Date: Wed, 24 Nov 1999 02:26:29 -0800 (PST) From: "Rodney W. Grimes" <rgrimes@gndrsh.dnsmgr.net> To: green@FreeBSD.ORG (Brian Fundakowski Feldman) Cc: ipfw@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: new IPFW Message-ID: <199911241026.CAA45230@gndrsh.dnsmgr.net> In-Reply-To: <Pine.BSF.4.10.9911240047480.40905-100000@green.dyndns.org> from Brian Fundakowski Feldman at "Nov 24, 1999 01:33:04 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> I've finally sat myself down to take the first step in getting the new > IPFW done. I'll start by listing some of the different ideas I've had, ... [and lots more good stuff cut to make this short and to the point]... > And this would be the object-oriented architecture part. > > I'm going to wrap this up since I'm up quite late (well, only 1:30, but > I'm still a growing person...), and I don't want to start to get too > incoherent. Thank you for your time and attention with my IPFW ideas, > and please send comments and ideas to me; heck, I'd love to start > a long discussion about this, so we can flesh everything out :) Have you looked at or though about using the bpf routines in the kernel? bpf match rules are very powerful, compile to some pretty fast code, and the code is already written, and it knows about a lot more than just IP. After all, they are probably the ``oldest'' set of filter routines we have, they have just never been reused to do firewall type stuff with. The fcode engine even has a jump, though all jumps must be forward in the fcode, but this is no more restrictive than the current firewall rule ``skipto'' operation. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911241026.CAA45230>