[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fully transparent ftp-proxy?



On Wed, Oct 30, 2002 at 10:24:29PM +0100, Daniel Hartmeier wrote:
> On Wed, Oct 30, 2002 at 08:41:12PM +0000, Roy Badami wrote:
> 
> > It seems to me that whilst it might require a minimal amount of kernel
> > machinery to permit setup of the outgoing connection from the proxy,
> > once established it is identical in nature to the incoming
> > connection...
> 
> This could be solved with 'embryonic states', a separate list/tree of
> state entries that lack certain parts (like source ports, which are
> usually random and not known in advance). After the normal state lookup
> (if it fails), but before the rule set evaluation, a matching embryonic
> state would be completed and turn into a normal state.
Uh well, this sounds like a massive performance penalty... I don't think I
like that.