From owner-freebsd-net  Wed May  2 15:31:34 2001
Delivered-To: freebsd-net@freebsd.org
Received: from CPE-61-9-164-106.vic.bigpond.net.au (CPE-61-9-166-240.vic.bigpond.net.au [61.9.166.240])
	by hub.freebsd.org (Postfix) with ESMTP id 65F5A37B422
	for <freebsd-net@freebsd.org>; Wed,  2 May 2001 15:31:30 -0700 (PDT)
	(envelope-from darrenr@reed.wattle.id.au)
Received: (from root@localhost)
	by CPE-61-9-164-106.vic.bigpond.net.au (8.11.0/8.11.0) id f42MV3E24577;
	Thu, 3 May 2001 08:31:03 +1000 (EST)
From: Darren Reed <darrenr@reed.wattle.id.au>
Message-Id: <200105022230.IAA24233@avalon.reed.wattle.id.au>
Subject: Re: (KAME-snap 4587) The future of ALTQ, IPsec & IPFILTER playing    together ...
In-Reply-To: <3AF025A7.3F3C24B1@aurora.regenstrief.org> from Gunther Schadow at "May 2, 1 03:20:07 pm"
To: gunther@aurora.regenstrief.org (Gunther Schadow)
Date: Thu, 3 May 2001 08:30:55 +1000 (EST)
Cc: darrenr@reed.wattle.id.au, julian@elischer.org,
	snap-users@kame.net, freebsd-net@freebsd.org,
	ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp
X-Mailer: ELM [version 2.4ME+ PL37 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some email I received from Gunther Schadow, sie wrote:
[...]
> I am just completely amazed about how many things there are that
> basically do very similar jobs, like packet filtering/classifying.
> While in general diversity is good, it is also a problem for the
> developers and users of the *BSDs who try to apply these bits and
> pieces as a complete functional whole. It also diverts developer
> time if each needs to maintain his/her own packet matching/classifyer
> code, and last but not least, it leads to kernel bloat.

IPFilter 4.0 will, as part of its general increase in kernel bloat,
let you use BPF expressions for matching.  There are other things
people are doing to invent new and better ones although with 4.0 it
should be easily for ipfilter to take advantage of whatever people
come up with :)

[...]
> Thanks anyway for your good work. I am still hopefull that some day
> all those pieces will fall together to form a coherent overall system.

Remember that IPFilter targets more than just the BSD platforms...you might
also consider that it runs on BSD/OS where they have their own adaption of
ipfw too (but IPFilter is not part of the distrib there).

Darren

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message