From owner-freebsd-net Wed May 2 8:20:27 2001 Delivered-To: freebsd-net@freebsd.org Received: from rgmail.regenstrief.org (rgmail.regenstrief.org [134.68.31.197]) by hub.freebsd.org (Postfix) with ESMTP id 7FF4337B423 for ; Wed, 2 May 2001 08:20:23 -0700 (PDT) (envelope-from gunther@aurora.regenstrief.org) Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38]) by rgmail.regenstrief.org (8.11.0/8.8.7) with ESMTP id f42FP2X03342; Wed, 2 May 2001 10:25:02 -0500 Message-ID: <3AF025A7.3F3C24B1@aurora.regenstrief.org> Date: Wed, 02 May 2001 15:20:07 +0000 From: Gunther Schadow Organization: Regenstrief Institute for Health Care X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Darren Reed Cc: Julian Elischer , snap-users@kame.net, freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp Subject: Re: (KAME-snap 4587) The future of ALTQ, IPsec & IPFILTER playing together ... References: <200105020952.TAA23436@avalon.reed.wattle.id.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darren Reed wrote: > Just because you have BPF does not mean you have a "packet filter". > You need a whole lot of other infrastructure as well. > Same goes for netgraph. Both netgraph and BPF are enabling technologies > but are not in and of themselves providers of solutions. Darren, I think people do understand that. Since you compared BPF to Java, of course you need more than the virtual machine, you need a compiler (parts of tcpdump is a compiler to the BPF VM) and for firewalling mechanism, you need a library of additional functionality. I am just completely amazed about how many things there are that basically do very similar jobs, like packet filtering/classifying. While in general diversity is good, it is also a problem for the developers and users of the *BSDs who try to apply these bits and pieces as a complete functional whole. It also diverts developer time if each needs to maintain his/her own packet matching/classifyer code, and last but not least, it leads to kernel bloat. So, I am still advocating for the great unification, but I understand that I do that from the outside not being a developer of any of those packages. Thus, I can understand if the developers dismiss my calls. Thanks anyway for your good work. I am still hopefull that some day all those pieces will fall together to form a coherent overall system. regards -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message