender's IP address during the accept() system call.

Unfortunately, the port number learned thereby is generally not the port on which the VAT accepts connections. Since firewalls can also remap port numbers, this might be a problem.

A user-run VAT will accept connections on a user-space port number, which is allocated pretty well randomly. Firewalls generally suppress connections to all non-privileged port numbers unless associated with a protocol they understand.

In short, you can't rely at all on being able to build an inbound TCP connection across a firewall unless to a well-known protocol. A rendevous proxy sitting in public space might help...

shap

Chip Morningstar <chip@communities.com> on 01/14/99 12:57:16 PM

To: e-lang@eros.cis.upenn.edu
cc: (bcc: Jonathan S Shapiro/Watson/IBM) Subject: Re: Vat Location Service

Jonathan sez:
>I'm missing something obvious. Why shouldn't it simply report whatver IP
>address the vat *tells* it to report? The VLS has no way to determine the
>port number at which the vat accepts connections in any case, so there is
>already vat-alleged stuff that needs to be accepted by the VLS.

[-] The problem, as I understand it, is that with Network Address Translation the Vat may not *know* what its IP address is. The only way it can find out is to ask somebody else, "what address do you see me talking to you from?". That somebody else might as well be the VLS.