Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 9 Jun 2002 13:29:11 +0300 (EEST)
From:      Adrian Penisoara <>
To:        Luigi Rizzo <>
Cc:        ipfw@FreeBSD.ORG
Subject:   Re: New ipfw code available
Message-ID:  <>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Sat, 8 Jun 2002, Luigi Rizzo wrote:

> NOTE: if people wonder why I did not use BPF and reinvented the wheel:
> the keyword is "backward compatiblity" -- i thought it was a bit too
> complex to compile the existent ipfw syntax into BPF, especially because
> BPF at least as far as i know does not handle UIDs, and GIDs and
> interface matches and different "actions" than match or not match,
> so i would have had to extend the code anyways, at which point i
> thought I could as well write my own microinstruction set...

  What about unifying BPF and IPFW packet matching microcode, would that
be feasible ? That would even benefit for BPF/libpcap -- we will then be
able to make tcpdumps (or other libpcap-related stuff) on, say, traffic
coming from one user ID or a group ID. Also, ipfw might be able to make
some very detailed ipfw packet matching, like 'tcp[13] & 3 = 2' like
libpcap can. What do you think ?

 My $0.05
 Ady (
| An age is called Dark not because the light fails to shine, but  |
| because people refuse to see it.                                 |
|               -- James Michener, "Space"                         |

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>