Subject: Re: your packet filter thang...
To: None <darrenr@vitruvius.arbld.unimelb.edu.au>
From: Charles M. Hannum <mycroft@ai.mit.edu>
List: tech-kern
Date: 03/01/1995 02:30:43
   With consideration to BPF, without rewriting BPF, it doesn't
   provide any facility to do anything other than filter packets.

You haven't explained why.  In particular, adding a logging mechanism
is almost completely disjoint from the machinery of filtering packets.

   From my understanding of the BPF, filters are applied/loaded as a
   "whole set", rather than one at a time and are compiled to work
   like this.

What's wrong with this?  I don't see a compelling reason for the
filter management to be done in the kernel rather than by some
user-level utility or library.

The point of using the BPF filtering machinery is:

1) it already exists,
2) it's quite general, and
3) with a relatively simple hack, it can be made very fast.

I need a good reason to condone adding yet another filtering
mechanism.  In particular, I will not allow what at least one other
system has done: having 3 different IP filtering mechanisms used by
different utilities.