Date: Wed, 10 Dec 1997 10:54:56 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: perhaps@yes.no (Eivind Eklund) Cc: jamil@trojanhorse.ml.org, hackers@freebsd.org Subject: Re: I seriously need some networking help Message-ID: <199712101854.KAA18602@bubba.whistle.com> In-Reply-To: <86ra7lw474.fsf@bitbox.follo.net> from Eivind Eklund at "Dec 10, 97 05:30:55 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> BTW: I've been thinking of firewalls and routing lately. A worthy > project for Somebody would be to replace ipfw with a firewall > integrated with the routing code - they seem to be doing a lot of > duplicate work. It should also be possible to make the resulting > trees compile to an easily parsable format that can be implemented as > a mask/compare -> (change table position|route|deny|log) > where the mask/compare is done against 'a complete set of data about > the packet'. Extra tables should be possible to add input and output > on each interface. > > If anybody suddenly feel an urge to do suchs a project, please contact > me. I have done some work on how to optimize this; it is fairly > simple to optimize spacewise, but not so easy to optimize for time (as > this depend on the number of packets matched by each rule, and both > negative and positive rules can be added). > > BTW2: How is the general and core view on making such changes? Is the > routing code 'holy code', or are drastic changes possible? (The idea > above would more-or-less replace the entire implementation with a more > powerful scheme for the 'static routes' case; I guess it would be both > easy and best to write so it was only enabled on request, though) > > Eivind. In my opinion, the ARP/routing/interface code is about as hairy as it gets. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712101854.KAA18602>