Date: Sat, 19 Jun 1999 10:28:12 -0500 From: Constantine Shkolny <stan@osgroup.com> To: "hackers@FreeBSD.ORG" <hackers@FreeBSD.ORG> Subject: ipfilter (was: RE: Introduction) Message-ID: <01BEBA3E.6F913AC0.stan@osgroup.com>
next in thread | raw e-mail | index | archive | help
Hi All, I'm now analyzing ipfilter in 3.2 and our goal is to port our IPSec/firewall. I'm still in the beginning of reading the code so, at this time, I can't yet tell how nice it fits our needs. I just have some concerns which I'd like the people who are going to re-design the ipfilter to hear. I wouldn't be surprised to learn that you are already thinking about this, however, it's nice to know it for certain :-) The things in the IPSec field are seemingly moving to using hardware accelerators for doing compression/encryption/authentication. This means that IP filters need to grab some of IP packets, process them on a specialized prosessor and then re-inject them into the IP packet stream. That is, the filter may decide to convert the packet, but it doesn't have it ready-to-go when it has to return. However, it may have it ready at some later time, possibly when it processes a hardware interrupt and sees that the co-processor has finished its work on the packet. Can ipfilter handle this? Thank you, Stan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BEBA3E.6F913AC0.stan>