From owner-freebsd-ipfw  Sun Jun  9  3:33:17 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from ady.warpnet.ro (ady.warpnet.ro [217.156.25.2])
	by hub.freebsd.org (Postfix) with ESMTP id 79DBE37B40A
	for <ipfw@FreeBSD.ORG>; Sun,  9 Jun 2002 03:33:12 -0700 (PDT)
Received: from localhost (ady@localhost)
	by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id NAA46544;
	Sun, 9 Jun 2002 13:29:11 +0300 (EEST)
	(envelope-from ady@freebsd.ady.ro)
X-RAV-AntiVirus: This e-mail has been scanned for viruses on host: ady.warpnet.ro
Date: Sun, 9 Jun 2002 13:29:11 +0300 (EEST)
From: Adrian Penisoara <ady@freebsd.ady.ro>
X-Sender: ady@ady.warpnet.ro
To: Luigi Rizzo <rizzo@icir.org>
Cc: ipfw@FreeBSD.ORG
Subject: Re: New ipfw code available
In-Reply-To: <20020608201909.A41807@iguana.icir.org>
Message-ID: <Pine.BSF.4.10.10206091322410.44932-100000@ady.warpnet.ro>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

Hi,

On Sat, 8 Jun 2002, Luigi Rizzo wrote:

> NOTE: if people wonder why I did not use BPF and reinvented the wheel:
> the keyword is "backward compatiblity" -- i thought it was a bit too
> complex to compile the existent ipfw syntax into BPF, especially because
> BPF at least as far as i know does not handle UIDs, and GIDs and
> interface matches and different "actions" than match or not match,
> so i would have had to extend the code anyways, at which point i
> thought I could as well write my own microinstruction set...

  What about unifying BPF and IPFW packet matching microcode, would that
be feasible ? That would even benefit for BPF/libpcap -- we will then be
able to make tcpdumps (or other libpcap-related stuff) on, say, traffic
coming from one user ID or a group ID. Also, ipfw might be able to make
some very detailed ipfw packet matching, like 'tcp[13] & 3 = 2' like
libpcap can. What do you think ?

 My $0.05
 Ady (@freebsd.ady.ro)
____________________________________________________________________
| An age is called Dark not because the light fails to shine, but  |
| because people refuse to see it.                                 |
|               -- James Michener, "Space"                         |


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message