From owner-freebsd-security  Fri Jan 15 06:16:42 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA19565
          for freebsd-security-outgoing; Fri, 15 Jan 1999 06:16:42 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA19560
          for <security@FreeBSD.ORG>; Fri, 15 Jan 1999 06:16:35 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id PAA20476;
	Fri, 15 Jan 1999 15:15:17 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id PAA03800;
	Fri, 15 Jan 1999 15:15:15 +0100 (MET)
Date: Fri, 15 Jan 1999 15:15:15 +0100
From: Eivind Eklund <eivind@FreeBSD.ORG>
To: ark@eltex.ru
Cc: opsys@open-systems.net, mm@i.cz, security@FreeBSD.ORG
Subject: Re: examples rules ipfw
Message-ID: <19990115151514.A3694@bitbox.follo.net>
References: <Pine.BSF.3.96.990114133503.1337A-100000@freebsd.omaha.com> <199901151148.OAA28702@paranoid.eltex.spb.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <199901151148.OAA28702@paranoid.eltex.spb.ru>; from ark@eltex.ru on Fri, Jan 15, 1999 at 02:48:34PM +0300
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Jan 15, 1999 at 02:48:34PM +0300, ark@eltex.ru wrote:
> Look at the code. See the way it works. Take a look at ipfilter,
> after all. Can you tell that again?

The code in libalias was written as a pragmatic solution for a specific
need.  The proxies here just check for some items at the beginning of
packets, instead of parsing the entire stream, and this is a disgusting hack
- but it gives a pretty large speed advantage, and I've _never_ seen or
heard of these breaking down.  Given that my e-mail address is listed in all
the man-pages, I hope I would get some e-mail if it didn't work :-)

There are of course a lot of things I'd like to do with libalias, and making
the proxies conformant is one of these - but this will require both
re-writing of most of the proxies, and significant changes to the libalias
API, and it isn't really something that is high on my priority-list.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message