W3C home > Mailing lists > Public > www-lib@w3.org > April to June 2003

Re: libwww & personal firewall

From: Sasha Nedvedicky <anedvedicky@kerio.com>
Date: Wed, 7 May 2003 11:25:19 +0200
To: Richard Atterer <richard@list03.atterer.net>
Cc: www-lib@w3.org
Message-ID: <20030507092519.GA2074@kerio.com>

On Tue, May 06, 2003 at 11:01:17PM +0200, Richard Atterer wrote:
> 
> On Tue, May 06, 2003 at 07:03:32PM +0200, Sasha wrote:
> > 	CONNECT		- application performs TCP connection
> > 	DATA_IN		- inbound data are passed to callback
> > 	DATA_OUT	- outbound data are passed to callback
> > 	CLOSE		- connection is about to close.
> 
> Why do you need to put a big libwww layer inbetween there? Is it impossible
> to filter the data directly?
> 
we want to put big www layer to enable caching of HTTP traffic later. most
users of personal firewalll use dial-up connection to internet. it would be
good to integrate transparent cache into personal firewall. everything (security
policy, caching options, antivirus ...) then will be set through one common 
administration console.

we want to make http layer of libwww to filter objects (mainly ActiveX, java script)
downloaded from web. of course user will be able to control how much 'paranoid'
setting of personal firewall will be. we want to use libwww because of its
'asynchronous I/O' nature.

later we want to add modules for POP3 and may be IMAP, we will see, how
libwww core will work for us with HTTP and then we will make a decision.

> I don't think you need a full HTTP server here - can't your callback code
> just use libwww like any other client?
> 

that's what we don't know. the situation is following:

+------------------+             +-------------------+
| Win32Application |             | personal firewall |
| (web Browser)    |      +------| appl. proxy       |
+------------------+      |      +---------------+---+
         |                |                      |
		 | issues requests, performs connects    |
		 |                |                      |
		 |                |                      |
		 V                |                      |
+------------------+      | personal firewall driver callback back to userspace....
|                  |      |                      |
| Win32 TDI Layer  |------+                      | forwards stream data back to TDI
+------------------+							 |
												 V

personal firewall application proxy can do whatever, it wants with data
delivered vial personal firewall driver callback. there is allways
context information delivered together with application protocol data. context
information is usually created by application proxy on connect event, when 
destination port/address condtion is satisfied (depends on implementation of
personal fireall driver callback).

> 
> I'm not sure - I guess you could make it behave like a HTTP proxy with some
> work, but I don't really understand why you'd want to use it that way. :)
> 
O.K. we are not sure too, but we (at least hope to) know, why we want to that. ;-)

> 
> IMHO, the only code with comparable functionality is the one in Mozilla. 
> (Dunno about Konqueror, does it support HTTP pipelining?) But there's also
> libcurl, which is simpler, cleaner and easier to use.
> 
i know, libcurl exists, but it won't let us to parse response comming from server
(i think, may be i'm wrong.)

> No - use the source, Luke! ;-)
> 
O.K. that's it, what i don't like to hear ;-)

regrds
	Sasha
Received on Wednesday, 7 May 2003 05:25:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:43 GMT