[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[altq 835] Re: The future of ALTQ, IPsec & IPFILTER playing together ...
In some email I received from Jason R Thorpe, sie wrote:
> On Thu, May 03, 2001 at 08:30:55AM +1000, Darren Reed wrote:
> > IPFilter 4.0 will, as part of its general increase in kernel bloat,
> > let you use BPF expressions for matching. There are other things
> You mean "pcap/tcpdump expressions"?
They are included.
> BPF "expressions" are literally BPF bytecodes.
Well, one of the goals of IPFilter is it can parse (as rules) a textual
representation of what's currently loaded into the kernel. At the moment
that means collecting hex output, as the bytecode instructions are less
suited to being displayed all on the one line.
i.e. this command line should always work :
ipfstat -io | ipf -rf -
Well, there different rules for "compiling in" rules and making that happen,
but in general, the aim is for any rule loaded using "ipf" to work as above.