From owner-freebsd-arch Wed Nov 24 2:29:41 1999 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id 7C95D150BF for ; Wed, 24 Nov 1999 02:29:32 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id LAA29710 for ; Wed, 24 Nov 1999 11:29:09 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id LAA33113 for freebsd-arch@freebsd.org; Wed, 24 Nov 1999 11:29:07 +0100 (MET) Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 8AD1E150BF; Wed, 24 Nov 1999 02:28:46 -0800 (PST) (envelope-from rgrimes@gndrsh.dnsmgr.net) Received: (from rgrimes@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id CAA45230; Wed, 24 Nov 1999 02:26:32 -0800 (PST) (envelope-from rgrimes) From: "Rodney W. Grimes" Message-Id: <199911241026.CAA45230@gndrsh.dnsmgr.net> Subject: Re: new IPFW In-Reply-To: from Brian Fundakowski Feldman at "Nov 24, 1999 01:33:04 am" To: green@freebsd.org (Brian Fundakowski Feldman) Date: Wed, 24 Nov 1999 02:26:29 -0800 (PST) Cc: ipfw@freebsd.org, arch@freebsd.org X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I've finally sat myself down to take the first step in getting the new > IPFW done. I'll start by listing some of the different ideas I've had, ... [and lots more good stuff cut to make this short and to the point]... > And this would be the object-oriented architecture part. > > I'm going to wrap this up since I'm up quite late (well, only 1:30, but > I'm still a growing person...), and I don't want to start to get too > incoherent. Thank you for your time and attention with my IPFW ideas, > and please send comments and ideas to me; heck, I'd love to start > a long discussion about this, so we can flesh everything out :) Have you looked at or though about using the bpf routines in the kernel? bpf match rules are very powerful, compile to some pretty fast code, and the code is already written, and it knows about a lot more than just IP. After all, they are probably the ``oldest'' set of filter routines we have, they have just never been reused to do firewall type stuff with. The fcode engine even has a jump, though all jumps must be forward in the fcode, but this is no more restrictive than the current firewall rule ``skipto'' operation. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message