[openbeosnetteam] Re: general or PPP ideas
- From: "Waldemar Kornewald" <Waldemar.Kornewald@xxxxxx>
- To: <openbeosnetteam@xxxxxxxxxxxxx>
- Date: Tue, 6 May 2003 08:35:56 +0200
> >I have not understood you here. Could you please explain it more
detailed,
> >please?
> >There is no open() call in modules (like the authentication module), only
in
> >drivers.
> Well, SeOS is doing it for different reason - it suppose to make Unix or
Windows more secure. So they replaced standard system open() call with their
own.
> So whatever userland application tries to open it has to go through
authentication module of SeOS. Don't get fooled by the name 'SeOS' - it's
not an OS it's just a secure subsystem for Unix and Windows. Replacement of
existing security schema with more secure. And it's commercial product. I
think other commercial security products are using the same idea. My point
was leave the authentication to userland application (as I think you
planned) and don't even create special hooks for it in your module -
standard open() call is enough.
Is this an authentication method for applications that want to access a
driver/module?
What I wanted to do is to route the incoming connection tries to a userland
daemon that authenticates the incoming connection try, not the driver
access.
I hope I have understood you correctly.
> Are you talking about PPP daemon that accepts connections from modem pool
? It means at least 1000 modem lines or to be more realistic 10,000 modem
lines.
> I guess you know that there are hardware PPP implementations - old DEC
terminal server we throw away 10 years ago was capable of this. And they are
not that expensive - don't try to compete with hardware implementations.
So, how much connection traffic does a server have then? What about PPPoE
servers? Are there hardware implementations for them or is this a normal
Linux server?
Do you think that there will never be more than 30 incoming connection per
second to a big university or to a small ISP?
Then, a small authentication daemon that creates 30 threads for
authentication requests and tells one unused thread to authenticate when a
new connection is incoming should be enough. It should not be too
complicated to implement this.
> >Oh, having 1000 requests at the same time means having 1000 threads at
the
> >same time. I heard that our limit is 1600 threads or so. Or was it the
Zeta
> >limit? Or is this completely wrong? I just remembered the number 1600 in
the
> >context of a kernel limitation.
> >This might become a problem, so blocking is useful at some point anyway.
> >
> >Waldemar
> >
> I think the simpler you make it the faster it will be.
That is correct. :)
I will do my best (which can be not enough ;).
In this week and the beginning of the next week I will not have much time to
code, but I will release some headers soon.
Is PPP a high-priority task? Maybe I am too slow, so if you want to make it
going faster, just help me. If there are more important tasks at the moment
I can work on my own in my free time.
Waldemar
Other related posts:
