Date: Tue, 01 May 2001 23:11:53 -0700 From: Julian Elischer <julian@elischer.org> To: Darren Reed <darrenr@reed.wattle.id.au> Cc: Gunther Schadow <gunther@aurora.regenstrief.org>, snap-users@kame.net, freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp Subject: Re: (KAME-snap 4587) The future of ALTQ, IPsec & IPFILTER playing together ... Message-ID: <3AEFA529.BB773EA1@elischer.org> References: <200105012200.IAA22724@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed wrote:
>
> In some email I received from Gunther Schadow, sie wrote:
> > Gunther Schadow wrote:
> > [snip]
> >
> > .... to make things even more complicated, we also have the
> > berkeley packet filter (BPF) mechanism. Heck! How could
> > so many things evolve that all do essentially the same
> > thing? The interesting thing about the BPF mechanism is
> > that it is very generic. Filter rules are instructions
> > of a virtual von-Neumann-machine (reminds me of 6502
> > assembler :-). Tcpdump uses BPF, at least on FreeBSD.
> > But I think BPF is available on all 4.4 BSD derivatives.
> >
> > where does this fit in the crowd?
>
> BPF uses a byte-code language, like Java, to tell the
> matching routine what bits to compare and return a "true or
> false". i.e. you need to build things around it if you want
> to use it for packet matching, etc.
netgraph has a bpf node that can be programmed with BPF codes to do almost
any filtereing required.
(Netgraph can be used to do in-kernel tunnelling of almost any type
if you are willing to figure ot how to use it.)
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000-2001
---> X_.---._/
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AEFA529.BB773EA1>