This is far more than powerful than simple masquerading. Application
level proxies can do much more than simply copy bytes. They can
interact with either the client or the server in arbitrary fashion
independent of the client or the server. One example off the top of my
head that should be easy to follow would be a proxied login service.
A client could telnet to the firewall from "outside", negotiate the
organization's authentication procedure, then have the firewall make
a connection to a server that's "inside" and splice the two together.
Thus, once the authentication is finished, the user level code in the
proxy takes itself out of the path.
Their work on TCP Splice gives the efficiency of IP masquerading, yea,
even that of simple IP forwarding, to processes with the capabilities
of application level proxies.
-lda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/