On Thursday 11 September 2003 15:00, Daniel Hartmeier wrote:
> Let pf do syn proxy in front of the userland http proxy. That means pf
> will swallow syn floods and only pass fully established connections on
> to the http proxy.
>
> Or, if that's not what you meant, what did you mean? :)
The fact is that I don't want the double tcp connection:
client <-tcp-> syn-proxy <-tcp-> localhost:proxy <-tcp-> server
What I'm asking for is a option of syn-proxy to pass all the data to a
software, module or call it as you want that can speak with syn-proxy and
tell something about the data.
Just to explain it more easily:
1) syn-proxy get a new valid connection
2) syn-proxy write somewhere in a buffer some received data
3) application-proxy is called to read that buffer
4) application proxy tells what to do to syn-proxy
5) syn-proxy does it
So we gain:
1) only 2 tcp connection handled by syn-proxy:
client <-tcp-> syn-proxy <-tcp-> server
2) possibility to write filter for application protocol without handling the
connection (no sockets or other part to rewrite).
All clear ? ;-)
Ed
