Hi,
I'm planning to write a small application proxy and I think it could be good
to protect it with syn-proxy, however this will create a lot of overhead on
the firewall.
client <-tcp-> syn-proxy <-tcp-> proxy <-tcp-> server
Has anyone ever thought to introduce a hook inside syn-proxy ?
A way for syn-proxy to pass the data to a filter (application level), but
still manage the tcp connection.
Something like this:
1) client [SYN] -> syn-proxy
2) syn-proxy [SYN/ACK] -> client
3) client [ACK] -> syn-proxy
4) client [GET / ... ] -> syn-proxy
5) syn-proxy [GET / ... ] -> application proxy
6) application proxy [ok] -> syn-proxy
7) syn-proxy [SYN] -> server
8) server [SYN/ACK] -> syn-proxy
9) syn-proxy [ACK] -> server
10) syn-proxy [GET / ... ] -> server
In the end will have syn-proxy to manage the tcp connection, while
application-proxy talk only with syn-proxy and can change the data, block the
connection or redirect (for example by hostname like apache vhost).
client <-tcp-> syn-proxy (<-> application filter) <-tcp-> server
Any chance to add this to the 3.4-current ideas queue ? ;-)
Ed
