From owner-freebsd-hackers  Wed Dec 10 10:56:11 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id KAA07474
          for hackers-outgoing; Wed, 10 Dec 1997 10:56:11 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id KAA07374
          for <hackers@freebsd.org>; Wed, 10 Dec 1997 10:55:40 -0800 (PST)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id KAA13012; Wed, 10 Dec 1997 10:55:09 -0800 (PST)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma013003; Wed Dec 10 10:54:56 1997
Received: (from archie@localhost) by bubba.whistle.com (8.8.5/8.6.12) id KAA18602; Wed, 10 Dec 1997 10:54:56 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199712101854.KAA18602@bubba.whistle.com>
Subject: Re: I seriously need some networking help
In-Reply-To: <86ra7lw474.fsf@bitbox.follo.net> from Eivind Eklund at "Dec 10, 97 05:30:55 pm"
To: perhaps@yes.no (Eivind Eklund)
Date: Wed, 10 Dec 1997 10:54:56 -0800 (PST)
Cc: jamil@trojanhorse.ml.org, hackers@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


> BTW: I've been thinking of firewalls and routing lately.  A worthy
> project for Somebody would be to replace ipfw with a firewall
> integrated with the routing code - they seem to be doing a lot of
> duplicate work.  It should also be possible to make the resulting
> trees compile to an easily parsable format that can be implemented as
> a mask/compare -> (change table position|route|deny|log)
> where the mask/compare is done against 'a complete set of data about
> the packet'.  Extra tables should be possible to add input and output
> on each interface.
> 
> If anybody suddenly feel an urge to do suchs a project, please contact 
> me.  I have done some work on how to optimize this; it is fairly
> simple to optimize spacewise, but not so easy to optimize for time (as 
> this depend on the number of packets matched by each rule, and both
> negative and positive rules can be added).
> 
> BTW2: How is the general and core view on making such changes?  Is the
> routing code 'holy code', or are drastic changes possible?  (The idea
> above would more-or-less replace the entire implementation with a more
> powerful scheme for the 'static routes' case; I guess it would be both
> easy and best to write so it was only enabled on request, though)
> 
> Eivind.

In my opinion, the ARP/routing/interface code is about as hairy as it gets.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com