Date: Thu, 3 May 2001 08:30:49 -0700 From: Jason R Thorpe <thorpej@zembu.com> To: Fulvio Risso <risso@polito.it> Cc: Luigi Rizzo <luigi@info.iet.unipi.it>, Gunther Schadow <gunther@aurora.regenstrief.org>, Darren Reed <darrenr@reed.wattle.id.au>, snap-users@kame.net, julian@elischer.org, freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp Subject: Re: [altq 839] Re: The future of ALTQ, IPsec & IPFILTER playing together ... Message-ID: <20010503083049.B17582@dr-evil.shagadelic.org> In-Reply-To: <DAEBKLBDIOIBBIFCOHNKAEFNDLAA.risso@polito.it>; from risso@polito.it on Thu, May 03, 2001 at 10:15:36AM %2B0200 References: <200105030750.JAA44246@info.iet.unipi.it> <DAEBKLBDIOIBBIFCOHNKAEFNDLAA.risso@polito.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 03, 2001 at 10:15:36AM +0200, Fulvio Risso wrote:
> Not only.
> BPF does not support:
> - stateful inspection
> - multiple return values (only 1/0)
> - multiple outputs (I want to know, for example the amount of traffic IP
> *and* TCP)
My solution to this is to use the classifier as a "tool" for another
application. Logically, it looks like this:
BPF
|
PACE
|
+----+----+
| |
ALTQ PFIL
I.e. you build a "Packet Filter" application on top of the classifier,
and ALTQ on top of the classifier, and the classifier is built on BPF.
The classifier provides some infrastructure that BPF does not, and BPF
itself remains simple, used only has the packet matching core.
--
-- Jason R. Thorpe <thorpej@zembu.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010503083049.B17582>