Date: Sun, 9 Jun 2002 13:29:11 +0300 (EEST) From: Adrian Penisoara <ady@freebsd.ady.ro> To: Luigi Rizzo <rizzo@icir.org> Cc: ipfw@FreeBSD.ORG Subject: Re: New ipfw code available Message-ID: <Pine.BSF.4.10.10206091322410.44932-100000@ady.warpnet.ro> In-Reply-To: <20020608201909.A41807@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Sat, 8 Jun 2002, Luigi Rizzo wrote: > NOTE: if people wonder why I did not use BPF and reinvented the wheel: > the keyword is "backward compatiblity" -- i thought it was a bit too > complex to compile the existent ipfw syntax into BPF, especially because > BPF at least as far as i know does not handle UIDs, and GIDs and > interface matches and different "actions" than match or not match, > so i would have had to extend the code anyways, at which point i > thought I could as well write my own microinstruction set... What about unifying BPF and IPFW packet matching microcode, would that be feasible ? That would even benefit for BPF/libpcap -- we will then be able to make tcpdumps (or other libpcap-related stuff) on, say, traffic coming from one user ID or a group ID. Also, ipfw might be able to make some very detailed ipfw packet matching, like 'tcp[13] & 3 = 2' like libpcap can. What do you think ? My $0.05 Ady (@freebsd.ady.ro) ____________________________________________________________________ | An age is called Dark not because the light fails to shine, but | | because people refuse to see it. | | -- James Michener, "Space" | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10206091322410.44932-100000>