Andreas Fink wrote:
On Donnerstag, Juni 5, 2003, at 09:50 Uhr, Vjacheslav Chekushin wrote:
Hi, list. I have several WAP gateways on one host (bound to different interfaces). One of WAP gateways is allowed to go into private network, but others not. Therefore I must limit access to private network somewhere in WAP gateway internally.
So we go to http connection limitation on WAP gateway side. We must have following data flow (as I see it): 1. Resolving. 2. Check filters (must be configurable in config file?). 3. If OK, then connect.
Now both resolving and connecting going on socket.c
There are two ways to implement it.
1. Dramatic changes: separate resolving and connecting, so http.c first resolve host, next analize, next (if needed) make connection. 2. Minor changes: write filter.[ch] with init and shutdown. http.c inits and shutdowns filter part, but socket.c uses it to check resolved hosts. (Of course one extra parameter will be needed for tcpip_connect_nb_to_server function (check filters or not).
What people think about it? I going to implement this functionality, and I want to choose right way. Is this functionality will be accepted? How it must be configured? Any comments|advices?
How about using a PROXY and do the filtering that way? Having this kind of filtering in Kannel can be pretty tricky.
Yes, it is possible. But in some cases it is not so easy. I don't want to maintain several proxies for simple tasks. And we loose pool of open connections functionality for example. I think that to implement simple access&deny filtering not so tricky.
P.S. Proxy resolves hostnames for requests? Yes.
But WAP gateway has own resolving nethertheless. ;).
Andreas Fink Global Networks Switzerland AG
-- Vjacheslav Chekushin mailto:[EMAIL PROTECTED] Latvian Mobile Phone Company http://www.lmt.lv
