From owner-freebsd-questions Mon May 20 07:40:41 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id HAA22236 for questions-outgoing; Mon, 20 May 1996 07:40:41 -0700 (PDT) Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA22230 for ; Mon, 20 May 1996 07:40:38 -0700 (PDT) Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM) id AA22230; Mon, 20 May 1996 10:40:31 -0400 Date: Mon, 20 May 1996 10:40:31 -0400 From: Garrett Wollman Message-Id: <9605201440.AA22230@halloran-eldar.lcs.mit.edu> To: Archie Cobbs Cc: questions@freebsd.org Subject: Re: ip masquerading In-Reply-To: <199605180824.BAA02382@bubba.whistle.com> References: <199605180548.WAA22030@phaeton.artisoft.com> <199605180824.BAA02382@bubba.whistle.com> Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk < said: > There's a larger question here then, which is that we need a more > general mechanism for user-land "filtering" (in the most general sense) > of packets as they cross an interface. BPF and /dev/tun? are both > great, but you can't implement a filter with them. The approach taken by `screend' is probably the right one, and it limits the hair in the kernel to something that is easily manageable, and easy to disable if you care about performance... (My group cares about performance.) Doing something like `screend' also makes it possible to provide the appropriate feedback mechanisms to prevent livelock. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant