[6bed4-devel] Bypassing the 6bed4 with direct connections.

[<ebi...@xm...>]

I have been playing with this and I really don't like the current
solution in 6bed4.  As it currently stands the solution is enormously
complex in it's implementation and it does not actually work to pierce
any connection tracking firewall (like iptables) that tracks the entire
<srcip,srcport,destip,destport> tuple.

I believe it is possible to come up with a comparitively simple design
that allows for making anypath that can work work.

To get through firewalls that track the entire source and destination
address we must attempt simultaneous connections from both sides.  This
is easy to arrange if we send an icmp packet through the router from
one machine to another to get it started.

I think we can/should use modified neigbour solict and neighbour
advertisements for this packet started.

The idea is we start off with a 4 way handshake to exchange possible
ip:port addresses and to estabilish the existence of bidirectional
routing connectivity (to foil most ipv4 source address spoofing).

Then both machines simultaneously perform traditional neighbour
discovery at each other to see which possible ipv4:port destinations
will work.

So in 2 round trip times or possibly 1.5 round trip times I believe
we can estabilish bidirectional connectivity that bypasses the
router if that bidirection connectivity is possible.

There are a lot of dyanmic details in practice that make this process
tricky.  I have spent way too much time understanding the current code
and playing with it to get it to the point where I can play with testing
my idea.  Unfortunately I am out of time for the next week or two, so
I don't know if a solution that works in theory will work in practice.

Since we are simply using just the unicast messages on the ports
we care about it should be very effective and comparitively simple.

Eric