Date: Thu, 03 May 2001 07:29:54 +0000 From: Gunther Schadow <gunther@aurora.regenstrief.org> To: Darren Reed <darrenr@reed.wattle.id.au> Cc: thorpej@zembu.com, snap-users@kame.net, julian@elischer.org, freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp Subject: Re: (KAME-snap 4629) Re: The future of ALTQ, IPsec & IPFILTER playing together ... Message-ID: <3AF108F2.BA4AF637@aurora.regenstrief.org> References: <200105030001.KAA24308@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed wrote: > > In some email I received from Jason R Thorpe, sie wrote: > > On Thu, May 03, 2001 at 08:30:55AM +1000, Darren Reed wrote: > > > > > IPFilter 4.0 will, as part of its general increase in kernel bloat, > > > let you use BPF expressions for matching. There are other things > > > > You mean "pcap/tcpdump expressions"? > > They are included. > > > BPF "expressions" are literally BPF bytecodes. > > Well, one of the goals of IPFilter is it can parse (as rules) a textual > representation of what's currently loaded into the kernel. At the moment > that means collecting hex output, as the bytecode instructions are less > suited to being displayed all on the one line. I don't think that that's critical. When I write C, C++ or Java programs I don't expect them to be disassembled into the source language. What is more important is that any classifyer / filter is fast, as fast as it gets. It is my understanding that BPF is very fast, and that BPF scales very well for even complex expressions. BPF may need some extension to be useful as a classifier, mainly, instead of a simple true/false output one would want a number representing the class. Also, it's been noted before, the BPF machine needs some state awareness between packets. regards -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AF108F2.BA4AF637>