Subject: Re: NetBSD master CVS tree commits
To: None <firstname.lastname@example.org>
From: Paul Mackerras <email@example.com>
Date: 03/19/1996 10:42:58
matthew green writes:
> my knowledge of the ppp code is very ... minimal, but, why
> do we need to put this in to the pppd when there are several
> packages available that already do packet filtering ?
With our current ppp setup, data packets (i.e. IP) are handled
entirely in the kernel. So if you're doing packet compression, you
need to do it in the kernel. There is a valid argument that the extra
overhead of going through a user-level process (pppd) doesn't matter
at low speeds; if there is a consensus that we want to do it that way,
we can change it. And I agree that it would be good to have a kernel
compile-time option to control which compressors get included.
As for the packet filtering, what I've added is some hooks to allow
pppd to supply a BPF filter program to the ppp network interface, to
be applied to incoming and outgoing packets (e.g. for protection
against IP spoofing). The extra code in if_ppp.c is only a couple of
dozen lines of code, plus bpf_filter.o, which you would have already
if you have bpf support (and which is not large anyway).