[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[altq 832] Re: The future of ALTQ, IPsec & IPFILTER playing together ...
Darren Reed wrote:
> Just because you have BPF does not mean you have a "packet filter".
> You need a whole lot of other infrastructure as well.
> Same goes for netgraph. Both netgraph and BPF are enabling technologies
> but are not in and of themselves providers of solutions.
Darren, I think people do understand that. Since you compared BPF to
Java, of course you need more than the virtual machine, you need a
compiler (parts of tcpdump is a compiler to the BPF VM) and for
firewalling mechanism, you need a library of additional functionality.
I am just completely amazed about how many things there are that
basically do very similar jobs, like packet filtering/classifying.
While in general diversity is good, it is also a problem for the
developers and users of the *BSDs who try to apply these bits and
pieces as a complete functional whole. It also diverts developer
time if each needs to maintain his/her own packet matching/classifyer
code, and last but not least, it leads to kernel bloat.
So, I am still advocating for the great unification, but I understand
that I do that from the outside not being a developer of any of
those packages. Thus, I can understand if the developers dismiss my
Thanks anyway for your good work. I am still hopefull that some day
all those pieces will fall together to form a coherent overall system.
Gunther Schadow, M.D., Ph.D. firstname.lastname@example.org
Medical Information Scientist Regenstrief Institute for Health Care
Adjunct Assistent Professor Indiana University School of Medicine