So, BSD/OS had a thing called ipfw, which was totally unlike FreeBSD's.

It had a couple of major features.

One was that it had an actual language, complete with nested conditionals,
which compiled to moderately optimized BPF code.

Another was that it had multiple points at which a filter could be applied.
So, instead of writing a single unified filter which has to take all
circumstances into account, you could write multiple filters.

Filters could go at any of the following points:
	pre-input (the raw wire seeing a packet)
	input (a packet is actually directed to this machine)
	forward (a packet is being forwarded)
	output (a packet has been generated by this machine)
	pre-output (a packet is about to hit the actual wire)

(The last name is confusing.)

So far as I can tell, none of the existing tools (ipfilter, PF, FreeBSD's
ipfw) are as cool as this was.

So... I doubt Wind River is going to let that code go anytime soon, but I'm
wondering, would people be interested in this?  It's actually not that much
work, once you've had the ideas.  The flexibility makes it possible to easily
write filters which are at least hard, and maybe even impossible, with some
of the other filtering tools out there.

Any interest?

-s