From: Jeff D. <jd...@ka...> - 2001-10-02 15:22:53
|
sh...@ti... said: > My idea was to do something like SSH tunneling That's not the fully general networking that UML implements with TUN/TAP, et al. That's just doing port forwarding for non-privileged ports. > which does not require root access (TCP described here). Sure it does. You can't do ssh tunneling without a running network, and setting up the network requires root privileges. > I thought of uml_router, since this is the only networking that > doesn't require host IP setup. Because it doesn't send packets through the host network. > The uml process would call bind()/listen() on port 8080, and if a > process in the virtual machine had called bind()/listen() on this > port, then it would get the packets from the outside world. At this > point, NAT should be easy enough: > > $ linux eth0=porttunnel,8080:80,4343:43 Something like this might work. I have this on my todo list, for unix sockets. I think it's possible to intercept socket operations for unix sockets at the filesystem level. For normal TCP sockets, I don't think UML has any chance to intercept anything until the low-level network driver gets a completely formatted packet. To do what you want, it would have to extract the data, throw out the headers after making sure that the source port was correct, and send the data to the host port. What might be easier is a tunnel daemon running inside UML listening to port 80 or 43 and forwarding traffic to a special device that's hooked up to a tunnel driver. This wouldn't be a general network driver, it would a special-purpose thing that forwards traffic between a host port and its node inside UML. Jeff |