Date: Fri, 5 May 2000 12:44:31 +0200 (CEST) From: Remy Nonnenmacher <remy@boostworks.com> To: archie@whistle.com Cc: rwatson@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: ether matching in ipfw?? Message-ID: <200005051044.MAA84336@luxren2.boostworks.com> In-Reply-To: <200005021705.KAA02870@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 May, Archie Cobbs wrote: > Robert Watson writes: >> One advantage to a BPF-like approach would be that you could imagine a >> BPF->native code compiler, instead of a BPF execution vm in kernel, giving >> performance close to ipfw, if not better, when optimized. These custom >> filtering modules built from userland rulesets could also be inserted >> into the graph as needed. > > See also.. > > http://www.pdos.lcs.mit.edu/~engler/dpf.html > This worth a reading. There is a possiblity to use it as an internal switching engine to determine processing path. In this context, all ipfw activities may be seen as added rules to a standard ruleset. The interest of merging rules is that the switching code become a directly executable one. Also, this may nicely merge the netgraph system and the standard BSD networking one (DPF as the central hooking system for the whole thing, like netgraph provides for netgraph's nodes). RN. IhM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005051044.MAA84336>