On Wed, Oct 30, 2002 at 10:24:29PM +0100, Daniel Hartmeier wrote: > On Wed, Oct 30, 2002 at 08:41:12PM +0000, Roy Badami wrote: > > > It seems to me that whilst it might require a minimal amount of kernel > > machinery to permit setup of the outgoing connection from the proxy, > > once established it is identical in nature to the incoming > > connection... > > This could be solved with 'embryonic states', a separate list/tree of > state entries that lack certain parts (like source ports, which are > usually random and not known in advance). After the normal state lookup > (if it fails), but before the rule set evaluation, a matching embryonic > state would be completed and turn into a normal state.
Uh well, this sounds like a massive performance penalty... I don't think I like that.
