Re: stf, security and NAT traversal

["Rodolphe De Saint Leger" <rdesaintleger%gmail.com@localhost>]

On Jan 22, 2008 5:26 PM, Ignatios Souvatzis <is%netbsd.org@localhost> wrote:
> On Sat, Jan 19, 2008 at 09:48:10PM +0100, Rodolphe De Saint Leger wrote:

> Now does NAT traversal provide more security? But anyway, for the
> record:  a tunneling method for (single) machines behind NAT is
> Teredo. An implementation available to NetBSD would be net/miredo
> in pkgsrc.
>

The security part is not about nat. At the beginning I only search for
the nat traversal.
The other checks came after to deny some attacks.

I knew about miredo, but I do not have a single machine :)

>
> Hm, magic bits? Why not use an interface flag?
>

All link interface flags were already used, and I didn't want to break
existing 6to4 behavior.
I searched for other solutions, but it was... worse :(

>
> So you still need to know the external v4 address before configuration?
>

Yes, otherwise it won't work.

-- 
int main(int c,char**v){int b,e=(c>>24)+6,g=c==1?1:e>>4;
char*d=c==1?"d3JpdGUgaW4gQw==":g==2?*v:v[c-1];b=c<<6|(*d
+(*d>96?-71:*d>58?-65:*d>47?4:*d>46?16:19));if(*d==61?0:
*d){if((e&=15)>7)putchar((b>>(e-=8))&255); d++;main(((e|
32)<<24)|(b&4095),&d);}return g<2&&c>2?main(--c,v):1;}