Re: TCP Splice alleviates proxy bottleneck

lk@winux.com
Mon, 18 Jan 1999 05:26:02 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: baccala@freesoft.org: "Patch needed to Rules.make?"
Previous message: Simon Kenyon: "Re: *** draft 3 - press release ***"
In reply to: Gregory Maxwell: "Re: *** draft 3 - press release ***"

>> be a very clever way to eliminate the drudge work that an application
>> level proxy performs without significant impact on the application
>> code. Looks like a great performance booster. Very nice. The paper
>> says that this is all running on BSDI. Wish they'd picked Linux.. :-)
>
> Linux just supports masquerading in kernel space without needing stuff like
> socks on the clients ;)

This is far more than powerful than simple masquerading. Application
level proxies can do much more than simply copy bytes. They can
interact with either the client or the server in arbitrary fashion
independent of the client or the server. One example off the top of my
head that should be easy to follow would be a proxied login service.

A client could telnet to the firewall from "outside", negotiate the
organization's authentication procedure, then have the firewall make
a connection to a server that's "inside" and splice the two together.
Thus, once the authentication is finished, the user level code in the
proxy takes itself out of the path.

Their work on TCP Splice gives the efficiency of IP masquerading, yea,
even that of simple IP forwarding, to processes with the capabilities
of application level proxies.

-lda

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: baccala@freesoft.org: "Patch needed to Rules.make?"
Previous message: Simon Kenyon: "Re: *** draft 3 - press release ***"
In reply to: Gregory Maxwell: "Re: *** draft 3 - press release ***"