Subject: Re: your packet filter thang...
To: None <firstname.lastname@example.org>
From: Charles M. Hannum <email@example.com>
Date: 03/01/1995 02:30:43
With consideration to BPF, without rewriting BPF, it doesn't
provide any facility to do anything other than filter packets.
You haven't explained why. In particular, adding a logging mechanism
is almost completely disjoint from the machinery of filtering packets.
From my understanding of the BPF, filters are applied/loaded as a
"whole set", rather than one at a time and are compiled to work
What's wrong with this? I don't see a compelling reason for the
filter management to be done in the kernel rather than by some
user-level utility or library.
The point of using the BPF filtering machinery is:
1) it already exists,
2) it's quite general, and
3) with a relatively simple hack, it can be made very fast.
I need a good reason to condone adding yet another filtering
mechanism. In particular, I will not allow what at least one other
system has done: having 3 different IP filtering mechanisms used by