"From: lars @
spectrum .
CMC .
COM (Lars Poulsen)
Date: Sat, 5 Dec 92 07:34:57 GMT
Subject: Re: packet filter metalanguage
"I think we have two competing factions here.
(1) Wants to move the state of the art forward, and define a new way
for kernel writers and router maufacturers to implement packet
filters with an interpreted language, so that users can write their
own filters in that new language.
(2) Wants to share what criteria their router/kernel/whatever is capable
of specifying, in the hope that increased user awareness of what is
available wil move the common denominator upwards."
It seems to me that somewhere there are one, two, perhaps three criteria
which form the major axes of a finite state system, and, by iterating
through this matrix, one can at least _identify_, to everyone's mutual
satisfaction, what these criteria, and associated states, _are_.
Once this is done, it would then be possible to compare this virtual
packet filtering definition against the physically existent filters and
see how they meet, and fall short of, this platonic ideal.
The development of a language, the use of which inoculates the user to
the associated paradigm ( based on the previously identified major axes
of filtering ) would save much time in education of future users, also,
as it would guarantee that the command language reflected the theoret-
-ical understanding and the associated vocabulary of filtering, such that
any description of any operation would closely mirror that formal state-
-ment in the resulting language.
The port might be one axis of this finite space, and probably one of the
operands in any resulting operators. UDP/TCP/TBD would be another axis,
perhaps. Another axis might be known services ( as distinct from known
sockets ).
-- richard
=====
-- richard childers rchilder @
us .
oracle .
com 1 415 506 2411
oracle data center -- unix systems & network administration
Klein flask for rent. Inquire within.
|
|
