[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[altq 833] Re: The future of ALTQ, IPsec & IPFILTER playing together ...
In some email I received from Gunther Schadow, sie wrote:
> I am just completely amazed about how many things there are that
> basically do very similar jobs, like packet filtering/classifying.
> While in general diversity is good, it is also a problem for the
> developers and users of the *BSDs who try to apply these bits and
> pieces as a complete functional whole. It also diverts developer
> time if each needs to maintain his/her own packet matching/classifyer
> code, and last but not least, it leads to kernel bloat.
IPFilter 4.0 will, as part of its general increase in kernel bloat,
let you use BPF expressions for matching. There are other things
people are doing to invent new and better ones although with 4.0 it
should be easily for ipfilter to take advantage of whatever people
come up with :)
> Thanks anyway for your good work. I am still hopefull that some day
> all those pieces will fall together to form a coherent overall system.
Remember that IPFilter targets more than just the BSD platforms...you might
also consider that it runs on BSD/OS where they have their own adaption of
ipfw too (but IPFilter is not part of the distrib there).