aszlig
commented
4 years ago I think this should be more suitable in a FAQ rather than in the problem statement section, because:
1.) For a long time there has been already tool with similar functionality. It's called socat:
The socat tool has a very different purpose: It is essentially a way of connecting streams between different protocols and/or socket types. For example if you have a program which is listening to a TCP/IP socket and you use socat to redirect the TCP/IP socket to a Unix domain socket, you suddenly have two sockets and the TCP/IP socket is still listening.
With ip2unix the corresponding library calls of the program are intercepted, so it doesn't even bind/listen to an IP socket in the first place.
2.) Iptables (and therefore probably also nftables) can already quite easily match packets by unix username.
True. This however still comes with additional complexity you need to introduce and you still have the overhead of two sockets. This also becomes even more complex if you want to do this across different network namespaces.
Addendum: Another way to work around this using socat would be to run the program in a network namespace, let it bind to an IP socket and use socat to provide a Unix socket to be connectable from another network namespace. But again, this also has the same overhead as mentioned above.
Now the question would be: Where to put the FAQ section? Putting it too far to the top of the README it will just mean more scrolling, but if it's too far to the bottom/middle nobody is going to read it.
Hello in reaction to Problem Statement in README.md i would like to state few facts:
1.) For a long time there has been already tool with similar functionality. It's called socat:
https://linux.die.net/man/1/socat
2.) Iptables (and therefore probably also nftables) can already quite easily match packets by unix username.