Re: any interest in JIT for bpf and npf_ncode?

To: Alexander Nasonov <alnsn%yandex.ru@localhost>
Subject: Re: any interest in JIT for bpf and npf_ncode?
From: Darren Reed <darrenr%netbsd.org@localhost>
Date: Tue, 03 Jan 2012 14:13:59 +0100

Alexander Nasonov wrote:

...
Code is available on github: https://github.com/alnsn/bpfjit

Is there is interest, I can look into porting sljit to the kernel and
adding npf_ncode.

This is probably quite important for NPF as it moves NPF away from usingthe bytecode method. This is important for anyone thinking of hardware devicesusing NPFas NPF seems dangerously close to what Checkpoint patented forFirewall-1 back

in 1995.

It is for the above reason that I've never considered using BPFinstructions in IPFilter

rules as something more than experimental:

# To enable rules to be written with BPF syntax, uncomment these two lines.
#
# WARNING: If you're building a commercial product based on IPFilter, using

# this options *may* infringe at least one patent held byCheckPoint

#          (5,606,668.)
#
#IPFBPF=-DIPFILTER_BPF -I/usr/local/include
#LIBBPF=-L/usr/local/lib -lpcap

... more than the above I cannot speculate on as I've not researched itany further.


Darren

Follow-Ups:
- Re: any interest in JIT for bpf and npf_ncode?
  - From: Alexander Nasonov

References:
- any interest in JIT for bpf and npf_ncode?
  - From: Alexander Nasonov

Prev by Date: Re: NetBSD 5.1 TCP performance issue (lots of ACK)
Next by Date: failure to fetch route from selectroute
Previous by Thread: Re: any interest in JIT for bpf and npf_ncode?
Next by Thread: Re: any interest in JIT for bpf and npf_ncode?
Indexes:

Home | Main Index | Thread Index | Old Index