[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[altq 838] Re: The future of ALTQ, IPsec & IPFILTER playing together ...
Darren Reed wrote:
> In some email I received from Jason R Thorpe, sie wrote:
> > On Thu, May 03, 2001 at 08:30:55AM +1000, Darren Reed wrote:
> > > IPFilter 4.0 will, as part of its general increase in kernel bloat,
> > > let you use BPF expressions for matching. There are other things
> > You mean "pcap/tcpdump expressions"?
> They are included.
> > BPF "expressions" are literally BPF bytecodes.
> Well, one of the goals of IPFilter is it can parse (as rules) a textual
> representation of what's currently loaded into the kernel. At the moment
> that means collecting hex output, as the bytecode instructions are less
> suited to being displayed all on the one line.
I don't think that that's critical. When I write C, C++ or Java
programs I don't expect them to be disassembled into the source
language. What is more important is that any classifyer / filter
is fast, as fast as it gets. It is my understanding that BPF
is very fast, and that BPF scales very well for even complex
expressions. BPF may need some extension to be useful as a
classifier, mainly, instead of a simple true/false output one
would want a number representing the class. Also, it's been
noted before, the BPF machine needs some state awareness between
Gunther Schadow, M.D., Ph.D. email@example.com
Medical Information Scientist Regenstrief Institute for Health Care
Adjunct Assistent Professor Indiana University School of Medicine