From owner-freebsd-net  Tue May  1 23:13: 7 2001
Delivered-To: freebsd-net@freebsd.org
Received: from filk.iinet.net.au (syncopation-dns.iinet.net.au [203.59.24.29])
	by hub.freebsd.org (Postfix) with SMTP id 1B1C437B423
	for <freebsd-net@freebsd.org>; Tue,  1 May 2001 23:13:04 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: (qmail 31000 invoked by uid 666); 2 May 2001 06:16:29 -0000
Received: from i180-086.nv.iinet.net.au (HELO elischer.org) (203.59.180.86)
  by mail.m.iinet.net.au with SMTP; 2 May 2001 06:16:29 -0000
Message-ID: <3AEFA529.BB773EA1@elischer.org>
Date: Tue, 01 May 2001 23:11:53 -0700
From: Julian Elischer <julian@elischer.org>
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386)
X-Accept-Language: en, hu
MIME-Version: 1.0
To: Darren Reed <darrenr@reed.wattle.id.au>
Cc: Gunther Schadow <gunther@aurora.regenstrief.org>,
	snap-users@kame.net, freebsd-net@freebsd.org,
	ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp
Subject: Re: (KAME-snap 4587) The future of ALTQ, IPsec & IPFILTER playing  
 together ...
References: <200105012200.IAA22724@avalon.reed.wattle.id.au>
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Darren Reed wrote:
> 
> In some email I received from Gunther Schadow, sie wrote:
> > Gunther Schadow wrote:
> > [snip]
> >
> > .... to make things even more complicated, we also have the
> > berkeley packet filter (BPF) mechanism. Heck! How could
> > so many things evolve that all do essentially the same
> > thing? The interesting thing about the BPF mechanism is
> > that it is very generic. Filter rules are instructions
> > of a virtual von-Neumann-machine (reminds me of 6502
> > assembler :-). Tcpdump uses BPF, at least on FreeBSD.
> > But I think BPF is available on all 4.4 BSD derivatives.
> >
> > where does this fit in the crowd?
> 
> BPF uses a byte-code language, like Java, to tell the
> matching routine what bits to compare and return a "true or
> false".  i.e. you need to build things around it if you want
> to use it for packet matching, etc.

netgraph has a bpf node that can be programmed with BPF codes to do almost 
any filtereing required. 

(Netgraph can be used to do in-kernel tunnelling of almost any type
if you are willing to figure ot how to use it.)

> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message

-- 
      __--_|\  Julian Elischer
     /       \ julian@elischer.org
    (   OZ    ) World tour 2000-2001
---> X_.---._/  
            v

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message