Date: Thu, 18 Mar 2004 12:30:33 +0100 From: jeremie le-hen <le-hen_j@epita.fr> To: Thomas Vogt <turbo23@gmx.net> Cc: Chuck Swiger <cswiger@mac.com> Subject: Re: layer7 filter? Message-ID: <20040318113033.GB5536@annelo.epita.fr> In-Reply-To: <40589524.60801@gmx.net> References: <4058710F.4060608@gmx.net> <40588915.1040905@mac.com> <40589524.60801@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Yes, but as far as I know, divert is slow. It's not usable in
> enviroments with >=100mbit. But I'm glad if you can show me that this
> not true :)
On the other hand, layer 7-filtering is not what we can call a fast match
method against network traffic. AFAIK "L7-filter" for NetFilter is based
on regular expressions, and matching even a simple re against every packet
in a 100MBits environnement would be rather expensive.
--
Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen@epita.fr
ttz@epita.fr
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040318113033.GB5536>