Subject: Re: Why not BPF for security?
To: Bryan P <u7@terran.org>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: tech-net
Date: 04/11/2003 00:03:51
On Wed, Apr 09, 2003 at 09:36:41PM -0700, Bryan P wrote:
> Hello,
>
> I'm curious to know if there is a reason that the BPF interpretor in the
> kernel is not also used for security purposes. It certainly would be
> simple enough to pair a (user-space) compiled BPF program with an action
> (e.g. ACCEPT, DISCARD, REJECT, etc) and evaluate a per-interface list of
> these programs upon packet-input. It would be nice to be able to use pcap
> for filter expressions (symmetry with tcpdump). I suppose it might not be
> as efficient to use BPF for this, and of course it doesn't handle NAT,
> stateful filtering etc., but I'm curious to know if there are other reasons
> not to do it.
That would be nice, as it would allow filtering non-IP traffic as well ...
--
Manuel Bouyer <bouyer@antioche.eu.org>
NetBSD: 24 ans d'experience feront toujours la difference
--