Re: Gauntlet adaptive proxies

[carson () tla org]

> > > > > "Joseph" == Joseph S D Yao <jsdy () cospo osis gov> writes:

Joseph> This is not as easy as it sounds.  Consider trying to write a "C"
Joseph> program that analyzes its standard input and then, based on what it
Joseph> finds, hands off its standard input and standard output to another
Joseph> ALREADY RUNNING program ... and then exits to reduce overhead.  ;-)

FD passing via IPC. So? 

(And yes, I've earned my battle scars with that, too :)

Now, telling the packet filter in the kernal to do so is both easier and
more difficult. The hand-off is easier, but the packet filter now has to
understand sockets, or TCP streams, or something.

I'm glad that folks are finally implementing this. I started kicking the
idea around 3 or 4 years ago, and it's really usefull for various things
(such as the FTP data connection if you're _not_ doing CVP).

Of course, I wonder if the re-generate the packet headers or not... If not,
you loose one of the main benefits of an app proxy.

-- 
Carson Gaspar -- carson () cs columbia edu carson () tla org carson () cugc org
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body