Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 9 Jun 2002 13:29:11 +0300 (EEST)
From:      Adrian Penisoara <ady@freebsd.ady.ro>
To:        Luigi Rizzo <rizzo@icir.org>
Cc:        ipfw@FreeBSD.ORG
Subject:   Re: New ipfw code available
Message-ID:  <Pine.BSF.4.10.10206091322410.44932-100000@ady.warpnet.ro>
In-Reply-To: <20020608201909.A41807@iguana.icir.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi,

On Sat, 8 Jun 2002, Luigi Rizzo wrote:

> NOTE: if people wonder why I did not use BPF and reinvented the wheel:
> the keyword is "backward compatiblity" -- i thought it was a bit too
> complex to compile the existent ipfw syntax into BPF, especially because
> BPF at least as far as i know does not handle UIDs, and GIDs and
> interface matches and different "actions" than match or not match,
> so i would have had to extend the code anyways, at which point i
> thought I could as well write my own microinstruction set...

  What about unifying BPF and IPFW packet matching microcode, would that
be feasible ? That would even benefit for BPF/libpcap -- we will then be
able to make tcpdumps (or other libpcap-related stuff) on, say, traffic
coming from one user ID or a group ID. Also, ipfw might be able to make
some very detailed ipfw packet matching, like 'tcp[13] & 3 = 2' like
libpcap can. What do you think ?

 My $0.05
 Ady (@freebsd.ady.ro)
____________________________________________________________________
| An age is called Dark not because the light fails to shine, but  |
| because people refuse to see it.                                 |
|               -- James Michener, "Space"                         |


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10206091322410.44932-100000>