Date: Wed, 02 May 2001 15:20:07 +0000 From: Gunther Schadow <gunther@aurora.regenstrief.org> To: Darren Reed <darrenr@reed.wattle.id.au> Cc: Julian Elischer <julian@elischer.org>, snap-users@kame.net, freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp Subject: Re: (KAME-snap 4587) The future of ALTQ, IPsec & IPFILTER playing together ... Message-ID: <3AF025A7.3F3C24B1@aurora.regenstrief.org> References: <200105020952.TAA23436@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed wrote: > Just because you have BPF does not mean you have a "packet filter". > You need a whole lot of other infrastructure as well. > Same goes for netgraph. Both netgraph and BPF are enabling technologies > but are not in and of themselves providers of solutions. Darren, I think people do understand that. Since you compared BPF to Java, of course you need more than the virtual machine, you need a compiler (parts of tcpdump is a compiler to the BPF VM) and for firewalling mechanism, you need a library of additional functionality. I am just completely amazed about how many things there are that basically do very similar jobs, like packet filtering/classifying. While in general diversity is good, it is also a problem for the developers and users of the *BSDs who try to apply these bits and pieces as a complete functional whole. It also diverts developer time if each needs to maintain his/her own packet matching/classifyer code, and last but not least, it leads to kernel bloat. So, I am still advocating for the great unification, but I understand that I do that from the outside not being a developer of any of those packages. Thus, I can understand if the developers dismiss my calls. Thanks anyway for your good work. I am still hopefull that some day all those pieces will fall together to form a coherent overall system. regards -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AF025A7.3F3C24B1>