On Mon, Jun 30, 2003 at 11:56:31AM -0700, Jason Thorpe wrote:
> 
> It just seems silly to me to have two sets of code that parse IP 
> headers in order to then tell a "classification engine" to assign a 
> pre-determined name to the packet.  Really, the act of parsing those 
> headers *IS* the classification step!
>

Just a nit: while I too wonder why we would need several
classification engines, whatever we end up with should be
as general as possible -- i.e. not restricted to IP. I
consider the ability to match on MAC address, VLAN tag,
MPLS label, PPPoE session, etc. to be quite useful indeed.

If the consensus points to a move towards PF, why not leave
IPF as is, integrate PF and ALTQ and all of the fancy 
features, and then, when it is stable, deprecate IPF?

It shouldn't be that much of a headache as long as the
PF config syntax remains a superset of IPF's. A
set of backwards compatibility IOCTLs that translate
IPF calls into PF calls should also not be too difficult
to make so that any other user programs that like to
manipulate firewall rules and such continue to
work.

-w