From owner-freebsd-arch@FreeBSD.ORG  Tue Aug 31 23:02:36 2004
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9AC2E16A4CE; Tue, 31 Aug 2004 23:02:36 +0000 (GMT)
Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6BABA43D58; Tue, 31 Aug 2004 23:02:36 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from elischer.org (julian.vicor-nb.com [208.206.78.97])
	by mail.vicor-nb.com (Postfix) with ESMTP
	id 356327A3E1; Tue, 31 Aug 2004 16:02:36 -0700 (PDT)
Message-ID: <4135038B.4030203@elischer.org>
Date: Tue, 31 Aug 2004 16:02:35 -0700
From: Julian Elischer <julian@elischer.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516
X-Accept-Language: en, hu
MIME-Version: 1.0
To: Andre Oppermann <andre@freebsd.org>
References: <Pine.LNX.4.60.0408311611550.7530@athena>
	<20040831203929.GB25134@odin.ac.hmc.edu>	<4134E4B6.2030409@elischer.org>
	<4134FCAE.7374599A@freebsd.org>
In-Reply-To: <4134FCAE.7374599A@freebsd.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: Sam <sah@softcardsystems.com>
cc: Scott Long <scottl@freebsd.org>
cc: freebsd-arch@freebsd.org
Subject: Re: option directive and turning on AOE
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Aug 2004 23:02:36 -0000



Andre Oppermann wrote:

>Yea, a ng_pfilhook module should be fairly easy to write.  I don't like
>it the other way around.  PFIL_HOOKS is a hooking mechanism, so something
>should hook itself in there.
>

actually, netgraph is nothing but a hooking/connecting framework..
The modules are all just consumers of that interface.
an ng_pfil node would be a node that filters packets that are received 
from a netgraph source..
it wouldn't have a clue what kind of source that was..

there already is an ng_ipfw node (but not in freebsd, though I believe 
it's coming)
and there is an ng_bpf node that takes arbitrary filterring "programs" 
as generated by bpf.

>
>PS: I'm thinking about moving all the IPSec cruft in IPv4 into a pfil
>hook.  Thus IPSecKAME and FastIPSec could be loadable modules and it
>would relieve ip_input/output.c by some more 1000's of lines.  Haven't
>looked fully into it yet though.  I'm sure there are some difficulties
>hidden somewhere. ;-)
>
>  
>