Date: Tue, 31 Aug 2004 16:02:35 -0700 From: Julian Elischer <julian@elischer.org> To: Andre Oppermann <andre@freebsd.org> Cc: freebsd-arch@freebsd.org Subject: Re: option directive and turning on AOE Message-ID: <4135038B.4030203@elischer.org> In-Reply-To: <4134FCAE.7374599A@freebsd.org> References: <Pine.LNX.4.60.0408311611550.7530@athena> <20040831203929.GB25134@odin.ac.hmc.edu> <4134E4B6.2030409@elischer.org> <4134FCAE.7374599A@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Andre Oppermann wrote: >Yea, a ng_pfilhook module should be fairly easy to write. I don't like >it the other way around. PFIL_HOOKS is a hooking mechanism, so something >should hook itself in there. > actually, netgraph is nothing but a hooking/connecting framework.. The modules are all just consumers of that interface. an ng_pfil node would be a node that filters packets that are received from a netgraph source.. it wouldn't have a clue what kind of source that was.. there already is an ng_ipfw node (but not in freebsd, though I believe it's coming) and there is an ng_bpf node that takes arbitrary filterring "programs" as generated by bpf. > >PS: I'm thinking about moving all the IPSec cruft in IPv4 into a pfil >hook. Thus IPSecKAME and FastIPSec could be loadable modules and it >would relieve ip_input/output.c by some more 1000's of lines. Haven't >looked fully into it yet though. I'm sure there are some difficulties >hidden somewhere. ;-) > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4135038B.4030203>