Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 May 2001 09:12:52 -0700
From:      Jason R Thorpe <thorpej@zembu.com>
To:        Gunther Schadow <gunther@aurora.regenstrief.org>
Cc:        Fulvio Risso <risso@polito.it>, Luigi Rizzo <luigi@info.iet.unipi.it>, Darren Reed <darrenr@reed.wattle.id.au>, snap-users@kame.net, julian@elischer.org, freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp
Subject:   Re: [altq 839] Re: The future of ALTQ, IPsec & IPFILTER playing together ...
Message-ID:  <20010503091252.F17582@dr-evil.shagadelic.org>
In-Reply-To: <3AF181E9.1B73B69E@aurora.regenstrief.org>; from gunther@aurora.regenstrief.org on Thu, May 03, 2001 at 04:06:01PM %2B0000
References:  <200105030750.JAA44246@info.iet.unipi.it> <DAEBKLBDIOIBBIFCOHNKAEFNDLAA.risso@polito.it> <20010503083049.B17582@dr-evil.shagadelic.org> <3AF181E9.1B73B69E@aurora.regenstrief.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Thu, May 03, 2001 at 04:06:01PM +0000, Gunther Schadow wrote:

 > Hmm, so you are arguing gainst multiple return values and stateful
 > inspection? I like simplicity, but wouldn't this impede the ability
 > to produce high-performance classifiers?

The approach I'm taking is to have the filters live in as large of a BPF
program as possible (possibly multiple large BPF programs chained together
by some glue).  This allows the pcap code optimizer to do a better job.
The pcap compiler is being modified to add a "return N" keyword, to
instruct BPF to return a particular value.

A combination of better optimizatoin and a generalized return statement
allows you to do fast matching and fast dispatching.

 > What about adding a state memory to the BPF VM and allowing the BPF
 > VM to return an arbitrary long integer value. That value would index
 > the action to take for filters, mutators, encapsulators, forwarders
 > and queuers. 

You don't need to add anything to BPF itself to do this -- BPF can already
return arbitrary values.  The problem is the BPF instruction compiler that
everyone uses (libpcap).

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010503091252.F17582>