Date: Thu, 3 May 2001 10:01:18 +1000 (EST) From: Darren Reed <darrenr@reed.wattle.id.au> To: thorpej@zembu.com Cc: snap-users@kame.net, gunther@aurora.regenstrief.org, darrenr@reed.wattle.id.au, julian@elischer.org, freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp Subject: Re: (KAME-snap 4629) Re: The future of ALTQ, IPsec & IPFILTER playing together ... Message-ID: <200105030001.KAA24308@avalon.reed.wattle.id.au> In-Reply-To: <20010502162327.Z21020@dr-evil.shagadelic.org> from Jason R Thorpe at "May 2, 1 04:23:27 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
In some email I received from Jason R Thorpe, sie wrote: > On Thu, May 03, 2001 at 08:30:55AM +1000, Darren Reed wrote: > > > IPFilter 4.0 will, as part of its general increase in kernel bloat, > > let you use BPF expressions for matching. There are other things > > You mean "pcap/tcpdump expressions"? They are included. > BPF "expressions" are literally BPF bytecodes. Well, one of the goals of IPFilter is it can parse (as rules) a textual representation of what's currently loaded into the kernel. At the moment that means collecting hex output, as the bytecode instructions are less suited to being displayed all on the one line. i.e. this command line should always work : ipfstat -io | ipf -rf - Well, there different rules for "compiling in" rules and making that happen, but in general, the aim is for any rule loaded using "ipf" to work as above. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105030001.KAA24308>