On 03/25/08 12:33, Taylor, Grant wrote:
I would like to see developers write their applications with documentation (be it auto generated or not) that indicates what type of traffic (and parameters there on) they expect to see and need to function correctly. I'd like to then take said documentation and use it to build rules for a simple ALG that will pass any valid requests in to the back end application while correctly handling erroneous traffic. I think said ALGs could easily function as a proxy with some simple rules as to what is and is not allowed to pass through the ALG.
Note: I don't think that the rules for the ALG should be auto generated on demand from the original code or class as this will be a performance hit for systems. These rules need to be defined in a batch operation. Now that batch operation could load the back end class and call a method that will return what it is expecting to dynamically build the rules once a night or when ever things are updated.
Grant. . . . -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
