←back to thread

Magic Wormhole: get things from one computer to another, safely

(github.com)
816 points tosh | 1 comments | 17 Aug 24 16:59 UTC | HN request time: 0.402s | source
Show context
lotharrr ◴[17 Aug 24 18:45 UTC] No.41276886[source]
author here.. happy to answer any questions!
replies(9): >>41276960 #>>41277084 #>>41277310 #>>41277500 #>>41277604 #>>41277995 #>>41278638 #>>41278665 #>>41284597 #
happosai ◴[17 Aug 24 20:16 UTC] No.41277604[source]
Nice project. Is there iptables connection tracking module that can handle the protocol?
replies(1): >>41277763 #
1. lotharrr ◴[17 Aug 24 20:37 UTC] No.41277763[source]
None that I know of. It just uses a TCP connection to the mailbox server (with keepalives), and then TCP connections for the bulk-transfer transit phase, so I can't think of anything special that iptables would need to handle it well.

The encrypted connection is used to exchange IP addresses.. maybe you're thinking of the module that e.g. can modify FTP messages to replace the IP addresses with NAT-translated ones? Our encryption layer would prevent that, but we'd probably get more benefit from implementing WebRTC or a more general hole-punching scheme, than by having the kernel be able to fiddle with the addresses.